Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Sharing IEEE-802.22
Rakhshanda Shaukat
College of Signals, NUST
Rawalpindi Cantt, Pakistan
rakhshanda@mcs.edu.pk
Shoab Ahmed Khan
College of E & ME, NUST
Rawalpindi, Pakistan
kshoab@yahoo.com
Attiq Ahmed
College of Signals, NUST
Rawalpindi Cantt, Pakistan
attiq-mcs@nust.edu.pk
Abstract
Cognitive Radio based IEEE 802.22 deploys the concept
of maximum resource utilization through dynamic resource
sharing. Inter base station resource sharing is dynamic
process in IEEE 802.22 and is accomplished by exchange
of control messages between the neighboring base stations.
Insecure transmission of control channels open vulnerable
holes for the Denial of Service attacks on base station. First
the paper identies the rogue base station and replay at-
tacks during the resource sharing between the base stations
that can snatch the resources from the renter base station.
Then paper presents a hybrid approach of timestamp, nonce
and Digital Signature to authenticate the sender and avoid
the attacks.
1. Introduction
Inter-Base Station Dynamic Resource Sharing (IBDRS)
increases the network performance and provides maximum
opportunities to use TV band spectrum by utilizing unused
frequency bands [1]. The Base Stations (BS) share their free
channels for load balancing. It might be possible that a BS,
serving a specic region, is over loaded with the heavy traf-
c coming from the Consumer Premises Equipments (CPE)
in the form of upstream data. In this case, starvation of fre-
quency channels may occur at BS and there is a possibility
that some of the CPEs cannot be served properly.
Cognitive Radio (CR) based IEEE 802.22 provides the
facility for the BSs to share their available frequency bands.
A BS, having access of channels, can advertise the list of
free channels to its neighboring BSs, that can avail this op-
portunity to fulll their own requirements. In IEEE 802.22
the advertiser of the free channels is dened as Offerer
and the one that borrows the channels is called Renter.
The procedure to share bands dynamically should be fol-
lowed by the etiquettes to avoid interference with the chan-
nels used in neighboring cells [1].
There are different schemes proposed for the channel
sharing between adjacent cells like Fixed Channel Assign-
ment (FCA), Dynamic Channel Assignment (DCA) and
Hybrid Channel Assignment (HCA) [2]. Virtual Channel
Borrowing (VCB) is also proposed in [2] that allow virtual
resource sharing except moving the channel physically from
one cell to another.
Although there are different schemes and IEEE 802.22
is also utilizing these concepts but the channel sharing con-
trol messages between BSs are vulnerable to attacks. The
transmitted control messages do not contain security param-
eter and are unencrypted. They provide the opportunity to
the attacker to manipulate these messages for Denial of ser-
vice (DoS) attacks at the renter BS. In IEEE 802.22 IBDRS,
DoS attack degrades the network performance by creating
forged messages. This paper has presented a hybrid ap-
proach, combination of timestamp, nonce and Digital Sig-
nature (DS), to prevent the attacks.
This paper presents the frame structure of control mes-
sages, their weaknesses and possible attacks along with
their solution. Section 2 describes the frame structure and
ow of control messages for IBDRS. Section 3 elaborates
the control packet vulnerabilities that can be exploited by
the attackers. Section 4 presents solution to secure the con-
trol message exchange between BSs. Finally, the paper is
concluded in section 5.
2. MAC layer frames and their ow
Wireless Regional Area Network (WRAN) spectrum eti-
quettes in [1] has completely described the frame structure
and the IBDRS. During IBDRS four types of messages are
exchanged bewteen neighboring BSs.
Channel Advertisement
Rent Request
Resource Allocation
International Conference on Convergence and Hybrid Information Technology 2008
978-0-7695-3328-5/08 $25.00 2008 IEEE
DOI 10.1109/ICHIT.55
609
International Conference on Convergence and Hybrid Information Technology 2008
978-0-7695-3328-5/08 $25.00 2008 IEEE
DOI 10.1109/ICHIT.2008.208
609
Acknowledgement
The ow of these messages is shown in the Figure 1. The
Offerer BS (BSO), having excess of frequency channels, ad-
vertises the list of free channels to its neighbors. Here the
excess of channels means that the trafc load on the BS is
very low and it has free channels that can be consumed by
other over loaded BSs.
In answer to the advertisement, an overloaded BS re-
quests for the channel through the rent request. The Renter
BS (BSR) species the number of channels it requires.
Upon receiving the rent request the BSO grant the access
of the channels through Allocation message. Finally the
BSR acknowledges the response of BSO. This is a simple
scenario of the resource sharing between BSs.
ZZ
Z^ K ^
Z
ZZ
Z
Z^
K ^ Z^
ZZ
Z
ZZ
ZZ
ZZZ
Z
R
| Timestamp |Messagetype|
BS
R
ID| No. of channels
Resource Collection Messages:
Resource Collection Request
BS
O
= BS
R
: N
O
|Timestamp| Message type
|BS
O
ID| No. of channels
Resource Return Reply
BS
R
= BS
O
: N
O
|N
R
| Timestamp |Messagetype|
BS
R
ID| No. of channels
Resource Return Acknowledgment
BS
O
= BS
R
: N
R
|N
O
| Timestamp |Messagetype|
BS
O
ID| No. of channels
4.3. Digital Signature
Digital Signatures are used to authenticate the sender and
to perceive the alteration of the received packet [10]. Im-
plementing DS based authentication of the sender is effec-
tive to avoid above mentioned attacks even if timestamp and
nonce are compromised by the attacker.
For example BS
O
wants to take the resources back. It
will hash [11] the complete packet and will sign it by en-
crypting the hashed packet with its private key. DS will be
appended with the packet and transmitted to the BS
R
. BS
R
will separate the DS from the received packet and decrypt
it with BS
O
s public key. BS
R
will also apply the same
hashing algorithm to the plain format packet and the result
of hashed packet should be the same as decrypted DS.
In this scenario, if an attacker succeeds to predict the
nonce and timestamp, even then BS
R
will discard the mes-
sage because the decrypted DS and hashed packet will not
be the same. This is because of the fact that the attacker
cannot have the private key of the BS
O
.
Similarly BS
R
will request for the resource return mes-
sage signed with its private key so that attacker cannot mis-
use the transmitted information. The complete frame format
of the resource release messages is shown in Figure 5.
Digital Nonce Time Stamp Management BS Identifier Number of Digital Nonce TimeStampManagementBS Identifier Numberof
Signature MessageType Channels
PlainManagementMessage
Figure 5. Transmitted Packet format signed
with private key of sender
5. Conclusion
The proposed solution provides a secure mechanism for
channel sharing negotiation process. It overcomes the vul-
nerabilities in inter-BS dynamic resource sharing. Although
the proposed solution has added up extra payload to the
message format but it saves a lot of resources that can be
dissipated by the attackers. The attacker can manipulate
the messages to cause DoS through rogue base station and
replay attacks. The proposed solution is effective because
the timestamp and nonce combination provide an ability to
the base station to distinguish newly generated and replayed
packets. Manipulation of nonce and timestamp can be de-
tected because the proposed solution in based on Public key
cryptography and for any attacker it is not possible to gen-
erate the DS of the authenticated sender.
References
[1] IEEE-802.22 draft standard, IEEE P802.22 Wire-
less RAN, Spectrum Ettiquates, doc.: IEEE 802.22-
07/23r01, JAN 2007.
[2] Khaldoun Al Agha, Guy Pujolle, VCB: An Efcient
Resource Sharing Scheme for Cellular Mobile Sys-
tems, University of Paris, France, JAN 2000.
[3] Carlos Cordeiro, Kiran Challapali, and Dagnachew
Birru IEEE 802.22: An Introduction to the First
613 613
Wireless Standard based on Cognitive Radios Philips
Research North America/Wireless Communication and
Networking Dept, USA, APRIL 2006.
[4] Changhua He John C Mitchell Security Analysis and
Improvements for IEEE 802.11i Stanford University,
Stanford.
[5] Paul Syverson Taxonomy of Replay Attacks Naval
Research Laboratory, Washington.
[6] Jamshed Hasan Security Issues of IEEE 802.16
(WiMAX) School of Computer and Information Sci-
ence, Edith Cowan University, Australia .
[7] Sen Xu, Chin-Tser Huang Attacks on PKM Protocols
of IEEE 802.16 and ItsLater Versions University of
South Carolina, USA.
[8] Timestamp http://en.wikipedia.org/wiki/Timestamp.
[9] Dean Rosenzweig, Davor Runje, Wolfram Schulte
Model-Based Testing of cryptographic protocols
University of Zagreb.
[10] Raymond G. Kammer, William M. Daley Digital
Signature Standard (DSS) U.S. Department of Com-
mence, National Institute of Standards and Technology.
[11] Fedral Informattion Processing Standards: Se-
cure Hash Standard Information Technology Labora-
tory National Institute of Standards and Technology
Gaithersburg, June 2007.
614 614