Spectrum Sharing Security and Attacks in Crns: a Review

—Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundamental approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR-specific security mechanisms are presented with some open research issues and challenges.


INTRODUCTION
Cognitive Radio (CR) [1] technology promises to intelligently solve the issues in conventional wireless technology related to their limited and under-utilised spectrum [2].This problem has become an issue of great concern given the continued increase in wireless devices that use unlicensed bands to operate, which has resulted in overcrowding, leading to inefficient use of the spectrum [3][4][5].Therefore, CR provides a resolution to spectrum inefficiency and the shortage on these bands by allowing CR users (secondary users (SUs)) to opportunistically access vacant spectrum space [6].This results in providing great opportunities for a rising number of SUs to use these bands through an optimised approach for utilising radio resources [7][8].radio networks' (CRN) technology has its own intrinsic fundamental approach and principles for dynamic operation within the environment, unlike in the conventional wireless approach, which is based on the static radio frequency spectrum with fixed licensed users (primary users (PUs)) and fixed channels [9].This indicates that the cognitive ability and reconfiguration capability are the core elements that make CR an advanced technology, which grants dynamic access to the unused spectrum for both licensed and unlicensed users through certain characteristics: adoption, awareness, modification, capability of learning, observation, and communication in realistic environments [10][11][12][13][14][15][16].These characteristics provide reliable communication among CR users anytime and anywhere as a smart and intelligent choice to operate dynamically through artificial intelligence algorithms, such as spectrum sensing, spectrum sharing, and spectrum mobility [13,17].Moreover, they differentiate this new CR technology from existing wireless technologies.Due to these sophisticated features, the CR approach is known as Dynamic Spectrum Access (DSA) or Dynamic Spectrum Management (DSM) [8,18], in recognition of the potential to realise dynamically different paradigms within a network.However, generally DSA is considered a big challenge to implement because of its dynamic behaviour and nature, such as different frequency, geographical location, and time of operation [19][20].Also, SUs might utilise the licensed spectrum and encounter PUs who have diverse transmission characteristics.Moreover, in comparison to known security issues that exist in wireless networks, CRNs are more exposed to threats from targeted, intelligent malicious strategies [21][22].This poses security challenges in preventing any definite or predictable risks from occurring.
As long as spectrum sharing is one of the fundamental aspects of the CR to provide access channels and sharing resources, this overview paper mainly focuses on the spectrum sharing security of the cognitive radio MAC layer.So far, most of the literature focuses on general aspects of CRNs security in spectrum sensing and spectrum mobility-related areas.But the security of spectrum sharing has received very little research coverage.It is very important to conduct thorough research to gain a broader and clearer overview of its techniques and security-related issues.
Therefore, this overview paper firstly provides details about the spectrum sharing classification, to show the differences of the mechanism, operation, and techniques.Subsequently, it focuses and gives detailed insights into the threats and attacks that are launched in the common control channel (spectrum sharing) part of MAC layer of CRNs.In addition, it investigates and includes the recent techniques that have been developed in this area in terms of protection and detection.www.ijacsa.thesai.orgThis paper is organised as follows: Section 2 briefly demonstrates the CR main functions and section 3 looks into the security challenges in cognitive radio's core functions, especially in spectrum sharing, i.e. common control channel security.Section 4 discusses common security threats to both traditional wireless and cognitive radio networks.It then concludes by outlining security threats specific to CR networks.Section 5 introduces the existing security methods for achieving secure communications in both centralised and ad hoc CRNs.Section 6 identifies some open research issues and challenges before the paper is concluded in section 7.

II. COGNITIVE RADIO CORE FUNCTIONS
There are four fundamental functions which the CRN device must perform, as shown in Figure 1 and as stated below [8,23] 1) Spectrum sensing identifies the parts of the accessible spectrum and senses the presence of the PU operating in the licensed band.
2) Spectrum management determines the best channel to establish communication.
3) Spectrum sharing sets up a coordination access among users on the selected channel.
4) Spectrum mobility vacates the channel in case the PU is detected.
One failure can easily affect and result in deterioration of the communication or introduce vulnerabilities to the network.These embedded functions have a strong relationship between them for the process of establishing an efficient communication, considering the regulations and policies that govern CRNs.Each function influences another one by providing the necessary information required during the process of reaching a final decision.For instance, once the spectrum is sensed, in order to identify the available point of access, there are two possible decisions that can be taken: If the PU is detected then the process will be discontinued; if they are not, the obtained information will move forward to the next stage.The spectrum management function then decides and selects the proper channel for the communication.Once the channel is chosen, users are directed to access it by providing their information.During a successful communication, spectrum mobility remains ready for any changes that resulted from the appearance of a PU by a regular check of the spectrum sensing, or from other alterations to the environment in terms of the current allocation that is provided by spectrum management and spectrum-sharing elements [8,24].
As long as CRNs have a set of nodes that interact with each other using determined policies, regulations, and sophisticated protocols [25], they have different capabilities [22,26] relating to the spectrum awareness of the network operation and spectrum context, defined regulations and policies, quality of service (QoS), and user requirements for requesting traffic load capacity, resilience, and security.This means that cognitive nodes are able to dynamically reconfigure themselves according to the current environment in order to transmit and receive on different frequencies, in addition to supporting a variety of transmission access technology schemas [2,27].Another capability is resource management, which plays an important role in collaborating to assign the vacant network spectrum management resources, whether these are internal to the current network or external to conventional wireless networks [8,28].
Spectrum sharing generally can be classified into three major criteria, based on the network architecture, access technology, and allocation behaviour (Figure 2).Descriptions of these classifications as follows:  The first technique is based on the network architecture, whether it is a centralised or distributed system (Figure 3).In centralised networks such as IEEE 802.22 cognitive radio, a base station governs and senses the free channel information from neighbours' nodes within range and performs the final decision on the availability of a channel.Unlike ad hoc CR networks, CR nodes generate and utilise a common spectrum allocation for the information exchange about available channels [8,22].Even though the centralised entity has the advantages of addressing better efficiency, the main drawback is that a single point of failure can be easily launched to the central entity [8].More classifications can be added to ad hoc networks, classifying them into static and mobile networks.These apply in wireless sensor networks as a static form and in MANET (Mobile Ad-hoc Network) as mobile ad hoc networks in which a set of autonomous mobile terminals are liberated to move to other existing hybrid networks [29,30] (more details about comparing the spectrum sharing mechanisms in both centralised and distributed architectures are discussed in [31]).
The second technique is based on allocation behaviour, whether it is cooperative or uncooperative.In the cooperative method, CR users are responsible for coordinating the www.ijacsa.thesai.orgfunctionalities of the cognitive network in order to ensure the optimisation of the spectrum utilisation and improving network efficiency through the exchange of information.However, in non-cooperative systems, CR users are not responsible for coordinating the cognitive functionalities with other cognitive devices.Instead, they implement these functions on their own [24,32].The main difference between these two methods is relatively clear: the first approach essentially requires the exchange of information; hence a common control channel (CCC) is required to facilitate the information exchange.However, in the second approach, the cognitive nodes do the network functions tasks on their own without the need for any collaboration from other cognitive users.This would make the task more challenging and difficult for a cognitive user.In addition, this can affect the performance due to reasons like lower efficiency, slower sharing of spectrum resources allocation, and less reliability than the cooperative technique [8,16,24,33].The last classification is access technology, whether it is an overlay or underlay approach [22,24,26,34].In the overlay approach a SU utilises the spectrum without sharing with a PU.This is in contrast to the underlay approach, in which both PUs and SUs utilise the licensed spectrum at the same time [35][36][37][38], with strict power control implemented by the CR users not to interfere with the PUs.

III. SECURITY CALLENGES IN CRN CORE FUNCTIONS
Due to the key differences in their specifications when compared to traditional wireless networks, cognitive radio networks face certain unique challenges in terms of their continued effective use and their vulnerability to outside attack.These particular characteristics of CRNs involve the need for additional implementation of specific functions, such as proper sensing protocols, correct decision making, appropriate switching, and the provision of sufficient access for the sharing of the resources required to operate each particular function.These challenges can be classified into four main areas, which will be described in greater detail in the following subsections:

A. Spectrum Challemges in Spectrum Sensing
The fact that spectrum sensing is responsible for sensing channels and the provision of accurate results means that CRNs must overcome certain specific challenges.The challenges broadly pertain to the ways in which a cognitive user detects and differentiates between PUs and SUs.This is of great importance as attackers may be able to emulate the signals of the PUs, thereby increasing the likelihood of false alarms being triggered.In addition, the hidden node problem may be another issue that can lead to a failure to detect the PUs, which would result in unacceptable shadow fading [6,39].

B. Spectrum Challenges in Spectrum Management
An incorrect decision made by the spectrum management is a significant issue that could arise relatively easily.Also, the inherent complexity of the protection techniques is a key requirement to providing reliable and secure transmission of information among users.It is possible for an attacker to easily forge or tamper with the transmitted information, which would affect the correctness of any decisions made by the spectrum management.

C. Security Challenges in Spectrum Mobility
The requirement for a seamless handoff from one channel to another also constitutes a significant challenge for cognitive users when an attacker launches a threat to hinder or prevent this integral and flawless switching by occupying the available channels.This kind of attack could potentially increase the waiting time involved in achieving a proper handoff.This increase is certainly unacceptable to the PUs, who wants to utilise their assigned channels.

D. Security Challenges in Spectrum Sharing
The dynamic environment in MANET network architecture leads to more challenges and security issues arising due to the lack of the central entity which usually provides security and key management among users [40].The control channels selection in decentralised cognitive radio networks decreases the probability of successful communication among SUs due to authenticity and validity.As discussed in [11], SUs are the nonlicensed users and attackers easily exploit them and by escalating their privileges, they might damage the spectrum and the traffic of the PUs as well.Moreover, without security, this issue becomes more critical when cognitive nodes use the spectrums only when PUs are not available or not using their licensed bands.Moreover, selecting data channel(s) for exchange of data among SUs without the authenticity of the SUs is another issue that needs to be addressed in CRNs, especially for maintaining the links if a PU returns to the licensed channel.
Much research has been conducted into developing security in centralised CRNs [1][2][3].However, the issue is that no research has been carried out on addressing the authentication in decentralised CRNs and its requirements, especially providing authentication of confidentiality, non-repudiation, and integrity, which are considered the main security elements in cognitive radio technology.

IV. SECURITY THREATS
Although cognitive radio is similar to the traditional wireless network, using a wireless medium instead of a wire to transmit information, it faces different vulnerabilities, which has resulted in the discarding of the communication process among end users [41][42].These vulnerabilities can leads to varied threats, which can be classified into two different categories: the first relates to common security threats in both conventional wireless and CR networks, and the second category is specific to CRN users.www.ijacsa.thesai.org

A. Common Security Threats in Conventional Wireless and CR Networks
In traditional wireless technology, radio channels are used to establish communication and transmit information between communicating nodes and access points (APs) or base stations (BSs).They are used in cognitive networks to address several similar functionalities.The transmitted information can be sensitive, such as the user's identity, the user's privacy, allocation and signaling information, as well as key information.However, an attacker using a range of techniques such as eavesdropping, forgery, and masquerading attacks can easily intercept the communication during the transmission process [9,13].An effective security mechanism must be applied to protect data transmission from malicious behaviour like eavesdropping and information tampering [29].Therefore, as far as data protection is concerned, different security measurements can be used for protection, detection, and countermeasures based on wireless security protocols such as WEP, WPA, and WPA2 in conventional wireless networks and EAP, AES, and 3DES in WiMAX.These security protocols are designed with encryption levels of different strengths being used according to the importance of the information being secured.Figure 4 shows the most common threats in both traditional wireless and CR networks.

1) Fake Attacks
In the infrastructures of wireless networks, BSs or APs act as central entities that are connected wirelessly to end terminals.In order to establish communication, some information is exchanged through a radio channel between the end terminal device and the central entity.This information includes the identity data belonging to the procedures of the network control, network services and network access.A malicious user can obtain this information by wiretapping and then pose as a legitimate user.The purpose of this fake attack is a malicious user accesses the network and obtaining a network service or to launch an attack against the network [13,[43][44].Therefore, cryptographic encryption schemes are generally used to protect the transmitted messages.

2) Information Tampering
This is a serious attack that causes change, modification, replacement, or deletion of the information before it is received at its intended destination [43], and that result in misleading the receiver, who can thus make a wrong decision.Alteration significantly affects message integrity, which is unacceptable for legitimate users and network policies.However, this type of attack generally occurs in a situation where a cooperative terminal is needed to forward the information [13,[45][46].

3) Service Repudiation
In this attack, when the connection is achieved between two nodes, one user denies transmitting their information for two reasons: repudiation for the communication service to deny usage of the network, which requires payment for the network usage, and repudiation for the communication content to refuse the transmission of their content.For example, when transactions are made in a commercial process, the user refuses to pay.To overcome these issues, proof-of-origin evidence can be used against a particular individual for sending or receiving messages.Identity, authentication, and cryptography encryption schemas are presently used to prevent unpredictable or hidden issues arising [13,47].

4) Replay Attack
The key purpose of this attack at the MAC layer is to obtain effective information by intercepting and retransmitting the same signed information sent to a particular node over a period of time in order to build trust with the receiver.This gives an advantage to the attacker, granting them access to new useful information like user passwords, which then enables unauthorised access to resources and control network licenses, etc [13,[48][49][50][51][52].Therefore, in order to overcome this attack, the timestamp procedure is recommended because of the message validation involved [52].

5) Denial of Service and Information Interference
While electromagnetic waves are essential in order to gain wireless information from users, recent advanced hardware technologies can involve a higher transmitted power in the communication process at the physical layer.It is, therefore, possible for an attacker to use this transmitter power to block the ordinary transmission and create interference and noise in the communication procedure, thereby decreasing the capacity of the wireless BS resources and equipment.This can also lessen user access through a BS terminal.Therefore, the interference of information procedures is likely to have a critical social impact [53].An example of this occurred in 2001, which the satellite communication service was interrupted due to the high power caused by locating a VSAT terminal [13,50].

6) Greedy Behaviour Attack
During the channel negotiation process in both centralised and decentralised multi-hop networks, an attacker intends to maximise their throughput of using a spectrum through manipulating and changing the parameters of the MAC layer protocol [54][55][56][57].This is achieved by reporting false information regarding the available channel, which causes throughput collapse for other users.For instance, in decentralised networks, if a greedy user attempts to misbehave by starving the neighbouring node, the intermediate user will be affected and banned from transmitting its messages [13].

7) Malicious and Selfish Behaviour Attacks
In malicious behaviour, the attacker makes other cognitive users to make handoff from the current channel.This generally causes degrading of the network performance [29,41,[57][58].However, in selfish behaviour, the attacker intends to maximise their throughput by using a spectrum to disturb the normal process [59].www.ijacsa.thesai.org

8) Black and Grey Hole Attacks
Both black and grey hole attacks exist in decentralised networks, where an attacker pretends to be the destination node.Therefore, a sender can be easily deceived and start transmitting packets.The rate of dropping the transmitting packets is used to distinguish between these two attacks.In a black hole, the malicious user obtains all the transmitted packets; however, in the grey behaviour attack, a malicious user drops part of these transmitted packets [29,[60][61][62][63][64][65][66].

B. Specific Security Threats in CR Networks
Several potentially serious threats to network performance which increase spectrum availability to malicious users have been highlighted by researchers investigating CRN technology [9,13,67].Moreover, due to the unique characteristics of CRNs, they are more exposed to security threats which are usually not faced by conventional wireless technology.Therefore, security mechanisms play an important role in maintaining the network that is potentially affected by these kinds of threats [13].Malicious attacks are well known threats that target all layers in the CRN [9,13] with their own behaviour, which can affect network performance by attacking a particular layer.Some of the main security threats related to CRNs are identified in Figure 5.

Spectrum Management Security
Specific CRNs Threats Spectrum Sensing Security Spectrum Sharing Security Spectrum Mobility Security Fig. 5. Specific security threats in CRNs 1) Security in Spectrum Sensing Spectrum sensing is a major aspect of CRNs environments, providing the spectrum information about the appearance of the PU and the available channels [12,[32][33]68].Therefore, it is subjected to the most prevalent attacks that bring the network performance down by reporting the false results of the PU detection.As long as the security in spectrum sensing is concerned with controlling the network operation, attackers have their own malicious behaviour strategies, focusing instead on degrading the network spectrum performance by causing collisions or occupying the spectrum.This can result in potential security vulnerabilities that enable denial of service (DoS) attacks to be launched easily [67].Thus serious attacks can occur at this level of the spectrum, which are called primary users interference (PUI) and primary user emulation (PUE).
In PUE, an attacker can simulate a signal that resembles the signal of the PU, thereby misleading the SU [2,12,18,58,[69][70][71][72][73].In this case, the attacker has a chance to focus on the physical layer, pretending to be an authorised user by sending CR signals that are similar to PU signals, allowing them to deceive other SUs.This increases the availability of spectrum to the malicious user.The authors of [6,41,74] have proposed a simulation technique used by a malicious user, which involves a multiple stage attack that demonstrates the general influence on the network performance and other special effects on the SUs.Additionally, the authors' experiment results showed how the relationship between the performance improvements can be associated with the bands' availability and vice versa.However, in PUI, the attacker breaks the rules of the CRN mechanism by affecting network performance through interfering with PUs within the network.This forces the PU to use spectrum with noise and unavailable frequency band [13].This is also called a jamming message attack or lion attack, where an attacker transmits high signal power to disturb the PUs through TCP connection [9,41,43,75].
Several researchers have investigated and proposed algorithms to detect malicious behaviours in cooperative sensing of the spectrum in order to improve security in this stage.A detection scheme based on a past test report obtained through calculating the suspected point of secondary users, and computing the value of trust behaviour mechanism, is proposed in [74].The proposed algorithm is able to distinguish malicious from honest users within a network.However, [76] presented a data mining technique without needing priori information about a secondary user to detect misbehaviours.In addition, [67] explained that changing the spectrum modulation system strategy and protecting the location information of the PU, and using proactive techniques in transmission, can help to prevent DoS attacks at this stage.

2) Security in Spectrum Management
Spectrum management is considered to be the second task after obtaining the result from spectrum sensing.Once the available bands are allocated, spectrum management determines the proper spectrum for communications based on the desired characteristics for quality of service (QoS) [22].However, this stage cannot be safe from attacks.A forgery attack or tampering attack is designed to attack this particular level of the network element and involves the attacker transmitting incorrect spectrum sensing information to the data collection centre in order to deceive the secondary user, encouraging the wrong decision from spectrum management, which enables the malicious user to utilise the channel with superlative adaptive purpose [13,67].

3) Security in Spectrum Mobility
This stage refers to the mandatory process of seamlessly switching (handoff) from a current channel to another available one due to channel occupancy by the PU.With the appearance of the PU to utilise their assigned channel, a SU must vacate and select another available channel to initiate a new connection, resulting in greater energy consumption [22,67,[77][78].
However, from a security perspective, the availability of spectrum is reduced when there are a large number of malicious users, and this limited availability affects other legitimate SUs, who are required to vacate the current channel due to the appearance of the PU and to select another available channel [53,78].Moreover, a failed handoff to a proper channel may occur when an attacker forces SUs to vacate the channel by pretending to be the PU.As a consequence, it results in slower communication and requires additional time to resume the process of the communication [18,22,69].www.ijacsa.thesai.org

4) Security in Spectrum Sharing
As long as spectrum sharing is crucial to maintaining effective communication in traditional wireless networks through the application of the Medium Access Control (MAC) method, it is an area of great interest for a number of researchers, who have proposed different solutions for sharing the spectrum [80,[81][82][83].These solutions include a nondedicated common control channel [84], a hopping-based control channel [85] and a dedicated CCC, also known as a Dynamic Local Common Control Channel (DLCC) [86] (Figure 6).These approaches focus on achieving a proper level of sharing among cognitive users.In this paper, a brief explanation of the first two approaches has been given, while the third approach is the main one which is considered in detail.In this approach, a predefined non-dedicated CCC is assumed among a set of SUs.Hence, a number of CRN MAC protocols are designed for predicting that a CCC is already recognised and allocated to those SUs.Industrial, scientific and medical (ISM) or underlay ultra-wideband that is identified as unlicensed band can be the appropriate place to implement a control channel for cognitive users in order to exchange the control information [78,80,88].

b) Hopping-based Control Channel
This approach requires a predefined channel hopping sequence that is determined among SUs in order to achieve the hopping process over the existing licensed channels [87].Both the cognitive sender and receiver necessitate time and channel synchronisation [5].During this process, a proper channel is determined to be utilised to transmit data through exchange of control information between the sender and the receiver.Once successful control information is exchanged between both SUs, they end the hopping process and start with the second phase of transmitting data.After the completion of the data transmission phase, the synchronisation requests are recurred with the hopping sequence [23,80].

c) Dynamic Local CCC
The CCC technique is one of the methods used to facilitate the functional sharing process between two SUs in distributed cooperative CRNs.
In distributed cooperative systems, CCC is established between both the sender and the receiver for establishing a handshaking protocol [14,54,80,82,84,[90][91].In addition, CCC can be used to communicate with a base station through an existing centralised entity system [92].It is also employed to include the related information that has resulted from the spectrum sensing.Due to these effective functionalities, a number of researchers believe that CCC designed procedures can play a major role in promoting the initial exchange of information processes among cognitive nodes.However, from a security viewpoint, no spectrum sharing classifications, which are discussed in section 2, are secure against any malicious behaviour while they are not supported with security mechanisms for protection and detection (see table 1).Generally the attackers' intention is to determinate an effective strategy that exposes a predictable risk.For instance, when CCC is used in the cooperative method of decentralised CRNs for exchanging information about the available channels and the selected channel for data transmission between SUs, it is more prone to various attacks based on selfish and malicious behaviours [41][42].Because it is regarded as a valuable structure for the attacker to access the channel and gain the most sensitive information, a key approach for some types of attackers involves applying a PUE attack.Moreover, it is more exposed to other attack types such as eavesdropping and DoS, which can be launched easily due to existing weaknesses within the MAC layer, where poor authentication and an existing lack of encryption mechanisms enable an attacker to detect available channels that they can occupy to forge or drop MAC frames, as shown in Figure 7 [41,56,90].Another vulnerability in a CCC is where an attacker forges the transmitted packets to another path and causes collisions.As a consequence, this impedes the network performance and launches a DoS attack.Once a CCC is saturated by attackers, a large number of forged packets are generated to block the exchange of the control information, enabling DoS attacks to be easily launched against the network, hence affecting its performance.
Moreover, an author in [56] suggests that encryption must be applied between legitimate SUs for the exchange of control information; otherwise, it can be readable by attackers of other cognitive users.Also, it can protect the exchanged control information over the channel from predictable control channel hopping sequences, thereby preventing itself from being saturated [13,92].www.ijacsa.thesai.orgSince the layers within CRNs have their own characteristics and parameters [74,93], they are vulnerable and allow an attacker to make a decision to launch a specific attack for the purpose of degrading the whole network performance.In MAC layer frames, an adversary has a variety of aims for misbehaving and launching such an attack.For instance, a denial of the channel service is one of the serious threats that lead to the network degradation between both sender and receiver.This attack occurs when the attacker saturates the CCC till it becomes weak for attacking [8].In addition, selfish behaviour is another example of an attack that can also exist in the MAC layer, in which an attacker does not follow the normal process of communication.Therefore, in order to provide a defence against these threats, security mechanisms are required in the MAC layer to provide authentication, authorisation and availability (AAA) in the CRNs.Incorporating these security features can lead to the exchange of complete and reliable secure MAC frames among cognitive users [9,13,94].Thus, several studies have been conducted for secure MAC protocols in CRNs [11,[14][15][94][95][96][97][98][99][100][101].They are classified into two categories, based on protection and detection techniques for addressing the security requirements and to defend the existing security issues in MAC protocols in CRNs.

A. Protection Mechanism in CRNs
In general, a number of researchers [11,15,[94][95][96][97][99][100]] have made efforts to address the security requirements and provide secure communication among SUs by applying different security mechanisms, such as authentication and authorisation access by different techniques, within a CRN.Their proposed procedures include digital signatures, certification authority (CA), and trust-based third parties entities like server and base stations.While these solutions may be effective in some ways, they have some drawbacks.

1) Digital Signature
In [11,15,99] proposed different protection systems based on applying a digital signatures for protecting the network from DoS attacks and providing secure communication.Their approaches involve the activities of a CA, PUs, and both PUs' and SUs' base stations.However, the main differences of these mechanisms are that the BSs are connected to the CA using wire links in [15], while in the [99] approach, an asymmetric key scheme instead of a CA is mainly used.

2) Certificate Authority
Another effective traditional approach-based CA on the application layer for achieving the same purpose of authentication is presented in [100,101].The proposed method uses both EAP-TTLS (for establishing a secure connection) and EAP-SIM (for authenticating the user) algorithms.

3) Trust Values Procedures
Other techniques based on trust values procedures are proposed in [95][96] to address and analyse the issues within CRNs.Based on this, the trust value will be calculated, which leads to the decision that will either allow the current user to utilise the available licensed channel or not.

4) Other Framework Architectures
Security for authentication and authorisation architecture frameworks have been proposed in [94,97].Both techniques require third-party entities for appropriate access policies to the spectrum.Authors in [94] use a technique based on processing user identification in the system and providing the user preferences to third parties according to privacy rules.Based on this, the user will be authenticated and then will determine whether or not a data port would be used.However the subsequent architecture in [97] consists of two layers, which are up-layers for authentication purpose and encryption techniques, while the physical layer is for securing and protecting the spectrum.
Overall, while these proposed mechanisms are effective in some way for protecting the networks from forgery and DoS attacks, they are not applicable in a decentralised environment www.ijacsa.thesai.orgbecause a third-party node is incorporated in order to verify the identity and provide security key managements to end users.Therefore, the security and challenges in decentralised CRNs still arise and require defensive techniques for securing communication among cognitive users.Table 2 demonstrates the pros and cons of the proposed protection mechanisms.

Pro
Effective security mechanism due to identifying and verifying the user and the server respectively.

Con
Requires a third-party to verify the user identity.Also the mechanism has not been simulated and tested to ensure security against malicious behaviours.

Pro
It is an additional procedure that can be built on the top of other security techniques to increase the level of the protection and detection in term of secure communication.

Con
Requires a third party procedure is to provide previous information of a node.Moreover, when a new node joins the network, the CA will not be able to provide reference for that particular user.Hence the mechanism does not operate in strong fixed level of the authentication for all cognitive users equally.

B. Detection schemes in CRNs
Authors in [14,98,102] have focused on the detection mechanisms in CRNs.Their proposed techniques address a variety of attacks caused by malicious and selfish behaviours, and the pros and cons of these mechanisms are illustrated in table 3.

1) Selfish behaviour
Selfish behaviour detection techniques for the CCC are proposed in [14,103], where a puzzle punishment model is applied for bad behaviour activities in a situation where a receiver is asked for a new hidden channel that has not been included previously.Thus, the sender would be a suspicious case.Therefore, the receiver applies the puzzle punishment to detect whether the sender is a selfish node or not.If the sender node solves the puzzle, they will be considered as a legitimate user and communication will be resumed normally; otherwise, the communication will be disconnected.Another technique called Cooperative neighboring cognitive radio Nodes (COOPON) is applied among a group of neighbouring users to detect selfish nodes who broadcast fake channel lists.Consequently, neighbouring users can detect the selfish users by comparing the transmitted channel list of the target user with their lists.

2) Timing parameters
Another detection mechanism was proposed in [102].They presented a mechanism that relies on timing parameters at MAC layer.When the negotiation phase is taking place, the node, which receives a request, sets up timing parameters for controlling the time interval.This forces the sender to transmit data without getting a higher rate.If the sender does not obey and sends packets more frequently, the receiver node takes action against the sender.Then the receiver node analyses the sender's misbehaviour and broadcasts the information over the current network.

3) Anomalous spectrum usage attacks (ASUAs)
The others in [98] presented a cross-layer technique for CRNs for detecting ASUAs.Collecting the information on both the physical and network layers provides an awareness of the current spectrum.It operates against the PUE and jamming attacks to provide successful access to the spectrum.As long as secure communication is crucial for the exchange of information between SUs, the primary security concerns in decentralised CRNs are authentication and data confidentiality.Compromising on these elements can potentially lead to the modification, forgery or eavesdropping of the MAC frames in CR networks, which could, in turn, increase the chance of DoS attacks that would adversely affect the performance of the network.However, these security factors in ad hoc CRNs have received relatively little attention in the literature, perhaps due to their complex nature and dynamic topology [104].These must be investigated properly in order to meet the security needs of the CRNs' technology.Further research is required in order to support the security requirements, especially to provide authentication assurance for the authorised access.These requirements assist in maintaining secure communication and enable the provision of available resources in distributed multi-hop CR environments, while simultaneously avoiding external threats.Moreover, a proper high-level encryption method is required to support secure communication between end users, although due consideration should be given to the inherent power limitations of the devices.This issue is also important because of the lack of a central entity that provides security and key management to end users.Thus, the implementation of a secure CR MAC protocol must involve the design and implementation of a robust, secure system that can achieve authentication, availability, confidentiality, integrity, non-repudiation, anonymity, and authorisation for granting security demands.This is of fundamental importance because CR users need to incorporate security by all possible means to ensure the protection of the relatively vulnerable network operations.

VII. CONCLUSION
Cognitive radio networks are a remarkable area for researchers due to their use of intelligent technology for providing a solution that utilises the available spectrum efficiently.However, security is a crucial aspect of CRNs to achieve successful communication between cognitive users.Due to some unique characteristics in CRNs, different new threats to CR functions exist, such as PUE and PUI in spectrum sensing, Tampering attacks in spectrum management, failed handoffs in spectrum mobility, and MAC threats like eavesdropping, forgery, and selfish behaviour attacks in spectrum sharing are other threats.Therefore, CRN is far more exposed to security threats than those facing the conventional wireless technology.This paper presented a comprehensive survey about the challenges and security in CRNs.The information is presented as a hierarchical structure, starting with challenges and then threats in spectrum sensing, spectrum management, and spectrum mobility.A major portion of the paper has been dedicated to spectrum sharing because it has been the main motivation behind this overview.Moreover, it introduced the spectrum sharing mechanisms: Non-dedicated CCC, hopping-based control channel and more details about the common control channel were chosen for investigation and highlighted the potential existing threats and vulnerabilities.The paper also highlighted several potentially serious threats to network performance in both centralised and ad hoc CRNs.As a result, the most recent detection and protection mechanisms were discussed in terms of their pros and cons and compared for the purpose of addressing the security issues in CRNs.
Finally, some open research issues and challenges were presented, which must be met to ensure secure operation of CRNs.
For future work, a hybrid secure MAC protocol for CRN is proposed in [105].The protocol is analysed and designed for addressing the security requirements, such as authentication, confidentiality, integrity, and non-repudiation.It also addresses most of the security issues in decentralised CRN, such as spoofing, eavesdropping, and forgery attacks.Therefore, the implementation stage of the proposed protocol is in progress in order to provide results that will be compared with others belonging to different secure protocols.

Fig. 4 .
Fig. 4. Common security threats in conventional wireless and CR Networks

Fig. 6 .
Fig. 6. Specific security threats in CRNs a) Non-dedicated CCCIn this approach, a predefined non-dedicated CCC is assumed among a set of SUs.Hence, a number of CRN MAC protocols are designed for predicting that a CCC is already recognised and allocated to those SUs.Industrial, scientific and medical (ISM) or underlay ultra-wideband that is identified as unlicensed band can be the appropriate place to implement a control channel for cognitive users in order to exchange the control information[78,80,88].

TABLE I .
OVERVIEW OF THE ATTACKS OCCURRING AT DIFFERENT CR

TABLE III .
DETECTION MECHANISMS IN COGNITIVE RADIO NETWORKS the cooperation between a group of cognitive users which involve identifying selfish users in COOPON technique and demand of solving the puzzle to resume the communication in puzzle punishment system.Moreover, the timing parameter procedure easily addresses DoS attack due to the presence of the centralised entity, which controls the cognitive users' communication.Table4gives information about achieving the security requirements and addressing the MAC layer attacks for each proposed scheme in both centralised and decentralised CRNs.
However, they are effective in selfish behaviour's detection www.ijacsa.thesai.orgdue to