CRNs face unique security problems not faced by conventional wireless networks. The current focus of the CR/Software-Defined Radio (SDR) community is on preventive security measures that secure the radio software download process and on schemes that thwart the tampering of radio software once it is installed. However, preventive security is not sufficient. CRNs are alsomore open to attacks such as jamming and selfish node misbehaviour. Authentication of the users can prevent use of the network by unauthorised users.
Identification of the primary user is vital to grant access and prioritise resources, services, etc., and therefore the use of non-forgetable characteristics of primary user signals is a must in order to identify and authenticate primary users successfully. This requires tighter architectural integration of CR identification and network identification. In other words a single set of user credentials are desirable. The solution here is CRN Admission Control (CRNAC), which is used in the 802.1x. For user identification, identity management is required, which is a collection of tools and processes that manage the lifecycle of information elements that constitute a user’s digital identity. Some of the functions that identity management addresses include the following:
• Identifying the entities that interact in the system, authenticating each entity and applying authorisation rules as specified by policies, billing and auditing.
• Providing information about an entity (e.g., device capabilities, service features, user preferences, or roles) to other system entities or third parties, according to privacy management rules.
Each CR node needs to be 802.1x-enabled. When user authentication is requested, the CR node creates two virtual ports through which traffic will flow. One port is for control traffic and the other is for data; by default, the port that carries the data is disabled; only the port for carrying the control (Extensible Authentication Protocol overWireless (EAPOW)) traffic is opened, but this will not carry data traffic if authentication has not been completed.
Next, a security role or clearance server is required. Security roles are necessary for better management and control over the access on a security system, and they also enhance usability of the provided policy administration tools. Security roles are directly associated with the appropriate access policies as these are applied onto the access control lists of CR nodes; for example, policy decision points need to have access at all time to this association. This information is therefore necessary when availability anytime-anywhere is required. These needs, however, pose a great challenge to security.
The integrity and secure handling of this association is mandatory in order to;
• avoid false delegation of rights and granting of privileges to users, which may subsequently harm the system;
• avoid denial of service to users who should have rights and privileges when the system fails to make use of the relevant associations and credentials.
The illustration below depicts the security framework architecture for CRNs through mutual authentication based on a 802.1x and AAA server working in concert with layer 3 networking security features such as firewall, virtual private network, intrusion detection and protection mechanisms.
