skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Learning-Based Secure Spectrum Sharing for Intelligent IoT Networks
In intelligent IoT networks, an IoT user is capable of sensing the spectrum and learning from its observation to dynamically access the wireless channels without interfering with the primary user’s signal. The network, however, is potentially subject to primary user emulation and jamming attacks. In the existing works, various attacks and defense mechanisms for spectrum sharing in IoT networks have been proposed. This paper systematically conducts a targeted survey of these efforts and proposes new approaches for future studies to strengthen the communication of IoT users. Our proposed methods involve the development of intelligent IoT devices that go beyond existing solutions, enabling them not only to share the spectrum with licensed users but also to effectively thwart potential attackers. First, considering practical aspects of imperfect spectrum sensing and delay, we propose to utilize online machine learning-based approaches to design spectrum sharing attack policies. We also investigate the attacker’s channel observation/sensing capabilities to design attack policies using time-varying feedback graph models. Second, taking into account the IoT devices’ practical characteristics of channel switching delay, we propose online learning-based channel access policies for optimal defense by the IoT device to guarantee the maximum network capacity. We then highlight future research directions, focusing on the defense of IoT devices against adaptive attackers. Finally, aided by concepts from intelligence and statistical factor analysis tools, we provide a workflow which can be utilized for devices’ intelligence factors impact analysis on the defense performance.  more » « less
Award ID(s):
2229885 2131507 2100804
PAR ID:
10522325
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
979-8-3503-0927-0
Page Range / eLocation ID:
1 to 8
Format(s):
Medium: X
Location:
San Francisco, CA, USA
Sponsoring Org:
National Science Foundation
More Like this
  1. (, Who Are You?! Adventures in Authentication Workshop)
    Password-based mobile user authentication is vulnerable to a variety of security threats. Shoulder-surfing is the key to those security threats. Despite a large body of research on password security with mobile devices, existing studies have focused on shaping the security behavior of mobile users by enhancing the strengths of user passwords or by establishing secure password composition policies. There is little understanding of how an attacker actually goes about observing the password of a target user. This study empirically examines attackers’ behaviors in observing passwordbased mobile user authentication sessions across the three observation attempts. It collects data through a longitudinal user study and analyzes the data collected through a system log. The results reveal several behavioral patterns of attackers. The findings suggest that attackers are strategic in deploying attacks of shoulder-surfing. The findings have implications for enhancing users’ password security and refining organizations’ password composition policies. 
    more » « less
  2. ; ; ; ; ; (, IEEE Transactions on Industrial Electronics)
    Industrial Internet of Things (IIoT) has been shown to be of great value to the deployment of smart industrial environment. With the immense growth of IoT devices, dynamic spectrum sharing is introduced, envisaged as a promising solution to the spectrum shortage in IIoT. Meanwhile, cyber-physical safety issue remains to be a great concern for the reliable operation of IIoT system. In this paper, we consider the dynamic spectrum access in IIoT under a Received Signal Strength (RSS) based adversarial localization attack. We employ a practical and effective power perturbation approach to mitigate the localization threat on the IoT devices and cast the privacy-preserving spectrum sharing problem as a stochastic channel selection game. To address the randomness induced by the power perturbation approach, we develop a two-timescale distributed learning algorithm that converges almost surely to the set of correlated equilibria of the game. The numerical results show the convergence of the algorithm and corroborate that the design of two-timescale learning process effectively alleviates the network throughput degradation brought by the power perturbation procedure. 
    more » « less
  3. ; ; ; (, ACM Transactions on Internet Technology)
    Internet of Things (IoT) devices have been increasingly deployed in smart homes to automatically monitor and control their environments. Unfortunately, extensive recent research has shown that on-path external adversaries can infer and further fingerprint people’s sensitive private information by analyzing IoT network traffic traces. In addition, most recent approaches that aim to defend against these malicious IoT traffic analytics cannot adequately protect user privacy with reasonable traffic overhead. In particular, these approaches often did not consider practical traffic reshaping limitations, user daily routine permitting, and user privacy protection preference in their design. To address these issues, we design a new low-cost, open source user-centric defense system—PrivacyGuard—that enables people to regain the privacy leakage control of their IoT devices while still permitting sophisticated IoT data analytics that is necessary for smart home automation. In essence, our approach employs intelligent deep convolutional generative adversarial network assisted IoT device traffic signature learning, long short-term memory based artificial traffic signature injection, and partial traffic reshaping to obfuscate private information that can be observed in IoT device traffic traces. We evaluate PrivacyGuard using IoT network traffic traces of 31 IoT devices from five smart homes and buildings. We find that PrivacyGuard can effectively prevent a wide range of state-of-the-art adversarial machine learning and deep learning based user in-home activity inference and fingerprinting attacks and help users achieve the balance between their IoT data utility and privacy preserving. 
    more » « less
  4. ; ; (, 2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM))
    Spectrum sensing enables secondary users in a cognitive radio network to opportunistically access portions of the spectrum left idle by primary users. Tracking spectrum holes jointly in time and frequency over a wide spectrum band is a challenging task. In one approach to wideband temporal sensing, the spectrum band is partitioned into narrowband subchannels of fixed bandwidth, which are then characterized via hidden Markov modeling using average power or energy measurements as observation data. Adjacent, correlated subchannels are recursively aggregated into channels of variable bandwidths, corresponding to the primary user signals. Thus, wideband temporal sensing is transformed into a multiband sensing scenario by identifying the primary user channels in the spectrum band. However, future changes in the configuration of the primary user channels in the multiband setup cannot generally be detected using an energy detector front end for spectrum sensing. We propose the use of a cepstral feature vector to detect changes in the spectrum envelope of a primary user channel. Our numerical results show that the cepstrum-based spectrum envelope detector performs well under moderate to high signal-to-noise ratio conditions. 
    more » « less
  5. (, 2021 Fall ASEE Middle Atlantic Section Meeting)
    The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email