Preserving secondary users' privacy in cognitive radio networks

Abstract

Cognitive radio plays an important role in improv- ing spectrum utilization in wireless services. In the cognitive radio paradigm, secondary users (SUs) are allowed to utilize licensed spectrum opportunistically without interfering with primary users (PUs). To motivate PU to share licensed spectrum with SU, it is reasonable for SU to pay PU a fee whenever the former is utilizing the latter's licensed spectrum. SU's detailed usage information, such as when and how long the licensed spectrum is utilized, is needed for PU to calculate payment. Providing usage information to PU, however, may compromise SU's privacy. To solve this dilemma, we are the first to propose a novel privacy- preserving mechanism for cognitive radio transactions through commitment scheme and zero-knowledge proof. This mechanism, on one hand, only allows PU to know the total payment to SU for a billing period, plus a little portion of SU's usage information. On the other hand, it guarantees PU that the payment is correctly calculated. We have implemented our mechanism and evaluated its performance. I. INTRODUCTION Cognitive radio has emerged as a fundamental approach in improving the utilization of spectrum resource through dynamic spectrum sharing. As a key technology in wireless communication, cognitive radio enables secondary users (SUs) to opportunistically share the licensed spectrum with primary users (PUs). To make the spectrum sharing attractive, it is essential to design incentive mechanisms for both PU and SU. It is reasonable that the owner of the licensed spectrum, i.e., PU, charges SU whenever the latter is utilizing licensed spectrum. Recently, several approaches, such as game theory and auction theory, have been applied to this topic, maximizing either PU's interests or the social welfare. However, SU's privacy in cognitive radio transactions has been neglected or left untouched. In a typical cognitive radio transaction, SU's payment to PU depends on SU's detailed usage information, such as when and how long the licensed spectrum has been utilized. PU needs this usage information to calculate or verify the payment, but detailed usage information is sensitive to SU and the disclosure of this information may compromise SU's privacy. Therefore, protecting PU's interests and preserving SU's privacy simultaneously becomes very challenging. To the best of our knowledge, none of the existing work has addressed this problem in cognitive radio transactions. In this paper, we propose a novel privacy-preserving mech- anism for cognitive radio transactions. This mechanism not only preserves SU's privacy but also protects PU's interests. In this mechanism, PU only knows a little portion of SU's sensitive information during a billing period with the result that SU's privacy is preserved. At the same time, PU knows the total payment for a billing period and is guaranteed that the payment is correctly calculated and PU's interests are protected. This mechanism employs commitment schemes and zero-knowledge proof. At the end of a billing period, SU commits all detailed usage information and the payment for each utilization instance, and provides a zero-knowledge proof for each utilization instance that the payment is correctly calculated. These commitments and proofs, along with the total fee, are sent to PU. Due to the hiding property of the commitment scheme, the commitments do not reveal any information about the detailed usage information. Due to the binding property of the commitment scheme, SU cannot deny the values that are used to create the commitments. Further- more, by verifying the zero-knowledge proofs provided by SU, PU is able to verify that the payment for each utilization instance is correct. To prevent SU from committing fraud, such as choosing not to submit all utilization instances or submitting false utilization instances, we introduce a random-checking monitor that can provide some ground-truth information on the spectrum utilization status. PU can opportunistically query the monitor to ask for a few pieces of ground-truth information, and use this information to challenge SU. Once SU is chal- lenged, it must provide proofs to match the random-checking information. Our main contributions in this paper are three-fold. First, we have pointed out an important security problem in cognitive radio literature, preserving SU's privacy, which has been ne- glected for a long time. Second, we are the first to address this problem and have proposed a privacy-preserving mechanism to protect PU's interests and preserve SU's privacy at the same time. Third, we have implemented our mechanism and evaluated its performance.