Asynchronous Channel-Hopping Scheme under Jamming Attacks

Cognitive radio networks (CRNs) are considered an attractive technology to mitigate inefficiency in the usage of licensed spectrum. CRNs allow the secondary users (SUs) to access the unused licensed spectrum and use a blind rendezvous process to establish communication links between SUs. In particular, quorum-based channel-hopping (CH) schemes have been studied recently to provide guaranteed blind rendezvous in decentralized CRNs without using global time synchronization. However, these schemes remain vulnerable to jamming attacks. In this paper, we first analyze the limitations of quorum-based rendezvous schemes called asynchronous channel hopping (ACH). -en, we introduce a novel sequence sensing jamming attack (SSJA) model in which a sophisticated jammer can dramatically reduce the rendezvous success rates of ACH schemes. In addition, we propose a fast and robust asynchronous rendezvous scheme (FRARS) that can significantly enhance robustness under jamming attacks. Our numerical results demonstrate that the performance of the proposed scheme vastly outperforms the ACH scheme when there are security concerns about a sequence sensing jammer.


Introduction
e unlicensed spectrum band has become overcrowded as the demand for smart phones and portable devices has increased, while the licensed spectrum band is always underutilized (e.g., the occupancy of the licensed spectrum is less than 6% [1]).To solve the spectrum scarcity issue in wireless communications, the Federal Communications Commission (FCC) allows the unlicensed users (i.e., secondary users) to make use of the licensed spectrum as long as they do not interfere with the licensed users (i.e., primary users) [2,3].
is promising paradigm introduces the use of cognitive radio networks (CRNs) as a key technology for opportunistically exploiting the spectrum.In CRNs, secondary users (SUs) must establish a link before communicating with each other.In other words, two SUs should meet on a common channel, which is not occupied by primary users (PUs), to exchange handshake information.is is often referred to as a rendezvous process.e best known approach to solving the rendezvous problem is using a common control channel (CCC) [4,5].e advantages in using this approach are the simple implementation and management of a rendezvous.However, maintaining a CCC in CRNs is not feasible since the availability of the spectrum will change dynamically over time.Moreover, this approach may result in a bottleneck, and it potentially creates a single point of failure.
erefore, the rendezvous process in a distributed manner without having any centralized controller or dedicated CCCs is preferable in a more practical scenario.is process is often referred to as a blind rendezvous.To achieve blind rendezvous, a channel-hopping (CH) technique is used as a fundamental strategy to visit the available channels.Most research regarding CH algorithms consider that the time is divided into slots; thus, a successful rendezvous can be achieved when two SUs hop on the same channel in the same timeslot.e number of timeslots that are required until the successful rendezvous after all SUs have begun their CH sequences is defined as time to rendezvous (TTR).According to the geographical locations of the SUs, the number of available channels sensed by each SU might not be the same.If all SUs have the same number of available channels, we call this the symmetric system.All others are asymmetric systems.For reliable performance in CRNs, most CH schemes must guarantee rendezvous in more than one channel within a sequence period, and the TTR value must be bounded and small.To evaluate the performance of proposed CH schemes, two critical metrics are commonly used: the maximum TTR (MTTR) and the expected TTR (ETTR).
ere has been a great deal of research directed toward providing guaranteed rendezvous as well as minimizing MTTR.In particular, quorum-based rendezvous algorithms are well-known schemes for providing some level of security under hostile jamming attack scenarios with low time latency.However, these schemes remain vulnerable to sophisticated jamming attacks.In this paper, we present a noble sequence sensing jamming attack (SSJA) in which the jammer can estimate the SU's channel-hopping sequences quickly and begin jamming the rest of the timeslots.We then examine the limitations of those quorum-based rendezvous schemes including frequency quorum rendezvous (FQR) [6] and asynchronous channel-hopping (ACH) [7] schemes under a sophisticated jamming attack.Since FQR requires time synchronization between SUs, we focus more on ACH rendezvous scheme for evaluating the effectiveness of SSJA.Moreover, we introduce our proposed fast and robust asynchronous rendezvous scheme (FRARS) that can reduce TTR as well as increase robustness significantly against jamming attacks.e contributions of this paper are twofold: first, we analyze the limitations of the well-known quorum-based rendezvous scheme under a sophisticated jamming attack by introducing a novel SSJA model.In the SSJA, a jammer can detect the sender's entire CH sequence of ACH schemes on N/2 time frames, where N is the number of available channels.us, the rendezvous success rates of ACH schemes will be dramatically decreased under SSJAs.Second, we present our proposed FRARS in order to evaluate the performance under an SSJA.We include a theoretical analysis in addition to extensive numerical analysis under SSJAs.Our numerical results demonstrate that our proposed scheme outperforms others that are recently proposed.e balance of this paper is organized as follows.In Section 2, we review related work in CRNs.In Section 3, we introduce SSJA model and present several CH schemes including FQR and ACH as well as our proposed FRARS.e numerical analysis of our jamming attack for both ACH and FRARS and the results are discussed in Section 4. Section 5 concludes this paper.

Related Work
Due to the drawbacks of using a centralized controller or dedicated CCC, many studies have focused on blind rendezvous systems.To solve the blind rendezvous problem in CRNs, a purely random [8] or an improved random algorithm [9] provides a trivial CH algorithm where each SU hops from one channel to another among available channels in a purely random way.at is, when two SUs hop on the same channel at the same time by chance, rendezvous occurs.ese schemes can be applied to almost any system but cannot guarantee a bounded TTR between any two SUs.

Synchronous Rendezvous Algorithms.
To achieve guaranteed rendezvous in finite time, several algorithms have been proposed with the assumption of global time synchronization [10][11][12].Bahl et al. [10] proposed a link-layer protocol called Slotted Seeded Channel Hopping (SSCH) that increases the capacity of an IEEE 802.11 network by utilizing frequency diversity.Krishnamurthy et al. [11] proposed a two-phase autoconfiguration algorithm that enables SUs to dynamically compute the globally common channel set in a distributed manner.Bian et al. [12] introduced quorum-based two CH schemes, namely, M-QCH and L-QCH: the first design ensures ETTR by minimizing the MTTR and the second design guarantees the even distribution of the rendezvous points in terms of both time and frequency.However, these synchronous systems may not be feasible in certain types of networks, for example, ad hoc networks.Moreover, under the assumption of synchronization, the impact of a jamming attack can be significant.

Asynchronous Rendezvous Algorithms.
To overcome these challenges, many asynchronous CH algorithms (i.e., one that does not require clock synchronization) have been proposed recently in the literature [13][14][15][16][17][18][19][20][21].DaSilva and Guerreiro [13] proposed a sequence-based rendezvous and was later referred to as the generated orthogonal sequence (GOS) algorithm in which all SUs use the identical predefined CH sequences.
is algorithm is used with interspersed permutation channels to guarantee rendezvous even when SUs are not synchronized.eis et al. [14] showed better performance than that of GOS in terms of ETTR by presenting modular clock (MC) and modified modular clock (MMC) algorithms.In the MC system, the SUs can rendezvous any time although they independently generate their CH sequences by using prime number and rate (forward-hop).Lin et al. [15] proposed a jump-stay (JS) algorithm in which each SU has a jump and stay pattern to find a common channel.Intuitively, SUs jump on available channels during the jump pattern and stay on a specific channel during the stay pattern.e enhanced jump-stay (EJS) algorithm [16] was also proposed by the same authors to improve the MTTR and ETTR performances for asymmetric systems.Liu et al. [17] introduced the ring walk (RW) algorithm to guarantee asynchronous rendezvous by using the concept of velocity.e SUs in this scheme walk on the ring by visiting vertices of channels with different velocities.e higher velocity SU will eventually catch the lower velocity SU.Chuang et al. [18] presents a new alternate HOP-and-WAIT channel-hopping method (E-AHW) to minimize the time to rendezvous (TTR) than existing methods.In this method, each SU has a unique alternating sequence of HOP and WAIT.Most recently, Salehkaleybar et al. [22] proposed periodic jump rendezvous (PJR) and modified version of PJR (mPJR) algorithms for role-based and nonrole-based cases, respectively, in order to reduce TTR.Pu et al. [23] studied the dynamic rendezvous problem in CRNs where the status of the licensed channels varies over time by introducing the available channel probabilities. is work aims to propose more 2 Mobile Information Systems realistic models under adversaries as a future work.us, the vulnerability against a sophisticated jamming attack is not addressed.e deterministic rendezvous sequence (DRSEQ) and channel rendezvous sequence (CRSEQ) algorithms proposed in [19,20] provide fast asynchronous rendezvous under symmetric and asymmetric models, respectively.e upper bounds of MTTR of those algorithms are significantly small as shown in [24].Yadav and Misra [21] develop an algorithm that generates a deterministic CH sequence, which guarantees rendezvous even faster than the DRSEQ algorithm.However, they are not applicable to jamming attack scenarios due to deterministic CH sequences.

Jamming Attack Scenarios.
Most of the aforementioned algorithms focus on minimizing MTTR without using time synchronization in either symmetric or asymmetric scenarios.None of them are considered to be robust in jamming attack environments.In wireless communications, an adversary (enemy and jammer) is a malicious entity that can easily disrupt legitimate communications by intentionally injecting noise-like signals (or dummy packets) into the wireless medium.To alleviate this vulnerability problem in CRNs, quorum-based rendezvous schemes are proposed in [6,7].e FQR algorithm [6] exploits a quorum system where each SU independently constructs a random sequence by scrambling the sender's frequency quorum sequences for every frame as will be addressed in the next section.is makes jamming difficult and inefficient.An enhanced version of FQR, advanced FQR (AFQR) algorithm [6], adds more timeslots mapping random frequency channels at arbitrary positions within each frame to improve the rendezvous probability while it might degrade time overhead with the increased number of timeslots in a period.However, FQR only supports synchronous systems where any two SUs must start their sequences at the same time in order to rendezvous.Abdel-Rahman and Krunz [25] studied the rendezvous problem in the presence of an insider attack using a gametheoretic framework.is work showed that the rendezvous performance improves if the receiver and jammer are time synchronized and both have a common guess about the transmitter's strategy.However, the jammer model in this work is not a smart jammer but an insider jammer.us, the vulnerability against a sophisticated jamming attack is not addressed.Bian and Park [7] proposed a quorum-based ACH algorithm to ensure that the TTR is upper bounded even if the SU's clocks are asynchronous, and it maximizes the rendezvous probability between any pair of SUs by enabling rendezvous on every available channel.e sender and the receiver in an ACH algorithm independently generate their own sequences and rendezvous within a favorable amount of time compared to other schemes.Nevertheless, the ACH algorithm is significantly vulnerable to a sophisticated jamming attack.A survey paper [26] on jamming and antijamming techniques shows the classification of jammers.As a reactive channel-hopping jammer, we introduce an SSJA model in this paper to show how effectively it attacks the ACH system by adding more sophisticated capabilities such as estimating the SU's CH sequence within a short time.To overcome this vulnerability against SSJA, we proposed a FRARS algorithm that employs randomized permutation in every period.Due to the random features of FRARS, it is unfeasible for the SSJA to estimate the CH sequences.us, the effectiveness of the SSJA is negligible for the FRARS.Our proposed scheme is comparable to the ACH algorithm since both the sender and the receiver in FRARS independently generate their own sequences like those in ACH. e performance results of FRARS as compared with ACH will be addressed in Section 4.

Channel-Hopping Schemes
In this section, we present two well-known quorum-based rendezvous schemes, FQR and ACH algorithms, with a brief definition of a quorum system.en, we introduce the SSJA model to show how effectively it attacks quorumbased rendezvous schemes.We also present our FRARS algorithm to enhance robustness against jamming attack and compare the effectiveness of the SSJA on ACH and FRARS.

e Quorum System.
A quorum system has two fundamental properties, that is, the intersection property and the rotation closure property [27].All quorum systems hold the intersection property, but the rotation closure property may not be present in some cases.e FQR exploits a cyclic quorum system [28] to design a set of hopping sequences.We provide those definitions in this subsection, and we borrow all the terminologies defined in [6,7,27,28].
} of N elements, a quorum system Q under U is a collection of nonempty subsets of U, which satisfies the intersection property: Each p or q ∈ Q is called a quorum, and Z N denotes the set of nonnegative integers less than n.Given a nonnegative integer k and a quorum q in a quorum system Q under the universal set U, we define rotate(q, k) Definition 2. A quorum system Q under U has the rotation closure property if the following holds: and k ≤ N is called a cyclic (N, k) difference set if for every d ≢ 0 mod N there exists at least one ordered pair (a i , a j ), where a i , a j ∈ D, such that a i − a j ≡ d mod N, that is, d is a difference value between two elements of D.
Figure 1(a) shows FQR sequences of both sender and receiver, respectively.It also shows that the sender and receiver rendezvous on frequency 1 at time T 6 .
e upper bound of TTR of FQR system is only k 2 timeslots, which is approximately, equal to N. In AFQR, one more timeslot is added into each frame of the X sequence, and it is assigned a random frequency f i such that f i ∉ C k , where C k is a quorum selected by the sender.at is, the selected frequency f i is inserted into a random timeslot in each frame as shown in Figure 1(c).Although this will increase the length of the time period (i.e., k(k + 1) timeslots), the expected number of rendezvous within k(k + 1) timeslots also increases to 1 + (k − 1/N − k). e selected frequency index 5 is added to the sequence in Figure 1(c); thus, one more rendezvous on frequency 5 at time T 0 is provided.e techniques used in FQR and AFQR such as scrambling the hopping sequence and inserting additional timeslots make it difficult for a jammer to predict the hopping sequences.However, these schemes are not appropriate in an emergency or tactical scenario where time synchronization between randomly meeting nodes cannot be assumed.Figures 1(b) and 1(d) show that a clock shift nullifies the guaranteed upper bound of rendezvous.

ACH Base System.
In ACH system, the TTR between any pair of CH sequences is upper bounded without requiring clock synchronization by exploiting two properties of the array-based quorum systems: the intersection property and the rotation closure property.Let u denote the CH sequence of an SU and Tdenote a period of the CH sequence: u � u 0 , u 1 , . . ., u i , . . ., u T−1  , where u i ∈ [0, N − 1] is the channel index of sequence u in the ith timeslot of a CH period.e SUs in ACH generate their CH sequences by using an N × N array-based quorum system and assigning channel index values to quorums' columns or spans.e sender and receiver construct different CH sequences for rendezvous in ACH. e sender assigns N channel indexes to the N columns of an N × N array, S[•][•], such that each column has different channel indexes and all array elements in the same column are assigned the same channel index.If we denote h j the channel index value assigned to the jth column, where j ∈ [0, N − 1], the sequence of the sender will be constructed by the following way: , such that each span has a different channel index and all array elements in the same span are assigned the same channel index.Let s k denote the kth span and h k denote the channel index value assigned to the s k , where k ∈ [0, N − 1]. e sequence of the receiver will be constructed in the following way: . erefore, the sender's sequence u and receiver's sequence v are generated by using the two N × N arrays, and the period of the sequences will be N 2 .Figure 2 shows an example of the ACH system when N � 3.
Without loss of generality, the sender's sequence u starts first and then i timeslots later, the receiver's sequence v starts.e operation rotate (u, i) yields a new CH sequence u * , where all the elements in the same column are assigned the same channel index.us, u * and v have N distinct rendezvous channels within a sequence period T � N 2 .It is obvious that the asynchronous rendezvous problem is solved in ACH system since the sender and receiver CH sequences satisfy the rotation closure property.

3.4.
e Sequence Sensing Jamming Attacks.To evaluate the performance of the ACH system under a sophisticated jamming attack, we present a noble sequence sensing jamming attack (SSJA) model in which a jammer can estimate the SU's CH sequences.Since one period of the sender's CH sequence consists of N repeated N timeslots (T � N 2 ), a jammer can effectively nullify the whole ACH system by estimating only N channels (one subperiod).We call this subperiod a frame, that is, one period of the ACH sequence consists of N frames.We assume that the number of available N channels does not change during a sequence period T to clearly illustrate the characteristics of the SSJA.We also assume that the jammer resides in the network before the communication starts, that is, the jammer waiting for the sender starts its sequence and the sender does not know of the existence of the jammer.We also assume that the jammer has capabilities similar to those of the normal user with one transmitting channel and one listening channel.us, the jammer knows the number of N available channels whenever it changes due to the occupation of PUs. e jammer randomly selects one distinct listening channel and waits until the sender hops to that channel.As soon as the jammer detects one channel, it chooses another channel (not previously tried) for detecting the next channel.erefore, on average, the jammer can detect two channels within a frame (N timeslots) of the sequence.For all detected channels, the jammer immediately jams those channels for the rest of the ACH sequence.Moreover, the average time for the jammer to compute the entire ACH sequence is N/2 frames.When N − 1 channels are detected among N timeslots, the last channel is automatically detected.In other words, after an average of (N/2) × N timeslots, the jammer can completely jam the remaining channels.
erefore, our SSJA model can significantly decrease the rendezvous probability of the ACH scheme.

Proposed System.
In this subsection, we introduce our proposed FRARS system that can enhance robustness significantly against jamming attacks by generating new CH sequences in every period.e sender and receiver construct different CH sequences for rendezvous in a way similar to ACH.When an SU has data to send, it follows a sending CH sequence.Otherwise, it follows a receiving CH sequence.e length of an SU's CH sequence period is only 2N − 1, thus is the channel index of the sequence u in the ith timeslot of a CH period.Unlike the ACH scheme, the CH sequence will change in every period.Let I denote the slot number and u and v denote two CH sequences in FRARS.When there is k slot time difference between u and v as shown in Figure 3, we say that two SUs rendezvous in the ith timeslot on channel c when . e sending CH sequence employs a random permutation channel in the first N timeslots.And then, the reverse order of the random permutation excluding the last channel will be used for the next N − 1 timeslots.e first N timeslots and the next N − 1 timeslots are referred to as permutation Time slot

One time period
Frame 1 Frame 2 Frame 3 Time slot

One time period
Frame 1 Frame 2 Frame 3 Mobile Information Systems parts and reversed repetition parts, respectively.If we represent the permutation part as R � r 0 , r 1 , . . ., r i , . . ., r N−1  , where r i ∈ [0, N − 1], the generation of sending CH sequence with N available channels can be expressed as Figure 4 shows an illustration of rendezvous in FRARS when the number of available channels is 3. e sending sequence shows three periods, and the receiving sequence shows two periods.
e shaded timeslots in the sending sequence represent the permutation parts, and the rest are the reversed repetition parts.For example, the sender visits channel 2 in slot number 3, which is equal to the one in slot number 1, and the sender visits channel 1 in slot number 4, which is equal to the one in slot number 0. e receiving sequence selects one random channel from N and stays on that channel during one period.e shaded timeslots in the receiving sequence indicate rendezvous.For all k, FRARS guarantees that any pair of sender and receiver nodes rendezvous within at most 2N − 1 slots.Since the sender's sequence is generated by using a randomized permutation of N channels for every period, it is not feasible for the sophisticated jammer to estimate when the sender and receiver might rendezvous.

Performance Evaluation
In this paper, we implemented the sequence sensing jamming attack (SSJA) model to evaluate its effectiveness against the asynchronous channel-hopping (ACH) [7] schemes.For the sake of simplicity, we did not consider multiple SU scenario, since it is more difficult to analyze the performance of rendezvous algorithms due to collision problem between SUs. erefore, we focused on the symmetric scenario of ACH scheme in which two SUs have the same number of available channels.e two SUs do not know each other's existence, and they are not time synchronized.When they want to communicate with each other (i.e., one of them has data to send), they go through a rendezvous algorithm.During a rendezvous process, each SU has to hop every available channel according to their CH sequence until they successfully rendezvous on the same channel.In our implementation, the sender starts the communication first and the receiver can start at any timeslot within the N 2   6 Mobile Information Systems timeslots of the sender because there is no time synchronization.We also make a typical assumption that the SSJA jammer resides in the network and is listening on one channel before the communication starts.is is a normal situation since the jammer is trying to disrupt the communication and is invisible to the sender.en, we implement our FRARS scheme to demonstrate that it is more robust against jamming attacks compared to the ACH scheme.In the jamming attack for the FRARS scheme, a jammer randomly selects one channel for each timeslot and jams the channel until the MTTR.rough our extensive numerical analysis under SSJA, we demonstrate that our proposed FRARS scheme outperforms the quorum-based state-of-the-art ACH scheme.First, we compare the average time to rendezvous (TTR) for both ACH and FRARS schemes.Figure 5 gives the average TTR for ACH and FRARS schemes where the number of available channels N varies from 3 to 100 with no jamming attacks.We repeated the process 1000 times for each available channel N and calculated the average TTR for them. is figure shows that the average TTR for both ACH and FRARS schemes increases steadily as the number of available channels increases.Our numerical results for the ACH's TTR are close to its theoretical TTR O(N) discussed in [7].Overall, the average TTR for the FRARS system is lower than ACH system's TTR for all N.
Second, we implemented the expected time to find the entire sender's CH sequence for ACH where the number of available channels M varies from 3 to 100.We repeated the process 1000 times for each number of available channels and calculated the average time for finding the sender's CH sequence.Our numerical results show that the average time for finding the entire sender's CH sequence is close to an average of ⌉ (N/2) × N⌋ timeslots as we discussed in Section 3.4.is means that there are no rendezvous after ⌉ (N/2) × N⌋ timeslots so that the rendezvous success rates of ACH schemes will be dramatically decreased under our SSJA attack as we can see the average time to find the entire sender's CH sequence for ACH in (Figure 6).
Lastly, we compare the rendezvous probability for the ACH and FRARS schemes under SSJA.Figure 7 shows the probability of rendezvous for both ACH and FRARS systems.
e rendezvous probability for the ACH scheme is less than 40% for almost all available channels under SSJA.Since there is no rendezvous after an average ⌉ (N/2) × N⌋ timeslots, the rendezvous probability of the ACH scheme is dramatically decreased under the SSJA.However, the rendezvous probability for the FRARS scheme is almost steady and more than 80% for all the available channels N under jamming attacks.

Conclusion
In this paper, we examined the drawbacks of quorum-based state-of-the-art schemes such as FQR and ACH.In particular, the SSJA model is used to show how effectively it Mobile Information Systems attacks the ACH system.e sender's CH sequence in ACH is fully detected by the jammer within an average (N/2) × N timeslots, after that the jammer can completely jam the remaining channels.To remedy this jamming problem, we proposed a new FRARS algorithm that can significantly enhance robustness by allowing randomized permutation in every period of the sender's CH sequence.Our numerical results demonstrate that the rendezvous probability of the ACH under SSJA is dramatically decreased from 100% to less than 40%.On the other hand, the rendezvous probability of our FRARS is almost steady under jamming attacks and close to 100% as the number of available channels increases.erefore, our FRARS vastly outperforms other recently proposed schemes under a sophisticated jamming attack.As a future work, we will continue to analyze the performance of the proposed scheme under multiple SUs and PUs by taking into account collision problems between SUs.

Figure 1 :
Figure 1: (a) An illustration of rendezvous in FQR, (b) a simple clock shift can nullify FQR rendezvous, (c) an illustration of rendezvous in AFQR, and (d) a simple clock shift can nullify AFQR rendezvous.

Figure 2 :
Figure 2: An example of ACH system when N � 3.

Figure 4 :
Figure 4: Illustration of FRARS when the number of available channel is 3.