Delegation Based User Authentication Framework over Cognitive Radio Networks

: To address the ever increasing demand for wireless bandwidth, cognitive radio networks (CRNs) have been proposed to improve the efﬁciency of channel utilization. CRN permits unlicensed users to utilize the idle spectrum as long as it does not introduce interference to the primary users due to the Federal Communications Commission’s recent regulatory policies. In this paper, we ﬁrst identify some required distinctive security and privacy features for CRNs focused on ECMA-392, which is the ﬁrst industrial standard for personal or portable devices in the television white spaces. After that, we propose a delegation based user authentication framework as a basic security and privacy module with full consideration of the required features over CRNs. The proposed framework provides privacy preserving yet accountable security within the CRN entities. Security and privacy analyses show that the proposed framework supports unlinkability, context privacy, anonymity, no registration and conditional traceability, which are the required security and privacy aspects in CRNs.


Introduction
The last decade has witnessed a growing demand for wireless radio spectrum.The inefficient usage of the limited spectrum resources has motivated the regulatory bodies such as the Federal Communications Commission (FCC) to review their policy and start to seek innovative communication technology that can exploit the wireless spectrum in a more intelligent and flexible way.The concept of cognitive radio (CR) was proposed by Mitola to address the issue of spectrum efficiency and has been receiving increasing attention in recent years [1][2][3][4].The television (TV) broadcasting spectrum is seen as one of the first opportunities to adopt and implement innovative and more efficient dynamic spectrum assess models supported by CR technology.Encouraged by the acts of FCC, many international organizations have also started to define CR standards on TV white spaces (TVWS) including IEEE 802.22,IEEE 802.11af,IEEE 1990 and ECMA-392 and so on [5][6][7][8][9].
One of the primary requirements of CR networks (CRNs) is their ability to scan the entire spectral band for the presence or absence of primary users (PUs) [2].This process is called spectrum sensing and is performed either locally by a secondary user (SU) that is the visitor of that network or collectively by a group of SUs.The available spectrum bands are then analyzed to determine their suitability for communication.Characteristics like signal-to-noise ratio, link error rate, delays, interference and holding time can be used to determine the most appropriate band.After the spectrum band is selected, SU transmission in that band takes place.If a SU or a network detects a PU transmission, it vacates the corresponding spectrum band and looks for another vacant band.CRNs face not only traditional network security problems, but also unique security risks due to the intrinsic different characteristics.Any node can use vacant spectrum, so PUs will face the risk of being monitored and disturbed.Differences of the current security mechanisms lead to security problems that appear because of network merge [10][11][12][13][14]. Therefore, disadvantages of some wireless standards may result into the whole networks being unsecure when they are merged.Any node in CRNs adaptively adjusts transmission parameters according to the surrounding environment, which makes any node to be used as an attack node.
ECMA-392 standard is published for the first time as a standard operating on TV bands [8,9].Its target applications are wireless home network and wireless Internet access at campus, park, hotspot, and so on, which are similar to IEEE 802.11af's [7].The major differences between two standards are PU protection mechanisms and channel bandwidth to be supported.Basically both standards obtain an available channel list from TVWS database through Internet access, which has information of unused TV channels geometrically.ECMA-392 additionally supports the spectrum sensing functionality to periodically check the existence of PU signals on the current channel.It has specified the operation in only single TV channel which can be one of three channel bandwidths of 6 MHz, 7 MHz, or 8 MHz according to regulatory domain.
As with the other new developing network technologies, current research does not focus on the security issues over CRNs [12][13][14][15][16][17][18].However, security becomes the key problems that need to be solved.CRNs face not only the traditional network security problems, but also the unique security risks due to the intrinsic different characteristics on CR technologies [19].Any node can use vacant spectrum, so PUs will face the risk of being monitored and disturbed by attacker easily.Any node in CRNs adaptively adjusts transmission parameters according to surrounding environment, which makes any node to be used as an attack node.In the context of CRNs, the main security goals include confidentiality, integrity, authentication, non-repudiation, access control and availability as the general networks.We will only consider authentication, which is the basic and core security mechanism in any networks.Wang et al. proposed public key based entity authentication protocol with digital signature for CRNs [20].However, their protocol does not consider the distinctive security features on CR technology.Kim proposed a location based authentication protocol for IEEE 802.22 structure, which uses carousel as the secret credential [21].It tried to adopt the distinctive aspects on CR technology based on location information.However, it requires that each entity in a CRN needs to be synchronized with the carousel, which is weak against the desynchronization attack.Quite recently, Kim provided the required security features to devise authentication protocol over CRNs, which is based on delegation [15,16].The analyses are withdrawn from the security problems of Tsai et al.'s secure delegation based authentication protocol in [22] that is weak against the smartcard breach attack and does no use user's identity, which is necessary for the conditional traceability.However, Kim did not provide any detailed solutions for the authentication.
There are two purposes of this paper, which are to withdraw some required distinctive security and privacy features for CRNs and to devise a delegation based user authentication framework based on the requirements.To solve the SU authentication problem in CRNs, we first withdraw some required features for authentication over CRNs focused on not only security but also privacy.They could give researchers guideline to design security and privacy schemes in CRNs.Based on the features, we propose a delegation based user authentication framework, which also has the purpose of solving the security and privacy problems in Tsai et al.'s protocol.We can argue that this is the first delegation based authentication for CRNs.For the privacy aspect, we consider unlinkability, context privacy and anonymity in the proposed framework.To secure CRNs, the proposed framework sets up goals to achieve PU protection, no registration and conditional traceability.We use Elliptic Curve Cryptosystem as the basic security building block to achieve the security and privacy goals of the proposed framework.It needs the similar computational cost with the other existing delegation based authentications but provides the required security and privacy features in CRNs that are not considered in the other authentications.
In the remainder of this paper, we first introduce the structure of the CRNs focused on ECMA-392, as well as CRN security threats it will have to face and the corresponding required security and privacy features.After that, we propose a delegation based user authentication framework over CRNs with the proper security and performance analyses.

Overview of ECMA-392: Cognitive Radio Standard
This section briefs CR technology and reviews ECMA-392 as a CR standard, which could provide basic knowledge to understand the proposed authentication framework.Furthermore, we provide an assumed system model, which should be the basis of the proposed delegation based user authentication framework.

Cognitive Radio Technology
CR technology is the key technology that enables a CRN to use spectrum in a dynamic manner.The term CR can formally be defined as a radio that can change its transmitter parameters based on interaction with the environment in which it operates [23].CRNs use a cognition cycle, which observes its environment and modifies its transmission characteristics accordingly, that includes radio scene analysis, channel state estimation and predictive modelling, and transmit power control and spectrum management commands by using following CR functions [1,24]: -Spectrum sensing: Ability to scan the spectral band, identify vacant channels available for opportunistic transmission and determine a list of spectrum bands that are available.Since SUs do not get any direct feedback from PUs regarding their transmission, SUs have to depend on their own individual or cooperative sensing ability to detect PU transmissions.-Spectrum analysis and decision: It decides on the most appropriate band from the list of available bands according to their quality of service requirements.It is important to characterize the spectrum band in terms of both radio environment and the statistical behaviors of the PUs.-Spectrum sharing: It provides the capability to share the spectrum resource opportunistically with multiple SUs which allocates resources to avoid interference caused to the PUs.This function necessitates a CR medium access control (MAC) protocol, which facilitates the sensing control to distribute the sensing task among the coordinating SUs as well as spectrum access to determine the timing for transmission.-Spectrum mobility: It refers to the agility of CRNs to dynamically switch between spectrum accesses.As SUs are not guaranteed continuous spectrum access in any of the licensed bands and the availability of vacant spectrum bands frequently changes over time, spectrum mobility becomes an important factor when designing cognitive protocols.
From this definition, two main characteristics of the CR can be defined as follows [25] -Unlicensed usage of spectrum: In spectrum sharing, the FCC allocates spectrum for unlicensed or shared services.-Higher priority of PUs: When an PU is detected in a given band, all SUs avoid accessing that band.However, when a SU is detected, other SUs may choose to share that same band.In other words, PUs have higher priority than SUs in accessing spectrum resources.

ECMA-392
ECMA-392 is launched as the first step towards realizing CR applications by creating and adopting industrial standard, called the first industrial standard for personal or portable devices in the TVWS [26].ECMA-392 was mainly designed for communication between personal or portable devices as shown in Figure 1; specifically, in-home multimedia distribution.It supports both mesh and centralized networks.The standard defines an orthogonal frequency division multiplexing physical layer with modulation schemes of quadrature phase shift keying, 16-quadrature amplitude modulation (QAM), and 64-QAM.For forward error correction, concatenation of a Reed-Solomon outer code and a convolutional inner code with puncturing provides five different coding rates.Channel widths of 6, 7, and 8 MHz are supported for TV channels in any regulatory domain.The maximum data rate of ECMA-392 is 31.64MBPS.To protect PUs, dynamic frequency selection and transmit power control are included in the specifications.The interoperability of various device types is built-in due to the fact that all devices follow the same beaconing and channel access protocols.Two or more networks can share the same channel and are also able to communicate with each other.As a result, a number of networks may form a large-scale network such as a mesh-network or a cluster-tree network using a single channel or multiple channels.

Assumed System Model
This paper considers a CRN with a set of PUs and some unlicensed SUs, which is based on centralized structure as shown in Figure 2. Basically, the CRN consists of more than two networks, a primary network (PN) and some secondary networks.The centralized server in CRN, denoted as SN, performs CR functions by considering the presence of PUs by using common control channel [27,28].Also, we can consider any CRN access model like overlay and underlay depending on the target application.However, we assume overlay as a mandatory access model.Furthermore, we assume that any SU should be supported by SU's registered PN and there should be any simple relationship between SN and PN as the same as in [29].Only after SUs authenticated by the SN via PN, SUs can opportunistically use the free spectrum in the SN.However, SUs should follow the spectrum access policy and avoid interference to PU.That means that the concerned SU should quit the occupied band immediately and use new spectrum if it interferes to any PUs.The interoperability of various device types is built-in due to the fact that all devices follow the same beaconing and channel access protocols.Two or more networks can share the same channel and are also able to communicate with each other.As a result, a number of networks may form a large-scale network such as a mesh-network or a cluster-tree network using a single channel or multiple channels.

Assumed System Model
This paper considers a CRN with a set of PUs and some unlicensed SUs, which is based on centralized structure as shown in Figure 2. Basically, the CRN consists of more than two networks, a primary network (PN) and some secondary networks.The centralized server in CRN, denoted as SN, performs CR functions by considering the presence of PUs by using common control channel [27,28].Also, we can consider any CRN access model like overlay and underlay depending on the target application.However, we assume overlay as a mandatory access model.Furthermore, we assume that any SU should be supported by SU's registered PN and there should be any simple relationship between SN and PN as the same as in [29].Only after SUs authenticated by the SN via PN, SUs can opportunistically use the free spectrum in the SN.However, SUs should follow the spectrum access policy and avoid interference to PU.That means that the concerned SU should quit the occupied band immediately and use new spectrum if it interferes to any PUs.The interoperability of various device types is built-in due to the fact that all devices follow the same beaconing and channel access protocols.Two or more networks can share the same channel and are also able to communicate with each other.As a result, a number of networks may form a large-scale network such as a mesh-network or a cluster-tree network using a single channel or multiple channels.

Assumed System Model
This paper considers a CRN with a set of PUs and some unlicensed SUs, which is based on centralized structure as shown in Figure 2. Basically, the CRN consists of more than two networks, a primary network (PN) and some secondary networks.The centralized server in CRN, denoted as SN, performs CR functions by considering the presence of PUs by using common control channel [27,28].Also, we can consider any CRN access model like overlay and underlay depending on the target application.However, we assume overlay as a mandatory access model.Furthermore, we assume that any SU should be supported by SU's registered PN and there should be any simple relationship between SN and PN as the same as in [29].Only after SUs authenticated by the SN via PN, SUs can opportunistically use the free spectrum in the SN.However, SUs should follow the spectrum access policy and avoid interference to PU.That means that the concerned SU should quit the occupied band immediately and use new spectrum if it interferes to any PUs.

CRN Threats and Required Features
The purpose of this section is to extract out some required security and privacy features for the SU authentication over CRNs focused on ECMA-392 standard after briefly reviewing security and privacy threats on CRNs.

Threats on CRN
Attacks on CRNs could be defined as any activity that results in unacceptable interference to the licensed PUs or missed opportunities for SUs.When emulating a PU, a malicious entity can reduce the availability of spectrum for SUs.The misbehaving nodes can be categorized as [19,[30][31][32][33][34][35] -Selfish nodes: They seek to maximize their own gains at the expense of others.-Malicious nodes: They act to degrade the system or individual node performance with no explicit intention to maximize their own gains and act as a PU and transmit false information to the SU.

Required Security and Privacy Features
Security and privacy are essential in any networks.Security has been relatively well studied than privacy.In the context of CRNs, the main security goals include confidentiality, integrity, authentication, non-repudiation, access control and availability as the general networks.We will only consider the following authentication due to the main focus of this paper.
-Authentication: It assures that the communicating entity is the one that it claims to be.There is an inherent requirement to distinguish between PUs and SUs.Therefore, authentication can be considered as one of the basic requirements for the security and privacy of CRNs.The primary objective of an authentication is to prevent unauthorized users from gaining access to the protected systems.It is a necessary procedure for verifying both an entity's identity and authority.Several aspects of authentication issues should be considered when securing collaborative works in CRNs.
Compared with the security, privacy issues have received little attention in CRNs so far.Privacy is primarily regarded as preserving the anonymity of network entities.The definition of privacy also varies with the application scenarios [12][13][14][15][16].In the context of CRNs, we consider the following privacy services indispensable -Unlinkability: Different communication sessions associated with the same user should not be linkable.An adversary cannot link the communication activities of a particular user together and thus establish the user's profile, which contains much private information.-Context privacy: An adversary should not be able to learn the exact access context information (duration, type of service request, etc.) of a SU without the SU's prior approval or knowledge.-Anonymity: The identity of the origin and the destination of a conversation is hidden from adversaries unless it is intentionally disclosed by the user.Anonymity mechanisms should allow SUs to use the network services while protecting the identity or other identification information from possible abuse.For keeping SU anonymous, there should not be possibility to link any parameters of the SU identity with any context-based information.
By considering with the above privacy services, authentication service needs to provide the following features over CRNs.In CRNs, users are divided into two categories: (i) PUs or incumbent users that hold a license for a specific portion of the spectrum, and (ii) SUs that use parts of the spectrum in an opportunistic way, so as not to cause harmful interference to the PUs [15,16,19].
-PU protection: SUs can borrow idle spectrum from those who hold licensees, PUs, without causing harmful interference.Unlike traditional radios, CRs constantly monitor the spectrum and intelligently share the spectrum in an opportunistic manner, both in licensed and unlicensed bands.The most important regulatory aspect of these networks is that SUs must relinquish their operating channels and move to another available channel as soon as they learn or sense the presence of a PU on that channel.-No registration: A fundamental characteristic of a CR is its ability for spectrum sensing, as it shall use the spectrum in an opportunistic manner.This means that the SU has to vacate a currently used spectrum band if a PU signal is detected.Thereby, it is necessary for SUs not to be registered to SN. -Conditional traceability: Under SU misbehavior, the SU acts maliciously by providing false information about sensing and resource requirements.By doing so, they can either access more resources or prevent other SUs from gaining fair access.Thereby, both of SN and PN need to take rights to trace the misbehaving users.
Thereby, it is necessary to provide the required security features on the proposed SU authentication over CRNs.Table 2 summarizes the required security features for the SU authentication in CRNs by providing comparisons with the generalized networks.

Delegation Based User Authentication Framework
Unlike the traditional radios, CRNs constantly monitor the spectrum and intelligently share the spectrum in an opportunistic manner, both in the licensed bands, PNs and the unlicensed bands, SNs.
It means that SUs over CRNs could borrow idle spectrum from PUs who hold licenses without causing harmful interference.Thereby, in our delegation based user authentication framework, SUs should be serviced by SN over the CRN by delegating authentication from PN, which achieves the security and privacy from selfish nodes and malicious nodes by providing authentication, unlinkability, context privacy, anonymity, PU protection, no registration and conditional traceability.Thereby, this section proposes a delegation based user authentication framework as a basic security and privacy module for CRNs over the assumed system model.
The concept of delegation is used in various business corporations.In a business corporation, manager uses his (or her) private key to sign a document and his (or her) staff can verify the document based on manager's public key.If the manager cannot sign a document because he (or she) is away on business, he (or she) can delegate the signature authority to his (or her) trustworthy assistant to sign the document without giving the assistant his (or her) private key.His (or her) staff member verifies that the document is still based on the manager's public key.The proposed authentication framework also uses this delegation concept for SU authentication, which uses PN for the manager and SN for the staff.
There are three phases in the proposed authentication framework, setup, online authentication and offline authentication based on Table 3 notations.Authentication is divided into two parts, online and offline.In the online authentication, the process requires that SN must connect to PN when a new SU demands authentication.However, without connecting to PN, offline authentication is performed by SN locally according to the parameters obtained from PN in advance.Note that the first authentication must be performed on-line and the subsequent authentications can be continually performed offline.

Setup and Registration
First of all, PN selects two distinct large primes p and q satisfying q|p-1 and a generator P in the cyclic additive group G. PN chooses two private keys x and x v , and computes their corresponding public keys V = x•P and Y v = x v •P, respectively.Then, PN shares K PS , x v and V with SN after selecting a random key K PS .PN also generates a random k and computes a proxy key pair K = k•h (AID SU ) mod p and σ = x•f (K) mod q and W = h (AID SU ||APW SU ) ⊕ (K,σ) for each SU, where h () and f () are the secure one-way hash functions and AID SU = h (ID SU ||d) and APW SU = h (PW SU ||d) are the amplified identity and password selected and computed by SU with a random number d.Note that a key pair (K,σ) is used as SU's proxy key.The computed value W, the hash function h () and the public key Y v are stored in each corresponding SU's smart card, respectively.SU needs to compute D = h (ID SU ||PW SU ) ⊕ d and store it in the issued smart card after the registration to PN.

Online Authentication
When SU roams to an unlicensed network SN, it must use a connection to SN via PN after the proper authentication.The detailed online authentication phase is as follows Step1 SU sends a login request to SN.
Step2 SN generates a new random number n 1 , selects the permitted number of sessions, n and makes a response {ID SN , n 1 , n} to SU, where ID SN is the identity of SN.Step3 SU inserts his (or her) smart card into the card reader and inputs ID SU and PW SU .Smart card generates two random numbers t and n 2 , computes a hash chain , stores the hash chain in its memory and sets N 1 as its current secret of the session.Note that N 1 could be computed after applying n times of hash operations from both of n 1 and n 2 .After that, smart card computes

i-th Offline Authentication
SU retrieves N i = h (n-i+1) (n 1 ||n 2 ) from the hash chain in his (or her) smart card and sends [N i ] SK SS to SN. Upon receiving [N i ] SK SS , SN decrypts it by using the session key SK SS and computes h(N i ).After that, SN verifies whether the computed value is the same as the previous key, N i-1 .If the condition holds, SN replaces N i-1 into N i , and updates SK SS = h(h(N i )||SK SS ) and increases i by one.
A hash key chain from two parameters of n 1 and n 2 are very important for the offline authentication as we derived from Step 3 in online authentication.For security considerations, it is not recommendable to perform offline authentication all the time while the first online authentication is successfully finished.Thereby, a predefined n should be set to a reasonable period constraint to perform offline authentication.

Security and Privacy Analysis
This section provides analysis on the security along with the privacy and the performance analysis of the proposed delegation based user authentication framework over CRNs.It is reasonable to assume that PN is trustworthy because we must register it with SU's private information to obtain the service.
We discuss security and privacy issues on the proposed framework with the hypothesis under the following assumptions: 1.
An adversary A can be either a SU or a SN.That means that SU as well as SN can act as an adversary.

2.
A can eavesdrop on every communication across public channels.He (or she) can capture any message that is exchanged among SU, SN and PN.

3.
A has the ability to alter, delete or reroute the captured message.4.
Information can be extracted from the smart card by examining the power consumption of the card.

Proof Using BAN Logic
Formal security analysis of the proposed framework is verified with the help of Burrows, Abadi and Needham (BAN) logic [43].The formal analysis of a network security protocol using BAN logic involves following steps: (1) Converting original scheme statements to their idealized form; (2) Determining the assumptions about the initial state of the system; (3) Representation of the state of the system after executing each statement as logical assertions by attaching logical formulas to each statement; (4) Application of logical postulates to assumptions and assertions.
The following notations are used in formal security analysis using the BAN logic: Formula X or Y is one part of the formula (X, Y). • P Q : Formula P combined with the formula Q.
• Q SK ↔ R: Principal Q and R may use the shared session key, SK to communicate among each other.The session key SK is good, in that it will never be discovered by any principal except Q and R.
In addition, the following four BAN logic rules are used to prove that the proposed framework provides a secure mutual authentication among SU, SN and PN: Rule 1. Message-meaning rule: concerns the interpretation of messages.
Rule 2. Nonce-verification rule: shows how to check that a message is fresh and that the sender believes so as well.Rule 3. Jurisdiction rule: states that a principal R sill trust the beliefs that S has jurisdiction over.Rule 4. Freshness-concatenation rule: Y) shows freshness of the entire formula if any given part of a formula is fresh and the formula cannot be altered.
In order to show that the proposed framework provides secure mutual authentication between among SU, SN and PN, we need to achieve the following goals: These goals can be divided in two groups.First of all, for Goals 1 and 3, both parties believe themselves that the key SK SS is a good key for communication between SU and SN and for Goals 2 and 4, SU and PN believe that the key SK PU is a good session key between them.Secondly, for Goals 5 and 6, both entities also believe that the other entity believes in the key.
Idealized form: The arrangement of the transmitted messages among SU, SN and PN in the proposed framework to the idealized forms is as follows: Assumptions: The following are the initial assumptions of the proposed framework: In the following, we prove the test goals in order to show the secure authentication using the BAN logic rules and the assumptions.
Based on Message 2, we could derive: Step

Casual Analysis
In this section, we provide casual security and privacy analysis of the proposed framework and provide a comparison among the related protocols in [21,22] with the proposed framework as summarized in Table 4.

Unlinkability and Context Privacy
The proposed framework securely sends the authentic value (K, N 1 ) such that unlinkability (UL) is achieved.Even if adversaries attempt to trace whether a legal SU has previously requested to login SN via PN, they will not be able to plot this attack successfully.In each online authentication session, the authentic messages {ID SN , ID PN , r 1 , r 2 , v 1 } in Step3 of online authentication are always different in each trial, since the contents of the message are randomized by the random number t and the session dependent key N 1 .It is impossible to link two different values {r 1 , r 2 , v 1 } into the same SU even all the authentic messages are learned by the adversary.In addition, without knowing the private key of SN, adversaries cannot retrieve the value (K, N 1 ) from the variable r 2 = h(t•Y v ) ⊕ (K, N 1 ) that is sent from SU in Step3 of online authentication phase.Adversaries even cannot know any contexts of the messages from a session or some sessions due to UL and confidentiality on the messages.

Anonymity of SU
Various network protocols provide weak user anonymity (UA) since user must deliver his (or her) real identity to the network for authentication.However, in the proposed framework, the real identity of SU is never transmitted over the entire network for authentication purposes.Because we use pseudonym AID SU generated by SU in the registration phase to represent the identity of SU in the network, no one except PN can obtain any information about the identity of SU.Even SN can only verify the legality of SU based on the public key of PN in Step 4 of online authentication, which discloses nothing about the identity of SU.Hence, the proposed framework provides UA.

Nonrepudiation and Conditional Traceability
No doubt, public key based systems can provide conditional traceability (CT) by benefitting of nonrepudiation (NR) feature from the public key cryptosystem.In the proposed framework, each SU gets a different pair key from PN in the registration phase, which has a connection between the identity of SU and the secret key of PN.This authorization makes SN transfer its trust in PN to the requested legal pseudonym of SU.Because only PN has the ability to authorize SU to sign on his (or her) behalf, PN cannot deny this in the event a disputation occurs.Of course, PN has the ability to identify the misused SU.Thus, the proposed framework can also provide the feature of CT.

Performance Analysis
In this section, we provide performance analysis of the proposed framework in terms of the computational complexity by comparing it with the other related protocols in [21,22].The computational overhead analysis of any cryptographic protocol is generally conducted by focusing on operations performed by each party within the protocol.Therefore, to analyze the computational costs, we concentrated on the operations of the online authentication only that are required by the parties in the network: namely a user and two networks.In order to facilitate the analysis of the computational costs, we define the following notations.

•
T h : the time to execute a one-way hash operation • T s : the time to compute a symmetric key encryption or decryption • T e : the time to compute an encryption or decryption operation in ECC-160 algorithm In order to achieve accurate measurement, we performed an experiment.This experiment was performed using the Crypto++ Library [44] on a system using the 64-bits Windows 7 operating system, 3.2 GHz processor, 4 GB memory, Visual C++ 2013 Software, the SHA-1 hash function, the AES symmetric encryption/decryption function, and the ECC-160 function.According to our experiment, T h is nearly 0.0002 seconds, T s is nearly 0.0087 seconds and T e is nearly 0.6 seconds.
Table 5 shows a comparative analysis of the computational cost among the related protocols.Even though the proposed framework has similar computational overhead with the other protocols, as shown in Table 4, the proposed framework could assure higher security and privacy than the others, and afford resistance to the most well known attacks while providing the functionality required for CRNs.

Conclusions
CRNs can access the under-utilized spectrum in an opportunistic manner.However, as CRNs are wireless in nature, they face all common security threats present in traditional wireless networks and should even consider additional security and privacy aspects focused on CR technology.This paper has withdrawn some required security and privacy features focused on ECMA-392, which are unlinkability, context privacy, anonymity, PU protection, no registration and conditional traceability.We have proposed a delegation based user authentication framework as a basic security and privacy solution over CRNs, which is based on the withdrawn security and privacy features.The proposed framework has two purposes of solving the security and privacy problems in Tsai et al.'s protocol and proposing the first delegation based authentication for CRNs.Security and privacy analyses show that the proposed framework supports unlinkability, context privacy, anonymity, PU protection, no registration and conditional traceability, which are the required aspects in CRNs.

Table 1 .
CRN attacks and properties.

Table 2 .
Comparison of required security features in authentication.
1 ||r 1 ||r 2 )+t mod p, and makes a response {ID SN , ID PN , r 1 , r 2 , v 1 } to SN. Step4 SN first uses x v to retrieve K and N 1 by computing r 2 ⊕h(x v •r 1 ).After that, SN computes v 1 •P and h(ID SN ||ID PN ||N 1 ||n 1 ||r 1 ||r 2 )(V•f (K))+r 1 mod p, and verifies whether the two computed values are the same.If the verification is successful, SN computes CT 1 = [N 1 ||n 1 ||K] K PS and v 2 = h(ID SN ||ID PN ||N 1 ||CT 1 ), which [] K PS is an encryption based on the symmetric key cryptosystem like AES by using the encryption key K PS , and sends {ID SN , ID PN , CT 1 , v 2 } to PN.Otherwise, SN denies the login request.Step5 PN obtains N 1 , n 1 and K by decrypting CT 1 with the secret key K PS .After that, PN computes its corresponding σ = x•f (K) mod q and v 2 = h(ID SN ||ID PN ||N 1 ||CT 1 ), and validates v 2 by checking whether it is the same with v 2 .Only if the verification is successful, PN generates a random number n 3 , computes SK PU = h(N 1 ||n 1 ||σ), CT 2 = [N 1 ||n 3 ||ID SN ] SK PU and CT 3 = [CT 2 ||n 3 ||n 1 ] K PS and makes a response {ID SN , ID PN , CT 3 } to SN. Step6 SN obtains CT 2 , n 3 and n 1 by decrypting CT 3 with the secret key K PS and then verifies n 3 and n 1 .If the verifications hold, SN computes SK SS = h(N 1 ||n 1 ||n 3 ||K) and v 3 = h(ID SN ||ID PN ||SK SS ||CT 2 ), and makes a response {ID SN , CT 2 , v 3 } to SU. Step7 After computing SK PU =h(N 1 ||n 2 ||σ), SU obtains N 1 , n 3 and ID SN by decrypting CT 2 with SK PU and checks the existence of N 1 and ID SN in CT 2 .After that SU computes SK SS = h(N 1 ||n 1 ||n 3 ||K) and v 3 = h(ID SN ||ID PN ||SK SS ||CT 2 ), and verifies v 3 by comparing it with v 3 .Only if the condition holds, SU authenticates SN and uses the session key with N 1 for the further communications.

Table 4 .
Security and privacy feature comparison among the related protocols.