Location privacy in database-driven Cognitive Radio Networks: Attacks and countermeasures

Cognitive Radio Network (CRN) is regarded as a promising way to address the increasing demand for wireless channel resources. It solves the channel resource shortage problem by allowing a Secondary User (SU) to access the channel of a Primary User (PU) when the channel is not occupied by the PU. The latest FCC's rule in May 2012 enforces database-driven CRNs, in which an SU queries a database to obtain spectrum availability information by submitting a location based query. However, one concern about database-driven CRNs is that the queries sent by SUs will inevitably leak the location information. In this study, we identify a new kind of attack against location privacy of database-drive CRNs. Instead of directly learning the SUs' locations from their queries, our discovered attacks can infer an SU's location through his used channels. We propose Spectrum Utilization based Location Inferring Algorithm that enables the attacker to geo-locate an SU. To thwart location privacy leaking from query process, we propose a novel Private Spectrum Availability Information Retrieval scheme that utilizes a blind factor to hide the location of the SU. To defend against the discovered attack, we propose a novel prediction based Private Channel Utilization protocol that reduces the possibilities of location privacy leaking by choosing the most stable channels. We implement our discovered attack and proposed scheme on the data extracted from Google Earth Coverage Maps released by FCC. Experiment results show that the proposed protocols can significantly improve the location privacy.