Jamming Resilient Multi-Channel Transmission for Cognitive Radio IoT-based Medical Networks

I. INTRODUCTION

THE Internet landscape is burgeoning, especially now with the introduction of a multitude of devices that are connected to the Internet [1]. Internet-of-things (IoT) is the technology that encompasses the enormous range of devices that can connect to the Internet and require sharing data with other neighbouring devices [2]. Due to the interconnected nature of IoT devices, even a single poorly secured device or service can be an entry point for a cyber attack and potentially affect the security and resilience of the Internet globally [3]. Moreover, these IoT devices can carry timecritical information, such as in healthcare and disaster response applications, which can be life threatening if not received in a timely fashion. Jamming attacks can obstruct transmission either by damaging ongoing packets or denying devices from accessing the shared wireless channel. Since jamming attacks are considered the most common type of attacks in wireless networks [4], jamming resilient algorithms are crucial in IoT networks. Cognitive radio (CR) technology is presented as a solution for IoT-based networks to improve spectrum utilization by allowing dynamic spectrum access [5], [6]. In CR-IoTbased networks, IoT devices share the wireless channel with nodes that act as licensed primary users (PUs). IoT devices, on the other hand, act as unlicensed secondary users (SUs) and are granted access to the spectrum as long as they do not interfere with PUs transmissions. As IoT-based applications are becoming more integrated and pervasive in our daily lives, the reliability of their transmissions is vital. Additionally, with the uprise of new applications, such as remote-telesurgery, throughput requirements are becoming stringent and dynamic. The key lies in finding an efficient approach to utilize idle channels in CR-IoT-based networks while mitigating jamming attacks and satisfying quality-of-service (QoS) requirements. Due to the aforementioned reasons, a channel-assignment algorithm that is jamming resilient and allows multi-channel transmission while serving different QoS requirements is significantly crucial, especially in medical networks.

A. Background and Related Work

There are a vast number of approaches proposed for handling jamming attacks in CR-based networks. Jamming might result in a denial-of-service (DoS) attack, which is one of the most serious and challenging security attacks in CR networks [7]. Anti-jamming approaches include jamming detection, prevention, and mitigation. The intuition behind detecting jamming attacks is very basic; as the presence of jamming signals at the receiver’s end most probably affects the received signal strength [8]. However, correct jamming detection is difficult based on a single system parameter [9], as it causes inaccurate classification. Other parameters such as packet-send-ratio, packet-delivery-ratio, and carrier-sensingtime can be incorporated to model jamming detection systems. Machine learning methods are now proving its efficacy to provide lightweight detection of jamming attacks such as in the work done in [10], [11]. An influential work on jamming attacks modeling, evaluation, and detection can be found in [12], which is considered the foundation of the analysis in this paper and will be thoroughly detailed in Section II.

For jamming prevention, a honeynet-based defense mechanism is proposed in [9], which aims to avert the attacker from jamming genuine communications. This is accomplished by dedicating a node, named honeynode, to gather data and behavior from cyber attacks. The honeynode acts as a decoy as the jammer intensifies its attack toward it, thus, reducing the attack on the remaining nodes. Game theory recently emerged as a framework for addressing jamming in CR networks. Amin et al., in [13], investigated a game theoretical model that aimed to maximize the utility of CR nodes in the presence of intruders and jammers. In the analysis, CR nodes are assumed to know the positions of the jammers and each others, which is an assumption that can be troublesome in practical deployment. Rawat et al. extended the work done in [13] to include primary user emulation (PUE) attacks in [14]. Similarly, the location of the PU and CR nodes were shared among the nodes and a spectrum sensor was utilized. The sensor used signal energy and bandwidth, cyclostationary features, and location verification techniques to identity channel status. The aforementioned methods, among others, either relied on dedicated nodes or additional hardware elements for sensing, which is again intensive for IoT-based networks.

Adopting multi-radio/multi-channel transmission in IoTbased networks is a novel field of research and is still in its early stages. This field is grabbing attention as the requirements of future IoT networks are evolving and the demands for increased data-rates are increasing. The work in [15] is dedicated to a multi-channel assignment algorithm that aims to reduce inter-channel interference, and then the work was extended to include various quality-of-service (QoS) requirements in [16]. A multi-channel cluster tree for beacon-enabled IEEE 802.15.4 wireless sensor networks was presented in [17] to minimize beacon collisions. Another multi-channel medium access control (MAC) protocol for IoT that took into account channel conditions, latency and frame reception ratio can be found in [18]. An online learning method based on Dirichlet process in [19] is investigated for multi-user multi-channel scenario in cognitive radio networks. Moreover, a Q-learning based spectrum access scheme is proposed for CR networks in [20]. However, mitigating jamming for such networks remains an unexplored field of research.

Given the decentralized nature of most IoT deployments, the majority of the presented parallel-channel (i.e., multichannel) assignment techniques base their decisions on a perlink sequential greedy method without considering other nodes (i.e., other CR users). The objective of this work is to service the QoS requirements of the multi-channel/multi-radio CR-IoT nodes while utilizing the least amount of channels possible in order to provide a fair and non-greedy utilization of the network resources (i.e., spectrum) even in the absence of an IoT controller. Hence, high complexity (i.e., have multichannel/ multi-radio capabilities) IoT devices can coexist with low complexity devices. Additionally, our proposed algorithm addresses jamming attacks at the device level while considering channel conditions, PU activity, and delay requirements without additional dedicated nodes or hardware requirements (i.e., additional sensors). Perhaps, the analysis that is closest to our approach is the MAX-PoS approach proposed in [21], [22]. The fundamental difference, however, is that MAX-PoS only considers channel conditions and PUs activities, but it is impervious to jamming. Security-aware MAC, presented in [23], also addressed the aforementioned considerations, however, it was limited to a single-channel configuration.

B. Our Contribution

This paper introduces a parallel-channel security-aware medium access control (PCS-MAC) for CR-IoT-based networks as a jamming resilient, service oriented, multi-channel assignment algorithm designed to satisfy high-data requirements of cutting edge IoT applications. The focus of this paper is highly-reliable delay-sensitive CR-IoT networks; i.e., IoT networks equipped with CR capabilities, used for highlyreliable delay-sensitive applications (e.g., healthcare, military, indoor monitoring, etc.) [23]–[25]. The main feature of these networks is that, while they employ the CR technology to provide the spectrum needed for interconnecting large numbers of IoT devices, the CR technology itself raises a challenge against achieving the required high packet success probabilities. In particular, the PU activity and jamming attacks are considered the main source of packet failures, since a given transmission over a certain set of channels can be interrupted by PU transmissions or jamming attacks. Therefore, there is a need for channel assignment algorithms designed for achieving low packet failure probabilities, while taking into consideration the PU activities, and jamming attacks.

The proposed algorithm also has several applications in medical networks. This includes applications that require high mobility of patients with a minimum delay of data delivery to the right targets. Applications include IoT-based remote patient monitoring systems. Several patient health readings (e.g., blood pressure, heart rate, etc) can be read via wearable IoT devices and reported back to physicians and hospitals on a real-time basis. The sensitivity of the delay is very high in such applications as emergency cases might require physicians to take immediate actions. The mobility of a large number of patients along with the continuous small-size messages required by such applications make our CR-based algorithm a perfect efficient solution for bandwidth utilization. Similarly, IoT based Parkinson patient monitoring applications allow remote tracking of the footsteps of moving patients, detection of abnormal steps and timely reaction. Also, tracking the location of Alzheimer patients can be done via IoT-based insoles with built-in GPS capabilities.

The algorithm aims to enhance the overall network performance by selecting the least number of secure channels for each CR-IoT transmission while satisfying a pre-specified QoS/throughput requirement and delay constraint. In addition to the fact that PCS-MAC is generic in the sense that it can be adopted by systems that use multi-carrier (i.e., multichannel) transmission techniques or systems that are physically equipped with multiple transceivers (i.e., multi-radio), two other contributions of work are summarized as follows:

Mathematical modelling of the parallel-channel assignment problem that considers channel conditions, PUs activity, delay requirements, and throughput requirements while resisting jamming attacks without requiring additional nodes or hardware. Unlike the previously proposed techniques in literature for single-channel transmission, e.g., [23], our approach aims to provide multi-channel transmission for users to ripe multiplexing/diversity gains based on their application. Our derived solution turned out to be a non-linear binary problem (NLBP). To linearlize the NLBP problem, sequential-fixing linear programming (SFLP) procedure [26], [27] is used as a tool to solve the problem in polynomial time.

Most of the work in literature is validated using simulations, yet simulators cannot fully mimic real-life implementation. Hence, to accurately analyze and validate the proposed algorithm, PCS-MAC, real-life experiments are used. The experiments are orchestrated to resemble practical deployment settings on a large-scale testbed, future Internet-of-things (FIT) IoT-LAB [28] and results are shown under various system conditions.

This work extends our previous work in [29]. Our current work considers two types of jamming attacks, namely proactive and reactive jamming; while [29] only considered proactive jamming threats. As a result, the optimization problem is reformulated. Additionally, this paper expands the analysis of the aforementioned work, by evaluating the performance of the proposed algorithm under various system design constraints, such as delay requirements and the number of available links for transmission.

C. Paper Structure

The rest of this paper is structured as follows: Section II details the network model, Section III depicts the PCS-MAC algorithm, and in Section IV, the chosen experimental testbed, FIT IoT-LAB, is introduced. Section V presents the results and finally the paper concludes in Section VI.

II. SYSTEM DESCRIPTION AND JAMMING ANALYSIS

Fig. 1 depicts the system model of this work, showing the different types of users who are sharing the wireless spectrum in the presence of jammers. Jammers main categories include constant, deceptive, proactive/random, and reactive [30]. The constant jammer corrupts all network packets by transmitting random signals continually. However, these types of attacks can be easily detected, as the source of the created interference can be traced [31]. A deceptive jammer sends constantly a stream of bytes similar to a legitimate transmission. The consistency of these attacks from a single source again makes them easily traceable. Furthermore, the two aforementioned attacks require a significant amount of power. Hence, in our analysis, we focused on the two latter types of attacks, the proactive and reactive jammers [12]. Proactive jammers alternate between sleeping and jamming phases without any regard to when CR nodes are transmitting. Reactive jammers, on the other hand, are the most energy-efficient type of attacks, as they start their transmissions only when CR transmission is detected. A thorough illustration of these two jamming strategies is provided in the forthcoming subsections. It is important to note that jammers can simply disregard MAC protocols and prevent legitimate users from using the network. Yet, the legitimate users have to abide by IEEE’s MAC protocols, which are normally carrier sense multiple access/collision avoidance (CSMA/CA) based. Such attacks can also introduce packet collisions and force repeated backoffs [32].

A. Network Model

The CR-IoT-based network model consists of [TeX:] $$\mathcal{M}$$ channels and a set of links, [TeX:] $$\mathcal{L}_x,$$ such that [TeX:] $$\mathcal{M} \geq \mathcal{L}_x.$$ The number of links depends on the number of transceivers present in the CR-IoT nodes hardware architecture (in the case of multi-radio transmission) or the maximum number of channels assigned to this device (in the case of multi-channel transmission). It is important to note that in this analysis, we are considering a multichannel environment as well as a multi-channel transmission capability of the devices. In this context, a communication link between any two CR-IoT devices can consist of one or multiple channels. Multi-channel transmission can be realized using frequency division multiplexing (FDM), discontiguous orthogonal frequency division multiplexing (D-OFDM) [33], or other multi-carrier schemes. Using a Markov renewal BUSY/IDLE alternating process, the status of each channel [TeX:] $$i \in \mathcal{M}$$ is modeled assuming all channels have equal bandwidths. [TeX:] $$T_I^{(i)}$$ denotes that the channel is available/idle, and thus it can be used by CR-IoT nodes. The duration [TeX:] $$T_B^{(i)}$$ denotes the time for which channel i is occupied by the PUs. Both durations can be modeled as Poisson random variables [23]. Assuming that PUs usage pattern slowly varies with time, CR-IoT devices can simply estimate PUs activity by conducting cooperative spectrum sensing [34]. As previously mentioned, we consider two types of jamming attacks, proactive and reactive jamming. In [12], a gambling-based model of proactive and reactive jammers in time-critical applications was developed and experimentally validated. The rationale behind the model was that a delay threshold can be set; a message would then become invalid if this threshold was exceeded. Retransmissions of the message are seized if the transmission is successful, or if the delay threshold is surpassed. The analysis led to the development of the invalidity ratio metric, which encompassed the CSMA/CA protocol. The analysis in this work follows the same rationale presented in [12]. The behaviour of each type of attack and its impacts on the network performance are described below.

Proactive jammer: We consider a set of proactive jammers that attempt to corrupt the CR-IoT transmissions over the [TeX:] $$\mathcal{M}$$ available PU channels. The strategy of the proactive jammer attacking channel i, where [TeX:] $$i=\{1, \cdots, \mathcal{M}\},$$ can be described by the time interval between the successive jamming signals over channel [TeX:] $$i\left(T_J^{(i)}\right).$$ For successful packet delivery, the packet transmission time, [TeX:] $$t_x,$$ needs to be less than both the chosen CR channel idle period, [TeX:] $$T_I^{(i)},$$ in order not to interfere with PU activity, and the jamming interval across the channel, [TeX:] $$T_J^{(i)},$$ to ensure that the packet was not damaged by the jammer. For a given assignment [TeX:] $$\Omega=\left\{m_1, m_2, \cdots, m_{\mathcal{M}}\right\},$$ the failure probability, as defined in [23], can be expressed as:

Following the memoryless jamming model expressed in [35], where [TeX:] $$T_I^{(i)} \text { and } T_J^{(i)}$$ are statistically independent and exponentially distributed random variables (with means of [TeX:] $$\bar{T}_I^{(i)}$$ and [TeX:] $$\bar{T}_J^{(i)},$$ then, [TeX:] $$p_p$$ can be expressed as:

Then, the failure probability after [TeX:] $$N_x$$ MAC layer retransmission attempts is given by:

Reactive jammer: For the case of reactive jamming, the condition for successful packet delivery occurs when the total transmission time of the CR-IoT packet is less than the idle period of the selected channel and no jamming to impact the packet occurs during that time. Since jamming and PU activities are independent random variables, the failure probability, pr, as defined in [23], is evaluated as

where [TeX:] $$P_J^{(i)}$$ denotes the jamming probability over channel i. Similar to the case of proactive jamming, the failure probability after [TeX:] $$N_x$$ retransmissions can be expressed as

B. Invalidity Ratio Analysis

The packet-invalidity ratio, r, can be interpreted as the probability that the transmission delay of a data packet, D, exceeds a preset threshold, Dth. Invalidity ratio calculations take into account the jamming interval, the CR network link quality, and PU channel availability duration. A generalized upper bound for r (denoted as [TeX:] $$\left.r^{u p}\right),$$ irrespective of the jammer type, can be calculated as [23]:

where [TeX:] $$\overline{d_k}$$ is the average MAC-layer delay of transmission k and [TeX:] $$p_f$$ is failure probability after [TeX:] $$N_x$$ re-transmissions. The aim is to select the channels that would enhance the CR network throughput for each transmission. In order to achieve this in the presence of a jammer, the algorithm must account for PU activity, link-quality, and jamming behaviour.

Given the upper bound [TeX:] $$r^{u p},$$ a specific invalidity-rate requirement [TeX:] $$r \leq \gamma$$ can be ensured by imposing that [TeX:] $$r^{u p} \leq \gamma,$$ where the term [TeX:] $$\gamma$$ presents the invalidity ratio threshold that is required to achieve predefined QoS requirements for IoT devices. This implies that [TeX:] $$r \leq r^{u p} \leq \gamma,$$ which ensures that [TeX:] $$r \leq \gamma/.$$ For a given [TeX:] $$\gamma,$$ the upper bound in (6) can be equivalently written in terms of [TeX:] $$p_f$$ as:

where [TeX:] $$B_{t h}$$ is a threshold-dependant delay constant.

By using (3) into (7), the invalidity requirement can be written in terms of the failure probability, p, for a given assignment [TeX:] $$\Omega$$ as:

Under proactive jamming, using (2) into (8) and some algebraic manipulation, the invalidity-ratio requirement for a given assignment [TeX:] $$\Omega$$ can be written as:

where [TeX:] $$t_x=L / \sum_{i \in \Omega} \mathcal{R}^{(i)} \text { with } L$$ with L representing the packet size and and [TeX:] $$\mathcal{R}^{(i)}$$ is the rate of transmission in channel i.

Under reactive jamming scenarios, and for a given assignment [TeX:] $$\Omega,$$ the invalidity-rate requirement can be written in terms of the jamming behavior by applying (5) and (8) as:

III. SECURITY-AWARE MULTI-TRANSCEIVER CHANNEL ASSIGNMENT DESIGN WITH QOS CONSTRAINTS

Our main objective is to enhance spectrum utilization by selecting the least number of secure channels for each CRIoT transmission while satisfying pre-specified delay and QoS requirements in medical applications that carry time-critical information. By achieving this, IoT devices with various capabilities can coexist in the same network and the spectrum can be fairly shared. For each given CR-IoT-based transmission, the set of available channels with their average availability (and jamming) intervals, the received signal-to-noise ratio (SNR) over each channel, and the delay requirements are used to compute the most secure channel assignment ([TeX:] $$\Omega$$) that satisfies the QoS requirements while using the minimum number of channels subject to the following network constraints:

1) Physical constraint: Each CR-IoT device is equipped with [TeX:] $$\mathcal{L}_x$$ transceivers or is assigned a maximum number of channels to occupy (based on the modulation technique), in other words, each CR user can utilize up to [TeX:] $$\mathcal{L}_x$$ channels at a time.

2) The QoS constraints: The invalidity ratio r, calculated using the specified delay requirements and jamming behaviour over the selected channels, must be less than a predefined threshold [TeX:] $$r \leq \gamma.$$ Mathematically, this constraint is given in (9). Additionally, the aggregate rate should be greater than a user-specified rate demand [TeX:] $$R_{t h}$$ based on the application requirements.

3) The received SNR constraints: The received SNR over each chosen channel [TeX:] $$i \in \Omega$$ must exceed a pre-specified threshold [TeX:] $$\left.\mathrm{SNR}_{t h} \text { (i.e., } \mathrm{SNR}^{(i)} \geq \mathrm{SNR}_{t h}\right).$$

4) Exclusive-channel occupancy constraints: Each idle channel cannot be assigned to more than one CR-IoT device at a time.

A. Problem Formulation

We have considered slowly-varying fading channels, in which the fading remains unchanged during the total transmission time of one packet. The appropriateness of this assumption has been demonstrated in [23], [25], [36] for CR-IoT operating environment. Recall that our channel assignment problem is investigated under proactive and reactive jamming attacks. In the analysis, perfect channel estimation (received SNR) is assumed, and hence the achieved rate over the different channels can be estimated. Given the achieved data rates over the different channels, the failure probability can be computed using (5). This section is dedicated to formulating the channel assignment problem under the two aforementioned types of attacks. To proceed in our analysis, a binary decision variable, [TeX:] $$\alpha^{(i)},$$ for each channel [TeX:] $$i \in \mathcal{M}$$ is defined as follows:

1) Problem Formulation under Proactive Jamming: Under proactive jamming, the invalidity constraint in (9) can be rewritten in terms of the decision variable [TeX:] $$\alpha^{(i)}$$ as follows:

Then, [TeX:] $$t_x$$ can be re-expressed as [TeX:] $$\frac{L}{\sum_{i=1}^{|\mathcal{M}| \mathcal{R}^{(i)}} \alpha^{(t)}}.$$

By writing the design constraints in terms of [TeX:] $$\alpha^{(i)},$$ the multichannel multi-transceiver security-aware channel assignment problem under proactive jamming can be formulated as:

where [TeX:] $$\Gamma$$ is a very large positive number. Note that the last constraint ensures that [TeX:] $$\mathrm{SNR}^{(i)} \geq \mathrm{SNR}_{t h}$$ for any selected channel i (i.e., when the [TeX:] $$\mathrm{SNR}^{(i)}<\mathrm{SNR}_{t h},$$ the left-hand-side of this constraint is a negative number, and hence the righthand- side should be a very large negative number, and hence [TeX:] $$\alpha^{(i)}$$ should be 0. On the other hand if the [TeX:] $$\mathrm{SNR}^{(i)} \geq \mathrm{SNR}_{t h},$$ then the left-hand-side is always [TeX:] $$\geq 0,$$ and hence [TeX:] $$\alpha^{(i)}$$ can be either 1 or 0 depending on the optimization problem).

Substituting [TeX:] $$t_x=\frac{L}{\sum_{t=1}^{|\mathcal{M}|} \mathcal{R}^{(i)} \alpha^{(i)}}$$ into (11) and using some algebraic manipulation, the second constraint of (12) can be rewritten in a linear form as:

By letting [TeX:] $$\mathcal{R}^{(i)} \ln \left(1-\sqrt[N]{B_{t h}}\right)+L \lambda^{(i)}=a_i,$$ the second constraint in (12) becomes [TeX:] $$\sum_{i=1}^{|\mathcal{M}|} a_i \alpha^{(i)} \leq 0.$$ It is important to note that the constant [TeX:] $$a_i$$ does not have a physical meaning, it is only defined to simplify our analysis and write the invalidity constraint in a more compact manner. The last constraint can be simply guaranteed by setting [TeX:] $$\alpha^{(i)}=0, \quad \forall i$$ with [TeX:] $$\mathrm{SNR}^{(i)}<\mathrm{SNR}_{t h} .$$ Therefore, the optimization problem in (12) becomes:

2) Problem Formulation under Reactive Jamming: Under reactive attacks and after the mathematical steps provided at the top of the next page, the invalidity constraint can be written in terms of [TeX:] $$\alpha^{(i)}$$ as:

where [TeX:] $$b_i=\ln \left(1-\sqrt[N]{x} \sqrt{B_{t h}}\right) \mathcal{R}^{(i)}+L \text { and } c_{i j}=\ln (1- \left.P_J^{(i)}\right) \mathcal{R}^{(j)}.$$ Note that the optimization problem is the same as in the case of the proactive jammer but with (16) replacing the 2nd constraint. Up to this point, the formulation is an NLBP problem. In an attempt to linearize the problem, the non-linear constraint in (16) can be written in a linear form by replacing the quadratic term [TeX:] $$\alpha^{(i)} \alpha^{(j)} \text { with } w_{i j} \forall i, j \in \mathcal{M} \text { (i.e., } \left.w_{i j}=\alpha^{(i)} \alpha^{(j)}\right)$$ and introducing the following linear set constraints on [TeX:] $$w_{i j}:$$

Note that if either [TeX:] $$\alpha^{(i)} \text { or } \alpha^{(j)}=0 \text {, then } w_{i j}=0$$ and if both [TeX:] $$\alpha^{(i)} \text { or } \alpha^{(j)}=1 \text {, then, } w_{i j}=1.$$ Thus, it is an exact formulation. This will yield [TeX:] $$3 \times \mathcal{M} \times \mathcal{M}$$ constraints to the problem formulation. Thus, the constraint in (16) becomes:

Now, we have [TeX:] $$\mathcal{M} \alpha^{(i)}$$ variables and [TeX:] $$\mathcal{M}^2 w_{i j}$$ variables. By replacing the non-linear constraint with its equivalent linear form given in (18), the problem formulation under reactive jamming becomes:

As a result, there will be [TeX:] $$3+3 \times \mathcal{M}^2$$ constraints.

B. The Proposed Solution

The problem formulations in (14) and (19) can be observed as a binary linear programming (BLP) optimization problems. Generally, the optimal solution to these problems is NP-hard. To solve this problem in polynomial-time, the SFLP procedure [26], [27] is used as a tool to find a near-optimal solution for our BLP problem. The effectiveness of the SFLP procedure in solving BLP problems have been demonstrated in several previous works, where near-optimal solutions were provided in polynomial-time [21]–[23], [26], [27]. Thus, our problem in (14) can be near-optimally solved in polynomial-time using the SFLP procedure. The proposed channel assignment algorithm operates as follows:

1) Given [TeX:] $$\mathrm{SNR}_{t h},$$ the channels that do not satisfy the SNR threshold will be excluded from [TeX:] $$\mathcal{M},$$ yielding a new set of feasible channels [TeX:] $$\mathcal{M}^f.$$ Then, the algorithm arbitrates the per-channel achievable rate, [TeX:] $$\mathcal{R}^{(i)},$$ and the required per-channel transmission period accordingly, i.e., [TeX:] $$t_x^{(i)}= L / \mathcal{R}^{(i)}.$$

2) Using [TeX:] $$T_I^{(i)}, T_J^{(i)}, B_{t h}, N_x, \text { and } \mathcal{R}^{(i)},$$ the algorithm calculates the jammer type dependent variable, [TeX:] $$a^{(i)}$$ in the case of the proactive jamming and [TeX:] $$b_i \text { and } c_{i j}$$ for reactive jamming, for the renewed set obtained from step 1.

3) The findings are fed to the SFLP procedure and [TeX:] $$\alpha^{(i)} \text { 's }$$ are computed.

4) If the SFLP fails to find a solution, i.e., a solution such that the throughput constraint is satisfied cannot be found, the algorithms chooses [TeX:] $$\mathcal{L}_x$$ channels with the highest invalidity ratios. In this case, we donate the binary decision variation as [TeX:] $$\alpha^{*(i)}.$$

Algorithm 1 shows the pseudocode of PCS-MAC. In our analysis, we have consider a single-hop distributed ad-hoc CRIoT network, where each CR user can directly communicate with any other CR user. In such types of networks, there is no access point (AP) to coordinate the transmissions and allocate channels to each node. In a single-hop single collision domain, where all nodes can hear each other, all control information exchanges can be heard by all CR-IoT devices. This ensures that all contending CR-IoT devices will have the same updated channel occupancy and channel avoidance information. Due to the absence of an AP, our solution includes developing a distributed channel access mechanism that allocates channels to CR-IoT devices using a CSMA/CA-based mechanism implemented over a common control channel. Using a handshaking procedure, CR-IoT to CR-IoT inference can be eliminated. However, with that being said, our solution can be easily adopted in a centralized CRN with an AP, which significantly simplifies the spectrum access protocol as the CRIoT users can only communicate with the AP.

The proposed algorithm is efficient in consuming resources overall. The algorithm uses carrier sensing and calculations based on locally estimated metrics such as signal-to-noise ratio and packet delivery ratio along with available information about PU activities, which is available to all algorithms in CR-based networks. Our algorithm does not require the nodes to exchange any non-user data information for the sake of detecting and mitigating the jamming attack. In general, anti-jamming techniques in WSNs and IoT networks require more resources to accomplish the detection and mitigation of the jamming attack. JAM protocol [37] detects the presence of jamming based on lost messages and mitigates that by mapping the jammed area and avoid sending through that area. The mapping process involves sending additional messages that consume bandwidth and power resources of the communicating nodes. In addition, such protocols assume high redundancy in routers/switches and links to be able to produce a redundant path. Ant system [38] employs agents that travel the networks periodically to detect the presence of compromised nodes and/or jammed links to avoid communicating through these links. Agents’ messages represent an overhead with respect to bandwidth resources. The hybrid anti-jamming system [39] is based on replicating based stations to allow establishing multiple paths among them in case jamming attack. This solution requires additional equipment resources.

It is important to note that based on the findings in [12], there exists a phase transition phenomenon of packet delivery performance. For reactive jamming, it was observed that when jamming probability, [TeX:] $$P_J^{(i)},$$ increases, the packet invalidity ratio [TeX:] $$\left(r^{(i)}\right)$$ first increases slightly, then increases dramatically to 1. For non-reactive (proactive) jamming, there exists a similar phenomenon. When the average jamming interval, [TeX:] $$T_J^{(i)},$$ increases, the message invalidity ratio first has the value of 1, then decreases dramatically to 0. In this paper, the same rationale is used to adjust the anti-jamming algorithm by identifying the type of attack based on the variation of the value of [TeX:] $$\gamma^2(\overline{2}).$$ Initially, the jamming attack is assumed to be proactive. Then, with every transmission, the invalidity ratio is re-calculated and its value is compared to the previous transmission to determine if the strategy needs to be reversed.

C. Complexity Analysis

The MAX-PoS algorithm presented in [21], [22] was proven to have a polynomial-time complexity that is bounded by the linear programming (LP) solver’s complexity times the number of PU channels, [TeX:] $$\mathcal{M}.$$ Our proposed channel assignment algorithm is proven to have a comparable worst-case time complexity to that of the reference MAX-PoS algorithm.

Theory: The proposed SFLP channel assignment algorithm’s worst-case time complexity is polynomial in the number of PU channels [TeX:] $$(2 \times \mathcal{M}),$$ which is determined by [TeX:] $$\mathcal{M}$$ iterations.

Proof: The proposed method guarantees that one new variable is fixed to either 0 or 1 in each iteration, and a new viable relaxed LP (RLP) issue is generated for the following iteration. A maximum of [TeX:] $$L_x$$ iterations are required if all generated RLPs are feasible. If not, a maximum of [TeX:] $$2 \times \mathcal{M}$$ iterations are required to evaluate whether a feasible channel assignment can be determined. The worst-case scenario can be simulated by fixing all [TeX:] $$\alpha^{(i)}$$ variables to 0, which indicates that no feasible secure channel assignment can be found). As a result, the time complexity of our SFLP is limited by the LP solver’s complexity times [TeX:] $$\mathcal{M}.$$ The complexity of our proposed channel assignment algorithm is polynomial because the LP solver has a polynomial-time complexity. Therefore, the proposed channel assignment algorithm has a comparable worst-case time complexity to that of the reference MAX-PoS algorithm. This is because both algorithms are based on an SFLP procedure with polynomial-time complexity.

IV. EXPERIMENTAL TESTBED

A. Motivation

To analyze novel IoT protocols and algorithms, researchers resort to various methods [40]. Theoretical analysis brings the first proof-of-concept and aids in evolving a prediction of the system’s characteristics and behavior. However, for accurate predictions, highly detailed models must be used which are frequently complex and difficult to comprehend and handle [41]. Simulators are the most adopted methods for system development and verification [42], as they yield a more realistic evaluation of the system’s performance in comparison to pure theoretical evaluations. Additionally, testing and debugging is allowed on protocols at any design stage. Nevertheless, the reliability of simulators naturally depends on the accuracy of the used models, e.g., channel and energy consumption models, thus the results may not match real world experimentation. Additionally, most simulators do not consider the hardware limitations of the utilized nodes which normally have cogent impacts on the accuracy of the reported results. As a result, a hybrid method that merges hardware and software components for experimentation, the emulator, is introduced. Yet, emulators suffer from a high cost per tested node, limited scalability, low speed, and are platform dependent [42].

The stringiest approach is composing real world experiments. Unfortunately, they come at the expense of high software and hardware cost, plus the required manpower for installment and maintenance [40]. Testbeds, contrarily, provide realistic assessment, under factual channel conditions, without the entailed disadvantages of real world experimentation. Recently, a number of facilities started providing experimental testbeds that offer a magnitude of tools and services for researchers and developers [43]. After exhaustive search and evaluation, FIT IoT-LAB testbed is found to be the most apt for evaluating our CR-IoT-based implementation.

B. FIT IoT-LAB

FIT IoT-LAB is a member of the OneLab consortium. It has six different locations spread across France [28]. In total, it is made up of more than 2700 low-power wireless IoT sensor nodes and over one hundred mobile robots equipped with low-rate wireless personal area network (LR WPAN) connectivity, i.e., IEEE 802.15.4 standard. The testbed offers an environment that is multi-user, open-source, and openaccess for experimentation. Node reservation and firmware deployment can either be made via a web-based portal or through command-line tools. The static nodes are divided into three types; WSN430, M3, and A8. The M3 nodes are chosen in our implementation. The nodes are equipped with a set of sensors and a radio interface via the AT86RF231 radio chip, which is IEEE 802.15.4 complaint. They are based on a 32-bit ARM Cortex-M3 micro-controller and operated by 3.7V lithium polymer (LiPo) battery. The IEEE 802.15.4 standard mandates both the physical and MAC layers; stating a communication range of 10–100 m using 16 orthogonal frequencies around 2.4 GHz, i.e., channels 11–26 [44]. Moreover, the standard specifies a maximum frame size of 127 bytes. On the software side, the M3 nodes can be managed via RIOT, OpenWSN, FreeRTOS, and Contiki. FreeRTOS is used, in this work, as it provides fast execution, small memory footprint, and low overhead. It is a micro-kernel that provides semaphores, mutexes, multi-threading, and software timers with a CSMA/CA for the MAC layer implementation.

The Lille testbed, one of the six FiT IoT-LAB testbeds, is chosen for our experiments. It is deployed over three floors of a commercial building, through offices, corridors and a dedicated room with an area of [TeX:] $$225 \mathrm{~m}^2.$$ Nodes in the room are spread over ceilings and wood poles, in our implementation we utilize the ceiling mounted nodes. These nodes are arranged in staggered rows over a [TeX:] $$1.2 \mathrm{~m} \times 1.2 \mathrm{~m}$$ grid at a height of 9.6 m from the floor. In total, the Lille site consists of 256 fixed and 3 mobile M3 nodes. This specific site is chosen as it provides great similarity to the targeted medical IoT environment with its high density of IoT nodes and the expected competition over the spectrum. Fig. 2 depicts the topology of the Lille site with the red dots denoting the M3 nodes, while the blue ones are Zolertia Firefly nodes. An experiment starts with the user communicating with the testbed via the web portal or the representational state transfer (REST) application program interface (API) through a secure shell (ssh) access and command line interface (CLI). The user can edit the source code, build/deploy firmware, and remotely debug the nodes.

V. RESULTS

In our implementation, performance is measured with throughput as the main metric. To administer the implementation, we generated custom firmwares based on the libraries supplied by the manufacturer of the nodes, HiKoB. We created two firmwares, one for the nodes acting as CR devices and another for the nodes acting as jammers. The CR devices firmware adopts the FreeRTOS-based CSMA/CA MAC and performs channel condition assessment at the beginning of each transmission. Then, based on the gathered information and user set parameters (e.g., delay and throughput requirements), the algorithm is performed on the nodes and the channels are selected. The nodes try to send their packets over the assigned channels, and are allowed to retransmit the packets (in case the packets were damaged by the jammer) as long as the delay threshold is not exceeded. On the other hand, the jammers are programmed to constantly send out packets at fixed intervals, based on the parameter x in the proactive jammer case and [TeX:] $$p_J^{M A X}$$ for reactive jammers. Throughput performance is investigated using two reference algorithms: MAX-PoS [21], [22] and the greedy approach. The MAXPoS algorithm, as mentioned in the related work section, is a probabilistic-based approach that aims at maximizing network throughput by utilizing the parallel-transmission capability while considering channel quality and availability. However, it is oblivious to jamming. On the other hand, the greedy algorithm aims at selecting the channels with the highest quality in terms of signal-to-noise ratio [46]. Due to the controlled nature of the testbed and the adopted standard, which is the LR-WPAN in FIT IoT-LAB as discussed in Section V, the transmission power and range are limited. Hence, the variations among the channels are minimal, causing the greedy algorithm to behave as a random channel selection algorithm.

In our experiment, there are 10 nodes reserved to act as jammers on the selected channels, which are channels 11 to 21. The positions of the jammers are fixed, however, the channels they jam vary with each run, such that all ten channels are jammed in every iteration. Channel 17, where FIT IoT WiFi access points operate, is excluded to avoid external interference. Since single-radio multi-channel implementations introduce channel switching delays [47], in this paper, PCS-MAC is evaluated for the multi-radio case to allow fair evaluation of the proposed scheme. Since the M3 nodes have only one transceiver, virtual nodes are created by combing [TeX:] $$\mathcal{L}_x$$ physical M3 nodes to emulate CR-IoT nodes with parallel transmission capability. Fig. 2 shows how the virtual nodes are created by combining[TeX:] $$\mathcal{L}_x$$ M3 nodes to form nodes with parallel channel transmission capabilities, with a special example of [TeX:] $$\mathcal{L}_x=3.$$ There are six reserved virtual nodes, equivalent to 18 M3 nodes in the case of [TeX:] $$\mathcal{L}_x=3$$ and 12 in the case of [TeX:] $$\mathcal{L}_x=2.$$ Each CR transmission occurs between two randomly selected virtual nodes and is fixed as 1000 packets, each is 96 bytes in length, i.e., L = 96 bytes. As previously mentioned in Section IV, the radio chip embedded on the nodes is built to be compliant with IEEE 802.15.4, with a maximum throughput of 250 Kbps. On top of the radio interface, the nodes are rigged with various sensors like; light, pressure, accelerometer, and gyrometer, that have to be initialized at the beginning of each run. Hence, the throughput is affected by the processing overhead in software, limiting the throughput far below the hardware maximum attainable rate. It was observed that the throughput of a single link fairly exceeds 200 Kbps, even in the absence of a jammer. Moreover, the transmission power is set to 1 dBm, following the testbed regulations which specifies a maximum transmission power of 5 dBm. Since the nodes’ radio chip measures radio signal strength indicator (RSSI) by design [48], for simplicity of implementation, the RSSI is used instead of the SNR as the link-quality measure, setting a threshold of −70 dBm as our μ. Considering a time-critical application, a delay threshold of 20 ms is set, i.e., [TeX:] $$D_{t h}=20$$ ms [12]. Additionally, the maximum number of MAC layer retransmissions and the average MAC-layer delay [TeX:] $$\overline{d_k}$$ are respectively fixed to [TeX:] $$N_x=2$$ and 1 ms. These values have been demonstrated in [12], [23], [49] to be applicable in a realistic wireless IoT scenarios.

A. Proactive Jammer

As previously mentioned, a memoryless jamming strategy is considered to emulate the proactive jamming attacks. The average availability duration, [TeX:] $$T_I^{(i)},$$ over the ten channels is 5, 100, 30, 5, 45, 50, 100, 5, 45, and 30 ms, respectively. While, the average jamming interval, [TeX:] $$T_J^{(i)},$$ over the ten channels is 5, 0.2, 10, 2, 20, 5, 0.1, 2.9, 20, and [TeX:] $$0.2 \times x \mathrm{~ms},$$ respectively, where x represents the jamming attack level. Each channel is busy with probability [TeX:] $$P_B.$$ Firstly, the throughput performance under different PU activity levels is investigated and presented in Fig. 3 for [TeX:] $$\mathcal{L}_x=3 \text { and } R_{t h}=600 \mathrm{Kbps},$$ as it is about the highest achievable throughput given 3 transceivers. The reported results are averaged over 1000 runs with the number of allowed MAC re-transmissions fixed as [TeX:] $$2\left(N_x=2\right).$$ In Fig. 3(a), [TeX:] $$P_B=0.1$$ denotes that the 9 channels out of the available 10 can be occupied by CR transmission. As shown, the proposed technique outperforms the greedy approach significantly, yielding about 180% increase in throughput at x = 20 ms. PCS-MAC also outperforms MAX-PoS, with a 62% increase in throughput at [TeX:] $$x=20 \mathrm{~ms} \text { and } P_B=0.1.$$ As x increases, the jamming attacks become less severe, which is intuitive as the period between jamming attacks becomes larger. Throughput, in return, increases with x. However, as x increases, PUs activities become the dominant obstacle for throughput performance. For high values of x, it can be observed that the performance of MAX-PoS approaches that of PCS-MAC, as the effect of jamming is reduced. Moreover, as the busy probability increases to reach 0.9, i.e., there is only one available channel to use, the limiting factor becomes channel availability. Thus, the performance of all algorithms is similar due to the lack of idle channels, shown in Fig. 3(c).

To evaluate the efficacy of the proposed algorithm in adapting to various delay requirements, Fig. 4 shows the effect of varying the delay threshold on the percentage of dropped packets. Intuitively, the larger the [TeX:] $$D_{t h}$$ the more time is allowed for packets to be retransmitted, hence, the number of dropped packets decreases. In Fig. 4(a), under low PU activity [TeX:] $$\text { (i.e., } P_B=0.1 \text { ) },$$ it can be observed that PCSMAC outperforms the other techniques by having the least percentage of dropped packets in both delay requirements. However, similar to the previous results, at high PU activity [TeX:] $$\text { (i.e., } P_B=0.9 \text { ) }$$ all techniques behave similarly ascribed to the lack of available channels. Due to the lack of space and since the performance of PCS-MAC significantly outperforms that of the greedy approach, the remainder of the results focus on comparing PCS-MAC with MAC-PoS. The efficiency of PCS-MAC is also tested for different [TeX:] $$R_{t h}$$ requirements. Fig. 5 shows the throughput performance at three different data-rate requirements under different PU activity levels at [TeX:] $$\mathcal{L}_x=2 \text { and } 3 \text {. }$$ As can be observed, the algorithm conforms to the specified requirement. In Fig. 5(c), since the throughput is already below the required [TeX:] $$R_{t h},$$ the performance is identical to PCS-MAC in Fig. 3(c) at [TeX:] $$\mathcal{L}_x=3.$$ Lastly, the effect of varying [TeX:] $$P_B$$ on the throughput is investigated in Fig. 6 for the cases of the nodes equipped with 2 and 3 transceivers. Throughput naturally increases as the number of transceivers increases for MAX-PoS and PCS-MAC. The resilience of PCS-MAC against jamming is highlighted in Fig. 6. For high jamming activity, the variance between the throughput performance of PCS-MAC and MAX-PoS is at its peak, as PCS-MAC reduces the number of dropped (invalid) packets which in return increases throughput. As the jamming level decreases, the variance between the throughput enhancement of both techniques declines, yet PCS-MAC is consistently to the fore.

B. Reactive Jammer

This section is dedicated to evaluating PCS-MAC under reactive jamming strategy. In this case, the jamming strategy is varied such that each channel i has a jamming probability [TeX:] $$p_J^{(i)}.$$ For the ten channels, the jamming probabilities are 0.06, 0.75, 0.03, 0.15, 0.015, 0.06, 1, 0.105, 0.015, and [TeX:] $$0.75 \times p_J^{M A X}.$$ The jamming probability factor, [TeX:] $$p_J^{M A X},$$ is bounded such that [TeX:] $$0 \leq p_J^{M A X} \leq 1$$ forcing the jamming probability of all channels not to exceed 1, which allows us to study throughput performance under different jamming conditions. Firstly, throughput is investigated under low, moderate, and high jamming activities vs. [TeX:] $$P_B,$$ depicted in Fig. 7. Similar to the case of proactive jamming, the effectiveness of PCSMAC prevails as the jamming attacks are more severe, i.e., high [TeX:] $$p_J^{M A X}.$$ The throughput improvement is smaller at lower jamming probabilities, as the dominating factors are the channel quality and PUs activities, which are already addressed by MAX-PoS. However, at high [TeX:] $$p_J^{M A X} \text { and } P_B=0.1,$$ about a 100% throughput enhancement over MAX-PoS can be achieved by PCS-MAC using 2 or 3 transceivers, as depicted in Fig. 7(c). Fig. 8 studies the outcome of varying PU activities on throughput vs. [TeX:] $$p_J^{M A X}.$$ It can be noticed that as [TeX:] $$P_B=0.9,$$ the performance of PCS-MAC gracefully degrades to that of MAX-PoS due to the lack of available idle channels. It can also be observed that throughput is inversely proportional to [TeX:] $$p_J^{M A X},$$ surrendering to its worst value at [TeX:] $$p_J^{M A X}=0.9,$$ as the jamming attacks become most vigorous. It is important to highlight that the network throughput correlates to the number of served users. Hence, the number of users N depends heavily on the number of available idle channels for CR-IoT devices to utilize, which depends on the PU activity level.

VI. CONCLUSION

In this paper, PCS-MAC was presented as a novel multichannel assignment algorithm for delay-sensitive QoS constrained IoT-based CR networks under jamming attacks. Our algorithm assigned the least number of channels required for pre-set QoS and delay requirements while taking into account jamming activities, channel availability, and channel quality conditions. Using a probabilistic-based approach, the proposed algorithm counter-measured jamming attacks without requiring additional hardware, such as dedicated nodes or sensors. PCS-MAC performance was experimentally compared with the MAX-PoS and greedy algorithms using the FITIoT testbed. The proposed algorithm was tested under various conditions: PU activity levels, delay requirements, throughput requirements and jamming attack levels. Results showed that a significant throughput improvement can be achieved in comparison to the other channel assignment algorithms.