One aspect of spectrum sharing that’s receiving less attention than it should is security — specifically, potential problems brought on by the very attributes that makes this technology work.
There’s a basic concept in computer network security: If you don’t want A to attack B, make it impossible for A and B to communicate. That’s why sensitive military communications systems do not have links to the internet. Experts realize that, even with the best firewalls and filtering, if a connection exists, the system is inherently less secure.
That’s exactly the security problem that arises with spectrum sharing: It creates connections that could be compromised.
In current dedicated (non-sharing) spectrum-allocation approaches, devices operating in spectrum band “A” cannot interfere with systems using band “B.” Sure, sometimes there’s a little interference due to poor radio design — for example, the proposed LightSquared network and existing GPS devices — but the attack path does not exist. Even if a smartphone were infected with the worst virus imaginable, the malware could not interrupt communications provided over different spectrum bands.
Sharing spectrum could mean sharing viruses too.
That could change with spectrum sharing, where devices labeled as “secondary users” share spectrum belonging to “primary users.” Sharing happens either in specific geographic locations where the primary is not operating on the spectrum in question, or during specific periods of time when the primary system is not using the spectrum.
In what is called “dynamic spectrum access,” the primary system posts to a database the availability of its spectrum. Then, the secondary user queries the database to learn when and where it can use that available spectrum. Alternatively, the secondary system may use cognitive radios to sense the spectrum environment and determine whether the secondary system can use the spectrum without interfering with the primary user. Combining databases and cognitive radios is another possible approach to enable spectrum sharing.
One area of particular concern, however, is that, in many cases, primary users will be sensitive government systems, especially if up to 1 GHz of spectrum is set aside for sharing, as proposed by the President’s Council of Advisors on Science and Technology (PCAST.) What happens if the secondary user device doesn’t follow the rules and transmits at times or in locations it’s not supposed to? Worse yet, what if hundreds of thousands of devices are systematically compromised and start misbehaving in unison to launch a coordinated denial-of-service attack on the government communications systems?
It’s hard to know for sure the possible ramifications of such a barrage, because our industry currently has little information about the primary government systems with which commercial operations would share spectrum; much of that data is classified. But the effects can’t be good.
The whole point of spectrum sharing is for secondary users not to use the spectrum when the primary system needs it. Doing so could result in denial-of-service for the primary government system, with potential consequences that include lower reliability, operation over reduced distances, or even complete failure.
The airwaves aren’t the only problem.Compounding my concern is how complex user devices are becoming. In the same way that personal computers became more vulnerable to malware as they grew increasingly sophisticated, so are smartphones now becoming targets. The number of ways in which malware can infect mobile devices will only increase, and if that malware is designed to disrupt the proper operation of the smartphone radio, then a spectrum attack on government communications systems via a shared-spectrum scenario is a real possibility.
That’s true even though the spectrum-sharing logic may, theoretically, be isolated from the application-execution space in the smartphone. As long as both are present and some form of connection exists, the consumer’s mobile device could become an attack path in spectrum sharing situations.
It gets worse.
So far we’ve only considered user devices being compromised. But what if an attacker infiltrated the database itself in a dynamic-spectrum access system? It’s that database that determines how secondary systems access the band, and if the database is manipulated into giving out incorrect information, the secondary system could massively disrupt the primary system. And this could occur on a network-wide basis.
Don’t panic, just pause.It’s not that appropriate safeguards can’t be implemented. Most security problems can be solved, given sufficient time and effort. A more difficult and pertinent question is whether protective measures can be designed beforehand and sufficiently well to satisfy security officers responsible for extremely sensitive primary government systems. In my view, hardening spectrum-sharing systems to protect against malicious attack will inevitably add to the already considerable complexity of such systems.
As I’ve stated previously, spectrum sharing can theoretically be made to work. Sharing scenarios can also be made secure. However, ensuring that a networking system is secure is a time-consuming process, regardless of the type of network.
It is impossible to predict just how much overhead thinking through security issues will add to developing spectrum-sharing solutions. Rather, security has to be added as yet one more consideration, along with all the other concerns raised by spectrum sharing. These include identifying what types of systems will be shared and how, determining the market for shared systems, and developing specifications and standards to allow sharing.
Beyond very basic-use cases, spectrum sharing is going to be a complicated proposition. Ensuring that sharing is secure and does not endanger existing government systems only adds to the complexity. Therefore, I don’t see sharing as a short-term solution to our spectrum woes.
Peter Rysavy is president of Rysavy Research, a wireless network engineering firm.