Enforcement in spectrum access system is simultaneously a technical and policy problem. The feasible enforcement policy depends deeply on the current state of technology and the suitable technical architectures depend on the policy framework. In this proposal, we construct a policy framework grounded in current technology that is built on the common pool resource (CPR) and law and economics literature to guide the technical and institutional design of approaches to the automated enforcement of shared spectrum systems.
As we consider ex-post enforcement approaches, the need to detect enforceable events, gather information about these events (i.e. forensic information about the event such as who, where, when and what) and adjudicate claims based on rules and evidence becomes important. Some work has been done in automated ex-post methods that sought to “punish” interferers through various means. Broadly, enforceable interference events might be subdivided into (Type 1) events due to the routine operation of participants in a sharing ecosystem; (Type 2) events due to “rogue” or malicious users; and (Type 3) events due to faulty equipment of authorized spectrum users.
We note that enforceable events extend beyond interference to the domain of collective action rights. The collective action rights that are embodied in databases may be subject to errors (which are known to exist in the TV White Spaces database) that may or may not be political or anti- competitive A comprehensive enforcement system must extend to ensuring the correctness of the database contents as well as the process for determining how the database is populated.
Institutional and system factors in the design of automated enforcement systems:
We explore three different strategies for implementing the ex post enforcement functions: third party enforcer, self-enforcement and mutual cooperative enforcement. We propose to develop an agent-based simulation model to study the dynamic behavior of spectrum sharing under each enforcement model for two spectrum sharing models: the static model used for the 1695- 1710MHz band and the three tiered model proposed for the CBRS in the 3.6GHz band. In addition, we characterize the requirements for the enforcement of collective action rights in SAS-based spectrum sharing systems.
Automating ex ante enforcement:
Spectrum access control via policy reasoners: Leveraging our previous experience in implementing a rule-based policy reasoner [7, 6], we propose to develop a proof-of-concept ontology-based policy reasoner. By implementing this policy reasoner and carefully evaluating it through experiments, we aim to shed light on the specific technical challenges encumbering the use of ontology-based spectrum policies for policy-based radios and provide insight on how to mitigate the complexity of reasoning with ontology-based spectrum policies
Automating ex post enforcement, Event Detection:
We propose a hybrid spectrum monitoring infrastructure that can detect and localize potentially enforceable events effi- ciently. This approach is based on the use of trusted sentinels that identify possible events and then marshal local resources to validate and localize the event.
Automating ex post enforcement: Forensics:
We plan to study two key components in the process of spectrum forensics that would be invaluable to an automated adjudication sys- tem. The first component is a transmitter identification scheme that enables an enforcement entity to identify the source of interference. The second component is a remote attestation scheme that enables an enforcement entity to detect and gather irrefutable evidence of soft- ware/firmware tampering on a radio platform.
Institutional and system factors in the design of automated enforcement systems:
Research Task A In this task, we use a simple spectrum sharing model that is based on the sharing model in use for the 1695-1710MHz band [70, 9] and use it to evaluate three institutional approaches to spectrum sharing. This band has the advantage that the incument receiver is static and their application is well known (Meteorological Satellite downlinks). In this model, we assume that detection occurs with a probability that we will vary (see [47]) and that, once detected, forensics and adjudication proceed with a cost that we will vary across a range that is calibrated to the overall financial model of the sharing scenario.
We will evaluate each institutional approach using Agent-Based Modeling (ABM). We will build primary and secondary use agents, as well as agents that carry out the enforcement functions. For the secondary use agents, we will allow for different risk profiles so that different agents will, on average be more (or less) likely to generate a potentially enforceable event. The enforcement agents are able to detect events with probability pd. In the case of third party enforcement, the enforcement agent has no information about the behavior of the agents and so must learn about agent behavior and invest in detection systems accordingly. In the case of self-reporting, the enforcement agent knows more about secondary user behavior and can therefore optimize investments in detectors. In the case of cooperative mutual enforcement, both the incumbent (primary) and entrant (secondary) make investments in detection systems to both control their own behavior and to observe the behavior of others. The expected outcomes of this modeling exercise includes:
What are the minimum probabilities of detection in each scenario that lead to a stable and sustainable outcome?
Research Task B In this task, we adapt the model developed in Task A to a stylized three- tiered rights hierarchy and a database-driven SAS for ex ante enforcement roughly as proposed by the FCC [22]. In similar fashion to Task 1.A, we construct an ex post system that is consistent with the general features of research thrusts 2-4 that we test across various ranges of the key independent variables. We use this to determine which institutional model performs better under various circumstances.
Research Task C In this task, we explore the enforcement of collective action rights in the model developed in Task 1.B. This task beings by cataloging the collective action rights, the stakeholders and mechanisms by which exclusion and management rights are exercised. We examine how these rights are codified in the design of SAS systems and examine the necessary features of enforcement systems in the exercise of these functions.
Automating ex ante enforcement:
Task A We need an ontology reasoning engine that is capable of reasoning with ontologies written in a language of sufficient expressive power, and is optimized to minimize runtime overhead. We will study existing reasoning engines (e.g., Pellet [65] or HermiT [48]) and study their applicability for spectrum ontology reasoning under tight latency requirements.
Task B We will develop an efficient reasoning algorithm for the policy reasoning engine that can enable the radio to meet its latency requirement. We will start by thoroughly studying the pros and cons of Rete-based [75] and constraint-based [25] reasoning algorithms. A Rete-based algorithm is an efficient pattern-matching algorithm which sacrifices memory for increased execution speed. A constraint-based algorithm, such as RuleSolver, utilizes constraint programming, and allows users to switch between different underlying constraint solvers without any changes in their decision models.
Task C Using the implemented policy reasoner, we will carry out experiments to evaluate the validity of using ontology-based spectrum policies for dynamic spectrum access radios. A testbed composed of a USRP-based transmitter-receiver pair will be constructed. We plan to explore the following issues:
Automating ex post enforcement, Event Detection:
Task A: Design and Deployment of Dynamic, Collaborative Infrastructure for Spec- trum Monitoring In this task, we will explore the development and strategic deployment and operation of a hybrid infrastructure comprising a hierarchical network of fixed and mobile monitor- ing nodes, referred to as Sentinels. These nodes dynamically and collaboratively detect and report spectrum misuse and access right violations. The major focus of this thrust will be on the develop- ment of scalable algorithms and methods for a collaborative sentinel deployment which guarantees ”‘optimal”’ network coverage and rapid response to spectrum rules’ violation.
Task B: Opportunistic Infrastructure Peer Node Selection The major focus of this task is on identifying, recruiting and integrating peer nodes into the opportunistic infrastructure of spec- trum enforcement. Reputation and trust play a pivotal role in selecting peer nodes and enabling them to establish collaborative relationships for effective spectrum enforcement. In this task, we will explore innovative methods for opportunistic infrastructure node selection. First, we will de- sign incentive schemes that are effective and adoptable. Incentive schemes are effective if users feel compelled to contribute to spectrum enforcement and if they can achieve mutual benefit among all stakeholders. They are adoptable if they take into consideration the resource-constrained nature of wireless nodes and the spectrum dynamics of heterogeneous wireless networks. Second, we will combine incentives with reputation networks to infuse trust among the members of the spectrum enforcement community. Reputation networks have potential to foster collaboration, while main- taining an acceptable level of monitoring to ensure effective spectrum enforcement. Finally, we will develop auctions to select the required number peers to ensure monitoring coverage. Our approach to design auctions, we will seek to achieve several highly desired auction properties, including collusion-resistance, cheating prevention, truthfulness and privacy preservation.
Automating ex post enforcement: Forensics:
Task A: Collaborative BTA. We will build on our previous work [43] to devise a viable ap- proach for BTA. One promising approach, which would partially address the aforementioned draw- backs of FEAT, is to employ a collaborative BTA scheme. In such a scheme, multiple spectrum sensing nodes (which may be secondary users, dedicated sensors , or a mixture of both) cooper- ate to authenticate a single or, even possibly, multiple concurrent transmitters. The performance improvement made possible with collaborative BTA comes at the cost of increased complexity. In collaborative BTA, the authentication procedure (at the receivers) is more complex (compared to non-collaborative BTA) due to the added complexity of the data aggregation and fusion procedures. These and other related challenges will be studied in the proposed project.
Task B: A group signature scheme for BTA. Building on our GSPR concept [42], we pro- pose to develop a group signature protocol that is scalable and efficient in the context of ex post enforcement. Although the fundamental ideas behind GSPR seem promising, a number of design problems remain unsolved, and these issues will be addressed in the project. One of those prob- lems is designing an appropriate set of alias codes that are compact (to minimize communication overhead) and, more importantly, enables GSPR to have a zero probability of false negatives (i.e., Pfn = 0) while having a small, but non-zero, probability of false positives (i.e., Pfp > 0). Our pre- liminary findings suggest that the use of completely-orthogonal codes, such as Walsh codes [20], as alias codes is very attractive in terms of performance because their use makes it possible to achieve Pfn = 0 and Pfp = 0. However, the length of such codes becomes prohibitively long when GSPR is applied to large networks. One the other hand, the use of non-return-to-zero (NRZ) random codes is advantageous because it results in compact alias codes. Unfortunately, their use results in poor revocation performance—i.e., the values of Pfn and Pfp become too large.
Task C: DAA for spectrum sharing radios. The primary drawback of existing DAA schemes is the high computational complexity of revocation, which will likely be an obstacle to the adoption of DAA for radios. This burden is mainly due to the use of zero knowledge proofs in the signature generation and verification procedures. In existing schemes, the signer needs to provide a zero knowledge proof for each revoked key in the revocation list, and use it to show that a signature was not generated using a revoked key. We propose to study the viability of using a two-tiered group signature protocol for DAA of radios. The proposed DAA design avoids the use of zero knowledge proofs while ensuring the anonymity of the signer by employing two separate group signature protocols. The first protocol, which is an offline procedure between the issuer and a signer, is used to establish the signer’s membership in a group of signers managed by the issuer. Also, in this protocol, the issuer authenticates the host as a trusted platform and grants an attestation identity credential. In the second protocol, which is an online procedure, a signer generates a signature using the attestation identity credential, and a verifier authenticates the signer’s platform by verifying the signature. This DAA design shifts most of the computational complexity of revocation from the online procedure to the offline procedure, thereby significantly lowering the computational complexity of signature generation and verification, which is critical for embedded devices such as radios.