15.2 Primary-User Emulation Attacks 435 15.3, respectively. We then describe security threats to self-coexistence mecha- nisms in the context of the 802.22 air interface in Section 15.4. In Section 15.5, we discuss security issues that affect the trustworthiness of CR software. 15.2 PRIMARY-USER EMULATION ATTACKS 15.2.1 Spectrum Sensing in Hostile Environments A CR's ability to distinguish between primary-user signals and secondary-user sig- nals is key to the implementation of the OSS paradigm. Distinguishing the two signals is nontrivial, but it becomes especially difficult when the CRs operate in hostile environments. In a hostile environment, an attacker may modify the air interface of its own CR to mimic a primary-user signal's characteristics, thereby causing legitimate secondary users to erroneously identify the attacker as a primary user. We coin the term PUE attack to refer to this attack. There is a realistic possibil- ity of PUE attacks, since CRs are highly reconfigurable due to their software-based air interface [11]. To thwart such attacks, a scheme that can reliably distinguish between legitimate primary signal transmitters and secondary signal transmitters