Spectrum Access Systems (SAS) face three interrelated security challenges: location privacy leakage, identity/location spoofing, and denial-of-service (DoS) attacks—while simultaneously complying with regulatory requirements mandating disclosure of user location information. To address these, we propose the first end-to-end strongly anonymous SAS architecture. Our approach introduces an adaptive, lightweight two-scenario location verification protocol ensuring location unlinkability and strong identity anonymity; a time-lock puzzle–based DoS-resilient mechanism guaranteeing service availability under high concurrency; and a privacy-preserving workflow integrating zero-knowledge proofs, anonymous credentials, and mix networks to protect spectrum queries, usage reporting, and location attestations—all while satisfying regulatory compliance. We formally prove the architecture’s security properties. Experimental evaluation demonstrates a 37% reduction in communication overhead and a 52% decrease in verification latency, with full compatibility with FCC and ETSI interface specifications.

The rapid advancements in wireless technology have significantly increased the demand for communication resources, leading to the development of Spectrum Access Systems (SAS). However, network regulations require disclosing sensitive user information, such as location coordinates and transmission details, raising critical privacy concerns. Moreover, as a database-driven architecture reliant on user-provided data, SAS necessitates robust location verification to counter identity and location spoofing attacks and remains a primary target for denial-of-service (DoS) attacks. Addressing these security challenges while adhering to regulatory requirements is essential. In this paper, we propose SLAP, a novel framework that ensures location privacy and anonymity during spectrum queries, usage notifications, and location-proof acquisition. Our solution includes an adaptive dual-scenario location verification mechanism with architectural flexibility and a fallback option, along with a counter-DoS approach using time-lock puzzles. We prove the security of SLAP and demonstrate its advantages over existing solutions through comprehensive performance evaluations.