Wi-Fi Denial of Service Attack on Wired Analog RF Channel Emulator

This report presents the design and implementation of an analog wireless channel emulator to examine various denial of service attacks in multiple mobile scenarios. The scenarios emulated in this project involve three node topologies of wireless interferers (Wi-Fi radios), including a software defined radio that transmits one of three denial of service (DoS) waveforms. The testbed was functional and met the original specifications. Results from mobile experiments show a clear distinction in performance among the three DoS waveforms depending on the node topology; a digital waveform using binary phase shift keying (BPSK) is most effective at reducing total network throughput at close range while sweep waveforms exhibit minor throughput reduction from a greater distance

A Non-Destructive Evaluation Application Using Software Defined Radios and Bandwidth Expansion

The development of low-complexity, lightweight and low-cost Non-Destructive Evaluation (NDE) equipment for microwave device testing is desirable from a maintenance efficiency and operational availability perspective. Current NDE equipment tends to be custom-designed, cumbersome and expensive. Software Defined Radio (SDR) technology, and a bandwidth expansion technique that exploits a priori transmit signal knowledge and auto-correlation provides a solution. This research investigated the reconstruction of simultaneous SDR receiver instantaneous bandwidth (sub-band) collections using single, dual and multiple SDR receivers. The adjacent sub-bands, collectively spanning a transmit signal bandwidth were auto-correlated with a replica transmit signal to restore frequency and phase offsets. The offsets arise due to different local oscillator manufacturing tolerances, temperature effects and ageing. A 100 MHz bandwidth uniform white noise signal was reconstructed from both dual (2 fi 50 MHz) and multiple (4 fi 25 MHz) SDR collections. The 100 MHz bandwidth exceeds a B205 SDR receiver instantaneous bandwidth. The auto-correlation technique minimizes SDR hardware numbers as bandwidth overlap is not required. Hardware test Symbol Error Rate (SER) was compared with a theoretical coherently detected M-ary orthogonal signal. A 2 MHz dual SDR uniform white noise signal reconstruction exhibited a 5 dBW loss when compared with the theoretical value. The 4 MHz multiple SDR signal reconstruction exhibited a 6 dBW loss. Finally, a linear feedback shift register was used to generate the uniform white noise signal. This provided near true-noise characteristics employing a polynomial primitive to ensure 236 - 1 non-repeatable sequences

GNSS array-based acquisition: theory and implementation

This Dissertation addresses the signal acquisition problem using antenna arrays in the general framework of Global Navigation Satellite Systems (GNSS) receivers. The term GNSS classi es those navigation systems based on a constellation of satellites, which emit ranging signals useful for positioning. Although the American GPS is already available, which coexists with the renewed Russian Glonass, the forthcoming European contribution (Galileo) along with the Chinese Compass will be operative soon. Therefore, a variety of satellite constellations and signals will be available in the next years. GNSSs provide the necessary infrastructures for a myriad of applications and services that demand a robust and accurate positioning service. The positioning availability must be guaranteed all the time, specially in safety-critical and mission-critical services. Examining the threats against the service availability, it is important to take into account that all the present and the forthcoming GNSSs make use of Code Division Multiple Access (CDMA) techniques. The ranging signals are received with very low precorrelation signal-to-noise ratio (in the order of ���22 dB for a receiver operating at the Earth surface). Despite that the GNSS CDMA processing gain o ers limited protection against Radio Frequency interferences (RFI), an interference with a interference-to-signal power ratio that exceeds the processing gain can easily degrade receivers' performance or even deny completely the GNSS service, specially conventional receivers equipped with minimal or basic level of protection towards RFIs. As a consequence, RFIs (either intentional or unintentional) remain as the most important cause of performance degradation. A growing concern of this problem has appeared in recent times. Focusing our attention on the GNSS receiver, it is known that signal acquisition has the lowest sensitivity of the whole receiver operation, and, consequently, it becomes the performance bottleneck in the presence of interfering signals. A single-antenna receiver can make use of time and frequency diversity to mitigate interferences, even though the performance of these techniques is compromised in low SNR scenarios or in the presence of wideband interferences. On the other hand, antenna arrays receivers can bene t from spatial-domain processing, and thus mitigate the e ects of interfering signals. Spatial diversity has been traditionally applied to the signal tracking operation of GNSS receivers. However, initial tracking conditions depend on signal acquisition, and there are a number of scenarios in which the acquisition process can fail as stated before. Surprisingly, to the best of our knowledge, the application of antenna arrays to GNSS signal acquisition has not received much attention. This Thesis pursues a twofold objective: on the one hand, it proposes novel arraybased acquisition algorithms using a well-established statistical detection theory framework, and on the other hand demonstrates both their real-time implementation feasibility and their performance in realistic scenarios. The Dissertation starts with a brief introduction to GNSS receivers fundamentals, providing some details about the navigation signals structure and the receiver's architecture of both GPS and Galileo systems. It follows with an analysis of GNSS signal acquisition as a detection problem, using the Neyman-Pearson (NP) detection theory framework and the single-antenna acquisition signal model. The NP approach is used here to derive both the optimum detector (known as clairvoyant detector ) and the sov called Generalized Likelihood Ratio Test (GLRT) detector, which is the basis of almost all of the current state-of-the-art acquisition algorithms. Going further, a novel detector test statistic intended to jointly acquire a set of GNSS satellites is obtained, thus reducing both the acquisition time and the required computational resources. The eff ects of the front-end bandwidth in the acquisition are also taken into account. Then, the GLRT is extended to the array signal model to obtain an original detector which is able to mitigate temporally uncorrelated interferences even if the array is unstructured and moderately uncalibrated, thus becoming one of the main contributions of this Dissertation. The key statistical feature is the assumption of an arbitrary and unknown covariance noise matrix, which attempts to capture the statistical behavior of the interferences and other non-desirable signals, while exploiting the spatial dimension provided by antenna arrays. Closed form expressions for the detection and false alarm probabilities are provided. Performance and interference rejection capability are modeled and compared both to their theoretical bound. The proposed array-based acquisition algorithm is also compared to conventional acquisition techniques performed after blind null-steering beamformer approaches, such as the power minimization algorithm. Furthermore, the detector is analyzed under realistic conditions, accounting for the presence of errors in the covariance matrix estimation, residual Doppler and delay errors, and signal quantization e ects. Theoretical results are supported by Monte Carlo simulations. As another main contribution of this Dissertation, the second part of the work deals with the design and the implementation of a novel Field Programmable Gate Array (FPGA)-based GNSS real-time antenna-array receiver platform. The platform is intended to be used as a research tool tightly coupled with software de ned GNSS receivers. A complete signal reception chain including the antenna array and the multichannel phase-coherent RF front-end for the GPS L1/ Galileo E1 was designed, implemented and tested. The details of the digital processing section of the platform, such as the array signal statistics extraction modules, are also provided. The design trade-o s and the implementation complexities were carefully analyzed and taken into account. As a proof-of-concept, the problem of GNSS vulnerability to interferences was addressed using the presented platform. The array-based acquisition algorithms introduced in this Dissertation were implemented and tested under realistic conditions. The performance of the algorithms were compared to single antenna acquisition techniques, measured under strong in-band interference scenarios, including narrow/wide band interferers and communication signals. The platform was designed to demonstrate the implementation feasibility of novel array-based acquisition algorithms, leaving the rest of the receiver operations (mainly, tracking, navigation message decoding, code and phase observables, and basic Position, Velocity and Time (PVT) solution) to a Software De ned Radio (SDR) receiver running in a personal computer, processing in real-time the spatially- ltered signal sample stream coming from the platform using a Gigabit Ethernet bus data link. In the last part of this Dissertation, we close the loop by designing and implementing such software receiver. The proposed software receiver targets multi-constellation/multi-frequency architectures, pursuing the goals of e ciency, modularity, interoperability, and exibility demanded by user domains that require non-standard features, such as intermediate signals or data extraction and algorithms interchangeability. In this context, we introduce an open-source, real-time GNSS software de ned receiver (so-named GNSS-SDR) that contributes with several novel features such as the use of software design patterns and shared memory techniques to manage e ciently the data ow between receiver blocks, the use of hardware-accelerated instructions for time-consuming vector operations like carrier wipe-o and code correlation, and the availability to compile and run on multiple software platforms and hardware architectures. At this time of writing (April 2012), the receiver enjoys of a 2-dimensional Distance Root Mean Square (DRMS) error lower than 2 meters for a GPS L1 C/A scenario with 8 satellites in lock and a Horizontal Dilution Of Precision (HDOP) of 1.2.Esta tesis aborda el problema de la adquisición de la señal usando arrays de antenas en el marco general de los receptores de Sistemas Globales de Navegación por Satélite (GNSS). El término GNSS engloba aquellos sistemas de navegación basados en una constelación de satélites que emiten señales útiles para el posicionamiento. Aunque el GPS americano ya está disponible, coexistiendo con el renovado sistema ruso GLONASS, actualmente se está realizando un gran esfuerzo para que la contribución europea (Galileo), junto con el nuevo sistema chino Compass, estén operativos en breve. Por lo tanto, una gran variedad de constelaciones de satélites y señales estarán disponibles en los próximos años. Estos sistemas proporcionan las infraestructuras necesarias para una multitud de aplicaciones y servicios que demandan un servicio de posicionamiento confiable y preciso. La disponibilidad de posicionamiento se debe garantizar en todo momento, especialmente en los servicios críticos para la seguridad de las personas y los bienes. Cuando examinamos las amenazas de la disponibilidad del servicio que ofrecen los GNSSs, es importante tener en cuenta que todos los sistemas presentes y los sistemas futuros ya planificados hacen uso de técnicas de multiplexación por división de código (CDMA). Las señales transmitidas por los satélites son recibidas con una relación señal-ruido (SNR) muy baja, medida antes de la correlación (del orden de -22 dB para un receptor ubicado en la superficie de la tierra). A pesar de que la ganancia de procesado CDMA ofrece una protección inherente contra las interferencias de radiofrecuencia (RFI), esta protección es limitada. Una interferencia con una relación de potencia de interferencia a potencia de la señal que excede la ganancia de procesado puede degradar el rendimiento de los receptores o incluso negar por completo el servicio GNSS. Este riesgo es especialmente importante en receptores convencionales equipados con un nivel mínimo o básico de protección frente las RFIs. Como consecuencia, las RFIs (ya sean intencionadas o no intencionadas), se identifican como la causa más importante de la degradación del rendimiento en GNSS. El problema esta causando una preocupación creciente en los últimos tiempos, ya que cada vez hay más servicios que dependen de los GNSSs Si centramos la atención en el receptor GNSS, es conocido que la adquisición de la señal tiene la menor sensibilidad de todas las operaciones del receptor, y, en consecuencia, se convierte en el factor limitador en la presencia de señales interferentes. Un receptor de una sola antena puede hacer uso de la diversidad en tiempo y frecuencia para mitigar las interferencias, aunque el rendimiento de estas técnicas se ve comprometido en escenarios con baja SNR o en presencia de interferencias de banda ancha. Por otro lado, los receptores basados en múltiples antenas se pueden beneficiar del procesado espacial, y por lo tanto mitigar los efectos de las señales interferentes. La diversidad espacial se ha aplicado tradicionalmente a la operación de tracking de la señal en receptores GNSS. Sin embargo, las condiciones iniciales del tracking dependen del resultado de la adquisición de la señal, y como hemos visto antes, hay un número de situaciones en las que el proceso de adquisición puede fallar. En base a nuestro grado de conocimiento, la aplicación de los arrays de antenas a la adquisición de la señal GNSS no ha recibido mucha atención, sorprendentemente. El objetivo de esta tesis doctoral es doble: por un lado, proponer nuevos algoritmos para la adquisición basados en arrays de antenas, usando como marco la teoría de la detección de señal estadística, y por otro lado, demostrar la viabilidad de su implementación y ejecución en tiempo real, así como su medir su rendimiento en escenarios realistas. La tesis comienza con una breve introducción a los fundamentos de los receptores GNSS, proporcionando algunos detalles sobre la estructura de las señales de navegación y la arquitectura del receptor aplicada a los sistemas GPS y Galileo. Continua con el análisis de la adquisición GNSS como un problema de detección, aplicando la teoría del detector Neyman-Pearson (NP) y el modelo de señal de una única antena. El marco teórico del detector NP se utiliza aquí para derivar tanto el detector óptimo (conocido como detector clarividente) como la denominada Prueba Generalizada de la Razón de Verosimilitud (en inglés, Generalized Likelihood Ratio Test (GLRT)), que forma la base de prácticamente todos los algoritmos de adquisición del estado del arte actual. Yendo más lejos, proponemos un nuevo detector diseñado para adquirir simultáneamente un conjunto de satélites, por lo tanto, obtiene una reducción del tiempo de adquisición y de los recursos computacionales necesarios en el proceso, respecto a las técnicas convencionales. El efecto del ancho de banda del receptor también se ha tenido en cuenta en los análisis. A continuación, el detector GLRT se extiende al modelo de señal de array de antenas para obtener un detector nuevo que es capaz de mitigar interferencias no correladas temporalmente, incluso utilizando arrays no estructurados y moderadamente descalibrados, convirtiéndose así en una de las principales aportaciones de esta tesis. La clave del detector es asumir una matriz de covarianza de ruido arbitraria y desconocida en el modelo de señal, que trata de captar el comportamiento estadístico de las interferencias y otras señales no deseadas, mientras que utiliza la dimensión espacial proporcionada por los arrays de antenas. Se han derivado las expresiones que modelan las probabilidades teóricas de detección y falsa alarma. El rendimiento del detector y su capacidad de rechazo a interferencias se han modelado y comparado con su límite teórico. El algoritmo propuesto también ha sido comparado con técnicas de adquisición convencionales, ejecutadas utilizando la salida de conformadores de haz que utilizan algoritmos de filtrado de interferencias, como el algoritmo de minimización de la potencia. Además, el detector se ha analizado bajo condiciones realistas, representadas con la presencia de errores en la estimación de covarianzas, errores residuales en la estimación del Doppler y el retardo de señal, y los efectos de la cuantificación. Los resultados teóricos se apoyan en simulaciones de Monte Carlo. Como otra contribución principal de esta tesis, la segunda parte del trabajo trata sobre el diseño y la implementación de una nueva plataforma para receptores GNSS en tiempo real basados en array de antenas que utiliza la tecnología de matriz programable de puertas lógicas (en ingles Field Programmable Gate Array (FPGA)). La plataforma está destinada a ser utilizada como una herramienta de investigación estrechamente acoplada con receptores GNSS definidos por software. Se ha diseñado, implementado y verificado la cadena completa de recepción, incluyendo el array de antenas y el front-end multi-canal para las señales GPS L1 y Galileo E1. El documento explica en detalle el procesado de señal que se realiza, como por ejemplo, la implementación del módulo de extracción de estadísticas de la señal. Los compromisos de diseño y las complejidades derivadas han sido cuidadosamente analizadas y tenidas en cuenta. La plataforma ha sido utilizada como prueba de concepto para solucionar el problema presentado de la vulnerabilidad del GNSS a las interferencias. Los algoritmos de adquisición introducidos en esta tesis se han implementado y probado en condiciones realistas. El rendimiento de los algoritmos se comparó con las técnicas de adquisición basadas en una sola antena. Se han realizado pruebas en escenarios que contienen interferencias dentro de la banda GNSS, incluyendo interferencias de banda estrecha y banda ancha y señales de comunicación. La plataforma fue diseñada para demostrar la viabilidad de la implementación de nuevos algoritmos de adquisición basados en array de antenas, dejando el resto de las operaciones del receptor (principalmente, los módulos de tracking, decodificación del mensaje de navegación, los observables de código y fase, y la solución básica de Posición, Velocidad y Tiempo (PVT)) a un receptor basado en el concepto de Radio Definida por Software (SDR), el cual se ejecuta en un ordenador personal. El receptor procesa en tiempo real las muestras de la señal filltradas espacialmente, transmitidas usando el bus de datos Gigabit Ethernet. En la última parte de esta Tesis, cerramos ciclo diseñando e implementando completamente este receptor basado en software. El receptor propuesto está dirigido a las arquitecturas de multi-constalación GNSS y multi-frecuencia, persiguiendo los objetivos de eficiencia, modularidad, interoperabilidad y flexibilidad demandada por los usuarios que requieren características no estándar, tales como la extracción de señales intermedias o de datos y intercambio de algoritmos. En este contexto, se presenta un receptor de código abierto que puede trabajar en tiempo real, llamado GNSS-SDR, que contribuye con varias características nuevas. Entre ellas destacan el uso de patrones de diseño de software y técnicas de memoria compartida para administrar de manera eficiente el uso de datos entre los bloques del receptor, el uso de la aceleración por hardware para las operaciones vectoriales más costosas, como la eliminación de la frecuencia Doppler y la correlación de código, y la disponibilidad para compilar y ejecutar el receptor en múltiples plataformas de software y arquitecturas de hardware. A fecha de la escritura de esta Tesis (abril de 2012), el receptor obtiene un rendimiento basado en la medida de la raíz cuadrada del error cuadrático medio en la distancia bidimensional (en inglés, 2-dimensional Distance Root Mean Square (DRMS) error) menor de 2 metros para un escenario GPS L1 C/A con 8 satélites visibles y una dilución de la precisión horizontal (en inglés, Horizontal Dilution Of Precision (HDOP)) de 1.2

Electronic identification systems for asset management

Electronic identification is an increasingly pervasive technology that permits rapid data recovery from low-power transponders whenever they are placed within the vicinity of an interrogator device. Fundamental benefits include proximity detection not requiring line-of-sight, multiple transponder access and data security. In this document, electronic identification methods for asset management are devised for the new target application of electrical appliance testing. In this application mains-powered apparatus are periodically subjected a prescribed series of electrical tests performed by a Portable Appliance Tester (PAT). The intention is to enhance the process of appliance identification and management, and to automate the test process as far as possible. Three principal methods of electronic identification were designed and analysed for this application: proximity Radio Frequency Identification (RFID), cable RFID and power- line signalling. Each method relies on an inductively coupled mechanism that utilities a signalling technique called direct-load modulation. This is particularly suited to low- cost passive transponder designs. Physical limitations to proximity RFID are identified including coil size, orientation and susceptibility to nearby conducting surfaces. A novel inductive signalling method called cable RFID is then described that permits automatic appliance identification. This method uses the appliance power cable and inlet filter to establish a communication channel between interrogator and transponder. Prior to commencing the test phase, an appliance is plugged into the PAT and identified automatically via cable RFID. An attempt is made to extend the scope of cable RFID by developing a novel mains power-line signalling method that uses direct-load modulation and passive transponders. Finally, two different implementations of RFID interrogator are described. The first takes the form of an embeddable module intended for incorporation into electronic identification products such as RFID enabled PAT units. Software Defined Radio (SDR) principles are applied to the second interrogator design in an effort to render the device reconfigurable

FPGA Acceleration of 3GPP Channel Model Emulator for 5G New Radio

The channel model is by far the most computing intensive part of the link level simulations of multiple-input and multiple-output (MIMO) fifth-generation new radio (5G NR) communication systems. Simulation effort further increases when using more realistic geometry-based channel models, such as the three-dimensional spatial channel model (3D-SCM). Channel emulation is used for functional and performance verification of such models in the network planning phase. These models use multiple finite impulse response (FIR) filters and have a very high degree of parallelism which can be exploited for accelerated execution on Field Programmable Gate Array (FPGA) and Graphics Processing Unit (GPU) platforms. This paper proposes an efficient re-configurable implementation of the 3rd generation partnership project (3GPP) 3D-SCM on FPGAs using a design flow based on high-level synthesis (HLS). It studies the effect of various HLS optimization techniques on the total latency and hardware resource utilization on Xilinx Alveo U280 and Intel Arria 10GX 1150 high-performance FPGAs, using in both cases the commercial HLS tools of the producer. The channel model accuracy is preserved using double precision floating point arithmetic. This work analyzes in detail the effort to target the FPGA platforms using HLS tools, both in terms of common parallelization effort (shared by both FPGAs), and in terms of platform-specific effort, different for Xilinx and Intel FPGAs. Compared to the baseline general-purpose central processing unit (CPU) implementation, the achieved speedups are 65X and 95X using the Xilinx UltraScale+ and Intel Arria FPGA platform respectively, when using a Double Data Rate (DDR) memory interface. The FPGA-based designs also achieved ~3X better performance compared to a similar technology node NVIDIA GeForce GTX 1070 GPU, while consuming ~4X less energy. The FPGA implementation speedup improves up to 173X over the CPU baseline when using the Xilinx UltraRAM (URAM) and High-Bandwidth Memory (HBM) resources, also achieving 6X lower latency and 12X lower energy consumption than the GPU implementation

Passive Geo-Location of a Radio Frequency Transmitter

This project, completed at MIT Lincoln Laboratory will explore accurate timing in a system to passively geo-locate a radio frequency transmitter based on the time the transmitted signal arrives at two separate receivers. Two GPS disciplined oscillators (GPSDOs) will be used to keep precise time at both receivers and these units will be the focus of this report. First, the two GPSDOs were tested against one another and the difference between the timing signal outputs of each GPSDO was compared. Then the GPSDOs were placed in the full system and lab tests were conducted, focusing on their performance. Finally, a field test was conducted to determine the feasibility of these receivers as field units