Practical Extensions to the Evaluation and Analysis of Wireless Coexistence in Unlicensed Bands

Sharing spectrum resources in unlicensed bands has proven cost effective and beneficial for providing ubiquitous access to wireless functionality for a broad range of applications. Chipsets designed to implement communication standards in the Industrial, Scientific and Medical (ISM) band have become increasingly inexpensive and widely available, making wireless-enabled medical and non-medical devices attractive to an increased number of users. Consequently, wireless coexistence becomes a concern. In response, the U.S. Food and Drug Administration (FDA) has issued a guidance document to assist medical device manufacturers ensure reasonable safety and effectiveness. Coexistence-testing methods are now being reported in literature, and novel solutions are under consideration for inclusion in the American National Standards Institute (ANSI) C63.27 Standard for Evaluation of Wireless Coexistence. This dissertation addresses practical issues for evaluating and reporting wireless coexistence. During testing, an under-test-system (UTS) is evaluated in the presence of an interfering system (IS). Accordingly, an innovative method is suggested for estimating channel utilization of multiple, concurrent wireless transmitters sharing an unlicensed band in the context of radiated open environment coexistence testing (ROECT). Passively received power measurements were collected, and then a Gaussian mixture model (GMM) was used to build a classifier for labeling observed power samples relative to their source. Overall accuracy was verified at 98.86%. Case studies are presented utilizing IEEE 802.11n as an IS with UTS based on either IEEE 802.11n or ZigBee. Results demonstrated the mutual effect of spectrum sharing on both IS and UTS in terms of per-second channel utilization and frame collision. The process of approximating the probability of a device to coexist in its intended environment is discussed, and a generalized framework for modeling the environment is presented. An 84-day spectrum survey of the 2.4 GHz to 2.48 GHz ISM band in a hospital environment serves as proof of concept. A custom platform was used to monitor power flux spectral density and record received power in both an intensive care unit (ICU) and a post-surgery recovery room (RR). Observations indicated that significant correlation in activity patterns corresponded mainly to IEEE 802.11 channels 1, 6, and 11. Consequently, channel utilization of three non-overlapping channels of 20 MHz bandwidth---relative to IEEE 802.11 channels 1, 6, and 11---were calculated and fitted to a generalized extreme value (GEV) distribution. Low channel utilization ( 50%), was observed in the surveyed environment. Reported findings can be complementary to wireless coexistence testing. Quantifying the probability of UTS coexistence in a given environment is central to the evaluation of coexistence, as evidenced in the draft of the C63.27 standard. Notably, a method for this calculation is not currently provided in the standard. To fill this void, the work presented herein proposes the use of logistic regression (LR) to estimate coexistence probability. ROECT was utilized to test a scenario with an 802.11n IS and ZigBee UTS medical device. Findings demonstrate that fitted LR model achieves 92.72% overall accuracy of classification on a testing dataset that included the outcome of a wide variety of coexistence testing scenarios. Results were incorporated with those reported in [1] using Monte Carlo simulation to estimate UTS probability of coexistence in a hospital environment

TOWARD ENHANCED WIRELESS COEXISTENCE IN THE 2.4GHZ ISM BAND VIA TEMPORAL CHARACTERIZATION AND EMPIRICAL MODELING OF 802.11B/G/N NETWORKS A DISSERTATION

This dissertation presents an extensive experimental characterization and empirical modelling of 802.11 temporal behavior. A detailed characterization of 802.11b/g/n homogeneous and heterogeneous network traffic patterns is featured, including idle time distribution and channel utilization. Duty cycle serves as a measure for spectrum busyness. Higher duty cycle levels directly impact transceivers using the spectrum, which either refrain from transmission or suffer from increased errors. Duty cycle results are provided for 802.11b, g and n Wi-Fi technologies at various throughput levels. Lower values are observed for 802.11b and g networks. Spectrum occupancy measurements are essential for wireless networks planning and deployment. Detailed characterization of 802.11g/n homogeneous and heterogeneous network traffic patterns, including activity and idle time distribution are presented. Distributions were obtained from time domain measurements and represent time fragment distributions for active and inactive periods during a specific test. This information can assist other wireless technologies in using the crowded ISM band more efficiently and achieve enhanced wireless coexistence. Empirical models of 802.11 networks in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band are also presented. This information can assist other wireless technologies aiming to utilize the crowded ISM band more efficiently and achieve enhanced wireless coexistence. In this work models are derived for both homogeneous and heterogeneous 802.11 network idle time distribution. Additionally, two applications of 802.11 networks temporal characterization are presented. The first application investigates a novel method for identifying wireless technologies through the use of simple energy detection techniques to measure the channel temporal characteristics including activity and idle time probability distributions. In this work, a wireless technology identification algorithm was assessed experimentally. Temporal traffic pattern for 802.11b/g/n homogeneous and heterogeneous networks were measured and used as algorithm input. Identification accuracies of up to 96.83% and 85.9% are achieved for homogeneous and heterogeneous networks, respectively. The second application provides a case study using 802.15.4 ZigBee transmitter packet size on-line adjustments is also presented. Packet size is adaptively modified based on channel idle time distribution obtained using simple channel power measurements. Results demonstrate improved ZigBee performance and significant enhancement in throughput as a result of using adaptive packet size transmissions

Real-Time Waveform Prototyping

Mobile Netzwerke der fünften Generation zeichen sich aus durch vielfältigen Anforderungen und Einsatzszenarien. Drei unterschiedliche Anwendungsfälle sind hierbei besonders relevant: 1) Industrie-Applikationen fordern Echtzeitfunkübertragungen mit besonders niedrigen Ausfallraten. 2) Internet-of-things-Anwendungen erfordern die Anbindung einer Vielzahl von verteilten Sensoren. 3) Die Datenraten für Anwendung wie z.B. der Übermittlung von Videoinhalten sind massiv gestiegen. Diese zum Teil gegensätzlichen Erwartungen veranlassen Forscher und Ingenieure dazu, neue Konzepte und Technologien für zukünftige drahtlose Kommunikationssysteme in Betracht zu ziehen. Ziel ist es, aus einer Vielzahl neuer Ideen vielversprechende Kandidatentechnologien zu identifizieren und zu entscheiden, welche für die Umsetzung in zukünftige Produkte geeignet sind. Die Herausforderungen, diese Anforderungen zu erreichen, liegen jedoch jenseits der Möglichkeiten, die eine einzelne Verarbeitungsschicht in einem drahtlosen Netzwerk bieten kann. Daher müssen mehrere Forschungsbereiche Forschungsideen gemeinsam nutzen. Diese Arbeit beschreibt daher eine Plattform als Basis für zukünftige experimentelle Erforschung von drahtlosen Netzwerken unter reellen Bedingungen. Es werden folgende drei Aspekte näher vorgestellt: Zunächst erfolgt ein Überblick über moderne Prototypen und Testbed-Lösungen, die auf großes Interesse, Nachfrage, aber auch Förderungsmöglichkeiten stoßen. Allerdings ist der Entwicklungsaufwand nicht unerheblich und richtet sich stark nach den gewählten Eigenschaften der Plattform. Der Auswahlprozess ist jedoch aufgrund der Menge der verfügbaren Optionen und ihrer jeweiligen (versteckten) Implikationen komplex. Daher wird ein Leitfaden anhand verschiedener Beispiele vorgestellt, mit dem Ziel Erwartungen im Vergleich zu den für den Prototyp erforderlichen Aufwänden zu bewerten. Zweitens wird ein flexibler, aber echtzeitfähiger Signalprozessor eingeführt, der auf einer software-programmierbaren Funkplattform läuft. Der Prozessor ermöglicht die Rekonfiguration wichtiger Parameter der physikalischen Schicht während der Laufzeit, um eine Vielzahl moderner Wellenformen zu erzeugen. Es werden vier Parametereinstellungen 'LLC', 'WiFi', 'eMBB' und 'IoT' vorgestellt, um die Anforderungen der verschiedenen drahtlosen Anwendungen widerzuspiegeln. Diese werden dann zur Evaluierung der die in dieser Arbeit vorgestellte Implementierung herangezogen. Drittens wird durch die Einführung einer generischen Testinfrastruktur die Einbeziehung externer Partner aus der Ferne ermöglicht. Das Testfeld kann hier für verschiedenste Experimente flexibel auf die Anforderungen drahtloser Technologien zugeschnitten werden. Mit Hilfe der Testinfrastruktur wird die Leistung des vorgestellten Transceivers hinsichtlich Latenz, erreichbarem Durchsatz und Paketfehlerraten bewertet. Die öffentliche Demonstration eines taktilen Internet-Prototypen, unter Verwendung von Roboterarmen in einer Mehrbenutzerumgebung, konnte erfolgreich durchgeführt und bei mehreren Gelegenheiten präsentiert werden.:List of figures List of tables Abbreviations Notations 1 Introduction 1.1 Wireless applications 1.2 Motivation 1.3 Software-Defined Radio 1.4 State of the art 1.5 Testbed 1.6 Summary 2 Background 2.1 System Model 2.2 PHY Layer Structure 2.3 Generalized Frequency Division Multiplexing 2.4 Wireless Standards 2.4.1 IEEE 802.15.4 2.4.2 802.11 WLAN 2.4.3 LTE 2.4.4 Low Latency Industrial Wireless Communications 2.4.5 Summary 3 Wireless Prototyping 3.1 Testbed Examples 3.1.1 PHY - focused Testbeds 3.1.2 MAC - focused Testbeds 3.1.3 Network - focused testbeds 3.1.4 Generic testbeds 3.2 Considerations 3.3 Use cases and Scenarios 3.4 Requirements 3.5 Methodology 3.6 Hardware Platform 3.6.1 Host 3.6.2 FPGA 3.6.3 Hybrid 3.6.4 ASIC 3.7 Software Platform 3.7.1 Testbed Management Frameworks 3.7.2 Development Frameworks 3.7.3 Software Implementations 3.8 Deployment 3.9 Discussion 3.10 Conclusion 4 Flexible Transceiver 4.1 Signal Processing Modules 4.1.1 MAC interface 4.1.2 Encoding and Mapping 4.1.3 Modem 4.1.4 Post modem processing 4.1.5 Synchronization 4.1.6 Channel Estimation and Equalization 4.1.7 Demapping 4.1.8 Flexible Configuration 4.2 Analysis 4.2.1 Numerical Precision 4.2.2 Spectral analysis 4.2.3 Latency 4.2.4 Resource Consumption 4.3 Discussion 4.3.1 Extension to MIMO 4.4 Summary 5 Testbed 5.1 Infrastructure 5.2 Automation 5.3 Software Defined Radio Platform 5.4 Radio Frequency Front-end 5.4.1 Sub 6 GHz front-end 5.4.2 26 GHz mmWave front-end 5.5 Performance evaluation 5.6 Summary 6 Experiments 6.1 Single Link 6.1.1 Infrastructure 6.1.2 Single Link Experiments 6.1.3 End-to-End 6.2 Multi-User 6.3 26 GHz mmWave experimentation 6.4 Summary 7 Key lessons 7.1 Limitations Experienced During Development 7.2 Prototyping Future 7.3 Open points 7.4 Workflow 7.5 Summary 8 Conclusions 8.1 Future Work 8.1.1 Prototyping Workflow 8.1.2 Flexible Transceiver Core 8.1.3 Experimental Data-sets 8.1.4 Evolved Access Point Prototype For Industrial Networks 8.1.5 Testbed Standardization A Additional Resources A.1 Fourier Transform Blocks A.2 Resource Consumption A.3 Channel Sounding using Chirp sequences A.3.1 SNR Estimation A.3.2 Channel Estimation A.4 Hardware part listThe demand to achieve higher data rates for the Enhanced Mobile Broadband scenario and novel fifth generation use cases like Ultra-Reliable Low-Latency and Massive Machine-type Communications drive researchers and engineers to consider new concepts and technologies for future wireless communication systems. The goal is to identify promising candidate technologies among a vast number of new ideas and to decide, which are suitable for implementation in future products. However, the challenges to achieve those demands are beyond the capabilities a single processing layer in a wireless network can offer. Therefore, several research domains have to collaboratively exploit research ideas. This thesis presents a platform to provide a base for future applied research on wireless networks. Firstly, by giving an overview of state-of-the-art prototypes and testbed solutions. Secondly by introducing a flexible, yet real-time physical layer signal processor running on a software defined radio platform. The processor enables reconfiguring important parameters of the physical layer during run-time in order to create a multitude of modern waveforms. Thirdly, by introducing a generic test infrastructure, which can be tailored to prototype diverse wireless technology and which is remotely accessible in order to invite new ideas by third parties. Using the test infrastructure, the performance of the flexible transceiver is evaluated regarding latency, achievable throughput and packet error rates.:List of figures List of tables Abbreviations Notations 1 Introduction 1.1 Wireless applications 1.2 Motivation 1.3 Software-Defined Radio 1.4 State of the art 1.5 Testbed 1.6 Summary 2 Background 2.1 System Model 2.2 PHY Layer Structure 2.3 Generalized Frequency Division Multiplexing 2.4 Wireless Standards 2.4.1 IEEE 802.15.4 2.4.2 802.11 WLAN 2.4.3 LTE 2.4.4 Low Latency Industrial Wireless Communications 2.4.5 Summary 3 Wireless Prototyping 3.1 Testbed Examples 3.1.1 PHY - focused Testbeds 3.1.2 MAC - focused Testbeds 3.1.3 Network - focused testbeds 3.1.4 Generic testbeds 3.2 Considerations 3.3 Use cases and Scenarios 3.4 Requirements 3.5 Methodology 3.6 Hardware Platform 3.6.1 Host 3.6.2 FPGA 3.6.3 Hybrid 3.6.4 ASIC 3.7 Software Platform 3.7.1 Testbed Management Frameworks 3.7.2 Development Frameworks 3.7.3 Software Implementations 3.8 Deployment 3.9 Discussion 3.10 Conclusion 4 Flexible Transceiver 4.1 Signal Processing Modules 4.1.1 MAC interface 4.1.2 Encoding and Mapping 4.1.3 Modem 4.1.4 Post modem processing 4.1.5 Synchronization 4.1.6 Channel Estimation and Equalization 4.1.7 Demapping 4.1.8 Flexible Configuration 4.2 Analysis 4.2.1 Numerical Precision 4.2.2 Spectral analysis 4.2.3 Latency 4.2.4 Resource Consumption 4.3 Discussion 4.3.1 Extension to MIMO 4.4 Summary 5 Testbed 5.1 Infrastructure 5.2 Automation 5.3 Software Defined Radio Platform 5.4 Radio Frequency Front-end 5.4.1 Sub 6 GHz front-end 5.4.2 26 GHz mmWave front-end 5.5 Performance evaluation 5.6 Summary 6 Experiments 6.1 Single Link 6.1.1 Infrastructure 6.1.2 Single Link Experiments 6.1.3 End-to-End 6.2 Multi-User 6.3 26 GHz mmWave experimentation 6.4 Summary 7 Key lessons 7.1 Limitations Experienced During Development 7.2 Prototyping Future 7.3 Open points 7.4 Workflow 7.5 Summary 8 Conclusions 8.1 Future Work 8.1.1 Prototyping Workflow 8.1.2 Flexible Transceiver Core 8.1.3 Experimental Data-sets 8.1.4 Evolved Access Point Prototype For Industrial Networks 8.1.5 Testbed Standardization A Additional Resources A.1 Fourier Transform Blocks A.2 Resource Consumption A.3 Channel Sounding using Chirp sequences A.3.1 SNR Estimation A.3.2 Channel Estimation A.4 Hardware part lis

IoT security and privacy assessment using software-defined radios

The Internet of Things (IoT) has seen exceptional adoption in recent years, resulting in an unprecedented level of connectivity in personal and industrial domains. In parallel, software-defined radio (SDR) technology has become increasingly powerful, making it a compelling tool for wireless security research across multiple communication protocols. Specifically, SDRs are capable of manipulating the physical layer of protocols in software, which would otherwise be implemented statically in hardware. This flexibility enables research that goes beyond the boundaries of protocol specifications. This dissertation pursues four research directions that are either enabled by software-defined radio technology, or advance its utility for security research. First, we investigate the anti-tracking mechanisms defined by the Bluetooth Low Energy (BLE) wireless protocol. This protocol, present in virtually all wearable smart devices, implements address randomization in order to prevent unwanted tracking of its users. By analyzing raw advertising data from BLE devices using SDRs, we identify a vulnerability that allows an attacker to track a BLE device beyond the address randomization defined by the protocol. Second, we implement a compact, SDR-based testbed for physical layer benchmarking of wireless devices. The testbed is capable of emulating multiple data transmissions and produce intentional signal corruption in very precisely defined ways in order to investigate receiver robustness and undefined device behavior in the presence of malformed packets. We subject a range of Wi-Fi and Zigbee devices to specifically crafted packet collisions and "truncated packets" as a way to fingerprinting wireless device chipsets. Third, we introduce a middleware framework, coined "Snout", to improves accessibility and usability of SDRs. The architecture provides standardized data pipelines as well as an abstraction layer to GNU Radio flowgraphs which power SDR signal processing. This abstraction layer improves usability and maintainability by providing a declarative experiment configuration format instead of requiring constant manipulation of the signal processing code during experimentation. We show that Snout does not result in significant computational overhead, and maintains a predictable and modest memory footprint. Finally, we address the visibility problem arising from the growing number of IoT protocols across large bands of radio spectrum. We model an SDR-based IoT monitor which is capable of scanning multiple channels (including across multiple protocols), and employs channel switching policies to maximize freshness of information obtained by transmitting devices. We present multiple policies and compare their performance against an optimal Markov Decision Process (MDP) model, as well as through event-based simulation using real-world device traffic. The results of this work demonstrate the use of SDR technology in privacy and security research of IoT device communication, and open up opportunities for further low-layer protocol discoveries that require the use of software-defined radio as a research tool

Telemedicine

Telemedicine is a rapidly evolving field as new technologies are implemented for example for the development of wireless sensors, quality data transmission. Using the Internet applications such as counseling, clinical consultation support and home care monitoring and management are more and more realized, which improves access to high level medical care in underserved areas. The 23 chapters of this book present manifold examples of telemedicine treating both theoretical and practical foundations and application scenarios

Honeypot for Wireless Sensor Networks

People have understood that computer systems need safeguarding and require knowledge of security principles for their protection. While this has led to solutions for system components such as malware-protection, firewalls and intrusion detection systems, the ubiquitous usage of tiny microcomputers appeared at the same time. A new interconnectivity is on the rise in our lives. Things become “smart” and increasingly build new networks of devices. In this context the wireless sensor networks here interact with users and also, vice versa as well; unprivileged users able to interact with the wireless sensor network may harm the privileged user as a result. The problem that needs to be solved consists of possible harm that may be caused by an unprivileged user interacting with the wireless sensor network of a privileged user and may come via an attack vector targeting a vul- nerability that may take as long as it is needed and the detection of such mal-behaviour can only be done if a sensing component is implemented as a kind of tool detecting the status of the attacked wireless sensor network component and monitors this problem happening as an event that needs to be researched further on. Innovation in attack detection comprehension is the key aspect of this work, because it was found to be a set of hitherto not combined aspects, mechanisms, drafts and sketches, lacking a central combined outcome. Therefore the contribution of this thesis consists in a span of topics starting with a summary of attacks, possible countermeasures and a sketch of the outcome to the design and implementation of a viable product, concluding in an outlook at possible further work. The chosen path for the work in this research was experimental prototype construction following an established research method that first highlights the analysis of attack vectors to the system component and then evaluates the possibilities in order to im- prove said method. This led to a concept well known in common large-scale computer science systems, called a honeypot. Its common definitions and setups were analy- sed and the concept translation to the wireless sensor network domain was evaluated. Then the prototype was designed and implemented. This was done by following the ap- proach set by the science of cybersecurity, which states that the results of experiments and prototypes lead to improving knowledge intentionally for re-use