Experimental Characterization of System Parameters for Ranging in IEEE 802.15.4a using Energy Detectors

The IEEE 802.15.4a standard for impulse radio ultrawide band (IR-UWB) communication systems defines a ranging scheme which relies on the measurement of the round-trip propagation time of electromagnetic pulses. Accuracy is strongly dependent on the estimation of the timeof-arrival (TOA) of the pulse that is spread in time due to multipath propagation. The major concern therefore is the proper detection of the leading edge. In this work, the ranging capabilities of the standard are analyzed for an energy detector receiver. Emphasis is put on the influence of transmitter and receiver parameters, which are evaluated for a set of measured scenarios. It is shown that sub-meter ranging accuracy can be achieved with fixed parameter settings

Synchronization for Impulse-Radio UWB With Energy-Detection and Multi-User Interference: Algorithms and Application to IEEE 802.15.4a

Energy-detection (ED) receivers can take advantage of the ranging and multipath resistance capabilities of impulse-radio ultra-wideband (IR-UWB) physical layers at a much lower complexity than coherent receivers. However, ED receivers are extremely vulnerable to multi-user interference (MUI). Therefore, the design of IR-UWB ED architectures must take MUI into account. In this paper, we present the design and evaluation of two complementary algorithms for reliable and robust synchronization of IR-UWB ED receivers in the presence of MUI: 1) power-independent detection and preamble code interference cancellation (PICNIC) and 2) detection of start-frame-delimiter through sequential ratio tests (DESSERT). PICNIC addresses packet detection and timing acquisition while DESSERT focuses on start-frame-delimiter (SFD) detection. Both algorithms are evaluated with the IEEE 802.15.4a IR-UWB physical layer, standardized for low data-rate networks. The performance evaluation with extensive simulations show that our algorithms outperform nonrobust synchronization algorithms by up to two orders of magnitude in the presence of MUI

Performance Evaluation of an IEEE 802.15.4a Physical Layer with Energy Detection and Multi-User Interference

We evaluate the performance of an IEEE 802.15.4a ultra-wide band (UWB) physical layer, with an energy-detection receiver, in the presence of multi-user interference (MUI). A complete packet based system is considered. We take into account packet detection and timing acquisition, the estimation of the power delay profile of the channel, and the recovery of the encoded payload. Energy detectors are known to have a low implementation complexity and to allow for avoiding the complex channel estimation needed by a Rake receiver. However, our results show that MUI severely degrades the performance of the energy detection receiver, even at low traffic rate. We demonstrate that using an IEEE 802.15.4a compliant energy detection receiver significantly diminishes one of the most appealing benefits of UWB, namely its robustness to MUI and thus the possibility to allow parallel transmissions. We further find that timing acquisition and data decoding both equally suffer from MUI

On Secure and Precise IR-UWB Ranging

To provide high ranging precision in multipath environments, a ranging protocol should find the first arriving path, rather than the strongest path. We demonstrate a new attack vector that disrupts such precise Time-of-Arrival (ToA) estimation, and allows an adversary to decrease the measured distance by a value in the order of the channel spread (10-20 meters). This attack vector can be used in previously reported physical-communication-layer (PHY) attacks against secure ranging (or distance bounding). Furthermore, it creates a new type of attack based on malicious interference: This attack is much easier to mount than the previously known external PHY attack (distance-decreasing relay) and it can work even if secret preamble codes are used. We evaluate the effectiveness of this attack for a PHY that is particularly well suited for precise ranging in multipath environments: Impulse Radio Ultra-Wideband (IR-UWB). We show, with PHY simulations and experiments, that the attack is effective against a variety of receivers and modulation schemes. Furthermore, we identify and evaluate three types of countermeasures that allow for precise and secure ranging

Secure Neighbor Discovery and Ranging in Wireless Networks

This thesis addresses the security of two fundamental elements of wireless networking: neighbor discovery and ranging. Neighbor discovery consists in discovering devices available for direct communication or in physical proximity. Ranging, or distance bounding, consists in measuring the distance between devices, or providing an upper bound on this distance. Both elements serve as building blocks for a variety of services and applications, notably routing, physical access control, tracking and localization. However, the open nature of wireless networks makes it easy to abuse neighbor discovery and ranging, and thereby compromise overlying services and applications. To prevent this, numerous works proposed protocols that secure these building blocks. But two aspects crucial for the security of such protocols have received relatively little attention: formal verification and attacks on the physical-communication-layer. They are precisely the focus of this thesis. In the first part of the thesis, we contribute a formal analysis of secure communication neighbor discovery protocols. We build a formal model that captures salient characteristics of wireless systems such as node location, message propagation time and link variability, and we provide a specification of secure communication neighbor discovery. Then, we derive an impossibility result for a general class of protocols we term "time-based protocols", stating that no such protocol can provide secure communication neighbor discovery. We also identify the conditions under which the impossibility result is lifted. We then prove that specific protocols in the time-based class (under additional conditions) and specific protocols in a class we term "time- and location-based protocols," satisfy the neighbor discovery specification. We reinforce these results by mechanizing the model and the proofs in the theorem prover Isabelle. In the second part of the thesis, we explore physical-communication-layer attacks that can seemingly decrease the message arrival time without modifying its content. Thus, they can circumvent time-based neighbor discovery protocols and distance bounding protocols. (Indeed, they violate the assumptions necessary to prove protocol correctness in the first part of the thesis.) We focus on Impulse Radio Ultra-Wideband, a physical layer technology particularly well suited for implementing distance bounding, thanks to its ability to perform accurate indoor ranging. First, we adapt physical layer attacks reported in prior work to IEEE 802.15.4a, the de facto standard for Impulse Radio, and evaluate their performance. We show that an adversary can achieve a distance-decrease of up to hundreds of meters with an arbitrarily high probability of success, with only a minor cost in terms of transmission power (few dB). Next, we demonstrate a new attack vector that disrupts time-of-arrival estimation algorithms, in particular those designed to be precise. The distance-decrease achievable by this attack vector is in the order of the channel spread (order of 10 meters in indoor environments). This attack vector can be used in previously reported physical layer attacks, but it also creates a new type of external attack based on malicious interference. We demonstrate that variants of the malicious interference attack are much easier to mount than the previously reported external attack. We also provide design guidelines for modulation schemes and devise receiver algorithms that mitigate physical layer attacks. These countermeasures allow the system designer to trade off security, ranging precision and cost in terms of transmission power and packet length

Interference management in impulse-radio ultra-wide band networks

We consider networks of impulse-radio ultra-wide band (IR-UWB) devices. We are interested in the architecture, design, and performance evaluation of these networks in a low data-rate, self-organized, and multi-hop setting. IR-UWB is a potential physical layer for sensor networks and emerging pervasive wireless networks. These networks are likely to have no particular infrastructure, might have nodes embedded in everyday life objects and have a size ranging from a few dozen nodes to large-scale networks composed of hundreds of nodes. Their average data-rate is low, on the order of a few megabits per second. IR-UWB physical layers are attractive for these networks because they potentially combine low-power consumption, robustness to multipath fading and to interference, and location/ranging capability. The features of an IR-UWB physical layer greatly differ from the features of the narrow-band physical layers used in existing wireless networks. First, the bandwidth of an IR-UWB physical layer is at least 500 MHz, which is easily two orders of magnitude larger than the bandwidth used by a typical narrow-band physical layer. Second, this large bandwidth implies stringent radio spectrum regulations because UWB systems might occupy a portion of the spectrum that is already in use. Consequently, UWB systems exhibit extremely low power spectral densities. Finally IR-UWB physical layers offer multi-channel capabilities for multiple and concurrent access to the physical layer. Hence, the architecture and design of IR-UWB networks are likely to differ significantly from narrow-band wireless networks. For the network to operate efficiently, it must be designed and implemented to take into account the features of IR-UWB and to take advantage of them. In this thesis, we focus on both the medium access control (MAC) layer and the physical layer. Our main objectives are to understand and determine (1) the architecture and design principles of IR-UWB networks, and (2) how to implement them in practical schemes. In the first part of this thesis, we explore the design space of IR-UWB networks and analyze the fundamental design choices. We show that interference from concurrent transmissions should not be prevented as in protocols that use mutual exclusion (for instance, IEEE 802.11). Instead, interference must be managed with rate adaptation, and an interference mitigation scheme should be used at the physical layer. Power control is useless. Based on these findings, we develop a practical PHY-aware MAC protocol that takes into account the specific nature of IR-UWB and that is able to adapt its rate to interference. We evaluate the performance obtained with this design: It clearly outperforms traditional designs that, instead, use mutual exclusion or power control. One crucial aspect of IR-UWB networks is packet detection and timing acquisition. In this context, a network design choice is whether to use a common or private acquisition preamble for timing acquisition. Therefore, we evaluate how this network design issue affects the network throughput. Our analysis shows that a private acquisition preamble yields a tremendous increase in throughput, compared with a common acquisition preamble. In addition, simulations on multi-hop topologies with TCP flows demonstrate that a network using private acquisition preambles has a stable throughput. On the contrary, using a common acquisition preamble exhibits an effect similar to exposed terminal issues in 802.11 networks: the throughput is severely degraded and flow starvation might occur. In the second part of this thesis, we are interested in IEEE 802.15.4a, a standard for low data-rate, low complexity networks that employs an IR-UWB physical layer. Due to its low complexity, energy detection is appealing for the implementation of practical receivers. But it is less robust to multi-user interference (MUI) than a coherent receiver. Hence, we evaluate the performance of an IEEE 802.15.4a physical layer with an energy detection receiver to find out whether a satisfactory performance is still obtained. Our results show that MUI severely degrades the performance in this case. The energy detection receiver significantly diminishes one of the most appealing benefits of UWB, specifically its robustness to MUI and thus the possibility of allowing for parallel transmissions. This performance analysis leads to the development of an IR-UWB receiver architecture, based on energy detection, that is robust to MUI and adapted to the peculiarities of IEEE 802.15.4a. This architecture greatly improves the performance and entails only a moderate increase in complexity. Finally, we present the architecture of an IR-UWB physical layer implementation in ns-2, a well-known network simulator. This architecture is generic and allows for the simulation of several multiple-access physical layers. In addition, it comprises a model of packet detection and timing acquisition. Network simulators also need to have efficient algorithms to accurately compute bit or packet error rates. Hence, we present a fast algorithm to compute the bit error rate of an IR-UWB physical layer in a network setting with MUI. It is based on a novel combination of large deviation theory and importance sampling

Efficient complementary sequences-based architectures and their application to ranging measurements

Premio Extraordinario de Doctorado de la UAH en 2015En las últimas décadas, los sistemas de medición de distancias se han beneficiado de los avances en el área de las comunicaciones inalámbricas. En los sistemas basados en CDMA (Code-Division Multiple-Access), las propiedades de correlación de las secuencias empleadas juegan un papel fundamental en el desarrollo de dispositivos de medición de altas prestaciones. Debido a las sumas ideales de correlaciones aperiódicas, los conjuntos de secuencias complementarias, CSS (Complementary Sets of Sequences), son ampliamente utilizados en sistemas CDMA. En ellos, es deseable el uso de arquitecturas eficientes que permitan generar y correlar CSS del mayor número de secuencias y longitudes posibles. Por el término eficiente se hace referencia a aquellas arquitecturas que requieren menos operaciones por muestra de entrada que con una arquitectura directa. Esta tesis contribuye al desarrollo de arquitecturas eficientes de generación/correlación de CSS y derivadas, como son las secuencias LS (Loosely Synchronized) y GPC (Generalized Pairwise Complementary), que permitan aumentar el número de longitudes y/o de secuencias disponibles. Las contribuciones de la tesis pueden dividirse en dos bloques: En primer lugar, las arquitecturas eficientes de generación/correlación para CSS binarios, derivadas en trabajos previos, son generalizadas al alfabeto multinivel (secuencias con valores reales) mediante el uso de matrices de Hadamard multinivel. Este planteamiento tiene dos ventajas: por un lado el aumento del número de longitudes que pueden generarse/correlarse y la eliminación de las limitaciones de las arquitecturas previas en el número de secuencias en el conjunto. Por otro lado, bajo ciertas condiciones, los parámetros de las arquitecturas generalizadas pueden ajustarse para generar/correlar eficientemente CSS binarios de mayor número de longitudes que con las arquitecturas eficientes previas. En segundo lugar, las arquitecturas propuestas son usadas para el desarrollo de nuevos algoritmos de generación/correlación de secuencias derivadas de CSS que reducen el número de operaciones por muestra de entrada. Finalmente, se presenta la aplicación de las secuencias estudiadas en un nuevo sistema de posicionamiento local basado en Ultra-Wideband y en un sistema de posicionamiento local basado en ultrasonidos

Design of tch-type sequences for communications

This thesis deals with the design of a class of cyclic codes inspired by TCH codewords. Since TCH codes are linked to finite fields the fundamental concepts and facts about abstract algebra, namely group theory and number theory, constitute the first part of the thesis. By exploring group geometric properties and identifying an equivalence between some operations on codes and the symmetries of the dihedral group we were able to simplify the generation of codewords thus saving on the necessary number of computations. Moreover, we also presented an algebraic method to obtain binary generalized TCH codewords of length N = 2k, k = 1,2, . . . , 16. By exploring Zech logarithm’s properties as well as a group theoretic isomorphism we developed a method that is both faster and less complex than what was proposed before. In addition, it is valid for all relevant cases relating the codeword length N and not only those resulting from N = p

Wireless Positioning Applications in Multipath Environments

Funklokalisierung in der Umgebung mit der Mehrwegeausbreitung In den vergangenen Jahren wurde zunehmend Forschung im Bereich drahtlose Sensornetzwerk (engl. „Wireless Sensor Network“) betrieben. Lokalisierung im Innenraum ist ein vielversprechendes Forschungsthema, das in den Literaturen vielfältig diskutiert wird. Jedoch berücksichtigen die meisten Arbeiten einen wichtigen Faktor nicht, nämlich die Mehrwegeausbreitung, welche die Genauigkeit der Lokalisierung beeinflusst. Diese Arbeit bezieht sich auf Lokalisierungsanwendungen in UWB (Ultra-Breitband-Technologie)- und WLAN (drahtloses lokales Netzwerk)- Systemen im Fall von Mehrwegeausbreitung. Zur Steigerung der Robustheit der Lokalisierungsanwendungen bei Mehrwegeausbreitung wurden neuartige Lokalisierungsalgorithmen, die auf der Auswertung der Ankunftszeit (engl. „Time of Arrival“, ToA), der empfangenen Signalstärke (engl. „Received Signal Strength“, RSS) und dem Einfallswinkel (engl. „Angle of Arrival“, AoA) basieren, vorgestellt und untersucht. Bei Mehrwegeausbreitung ist die Fragen den direkten Pfad zu lösen, da der direkte Pfad (engl. „Direct Path“, DP) schwächer als anderer Pfad sein kann. In dieser Arbeit werden daher neuartige Algorithmen zur Flankendetektion der empfangenen Signale für UWB Systeme entwickelt, um die Positionsbestimmung zu verbessern: Es gibt die kooperative Flankendetektion (engl. „Joint Leading Edge Detection“, JLED), die erweiterte maximalwahrscheinlichkeitbasierte Kanalschätzung (engl. „Improved Maximum Likelihood Channel Estimation“, IMLCE) und die Flankendetektion mit untervektorraumbasiertem Verfahren (engl. „Subspace based Approaches“, SbA). Bei der kooperativen Flankendetektion werden zwei Kriterien herangezogen nämlich die minimale Fläche und das minimale mittlere Quadrat des Schätzfehlers (engl. „Minimum Mean Squared Error“, MMSE). Weiterhin wird ein monopulsbasierter Kanalschätzer (engl. „Monopulse based Channel Estimator“, MCE) entwickelt, um die möglicherweise falsche Kombinationen der Flanken (engl. „Leading Edge Combination“, LEC) auszuschließen. Zudem wird in der Arbeit der erweiterte MLCE vorgestellt, der aus einem groben und einem genauen Schätzungsschritt besteht. Bei dem neuartigen untervektorraumbasierten Verfahren werden ein statischer und ein Schwundkanal untersucht. Im ersten Fall wird die Kombination der Rückwärtssuchalgorithmus mit untervektorraumbasierten Verfahren untersucht. Zudem wird im zweiten Fall ein untervektorraumbasierte Verfahren im Frequenzbereich vorgestellt. Für die RSS-basierte Lokalisierung wird ein Fingerabdruckverfahren (engl. „Fingerprint Approach“) und ein neuartiger Entfernungsschätzer basierend auf der Kanalenergie entwickelt und implementiert. Schließlich wird in der Arbeit ein Lokalisierungssystem mit Winkelschätzern inklusive einer entsprechenden Kalibrierung auf einer 802.11a/g Hardwareplattform vorgestellt. Dazu wird ein neuartiger Trägerschätzer und Kanalschätzer entwickelt.In the past several years there has been more growing research on Wireless Sensor Network (WSN). The indoor localization is a promising research topic, which is discussed variously in some literatures. However, the most work does not consider an important factor, i.e. the multi-path propagation, which affects the accuracy of the indoor localization. This work dealt with the indoor localization applied in UWB (Ultra Wide Band) and WLAN (Wireless Local Area Network) systems in the case of multi-path propagation. To improve the robustness of the applications of localization in the case of multi-path propagation, novel localization algorithms based on the evaluation of the Time of Arrival (ToA), the Received Signal Strength (RSS) and the Angle of Arrival (AoA) were proposed and investigated. In the ToA based localization systems, the detection of shortest signal propagation time plays a critical role. In the case of multi-path propagation, the Direct Path (DP) needs to be resolved because the DP may be weaker than Multi Path Components (MPC). Thus the novel algorithms for leading edge detection were developed in this work in order to improve the accuracy of localization, namely Joint Leading Edge Detection (JLED), Improved Maximum Likelihood Channel Estimation (IMLCE) and the leading edge detection with Subspace based Approaches (SbA). Two criteria were proposed and referenced for the JLED, namely Minimum Area (MA) and Minimum Mean Squared Error (MMSE). Furthermore, a monocycle-based channel estimator was developed to mitigate the fake LECs (Leading Edge Combination). The estimation error of JLED was theoretically analyzed and simulated for evaluation of the estimator. IMLCE consists of a coarse and a fine estimation step. The coarse position of the first correlation peak shall be found with the Search Back Algorithms (SBA), which is followed by MLCE-algorithms. The novel SbA was investigated in a static and a fading channel. In the former case, the iterative algorithm, which combines SbA with SBA, was investigated. In the latter case, the FD-SbA (Frequency Domain - SbA) was proposed, which requires to calculate the covariance matrix in the FD. For the RSS based localization, fingerprint approach and the novel channel energy based distance estimator were investigated and developed in this dissertation. Finally, a localization system using AoA estimation and the initial calibration was presented on an 802.11a/g hardware platform. A novel Carrier Frequency Offset (CFO) estimator and channel estimator were investigated and developed. The measurement campaigns were made for one, two and four fixed stations, respectivel

Emerging Communication Technologies (ECT) Phase 2 Report

The Emerging Communication Technology (ECT) project investigated three First Mile communication technologies in support of NASA s Second Generation Reusable Launch Vehicle (2nd Gen RLV), Orbital Space Plane, Advanced Range Technology Working Group (ARTWG) and the Advanced Spaceport Technology Working Group (ASTWG). These First Mile technologies have the purpose of interconnecting mobile users with existing Range Communication infrastructures. ECT was a continuation of the Range Information System Management (RISM) task started in 2002. RISM identified the three advance communication technologies investigated under ECT. These were Wireless Ethernet (Wi-Fi), Free Space Optics (FSO), and Ultra Wideband (UWB). Due to the report s size, it has been broken into three volumes: 1) Main Report 2) Appendices 3) UWB