Inside Job: Diagnosing Bluetooth Lower Layers Using Off-the-Shelf Devices

Bluetooth is among the dominant standards for wireless short-range communication with multi-billion Bluetooth devices shipped each year. Basic Bluetooth analysis inside consumer hardware such as smartphones can be accomplished observing the Host Controller Interface (HCI) between the operating system's driver and the Bluetooth chip. However, the HCI does not provide insights to tasks running inside a Bluetooth chip or Link Layer (LL) packets exchanged over the air. As of today, consumer hardware internal behavior can only be observed with external, and often expensive tools, that need to be present during initial device pairing. In this paper, we leverage standard smartphones for on-device Bluetooth analysis and reverse engineer a diagnostic protocol that resides inside Broadcom chips. Diagnostic features include sniffing lower layers such as LL for Classic Bluetooth and Bluetooth Low Energy (BLE), transmission and reception statistics, test mode, and memory peek and poke

Optimisation of Bluetooth wireless personal area networks

In recent years there has been a marked growth in the use of wireless cellular telephones, PCs and the Internet. This proliferation of information technology has hastened the advent of wireless networks which aim to increase the accessibility and reach of communications devices. Ambient Intelligence (Ami) is a vision of the future of computing in which all kinds of everyday objects will contain intelligence. To be effective, Ami requires Ubiquitous Computing and Communication, the latter being enabled by wireless networking. The IEEE's 802.11 task group has developed a series of radio based replacements for the familiar wired ethernet LAN. At the same time another IEEE standards task group, 802.15, together with a number of industry consortia, has introduced a new level of wireless networking based upon short range, ad-hoc connections. Currently, the most significant of these new Wireless Personal Area Network (WPAN) standards is Bluetooth, one of the first of the enabling technologies of Ami to be commercially available. Bluetooth operates in the internationally unlicensed Industrial, Scientific and Medical (ISM) band at 2.4 GHz. unfortunately, this spectrum is particularly crowded. It is also used by: WiFi (IEEE 802.11); a new WPAN standard called Zig- Bee; many types of simple devices such as garage door openers; and is polluted by unintentional radiators. The success of a radio specification for ubiquitous wireless communications is, therefore, dependant upon a robust tolerance to high levels of electromagnetic noise. This thesis addresses the optimisation of low power WPANs in this context, with particular reference to the physical layer radio specification of the Bluetooth system

Energy-Efficient Wireless Connectivity and Wireless Charging For Internet-of-Things (IoT) Applications

During the recent years, the Internet-of-Things (IoT) has been rapidly evolving. It is indeed the future of communication that has transformed Things of the real world into smarter devices. To date, the world has deployed billions of “smart” connected things. Predictions say there will be 10’s of billions of connected devices by 2025 and in our lifetime we will experience life with a trillion-node network. However, battery lifespan exhibits a critical barrier to scaling IoT devices. Replacing batteries on a trillion-sensor scale is a logistically prohibitive feat. Self-powered IoT devices seems to be the right direction to stand up to that challenge. The main objective of this thesis is to develop solutions to achieve energy-efficient wireless-connectivity and wireless-charging for IoT applications. In the first part of the thesis, I introduce ultra-low power radios that are compatible with the Bluetooth Low-Energy (BLE) standard. BLE is considered as the preeminent protocol for short-range communications that support transmission ranges up to 10’s of meters. Number of low power BLE transmitter (TX) and receiver (RX) architectures have been designed, fabricated and tested in different planar CMOS and FinFET technologies. The low power operation is achieved by combining low power techniques in both the network and physical layers, namely: backchannel communication, duty-cycling, open-loop transmission/reception, PLL-less architectures, and mixer-first architectures. Further novel techniques have been proposed to further reduce the power the consumption of the radio design, including: a fast startup time and low startup energy crystal oscillators, an antenna-chip co-design approach for quadrature generation in the RF path, an ultra-low power discrete-time differentiator-based Gaussian Frequency Shift Keying (GFSK) demodulation scheme, an oversampling GFSK modulation/demodulation scheme for open loop transmission/reception and packet synchronization, and a cell-based design approach that allows automation in the design of BLE digital architectures. The implemented BLE TXs transmit fully-compliant BLE advertising packet that can be received by commercial smartphone. In the second part of the thesis, I introduce passive nonlinear resonant circuits to achieve wide-band RF energy harvesting and robust wireless power transfer circuits. Nonlinear resonant circuits modeled by the Duffing nonlinear differential equation exhibit interesting hysteresis characteristics in their frequency and amplitude responses that are exploited in designing self-adaptive wireless charging systems. In the magnetic-resonance wireless power transfer scenario, coupled nonlinear resonators are proposed to maintain the power transfer level and efficiency over a range of coupling factors without active feedback control circuitry. Coupling factor depends on the transmission distance, lateral, and angular misalignments between the charging pad and the device. Therefore, nonlinear resonance extends the efficient charging zones of a wireless charger without the requirement for a precise alignment.PHDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/169842/1/omaratty_1.pd

Strategies for Devising Automatic Signal Recognition Algorithms in a Shared Radio Environment

In an increasingly congested and complex radio environment interference is to be expected, which poses problems for Automatic Signal Recognition (ASR) systems. This thesis explores strategies for improving ASR performance in the presence of interference. The thesis breaks the overall research question down into a number of subquestions and explores each of these in turn. A Phase-symmetric Cross Recurrence Plot is developed and used to show how a radio signal can be manipulated to separate information about the modulation from the information being carried. The Logarithmic Cyclic frequency Domain Profile is introduced to illustrate how a logarithmic representation can be used for analysing mixtures of signals with very different cyclic frequencies. After defining a canonical ASR system architecture, the concepts of an Ideal Feature and Interference Selectivity are introduced and applied to typical features used in ASR processing. Finally it is shown how these algorithmic developments can be combined in a Bayesian chain implementation that can accommodate a wide variety of feature extraction algorithms. It is concluded that future ASR systems will require features that can handle a wide range of signal types with much higher levels of interference selectivity if they are to achieve acceptable performance in shared spectrum bands. Intelligent segmentation is shown to be a requirement for future ASR systems unless features can be developed that have near ideal performance

Multi-gigabit CMOS analog-to-digital converter and mixed-signal demodulator for low-power millimeter-wave communication systems

The objective of the research is to develop high-speed ADCs and mixed-signal demodulator for multi-gigabit communication systems using millimeter-wave frequency bands in standard CMOS technology. With rapid advancements in semiconductor technologies, mobile communication devices have become more versatile, portable, and inexpensive over the last few decades. However, plagued by the short lifetime of batteries, low power consumption has become an extremely important specification in developing mobile communication devices. The ever-expanding demand of consumers to access and share information ubiquitously at faster speeds requires higher throughputs, increased signal-processing functionalities at lower power and lower costs. In today’s technology, high-speed signal processing and data converters are incorporated in almost all modern multi-gigabit communication systems. They are key enabling technologies for scalable digital design and implementation of baseband signal processors. Ultimately, the merits of a high performance mixed-signal receiver, such as data rate, sensitivity, signal dynamic range, bit-error rate, and power consumption, are directly related to the quality of the embedded ADCs. Therefore, this dissertation focuses on the analysis and design of high-speed ADCs and a novel broadband mixed-signal demodulator with a fully-integrated DSP composed of low-cost CMOS circuitry. The proposed system features a novel dual-mode solution to demodulate multi-gigabit BPSK and ASK signals. This approach reduces the resolution requirement of high-speed ADCs, while dramatically reducing its power consumption for multi-gigabit wireless communication systems.PhDGee-Kung Chang - Committee Chair; Chang-Ho Lee - Committee Member; Geoffrey Ye Li - Committee Member; Paul A. Kohl - Committee Member; Shyh-Chiang Shen - Committee Membe

Power-efficient current-mode analog circuits for highly integrated ultra low power wireless transceivers

In this thesis, current-mode low-voltage and low-power techniques have been applied to implement novel analog circuits for zero-IF receiver backend design, focusing on amplification, filtering and detection stages. The structure of the thesis follows a bottom-up scheme: basic techniques at device level for low voltage low power operation are proposed in the first place, followed by novel circuit topologies at cell level, and finally the achievement of new designs at system level. At device level the main contribution of this work is the employment of Floating-Gate (FG) and Quasi-Floating-Gate (QFG) transistors in order to reduce the power consumption. New current-mode basic topologies are proposed at cell level: current mirrors and current conveyors. Different topologies for low-power or high performance operation are shown, being these circuits the base for the system level designs. At system level, novel current-mode amplification, filtering and detection stages using the former mentioned basic cells are proposed. The presented current-mode filter makes use of companding techniques to achieve high dynamic range and very low power consumption with for a very wide tuning range. The amplification stage avoids gain bandwidth product achieving a constant bandwidth for different gain configurations using a non-linear active feedback network, which also makes possible to tune the bandwidth. Finally, the proposed current zero-crossing detector represents a very power efficient mixed signal detector for phase modulations. All these designs contribute to the design of very low power compact Zero-IF wireless receivers. The proposed circuits have been fabricated using a 0.5μm double-poly n-well CMOS technology, and the corresponding measurement results are provided and analyzed to validate their operation. On top of that, theoretical analysis has been done to fully explore the potential of the resulting circuits and systems in the scenario of low-power low-voltage applications.Programa Oficial de Doctorado en Tecnologías de las Comunicaciones (RD 1393/2007)Komunikazioen Teknologietako Doktoretza Programa Ofiziala (ED 1393/2007

Field Programmable Gate Arrays (FPGAs) II

This Edited Volume Field Programmable Gate Arrays (FPGAs) II is a collection of reviewed and relevant research chapters, offering a comprehensive overview of recent developments in the field of Computer and Information Science. The book comprises single chapters authored by various researchers and edited by an expert active in the Computer and Information Science research area. All chapters are complete in itself but united under a common research study topic. This publication aims at providing a thorough overview of the latest research efforts by international authors on Computer and Information Science, and open new possible research paths for further novel developments

Ultra Low Power FM-UWB Transceiver for High-Density Wireless Sensor Networks

The WiseSkin project aims to provide a non-invasive solution for restoration of a natural sense of touch to persons using prosthetic limbs. By embedding sensor nodes into the silicone coating of the prosthesis, which acts as a sensory skin, WiseSkin targets to provide improved gripping, manipulation and mobility for amputees. Flexibility, freedom of movement and comfort demand unobtrusive, highly miniaturized, low-power sensing capabilities built into the artificial skin, which is then integrated with a sensory feedback system. Wireless communication between the sensor nodes provides more flexibility, better scalability and robustness compared to wired solution, and is therefore a preferred approach for WiseSkin. Design of an RF transceiver tailored for the specific needs of WiseSkin is the topic of this work. The properties of FM ultra-wide band (FM-UWB) modulation make it a good candidate for High-Density Wireless Sensor Networks (HD-WSN). The proposed FM-UWB receivers take advantage of short range to reduce power consumption, and exploit robustness of this wideband modulation scheme. The LNA, identified as the biggest consumer, is removed and signal is directly converted to dc, where amplification and demodulation are performed. Owing to 500 MHz bandwidth, frequency offset and phase noise can be tolerated, and a low-power, free-running ring oscillator can be used to generate the LO signal. The receiver is referred to as an approximate zero-IF receiver. Two receiver architectures are studied. The first one performs quadrature downconversion, and owing to the demodulator linearity, provides the multi-user capability. In the second receiver, quadrature demodulation is replaced by the single-ended one. Due to the nature of the demodulator, sensitivity degrades, and multiple FM-UWB signals cannot be resolved, but the consumption is almost halved compared to the first receiver. The proposed approach is verified through two integrations, both in a standard 65 nm bulk CMOS process. In the first run, a standalone quadrature receiver was integrated. Power consumption of 423 uW was measured, while achieving -70 dBm sensitivity. Good narrow-band interference rejection and multiuser capability with up to 4 FM-UWB channels could be achieved. In the second run, a full transceiver is integrated, with both quadrature and single-ended receivers and a transmitter, all sharing a single IO pad, without the need for any external passive components or switches. The quadrature receiver, with on-chip baseband processing and multi-user support, in this case consumes 550 uW, with a sesensitivity of -68 dBm. The low power receiver consumes 267 uW, and provides -57 dBm sensitivity, at a single FM-UWB channel. The implemented trantransmitter transmits a 100 kb/s FM-UWB signal at -11.4 dBm, while drawing 583 uW from the 1 V supply. The on-chip clock recovery allows reference frequency offset up to 8000 ppm. Since state of the art on-chip RC oscillators can provide below 2100 ppm across the temperature range of interest, the implemented transceiver demonstrates the feasibility of a fully integrated FM-UWB radio with no need for a quartz reference or any external components. In addition, the transceiver can tolerate up to 3 dBm narrow-band interferer at 2.4 GHz. Such a strong signal can be used to remotely power the sensor nodes inside the artificial skin and enable a truly wirelessWiseSkin solution

Low power receivers for wireless sensor networks

Wireless sensor networks are becoming important in several monitoring and sensing applications. Ultra low power consumption in the sensor nodes is important for extending the battery life of the nodes. In this dissertation, two low power BFSK receiver architectures are proposed and verified with prototype implementations in silicion. A 2.4 GHz 1 Mb/s polyphase filter (PPF) BFSK receiver demonstrates ±180 ppm frequency offset tolerance (FOT) and 40 dB adjacent channel rejection (ACR) at a modulation index (MI) of 2, with a power consumption of 1.9 mW. High FOT at low MI is achieved by a frequency-to-energy conversion architecture using PPFs without any frequency correction. The proposed hybrid topology of the PPF provides an improved ACR at reduced power. To further improve the energy efficiency, a low energy 900 MHz mixer-less BFSK receiver is designed. High gain frequency-to-amplitude conversion and better sensitivity is achieved by a linear amplifier with Q-enhanced LC tank, eliminating the need for local oscillators and mixers. With a power consumption of 500 μW, the receiver achieves sensitivities of -90 dBm and -76 dBm for data rates of 0.5 Mb/s and 6 Mb/s, respectively. The energy efficiency is 80 pJ/b when operating at 6 Mb/s

Wireless wire - ultra-low-power and high-data-rate wireless communication systems

With the rapid development of communication technologies, wireless personal-area communication systems gain momentum and become increasingly important. When the market gets gradually saturated and the technology becomes much more mature, new demands on higher throughput push the wireless communication further into the high-frequency and high-data-rate direction. For example, in the IEEE 802.15.3c standard, a 60-GHz physical layer is specified, which occupies the unlicensed 57 to 64 GHz band and supports gigabit links for applications such as wireless downloading and data streaming. Along with the progress, however, both wireless protocols and physical systems and devices start to become very complex. Due to the limited cut-off frequency of the technology and high parasitic and noise levels at high frequency bands, the power consumption of these systems, especially of the RF front-ends, increases significantly. The reason behind this is that RF performance does not scale with technology at the same rate as digital baseband circuits. Based on the challenges encountered, the wireless-wire system is proposed for the millimeter wave high-data-rate communication. In this system, beamsteering directional communication front-ends are used, which confine the RF power within a narrow beam and increase the level of the equivalent isotropic radiation power by a factor equal to the number of antenna elements. Since extra gain is obtained from the antenna beamsteering, less front-end gain is required, which will reduce the power consumption accordingly. Besides, the narrow beam also reduces the interference level to other nodes. In order to minimize the system average power consumption, an ultra-low power asynchronous duty-cycled wake-up receiver is added to listen to the channel and control the communication modes. The main receiver is switched on by the wake-up receiver only when the communication is identified while in other cases it will always be in sleep mode with virtually no power consumed. Before transmitting the payload, the event-triggered transmitter will send a wake-up beacon to the wake-up receiver. As long as the wake-up beacon is longer than one cycle of the wake-up receiver, it can be captured and identified. Furthermore, by adopting a frequency-sweeping injection locking oscillator, the wake-up receiver is able to achieve good sensitivity, low latency and wide bandwidth simultaneously. In this way, high-data-rate communication can be achieved with ultra-low average power consumption. System power optimization is achieved by optimizing the antenna number, data rate, modulation scheme, transceiver architecture, and transceiver circuitries with regards to particular application scenarios. Cross-layer power optimization is performed as well. In order to verify the most critical elements of this new approach, a W-band injection-locked oscillator and the wake-up receiver have been designed and implemented in standard TSMC 65-nm CMOS technology. It can be seen from the measurement results that the wake-up receiver is able to achieve about -60 dBm sensitivity, 10 mW peak power consumption and 8.5 µs worst-case latency simultaneously. When applying a duty-cycling scheme, the average power of the wake-up receiver becomes lower than 10 µW if the event frequency is 1000 times/day, which matches battery-based or energy harvesting-based wireless applications. A 4-path phased-array main receiver is simulated working with 1 Gbps data rate and on-off-keying modulation. The average power consumption is 10 µW with 10 Gb communication data per day