side, an NI RF front-end will be utilized to collect raw IF samples. ...... USRP N210 is a powerful flexible Software Radio Peripheral used to develop and ...
DEVELOPMENT OF ANTI-JAMMING RECEIVER ALGORITHM FOR GNSS
A thesis submitted to the Institute of Space Technology in partial fulfillment of the requirements for the degree of Master of Science in Aerospace Engineering
by Nisar Ahmed
Supervisor Dr. Umar Iqbal Bhatti
DEPARTMENT OF AERONAUTIC ASTRONAUTIC INSTITUTE OF SPACE TECHNOLOGY, ISLAMABAD 2017
i
Institute of Space Technology Department of Aeronautics & Astronautics
DEVELOPMENT OF ANTI-JAMMING RECEIVER ALGORITHM
By Nisar Ahmad
APPROVAL BY BOARD OF EXAMINERS
Supervisor: ____________________ Dr. Najam Abbas Naqvi
Internal Examiner: ____________________ Dr.Umer Iqbal Bhatti
Asst. Professor
Asst. Professor
Dpt. of Aeronautics and Astronautics
Dpt. of Aeronautics and Astronautics
IST, Islamabad
IST, Islamabad
External Examiner: _________________
Dr. Muhammad Ushaq NESCOM, Islamabad
ii
Copyright@2016 This document is jointly copyrighted by the author and Institute of Space Technology (IST). Both IST and the author can use, publish or reproduce this document in any form. Under the copyright law no part of this document can be reproduced by anyone, except the copyright holders, without the permission of the author.
iii
Certificate
iv
ACKNOWLEDGEMENTS
I would like to thanks Almighty ALLAH for His countless blessings for giving me wisdom and guidance in completing my research work and I acknowledge all the support/ guidance I have received during my research work and express my most sincere gratitude to my thesis supervisor: Dr. Najam Abbas Naqvi, who was always forthcoming in making my thesis a success. I also acknowledge the personnel and keen interest of Dr. Najam Abbas Naqvi in my experimental readings/ work due to which my analysis on the thesis was fruitful.
A special thanks to Dr. Muhammad Ushaq for giving his valuable inputs and suggestions during my course of work. Without the guidance and inspiration of Dr Umer Iqbal (NDC, Islamabad) I would not have achieve success in my thesis.
And finally I would like to thank my parents, wife and my son (Shaheer) who always supported me during my studies and research work. And my appreciation to my colleagues who were always with me through thick and thin.
v
Abstract GPS dependent positioning, navigation and tuning synchronization procedure have a significant impact on our daily life Therefore such a widely used system increasingly become an attractive target for illicit exploitation by terrorist and hackers for various motives. We use Global Positioning System (GPS) to find out our location over the globe. GPS provide very easiness to move from one place to another place or to transport something across the world. But GPS signals are very weak at receiver side due to large distance from transmitter. Therefore it is very easy to block or jam GPS signals. So Jamming and Anti-Jamming become very important topic for research within the GPS as well as for other Global Navigation Satellite Services (GNSS). This paper provides Anti-Jamming technique using Software Define Receiver (SDR). Due to rapid developments in SDR technology, the implementation of Jamming and Anti-Jamming has become more feasible, flexible and less costly. In this paper we have used recorded GPS L1 signals. The recorded data is corrupted by introduction of Guassian noise of varying SNR and fed into the receiver. Results are provided that show the limit of antijamming capability of the correlators of the receiver.
vi
Table of Contents Sr No. Title
Page No.
Title
i
Approval
ii
Copyright
iii
Certificate
iv
Acknowledgement
v
Abstract
vi
Table of Contents
vii
List of figures
x
List of Tables
xii
List of Abbreviations
xiv CHAPTER # 1 INTRODUCTION
1.1
General Description
1
1.2
GNSS-R Background
1
1.3
Previous Research Work
2
1.4.
Motivation
2
1.5.
Research Question
3
1.6
Problem Statement
3
1.7.
Thesis Structure
3
CHAPTER # 2 GLOBAL NAVIGATION SATELLITE SYSTEM 2.1
GNSS Overview
4
2.2
GPS System
5
2.3
Structure of the Global Positioning System
6
2.3.1 GPS Architecture 2.3.2 GPS Signals 2.3.3 Code Observations 2.3.4 Carrier Phase Observations 2.5
Error Sources
18
2.5.1 Satellite Based Errors 2.5.2 Signal Propagation Errors 2.5.3 Receiver Based Errors
2.7
Conclusion vii
viii
List of Figures Figure No.
Figure Caption
Page No.
2.1
Prasad and Ruggieri, 2005
6
2.2
GPS Constellation
7
2.3
Artist‟s impression of GPS IIR-M satellite
8
2.4
The elements of the GPS Operational Control Segment and their functions
8
2.5
Fundamental components of GPS
10
2.6
Infrastructure of Galileo system
16
2.7
Soft X-ray images of solar cycle, based on Yohkoh observations ranging
25
2.8
Global TEC map
25
2.9
Different types of multipath affecting GPS observations
30
2.10
Multipath geometry for horizontal reflector (top figure) and vertical reflector
31
2.11
Cross-correlation function for C/A code affected by multipath caused
33
positive range error 2.12
GPS Point Positioning concept
35
2.13
The principal of GPS Relative Positioning [adapted from (Raziq, 2008)
38
3.1
Oscillations of high-rise building under the action of dynamic load
48
3.2
A detailed model of a high-rise building together with its surroundings
50
3.3
Increase of static loads down the height of structure and subsequently
51
transferred to the foundation 3.4
The most famous leaning towers of Italy
52
3.5
Examples of damped harmonic oscillations with different damping ratio
`
53
3.6
Values of damping provided by a Japanese database measured at significant
54
response levels in windstorms and earthquakes as a function of structural type and height [adapted from Willford 3.7
Natural modes of a uniform five-story building (adapted from Chopra, 2001)
58
3.8
The average height of the tallest 100 buildings in the world
64
3.9
Hundred tallest buildings in the world by the region
64
3.10
Accelerometer types [adapted from Honeywell International Inc
65
3.11
A propeller-type anemometer
66
ix
List of Tables Table No.
Table Caption
Page No.
2.1
Summary of GPS Error Sources
19
2.2
IGS and broadcast orbits accuracies
21
2.3
IGS and broadcast satellite clocks accuracies
22
[retrieved from www.igscb.jpl.nasa.gov in February 2011] 3.1
Characteristics of natural oscillations for the tallest buildings of the world 56-57
3.2
First three modes for six building models
x
59
List of Abbreviations AFB
Air Force Base
AM
Amplitude Modulation
AMSA
Australian Maritime Safety Authority
CDMA
Code Division Multiple Access
CNSS
Compass Navigation Satellite System
DAF
Dynamic Amplification Factor
DD
Double Difference
DGPS
Differential GPS
DLL
Delay Lock Loop
DOF
Degrees of Freedom
DOP
Dilution of Precision
EC
European Commission
ECEF
Earth Centered Earth Fixed
ELS
Early-Late Slope
EUPOS
European Positioning
FM
Frequency Modulation
FOC
Full Operational Capability
GLONASS
Global Navigation Satellite System
GNSS
Global Navigation Satellite Systems
GPS
Global Positioning System
IBC
International Building Code
IERS
International Earth Rotation Service
IGS
International GNSS Service
IRNSS
Indian Regional Navigation Satellite System
ITRF
International Terrestrial Reference Frame
MCS
Master Control Station
MEDLL
Multipath-Estimating Delay-Lock Loop
MMT
Multipath Mitigation Technology
NAVSTAR GPS
Navigation Signal Timing And Ranging Global Positioning System xi
NGA
National Geospatial-Intelligence Agency
NNSS
Navy Navigation Satellite System
OCS
Operational Control Segment
OTF
On-The-Fly
PLL
Phase Lock Loop
PNT
Positioning, Navigation and Timing
PPP
Precise Point Positioning
PPS
Precise Positioning Service
PRC
Pseudo-Range Corrections
PRN
Pseudo Random Noise
QZSS
Quasi-Zenith Satellite System
RTCM
Radio Technical Commission for Maritime Service
RTK
Real-Time Kinematic
RTS
Robotic Total Stations
SPS
Standard Positioning Service
SV
Satellite Vehicle
TAI
International Atomic Time
TEC
Total Electron Content
UBC
Uniform Building Code
UERE
User Equivalent Range Error
US
United States
USCG
United States Coast Guard
Us-Dod
United States of America Department of Defense
WGS
World Geodetic System
WKS
Whittaker–Nyquist–Kotelnikov–Shannon
xii
xiii
1. INTRODUCTION 1.1
General Description
Wireless network play an important role in achieving ubiquitous computing where network device embedded the environments provides continuous connectivity and services, so that to improve the human quality of life. Due to the exposed nature of wireless links current wireless networks can be easily attacked by jamming technique.[1] The description of existing wireless communications by decreasing the signal to noise ratio at receiver sides through the transmission of interfering wireless signals. Jamming is different from regular network interference because it describes the deliberate use of wireless signals in an attempt to disrupt communications where interference refer to unintentional form of disruption. 1.2 Background and Motivation GNSS applications will be modernized to hopefully reject multipath (Irsigler et al 2005), intra- and inter-system interference (Titus et al 2003) and external interference generated by spurious emissions of some electronic devices. Many technical improvements are occurring for GNSS, such as increasing the signal strength and number of frequencies. These methods will reduce the effect of interference signals but may not eliminate them. Civil jammers are capable of broadcasting disruptive interference signals in the GNSS bands, block the reception of navigation signals in their vicinity and degrade the performance of the GNSS receivers. Although the use of civil jammers is illegal, there is much evidence of their usage (Mitch et al 2011). Such jammers are easily accessible (Bauernfeind et al 2012) and considering their impact on the accuracy and availability of GNSS services, their detection and mitigation are becoming increasingly important. Currently, most available civil jammers transmit hostile signals in the L1 band where the open GPS C/A service are provided. However, it is a trivial task for a jammer to adjust its center frequency and bandwidth in order to intrude new GNSS services such as L5/E5 as well as other systems such as GLONASS and BeiDou. In order to protect these navigation services, it is necessary to detect, characterize and mitigate interference sources effectively and reliably. Implementation of interference suppression algorithms within receivers would provide a higher level of integrity and continuity.
1
1.3 Relevant Research There are several interference countermeasure methods proposed in the literature. An interference suppression unit (ISU) is an interference countermeasure system that consists of interference detection, characterization and mitigation sections. The ISU can generally be divided into two categories, namely pre-despreading and post-despreading techniques. Pre- despreading methods are applied before the correlation stage whereas post-spreading methods are implemented after correlation operation in the receiver i.e. after either of acquisition, tracking or navigation solution blocks.The main advantage of pre-despreading techniques is that they do not require any modification to the receiver structure. While pre-despreading methods provide a better estimation of the jammer than post-despreading since they have access to raw input signals. The downside is high processing burden due to high sampling rate before correlation. 1.4 Objectives and Contributions Up to now, several methods have been proposed in order to characterize the signal instantaneous time-frequency properties. There are key drawbacks in linear timefrequency analysis approaches. Firstly, in order to apply these methods, the input signal must be divided into several pseudo-stationary sections. Hence, the user must have a priori information about the signal characteristics to set a proper window size. Secondly, the time-frequency resolution depends on the window size. If it is required to closely localize the time instant of higher frequency components, a shorter time window must be used. On the contrary, if the goal is to pinpoint the frequency location of lower frequency components, a longer time window is chosen. Because of the Heisenberg uncertainty principle (Nam 2013), the finest time location and the best frequency resolution cannot be reached at the same time. Hence, these methods suffer from nonadaptability. In other words, they are appropriate to analyze quasi-stationary signals with constant features in each window, but are not suitable to analyze highly transient signals such as bursts. Moreover, in case of WT it is difficult to select an optimal Wavelet basis for a specific input signal. Non-linear time-frequency approaches have been proposed to overcome the shortcomings of linear methods for non-stationary signals in order to achieve a better 2
time-frequency resolution. Cohen distribution, HHT and MP are presented herein as non-linear approaches. Among the bilinear methods, the Cohen distribution assumes that the interference signal is a non-stationary process, along with GNSS jamming12 signal structure. Moreover, choosing a proper kernel function improves the timefrequency resolution. Adaptive time-frequency methods such as HHT and MP have several advantages compared to conventional linear algorithms such as STFT and WT. Firstly, they compute IMFs/residuals directly from the input data and no assumptions are made for the basis functions. Hence, they do not impose any condition on the time-frequency variations of the input signals and adaptively change the resolution to match the signal requirements. Secondly, it is not required to introduce a predefined window size as these methods analyze the whole data set at the same time. No previously publicly available papers exist at this time on their use for the application at hand. Among different types of RF jammers, single tone and swept interferences are the most commonly used ones by civil jammers. Bauernfeind et al (2012) and Mitch et al (2011) presented observations of these types of interference signals at L1 and L2 frequencies. In addition, Mitch et al (2011) provided the maximum allowable jammer-to-signal ratio for commercial GPS receiver to work properly. Most of the jamming mitigation techniques (e.g. Mitch et al 2012) are based on linear time-frequency representation of the interference. These methods require some a-priori information about the interference features in order to properly overcome them. However, in practice, there might be various types of jamming signals that are unknown to a receiver and there is not enough a priori information about them. To characterize these types of jamming signals, some type of adaptive processing method is needed. There is a limited work on implementing adaptive time-frequency analysis techniques without any primary knowledge about the jammer’s characteristics. In this work, in order to understand the interference structure, the RF jammers are modeled. Then applicable countermeasures are developed. As mentioned before, one of the drawbacks of pre-despreading interference detection techniques is proper 3
threshold selection. Optimal threshold determination requires knowledge of signal characteristics and the noise probability distribution function. Several methods have been proposed so far for RF interference detection and each of them is associated with a kind of threshold setting. Herein, various thresholding methods will be implemented and compared with each other and analyzed in terms of complexity and required detection time. Another part of this work focuses on implementation of several well-known adaptive predespreading interference suppression techniques and investigation of their advantages /disadvantages and applications. This research extends the concept of time-frequency characterization by eliminating a need for a priori information about interference and by employing adaptive time-frequency analysis methods. Linear time-frequency representations suffer from adaptability due to fixed window size. Moreover, they have limited time-frequency resolution as it was explained in the previous section. In contrast, adaptive time-frequency techniques increase the time-frequency resolution and are not dependent on the observation window size. Hence, a practical adaptive algorithm based on non-linear time-frequency signal analysis will be chosen for chirp-type jammer characterization. In order to mitigate the jammer signals by using calculated interference features, several excision methods based on direct excision and subtraction algorithms will be considered. The input signal (which is contaminated with a RF jammer) is fed into the characterization unit that can be either a linear or a non-linear time-frequency characterization technique. Interference excision is performed by a threshold-masking operation that extracts the interference part of input signal. Finally, to evaluate the performance of the proposed method, GPS data collection and analysis scenarios will be conducted. The received signals will be corrupted (combined) using a single tone and chirp jammer generated by a signal generator. On the receiver side, an NI RF front-end will be utilized to collect raw IF samples. Moreover, a clean version of the GPS signals will also be collected for performance comparison. Therefore, the main goals of the proposed research can be summarized as follows: 1) Modeling of different kinds of civil RF jammers. 2) Proposing a jammer detection method with low complexity and fast decision time. 3) Implementing adaptive time-frequency characterization methods considering no 4
a priori information about jammer features. 4) Implementing a time-frequency interference excision technique by jammer signal synthesis and subtraction to mitigate the interference effect 1.5 Jamming Characteristics Firstly one should know what jammer is. According to jammer is defined as an individual who is intentionally obstructing the methods of legal wireless communication. Such an individual is treated as an active attacker depending upon its intentions and actions. From the jammer’s perspective, it can accomplish its aim from seizing the sender such that it is unable to transmit or, as a second option which is found better, hinder the receiver so that it cannot understand the message completely or partially. For the sake of concept, suppose that in communication of the two nodes where jammer, residing nearby, can prevent the sender from initiating a data communication by constantly emitting low powered signals on the channel; allowing the sender to presume that the medium is occupied. Alternatively, if for some reason the data is transmitted successfully, jammer can target the receiver’s end via inclusion of noise in the transmitted packet. Thus, jammer can target a whole area in its range or a particular transmission Before going into the details of tackling and mitigating a jamming attack, it is vital to overview some factors and measures on the basis of which jamming attack is categorized and identified. jammer ought to have elongated energy to continuously hinder the communication. Additionally, it should adopt the methodology not to get detected. A third criterion is that it should disrupt the communication to possible extent i.e. level of DOS attack depends on interests of jamming scenarios. That is, an adversary with restricted energy will not be much effective, because the primary concern will be to lengthen its existence on the network, rather than efficiently disrupt the communication. Specifies the factors that are extensively utilized for measuring jamming effectiveness: 1. Energy competence 2. Likelihood of Exposure 3. Domain of DoS Potential alongside physical layer techniques In order to measure the degree to which a jammer assures these factors analyzed and discussed two methods that are of great importance: 1.5.1 Packet Send Ratio (PSR): Packet send ratio depends on the number of packets, which are successfully sent out, to the amount of packets that were intended to be sent out. Due to broadcast nature of wireless medium there is always chance of interference, we can not provide surety of non interference . If ‘m’ is the number of packets sent out and ‘n’ being the quantity of packets which were intended to be transmitted, then PSR can be defined mathematically as: PSR can be easily measured by wireless device that keeps track of amount of packets it wanted initially to send in correspondence to the actual packets successfully transmitted. 1.5.2 Packet Delivery Ratio (PDR): PDR is defined as numbers of packets that are received by recipient compared to of packets that have been sent out by source. If ‘q’ is number of packets received and ‘m’ being packets transmitted then PDR can be defined mathematically as 5
1.6 Jamming Attack Modeling
1.6.1 Noise Jamming:
The channel bandwidth used by the targeted system is jammed with noise energy. This raises the level of background noise at the receiver and makes it difficult to detect frames correctly. In other words, the SNR (Signal-to-Noise Ratio) at the receiver end is decreased.
1.6.2 Bit Jamming:
Jamming at the same frequency and modulation scheme as the targeted system seriously decreases the network performance as the devices try to detect a known pattern in the bit stream allowing them to synchronize. Since this modulated signal may not be filtered out like white noise, it decreases the SNR at the receiver and occupies the channel heavily.
1.6.3 Frame Jamming:
Jamming thorough frames according to the targeted system is hard to detect, because the jamming signal is masked as regular frames. Its impact goes beyond minimizing the signal-to-noise ratio. Due to unfairness of jammer, the channel may be occupied over long periods of time. Depending on the system, this might be achieved with very low energy consumption by periodically announcing long duration frames which forces the participating nodes to remain in silent mode for this amount of time.
1.7 Types of Jammers
6
1.7.1.1 Proactive Jammers
The jammer emits a signal irrespective of the regular network traffic.The effect of proactive jammers on the network during packet transmission.
1.7.1.2 Constant Jamming:
It continuously emits a signal on the medium meaning that there are no silent time intervals in its transmission. Hence, forcing legitimate nodes in the range to always back-off, i.e. starve.
1.7.1.3 Periodical / Random Jamming:
In contrast to the constant jammer, a periodical jammer suspends its transmission during a specified time in regular intervals. A modified version is the random jammer, which uses a random duration, a random interval or both. 1.7.1.4 Smart Jammers
If the jammer uses a certain a priori knowledge of the used communication system in order to optimize its attacks, then it is treated as a smart jammer. As attacks of this type highly depend on the used communication system, there are an infinite number of possible strategies, major ones being.
1.7.2 Reactive Jamming:
Reactive jamming requires the sensing of the channel. As the transmission is detected, jammer starts its intrusion. A more advanced form of reactive jamming includes the analysis of the detected regular data stream. The jamming is then applied systematically to 7
frames from or to specific nodes or to frames of a certain type. 1.7.3 Deceptive Jamming:
Deceptive jamming denotes attacks where false messages are sent to the channel with the objective of disturbing the organization of the network. In case of WLAN, this could be spoofed management or control frames for example. This way, also higher layer vulnerabilities may be easily exploited in order to launch denial of service attack. 1.7.4 Brilliant Jamming:
Brilliant jammers attempt to change specific bit patterns of the frames. However, this requires a very high timing precision and significant a priori knowledge of the target signal structure
1.7.5 Frequency Swept Jammer:
It provides continuous transmission which varies over a range of frequencies at a specified rate. The sweep through the frequencies is modeled by sampling the encompassing sweep bandwidth into a specified number of frequency intervals and continuously cycling through these intervals, issuing an equal length transmission at each step.
8
2. Introduction to GPS
9
GPS is a satellite based navigation system abbreviated as Global Navigation Satellite System. GPS was developed in 1970s by US DOD. Initially, It was by militry for their military need and later it was made available to civilian. It was made dual use system that can be access by both civilian and military. It gives position and timing information (any where in the world) under any weather condition. GPS consist of 24 operational satellites constellation was completed in July 1993. It was operational on December 8, 1993. There are six orbital plane on which 4 satellites are placed in each orbit to worldwide coverage. Anywhere in the world four to ten GPS satellites will be visible. The elevation angle is 10O and we need four satellite provide the position location and information. The orbits of GPS satellites are nearly elliptical (circular) with eccentricity is about 0.01 and inclination of about 55O the equator. 26, 560 Km is the semi major axis of a GPS orbit and its altitude is about 20, 200 Km above surface of earth. The GPS orbital period is about 12 hours or approximately 11 hours and 58 minutes. The GPS is fully operational since July 17, 1995. 2.1 GPS System architecture GNSS is made of segments i.
Space segment
ii.
Central segment
iii.
user segment
2.1.1 Space Segments The space segment is the constellation of satellites from which users make ranging measurements. The SVs (i.e., satellites) transmit a PRN-coded signal from which the ranging measurements are made. This concept makes GPS a passive system for the user with signals only being transmitted and the user passively receiving the signals. Thus, an unlimited number of users can simultaneously use GPS. A satellite‟s transmitted ranging signal is modulated with data that includes information that defines 10
the position of the satellite. An SV includes payloads and vehicle control subsystems. The primary payload is the navigation payload used to support the GPS PVT mission; the secondary payload is the nuclear detonation (NUDET) detection system, which supports detection and reporting of Earth-based radiation phenomena.The vehicle control subsystems perform such functions as maintaining the satellite pointing to Earth and the solar panels pointing to the Sun.[Kaplan et al 2006] It consists of 24 satellites each satellite transmit a signal which has Two Sine wave or also called carrier frequencies Two codes The navigation message
In the carrier frequency the code and navigation message are added on BPM. The carrier and codes give the distance from the user‟s receiver to the GPS satellite. The coordinates of the satellite as the function of time and other information included the navigation message. 2.1.2 The control segment The CS is responsible for maintaining the satellites and their proper functioning. This includes maintaining the satellites in their proper orbital positions (called stationkeeping) and monitoring satellite subsystem health and status. The CS also monitors the satellite solar arrays, battery power levels, and propellant levels used for maneuvers. Furthermore, the CS activates spare satellites (if available) to maintain system availability. The CS updates each satellite‟s clock, ephemeris, and almanac and other indicators in the navigation message at least once per day. Updates are more frequently scheduled when improved navigation accuracies are required. (Frequent clock and ephemeris updates result in reducing the space and control contributions to range measurement error. Further elaboration on the effects of frequent clock and ephemeris updates. The ephemeris parameters are a precise fit to the GPS satellite orbits and are valid only for a time interval of 4 hours with the once-per-day normal upload schedule. Depending on the satellite block, the navigation message data can be stored for 11
a minimum of 14 days to a maximum of a 210-day duration in intervals of 4 hours or 6 hours for uploads as infrequent as once per two weeks and intervals of greater than 6 hours in the event that an upload cannot be provided for over 2 weeks. The almanac is a reduced precision subset of the ephemeris parameters. The almanac consists of 7 of the 15 ephemeris orbital parameters. Almanac data is used to predict the approximate satellite position and aid in satellite signal acquisition. Furthermore, the CS resolves satellite anomalies, controls SA and AS and collects pseudorange and carrier phase measurements at the remote monitor stations to determine satellite clock corrections, almanac, and ephemeris. To accomplish these functions, the CS is comprised of three different physical components: the master control station (MCS), monitor stations, and the ground antennas[Kaplan et al 2006] It consists of network tracking station in which a master control station located in US at Colorado. In order to determine and predict Satellite location System integrity behaviour of satellite atomic clock atmospheric data the satellite almanae is the task of control segment to track the satellite
2.1.3 User segment The user receiving equipment comprises the user segment. Each set of equipment is typically referred to as a GPS receiver, which processes the L-band signals transmitted from the satellites to determine user PVT. While PVT determination is the most common use, receivers are designed for other applications, such as computing user platform attitude (i.e., heading, pitch, and roll) or as a timing source It includes users:
12
Military and civilians; A GPS receiver is connected with an antenna to receive the signals; and used to determine his location anywhere. 2.2 GPS services The SPS is designated for the civil community, whereas the PPS is intended for U.S. authorized military and select government agency users. Access to the GPS PPS is controlled through cryptography. Initial operating capability (IOC) for GPS was attained in December 1993, when a combination of 24 prototype and production satellites was available and position determination/timing services complied with the associated specified predictable accuracies. GPS reached full operational capability (FOC) in early 1995, when the entire 24 production satellite constellation was in place and extensive testing of the ground control segment and its interactions with the constellation was completed. 2.2.1 PPS The PPS is specified to provide a predictable accuracy of at least 22m (2 drms, 95%) in the horizontal plane and 27.7m (95%) in the vertical plane. The distance root mean square (drms) is a common measure used in navigation. Twice the drms value, or 2 drms, is the radius of a circle that contains at least 95% of all possible fixes that can be obtained with a system (in this case, the PPS) at any one place. The PPS provides a UTC time transfer accuracy within 200 ns (95%) referenced to the time kept at the U.S. Naval Observatory (USNO) and is denoted as UTC (USNO). Velocity measurement accuracy is specified as 0.2 m/s (95%). PPS measured performance. As stated earlier, the PPS is primarily intended for military and select government agency users. Civilian use is permitted, but only with special U.S. DOD approval. Access to the aforementioned PPS position accuracies is controlled through two cryptographic features denoted as antispoofing (AS) and selective availability (SA). AS is a mechanism intended to defeat deception jamming through encryption of the military signals. Deception jamming is a technique in which an adversary would replicate one or more of the satellite ranging codes, navigation data signal(s), and carrier frequency Doppler effects with the intent of deceiving a victim receiver. SA had intentionally degraded SPS user accuracy by dithering the satellite‟s clock, thereby corrupting TOA 13
measurement accuracy. Furthermore, SA could have introduced errors into the broadcast navigation data parameters. SA was discon- tinued on May 1, 2000, and per current U.S. government policy is to remain off. When it was activated, PPS users removed SA effects through cryptography [kaplan] 2.2.2 SPS The SPS is available to all users worldwide free of direct charges. There are no restrictions on SPS usage. This service is specified to provide accuracies of better than 13m (95%) in the horizontal plane and 22m (95%) in the vertical plane (global average; signal-in-space errors only). UTC (USNO) time dissemination accuracy is specified to be better than 40 ns (95%). SPS measured performance is typically much better than specification. At the time of this writing, the SPS was the predominant satellite navigation service in use by millions throughout the world. 2.3 GPS basic Concept To find the position of a certain point in space can be found from distance measured from this point to some known position in space. Three distances and three satellites are required to find the user position to trace of a point with constant distance to a fixed point in a circle in two dimensional case. Two distance and two satellite are required to give two possible solution because two circle interact at two points. The third circle determines the user position. In a three dimensional case four satellite and four distance will be needed. The ephemeris data gives the GPS position of the satellite, which is transmitted by the satellite, the distance from the receiver to satellite as one can measure. Therefore the positions of receiver can be determined. Five satellites are needed to measure the user position, in order to resolve the bias error. There is no bias error if the distance measure from the user to the satellite is assumed to be very accurate. The receiver and satellite has a constant unknown bias if the distance measured between them, because the user clock usually is different from the GPS clock. If one user four satellites and the measured distance with bias error to measure a user position, two possible solution can be obtained.
14
The user position cannot be determined. However one of the solution is in space and other one is close to the earth surface. Since the user position is usually close to the surface of the earth it can be uniquely determined. Therefore four satellites can be used to determine a user position even though the distance measured has a bias error.
2.4 Orbital Elements To mathematically describe an orbit one must define six quantities, called orbital elements. Semi-major axis a the longest axis of the ellipse going through the two foci. Eccentricity e the elongation of the ellipse Inclination of the orbit i the orbit plane is tipped relative to the reference equatorial plane. Argument of Perigee ω an angle in the orbital plane between the ascending node and peri-apsis, measured in the direction of the satellite’s motion Right ascension of the ascending node Ω the angle measured to the point where the orbit crosses the equatorial plane relative to a reference direction known as the vernal equinox. True anomaly the angular distance of a point in an orbit past the point of peri-apsis, measured in degrees Semi-Major Axis, a Eccentricity, e Inclination, i Argument of Periapsis, ω Longitude of Ascending Node, Ω
15
2.5 Psedorange Error:
Control System: Measurement error, clock error, codes error, ephemerides error.
Lonospheric Error: Due to density of electron along the path, the propagation delay depends on the frequency. Tropospheric Error: The delay to the pressure temperature and humidity in the air.
Multipath error
Receiver noise
aneompensated relativistio effects
Selective availibility: The accuracy of the GPS to civil user the signal has been intentionally disturbed to limit. Ionospheric Error: The region about 50-1000 km of ionized gass where free electrons and ions. Due the radiation of the sun caused ionization. Due to the number of free electrons in its path the speed of propagation of radio signal effected.
TEC: It is defined as the number of electrons in a tube of 1m2 cross section from receiver to satellite
I
40.3TEC
f
2
The delay in phase measurement have same magnitude but opposite sign, which can be compensated and estimated for using double frequency receivers. Ionospheric delay is given
Tropobpheric Model:
16
It is about an order of magnitude less than the tropospheric error. No data from satellite is transmitted. A number of model exist to correct this error.
2.4.1 GPS Orbits: An orbit is a repeating regular path that one object in space takes around another one. Satellite is an object in a orbit. A satellite can be natural or artificial like Earth, moon or space shuttle. 2.4.2 Kepler’s Law
Law of orbit: The orbit of each planet is an ellipse with the sun at a focus. Law of areas: The line joining the planet to the sun sweeps out equal areas in equal time. Law of Periods: The square of the period of a planet is proportional to the cube of its mean distance from the sun.
2.4.3 Types of Orbits: 2.4.3.1 Altitude classifications Low Earth orbit (LEO): Geocentric orbits with altitudes up to 2,000 km Medium Earth orbit (MEO): Geocentric orbits ranging in altitude from 2,000 km to just below geosynchronous orbit at 35,786 km. High Earth orbit: Geocentric orbits above the altitude of geosynchronous orbit 35,786 km 2.4.3.2 Centric classifications Galactocentric orbit: An orbit about the center of a galaxy. The Sun follows this type of orbit Heliocentric orbit: An orbit around the Sun. In our Solar System, all planets, comets, and asteroids are in such orbits, as are many artificial satellites and pieces of space debris. Moons by contrast are not in a heliocentric orbit but rather orbit their parent planet. Geocentric orbit: An orbit around the planet Earth, such as that of the Moon or of artificial satellites.
2.6 GPS Signal: GPS signals are transmitted on two radio frequencies. These frequencies are L1 and L2 which are obtained from common frequency. fo
= 10.23 MHz
f L1
= 154 fo
= 1575.42 MHz 17
f L2
= 120 fo
Carrier
Navigation data
Spreading sequence
= 1227.60 MHz
Carrier: The carrier wave has frequency f L1 or f L2. Navigation data: The navigation data contain information about satellite orbits and has 50bps bit rate. Spreading sequence: Each satellite has two unique codes i.
Course Acquisition (C / A)
ii.
Encrypted Precision code P (Y)
C / A code is a sequence of 1023 chips. The chipping rate 1.023 MHz P(Y) code is long code with a chipping rate of 10.23 MHz. C/A code is only modulated on L1 carrier while P(Y) code is modulated on both L1 and L2 carrier. 2.7 GNSS Application Transportation Machine Control Timing Marine Defence Port Automation
GNSS receivers is now integrated into mobile communications equipment, that support to display maps, showing the location of amd routes stores and hostels. Geocaching is outdoor activity in which we use a receiver to find and seek container called geochaches around the world. 2.7.1 Transportation In rail transportation GNSS is used in conjunction with other technologies to track location of lomotive and maintenance of rail car vehicles knowing the precise location of rail equipment to reduce accidents delays and operating costs, enhancing safety, customer services and capacity. In aviation GNSS is used for aircraft navigation from departure en route to landing. It facilitates in remote areas that not well served by ground based navigation aids and avoide from collisions and used system to improve approaches to airport runways. 18
In marine transportation it is used to find the exact position of ships when they are in open seas and when they are maneuvering in congested area. It is meoroporated into hereying underwater, bury positioning, navigation hazard location, and mapping. GNSS is integrated with automated container placement in large ports. In surface transportation in vehicle and vehicle location are being used in the world. Many vehicles are equipped with display of navigation that super impose vehicle location and status on the maps. It also forcast the movement of freight and track the movement of vehicles and monitor road network enhancing driver safety and improving efficiency.
2.7.2 Machine control In bulldozers, excavators, graders, pavers and from machinery GNSS techonolgy is being integrated. It provide situational awareness information and enhance productivity in the real time operation to the equipment. The three main areas of machine control are: i.
Agriculture
ii.
Construction
iii.
Surface mining
The benefits of GNSS based machine control are Efficiency, Accuracy, Job management, data management, theft detection. •Efficiency By helping the equipment operator get to the desired grade more quickly, GNSS helps speed up the work, reducing capital and operating costs. • Accuracy: The precision achievable by GNSS-based solutions minimizes the need to stop work while a survey crew measures the grade. • job Management: Managers and contractors have access to accurate information about the jobsite, and the information can be viewed remotely. •Data Management: Users can print out status reports, save important data and transfer files to head office. 19
•Theft Detection: GNSS allows users to define a “virtual fence” about their equipment and property, for the purpose of automatically raising an alarm when equipment is removed, then providing equipment tracking information to the authorities
2.7.3 Agriculture
In precision agriculture GNSS are used to support farm planning soil sampling tractor guidance, crop assessment and field mapping. Fertilizers, herbicides and pesticides reduce environmental impact and cost. GNSS system can guide automatically farm implements along he contours of the earth in a manner that controls erosion and maximizes the erosion of system irrigation with increased accuracy farm machinery can be operated at higher speed day and night. This saves accuracy, time , fuel and maximizes the efficiency of the operation. Reducing fatigue can also increase operator safety. 2.7.4 Construction To position the cutting edge of bulldozer, excavator and compare this blade position against a 3D digital design to compute cut or fill amount, we use GNSS information. 2.7.5 Surface mining It is used to manage the mining of an ore body and waste material movement. position information is used by blast hole drills to improve fraclurization of the rock material and hole that is drilled its depth can be controlled. The obstruction caused by mine‟s walls, GNSS is particularly advantageous in surface mining. 2.7.6 Surveying The amount of equipment is reduced by GNSS base surveying and labour required to determine the position of points on the earth surface. The survey crew of three people in a week, it is possible that using GNSS a single surveyor can accomplish in one day. Determining a new position once required measuring distance and bearings from are know point to the new point. 2.7.7 Timing App 20
for determination of position time accuracy is critical for GNSS because satellite is equipped with clocks which are accurate to nanoseconds. The local time of GNSS receivers become synchronized with the very accurate satellite time as the part of the position determining process. This time information has many application like electrical power grid and financial networks. Seismic monitors that are synchronized with GNSS satellite clock can be used to determine the epicenter of an earthquake by triangulation based on the exact time the earth quack was detected by each monitor (Charles Jeffery, et al 2010) 2.7.8 Defense It has broad use of GNSS technology.# Navigation: Using GNSS receivers, soldiers and pilots can navigate unfamiliar terrain or conduct night-time operations. Most foot soldiers now carry hand-held GNSS receivers. •
Search and Rescue: If a plane crashes and that plane has a search and rescue beacon that is
equipped with a GNSS receiver, it may be possible to more quickly locate it. •
Reconnaissance and Map Creation: The military uses GNSS to create maps of uncharted or
enemy territory. They can also mark reconnaissance points using GNSS. •
Unmanned Vehicles: Unmanned vehicles are used primarily for reconnaissance, but they can
also be used for logistics, target and decoy, and research and development. An unmanned aerial vehicle (UAV) is an aircraft that is unoccupied but under human control, whether radio-controlled or automatically guided by a GNSS-based application. UAVs can be used to scout territory in unsecured airspace and in contaminated areas. Mission coordinates may be predefined and corrections may be sent to keep the UAV on a specific track 2.7.9 Port Automation Shipping hubs can improve their operating efficiency by using GNSS tracking the movement and placement of containers about their yards. Many cranes are equipped with GNSS based steering device that determine the crane position and keep it travelling in the desired path because gartsy cranes are used in ports throughout the world to lift shipping containers. These cranes are large and sometime difficult to steer
21
accurately in a crowded shipping dock. (Charles Jeffery, et al 2010). It also improve accuracy and produce fivity as well as safety of operators and workers on the ground. To reduce food spoilage and gets toys delivered on time a GNSS is a key benefit is the quick movement of container about the port.
22
Chapter 03 History and background of the SDR technology
3.0 History and background The sophistication possible in a SDR has now reached the level where can radio can convincably perform beneficial task, that help the user, help the network and help minimize spectral congestion. Radio are already demonstrating one or more of these capabilities in limited ways. The simple example is the adaptive digital European cordless phone (DECT) wireless phone, which have least noise and interference on that channel and timeslot, which find and use a frequency within its allowed plan. Following are the major applications of SDR capabilities i.
Spectrum management and optimization
ii.
Interface with a wide variety of network and optimization of network resources
iii.
Interface with a human and providing electromagnetic resources to aid the human in his her activities.
The development of digital signal processing techniques were due to the following leaders iii.
Alan Appenhein
iv.
Lawrence Rabinear
v.
Ronald Schaefer
vi.
Ben Gold, Thoman perks
vii.
jame Kaiser
They teach the entire industry how to convert analogue signal processes to digital processes. Cleve Moler, Jack little, John Morkel, Augustine and others began to develop software tools that would eventually converge with the DSP industry. The semiconductor industry, continuing to follow Moor‟s Law where the computational performance required to implement digital signal processes used in radios modulation and demodulation and resulted in improved radio communication performance, reliability, flexibility and increased reach to customer. 3.1 The vision of SDR Imagine that if our cellphone, personal digital assistant, laptop, automobile and TV were smart as “Radar”, then we would be able to know our daily activities that we do. Very soon, before our asking, they would 23
have things ready for us. It would help us to find, opportunities find people, and find things, translate languages and completion our task on time. Similarly if radios were smart, it could learn services available as locally accessible wireless computer network to their preferred protocols, so that we have no problems in finding the right dulation network access are defined by software.
SDR implements on necessary cryptography forward error correction coding source coding of voice video data to software In 1987 Air force Rome Labs funded the development of programmable modem as “architecture of the integrated communications, navigation, identification architecture”. 3.2 What is SDR Radios has been designed to process a specific waveform. 3.3 Radio Radio is any device used to exchange digital information into point A and B. Most radios are not software defined but they are software controlled. Like, a modem cellphone support both 2G and 3G. 3.4 Technical problems
Most antennas are mechanical structure and difficult to tune dynamically. An ideal SDR should not limit carrier frequency or bandwidth of the waveform. The antenna should be able to capture EMW from L1 MHZ to 60 MHZ.
The key feature of RF front end is selection of the desired signal and rejection of interferer. The antenna and filter required to implement the channel selection are usually electromechanical structure and are difficult to find dynamically.
The entire band must be digitized without and RF front end to select the band of interest
The captured spectrum contains the signal of interest and a multitude of other signals. Signal of interest is weaker than the interfering signal. The digitizer must have sufficient dynamic range to process both weaker signals and strong signals 0 dB of dynamic range per bit of resolution, is provide by an ideal digitizer.
24
The digitizer must be linear, because non linearity cause intermodulation between all the signals in the digitized band. Even a high order intermodulation component of a strong signal can swamp a much weaker signal.
The 24 bit digitizes operating at 120 GHz has to applied to a data stream at 120 x 109 x 24
250
GB/s which is beyond the capabilities of modem processors and likely to be in the foreseeable future. Suppose all of these technical problems were solved. The same radios could be used to process any waveforms. 3.5 Why SDR It takes time for a new technology to evolve from the lab to the field. Since SDR is relatively new, it is not yet clear where it can be applied. Some of the most significant advantages and applications are summarized below. • Interoperability. An SDR can seamlessly communicate with multiple incompatible radios or act as a bridge between them. Interoperability was a primary reason for the US military’s interest in, and funding of, SDR for the past 30 years. Different branches of the military and law enforcement use dozens of incompatible radios, hindering communication during joint operations. A single multi-channel and multi-standard SDR can act as a translator for all the different radios. • Efficient use of resources under varying conditions. An SDR can adapt the waveform to maximize a key metric. For example, a low-power waveform can be selected if the radio is running low on battery. A high-throughput waveform can be selected to quickly download a file. By choosing the appropriate waveform for every scenario, the radios can provide a better user experience (e.g., last longer on a set of batteries). • Opportunistic frequency reuse (cognitive radio.) An SDR can take advantage of underutilized spectrum. If the owner of the spectrum is not using it, an SDR can ‘borrow’ the spectrum until the owner comes back. This technique has the potential to dramatically increase the amount of available spectrum. • Reduced obsolescence (future-proofing). An SDR can be upgraded in the field to support the latest communications standards. This capability is especially important to radios with long life cycles such as those in military and aerospace 25
applications. For example, a new cellular standard can be rolled out by remotely loading new software into an SDR base station, saving the cost of new hardwareand the installation labor. • Lower cost. An SDR can be adapted for use in multiple markets and for multiple applications. Economies of scale come into play to reduce the cost of each device. For example, the same radio can be sold to cell phone and automobile manufacturers. Just as significantly, the cost of maintenance and training is reduced.E. [Grayver, Implementing Software Defined Radio]
3.6 Disadvantages of SDR 3.6.1 Cost and Power: The cost of SDR is most common argument. The argument is particularly important for high volume, low margin consumer products. For example a garage or car door remote opener key, is extremely simple device has only one function, so that millions of identical devices are sold every year. An SDR chip for garage door opener could be used in many other devices, but the market volume would not drive the cost of the chip down. SDR is more complex than a single function radio, so that SDR chip cost would be higher. The second most argument against SDR is increased power, consumption.
Increased DSP complexity
Higher mixed signal bandwidth, these two sources contribute higher power consumption
wideband ADCs, DACs and RF front end required for SDR consume more power than their narrow bandwidth. wireless to download videos or printout. It could use the frequencies and choose waveforms that minimize and avoid interference with existing radio communication systems. 3.6.2 Complexity One generic argument against SDR is the additional complexity it requires. The complexity argument has at least three components: • Increased time and cost to implement the radio. It takes more engineering effort to develop software and firmware to support multiple waveforms than to supportust one. Some argue that the increase in complexity is super linear (i.e., it takes more than twice as long to implement a radio that supports two waveforms than to implement two radios that each support one waveform). This claim is not unreasonable if the radio has to conform to a complex standard such as JTRS (see Sect. 7.1). Specialized expertise required to develop on a particular SDR 26
platform may disappear soon after the radio is delivered to the customers. Developing new waveforms for that platform in the future can easily be more expensive than starting from scratch. 5 • Longer and more costly specifications and requirements definition. An SDR design has to support a set of baseline waveforms but also anticipate additional waveforms. Some DSP resource margin must be provided to support future waveforms. • Increased risk. At least two sources of risk must be considered: – Inability to complete the design on-time and on-budget due to the concerns presented above. Since SDR is still a relatively new technology, it is more difficult to anticipate schedule problems. – Inability to thoroughly test the radio in all of the supported and anticipated modes.
Brief History of SDR
SDR is a radio in which the properties of carrier frequency Signal bandwidth
3.7 Comparison between Hardware and Software Hardware GNSS – Hard ware receiver consist of large scale integrated chip. These receivers are small in size, required less processing power and power efficient compared to SDR, because in these receivers the number of channels and other parameters are fixed. Software defined Receiver: it consist of two parts i.
RF front end
ii.
Signal processing software 27
RF front end used to cotlare GNSS signals which is external hardware. It is used to down-convert the RF signal to IF and for signal processing after sampling, digital signal is fed to the host. In the signal processing software, Navigation solution, Acquisition and tracking can be done. We can modify these receivers according to the application requirement GNSS SDR generally used for research purposes and simulations of different scenerios.
3.8 Advantages of SDR Commercially available GNSS receiver chips or GNSS receivers in which all the signal processing is done in the hardware chips are limited in terms of their phase locked loop Noise Bandwidth, Doppler frequency search band, the sampling frequency and the algorithm used to process the incoming GNSS signal. In hardware based receiver the above parameters cannot be changed. Finally output received from hardware based receiver is the only navigation solution. SDR in which signal can be analyzed at any processing stage and is a modular based system, the signal processing algorithm can also be changed. Through SDR we can simulate and analyze different scenarios and behaviors. We can also change following signal processing parameters. i.
Doppler frequency search band
ii.
Sampling rate
iii.
Any filter configuration
iv.
PLL noise bandwidth
v.
Delay locked loop noise bandwidth
vi.
number of satellite to the tracked
vii.
other parameters for specific algorithm
3.9 Implementation of SDR
28
As we know, SDR has two parts software and hardware. Hardware part has Biastee active antenna, USRP N210 and LNA. Software part consist of GNU radio based open source libraries patch up in modular form. First module consist of UHD for data reception from USRP N210. Second module is the Acquisition module for searching satellite in view, the third module is the tracking module for extracting of navigation massage, the fourth module is the navigation solution computation module, to compute the position coordinates of the receivers. 3.9.1 Active GPS antenna The Active GPS antenna used is a commercially available Right Hand Circular Polarized GPS car antenna with 30dB gain and 50Ω impedance. Its model number is LCGPS01.
3.9.2 Bias-Tee Custom made Bias tee design is based on TCBT-14+ from Mini-Circuits ® [10]. PCB was designed on the pcb designing software DiptraceTM. The design has only one external component that is 0.01μf capacitor. Bias tee has the insertion loss of 1.17dB and is designed for 50Ω impedance system. Its functional schematic. 3.9.3 Low Noise Amplifier Custom made LNA used, is based on BFP640ESD, with a gain of 11dB [6],[7]. Bias-T mentioned in the schematic is for 50Ω impedance system. Its functional schematic. 3.9.4 USRP-N210 USRP N210 is a powerful flexible Software Radio Peripheral used to develop and implement SDRs; It has 100MS/s dual ADC, 50Mbps Gigabit Ethernet connection and 2.5ppm TCXO reference clock. This device is used along with WBX daughter board which provides 40MHz bandwidth capability with 50-2200 MHz frequency range. Its noise figure is 5dB. 3.10 Signal processing software
29
The Host System used is Corei5 with Ubuntu 12.10. The software consists of open-source libraries based on GNU- Radio. The algorithms used for each module are as follows: 3.10.1 Acquisition Acquisition process gives the rough estimates of Doppler Shift and Code phase of visible satellites, the algorithm used for acquisition of GPS satellites is “Parallel Code Phase Search Acquisition Method”. Software works at a sampling rate of 4Msps; The Doppler frequency search band is set to ±10KHz and Doppler frequency search step size is 250Hz. Acquisition results at point „A‟ for PRN32 and PRN18 Decision of presence of any satellite is made by comparing the highest peak with the second highest peak in Doppler frequency and Code phase search. The distinct peak of PRN18 can be seen in Fig.5 while there is no distinct peak present for PRN32. 3.10.2 Tracking Tracking module gets rough estimates of Doppler frequency and Code Phase from Acquisition module and then refines these parameters for complete removal of Carrier and Coarse Acquisition code to get Navigation Data at baseband. Tracking module keeps lock of the changing code and carrier Doppler shift. The algorithm used is “Phase locked loop plus Delay locked loop tracking”. The PLL band is set to 50Hz and DLL band is set to 2Hz. The chip spacing for Early, Late and Prompt signals is set to 0.5 chips. Results at various point of tracking algorithm are the Coarse Acquisition (C/A) code frequency variations over time at point „B‟. This variation is due to the Doppler shift. This is the error plus initial bias signal of PRN code generator in code tracking loop (DLL) the Doppler shift of carrier signal from point„C‟. This is the error signal of the carrier tracking loop (PLL). Numerical control oscillator adds initial bias to it and generates the exact replica of carrier signal. The PLL plus DLL loop discriminators computes the above given code and carrier Doppler shifts from the output of Early, Late and Prompt correlators. The prompt correlator of in-phase arm gives the Navigation 30
data at base band; the overall procedure‟s goal is to maximize the energy in prompt correlator of in-phase arm. The large amplitude of prompt signal as compared to early and late signals Navigation Solution. The Navigation Solution module gets navigation data from PLL plus DLL loop and after estimating pseudoranges computes the receiver position in real time. The decreasing Pseudorange shows that the satellite identified with PRN1 is coming head-on towards the receiver and its elevation angle is increasing.
31
4. Jamming Techniques GNSS has been introduce into the civilian age by manufacturing thousands of applications that are effecting mostly on life like cell phone, wrist watches, road transportation, railways, shipping, control of movement of aircraft and so many other vehicles at airport. automated highways and can control systems etc. Wireless network play an important role in environment provide continuous connectivity and services. But wireless link is naturally exposed due to which wireless can be easily attacked by Jamming technologies. Jamming is disruption of existing wireless communication by decreasing the signal to noise ratio at receiver sides though the transmission of interfering wireless signals. The regular network interference is different from Jamming because it describes the deliberate use of wireless signals in an attempt to disrupt communication whereas interference is unintentional form of disruption. Unintentional interference may be caused by the wireless communication among nodes within the same networks or other devices like, microwaves and remote controls. Intentional interference is conducted by the attackers who intend to interrupt or prevent communication network. 4.1 GNSS interference signals Interference is basically radio frequency signals from any undesired source that are affecting a GNSS receiver. (Kaplan et al 2006). Navigation singal has DSSS signal structure which gives them an intrinsic robustness against interference signals they are received by receiver antenna at a very low power level. Hence, these signals are vulnerable to inband interference signals (e.g. Landsy et al 1997). RF signal can be decreased or loss of accuracy, reliability and availability due to interference. RF interference is categorized into Narrow band 32
wide band Depending on bandwidth is large or small relative of GNSS signal bandwidth. (Kaplan et al 2006).
4.2 Classification of Interference
4.2.1 Intentional Interference This kind of interference is due to sources that intend to deny service. The intentional interference sources can be grouped into three main sources, namely jamming, spoofing and meaconing. Among them jamming is the most common type. Jamming is an intentional emitted signal that tries to prevent the receiver from acquiring and tracking the authentic signals in the area covered. There are different types of RF jammers including single tone, chirp, pulse, narrowband and broadband signals (Mitch et al 2011). However, single tone and swept waveforms are more commonly used by jammers. Spoofing is a deceptive interference which tries to mislead its target from true navigation. In this case, a basic receiver will consider the counterfeit signal a real one. Spoofers intend to deceive the receiver without being recognized. The meaconing is composed of receiving, delaying and re-broadcasting the GNSS signal in the same frequency as the real signal to confuse the target navigation system. 4.2.2 Unintentional Interference This kind of interference corresponds to the case of accidental interference and is created by external sources. There is a large number of telecommunication and electronic systems such as mobile satellite networks, FM/television transmitter harmonics, some personal electronic devices, and ultra-wideband radars which can transmit RF power in the GNSS receiver band. Another type of interference is multipath reflection generated by terrestrial reflectors.
4.3 GNSS Interference
33
Due to long signal propagation distance from satellite to receiver near the earth, GNSS signal have limited transmitting power and very weak. Thus they can be easily interfered with in band harmonics of radio frequency signals used in other communication and ranging systems. So interference is a signal from undesired source. (Kaplan et al 2006). They cause or lead to positioning accuracy deteriotraction or even unavailability. Thus the major task in GNSS signal processing is to detection and mitigation. [3] M.Sc Thesis To understand how to avoid jamming to achieve efficient communication and how a Jammer attacks wireless networks. There are three different aspect of wireless network Jamming.
2. Types of Jammers 3. Protocols for localizing Jammers 4. Jamming detection and counter measures 4.4 Types of Jammers i.
Proactive
ii.
Reactive
iii.
function-specific
iv.
Hybrid smart Jammers
v.
Optimal placements of Jammer
Jammers are malicious wireless nodes planted by an attacker to cause intentional interference in a wireless network. A jammer can either have the same or different capabilities from legitimate nodes in the network which they are attacking depend upon the strategy of attacker. Jamming affects depend on i.
radio transmitter power.
ii.
location
iii.
influence on network
iv.
target nodes.
Basically Jammer can be elementary or advanced depending upon its functionality. Elementary:
Proactive 34
Reactive
Advanced: Function specific Smart hybrid Type and sources of RF interference wideband interference to the GPS L1 C/A code or L2 C. and narrow band to P(Y) code, Mcook the narrow band has ultimate limit in a signal consisting of a single tone.Self interference is a certain level of interference among signals from different satellites interfere with one another within one system such as GPS and Galelio signals. 4.5 Proactive Jammer When we use pro-active jammer, there are three basic types of jammer: constant deceptive Random Pro-active jammer transmit interfering signal, if not here is data communication in the network. It is operated on random bits on the channel or it send packet, putting all the other nodes on that channel in non-operating nodes. Until its energy is exhausted, it does not switch channels and operates only one channel.
4.5.1 Constant Jammer Without following CSMA protocol (Xu et al, 2005) it comits continuous random bits. A legitimate node has to sense the status of the wireless medium before transmitting accord to the mechanism of CSMA for a DCF interframe space interaction, then it is supposed to transmitting a frame, if the medium is continuously idle during the DIFs internal if the channel is found busy, the station should differ its transmission. It prevent legitimate nodes from communicating with each other by causing the wireless media to be constantly busy. In this type of attack it is easy to detected and energy is inefficient but it is very easy to launch and if no one can communicate at any time then it can damage network communications to the point.
35
4.5.2 Deceptive Jammer It continuously transmit regular packets (Xu et al, 2005) instead of emitting random bits. It deceive other nodes to belive that a legitimate transmission is taking place so that they remains in receiving states until the jammer is turned off or dies. It is more difficult to detect a deceptive jammer as compared to constant jammer because it transmit legitimate packets instead of random bits. It is also energy efficient like constant jammer due to continuous transmission and implemented very easily. 4.5.3 Random Jammer intermittently transmits either random bits or regular packets into networks (Xu et al,2005). Contrary to the above two jammers, it aims at saving energy. It continuously switches between two states: sleep phase and jamming phase. It sleeps for a certain time of period and then becomes active for jamming before returning back to a sleep state. The sleeping and jamming time periods are either fixed or random. There is a tradeoff between jamming effectiveness and energy saving because it cannot jam during its sleeping period. The ratios between sleeping and jamming time can be manipulated to adjust this tradeoff between efficiency and effectiveness Reactive Jammer Reactive jammer starts jamming only when it observes a network activity occurs on a certain channel (Xu et al, 2005). As a result, a reactive jammer targets on compromising the reception of a message. It can disrupt both small and large sized packets. Since it has to constantly monitor the network, reactive jammer is less energy efficient than random jammer. However, it is much more difficult to detect a reactive jammer than a proactive jammer because the packet delivery ratio (PDR) cannot be determined accurately in practice. According to (Pelechrinis et al, 2011), the following are two different ways to implement a reactive jammer. Reactive RTS/CTS jammer jams the network when it senses a request-to-send (RTS) message is being transmitted from a sender. It starts jamming the channel as soon as the RTS is sent. In this way, the receiver will not send back clear-to-send (CTS) reply because the RTS packet sent from a sender is distorted. Then, the sender will not send data because it believes the receiver is busy with another on-going transmission. Alternatively, the jammer can wait after the RTS to be received and jams when the CTS is sent by the receiver. That will also result in the sender not sending data and the receiver always waiting for the data packet (Pelechrinis et al, 2011). Reactive Data/ACK jammer jams the network by corrupting the transmissions of data or acknowledgement (ACK) packets. It does not react until a data transmission starts at the transmitter end. This type of jammer can corrupt data packets, or it waits until the data packets reach the receiver and then corrupts the ACK packets (Pelechrinis et al, 2011). The corruptions of both data packets and ACK messages will lead to re-transmissions at the sender end. In the first case, because the data packets are not received correctly at
36
the receiver, they have to be re-transmitted. In the second case, since the sender does not receive the ACKs, it believes something is wrong at the receiver side, e.g. buffer overflow. Therefore, it will retransmit the data packets. 4.5.4 Function-specific Jammers Function-specific jamming is implemented by having a pre-determined function. In addition to being either proactive or reactive, they can either work on a single channel to conserve energy or jam multiple channels and maximize the jamming throughput irrespective of the energy usage. Even when the jammer is jamming a single channel at a time, they are not fixed to that channel and can change their channels according to their specific functionality. Follow-on jammer hops over all available channels very frequently (thousand times per second) and jams each channel for a short period of time (Mpitziopoulos et al, 2007). If a transmitter detects the jamming and switches its channel, the follow-on jammer will scan the entire band and search for a new frequency to jam again. Or, it may follow a pseudo-random frequency hopping sequence. This type of jammer conserves power by limiting its attack to a single channel before hopping to another. Due to its high frequency hopping rate, the follow-on jammer is particularly effective against some anti-jamming techniques, e.g. frequency hopping spread spectrum (FHSS) which uses a slow-hopping rate. Channel-hopping jammer hops between different channels proactively (Alnifie and Simon, 2007, 2010). This type of jammer has direct access to channels by overriding the CSMA algorithm provided by the MAC layer. Moreover, it can jam multiple channels at the same time. During its discovery and vertex-coloring phases, the jammer is quiet and is invisible to its neighbors. Then, it starts performing attacks on different channels at different times according to a predetermined pseudorandom sequence. Pulsed-noise jammer can switch channels and jam on different bandwidths at different periods of time. Similar to the random jammer, pulsed-noise jammer can also save energy by turning off and on according to the schedule it is programmed for. Unlike the elementary proactive random jammer which attacks only one channel, pulsed-noise jammer can attack multiple channels. Moreover, it can be implemented to simultaneously jam multiple channels. (Muraleedharan and Osadciw, 2006). 4.5.5 Smart-hybrid Jammers We call them smart because of their power efficient and effective jamming nature. The main aim of these jammers is to magnify their jamming effect in the network they intend to jam. Moreover, they also takecare of themselves by conserving their energy. They place sufficient energy in the right place so as to hinder the communication bandwidth for the entire network or a major part of the network, in very large networks. Each of this type of jammer can be implemented as both proactive and reactive, hence hybrid. 37
Control channel jammers work in multi-channel networks by targeting the control channel, or the channel used to coordinate network activity (Lazos et al, 2009). A random jammer that targets the control channel could cause a severe degradation of network performance, while a continuous jammer targeting the control channel might deny access to the network altogether. These attacks are usually accomplished by compromising a node in the network. Furthermore, future control channel locations can be obtained from the compromised nodes. Implicit jamming attacks are those that in addition to disabling the functionality of the intended target, cause denialof-service state at other nodes of the network too (Broustis et al, 2009). This attack exploits the rate adaptation algorithm used in wireless networks, where the AP (Access Point) caters to the weak node by reducing its rate. Due to this process, the AP spends more time communicating with this weak node than the other nodes. Therefore, when the implicit attacker jams a node which is communicating with the AP, the rate adaptation effect will increase the AP’s focus on the jammed node while causing other clients to suffer. Flow-jamming attacks involve multiple jammers throughout the network which jams packets to reduce traffic flow. As implemented by Tague et al (2008), these attacks are launched by using information from the network layer. This type of jamming attack is good for the resource-constrained attackers. If there is centralized control, then the minimum power to jam a packet is computed and the jammer acts accordingly.
In a non-centralized jammer model, each jammer shares information with neighbour jammers to maximize efficiency. We summarize the features of all the above- mentioned jamming techniques in Table 1. For every type of jammer, we determine whether it is a proactive or reactive, energy efficient or not, and its ability to jam single channel or multiple channels. However, there are some jamming strategies which combine two or more of these techniques (Bellardo and Savage, 2003). For instance, Wilhelm et al (2011) implement a single-tone reactive jamming to generate an optimal jamming strategy by combining the various available forms. Bayraktaroglu et al (2008) use the variations of jammers to analyze the performance of the best jamming strategy in their IEEE 802.11 networks. They experiment with periodic, memoryless jammers based on Poisson processes, channel-aware jammers, and omniscient jammers to conclude that channel-aware jammers are the most effective amongst the four types. In a similar way, Wood et al (2007) use the variations and combination of reactive/random and multi-channel/pulsed-noise jammers to form attacks such as interrupt jamming, scan jamming and pulse jamming. In the interrupt jamming, the jammer stays in sleep states and begins jamming only when it is signaled by the hardware on detection of radio activities. Scan jamming lets the attacker scan each channel first and start jamming if activities are detected. Pulse jamming is the continuously/intermittently jamming on a single channel in which the attacker transmits blindly in short bursts. Placement of jammers 38
In addition to the attacker possessing the above qualities, placement of the jammer plays an important role in effective jamming. Jammers can be placed randomly or can be placed based on a jamming technique which locates the best position to accomplish its objective of jamming with as many nodes as possible. In this section, we will inspect this optimization problem by looking at various placements of jammers. Optimal jamming attacks Li et al (2007) show that the probability of jamming can be made high if the attacker is aware of the network strategy as well as its transmission powers. In addition, the jammer needs to have knowledge about the network channel access probabilities and the number of neighbors to the monitor node (detecting node). All the other nodes in the network just perform the usual IEEE 802.11 simplex communication. The monitor node uses the Sequential Probability Ratio Test for sequential testing between two hypotheses concerning probability of false alarm and probability of missed detection. The jammers and transmitters/receivers are distributed in a given area using Poisson distribution. The expected values of successful transmission are computed in terms of probabilities. If a particular area is jammed, then the monitor node is expected to send the jamming notification out of the area (using multi- hop transmission); this also suffers from the jamming in the area. Using a probability of distribution and a mathematical proof, the authors proved that the optimal strategy for the attacker tends to be rather mild and long-term.
TECHNIQUES OF DETECTING JAMMING ATTACKS Transmitter-Based Detection: In a wireless ad hoc network, the communication takes place among different nodes by sending and receiving data frames. So every node can transmit and receive the data at the same time. Different detection approaches of jamming exists, consider an ad hoc network with node A sending to node B. To apply the decision algorithm which is described in the previous section, the transmitter has to determine the four metrics, as follows PDR (Packet Devilry Ratio) RSSI (Received Signal Strength Indication) PHY rate (Physical Rate) Noise Receiver-Based Detection: The main difference between receiver-based and transmitter-based detection lies in the computation of the PDR. Although in transmitter based detection, the transmitter knows the exact number of data frames sent including all retransmissions; this being a priori not known at the receiver since several frames might get lost during transmission. 39
Therefore, it is necessary that the data frames contain additional information which enables the receiver to determine the total number of sent frames. This can be achieved by adding a sequence number to every single data frame, as in the WLAN standard Dedicated Detection: In case of dedicated detection the RSSI and PHY rate are read from the acknowledgement frames arriving from the receiver, i.e. node B. As always, the noise level is taken from arbitrary frames arriving at the monitor. Based on the gathered statistics over several ACK frames, the monitor then applies the decision algorithm. Finally, the node dedicated to the jamming detection announces his decision to the other participating nodes in a broadcast frame. This broadcasting is then repeated whenever the decision changes in future. Cooperative Detection: This detection scheme is the combination of all the previous three strategies. In this case the technique is to share all the information at all nodes among each other and to make a decision based on this broader view. This means that every participating node in the ad hoc network gathers its own information, independently using any of the above techniques and shares with its neighbors.
Detection through RF Fingerprinting: RF finger printing is used as the way of increasing the wireless network security. As the transmitter of the radio activates, the transmission of the RF signals demonstrates the temporary behavior with reference to the instantaneous frequency and amplitude. The time duration of the transient performance can be changed due to the type of the model and type of the transmitter. The difference between the same types can be observable which can be caused due to the aging and the manufacturing tolerance of the devices. The unique turn-on transient signal behavior is called the RF finger-print of a radio and can be used to identify the transmitter
PREVENTION TECHNIQUES FOR JAMMING ATTACKS Spread Spectrum Spread spectrum has two basic motivations Provide resistance against jammer Hide communication In a wireless environment, most commonly used anti-jamming technique at physical layer is spread spectrum based communication. However it does not fully secure communication against jamming attack. Major drawback being that
40
invader does not have to be conscious of whole spectrum alteration progression in order to interrupt communication. For instance, in the case of voice communication, small part of conversation between human users, if corrupted will have a minor effect on the quality of communication Evasion Techniques Channel Hopping When jammed, communicating nodes hop on to a new channel independently and try to get synchronized with other participants. However, when any node is unable to communicate for a certain period of time it starts listening on other channels in order to sense whether its neighboring nodes have hopped on due to jamming or not. We will further investigate about the typical techniques adopted for temporal retreat. Spatial Retreat Spatial retreat is a mechanism to physically evade the jammed area. The rationale behind this strategy is that when an area is jammed in the wireless network, based on the detection algorithm all nodes try to estimate the jammed region and flee physically in the direction of safer place. Based on their estimation about the jammed region, nodes independently opt for shortest path to avoid being jammed and move accordingly.The spatial retreat approach for two party communication scenario. As wireless networks are vulnerable to such intrusion which interrupts node communication, therefore to survive against such interference basically two approaches are used in this technique:
I. Jammed Area Mapping (JAM) This mechanism employs scattered approach to draw the jammed area so communications with that part of the network node can be avoided during specification of routes [26]. Once, out of the jammed region legitimate nodes try to relocate others and hence, may change their direction and speed according to the predefined algorithm . ii. Node Escape This technique is for the physical escape of the node from the jamming location. In view of the fact that mostly devices of a wireless network are mobile, like cell phones or WLAN enabled laptops, this technique is more likely to be adopted. Main theme being to move away from the jammed area and periodically sense the medium if it has become interference free. This procedure is repeated till node reaches to an interference free location Retreat Restoration A very important phase of handling jamming in an adhoc network is to restore a network to non- defensive mode when the attacker goes out of range. This phase is highly important because in adhoc networks our prime focus is to conserve energy utilization so as to prolong lifetime of nodes. In a proactive defense mode energy consumption is increased by manifolds. Hence making it all the more vital to bring down network nodes to a normal level of energy consumption essential for basic functionality in terms of performance. Retreat restoration can take place in either the manner; by coordinated or uncoordinated communication. The communication is based on a pre planned hop pattern between senders and receivers. Such pattern is already decided among the network nodes prior to starting communication and as soon as nodes intend to get in synch with any particular node they switch channel or frequencies according to the pre-defined pattern to find the receiver node. Such pre-defined hop coordination can be a formula for finding the right control and data channel. 41
Hybrid Approaches These approaches are the ones which have defined new protocols based upon multiple of existing approaches to present an even effective anti- jamming mechanism. Some approaches involve preemptive channel hopping or frequency hopping instead of reactive ones in order to prevent getting into a state where jamming disrupts normal communication. Other implementations include synchronous and asynchronous spectral multiplexing where the concept of intermediary nodes has been introduced to communicate at multiple channels. When a node changes its channel because of jamming one of its neighbors takes upon itself to communicate with the node on its new channel and rest of the network on the old channel. Another strategy which targets prediction of nodes which are about to be jammed and hence should be removed from routing in a wireless network. This strategy uses LEACH as its base routing protocol and uses JAM for predictive determination of jamming holes Cognitive Radio In his study describe some attack mitigation schemes like robust Sensory Input, Mitigation in Individual Radios, and Mitigation in Networks. In robust sensory input, the improved input sensor helps significantly to reduce the credulity of cognitive radios. For example, if radios could carefully characterize the difference between interference and noise, they could distinguish between natural and man-made RF events. Such sensors could also feed specialized policy engine subroutines that specifically look for hostile signals that may be attempting to corrupt a radio’s beliefs. If the radio maintains learning, whenever this loop results in a new operating state for the radio, another stage called Learn is injected into the cognition cycle that allows the radio to add to its memory information about how the radio transitioned to this new operating state information that can be used by Plan and Decide in future cognition cycles. Improving sensor input can significantly help reduce the gullibility of cognitive radios.
42
Chapter 04 Results and Discussion
43
44
45
46
47
48
