Part III: Wireless
advertisement
Part III: Wireless In this, the final module of the course, you will be introduced to how digital information,in the form of bits, is moved from one location to another through free space−that is, without using wires or cables. However, while the ability to move information through free space makes communication more convenient, it also makes communication more susceptible to eavesdropping or jamming. Therefore, we will also explore the vulnerabilities of wireless communication. 439 440 Chapter 19: Communications Systems, EM Spectrum, and Signals Objectives: (a) Describe the four components of a communications system and the impact on security of using free space as a communication medium. (b) Identify communication applications for various bands of the electromagnetic spectrum ranging from extremely low frequency (ELF) to extremely high frequency (EHF). (c) Define the term signal and explain the basic properties of a sinusoidal electromagnetic signal (period, frequency, wavelength, phase, and amplitude) and describe their mathematical relationship. (d) Plot simple (sinusoidal) electromagnetic signals in the time and frequency domains; interpret time- and frequency-domain plots to determine the associated signals. (e) Define and calculate bandwidth of transmitted signals. Connection to Cyber Security This chapter marks the beginning of the third part of EC310. In Part I: The Host, we examined how data are stored and accessed in memory at the machine level and examined the resulting threats against a specific computer, focusing on the buffer overflow attack. In Part II: Networks, we concentrated on understanding how the Internet works and how networks are just as important and vulnerable as the individual host computers that reside on them. In Part III: Wireless, we will gain an appreciation for communicating in an environment without physical connections to every computer, router, etc. in the network, leading up to how wireless communication systems can be hacked. (Graphic by Dane Brown) I. Communications Systems and the Electromagnetic Spectrum A. Communication Systems The purpose of a communications system is to transmit information over a distance. This “information” could be audio (such as speech or music), video, sensor data (temperature, pressure), or other data (e.g., text, stock prices, photos, etc.). “Over a distance” may mean from here to the other side of the world via a satellite, or from one computer to another in a network, or from your computer’s CPU to its RAM. Any communications system consists of the following basic components, which are shown in the following figure. There are four main components: • Transmitter – converts information into an electronic form suitable for the channel • Channel – the physical medium through which an electronic signal travels 441 • • o e.g., wire, fiber-optic cable, free space (i.e., air), water (sonar) Receiver – converts the received signal back to a usable form Noise – undesired, random corrupting energy The information is passed to the transmitter. The receiver produces a “recovered” information signal, which may not be the same signal that was transmitted. This is because a significant, though undesired, occurrence in all communication systems is noise, which is random energy that enters the system and interferes with (corrupts) the transmitted message. If the noise is strong enough, the information signal may not get through at all. You’ve all heard what noise sounds like, for example on a telephone (we sometimes refer to it as static). If the static is very powerful you will only hear a small portion (or none) of the words that are spoken to you. This relationship between the useful signal and corrupting noise will be formalized in chapter 23. Noise can be divided into two broad categories: • External noise is noise introduced into the transmission channel from outside sources. Examples include: o Industrial noise arising from man-made electrical sources (e.g., motors, generators, switches) o Atmospheric noise due to naturally occurring disturbances in earth’s atmosphere (e.g., lightning) o Extraterrestrial noise due to solar and cosmic activity. • Internal noise is noise introduced by the electronics inside the receiver itself. Examples include: o Thermal noise o Semiconductor noise For the third block of this course, we will focus on communications systems in which our channel or medium is free space. Free space can refer to a perfect vacuum (as you might recall from physics), or to the air (as opposed to transmission through a wire or other material). Signals that propagate in free space are often referred to as “wireless” or “over-the-air” signals, and all signals in free space are part of the electromagnetic spectrum. With wireless routers and satellites part of almost every network, especially in military applications, understanding the electromagnetic spectrum is critical to cyber security. B. Electromagnetic Spectrum The electromagnetic spectrum is the range of all possible frequencies of electromagnetic waves. The spectrum is broken into regions/ranges and classified by frequency and/or wavelength. The frequency (f ) of an electromagnetic wave is a measure of how rapidly it oscillates. Frequency is measured in Hertz (1 Hz = 1 cycle/sec). The period (T) of an electromagnetic wave is the length of time required to complete one cycle. The period is measured in seconds, and is the reciprocal of the frequency in Hz (T = 1/f). Wavelength (λ) is the physical distance between the peaks of one cycle of a transmitted wave as it moves through the medium, and is measured in meters (m). The following plots show an EM wave’s voltage as a function of time (left plot), and as a function of distance (right plot). For electromagnetic waves traveling in air (or vacuum), we will assume that they travel at the speed of light (c) which is roughly 3 x 108 m/s. The wavelength is inversely proportional to the frequency, and is related to the speed of light by: . 442 The specific bands of frequencies in the EM spectrum is shown in the following figure. In this course, we are concerned with communications in the frequency ranges from ELF to EHF. Later in the course, you will see that antennas are needed to transmit information using the EM spectrum. The following figure should give you an idea of the relationship between wavelength size (which will determine antenna size) and transmission frequency throughout the Electromagnetic Spectrum. You should be familiar with the frequency ranges for communications from ELF to EHF. • Extremely low frequency (ELF) 30 Hz to 300 Hz. Power line frequencies and low end of human audio. • Voice frequency (VF) 300 Hz to 3000 Hz. Typical range associated with human voice. • Very low frequency (VLF) 3 kHz to 30 kHz. Used for communications with submerged submarines. • Low frequency (LF) 30 kHz to 300 kHz. Long range radio navigation. • Medium frequency (MF) 300 kHz to 3000 kHz. AM radio and long range communication. • High frequency (HF) 3 MHz to 30 MHz. Known as “short wave”, used by two-way radio. • Very high frequency (VHF) 30 MHz to 300 MHz. Radio communications and FM radio. • Ultra high frequency (UHF) 300 MHz to 3000 MHz. TV, military and cell phones. • Super high frequency (SHF) 3 GHz to 30 GHz. Microwave. Satellite communications and radar. • Extremely high frequency (EHF) 30 GHz to 300 GHz. Satellite communications. Practice Problem 19.1 What is the wavelength of an FM radio station whose broadcast frequency is 101.1 MHz? Practice Problem 19.2 What is the frequency of a signal whose wavelength is 8 cm? Bandwidth Bandwidth is the amount of the frequency spectrum occupied by a signal regardless of where it is in the spectrum. It is the difference between the upper and lower frequency limits of the signal. Typical bandwidths: • AM Radio Station – 10 kHz • FM Radio Station – 180 kHz • Broadcast TV Station – 6 MHz 443 If a signal occupies the range of frequencies between approximately 300 Hz and 3000 Hz. The following figure demonstrates that for that signal, it’s bandwidth would be 2700 Hz. Federal Communications Commission (FCC) The electromagnetic spectrum is crowded; everyone wants some bandwidth. The FCC was established by the Communications Act of 1934 to regulate interstate and foreign communication. The FCC: • Allocates bands of frequencies for specific uses • Sets limitations on broadcast power • Monitors broadcasts to detect unlicensed operations and technical violations • Auctions spectrum usage The FCC controls which portions of the EM spectrum are used for various purposes (e.g. FM radio, AM radio, broadcast TV, satellite communications). The FCC also makes sure that transmissions do not interfere with each other (two transmitters physically close to each other transmitting in the same frequency range can destroy each other’s signals). For example, Washington D.C. can have an FM station that transmits at 101.1 MHz (the FM station called FM101), but Baltimore cannot have an FM station that transmits at 101.1 MHz because it is too close to the Washington D.C. station (approximately 35 miles away). Because the spectrum is a non-renewable resource in a society that is increasingly connected it is incredibly precious. To give you an idea of its value, 400 MHz of spectrum was auctioned by the FCC in 2015 and sold for $44.9 billion dollars! II. Signals as a Function of Time and Frequency Recall that the purpose of a communications system is to transmit information over a distance. The block diagram for a communication system is again shown below. Thus far, we’ve covered that during the final section of this course we’re going to focus on free space as our channel or medium, which means we’re considering the electromagnetic spectrum. Why do we care? Information can be in various forms. We transmit information in the form of a signal. A. Signals A signal is a function that conveys information. Signals are considered either analog or digital. Analog Signals An analog time-signal is one that is defined along a continuum of times and amplitudes. For example, the continuous changes in air pressure produced by a vibrating vocal cord or guitar string are examples of analog voice and music signals, respectively. An analog signal can take on an infinite number of values between a maximum and a minimum level; that is, the values are from a continuum. Some examples of analog signals are shown below. 444 Digital Signals A digital time-signal, in contrast, is one that is defined for only discrete values of time and amplitude. Digital signals change in discrete increments and can be used to represent binary information, such as that used by computers. Although this is its strict definition, the term “digital signal” is also often used to refer to continuous-time signals that can take on only a fixed set of states or amplitude values. We will adopt this usage frequently in EC310, and these are the types of digital signals shown in the figure below. Digital signals will be covered in more detail in Chapters 21-22. A simple example of a signal, widely used in both analog and digital communications is a tuning fork (that is, the sound it produces is its signal). You can hear the tuning fork, but if you were to look at it graphically as a function of air pressure over time, you would see a something that looks like this, which is a sine wave at a frequency of 440 Hz. 0.15 0.1 0.05 0 -0.05 -0.1 -0.15 0 0.005 0.01 0.02 0.015 0.025 B. Time Domain (Sine Wave) Earlier in this chapter, we discussed some basic properties of sinusoidal (electromagnetic) waves. A sinusoidal voltage waveform can be expressed mathematically in the following way: Amplitude (Vm) – distance from average to peak (in volts) Period (Tm) – time to complete one cycle (in seconds) Frequency (fm) - number of cycles in one second (in Hz) Phase (θm)– Left/right shift with respect to the t = 0 axis (in radians) The sine wave is one way to represent the sound the tuning fork makes as a function of time. This is referred to as its “time domain” representation. If the amplitude of the signal is 2 Volts, then the equation for the tuning fork signal would be: . This signal can also be represented in terms of its frequency content (i.e., which frequencies are present in the signal) in the “frequency domain.” C. Frequency Domain (Frequency Spectrum) To display a signal in the frequency domain, we determine the frequency content of the signal (which can be done using Fourier theory or, for this class, when the signals we will analyze are composed of sinusoids it can be done by inspection). The frequency content is then displayed on a plot of magnitude vs. frequency. (magnitude is the absolute value of amplitude). Since our tuning fork is a very simple tone with a single frequency component of 440 Hz and an amplitude of 2V, the frequency domain plot looks like this: 445 Both the time-domain (sine wave) and the frequency-domain displays represent the important characteristics of the tuning fork as far as a communication system is concerned– they’re just different ways to express the same signal. For communication engineers, the primary interest is what portion of the frequency spectrum does the signal occupy and how strong is the signal (magnitude); for our purposes, phase offset (if present) is not part of the frequency plot. Suppose we had a slightly more complicated signal. Suppose . In this case, there are three sinusoids (i.e., there are three frequencies in the signal) so the frequency plot will have three spikes, at the three frequencies given, with heights corresponding to the magnitudes of the amplitudes given. Again, the phases shown are not a part of this plot. Part of the benefit of a frequency domain representation is that certain signal attributes, like bandwidth, are easy to visualize. For instance, in the above graph, you can quickly see the bandwidth is 1100 Hz – 440 Hz = 660 Hz. 446 Problems 1. What is the purpose of a communications system? Draw and explain the components. 2. What part of the electromagnetic spectrum (frequency range) is visible to humans? 3. Find 5 major uses of the UHF band (Use a book or the Internet to find your answer). 4. Calculate the frequency of signals with the following wavelengths: 5. 6. a. 30 m b. 2 km c. 8 cm AM Radio a. What is the frequency range used by AM radio broadcast stations? b. What is the bandwidth (BW) occupied by each station? Given the sine wave below, answer the following questions: a. What is the period of this signal? b. What is this signal’s amplitude? c. What is the frequency of this signal? d. In which range of the electromagnetic spectrum would this signal be classified? e. What is the wavelength of this signal? f. Sketch this signal in the frequency domain. 447 7. Given the following equation for a signal, sketch the frequency plot. Put your frequency axis in kHz. 8. Given the following plot, write the equation for one signal that has this as its frequency plot (note: there is not one single answer). 448 Security Exercise 19 Introduction to Signals in the Time and Frequency Domains PART I: INTRODUCTION & SINUSOIDAL SIGNALS Check-off each step as you complete it. Step One: Function generator setup. □ □ □ □ Turn on power to the lab bench . The power switch is on the right side of the lab bench and is labeled "120 V OUTLETS." The switch should be in the raised position if power is on. Locate the "10MHz Function/Arbitrary Waveform Generator" on the lab bench and turn the power on. We will refer to this equipment as simply the "function generator." Select the sinusoidal function by pressing the button with the Sine wave on it. The function generator display should indicate a small sine wave. Turn any other lit buttons off. As the name implies, the function generator is able to generate electrical signals. For this lab we will use the function generator to generate sinusoidal voltage waveforms. We will set the frequency to 1.75 kHz using the key pad method. □ □ □ Select the Frequency (Freq) function using the soft keys under the display screen. Enter the desired frequency (1.75) using the key pad. Enter the desired units (kHz) by pressing the button under kHz on the screen. We will set the size of the waveform to 10 Vpp (volts peak-to-peak) using the key pad method. □ □ □ □ □ Select the Utility function and then select the Output Setup soft key. Check that High Z is highlighted. If not, push the Load/High Z button until it is highlighted. Push Done. Select the Amplitude (Ampl) function using the soft keys under the display screen. Enter the desired amplitude (10) using the key pad. Enter the desired units (Vpp) by pressing the button under Vpp on the screen. Press the output button. It should now be lit indicating the function generator is producing an output. Right now your function generator is generating a 1.75 kHz signal that has a peak-to-peak voltage of 10V. But…that signal is not leaving the function generator. To see the signal, we will send the output of the function generator to an oscilloscope. Proceed to Step Two! Step Two: Oscilloscope familiarization. 449 □ Locate the oscilloscope at the top of your lab bench and turn its power on. The power push button is located on the top left of the oscilloscope. The oscilloscope can receive electrical signals from two probes, channel 1 (CH 1) and channel 2 (CH 2). We have attached adaptors to CH 1 and CH 2, so that they can receive electrical signals via our banana plug cables. □ □ Locate the CH 1 input on your oscilloscope. It will have a two-input (RED / BLACK) banana plug adaptor installed. Connect banana plug cables (which can be found under the bench on the plastic Quad board) from the function generator’s output to the CH 1 input on the oscilloscope (connect red-to-red and black-to-black). The oscilloscope has the ability to measure and display two different electrical signals, but only with respect to one common reference point. The BLACK CH 1 input provides this common reference point (ground) for both CH 1 and CH 2. Therefore, CH2 has an adaptor for only one banana plug. We will not be using CH2 for this lab. Before looking at our sine wave on the scope in detail, let's first pause and look at a generic display which explains how the information on the oscilloscope screen is presented. Your screen will not look like the screen shown in Figure 1 below! In the figure below, we see that the oscilloscope display is divided up into eight major vertical divisions. The bottom left corner of the oscilloscope—where you see "CH1 100mV"—indicates the number of volts per division for a given channel. You can see that CH 1 and CH 2 indicate 100mV per division, therefore each major division in the vertical axis represents 100mV. Similarly there are ten major divisions on the horizontal axis that represent time. Each major division on the horizontal axis of the display represents 250μs. CH1 and CH 2 can have different Volts/Div, but will always share the same Sec/Div. Step Three: Display your sine wave with the oscilloscope. □ Press the AUTOSET button( top right) on the oscilloscope. AUTOSET will measure the input signals for the channels selected and attempt to display something meaningful. 450 □ □ □ □ □ With the CH 1 menu selected, adjust the position of the vertical axis zero level by rotating the vertical position knob in the CH 1 column, so that the “1→” on the left side of the display is adjacent to the major horizontal axis (centered vertically on the display). If needed, press the CH2 Menu button twice to turn off the CH 2 trace, since nothing is connected to CH 2 for this lab (CH 2 is displaying background noise). Press CH 1 MENU on the oscilloscope and make the following settings. Coupling: AC BW Limit: OFF Volts/Div: COARSE Probe: 1X Invert: Off Adjust the VOLTS/DIV knob under the vertical section in the CH 1 column, so that CH 1 indicates 2 Volts/Div on the bottom left corner of your display. Adjust the SEC/DIV knob under the horizontal axis, so that the oscilloscope indicates 100 µs per major division on the LCD on the bottom middle of your display. Step Four: Measuring the waveform on the oscilloscope. Manual method. The first method is by counting the divisions of grid and applying the scale (volts/div for vertical, or sec/div for horizontal). This will only provide you with approximate values with little precision. Question 1. Fill out the table on your answer sheet using this manual measurements method. Specifically: □ Using the vertical scale, determine the peak-to-peak voltage on CH1 which is the total voltage from positive peak to negative peak. That is, you should count the number of vertical divisions from peak to peak, and multiply the number of divisions by the number of volts/division. □ From your measured Vpp, determine the amplitude of the signal (Vm). □ Using the horizontal scale, determine the period (Tm) and then calculate the signal's frequency. That is, you should count the number of horizontal divisions for one full cycle, and then multiply the number of divisions by the number of microseconds (in this case) per division. Taking measurements with cursors. The oscilloscope has time and amplitude cursors that you can move on the plot to help take measurements of voltage, period and frequency. □ □ □ □ □ □ Press the Cursor button (top middle) to view the cursor menu on LCD. Then choose the Type of cursor to be Amplitude by cycling through the options on the button associated with this menu option. Two horizontal cursors will now appear that are moveable. Choose the Source to be CH 1. Two cursors are now available for you to move around the display. Push Cursor 1 to move the first cursor, and Cursor 2 when you want to move the second cursor. The cursors are moved using the large knob next to the green power-on light. Place cursor 1 at the sinusoid’s maximum voltage, and cursor 2 at it’s minimum. The ΔV value (which is the voltage difference between the two cursors) can be read out on the right side of the display…this is the peak-to-peak voltage. Then choose the Type of cursor to be Time by cycling through the options on the button associated with this menu option. Two vertical cursors will now appear that are moveable. Adjust the two time cursors to allow you to measure the period of the sinusoid. Question 2. Fill out the table on your answer sheet the using cursor measurements method. Taking automatic measurements. The oscilloscope has the ability to take automated measurements of voltage, period and frequency. 451 □ □ □ □ □ Press the Measure button (top middle) to view the measurement menu on LCD, then push the top menu box button to highlight Source and select CH1 for Measure 1. Then choose the Type of measurement to be Pk-Pk by cycling through the options on the button associated with this menu option, and then hit button for Back option Press the second to top menu box button to select Measure 2. Then choose the Type of measurement to be Freq by cycling through the options on the button associated with this menu option, and then hit button for Back option You can add new measurements for all 5 buttons. Amplitude is not automatically measured but can still be calculated from the peak-to-peak voltage as before. Record your results in Question 2. Question 3. Fill out the table on your answer sheet using the automatic measurements method. Consider how you would describe your sinusoidal signal as an equation:. The phase describes the start of one signal relative to another, so we will assume the phase is zero. . Write your equation for the sinusoid based on your Question 4. The equation for a sine wave is measurements from the previous pages. Step Five: Measuring a pure sine wave in the frequency domain. Our scope can also provide a frequency spectrum of a signal. For this particular sinusoidal signal we know it is periodic and has a single frequency, fm, described by the previous measurements and shown in our equation. Now let us see how this signal is displayed in the frequency domain. The oscilloscope performs a Fast Fourier Transform (FFT) and displays the magnitudes of the frequencies present in the signal vs. frequency, so the horizontal scale shows frequency (in Hz) instead of time. □ □ □ Press AUTOSET (top right) and you will see the options to display the signal in time or in frequency (FFT). Push the button next to the FFT and you will see a spike at a particular frequency. Set the horizontal scale to read 250Hz per division by turning the Sec/Div knob. At this point, you should see one large spike in the display (which corresponds to the sinusoidal signal from CH1, and also many smaller spikes scattered throughout the frequency spectrum (this is noise). Your concern is the large spike. Question 5. The left edge of the display is 0 Hz, and frequency increases from 0 Hz as you move to the right. Determine the value of the frequency component ( fm= ?) by counting the number of horizontal divisions and multiplying that by the number of Hz per division. You can check your answer using the frequency cursor: □ Press the Cursor button (top middle) to view the cursor menu on LCD. □ Choose the Source to be MATH (note: this is because the FFT is a mathematical computation). □ Then choose the Type of cursor to be Frequency. Two vertical cursors are now available for you to move around the display. Push Cursor 1 to move that cursor, and place it on the largest spike. The readout of frequency will be displayed on the right side of the LCD. Question 6. Sketch your frequency plot (as seen on the oscilloscope) and label the axes with your values. Include the smaller noise spikes. Have your instructor check it. Note: this oscilloscope displays amplitude of the frequency content in decibels (dB) vice volts, as you have been taught. The default vertical scale is 10 dB per vertical division, and the bottom of the scale is 0 dB, so label the vertical axis accordingly. Use the Amplitude cursor on the FFT plot to determine the heights of the spike. PART II: PUTTING YOU TO THE TEST—UNKNOWN SIGNALS So…are you comfortable using the function generator and the oscilloscope? Let's find out! 452 Your instructors have pre-set two different sinusoidal signals into the function generator. Your goal is to determine the amplitude and frequency of each. □ □ □ Reset the Oscilloscope back to the time domain from the frequency domain, by pressing the Autoset button and then selecting the button next to the multiple cycles of a sinewave (at the top, above the FFT button). (If the pesky Channel 2 display is active, hit CH2 Menu twice.) Ask your Instructor/Lab Tech to enter Challenge Signal 1. You will find this challenging because it is named "Challenge Signal 1." Push AUTOSET on the Oscilloscope. Determine the amplitude and frequency of the sine wave. Obviously you should use only the oscilloscope (do not try to finagle with the function generator, pushing various buttons to see if it will cough up the answer!) Use only the oscilloscope! Place your answers in Question 7. Show your instructor or lab tech before continuing. □ □ Ask your Instructor/Lab Tech to enter Challenge Signal 2. You will find this challenging because…well…you know. Push AUTOSET on the Oscilloscope. Determine the amplitude and frequency of the sine wave. Use only the oscilloscope! Place your answers in Question 8. Show your instructor or lab tech before calling it a day. PART III: IT'S A WRAP! □ □ □ □ Unplug and stow the banana plug cables. Turn off your oscilloscope. Turn off your function generator. Pat yourself on the back for your cyber expertise. 453 454 Security Exercise 19 Answer Sheet Name: __________________________________________________________________________________________ Question 1: Peak-to-peak (Vpp) Amplitude (Vm) Period (Tm) Frequency (fm) Peak-to-peak (Vpp) Amplitude (Vm) Period (Tm) Frequency (fm) Peak-to-peak (Vpp) Amplitude (Vm) Period (Tm) Frequency (fm) vm(t) (CH1) Question 2: vm(t) (CH1) Question 3: vm(t) (CH1) Question 4: vm(t) =____________________________________ ( Show values) Question 5: Question 6: __________________________________ Instructor / Lab Tech Question 7: Question 8: Amplitude: __________ Frequency: __________ Amplitude: __________ Frequency: __________ ___________________ Instructor / Lab Tech ____________________ Instructor / Lab Tech 455 456 Chapter 20: Intro to Modulation Objectives: (a) Define the term baseband signal and describe some potential limitations associated with transmitting baseband signals directly. (b) Discuss the role of modulation in signal transmission and the methods of modulating a sinusoidal carrier. (c) Using a plot of an AM signal, determine Vmax, Vmin, Vm, Vc and m. (d) Create a frequency plot for and determine the sidebands and bandwidth of an AM signal where the information signal consists of one or more distinct sinusoids. (e) Determine the condition for overmodulation in an AM signal, and the consequence of overmodulation. Connection to Cyber Security In Chapter 19, we defined a communications system and learned that the wireless section of EC310 will focus on communications in which the communication channel is free space. We also learned that in order to send any information through a communications system it must be in the form of a signal (which is the name given to the function that conveys our information), and if our communication channel is free space, it means we’re dealing with signals carried in the Electromagnetic Spectrum (EM). Finally, we learned that signals can be represented as a function of either time or frequency. Wireless channels have different vulnerabilities than we saw in the host section of the course, because of the frequency of transmission. It is possible that a wireless network can be attacked like we saw in the networks section of the course, but to see how such a cyber attack can be carried out on a wireless network or a wireless communication in general, you must first understand how information is carried through the wireless channel. 1. Baseband Signals If you’re sitting in your EC310 classroom in the basement of Rickover Hall and you speak to the student next to you, will that person be able to hear you? Will you be heard across the room? How about at the end of that loooong Rickover passageway? Does anyone in Bancroft have a chance of hearing what you’re grumbling about in your EC310 classroom? Why not? Your voice doesn’t travel as far as you might like it to—your voice creates pressure waves in the air, and the strength of these waves attenuates over distance. The louder you yell the farther you’ll be heard, but this of course has its limits. As an alternative to walking around screaming all day, you might consider speaking at a more normal volume into a microphone. A microphone is a device that transforms sound pressure waves into electrical signals. You could then send the electrical output of the microphone to an antenna. Then your voice frequencies would travel as electromagnetic waves (“radio waves”), and as long as you provided enough power to the antenna, you could presumably greatly extend the geographic range of your EC310 musings. In this chapter, we’ll see that the latter approach is on the right track, but in order to be practical, it requires a bit more finesse. In this example our voice signal, which you’ll recall is comprised of frequencies roughly in the range between 300 Hz and 3 kHz, is what we call a baseband signal. Baseband signals are information signals at their original frequencies, typically low frequencies. To transmit a baseband signal directly as is, we use baseband transmission…as you’ll see in shortly, communication systems typically will upshift the frequency spectrum of baseband signals to a higher range of frequencies to allow transmission through the atmosphere. In general, before signals can be transmitted effectively, they must first be converted to a form that is compatible with the communication medium. One facet of this conversion is transducing the signal from its natural physical form into an electrical signal. For example, • Microphones convert acoustic pressure waves (sound) into electrical signals. • Video cameras convert light patterns into electrical signals. • Computer keyboards convert physical input (typing) into an electrical signals. But, as alluded to above, even after converting your voice signal to, say, a voltage signal using a microphone, attempting to transmit it over the air as a baseband signal is impractical. Why? Let’s look at an example that will point us in the right direction. 457 Practice Problem 20.1 Physics dictates that antenna length is intrinsically tied to the wavelength of the signal it is transmitting or receiving. To transmit a signal through the atmosphere with an antenna efficiently, the length of the antenna must be at least a tenth of a wavelength long. What is the approximate length of the antenna required to transmit the sound of a tuning fork (which creates musical note A = 440 Hz)? Note: this sound must be transduced into an electrical signal first before it is transmitted. Wait! To transmit that lousy tuning fork signal my antenna needs to be at least 68 km? That’s over 42 miles! We’d need an antenna that extends into the upper parts of the atmosphere for that. Clearly, that’s not going to work. Well, I know that if I want to listen to the Navy game on the radio (because for some reason I avoided the mandatory fun), I can tune in to AM radio station 1430 WNAV. Recall that from Chapter 19, when referring to a commercial AM radio station, such as 1430 WNAV, that the 1430 refers to the center of its transmission frequency in kHz. So what size antenna does WNAV use? Practice Problem 20.2 (a) What is the wavelength of an AM radio station whose transmission frequency is 1430 kHz? (b) What is the approximate antenna length if the station uses an antenna that is half the wavelength long? 105 meters? Okay, that’s still big – it’s about 115 yards - almost an entire football field… but at least you don’t need an antenna that reaches into outer space now. In reality, WNAV’s antenna, pictured at right, is 117 meters. We’re close! The purpose of those two examples was to demonstrate that we need to somehow get our baseband information to a higher frequency (shorter wavelength) in order to be able to transmit it across our channel. Higher frequencies give us reasonable antenna sizes plus some added benefits: first, signals will attenuate less quickly if the higher frequencies are well-chosen. Second, multiple people whose voices all occupy the same baseband frequencies - can communicate without interfering if each transmits on a different higher frequency range. We can shift baseband information to higher frequencies for transmission using a process called modulation. 458 2. Modulation To overcome limitations of the communications channel and permit multiple access, information signals are impressed upon a higher-frequency carrier signal for transmission. This process is called modulation. Now we’re dealing with two signals: 1. Original (“baseband”) information signal - frequency is too low to transmit efficiently 2. Higher frequency (“carrier”) signal - we can transmit this efficiently, so we use it to carry our information Mathematically, representing the higher-frequency carrier is given by: the sine wave Modulation is the process of varying any of three properties (amplitude, frequency or phase) of a high-frequency carrier using the lower-frequency information signal (baseband signal). A modulator is a component of a communication system which achieves modulation. The three types of modulation we will focus on are: • Amplitude modulation (AM) – Varying the amplitude Vc of the carrier with the info signal. • Frequency modulation (FM) – Varying the frequency fc of the carrier with the info signal. • Phase modulation (PM) – Varying phase angle θ of the carrier with the info signal. Since the intention of the “Wireless” section of EC310 is to give you a broad understanding of wireless communication techniques rather than to make you communication engineers, we’re only going to go into more detail with amplitude 459 modulation (AM) in this chapter. This is NOT to say that frequency modulation and phase modulation are unimportant – they’re very important and very widely used. The fact is that there’s only so much modulation that can be reasonably covered in the last several chapters of this course, and AM is the easiest to visualize and demonstrate. Later, in Chapter 22: Digital Modulation, we will again address amplitude, frequency and phase modulation to some extent as they apply to digital communications. 3. Amplitude modulation (AM) In amplitude modulation, the information signal is used to vary the amplitude of the carrier sine wave. For simplicity, consider a sine wave information signal, vm(t) (a 440 Hz tuning fork) and a sinusoidal carrier, vc(t) (frequency 5000 Hz (5 kHz)). The diagram of an amplitude modulation system using this information signal follows. The AM wave (vAM(t)) is the product of the carrier (with amplitude = 1) with a modulating signal. The modulating signal is the information signal vm(t) with an added offset, Vc. The AM signal is then given by: In the figure below, the top plot is of the information signal and the bottom is the resulting AM signal. Note that the information signal starts at a value of zero (for approximately 2 msec), so the resulting AM signal is the unmodulated carrier signal (meaning that the carrier is not being modulated). When the information signal is no longer zero, it starts to modulate the carrier’s amplitude as shown.The horizontal axes are time in msec. The information signal is equal to zero at the beginning, then changes to the tuning fork sine wave at approximately 2 msec. Here, the carrier and information signal parameters are: fc(t) = 5 kHz, Vc = 10V, fm(t) = 440 Hz, Vm = 7.5V. 460 A zoomed-in plot of the resulting modulated AM signal is as follows, showing the graphical relation between Vm and Vc: The envelope of the modulating signal (which is drawn onto the AM signal below in a dashed red line) varies above and below the unmodulated carrier amplitude, Vc. It is the envelope that carries the information signal; the receiver must separate the envelope from the received AM signal to recover the information that was transmitted. In this case, the envelope is in the shape of a sine wave, which is the same as the information signal. The values of Vm and Vc are related by the modulation index (m). Modulation Index The relationship between the information signal amplitude, Vm , and the unmodulated carrier amplitude, Vc , is expressed as a ratio called the modulation index (m), defined as: m= Vm VC Sometimes m is expressed as a percentage: percent modulation = m x 100%. The following figure shows the AM signal at three different values of percent modulation: 20%, 50% and 90%. Overall, the greater the value of m, the closer the envelope gets to the horizontal (time) axis. 461 We can also mathematically determine the modulation index m from the maximum and minimum values of the envelope of vAM(t) as follows, where Vmax is the maximum value of the envelope and Vmin is the minimum value: Vmax − Vmin 2 Vmax + Vmin Vc = 2 Vm Vmax − Vmin = m = Vc Vmax + Vmin Vm = In order for the AM signal to convey the original signal accurately and prevent distortion, the information signal amplitude (Vm) must be less than the unmodulated carrier signal amplitude (Vc). Here again, the unmodulated carrier refers to the AM . The maximum usable signal if the information signal amplitude is equal to 0 (Vm = 0), in which case, modulation index is m = 1.0, corresponding to 100% modulation, when Vm is equal to Vc. When Vm is greater than Vc (that is, m > 1), overmodulation occurs. Overmodulation, depicted below, results in distortion of the AM signal’s envelope, and since the envelope holds the information, the recovered information signal is also distorted. 462 Practice Problem 20.3 If a carrier signal vc(t) = 9 sin(2π5000t) Volts is modulated by a sine wave vm(t) =7.5 sin(2π440t) V, what is the percentage modulation of the resulting AM signal? Now that we have a basic understanding of how Amplitude Modulation works in the time domain, let’s look at AM in the frequency domain. 4. AM in Frequency Domain Recall the equation for the amplitude modulated waveform if the information signal is a single sine wave is given by: . We already know the frequency domain representations of the modulating signal (vm(t)) and the carrier signal (vc(t)), but how does the amplitude modulated signal look in the frequency domain? To answer this question, recall the trig identity for the product of two sine waves: Applying this trig identity for product of two sine waves to the AM signal results in: This means that when a single sine wave information signal is used to modulate the carrier in AM, the resulting AM signal contains three sinusoids: one at the carrier frequency, one fm Hz below carrier frequency, and one fm Hz above the carrier frequency. For the tuning fork example, we have: fc = 5 kHz, fc − fm = 4.560 kHz and fc + fm = 5.440 kHz. The trig identity puts the amplitudes at frequencies fc − fm and fc + fm at one half that of Vm. This means the resulting frequency domain plot for this tuning fork example looks like the following (note that the plot shows the magnitude of the frequency content, so the negative cosine amplitude shows up as positive-going spikes on the plot): 463 The process of modulating a carrier creates an upper and a lower sideband that is apparent in the frequency plot. The lower sideband (or LSB) is that portion of the transmitted signal that has frequency content less than the carrier frequency, and the upper sideband (or USB) has frequency content greater than the carrier frequency. For the tuning fork example, the USB is the 5440 Hz cosine, and the LSB is the 4560 Hz cosine. On a frequency plot of an AM signal, the lower sideband is a mirror image of the upper sideband centered about the carrier frequency. What is the AM signal’s bandwidth? Since bandwith is the highest transmitted frequency minus the lowest frequency transmitted, it is (fc + fm) − (fc − fm) = 2 fm = 880 Hz. This is twice the bandwith of the information signal we started with…if we didn’t modulate the information signal, the transmission bandwidth would have only been fm (440 Hz in this case) 43. This means that by transmitting with AM, we have doubled the required bandwith to transmit the signal. Why is this a concern? Bandwidth is the #2 limiting factor in communications systems, and can be expensive to use… so we’re going to want to send as much information as possible while occupying the minimum amount of bandwith possible. Let’s look at a slightly more complex example – suppose the information signal was comprised of two sine waves: What does the AM signal look like? Again, we apply the same trig identity to each sine in the information signal, resulting in: The net result is that for each sine in the message, we will wind up with two cosines in the AM signal: one will have a frequency greater than the carrier frequency, one will have a frequency less than the carrier frequency. The bandwidth is still equal to the highest frequency in the AM signal minus the lowest frequency. This is equal to two times the max frequency in the information signal. That is, if fmax is the maximum of the two frequencies in the information signal (either f1 or f2), then the AM bandwidth is BW = 2 fmax. Practice Problem 20.4 Suppose we want to transmit the sound of a two chime doorbell (f1=349 Hz, f2= 440 Hz) using VLF (very low frequency) communications (let fc = 20 kHz). Each of the chimes has an amplitude of 10V, and the carrier’s amplitude is 20V. Sketch the frequency domain representation of the transmitted signal and determine the bandwidth. Which of the two chime frequencies determines the bandwidth? 2 The bandwidth of a baseband signal is considered to be its maximum frequency content. In this case, if the message is a single sinusoid at a frequency of fm Hz, we say its bandwidth is fm Hz. 464 Practice Problem 20.5 If a carrier signal Volts is amplitude modulated by information signal , sketch the frequency plot for the resulting AM signal and calculate the transmission bandwidth. An example of an even more complicated signal is the signal created by recording an oboe (the musical instrument) playing a single note. When someone blows into the mouthpiece of an oboe to play a note, their fingers are placed over certain holes to create the note. Because of the structure of the oboe (its length, diameter and placement of the holes for example), the sound the instrument makes is actually a combination of a number of tones (sinusoids) with different amplitudes. Different instruments can all play the same note, but each instrument will sound differently because the structure of the instrument produces different sinusoids with different amplitudes. Amplitude modulation of an oboe playing the note Concert A is demonstrated on the next figure. In this figure, the maximum frequency present in the note is approximately 4 kHz, so the bandwidth of the AM signal is BW = 2 fmax = 2 (4 kHz)= 8 kHz. Other common information signals, such as voice or music, are composed of many different frequencies. AM modulation still works the same way, but in order to compute transmission bandwidth, we again compute it as BW = 2 fmax. Again, here, fmax is the maximum frequency content present in the information signal. 5. Demodulation Modulation is used to upshift the frequency content of a baseband signal, to facilitate transmission (e.g., to allow a smaller antenna). Demodulation is performed in the receiver to downshift that frequency content back to its baseband frequency. For example, if the 440 Hz tuning fork signal were transmitted on Annapolis AM radio station WYRE 810AM (fc = 810 kHz), the transmitted signal is at a frequency of approximately 810 kHz, which is well outside our hearing (we can hear signals with frequency content up to approximately 20 kHz). In order to hear the tuning fork signal, our car’s radio receiver must shift the frequency content back down to its original range (440 Hz). This is demodulation; it basically “undoes” what modulation did to the information signal. How demodulation works is beyond the scope of this course, but you should be aware of its importance in a communication system. What’s the point? AM is by no means the only form of modulation (though it’s probably the easiest to work through and visualize). The intent of this course is not to make you all communications engineers, but you do need to have enough background in modulation to understand the implications (especially with regard to bandwidth) moving forward. You’ll see this again in a few lessons, with digital applications. 465 466 Problems 1. (a) Calculate the wavelength of signals with frequencies of 1.5 kHz, 18 MHz, and 22 GHz. (b) Since an antenna that is needed to transmit these frequencies must be at least a tenth of the wavelength, which signal frequency would NOT be practical for direct (i.e., baseband) transmission? (c) Name and define a technique that could be used to transmit the frequency in part (b). 2. An AM signal is comprised of the following two signals: vm(t) = 80 cos (2π5000t) volts vc(t) = 100 cos (2π800,000t) volts where vm(t) is the message and vc(t) is the “unmodulated carrier” (i.e., the output of the modulator when information signal is present). no (a) Find the carrier frequency, the upper-sideband and lower-sideband frequencies, and the percent modulation (m). (b) Suppose vm(t) changes to 120 cos(2π5000t). Find the new percent modulation (m). Give the technical term for this condition and explain the effects of this condition occurring. 3. A radio station, 1280AM, is conducting a monthly test of the Emergency Alert System. The test begins with an annoying sound comprised of two pure tones at 853 Hz and 960 Hz. The signal being broadcast has exactly five frequency components, i.e., the signal could be written as follows: vAM(t) = V1 sin(2π f1 t) + V2 cos(2π f2 t) - V3 cos(2π f3 t) + V4 cos(2π f4 t) - V5 cos(2π f5 t) volts (a) Find the five frequencies that comprise the AM signal being broadcast. Recall that the carrier frequency and the two sideband frequencies for each of the emergency alert tones will be involved. (b) Find the bandwidth for this particular broadcast. (c) Determine which of these two emergency alert tones (853 Hz or 960 Hz) determines the bandwidth. (d) What is the bandwidth assigned to a commercial AM radio station in the United States? 4. Musical notes can be viewed as pure tones (if we ignore the “warmth” added by any particular instrument). Pure tones are signals that contain only one frequency. Chords are combinations of notes, such as the C-Major chord on the piano, comprised of notes C, E, and G. If the radio station 1280AM broadcasts the C-Major chord, it would broadcast the following seven frequencies, listed in ascending order and annotated by note and sideband: f LSB-G f LSB-E f LSB-C f carrier f USB-C f USB-E f USB-G = 1,279,608 Hz = 1,279,670 Hz = 1,279,738 Hz = 1,280,000 Hz = 1,280,262 Hz = 1,280,330 Hz = 1,280,392 Hz Notice that in the lower sideband, the notes are in reverse order. G, the highest pitch in the chord, is always the farthest away from the carrier frequency. The carrier frequency is exactly in the middle. Assume that the carrier amplitude is 100V, and the voltages for the three musical notes are all 20V. (a) Sketch this broadcast in the frequency domain (label frequencies and amplitudes). (b) After demodulation, what frequencies would be heard coming out of a your AM radio’s speaker? (c) Find the bandwidth of the broadcast and determine which note (C, E, or G) sets the bandwidth. 467 5. For the following plots of AM signals, determine Vmax, Vmin, Vc, Vm and m. Show your work! (a) (b) 468 (c) (d) 6. Determine fc and fm for any of the AM signals in problem 5 (parts (a)-(d)). (Hint: fc and fm are the same for each case). Using these values of fc and fm, along with your answers to problem 5, sketch the frequency content for each of these AM signals (parts (a)-(d)). 7. For any of the plots shown in problem 5, determine the bandwidth of the transmission. Note that each of these AM signals has a single sinusoid as the information signal. (Hint: the bandwidth is the same for each case). 469 470 Security Exercise 20 Introduction to Amplitude Modulated Signals PART I: SET UP Check-off each step as you complete it. Step One: Function generator setup. □ □ □ □ □ □ □ Turn on power to the lab bench (the switch on the right that says "120V OUTLETS.") Turn on the function generator. Select the sinusoidal function by pressing the button with the Sine wave on it. The function generator display should indicate a small sine wave. Turn any other lit buttons off. Select the Utility function and Output Setup soft key. Load should be High Z. Push Done. Press the output button. Step Two: Oscilloscope setup. □ □ □ Turn on the oscilloscope. Locate the CH 1 input on your oscilloscope. It will have a two-input (RED / BLACK) banana plug adaptor installed. Connect banana plug cables (which can be found under the bench on the plastic Quad board) from the function generator’s output to the CH 1 input on the oscilloscope (red to red and black to black). PART II: AMPLITUDE MODULATED SIGNAL IN THE TIME DOMAIN An Amplitude Modulated (AM) signal looks somewhat like the figure that follows. This particular depiction includes the AM signal’s envelope, and the definitions of Vm (message amplitude), Vc (carrier amplitude), Vmax (max envelope voltage) and Vmin (min envelope voltage). The information signal (message) modulates the amplitude of the carrier. □ On the Function Generator select the Store/Recall button and then push Recall State and then push State 3 and then 471 Recall State again. Make sure the output button is lit. □ □ □ □ □ □ Push AUTOSET on the Oscilloscope and you will see an AM signal. Press CH 1 MENU on the oscilloscope and make the following settings. Coupling: AC BW Limit: OFF Volts/Div: COARSE Probe: 1X Invert: Off If a trace appears for CH2, then press the CH2 Menu button twice to turn off the CH 2 trace, since nothing is connected to CH 2 for this lab. With the CH 1 menu selected, adjust the position of the vertical axis zero level by rotating the position knob under the vertical section in the CH 1 column, so that the “1→” on the left side of the LCD is adjacent to the major horizontal axis (centered vertically on the display). Adjust the vertical scale (Volts/Div) to enlarge the displayed signal so that it occupies more than half of the oscilloscope display. Adjust the horizontal range (Sec/Div) so that you can see the AM waveform similar to the one shown on Figure 1 above. You may have to adjust the knob for trigger level (it is to the far right below the AUTOSET button) to clean up the signal. Turn the knob so that you see the trigger level (arrow to far right of screen) rise from the center line. Hint: if you have trouble removing the “jitter” from the graph, use the “Run/Stop” button in the upper right hand corner of the oscilloscope to pause the capture. Once the display is properly adjusted, use the boxes on the oscilloscope to measure the following parameters. Record your results in Question 1 on your answer sheet. 1. Measure Vmin and Vmax (see Figure 1). 2. Measure the period of the carrier, Tcarrier (higher frequency signal). You will have to adjust the horizontal (sec/div) scale to accurately measure a the period of a cycle of the high frequency carrier signal. 3. Measure Tmessage, the period of the message (lower frequency signal). You will need to adjust back the horizontal (sec/div). Note: Tmessage measures the cycle of the wave that rides along the top of the carrier as the carrier is modulated. Calculate the modulation index m, the carrier frequency (fc), the message signal's frequency (fm), the amplitude of the carrier (Vc) and the amplitude of the message signal (Vm). Use the equations shown in Table 1 below along with your measured values. Record your results in Question 1 on your answer sheet. Question 2: Determine the equation of the AM waveform displayed on the oscilloscope. Write your answer on your answer sheet using the form below, but with numerical values replacing A, B, C and D: 472 PART III: AMPLITUDE MODULATED SIGNAL IN THE FREQUENCY DOMAIN Let’s look at the frequency spectrum of this signal. In class we manipulated the above equation to show us what frequencies will show up in the frequency domain: There are 3 frequencies in the AM signal: the carrier and its 2 sideband frequencies. So let us try to see this signal in terms of its frequency content. Again, the oscilloscope performs a fast Fourier transform (FFT) and displays the magnitudes of the frequencies present in the signal vs. frequency, so the horizontal scale shows frequency instead of time. The y-axis will show values in decibels, which can be ignored for this lab. □ □ □ Press AUTOSET and you will see the options to display the signal in time or in frequency (FFT). (NOTE: If the FFT option does not appear when you press AUTOSET, then press the MATH MENU button.) Push the button next to the FFT (or stay in FFT operation) and you will see spikes at specific frequencies. Set the horizontal scale to read 12.5 kHz per division using the Sec/Div knob. Question 3. Determine the value of the center and sideband frequencies. Use the Frequency cursor (recall that when using the FFT to show frequency content, the source must be MATH, not CH 1 or CH 2 to use the frequency plot cursors) Question 4. Sketch your frequency plot. Label the frequency axis with your values and have your instructor check it. Question 5. What is the bandwidth of the amplitude modulated waveform? Question 6. Rewrite your AM signal using the form below: vAM(t) = filling in numerical values for A, B, C, D, E and F (different than the A-D above). Question 7. Is this AM signal within the range of commercial AM radio frequencies? Question 8. If the information signal from above contained many frequencies (including frequencies higher than the fm you measured), how would this affect the bandwidth of the amplitude modulated waveform? PART IV: ANOTHER AMPLITUDE MODULATED SIGNAL You have a message signal you would like to transmit, but do not have access to an AM transmitter. An evil user offers to transmit your signal (for a small fee). You pay the fee. Your customers start complaining that your signal sounds terrible. You examine the amplitude modulated signal that the evil user has generated for you: □ □ □ On the Function Generator select the Store/Recall button and then push Recall State and then push State 4 and then Recall State again. Make sure the output button is lit. Push AUTOSET on the Oscilloscope and you will see an AM signal. Eliminate the CH 2 signal (if necessary), vertically center the waveform and adjust the horizontal range and trigger level to stabilize the AM signal. Question 9. Explain the problem with the evil user AM signal (hint: look at the shape of the envelope). 473 474 Security Exercise 20 Answer Sheet Name: __________________________________________________________________________________________ Question 1: Vmax Vmin Vc Vm Tc (µs) Tm (µs) fc (kHz) fm (kHz) m __________________________________________________________________________________________ Question 2: __________________________________________________________________________________________ Question 3: fc = ___________ flsb = _____________ fusb = _____________ __________________________________________________________________________________________ Question 4: __________________________________ Instructor / Lab Tech __________________________________________________________________________________________ Question 5: __________________________________________________________________________________________ Question 6: __________________________________________________________________________________________ Question 7: __________________________________________________________________________________________ Question 8: _________________________________________________________________________________________ Question 9. __________________________________________________________________________________________ 475 476 Chapter 21: Analog to Digital Conversion Objectives: (f) (g) (h) (i) Provide examples of analog and digital communication systems. Describe the advantages of digital over analog communication. Discuss the basic steps of the analog-to-digital conversion process: sampling, and quantizing/encoding. Given an analog waveform, sampling rate, and resolution, determine the resulting quantized signal and the binary encoded A/D output. (j) Calculate the Nyquist sampling rate for an analog signal. (k) Given the number of bits in an A/D process, and sample frequency, determine generated bit rate. (l) Describe how the number of bits used in the A/D process effects the reconstructed analog signal. Connection to Cyber Security In Chapter 20, you learned about modulation, and that it is impractical to transmit signals at baseband frequencies through free space. Modulation upshifts the frequency of transmission, to allow for smaller antennas. For an AM communication system, the signals at various places in the system is shown below. We could have also used FM or PM, in which case the signal that exists in the communication channel (free space) might look like the following, depending on the information signal (left: frequency modulation, right: phase modulation). In a digital communication system, the information is composed of 1s and 0s, and the information signal is composed of voltage pulses that represent the 1s and 0s. Hackers can attack our system in a number of ways, such as “reading our mail” or injecting their own information into our channel. In the digital age, cyber attacks usually fall onto digital communication systems. But where do the 1s and 0s come from? Chapter 21 deals with how 1s and 0s are created from an analog signal. 1. Analog Systems. When you look at the waveform below, you should notice that it is a signal that varies continuously in time and amplitude. If we observed nature, we would see that nature produces signals like this (i.e., changes in pressure, variations in light, sounds, etc.). Analog systems use analog electrical signals to represent these natural patterns, such as the voltage signal created from the sound waves of a person speaking into a microphone, shown in the next figure. 477 What do you think might be an example of an analog system in action? How about an 8-track tape player playing the songs on Michael Jackson’s 8-track album, Thriller. This is a great example of an analog system, but my guess is you have no idea what an 8-track is. So, let’s list some other analog systems that that may ring a bell: AM/FM radios, rotary telephones, cassette tape players, VCRs, broadcast TVs, the microphone you are singing into at Bancroft’s karaoke night… So maybe you’re thinking, “I still have no idea what that stuff is!” There’s probably a reason for that. We don’t really use many systems that are completely analog anymore; digital communications are more widely used. 2. Digital Systems. Let’s think for a second about comparisons between what was used in the past and what you use now: Type of Information Music Videos Broadcast Television Past Device Cassette Tape VHS (VCR) Standard Definition TV Present Device CD DVD/Blueray Disc High Definition TV (HDTV) We want the same types of information but are using a different method to get them: digital systems. Digital systems use electrical signals that represent discrete (often binary) values. The electrical signals are referred to as digital signals. Specifically, binary baseband digital signals use two discrete voltage levels to represent binary 1 or 0 (bits), as shown in the example plots below. Combining multiple bits into words permits us to represent more than just two things. Digital circuits operate on digital signals, performing logic and arithmetic functions. Interesting fact and important to the class: digital signals are not representative of signals that occur in nature. Natural signals are analog, and must be converted into digital format to be used in a digital system. Great! So we’re using a new method to get the same information. Is this a big deal? It is, because using digital systems offers a number of advantages over using analog systems. 3. Digital Advantages. 1. Relative noise immunity. (What is the number one limiting factor in communications? Noise.) Relative noise immunity is the most important advantage of digital communications Between the transmitter and receiver, whether the system is analog or digital, noise always corrupts the transmitted signal. In general, an analog receiver has no idea what the received signal is supposed to be after it has been corrupted by noise, but a digital receiver only has to decide between a finite set of choices: for example, a binary digital system’s receiver must only decide at any time whether or not it is receiving a binary 0 or a binary 1. This means that receiver circuitry can be designed to distinguish between a 0 and 1 even in the presence of a significant amount of noise. It is possible that the noise could be severe enough that the receiver gets confused, and incorrectly decides it is receiving a 0 when it should be deciding a 1 (or vice versa)…these are referred to as bit errors. But in general, digital systems are much better in noisy environments. 478 In long distance digital communications, digital signals can be stripped of any noise in a process called signal regeneration. Consider a long distance transmission that incorporates a set of relay stations in order for the signals to move from transmitter to receiver, as shown in the figure to the right. Relay stations are needed because the farther a signal travels, the weaker it gets; to make it to its destination, it must be amplified and retransmitted at the relay stations. If this was an analog system, the analog signal is received, amplified and retransmitted at each station. However, noise is now a part of the signal, and so is also amplified at each station. In a digital communication system, a digital signal is received (receiver decides 0s or 1s), regenerated (digital signal recreated based on the 0s and 1s), and then retransmitted at each station. With signal regeneration, the noise can be eliminated at each station. This can only be done in digital communication systems. 2. Error detection/correction. Digital signal processing (DSP) techniques allow the detection and correction of bit errors. Even if a digital signal contains bit errors, many of these errors can be fixed at the receiver through the use of error correcting codes. Error correcting codes allow, for example, CDs with minor scratches to be played without errors. Analog systems cannot detect or correct errors. 3. Easier multiplexing. Multiplexing is the process of allowing multiple signals to share the same transmission channel. For example, digital telephony allows carrying 24 phone conversations on a single wire (called a T1 line) at the same time. Digital signal processing techniques enable this. 4. Easier to process and store. Since computers store and use digital data, digital signals can be easily processed by computers. Similarly, the digital format lends itself to easier storage of communication signals (e.g., smaller storage footprint). DSP allows operations such as filtering, equalization and mixing to be done in software without the use of analog circuits. DSP also permits data compression (transforming signals so that fewer bits are needed to represent them). An example of DSP would be Garage Band, for you musicians, or photo editing software like Adobe Photoshop, for those with a knack for photography. To emphasize this again, these advantages are huge. This is such a big deal that even though communication systems used to be exclusively analog, it is worth the billions and even trillions of dollars that the government and private sector are spending to migrate communication systems to digital. 4. Conversion from Analog to Digital (A/D) If nature produces analog signals, how do we create digital signals from them? Before we can use digital transmission, we must convert the signal of interest into a digital format. The natural signal (e.g., speech) that we want to transmit will be acquired using an analog device. The analog signal will be translated into a digital signal using a method called analog-todigital (A/D) conversion. The device used to perform this translation is known as an analog-to-digital converter or ADC. Through A/D conversion, analog signals are changed into a sequence of binary numbers (encoded bits), from which the digital signal is created by the transmitter. This process is depicted below. There are two major steps involved in converting an analog signal to a digital signal represented by binary numbers: sampling, and quantizing/encoding. Steps for A/D conversion: 1. Sampling. This is a process of inspecting the value (voltage) of an analog signal at regular time intervals. The time between samples is referred to as the sample period (T, in seconds), and the number of samples taken per second is referred to as the sample frequency (fs, in samples/second or Hz). Basically, sampling is taking snap-shot values of the analog signal so that you have an accurate representation of how the analog signal is changing over time. 479 The receiver must convert the bits it receives into sample values, and then recreate what it thinks the analog signal looks like from the samples alone. As you might deduce from the figure below, when the samples are closer together (smaller sample period, which means higher sample frequency), the analog signal is more accurately represented. Note that with the lower sample rates, some of the fluctuations in the analog signal have no samples on them, so the samples are not a good representation of the analog signal. How high does our sampling frequency fs need to be in order to accurately represent the signal? That is, what is the minimum sample frequency for the A/D to work properly? We could consider taking just a few samples (i.e., using a low sampling rate), which means less information to transmit to the receiver. But if we choose that option, when we reconstruct the signal, it will likely be a terrible representation of the original. The low sampling rate will only work well for very slowly changing (low frequency) signals. Alternatively, we could choose the highest possible sampling rate known to man, to ensure that we can accurately capture even very fast signal fluctuations. But the higher the sampling rate, the higher the cost of the equipment and more information must be transmitted. In addition, if we decide to record the communications our saved files will be unnecessarily enormous. But what is “low” and what is “high”? In other words, how exactly do I go about choosing my sampling rate? In order to accurately reconstruct an analog signal from its samples, one must sample faster than the Nyquist sampling rate (also called the Nyquist rate), fN, given by the formula 𝑓𝑓𝑁𝑁 = 2𝑓𝑓𝑚𝑚𝑚𝑚𝑚𝑚 , where fmax is the highest frequency component of the analog signal. That is, the sampling frequency must be more than twice the value of the highest frequency component of the signal: f s > f N , where fN = 2fmax If the sample rate is not greater than the Nyquist rate, a problem called aliasing results. We’ll talk more about aliasing in the lab, but it can cause severe distortion of your signal. The Nyquist sample rate is a floor on the examples of common sample rates are: Signal Voice Music Music sampling rate, and practical systems sample greater than the Nyquist rate. Some Signal frequency range 300 Hz-3 kHz 0-20 kHz 0-20 kHz 480 Standard Sample Rate 8 kHz 44.1 kHz (CD-quality) 192 kHz (DVD-quality) Practice Problem 21.1 Consider the signal from the oboe depicted below in time and frequency domain representations. What is the maximum frequency present in the oboe signal? 1. Based upon this, what sampling rate must be exceeded in order to accurately reconstruct the signal from its samples? 1 0.25 0.2 Voltage (V) Voltage (V) 0.5 0 0.15 0.1 -0.5 0.05 -1 1 1.0005 1.001 1.0015 1.002 1.0025 1.003 1.0035 1.004 1.0045 1.005 Time (sec) 0 0 1000 2000 3000 4000 5000 Frequency (Hz) 2. Quantizing/Encoding. Quantizating/encoding is the process of mapping the sampled analog voltage values to discrete voltage levels, which are then represented by binary numbers (bits). This is needed because the analog sample values are real numbers that occur on a continuum. That is, for example, if a sine wave of amplitude 1V is being sampled, the sample values could be any value between -1V and +1V… an infinite number of possibilities. In any digital system, there is only a finite amount of memory, so only a finite number of values can be used to represent the samples of the analog signal. Converting a sample value from the set of infinite possibilities to one of a finite set of values is called quantization or quantizing. These values are referred to as quantization levels. Inputs to A/D converters are limited to a specific voltage range. For the sine wave example above, we assumed that all values of the analog input fall within a range of -1.0 to +1.0 volts (note: this is the typical voltage range of voice or music signals on a computer, such as in .wav or .mp3 files). A/D systems are characterized by the number of bits they have available to perform quantization. The number of bits determines the number of quantization levels. An N-bit A/D converter has 2N quantization levels and outputs binary words of length N (that is, it outputs N-bit values for every sample). For example, a 3-bit A/D system has 23 = 8 quantization levels, so all samples of a 1V analog signal that is input to this A/D will be quantized into one of only 8 possible quantization levels and each sample will be represented by a 3-bit digital word. In general, the A/D converter will partition a range of voltage from some vmin to some vmax into 2N voltage intervals, each of size q volts, where q= vmax − vmin . 2N Some common examples of A/D quantizing are digital telephony, which uses 8-bit A/D (28 = 256 quantization levels), CD audio, which uses 16-bit A/D (216 = 65,536 quantization levels), and DVD audio, which uses 24-bit A/D (224 = 16,777,216 quantization levels). 481 6000 The following figures represent conceptionally how a 3-bit A/D converter converts an analog signal into bits. In these figures, the analog signal is shown as well as the samples, with samples taken every 0.5 msec (corresponding to a sample rate of fs = 1/0.0005 sec = 2000 samples/sec). The actual analog sample voltages are shown in parantheses next to the samples. Here, the voltage range of the signal is divided into 23 = 8 smaller voltage intervals (also called steps). These are separated by the dashed, bold horizontal lines, and each interval is 0.25V wide: . The value of q is more formally called the quantizer’s resolution. Each of the voltage intervals is assigned an N-bit binary number representing the integers from 0 to 2 − 1 . For this example, you can see that since we are using a 3-bit A/D, the intervals will be assigned binary numbers representing the integers from 0 to 7 (that is, 000, 001, 010, …, 111), starting from the bottom of the voltage range. In this case, the digital word 000 is assigned to the voltages from -0.75 V to -1.0 V, 001 is assigned to the voltages from -0.5 V to -0.74999 V…, and so on. The figure that follows shows for each quantization interval the associated 3-bit digital word (on the left side of the plot). Any analog sample that falls in a given voltage interval will result in those 3 bits being transmitted. N When a sample point falls within a given interval, it is assigned the corresponding binary word (this is the Encoding part of Quantization/Encoding). For the first sample point at time 0, the voltage is 0.613 V, which means that sample is assigned a binary value of 110. The A/D then creates a voltage signal that represents these bits, and that process continues as long as an analog signal is input to it. 482 The binary representation of the above signal is: 110 101 100 011 011 100 110 110 100 010 000 000 001. In this example, every sample produces 3 bits (that is, there are 3 bits/sample). The sample rate was 2000 samples/sec. Multiplying these two values together results in the bit rate (Rb) produced from this A/D conversion: To the right of the plot above is the quantization level associated with each voltage interval. Any analog sample voltage that falls in a given interval is effectively estimated to the center of its quantization level when it is desired to reconstruct the analog signal from the received bits (a receiver may perform this). This process is referred to as Digital-to-Analog conversion (D/A) and will be discussed briefly in the next section. For this example, the quantization level for the lowest voltage interval is the value halfway between -.75 V and -1 V (which is -0.875 V). This means that any analog sample that fell into this range will be represented as -0.875 V. Alright, we’ve walked through an A/D example together; now it’s your turn. 483 Practice Problem 21.2 Consider the following analog waveform. This waveform is sampled at a 500 Hz rate and quantized with a 2-bit quantizer (i.e., A/D converter) The input range is -1.0 to +1.0 V. a. Circle the sample points (first sample is at time t = 0 sec). b. Indicate the quantization intervals and corresponding digital words. c. Indicate the digital word assigned to each sample point. d. What is the stream of binary bits generated after the A/D conversion is complete?. e. What is the resulting bit rate from this A/D? Amplitude (volts) time (msec) 484 To give you an idea, here’s the effect of quantizing in a digital picture. Look at a color display of this picture (such as the pdf file of the notes posted on the course website). See the difference? 4 bit = 16 colors 8 bit = 256 colors Here is an example of a digital voltage waveform that might have been generated from an A/D process: 011100110111111110011001 This waveform could be transmitted from the receiver to the transmitter over a wire, but is not suitable to transmit wirelessly through the atmosphere. We’ll get into more detail about how this is done in our next chapter on digital modulation. 5. Conversion from Digital to Analog (D/A) But how do we recover the analog information after it has been converted to digital? As mentioned earlier, the receiver converts these N-bit digital words back into an analog signal. This process is called digital-to-analog (D/A) conversion. It is very similar to being the reverse of the analog-to-digital conversion process. The analog signal is reconstructed by converting the N-bit digital words into the appropriate quantization levels, and this voltage is “held” for one sample period, creating a stairstep-type signal shown below. Good job. We’ve regenerated our original signal. How does it compare with the original? Let’s see. The reconstructed analog signal for our 3-bit example is shown in a thick black line in the next figure, along with the 3-bit digital word that represents each sample. The original analog signal is also shown in the continuous line, along with all of the sample points that were on the earlier figures. 485 Is it close? It follows the same general shape. Even if we perform filtering to smooth out the reconstructed signal to remove its staircase appearance (which is typical) it will still not quite be the same as the original red signal. Why? Is that the best we can do? 6. Quantization Error. There is always error introduced with the A/D process. The error is the difference between the original analog signal and the reconstructed (stairstep) signal after A/D and D/A. The following figure is a portion of a music signal that has been quantized with 3 bits. The upper plot shows the original analog signal along with the recovered analog signal from the A/D process. The bottom plot is the quantization error, which is created by subtracting the recovered signal from the original analog signal at each instance of time. So is it bad? It can be. The quantization error manifests as noise in the reconstructed analog signal. For digital audio signals (music or voice), it can sound like static. The greater the quantization noise, the louder the static, making it harder to hear the voice or music. Reiterating what was presented in Chapter 19: NOISE IS THE NUMBER ONE LIMITING FACTOR IN COMMUNICATION SYSTEMS. In this case, if quantization is part of the communication system (e.g., using a digital communication system to transmit analog information), then the A/D process adds even more noise to the signal as it moves from transmitter to receiver. So how do we reduce the quantization error and its associated noise? Quantization error can be reduced by increasing the number of bits N for each sample. This will make the quantization intervals smaller, reducing the difference between the analog sample values and the quantization levels. The figure below is the same analog signal quantized with 4-bits per sample. Note the step-size is smaller than in the 3-bit plot, (½ the size), and the noise signal is approximately ½ the amplitude of what it was with 3-bit quantization. The reconstructed signal looks much closer to the original analog signal compared to the 3-bit A/D. It is worth noting that increasing the sampling frequency will not reduce quanitzation noise, only increasing the number of quantization levels will do this. 486 We of course can’t use an infinite number of bits, so some quantization noise is always inevitable, but the nice thing about the human ear/brain - sticking with the example of audio signals - is that beyond a certain number of bits for each sample, the associated quantization noise becomes imperceptible. We just need enough bits to make the recovered signal “good enough” (e.g., the recovered music sounds “good enough”). 487 488 Problems 1. What is the greatest advantage that digital communication has over analog communication? 2. Describe the function of a regenerative repeater. 3. What is the cause of aliasing in the A/D process? 4. Why does a 5-bit quantizer produce a better approximation to an analog signal than a 3-bit quantizer? 5. A music signal has frequency content from 0 Hz up to 18.75 kHz. What sampling frequency must be exceeded for successful A/D conversion? What is another name for the minimum sampling frequency? Consider the following analog waveform. This waveform is to be sampled at a 1-kHz rate and quantized with a 3bit quantizer (input voltage range is -1.0 to +1.0 V). a. b. c. d. e. What is the resolution (q) of this quantizer? Circle the sample points on the analog waveform below. Indicate the quantization intervals and corresponding digital words. Indicate the digital word assigned to each sample point. When a receiver receives the transmitted bits, D/A is used to recover the analog signal, but the recovered signal 1.000 0.750 0.500 Voltage (V) 6. 0.250 0.000 -0.250 -0.500 -0.750 -1.000 0 1 2 3 4 5 6 7 8 Time (ms) is not the same as the original analog signal. What is the term to describe this difference and what can be done to minimize this difference? 7. Consider the following analog waveform. This waveform is to be sampled at a 1.333333 MHz rate and quantized with a 3-bit quantizer (input voltage range is -2.0 to +2.0 V). a. b. c. d. What is the resolution (q) of this quantizer? Circle the sample points on the analog waveform below. Indicate the quantization intervals and corresponding digital words. Indicate the digital word assigned to each sample point. 489 490 Chapter 22: Digital Modulation Objectives: (a) Quantitatively describe the relationship between a symbol and a bit and the bit rate and the baud. (b) Describe how digital information is conveyed using various digital modulation techniques (ASK or OOK, FSK, PSK and QAM) and recognize their waveforms, and constellations. (c) Calculate the bandwidth of an ASK, FSK, PSK, or QAM signal. (d) Using a constellation diagram analyze a M-ary PSK signal to determine its symbols and bits per symbols. (e) Discuss the effect of noise on M-ary PSK and how Quadrature Amplitude Modulation (QAM) overcomes these detrimental effects. 1. Digital Signal Frequency Spectrum In Chapter 21, it was mentioned that in many cases, we wished to convert analog signals into digital signals to take advantage of the benefits of digital technologies. Samples of the analog signal were converted into bits and the bits were then used to create a binary voltage waveform that represented the bits. If we then wanted to transmit this digital waveform through free space, then all we need to do is connect it to an antenna, right? No, it is not that easy. The binary voltage waveforms to which we are so accustomed are, typically, voltage pulses that alternate between 0V (for a 0-bit ) and 5V (for a 1-bit). It just so happens that the preponderance of frequency content in these voltage pulses is very low (a baseband signal), and just like was pointed out for voice signals (which also have low frequency content), an antenna needed to transmit this kind of signal through free space would be impractibly large. For a large number of random voltage pulses, the frequency plot would look something like the following, where Rb is the value of the bit rate in Hz. For example, if the bit rate were 500 bps, then the frequency content magnitude would be equal to zero at 500 Hz, 1000 Hz, etc. This plot of frequency content is much different than that of a signal composed of sinusoids! There are no spikes! Nevertheless, most of the frequency content is at very low frequencies. The frequency content does continue out to an infinite frequency, although the magnitude drops dramatically at higher frequencies. In a perfect world, we’d say the bandwidth of voltage pulses approaches ∞ Hz, but for digital signals, we’ll use the null-bandwidth as our calculated bandwidth. The nullbandwidth is defined as the amount of the frequency spectrum (in Hz) from the maximum magnitude (which occurs at 0 Hz) to where the spectrum first goes to a magnitude of 0 (called a null, here at Rb Hz). The bandwidth is given by: . We must come up with a method to transmit the digital information (1s and 0s) using radio waves. Digital modulation techniques allow this. As you recall, the goal of modulation is to upshift the frequency spectrum of the information signal to allow transmission through free space; the transmitted signal’s frequency spectrum would then look like the following. 491 Recall that, like in analog amplitude modulation, the information signal’s frequency spectrum is shifted up by fc Hz, and there is a mirror image of the frequency content on the left side of fc. The transmission bandwidth (using the null-bandwidth definition) is now 2. Binary Digital Modulation Recall the equation for a high frequency carrier: vc(t)=Vc sin(2πfct + θ). As discussed in Chapter 20, a sinusoidal carrier can be modulated by varying its amplitude, frequency, or phase using an information signal. So, how do we go about representing 1s and 0s with modulation? Just as we can vary amplitude, frequency, and phase of a high-frequency carrier in accordance with an analog waveform, we can do the same with a digital waveform. Since bit values shift between 0s and 1s, digital modulation techniques that vary the carrier’s amplitude, frequency, and phase are referred to as “shift keying.” Frequency Shift Keying (FSK) Frequency-shift keying (FSK) is a frequency modulation scheme in which digital information is transmitted through discrete frequency changes (shifts) of a carrier wave. The simplest form of FSK is Binary FSK (BFSK), in which a carrier’s frequency is shifted to a low frequency or a high frequency to transmit 0s and 1s. The plot below shows a sample FSK signal along with the associated bits. An example of how FSK was used “back in the day” was with dial-up modems to connect your home computer to your Internet service provider over your analog phone. With a modem, a 0-bit was represented with a lower frequency carrier of 1070 Hz and a 1-bit was represented with a higher carrier frequency of 1270 Hz. The lower frequency, binary 0, was called the “space” frequency while the higher frequency, binary 1, was called the “mark” frequency. The terms mark/space were a throwback to the days of Morse code or flashing light communications. In the frequency domain, we consider FSK to be two different digital transmissions, one at the mark frequency (the higher frequency) and one at the space frequency (lower frequency). The resulting frequency plot would look like the following, with the carrier frequency being shifted between the mark and space frequencies. The amount that the carrier frequency can be shifted is called the frequency deviation (Δf). To determine the bandwidth for FSK modulation, we take a closer look at the frequency spectrum around the mark and space frequencies. We use the nullbandwidth definition to compute the bandwidth as shown below. In the figure, the bandwidth effectively runs from the first null to the left of fspace to the first null to the right of fmark. Mathmatically, there are two equations that can be used to compute the bandwidth: 492 Practice Problem 22.1 You have an FSK transmitter using a carrier of 500 kHz sending 10 kbps and a frequency deviation of 100 kHz. How much bandwidth do you need for your transmission? Of course, who still uses dial-up? What else is there? Amplitude Shift Keying (ASK) and On-Off Keying (OOK) Amplitude Shift Keying is a form of amplitude modulation that represents digital data as shifts in the amplitude of a carrier wave: for example, small amplitude for a 0-bit, and larger amplitude for a 1-bit. We have seen what an ASK signal has looked like before in Chapter 21, repeated below. The simplest digital modulation scheme is a form of ASK called on-off keying (OOK). This is analogous to Morse code. In OOK, a carrier is transmitted for a 1-bit and nothing is transmitted for a 0-bit; this is the same as saying that the smaller ASK amplitude is 0. Note that in all forms of ASK, the frequency and phase of the carrier are the same for all outputs; it is the amplitude that changes. Practice Problem 22.2 Sketch an OOK signal that represents the bit stream below. 1 0 0 0 1 1 Before we continue, you need to learn some important terms that used in digital communication systems. The information is carried in the bits that are transmitted, but we don’t actually transmit bits; we transmit waveforms that represent bits. These waveforms are commonly referred to as symbols. On a wire, the symbols take the form of voltage pulses. In FSK and OOK, the symbols take the form of a high frequency carrier that has its frequency or amplitude altered based on whether a 0-bit or a 1-bit is being transmitted. In these modulation schemes, the number of symbols that can be transmitted (M) is two (M = 2) and each symbol represents one bit of data. For FSK and OOK, the time duration of a bit is the same as the time duration of a symbol (Tb = Tsym). We will soon see other digital modulation schemes where a symbol can represent more than one bit. In general, the number of symbols for a modulation type is related to the number of bits associated with each symbol. If N is the number of bits per symbol, 493 The relationship between bits and symbols for an OOK signal is shown in the next figure for an OOK signal. Bitrate (Rb) is the speed of transfer of data (number of bits per second). Bitrate is inversely related to bit duration (Tb), which is the time required to transmit a single bit. Baud (also referred to as Symbol Rate) (Rsym) is the number of symbols transmitted per second, and is inversely related to the Symbol duration (Tsym), which is the time required to transmit one symbol. The Bitrate and the Baud (or Symbol Rate) are related by the number of bits per symbol (N). The bandwidth associated with OOK is what we have seen before, BW = 2Rb, as shown in the figure below. As you’ll see shortly, the symbol rate (Rs) has a noted effect on the bandwidth required for transmission. In general, for all digital modulation schemes that we will discuss (except for FSK), bandwidth is given by: . In the case of OOK, since N = 1 bits/symbol, BW = 2Rb = 2Rs, as stated before. For example, for OOK, if the bitrate is 600 kbps, the symbol rate is 600,000 symbols/sec, and the bandwidth is 2(600,000) = 1.2 MHz. Phase Shift Keying (PSK) Phase shift keying (PSK) is a form of phase modulation where the carrier’s phase shifts to one of a finite set of possible phases based on the bits that are input. For binary phase shift keying (BPSK), the carrier phase is shifted between one of two phases (typically 0° and 180°) depending on whether a 0-bit or a 1-bit is being transmitted. For example: 0-bit: the symbol transmitted is . 1-bit: the symbol transmitted is It is important to point out that in PSK, the amplitude of all output symbols is the same; it is the phase of the output symbols that are different. 494 Up to this point we have discussed digital modulation with one bit per symbol, which means that at any time, one of two possible symbols would be transmitted. But as mentioned earlier, it is possible to have a modulation scheme with more than one bit per symbol; this is referred to as M-ary digital modulation. 3. M-ary Digital Modulation Before launching into more complicated digital modulation, we’ll introduce a graphical way to relate output symbols to the bits they represent. This is called a constellation diagram. A constellation is a plot of relative amplitude and phase of the output symbols for a digital modulation system. Each dot describes a symbol which is represented by its polar coordinates. In terms of phase, 0° is along the positive x-axis, and phase increases as you move counterclockwise around the x-y plane. Relative amplitude is measured as distance from the origin of the plot. The possible output symbols are represented with filled-in circles, and adjacent to them are the bits they represent. For example, here are two possible BPSK systems’ constellation diagrams. In BPSK, the output symbols both have the same amplitude (both of the symbols are equidistant from the origin), but their phases are 180° apart. There are other possible combinations of two carrier phases that might be used (such as +90° and -90°), but the actual constellation used is not important, as long as the transmitter and receiver use the same constellation. Note that BPSK transmits 1 bit per symbol, so only one bit value is placed next to each symbol. If it is desired to get the information from the transmitter to the receiver faster, we need to increase the number of bits per second (bps) that are transmitted. The cost of increasing the bitrate (besides requiring more complex components) is that it increases the transmission bandwidth: recall that for OOK BW = 2Rb, and from Chapter 19, that bandwidth can be expensive! Is there a way to transmit a higher bitrate but using a smaller transmission bandwidth? The answer is yes, using M-ary digital modulation. In M-ary modulation, we can preserve bandwidth if we keep the symbol rate the same and increase the number of bits per symbol. For example, instead of transmitting just 2 possible phase shifts (0˚and 180˚), we could transmit one of 4 possible phase shifts per symbol. This is called quadrature phase shift keying (QPSK). Quadrature Phase Shift Keying (QPSK) In QSPK, there are 4 symbols (M = 4) and there are 2 bits per symbol (N = 2 = log2M). Two of the many possible constellation diagrams for QPSK are shown in the following figure, and the four symbols from QPSK Constellation #2 are shown to the right of this constellation. The carrier with a phase of 0˚ is plotted in a dashed red line with each symbol for reference. The four symbols in the righthand constellation are: . 495 The following figure is a plot of the use of QPSK constellation #2 to transmit the bit stream 0001111000110110. Also shown is the bit duration, and the symbol duration for QPSK. The frequency spectrum for M-ary modulation schemes is shown in the figure below, which also specifies the frequency axis for QPSK. If the bitrate is constant, the benefit of transmitting more than one bit in a symbol can be seen in the fact that the nulls are closer to the carrier frequency. From the figure, it is seen that the bandwidth for QPSK is given by Hz. This is confirmed by the equation for bandwidth for all digital modulation schemes (except for FSK), where N = 2 for QPSK. For example, if bitrate is 600 kbps, BW = 2(600,000)/2=600 kHz. M-ary PSK We can further increase the number of bits per symbol by increasing the number of possible phase shifts. The M in M-ary refers to the number of symbols. Consider the 8-PSK constellation to the right (one of many possible 8-PSK constellations). How many bits per symbol are transmitted? There are 8 symbols (M = 8), so N = log2M = log28 = 3 bits/symbol. This is also evident from the diagram because the three bits associated with each symbol appears next to the symbol. What is the bandwidth for 8-PSK? Since N=3 bits/symbol, Bandwidth is given by . For example, if the bitrate is 600 kbps, bandwidth for 8-PSK is BW = 2(600,000)/3 = 400 kHz. We could further increase to 4 bits/symbol using 16-PSK. Here, M = 16 and N = 4 bits/symbol. A 16-PSK constellation is shown to the right, where each phase is separated by 360o/16 = 22.5o. More complex M-ary PSK modulation is possible: 16PSK, 32-PSK, etc., but it becomes more susceptible to noise as the symbols get closer together. As a reminder, for PSK, all of the symbols have the same carrier frequency and amplitude; it is their phase that is different. For that reason, on a constellation diagram, all of the symbols for PSK appear on a circle about the origin. 496 To demodulate any type of PSK, a receiver must determine the phase of the received symbol. For 16-PSK, the receiver must determine the phase within ±11.25˚, since the phases are separated by 22.5o. A portion of the constellation diagram for 16-PSK is shown to the right, indicating the wedge of phase values that separates one of the symbols from the adjacent symbols. Noise Effects Recall that the number one most limiting factor in communication systems is noise. In all transmissions, the received signal will be degraded by noise. The following figure shows a BPSK signal and the same signal corrupted by noise. You might imagine that it is harder for a receiver to determine the correct phase (correct symbol) that was transmitted for the noisy signal. This noise corruption can be depicted in the constellation diagram to the right, where the two transmitted BPSK symbols are indicated in the two large black circles (phase = 0° and phase = 180°), and noisy received symbols are the red and blue circles. A BPSK receiver must make a decision to determine the phase of a received signal to determine the corresponding bit. You may imagine that if the noise is severe enough, a receiver might make a mistake, and decide that it had received a 0-bit when it actually received a 1-bit. These are called bit errors. Now, consider the same noise in the presence of an 8-PSK signal. Is it easier for the receiver to make bit errors? Yes, as more phases are used in PSK, the symbols are closer together, which makes it easier for the receiver to make bit errors (see the figure to the right). But, of course, the advantage of more symbols is a narrower bandwidth, if the bitrate is held constant. There is a way to use more symbols in modulation while reducing the chances of making bit errors; by using symbols that have different amplitudes AND phases. Quadrature Amplitude Modulation (QAM) In order to increase the distance between symbols in the constellation, another option is to modulate both the amplitude and the phase. This is called Quadrature Amplitude Modulation (QAM) 8-QAM An 8-QAM constellation is shown below (one of many possible 8-QAM constellations). The eight symbols along with the 3bit digital words corresponding to each are shown to the right of the constellation. This system uses 2 possible amplitudes and 4 possible phases. In 8-QAM, the duration of a symbol is three times the duration of a bit (since each symbol carries 3 bits). Note that there are both phase and amplitude changes for each symbol. 497 What is the bandwidth for 8-QAM? The same as for 8-PSK, since the bandwidth for all digital modulation types (except for FSK) is given by And it doesn’t stop there. Higher level QAM signals QAM signals can be extended to have a larger number of signal symbols, which then gives a much higher bit rate (because there are more bits per symbol). 64-QAM and 256-QAM are common in cable modems, satellites, and high-speed fixed broadband wireless. In 256-QAM, you find that for each symbol you are transmitting (there are 256 symbols), there are 8 bits of information. Assuming the symbol rate remains constant, that means that for the same bandwidth, you are sending 8 times more information when you use 256-QAM than when you use OOK, FSK, or BPSK. For 256-QAM, if the bitrate is 600 kbps, the bandwidth is 2(600,000)/8 = 150 kHz. Now that’s powerful! 498 Practice Problem 22.3 90˚ Using the signal constellation shown, answer the following questions. a) What type of modulation does this represent? b) How many symbols are represented (M)? 180˚ c) 0˚ How many bits per symbol are used (N)? d) If the Baud Rate is 10,000 symbols/second, what is the bit rate (Rb)? e) Would 16-QAM be more or less susceptible to noise than this type of modulation? 270˚ Practice Problem 22.4 Label the modulation schemes. (there are 2 symbols here) (there are 4 symbols here) 499 500 Problems 1. For an ASCII ‘Z,’ sketch both the On-Off Keying (OOK) binary waveform (voltage pulses) and the modulated signal, where the amplitude of the carrier is modulated to either 10 V or 0 V and Tb = 100 ms. Hint: use the ASCII table from Chapter 1 of the course notes to determine the bits that represent ‘Z’. 2. Given this FSK transmission where individual symbols are denoted by vertical lines: a. Draw the corresponding binary transmission (voltage pulses), assuming that the higher frequency represents a 1-bit: 3. b. Determine the bit rate. c. How many bits per symbol could be conveyed if four different frequencies were used to transmit data instead of two (that is, if 4 symbols were used vice 2 symbols)? The following is a BPSK transmission. The dashed vertical lines separate the bits. On this plot, a binary ‘1’ is represented by this signal: a. Determine the transmitted bits. b. Determine the bit rate. c. What is the bandwidth for this transmission? 4. QAM is a combination of which two types of modulation? 5. The “forward” signal transmitted to control a remotely-controlled (RC) car is captured on an oscilloscope and displayed below. Answer the following questions with regards to this signal: a. This modulation is binary, meaning that there are two possible symbols. What type of digital modulation is being used? 501 6. b. What is the bit rate? (Hint: Two time cursors are shown on the display as the two dashed vertical lines…these cursors isolate a single bit. Also shown are some measurements about the time cursors below the plot and to the right: here, X = 496 s is the difference in time between th c. What bit sequence is represented by the O-scope display? 16-QAM can be used for higher data rate transmissions. a. How many bits are transmitted with each symbol? b. If 4 different phases and 4 different amplitudes are used in a 16-QAM modulation system, sketch a constellation diagram that could be associated with the system (you do not need to label the bits for each symbol, just show the symbols). c. If 8 different phases and 2 different amplitudes are used in a 16-QAM modulation system, sketch a constellation diagram that could be associated with the system(you do not need to label the bits for each symbol, just show the symbols). d. If the bit rate associated with either of these 16-QAM systems was 1.2 Mbps, what is the bandwidth of the transmission? 7. For a given bandwidth system, what is the advantage and disadvantage of using a multi-symbol encoding scheme (that is, using more than 2 symbols)? 8. A communication system transmits 100 kbps. For each of the following modulation types, determine the bandwidth of the transmission. 9. a. FSK, with frequency deviation 200 kHz. b. OOK. c. QPSK. d. 16-PSK. e. 16-QAM. f. 512-QAM. Suppose the FCC has leased you the portion of the frequency spectrum from 1.2 MHz to 1.3 MHz for your free-space communication system. What is the maximum bitrate you could obtain if you used the following modulation schemes: a. FSK, with fmark = 1.23 MHz and fspace = 1.27 MHz. b. ASK. c. BPSK. d. 8-PSK. e. 32-QAM. f. 256-QAM. 502 Security Exercise 22 Digital Modulation: OOK and FSK Discussion: A baseband signal is not compatible with free-space communication. Therefore, we need to modulate the binary 0s and 1s. Digital modulation is different from analog modulation in that the analog carrier signal is modulated by voltage pulses that represent 0s and 1s. Objective: To provide hands on experience and further familiarize each Midshipman with some of the aspects of the simplest form of Amplitude Shift Keying (ASK), known as On Off Keying (OOK), as well as Frequency Shift Keying (FSK). I. On-Off Keying (OOK) In OOK, the amplitude of the digital signal controls the carrier signal, so that the carrier is turned on to represent a 1-bit and turned off to represent a 0-bit. Using your familiarity with the oscilloscope ( o-scope) and function generator from your previous labs, set up the Function Generator with the following settings: □ □ □ □ □ □ □ □ □ □ □ □ Press the Utility button and set your Output Setup to High Z. Select the sinusoidal function by pressing the Sine button. o Freq = 300 kHz (this will be the carrier frequency, fc) o Ampl = 1 Vrms Push Mod button with the following settings: o o o o o TYPE = AM SOURCE = Int AM Depth = 100% AM Freq = 10 kHz (this will be the bit rate) SHAPE = Square Connect the function generator Output (red to red, black to black) to CH 1 of the o-scope Connect the function generator Sync (red to red) to CH2. Push Output button to send the signal to the o-scope. Push AUTOSET on the o-scope. Adjust the o-scope with CH 2 on top (square wave) and CH 1 (carrier) on the bottom using the vertical positions on CH1 and CH2. Push the Trig Menu button on the o-scope and use the following settings: o TYPE = Edge o SOURCE = CH 2 o SLOPE = Rising o MODE = Auto o Coupling = AC Note: You may need to adjust the Trigger level arrow to stabilize your display. Push CH 1 MENU to return. Adjust the horizontal range and vertical ranges to 25 µsec per division, Adjust CH 1 and CH 2 vertical scale (volts/div) so that you see a display similar to the Fig. 1 that follows. Note: Your scope display should look similar to Figure 1, below, except your digital signal is a square wave, 101010… Figure 1 503 Question 1: Looking at CH1 and using the time cursors, measure carrier period and then calculate the carrier frequency, fc. Recall that the carrier is the rapidly changing sinusoid. Question 2: Looking at CH2, measure the bit duration Tb, then calculate the bitrate, Rb. □ Change the o-scope to display the frequency domain by choosing MATH MENU and using the following settings: o o o OPERATION = FFT SOURCE = CH 1 50 kHz per Division The o-scope should look similar to the Figure 2 below. □ Figure 2 Question 3: Find the carrier frequency from the o-scope display (hint: use the frequency cursor). Use the frequency cursors to measure the bandwidth (hint: the bandwidth is determined by the first null to the left and right of the carrier). Question 4: What is the bandwidth of the OOK signal (when fm = 10 kHz—that is, when Rb = 20 kbps)? □ □ Change the AM Freq on the frequency generator to 20 kHz (so you are increasing your bit rate to 40 kbps). Measure the bandwidth of the signal between the first pair of sideband, as done in the previous step. Question 5: Now, What is the bandwidth of the OOK signal (when fm = 20 kHz)? Question 6: Based on the Questions 5 and 6, as the bit rate increases describe what happens to the bandwidth of the signal? Remember that the equation for the bandwidth of an OOK signal is . Your findings should be supported by this equation! II. Frequency Shift Keying (FSK) Frequency shift keying (FSK) is another digital modulation technique in which a continuous sine wave changes frequency when the digital bit stream changes between zero and one. The higher frequency represents a binary ‘1’ (also called mark) and the lower frequency represents a binary ‘0’ (also called space). FSK is used primarily in low speed applications (<500 Kbps) and noisy environments where accuracy is preferred over speed. Keep the carrier frequency the same (fc is still 300 kHz), but change the modulation mode to FSK using the following steps: □ □ Use the following modulation settings on the function generator (Mod): o TYPE = FM o SOURCE = Int o FREQ DEV = 200 kHz (this is frequency deviation, Δf). o FM Freq = 10 kHz (this is the bit rate, Rb). o SHAPE = Square Push CH 1 MENU on the o-scope to return to the time domain. 504 □ Set horizontal scale to 25 µs per division. Note: Your display should look similar to Figure 3, below, where a 1-bit is represented by a sinusoid with a frequency higher than the carrier’s (called the mark frequency) and a 0-bit with a frequency lower than the carrier’s (called the space frequency). □ Figure 3 Adjust the picture on the o-scope to answer the next question by changing the horizontal range setting (sec/div) and using the time cursors to measure the periods of the two sinusoids. Question 7: What is the mark frequency, fmark? What is the space frequency, fspace? □ □ To see the difference in the bandwidth for the FSK signal, shift to the frequency domain. Push the MATH MENU button and use the following settings: o OPERATION = FFT o SOURCE = CH 1 o 125 KHz per Division Measure the bandwidth between the sidebands (approximately) as shown in Figure 4. This is based on the first peak to the left of fspace and the first peak on the right of fmark. Figure 4 Question 8: What is the measured bandwidth (hint: your answer should be much larger than your answer for the OOK bandwidth) ? Remember that the equation for the bandwidth of an FSK signal is Your answer should be supported by this equation! □ Change the FM FREQ to 20 kHz (now Rb = 40 kbps) and measure the bandwidth of the signal as shown in Fig. 4. Question 9: What is the new bandwidth? Question 10: Based on the above change, as the bit rate (Rb) increases, describe what happens to the bandwidth of the signal. What can you say about the comparisons of the bandwidths for FSK as compared to OOK? □ Turn off your equipment and clean up your lab bench. 505 506 Security Exercise 22 Answer Sheet Name: _________________________________________________________________________________________________ Question 1: _________________________________________________________________________________________________ Question 2: ________________________________________________________________________________________________ Question 3: ________________________________________________________________________________________________ Question 4: _________________________________________________________________________________________________ Question 5: _________________________________________________________________________________________________ Question 6: _________________________________________________________________________________________________ Question 7: _________________________________________________________________________________________________ Question 8: _________________________________________________________________________________________________ Question 9: _________________________________________________________________________________________________ Question 10: _________________________________________________________________________________________________ 507 508 Chapter 23: Power Gain and SNR Objectives: (m) Define gain and attenuation and describe their application to communications. (n) Calculate power gains for single and multiple stage systems; determine power at each stage. (o) Express power gain in dB, and power levels in dBW and dBm. Compute power gain and power from dB, dBW and dBm. (p) Calculate signal to noise ratio (SNR) and discuss the impact of noise in a communication system. Connection to Cyber Security Communication systems transmit electrical (EM) signals to convey information. The strength of a signal is based on its electrical power, and the transmit power is an important consideration in how far a signal can be transmitted through the atmosphere. In addition, the received power is important factor in how accurately an information signal can be recovered; if the received power is not high enough to overcome the noise present, then information will be lost. Cyber security attacks against wireless communication systems can take advantage of the frequencies and modulation types of the transmission (Chapter 22), but also the power that is received by a receiver. These attacks take the form of jamming, and possibly taking control of devices that are controlled via a wireless communication link if the received control signals from the actual transmitter are weaker than the received power from a hacker’s signal. In 2011, Iran captured a US unmanned aerial vehicle (UAV) while inflight, claiming that their cyberwarfare unit had commandeered and safely landed the UAV. This chapter introduces the power aspects of wireless communication. 1. Gain/Attenuation. Electrical power is measured in Watts (W), and your typical flat screen TV uses maybe 250 W while it is on, and your laptop may use 60 W while it is running heavy-duty programs. In wireless communications, it may take an incredibly large transmit power to cover the distance to the receiver, and even then, the power arriving at the receiver may be incredibly small. For example, a commercial FM station may transmit 15.5 kW of signal power to reach your car’s radio, and by the time it gets to your car’s antenna, the received power may be on the order of 1 pW (10-12 Watts). This means that the transmitted power has dropped by a factor of approximately 1016. Consider a satellite ground station (on Earth), transmitting to another ground station on the other side of the Earth via a geostationary satellite, 22,300 miles away. This is an immense distance to transmit over to reach the satellite! How about NASA’s New Horizon space probe mission currently on its way to the planet Pluto…it will be transmitting information back to Earth nearly 4 billion miles away! So how are you going to get your signal to travel further? Turn up the power. But modulators that produce PSK or QAM typically do not produce signals of substantial power; instead we use devices called amplifiers to increase the power of the modulated signals (that is, to amplify them) so that they are strong enough to cover the required distances. The term power gain refers to the factor that the power is increased in a signal as it goes through an amplifier. The power gain (AP) is the ratio of the output signal power to the input signal power. In a block diagram of a communication system, an amplifier is typically drawn as a triangle (although rectangular blocks are also used), as in the following figure. To calculate power gain (AP) where Pin is the power input and Pout is the power output, we use the equation: . An amplifier can take a modulated signal and increase its power large enough to transmit many miles, much like the above example of a FM radio broadcasting tower transmitting at 15.5 kW. There are, however, some components of communication systems can also reduce the power of a signal. Reduction of the power of a signal (signal loss) is termed attenuation. Attenuation is still computed using the equation for power gain, but a component that attenuates has a power gain that is less than 1.0. 509 Putting together what we’ve learned, we have our modulated signal feeding into an amplifier that increases the power of the signal. The signal is broadcast out of the transmitter via an antenna, where the signal is attenuated as it travels through the air to the receiver’s antenna. Finally the significantly reduced signal is picked up by the receiver, and the receiver recovers the information. This is depicted in the following diagram for an ASK system. Practice Problem 23.1 The input power of an amplifier is 6 W. The power gain is AP = 80. What is the output power? Practice Problem 23.2 The input power is 15.5 kW. The power output is 10-15 W. Is this system associated with amplification or attenuation? What is the gain (or attenuation) of this system? You may have noticed that there can be a large disparity in the power values between transmitter and receiver, and dealing with incredibly large and incredibly small values in the same system is challenging. For this reason, in many cases we deal with decibel values instead of the numeric values. 2. Decibels. As engineers, we just want our lives to be as easy as possible. So rather than work with these terribly tedious numbers, we often convert the numbers into decibels (dB). The decibel is a logarithmic measure that provides more convenient gain and attenuation values by changing them to a logarithmic scale. The benefit of a log scale is that it can map a very large range of decimal values into a small range of decibel values. Consequently, small changes in decibel quantities may mean very large changes in power (we’ll revisit this in the accompanying security exercise). To convert a decimal value X into decibel value XdB is given by: . If X is a value greater than 1.0, then XdB will be a positive value, and if X is a value less than 1.0, XdB will be a negative value. The decibel value of zero is negative infinity and the decibel is undefined for negative values. For power gain (or attenuation) then: 510 . So then for the above practice problem that gave us a headache, we see: Practice Problem 23.3 Convert these two power gains to decibels (dB). AP =1000 AP =0.0001 A couple of very common values of power gain are 2 and ½. A power amplification by a factor of two (AP = 2) will result in a power gain of +3 dB. An attenuation by a factor of one-half will result in a power gain of -3 dB. How do you find the decimal value corresponding to a decibel value? Just rearrange the dB equation from earlier and you get: Practice Problem 23.4 Convert the following power gains from decibels to decimal gains. AP,dB = 25 dB: AP = AP,dB = -6 dB: AP = Power gain is a ratio of two powers, Pin and Pout, each with a unit of power, usually W or mW. When taking this ratio, the units of power cancel, and you’re taking the log of a unitless ratio. Logarithms only work with numbers, not units. In communications, we are sometimes asked to compute the decibel value of a power level (in W or mW). In this case, you will take the log of that power level with respect to a fixed reference power level, either 1 W or 1 mW so that the units cancel and you’re just taking the log of a number. dBm: The number of decibels of power relative to 1 mW. The reference power level is 1 mW and the dBm value is expressed mathematically as . 511 If the power value to compute is already in mW, the first equation can be used, and if the power value is in W, then the second equation can be used. In this case, since 1 mW = 0.001 W, the units will cancel. dBW: The number of decibels of power relative to 1 W. The reference power level is 1 W and the dBW value is expressed mathematically as . In all cases, the units of power must cancel so that the resulting ratio is unitless. Also, if given a dBm or dBW value, the power in mW or W can be found from: . Practice Problem 23.5 Express Pin = 2 W in decibels as both dBm and dBW. Pin,dBm = Pin,dBW = Practice Problem 23.6 Express 25 dBm in terms of mW and W. P(in mW) = P(in W) = Besides compressing a large range of values into a smaller range of decibel values, another benefit from using decibels is the mathematics involved in combining decibel terms; decibel values are added or subtracted instead of multiplying or dividing. This is typically seen in communication systems that cascade amplifiers as in the following figure. Here, the output power after each amplifier is computed as the product of the power into that amplifier and its power gain. So, if we leave the gains in ratio form, then the total gain of the system will be the product of all the gains multiplied together, and we could rewrite this cascade of three amplifiers as a single amplifier with power gain AT. In terms of decibels, the overall decibel gain of a cascade of amplifiers can be found as follows: . 512 Using the property of the log function that the log of a product is the sum of the logs, we have: Also, we could use the property of the log function that the log of a quotient is the difference of the logs to write the following equation: . In this equation, the input and output powers must be in the same decibel units, either dBW or dBm. Note that the difference between two dBm or dBW values will result in a dB value. Applying the log of products property to a cascaded system of amplifiers, Here, it is okay that dB and dBm are mixed on the right side of the equation, because all of the decibel values represent unitless numbers; it’s just that the input and output power values’ decibel values must be computed relative to 1 mW. If the input and output powers are in W instead of mW, . Adding and subtracting decibels can be a much simpler operation than multiplying and dividing very large or very small decimal numbers. A common mistake midshipmen make when dealing with decibel values is that you should NEVER, EVER multiply or divide decibel values. Decibels are always added or subtracted from other decibels. Practice Problem 23.7 The diagram below represents the first three stages of a typical AM or FM receiver. Find the following quantities. (a) AT and AT,dB (b) AP1,dB, AP2,dB, and AP3,dB. (c) P1, P2, and Pout. (d) Pin,dBm, P1,dBm, P2,dBm, and Pout,dBm. 513 3. Noise and the Signal-to-Noise Ratio (SNR) Recall from Chapter 19 that noise is one of the principle limiting factors in the performance of communication systems, and that noise is added to our signal from external sources in the communication channel and also from internal (electronic) sources within our own system’s hardware. As we saw in Chapter 22, if significant enough, it can mask the original signal such that the signal becomes unrecoverable, or in the case of digital modulation, that bit errors can occur. This noise effect is not much different than if an enemy were to flood the air waves with an erroneous signal at the same frequency on which you were transmitting. If that erroneous signal was stronger at the receiver than your signal, your signal would become unrecoverable. How do we know the effect of noise on the signal, or the quality of the received signal in the face of noise? We use the signal-to-noise ratio (S/N, also referred to as SNR), which is the ratio of the power of a signal to the power of the noise corrupting that signal. A strong signal in weak noise results in a high SNR. A weak signal in strong noise results in a low SNR. Below are four samples of a sine wave with various amounts of noise added. The signal-to-noise ratio indicates the relative strengths of the signal and the noise in a communication system. The stronger the signal and the weaker the noise, the higher the SNR. Mathematically, SNR is defined as: . Practice Problem 23.8 The signal power at the input to a receiver is 6.2 nW and the noise power at the input to that receiver is 1.8 nW. Find SNR and SNRdB. 514 Problems 1. Convert power gains of 100, 1000 and 2000 to decibel values. 2. Convert power gains of 0.01, 0.001, and 0.0005 to decibel values. 3. Convert decibel power gains of 13 dB, 33 dB, and 103 dB to power gains. 4. Three amplifiers with gains of 12.5, 4, and 20 are cascaded as shown in the following diagram (from left to right). The input power is 120 mW. What is the overall gain and the output powers of each stage? 5. A power amplifier has an output power of 200 W and an input power of 8W. What is the power gain in decibels? 6. A power amplifier has a gain of 55 dB. The input power is 600 mW. What is the output power in W? 7. An amplifier has an output power of 5W. What is this amount of power in dBm? 8. A communication system has five stages, with gains and attenuations of 12 dB, -45 dB, 68 dB, -31 dB and 9 dB. a. What is the overall gain in dB (AT,dB)? b. The overall power gain (AT)? c. If the input power is 1 dBm, what is the output power in dBm? 9. The signal input power to a receiver is 6 W. The noise power is 25 mW. What is the SNR? What is SNRdB? 10. A receiver’s sensitivity is the minimum received signal power for the receiver to successfully recover the transmitted signal. If a receiver’s sensitivity is -45 dBm, and the received power is 10 μW, will the receiver be able to recover the transmitted signal? 515 516 Security Exercise 23 Introduction to Wireless Signals Discussion: In the wireless section of the course so far, you have learned that we transmit information using EM waves in free space. If we encode some meaningful data onto these waves, we can communicate without being physically tethered to the medium. But how far away can we be? How close to the transmitter must we be in order to receive the message and successfully recover the information? Just like our human voice only travels so far when we shout, radio waves only travel so far from the transmitting station. At some point, you will just be out of range. Fortunately, we can measure the strength of the transmitter (how loud it can “shout”) and the sensitivity of a receiver (how quiet a sound it can still “hear”) When we put these measurements on a logarithmic decibel scale and compare their utility, we can figure out things like: What is the optimal location for a transmitter? Where is the best spot to get reception? Which devices receive a better signal? These are things you probably do with your cell phone all the time. Today we will do an experiment and see if we can answer these questions scientifically. Objective: To provide hands on experience and further familiarize each Midshipman with power measurements in a wireless communication system, and the effects of distance from the transmitter to the receiver. Set-up. Equipment required: Your issued Laptop Xirrus software: I. Measuring Signal Strength from your Local WiFi □ □ On your laptop, check the wireless connections and you should see a list of devices. One of the devices is the wireless Access Point (AP) in your classroom named cyber2_xx. The xx is your room number. If you do not see the specific AP for your room, tell your instructor. Once you see your cyber2 AP, start Xirrus Wi-Fi Inspector by double clicking the icon on your desktop. Let’s explore the Xirrus Graphical User Interface (GUI) shown on the next figure. You should identify each of the following parts on the display (identified with letters a-e) and then perform any specific instructions on your laptop. a) Start by clicking on settings and turning “Locate Sound” to Off. Click OK. b) In the upper left is the “Radar Display.” This shows the relative signal strength of an AP. The stronger the AP, the closer it is to the middle of the display. It doesn’t correlate with specific direction of the AP relative to you, but it will converge to the center as strength increases. c) In the center top is “Connections” which lists the details of the AP you are connected to. d) Below that is “Networks” which lists of all the AP’s you can observe with their respective data. e) “Signal History” is a time versus signal strength (in dBm) graph of the AP you are trying to locate. Highlight the cyber2_xx node, then right click and choose locate cyber2_xx and you should see it appear on the signal history plot. 517 Question1: For your cyber2_xx AP, write the following details down on the lower left corner of the map on the solution page. SSID (Service Set Identifier) - the wireless network name BSSID (Basic Service Set Identifier) - the MAC address of the wireless interface unit Channel - allows the carrier frequency to be separated into bands to keep from overlapping Frequency - carrier frequency the AP is using for communications □ Now that we have Xirrus running, we can take some measurements of the signal strength. Look at the Networks display list in the middle (d above), find your AP, highlight it and note the dBm. Question 2: Record the signal strength noted for your AP on the table on the last page of the lab under classroom. Question 3: Assume you record the signal strength of some other fictional access point when you are standing next to it as -30 dBm. Next, you walk some distance away from it and take another signal strength measurement and record it as 33 dBm. By what factor has the signal strength dropped from measurement one to measurement two? (Hint: convert each measurement to mW then divide measurement two by measurement one). Recall that: Keep this realization in mind when answering the following questions: A SMALL CHANGE IN DECIBELS CAN MEAN A LARGE CHANGE IN POWER! Question 4: Staying highlighted on your assigned AP, move from point to point on the map and record the signal strength (dBm), allowing a period of time to let the value settle. Note if the dBm falls much below -90 it may drop from your list. You can locate it again by returning closer to the classroom. Simply record -90 dBm if your AP is lost at any point on the map. Question 5: Convert your dBm measurements to mW and finish filling in the table. Question 6: Observations: a) b) c) d) At what locations did you receive the strongest signal? The weakest signal? Would you expect to stay connected to this AP in Maury Hall? Why? Have an instructor check your results. 518 2. The Hunt for an Unknown AP □ Understanding how Xirrus reads signal strength, we will now try to locate an unknown AP using the Xirrus program. This AP is not located in your classroom, but you should be able to pick up the signal in your hallway. a) Try to find the AP with SSID Bad_Egg_xx ( again with xx indicating your class room). b) Turn On the “Locate Sound” in Settings and change the polling time to 1 second. Right click on Bad_Egg_xx in the Networks list and select Locate. This will create a ping. The closer the pings are together, the stronger the AP’s signal. c) Begin walking through the lab deck following your ping, dBm and Radar in a direction that makes the signal stronger. Question 7: Where is the AP located? What is the message that is written on the AP? Question 8: Emissions controls in the military refers to controlling your Radio Frequency Emissions. Keeping “The Hunt” from above in mind, why might it be important to maintain radio silence at certain times in Navy and Marine Corps? This SX contributed by Captain Ryan Whitty, USMC. 519 520 Security Exercise 23 Answer Sheet Name: Questions 1/2/4/5: Question 3: ______________________________________________________________________________ Question 6: a) b) c) d) _________________________ Instructor/Lab Tech Signature ______________________________________________________________________________ Question 7: ______________________________________________________________________________ Question 8: a) b) ______________________________________________________________________________ 521 522 Chapter 24: Antennas Objectives: (a) Describe the role of an antenna in a wireless communication system. (b) Explain the difference between power gain and antenna gain, and compute an antenna's gain relative to an isotropic point source (dBi). (c) Describe the advantages and disadvantages of directional antennas. (d) Describe the role of directors and reflectors in the design of a Yagi Antenna. (e) Interpret an antenna's radiation pattern to determine the sidelobe level and front-to-back ratio in dB, the beamwidth, and directions from which interfering or eavesdropping antennas may lay. Connection to Cyber Security Modulated signals are amplified to raise their power (Chapter 23), and then if free-space is the communication channel, transmitted and received using an antenna. A necessary part of a free-space communication system, antennas serve as the bridge from the transmitter and receiver to the communication channel. However, unlike a wire-based communication system, free-space is an open medium, and anyone with an antenna can collect transmitted signals or transmit their own signals. This makes free-space systems particularly vulnerable to cyber attacks involving eavesdropping and jamming. I. Antenna Characteristics An antenna is a device that provides a transition between guided electromagnetic waves in electrical circuits to electromagnetic waves in free space, and can be a length of wire, a metal rod, or a piece of metal tubing. Recall that wavelength (λ) and frequency (f ) of an electromagnetic wave in free space are related by the speed of light (c), where c = 3.0 x 108 m/s: . The length of an antenna is usually expressed in terms of the wavelength (λ) of the frequencies being transmitted. • • Low frequencies imply long wavelengths, hence low frequency antennas are very large (for example, the towers across the Severn River are used for the VLF Submarine Broadcast, 30 kHz and are hundreds of feet high). High frequencies imply short wavelengths, hence high frequency antennas are usually small (for example, the Dish Network transmission frequency from the satellite to your satellite dish is 12 GHz, and the antenna is approximately 1 cm long) Antennas are dual function, meaning that an antenna designed to transmit a certain frequency can also receive that frequency. When selecting an appropriate antenna for a communication system, there are four key criteria that must be evaluated: antenna gain, antenna beam pattern/beamwidth, antenna bandwidth and physical size. 1. Gain – Antennas are not amplifiers as you saw in Chapter 23, and the power out of the antenna is no more than the power in. However, because antennas focus power in certain directions, we say that an antenna can have a gain. Antenna gain determines how concentrated the transmitted power is in a particular direction (usually the direction of maximal radiation), or how well the antenna can receive signals from a particular direction. Higher gain means a stronger signal, making communication over longer distances possible. Conversely, we could communicate over the same distance with less transmit power. Note that some antennas use a parabolic dish to further increase antenna gain (such as the satellite dish for home satellite TV—the actual antenna is still 1 cm long, but the dish is much bigger). Isotropic antennas are theoretical antennas that have no directionality, and radiate their power equally in all directions. Consider the figure below. On the left is an isotropic antenna, located at the center of the sphere. The power it transmits is spread equally in all directions, in a spherical shape. If it transmits 1 W, that 1 W will be spread over the surface of the sphere, so as you move farther from the antenna, the received power per unit area drops dramatically. On the right is a directional antenna. If this antenna also transmits 1 W, that power is spread over a much smaller surface area, as indicated, so that in the direction the antenna is pointing, the reduction in power is 523 much less as you move farther from the antenna. The antenna gain is a measure of power transmitted by a directional antenna in the direction it is pointing relative to that transmitted by an isotropic source. The mathematical definition of antenna gain is . If we convert this to decibels, because we are comparing relative to an isotropic antenna, it is common to use dBi instead of dB. To compute antenna gain in decibels, we have (dBi). Similarly, to convert from dBi to ratio we use (unitless). Light can be used as an analogy to antenna gain. Imagine a single light bulb five feet from a wall. The light bulb sends light equally in all directions similar to how an isotropic antenna sends radio waves equally in all directions. When we put the lightbulb in a flashlight, the design of the flashlight focuses light in a single direction and the portion of the wall still illuminated by light will consequently be brighter. This is similar to how a directional antenna focuses radio waves in a particular direction and is able to affect communications over longer distances (e.g., satellite communications). Antenna gain can be thought of as how much brighter the wall is with the flashlight versus how bright it was with only the light bulb. A related characteristic of transmitting stations in a wireless communication system is the Effective Isotropic Radiated Power (EIRP), which is the product of the transmit power and the antenna gain: (Watts) Here, the subscript t indicates that this is transmitter power and transmit antenna gain. In decibels, . EIRP is the amount of power that an isotropic antenna would have to transmit to achieve the same received power as a directional antenna at the same distance. To better explain this, let’s return briefly to our flashlight analogy. Let’s say I have 1W being sent into my flashlight which is five feet from the wall. The wall will then be a certain brightness. If we then remove the lightbulb from the flashlight and stay five feet away, the wall will get dimmer as we’ve previously discussed. EIRP is how much power I would now need to send into the lightbulb, without the flashlight, in order to make the wall as bright as it was with the flashlight. An antenna with directional gain has some advantages over an isotropic antenna. These include: • Because energy is only sent in the desired direction, the possibility of interference with other transmitters at or near the same frequency is reduced. • More focused power results in increased gain, which means that less power is required. 524 • Controlling the direction of the beam can help prevent eavesdropping since you must be in the beam in order to receive the signal. • A narrow beam can reduce the likelihood of detection in a covert setting for the same reason as was just discussed. However, directional antennas don’t work well in mobile situations (imagine keeping your cell phone pointed at a cell tower as you’re driving past it) and they can be physically large if gain is big. Practice Problem 24.1 A radio station has an EIRP of 25 kW and a transmit power of 1.73 kW. What is the gain of the antenna? 2. Beam Pattern/Beamwidth – Beam pattern is a diagram that shows specifically what direction(s) the antenna favors. You can think of a radiation pattern being created by having an antenna radiate a constant power (say 1 W, although any power will do), and then with a power meter, walk in a complete circle 1 km (or any other constant distance) from the antenna and record the power received at each point along the circle. The result will look something like the following figure. An example radiation pattern is shown in this figure in red. In this pattern, relative bearings are shown with 0° being the direction the antenna is pointing. In this figure, each circle represents a change in received power of 3 dB, and the maximum power is along the 0° bearing. There are six lobes of transmitted power showing. The mainlobe is oriented towards 0°, the direction the antenna is pointing. There are four sidelobes, oriented towards ±60° and ±120°, and a backlobe, oriented towards 180° (directly away from where the antenna is pointing). In many cases, the mainlobe’s maximum value will be defined as 0 dB, and the power levels at all other points on the pattern are the number of dB less than the max; this is a measure of power relative to the max power. This form of a radiation pattern is only one of many that could be used; sometimes the rings are not in dB, sometimes they represent power density (W/m2), or power (dBW or dBm), etc. But the general features of the beam pattern will be similar. In actuality, antennas radiate in 3-dimensions but the radiation patterns we will focus on are 2-dimensional, like the one shown above. 525 From the radiation pattern, a few new terms that describe the properties of the antenna come about. The sidelobe level (SLL) is a measure of the strength of the sidelobes compared to the mainlobe in decibels. The sidelobe level is measured from the peak of the main lobe to the peak of the largest sidelobe. Mathematically, . For the antenna with radiation pattern on the previous page, the largest sidelobes are at ±60°, so SLLdB = 0 dB – (– 16 dB) = 16 dB. Similarly, the front-to-back ratio (FBR) is a measure of the strength of the mainlobe to the strength of the back lobe in decibels. Mathematically, . For the antenna with radiation pattern on the previous page, the backlobe is at –17 dB, so the front-to-back ratio is FBRdB = 0 dB – (– 17 dB) = 17 dB. Finally, note that the radiation pattern has some bearings that are not a part of any lobe, for example ±35°. These are called nulls of the pattern, and at these bearings, no power is transmitted from this antenna (or perhaps a miniscule amount), nor can this antenna cannot receive signals from these bearings. 3. Beamwidth – Beamwidth is based on the relative bearings where transmitted (or received) power is reduced by a factor of ½ (or -3 dB, since 10 log10 (½) = -3) from the direction of max power. We call these points on the diagram the -3 dB (or half-power) points. The beamwidth is the angle that subtends these points. The following figure shows the beamwidth computation for the above beam pattern; the beamwidth is 20°. A narrow beamwidth (small angle) means the antenna is very directional. 4. Bandwidth – Bandwidth determines the range of frequencies that the antenna is best suited for. Broadband signals (that is, signals with a very wide bandwidth) transmit more data at a faster data rate, but broadband antennas are harder to design/build. An antenna is normally designed for a certain transmit frequency, but can be used successfully for a range of frequencies around that. 5. Physical Size – Physically larger antennas have a higher gain and narrower beamwidth, but are much harder to conceal. Also, the system using the antenna may introduce its own constraints (e.g., no one wants to mount a 6 meter dish on the roof of their car). Antennas radiate most effectively when their length is directly related to the wavelength of the transmitted signal. Most antennas have a length that is some fraction of a wavelength. One-half and one-quarter wavelengths are most common. 526 Practice Problem 24.2 Consider the antenna with this radiation pattern: 1. What is the beamwidth of this directional antenna? 2. What is the sidelobe level? 3. What is the front-to-back ratio? 4. Will a station transmitting bearing 90° interfere with me? Will I interfere with it? 5. Will a station bearing 240° be able to eavesdrop on my communications? 6. Suppose the receiver I am communicating with (at 0°) requires that the signal received be at least 1 pW. Will I have to transmit more power or less power using this antenna than if I were using an isotropic antenna? Why? II. Dipole Antenna One of the most widely used antenna types is the half-wave dipole. A dipole antenna is two pieces of wire, rod, or tubing that are one-quarter wavelength long at the operating frequency connected to a voltage source (these are the poles). The antenna is formed by placing these poles at a 90° angle from the transmission lines that are carrying the signal to be transmitted. This is depicted in the figure below. The most efficient radiation of EM waves comes when the total length of the antenna is λ/2 long, which is why the antenna is called the half-wave (λ/2) dipole antenna. 527 The radiation pattern for a horizontally oriented dipole antenna is shown below (on the left). The dipole is the heavy black line segment. The scale is not in dB, but this is the general shape. It is bidirectional, in that there is a backlobe that is as large as the mainlobe, both emanating perpendicular to the orientation of the dipole. If the dipole is oriented vertically, the radiation pattern is omnidirectional, as shown on the right. The 3-dimensional radiation patterns for the horizontally and vertically mounted dipole are shown on the next figure. Note that the 2-dimensional patterns above are cutaways of the 3-dimensional patterns. Major Parameters for the Dipole Antenna: 1. Beam Pattern/Beamwidth – A dipole mounted vertically has the 2-dimensional beam pattern in the azimuth plane shown in the figure on the previous page, and a -3 dB beamwidth of 78º. The vertically mounted antenna has an omnidirectional pattern in the azimuth (energy is spread equally in all directions). 2. Gain – A dipole has a gain of G = 1.64, or GdBi = 2.15 dBi. 3. Bandwidth – A dipole typically has a bandwidth that is ~25% of the center frequency of transmission. 4. Physical Size – A dipole has a physical size equal to λ/2, where λ is the wavelength of transmission. Practice Problem 24.3 A transmitter feeds a half-wave dipole antenna with 100 watts of power. Calculate the Effective Isotropic Radiated Power (EIRP). 528 Practice Problem 24.4 How long would a dipole antenna be for AM 1100? III. Monopole Antenna The quarter-wave (λ/4) monopole antenna, also called a Marconi antenna, is widely used. It’s characteristics are similar in to a vertically mounted dipole antenna, except that the monopole is connected to a ground plane (such as the earth), and uses it as a as a type of electrical “mirror” to reflect transmitted or received energy upwards to contribute to the upper part of the radiation pattern. Effectively, the ground plane acts as the “missing” half of a dipole antenna. The 3-dimensional radiation pattern for the vertically mounted λ/4 monopole is shown in the following figure (on the left), and a slice of the pattern (2-dimensional pattern in the vertical direction) is shown on the right. Major Parameters for the Monopole Antenna 1. Beam Pattern/Beamwidth – A monopole has an omnidirectional pattern in the azimuth (energy is spread equally in all directions), and a -3 dB beamwidth of 45º in the vertical plane. 2. Gain – A monopole has a gain of G = 1.45, or GdBi = 1.6 dBi. 3. Bandwidth – A monopole typically has a bandwidth that is ~10% of the center frequency. 4. Physical Size – A monopole has a physical size equal to λ/4. Practice Problem 24.5 The ballistic submarine, USS Alaska, has gone alert. They must stream a floating wire monopole antenna to get their alert signal. If the alert signal is transmitted at 30 kHz, how far should they stream their antenna? (note: the antenna being streamed is a straight wire) 529 IV. Yagi (Yagi-Uda) Antenna The Yagi-Uda was developed in Japan in 1926 by Professor Hidetsugu Yagi and his student Shintaro Uda. Their basic concept and structure is still used across a wide variety of modern antenna designs, and the Yagi-Uda is still the “go-to” antenna for high gain at VHF and UHF frequencies. There was a time when every home in America was equipped with a Yagi antenna, on their roof to allow reception of broadcast television. A Yagi antenna is composed of a driven-element (a dipole antenna) and multiple parasitic elements. A driven-element is one that is connected electrically to the transmitter. Parasitic elements are not connected electrically, but are placed in the vicinity of the driven element to either side. These parasitic elements (known as reflectors and directors) will resonate with the electric field produced by the dipole. Reflectors are longer than the dipole antenna, are all placed on one side of the dipole, and reflect the transmitted EM waves back towards the dipole antenna. Directors are shorter in length than the dipole, and “direct” EM waves from the dipole and reflectors to form the mainlobe. Judicious spacing of the parasitic elements will allow us to produce constructive interference and “push” energy in the forward direction, giving the Yagi-Uda good gain. The effect of directors and reflectors is: • More parasitic elements means higher gain and narrower beamwidth. • Adding more directors is more effective than adding more reflectors. • The greater the number of directors, the higher the gain and the narrower the beamwidth. • However, we get diminishing returns as more elements are added. Most Yagi antennas have 1 reflector and 1-20 directors. Here is a Yagi-Uda with one director and one reflector. This is a three-element Yagi. The simplest Yagi, consisting of a driven element and one reflector, shown on the bottom of the prior page, has a gain of about 5 dBi. Practice Problem 24.6 What is the length of the driven element in a Yagi at 290 MHz? 530 A manufacturer of Yagi antennas is the L-Com Global Connectivity corporation (www.l-com.com). Here’s an example pattern of one of their 900 MHz Yagi antennas (model HG906YE-RSP). The driven element (dipole) has a cable connected to it. This Yagi has 1 reflector and 2 directors, and a gain of 6 dBi. The horizontal beamwidth is 100°, vertical beamwidth 60°. Compare that to their model HG914YE-RSP antenna, which has 1 reflector, 11 directors, and 14 dBi of gain. The horizontal beamwidth is 31°, vertical beamwidth 28°. All else being equal, which is the antenna with the higher gain a “better” antenna? Well, unfortunately all else is not equal. The 6 dBi Yagi is only 14.2 inches long while the 14 dBi Yagi is a whopping 60 inches (that’s 5 full feet) long, almost six times the length of the 6 dBi antenna. If constrained by size, the 6 dBi antenna may be the better choice. Although the Yagi antenna does a good job at directing (and receiving) energy from the forward direction (in the main lobe), its sidelobes are fairly large in comparison. Major Parameters for the Yagi Antenna 1. Beam Pattern/Beamwidth – A Yagi is a directional antenna that transmits energy in a main lobe, but with fairly high side lobe levels. The beamwidth is dependent on the number of parasitic elements, with more elements resulting in a narrower beamwidth. 2. Gain – A Yagi’s gain is directly proportional to the number of parasitic elements, with typical gains in the range of 520 dBi (You will never be asked to calculate the gain of a Yagi antenna based on its dimensions). 3. Bandwidth – A Yagi is typically very narrowband, with a bandwidth ~5% of the center frequency. 4. Physical Size – A Yagi’s dipole radiator has a physical size equal to λ/2, but the length is determined by the number of directors. Directors are typically spaced in half-wavelength increments. You should be familiar with the four major parameters for the following three antennas: Dipole Monopole Yagi-Uda 531 532 Problems 1. What are the 4 engineering factors associated with the design of antennas? 2. a) Calculate the length, in meters, of a dipole antenna that is designed to receive a station at AM 800 on the dial of an AM radio. b) Calculate the length, in meters, of a monopole antenna that is designed to receive the FM station at 107.1MHz. 3. Given the following radiation pattern, where each ring represents a 1 dB change in power, what is the beamwidth? The sidelobe level? The front-to-back ratio? 4. Given the following radiation pattern, where each ring represents a 2 dB change in power, what is the beamwidth? The sidelobe level? The front-to-back ratio? 5. The power applied to an antenna with a gain of 4 dB is 13 W. What is the EIRP? 6. What does it mean for an antenna to have directivity, and what are the advantages and disadvantages of a directional antenna? 7. Name and describe the three basic elements in a Yagi antenna. 533 8. The length of the driven element in a Yagi antenna is 900 mm; what is its operating frequency? 9. The mainlobe of an antenna has a maximum gain value of +18 dB at its peak point of forward direction. The same antenna has a gain of −5dB at the peak point of its rear lobe. Determine the front-to-back ratio of the antenna. 10. Yagi antennas A and B both have a driven element designed to transmit/receive 100 MHz. Yagi antenna A has 1 director and 3 reflectors, while Yagi antenna B has 1 director and 7 reflectors. Describe the differences you would expect to see in their radiation patterns. 534 Security Exercise 24 Reserved. 535 536 Chapter 25: Propagation Objectives: (a) Define reflection, refraction, diffraction and scattering. (b) Describe the characteristics of ground waves, sky waves, and space waves. (c) Calculate the radio horizon distance for space waves based on antenna height. (d) Compute received power level for a communication system using Friis Free Space equation. (e) Using the log-normal propagation model, compute received power, path loss or transmission distance. Connection to Cyber Security In a wireless communication system, the transmitter transmits a modulated signal into free-space using an antenna. The signal then propagates through free-space until it reaches the receive antenna. Along the way, the transmitted signal loses power, so that by the time it gets to the receiver, the received power can be extremely low. If the received power is too low, the receiver will not be able to recover the information. In this chapter, you’ll be introduced to the various ways that signals can propogate through free-space, and also how to compute the received power. Cyber attacks against wireless communication systems can take advantage of a low received signal power to jam the transmission, or to take control of the communication link. I. Wireless Propagation Propagation is the means by which a signal moves from Point A to Point B. It sounds simple, but it is the most fundamental and challenging aspect of wireless communications. In a wired system (such as an Ethernet network), propagation is not really a concern per se. However, wireless transmission requires a fundamental understanding of how electromagnetic waves move through the atmosphere. The challenges of propagation in free-space include the fact that the transmitter and/or receiver may be moving, obstacles in the path of propagation, a path that is not necessarily a straight line, and a signal that takes various paths to get to the receiver. In general, we can think about radio frequency propagation in two broad categories: large scale and small scale. Our emphasis in EC310 is on understanding large scale propagation (longer distance), although many engineers have devoted their entire careers to understanding and modeling small scale propagation. In fact, you’ve likely experienced a small scale propagation issue numerous times without ever realizing it. The classic example would be driving down the highway while talking on your cell phone and experiencing a dropped call. Large Scale Propagation – The behavior of the radio channel over large distances (100s or 1000s of wavelength of distance). Received power is directly related to distance between Tx and Rx, and is stationary with respect to time. Small Scale Propagation – The behavior of the radio channel over a small local area (1-10 wavelengths of distance) and/or of small time durations. Received power fluctuates rapidly based on position, speed, direction of travel, etc. of the mobile. II. Large Scale Propagation A. Physical Phenomena Large scale propagation is affected by four physical phenomena: • • • • Reflection – the bouncing of EM waves off of surrounding objects, such as vehicles, buildings, etc. Refraction – the bending of EM waves as they travel through mediums of different material Diffraction – bending of EM waves around objects Scattering – diffuse re-radiation of EM waves off rough (smaller than the signal’s λ) objects Let’s look at these briefly one at a time. 537 1. Reflection Reflection occurs when a transmitted EM wave strikes a conductive object (such as a metallic object) on its path to the receiver. As you recall from physics, in reflection, if the object is flat, the angle of reflection is equal to the angle of incidence. 2. Refraction When an EM wave passes from one medium to another, the EM wave’s path can change direction (bend). In wireless communications, we see this when EM waves directed towards the sky go up into the ionosphere, and eventually bend back down to earth as depicted in the figure below. 3. Diffraction Diffraction is the bending of EM waves around objects in their path, even behind them to some extent. Consider a transmitter and receiver where an object is blocking the direct line-of-sight path between them. The signal can diffract around the object such that the signal can get to the receiver even though it is shadowed. Note that the more deeply the receiver is shadowed, the lower the received power, and in some cases, the receiver may not be able to receive any signal. The concept of diffraction is illustrated below. 1. 4. Rough Surface Scattering Sometimes called diffuse scattering or diffuse reflection, scattering happens when an EM wave impacts a rough surface and is re-radiated in many directions at much reduced power levels . So those are the basic physical phenomena propagation. What happens when we add in a real earth and a real atmosphere? The earth and the earth’s atmosphere have the greatest impact on signals in the VLF – HF range (3 kHz – 30 MHz). It’s not that the earth and atmosphere don’t affect signals at higher frequencies, it’s just at those higher frequencies other factors come into play and dominate the effects of the earth/atmosphere. Let’s look at what happens to these lower frequencies first before moving on to the higher frequencies. 538 Frequency Range Frequency Range Propagation Mode VLF (Very Low Frequency) 3 kHz – 30 kHz - Ground waves LF (Low Frequency) 30 kHz – 300 kHz - Ground waves MF (Medium Frequency) 300 kHz –3 MHz - Ground waves, sky waves at night HF (High Frequency) 3 MHz – 30 MHz - Sky waves VHF (Very High Frequency) 30 MHz –300 MHz - Space waves UHF (Ultra High Frequency) 300 MHz – 3 GHz - Space waves SHF (Super High Frequency) 3 GHz – 30 GHz - Space waves EHF (Extremely High Frequency) 30 GHz – 300 GHz - Space waves B. Modes of Propagation For VLF-HF communications, there are three basic modes a radio wave can travel from the transmitter to a receiving antenna: • Ground wave – EM waves that travel close to the surface of the earth • Sky wave – EM waves that travel up into the atmosphere and then bend back to earth • Space wave – EM waves that travel in a straight line (direct line-of-sight or LOS) The frequency of the radio wave is the most important factor in determining the mode and performance of each mode of propagation. 1. Ground Wave Propagation A ground wave is a radio wave that travels along the earth’s surface (also referred to as a surface wave). A ground wave must be vertically polarized; that is, the antenna must be oriented vertically. Lower frequencies travel efficiently as ground waves because they are diffracted by the surface of the earth. Ground waves thus follow the curvature of the earth and can travel beyond the horizon, for hundreds of miles. Ground wave propagation is strongest in the LF and MF frequency ranges. Ground wave propagation constitutes the main signal path for signals in the frequency range from 30 kHz – 3 MHz. 2. Sky Wave Propagation Sky waves are radiated by an antenna into the upper atmosphere where they are reflected or refracted back to earth. The air molecules of the ionosphere are subject to severe radiation from the sun. Ultraviolet radiation causes the molecules to ionize, or separate into charged particles, positive and negative ions. This separates the upper atmosphere into different layers (or mediums) that promote reflection or refraction. The direction of reflection depends on the angle at which the radio wave enters the atmosphere and the different degrees of ionization of the layers, as well as the frequency of the transmission. 539 3. Space Wave Propagation A space wave refers to the radio wave that travels directly in a straight line from the transmitting antenna (LOS). These waves are not refracted, and do not follow the curvature of the earth. The chief limitation of a space wave is that it is limited to line-of-sight distances. The range of space wave propagation is limited by the curvature of the earth and height of the antennas above the earth’s surface. If an antenna has a height h above the surface of the earth, the distance, d, to the radio horizon (which is the maximum range for space wave communications from that antenna) is given by the formula Important: In this formula, the height of the antenna is in feet, and the distance to the horizon is in miles. That is, if you plug in the antenna height in feet, the resulting distance value will be in miles. The next figure demonstrates the maximum distance that two stations can be apart and still conduct line-of-sight communication. This figure shows one antenna of height h1 and a second antenna of height h2. The maximum separation at which they can still communicate by line-of-sight is given by: . Practice Problem 25.1 What is the longest line-of-sight communication range between a transmitter whose transmitting antenna is 350 feet high and a receiver whose receiving antenna is 25 feet high? Now that we’ve covered all the glories of Large Scale Propagation in real-world environments, it behooves us to look at the most basic way we can transmit energy from Point A to Point B in an environment devoid of terrain, mountains, buildings, 540 ground, or atmosphere. Such an environment is known as Free Space, and conveniently, wireless propagation in such an environment is known as Free Space Propagation. III. Free Space Propagation Let’s consider the following scenario. You have a brand-new iPhone (or Samsung phone as the case may be), have just signed up for a super-fast LTE plan, and would like to upload a photo, surf the web, browse Facebook, or just plain make a phone call. To make that happen, your phone has to transmit that information over the air to the nearest LTE cell tower (cost: $5 Million, that’s why your phone bill is $100/month), which happens to be 5 miles away. Question: Will your signal make it to the tower and will it have sufficient power to “close the link” and allow you communicate? Or will you suffer the fate of a cellular “dead zone”? That depends on the amount of signal power that is received. Recall from Chapter 24 the discussion of antenna gain. An antenna has gain if it can focus its transmitted power (or can receive power) in a certain direction, as opposed to an isotropic antenna that radiates (or receives) power equally in all directions (in a spherical shape). This led to the term effective isotropic radiated power (EIRP), which is the amount of power an isotropic antenna would have to radiate in order to match the power that a directional antenna radiates in the direction it is pointing. To figure out how to compute received power, let’s consider how an isotropic antenna radiates in a spherical shape. As EM waves move away from the isotropic antenna, the sphere gets larger and larger, until it touches our receive antenna. The transmitter transmits a constant power, however, the power density is going to decrease as the distance from the transmit antenna increases. Power density is the amount of power received per unit area (W/m2). The power density that reaches the receive antenna is going to be based on the surface area of a sphere, where the distance between the transmitter and receiver (d) is the radius of the sphere. Since the surface area of a sphere of radius d is given by the power density (Pd) at the receiver in units of W/m2 is: Now, the last thing we need to do is to turn that power density into the actual received power. Power density is power per unit area, so what is the “area” we are interested in? Since we are receiving the signal on an antenna, the “area” of interest is the area of the receive antenna. The derivation of the effective area of an antenna is beyond the scope of the course, but it is mathematically defined as: Finally, we can put all this together and determine the equation for received power, which is received power density (W/m2) multiplied by effective area (m2): where the variables are defined as: Pr Pt Gt Gr λ d Received power (W or mW) Transmitted power (W or mW) Transmit antenna gain (unitless) Receive antenna gain (unitless) Transmission wavelength (m) Distance between transmitter and receiver (m) 541 This is known as the Friis Free Space Equation. It is fundamental to understanding how received power is reduced as a function of distance for wireless communications. Important note: in this equation, there are NO decibel terms! The two most common mistakes made when using this equation is using dB values instead of linear values, and failing to get the wavelength/distance units correct. If you’re given a problem that includes dB values for any of the terms, take the values out of decibels! Let’s go back to our cell phone example. Practice Problem 25.2 Your cell phone transmits at a power level of 500 mW, with an antenna gain of 2.0 dB. The cell tower has an antenna gain of 8.0 dB, and is a distance of 5 miles away. For LTE, you’re transmitting at 700 MHz. Will your signal make it to the tower and will it have sufficient power to “close the link” and allow you communicate? Or will you suffer the fate of a cellular “dead zone”? (note: 1 mile = 1.609 km, and consider −105 dBm as the minimum power required to be able to “close the link”) Note: The Friis Free Space equation is technically only valid for free-space environments (although many situations will mimic free space). So the question is: what happens when we add back in the mountains, the buildings, the earth, and the atmosphere? 542 IV. Log-Normal Model Most terrestrial wireless communications operate in the VHF and UHF bands. Those bands are mostly used for narrowband, long-distance communication. In this frequency range, the earth and atmosphere play a far smaller role, and propagation becomes dominated by the specific local environment. Let’s consider the following scenario. Suppose we convince the ECE Department to build a cell tower on the top of Rickover Hall, and you’re driving down McNair Road. The signal you receive will be a combination of reflection, diffraction, and scattering, as shown in the image below. The problem is that we call it “mobile” radio for a reason: you want to be able to drive, move about the local environment, and communicate on your cell phone at the same time. Diffr actio n on cti g in r tte e efl R a Sc As you move about the environment, the three propagation modes will have an impact on the instantaneous received signal in different ways. Under these conditions, you receive a nice strong signal reflected from Mahan Hall, with a little bit of signal energy coming from diffraction off the back corner of Nimitz Library, along with some energy scattered by the clock tower. As you move towards Alumni Hall, the direct line-of-sight signal to the tower will be blocked, as will most of the strong reflected signals; diffraction is now the dominant mode. Conversely, if you moved towards Rickover Hall, you would receive a nice strong line-of-sight signal from the tower, along with a strong reflection from the Northeast side of Nimitz Library as well as scattering from all the parked cars in the Triangle Lot (between Rickover Hall and Nimitz Library). So the question remains: Using your brand-new iPhone (or Samsung phone as the case may be), will your signal make it to the tower and will it have sufficient power to “close the link” and allow you communicate? Or will you suffer the fate of a cellular “dead zone”? What happens when you put all three major modes of propagation together? How do you create a simple easy-toutilize model to compute the resulting received signal power? Clearly, the Friis Free Space equation is out, since it is based on unobstructed, direct line-of-sight transmission. In addition, ground wave/sky wave effects are so small that they can be neglected. Although numerous sophisticated models exist (and are used to varying degrees in both commercial and military systems), by far the simplest and most common way to describe propagation in such an environment is the Log-Normal model (also called Log-Distance model). This model is widely used to not only predict coverage for a particular mobile user, but also for predicting the interfering signal power that the mobile user will experience from other RF sources. A description of the log-normal model begins with the definition of path loss. Path loss is the amount by which the transmitted signal has dropped by the time it gets to a receiver at distance d away. Usually computed in decibels, path loss as a function of distance d is defined as: Over the years, wireless engineers have observed that average path loss for a particular environment is related to the distance d and follows a dn relationship, where the variable n is known as the Path Loss Exponent, and n is specific to that environment. Researchers have also observed that when they made numerous measurements at a specific distance (but in different local environments), the variation in received signal power obeyed a “bell curve” distribution about the local mean (the “bell curve is formally known as a “Normal” or “Gaussian” distribution). Plotted on a log scale, the results look something like this: 543 PL (dB) Average Path Loss Gaussian distribution of Path Loss about that particular distance Distance Dependent Mean 1m 10m 100m 1km 10 km Dist (m) We call this Log-Normal Path Loss. Average Path Loss obeys a linear relationship (straight line) on a log scale, and the variation in received power at that distance follows a normal distribution. The slope of the line is the Path Loss Exponent, and is determined experimentally for the particular scenario of interest. Mathematically the Log-Normal Path Loss at a distance d is given by: In this equation, the variables are: d d0 n PLdB(d) PLdB(d0) Distance from transmitter to receiver in meters A reference distance, usually 1 meter Path loss exponent (unitless) Path loss at distance d (in dB) Path loss at reference distance d0 (in dB) The value of PLdB(d0) is usually calculated with the Friis Free-Space equation or measured empirically. Note that antenna gains, wavelength, etc. are embedded in the model (in PLdB(d0) and n) parameters. Changing the configuration means we will end up with different model parameters and different results. Values for path loss exponents have been tabulated for a number of environments, and a few representative values are given in the following table. Path Loss Exponents for Different Environments Environment Path Loss Exponent, n Urban Area Dense Urban Area In Building with Line-of-Sight In Building Obstructed Factory Floor Obstructed Retail Stores 2.7 to 3.5 3 to 5 1.6 to 1.8 4 to 6 2 to 3 1.8 to 2.5 So after all that discussion, we still haven’t answered the question: Using your brand-new iPhone (or Samsung phone as the case may be), will your signal make it to the tower and will it have sufficient power to “close the link” and allow you communicate? Or will you suffer the fate of a cellular “dead zone”? Practice Problem 25.3 Your cell phone transmits at a frequency of 700 MHz and a power level of 500 mW, and has an antenna gain of 2.0 dB. The ECE Department’s cell tower has an antenna gain of 8.0 dB. Let’s assume you’re at the entrance to Gate 8, which would put you approximately 1.0 km away from the tower. From the table above, the USNA campus most closely matches “Urban Area”, so let’s use a Path Loss Exponent that’s exactly in the middle of the range 2.7-3.5, so use n = 3.1. 544 • We will need to calculate the path loss at a reference distance (PLdB(d0)). The choice of reference distance is technically arbitrary, but is typically 1 meter, as it makes the math much easier to work with. First, convert antenna gains out of decibels and compute wavelength: • Now use the Friis Free Space equation to calculate the the received power at 1m: or in dBm, • Compute the path loss at the reference distance: • Compute the path loss at distance d = 1000 m: • Finally, determine received power at the cell tower: Note that this is actually weaker (by 15 dB, or a factor of 30) than the received power at a distance of 5 miles (8 km) that was predicted by the Friis Free Space equation for a similar scenario in the previous Practice Problem. This illustrates the inaccuracy of using the Friis equation in scenarios that are not free-space. Incidentally, a received signal power of −85.4 dBm is still sufficient to “close the link” and communicate with the tower (recall that −105 dBm is the minimum power to “close the link”). 545 546 Problems 1. Is diffraction harmful or advantageous in radio communications? Explain. 2. What are the three modes that an electromagnetic wave can travel from a source to a destination? 3. What is the term used for an electromagnetic wave that propagates by line-of-sight? 4. A ship-to-ship marine-band VHF radio operates at 156 MHz and is limited to a maximum of 25 watts. The signal propagates via space propagation, so it is limited in range to direct line-of-sight. A Coast Guard transmitting station on shore has a monopole antenna that is 350 feet tall. (a) If a ship is 35 miles (56,315 m) away from the CG station, how high must the ship’s monopole antenna be mounted to ensure reception? (b) Using the Friis Free-Space equation, calculate the received power at the ship. (c) If someone is standing in a life raft with a hand-held VHF radio (assume antenna height of 6’), what is the maximum range from which they could contact the ship in part a? 5. In a certain communication link, the transmit power is 5 W and the path loss is 100 dB. What is the received power in mW? 6. Use the log-normal model to solve for the distance of transmission (d) given the following parameters. Use the Friis FreeSpace equation to determine the path loss at d0 = 1 m. n = 2.7, f = 900 MHz, Pt = 10 dBm, Pr = −70 dBm, Gt = 1.64, Gr = 5 dB. 547 548 Security Exercise 25 Drivers start your engines. Today we looked at various ways radio waves propagated through space, air. For this lab, we will be using radio control (RC) cars, our communication system, to evaluate the propagation of electromagnetic waves as they traverse through space. Now we have gone out of the way to purchase the best radio control cars in the world. That’s right! Only the best for you guys. We acquired Ferraris, Audi R8, Lamborghinis, Camaros, etc. Don’t they look so pretty? The cars that you have available to you today operate at a couple of different frequencies. Question 1: Examine the cars and write down the frequencies at which the cars operate on your answer sheet. Question 2: Based on the frequencies you just determined for the cars in you classroom and what you learned in class, which propagation mode is used to control these cars? (i.e. ground wave, sky wave, space wave) Question 3: Why won’t the other two propagation modes work? Question 4: What are the wavelengths of the frequencies associated with the RC cars? Show your work and record your wavelengths on the answer sheet. Now that you know the wavelengths associated with the frequencies, how far do you expect the cars to travel? You need some information to calculate the distance. The gain for the transmitting antenna is -8 dB. The gain for the receiver antenna is also -8 dB. The power of the transmitter (PT) is 10 dBm. The minimum power necessary at the receiver (PR) to control the car is -50 dBm. Rearrange and use the Friis Free Space equation to determine the distances for both the high- and low-frequency car. Question 5: Show your work and record your expected distances on the answer sheet. Alright. You have your calculation. Now, it’s time to take measurements and see how accurate they are. Measure how far the lower frequency car will go. Make sure your measurement is in meters. Drive from the front of the classroom to the back and around back benches, not out of the classroom. Remember the distance be should a straight line to the car, not the path is takes. So how far did it travel? Question 6: Record the experimental distance for the lower frequency car on the answer sheet. You should’ve noticed that the car didn’t go nearly as far as you calculated. Why? Think back to the equation you used to calculate the distance. What did we say about the equation? It needs to be used in free space without obstructions. That means no terrain, mountains, buildings, ground, or atmosphere. In the classroom, there are desks, lab equipment, people—all obstacles. So the Friis Free Space equation isn’t going to provide an accurate distance. When we have all this furniture and equipment that can interfere with the signal, they will reflect the signal, diffract the signal, and/or scatter the signal. Remember that: (1) Reflection occurs when energy (or the signal) reflects off a large (relative to the λ) conductive surface. (2) Diffraction occurs when energy bends around objects. (3) Scattering occurs when EM waves strike a rough surface (smaller than λ) and re-radiates the EM wave in many different directions. As the signal is affected by all the lab equipment, people, etc., the signal at the receiver is a combination of many variations of the original signal. This variation leads to a reduced signal strength. So how are you going to determine how far the higher frequency car should go? 549 Let’s use the Log-Normal model. This model is widely used to not only predict coverage for a particular mobile user (i.e. the RC car), but also for predicting the interfering signal power that the mobile user will experience from other Radio Frequency sources (i.e. the cell phones in your pocket). The log-normal equation is: . To predict the distance of the high frequency car, you need a few pieces of information. Inside a building with obstructions (i.e. your classroom), you would expect a path loss exponent of 4-6. For your classroom, use 4 as the path loss exponent (n = 4). At the max distance, you would expect a Pr of −50 dBm, and your Pt is 10 dBm (use the difference in Pt and Pr to determine PLdB(d)). The last piece of information you need to make your calculation work is: at d0 = 1 meter, the path loss is 10 dB (that is, PLdB(d0) = 10 dB). Use the path-loss equation above to compute the distance d, given these parameters. Question 7: Show your work and record the new expected distance (d) for your higher frequency car on the answer sheet. Question 8: Now go drive the higher frequency car. Drive from the front of the classroom to the back and around back benches, not out of the classroom. How far did it go in meters? Remember the distance should be a straight line to the car, not the path is takes. You did it. So now you can calculate, at least for a RC car, the distance a radio wave will travel. But be aware that if you change the configuration, (i.e. you go into the hall) you will have different model parameters and therefore different results. One last test of you mathematical skills. Calculate the distance the lower frequency car will travel if you were outside. In this case, use a path loss exponent (n) of 2.6. All other parameters are the same. Question 9: What is the expected distance (d) for your lower frequency car? Record on the answer sheet. Watch the Youtube video, RC Car Outside Distance. Question 10: Were you correct (roughly)? ____________________________ Your final test. Using either car, place the car against the wall inside the classroom next to the door. Go outside the door where you can no longer see the car. Just on the other side of the wall should be fine. Try to move the car using the radio controller. Question 11: Did it move? Why or why not? (hint: Think back to the 3 interferences on page 3.) 550 EC310 Security Exercise 25 Name: __________________________________________________________________________________________ Question 1: Low frequency = _____________ High frequency = _____________ __________________________________________________________________________________________ Question 2: __________________________________________________________________________________________ Question 3: __________________________________________________________________________________________ Question 4: Wavelength (low frequency car) = _____________ Wavelength (high frequency car) = _____________ __________________________________________________________________________________________ Question 5: Distance (low frequency car) = _____________ Distance (high frequency car) = _____________ __________________________________________________________________________________________ Question 6: Experimental distance for low frequency car = _______________________________________________________________________________________ Question 7: __________________________________________________________________________________________ Question 8: __________________________________________________________________________________________ Question 9: __________________________________________________________________________________________ Question 10: __________________________________________________________________________________________ Question 11: __________________________________________________________________________________________ 551 552 Chapter 26: Electronic Warfare Objectives: (f) Define Electronic Warfare and provide an example of each of the three Electronic Warfare categories: Electronic Defense, Electronic Warfare Support and Electronic Attack. (g) Define Jamming to Signal ratio (J/S) and calculate the necessary power to jam an emitter. Connection to Cyber Security Warfare involves offensive and defensive operations. In the Host Module, we learned that an adversary can attack our host computer by employing a buffer overflow exploit. To counter this attack, we have several defensive actions at our disposal; for example, we can avoid the C library functions that are notorious for inviting buffer overflows, we can use a non-executable stack, a canary can be used to detect an attempt to overwrite a stored return address, etc. Recall also that, aside from formal attack operations and defensive responses, an adversary might attempt to look for flaws in our host software. For example, an adversary might enter a ridiculously long value when prompted to enter something, as a test to see if he can make the program behave erratically. In the Network Module, we learned that an adversary can attack our network using either a false route injection attack or a wide-area BGP route-hijacking attack. To defend against false route injection, we can use an OSPF authentication mechanism, or we might selectively set up passive interfaces on router ports. To defend against a wide-area BGP routehijacking attack, we can use judicious filtering at Autonomous System borders, or we might attempt to authenticate routing information against an Internet Routing Registry, or we can attempt to receive some cryptographic assurance of the routing information we receive by using the Resource Public Key Infrastructure. Recall also that, aside from formal attack operations and defensive responses, an adversary might attempt to perform "network reconnaissance" by using Wireshark, nmap or various network utilities. Not surprisingly, we find in the Wireless Module that the electromagnetic spectrum can also be used for offensive and defensive operations, as well as for "reconnaissance" operations. In the context of wireless systems, these attack, defensive and reconnaissance operations are termed electronic warfare. The jamming and taking over of communication links are two of the ways that cyber attackers exploit wireless communications. Electronic Warfare (EW) The term Electronic Warfare (EW) refers to any action involving the use of electromagnetic energy to attack an adversary or to otherwise control the electromagnetic spectrum. EW includes three major subdivisions: electronic attack, electronic defense, and electronic warfare support. We'll discuss each of these in turn, starting with electronic warfare support. A. Electronic Warfare Support Electronic warfare support refers to those actions that are taken to search for, intercept, identify, and locate sources of radiated electromagnetic energy for the purpose of target identification, or for the planning and conduct of future operations. Phrased another way, electronic warfare support entails gathering knowledge about the enemy through the use of the electromagnetic spectrum. We discussed an example of electronic warfare support in Security Exercise 23. Recall that in that lab you wandered the hallways of the Rickover lab deck in search of a wireless access point. This was, at heart, an electronic warfare support operation—you were attempting to locate a radio emitter of interest. In the lab, your only goal upon locating the emitter was to note the funny message placed next to it. In a more realistic scenario, the data gathered from an emitter could produce intelligence concerning the user (friend or foe?) and their location. Suppose you can pick up an adversary’s radio transmission. How could you determine the direction it is coming from? If you used a directional antenna like a Yagi you could determine a compass bearing in the direction of the emitter. If you get a compass bearing from three locations you could plot the bearings on a map and get a fix. This was actually one of the early means for ships to fix their position by electronic means, via the Omega or Loran C navigation systems, which were operational until shut down in favor of GPS. 553 B. Electronic Defense Electronic defense includes those actions taken to protect personnel, facilities, and equipment from an adversary's use of the electromagnetic spectrum to attack us. It should be noted that in DoD literature (if one may use the word literature to describe stultifying, committee-drafted, jargon-laden, gobbledygook), the term "electronic defense" is often termed "electronic protection", since in defending ourselves, we are protecting ourselves. (A few years ago, the in-vogue term for electronic defense was electronic counter countermeasures –ECCM. Before that, the preferred term was electronic protective measures.) We discussed an example of electronic defense in Security Exercise 23. Sure enough, you were simply wandering the hallways in search of a wireless access point. But in an analogous fashion, an adversary can home in on the transmissions of a ship, a submarine, an aircraft, or forces in the field. To prevent an adversary from using the electromagnetic spectrum to locate our transmitter, we will often limit radio communications to the minimum necessary. Thus, emissions control is a form of electronic defense. Another form of electronic defense is the use of stealth technologies (shapes with low radar cross-sections, non-metallic materials, radar-absorbent coatings) to protect aircraft and ships from radar detection. The definition of electronic defense is broadened to also include not only the actions we take to defend ourselves, but also the actions that we take to protect our own ability to attack the enemy. This can lead to some confusion. For example, if we launch an infrared homing missile against an enemy, we are engaging in electronic attack. If our enemy sees the incoming missile and launches flares in an attempt to divert it, he is engaged in electronic defense and electronic attack. But if we counter his flares by using flare-rejection technology on our infrared homing missile, we are also engaged in electronic defense, since the flare-rejection technology protects our ability to attack! Think of the great exam questions! C. Electronic Attack Electronic attack involves the use of electromagnetic energy to attack personnel, facilities, or equipment with the intent of degrading, neutralizing, or destroying an enemy's combat capability. The preeminent example of electronic attack is jamming. Jamming Jamming is the transmission of an electromagnetic signal that disrupts an adversary's communications. 554 Consider the picture below. An enemy transmitter is sending information to an enemy receiver at a certain frequency, say f. The enemy transmitter and receiver are separated by a distance dS. Meanwhile, our hero is a distance dJ away from the enemy receiver. Our hero's goal is to transmit another signal—a jamming signal—at the same frequency—f—that the bad guys are using. The jamming signal will target the bad guy's receiver. So, the intent is to have two signals arrive at the bad guy's receiver: the signal sent by the bad transmitter, and the midshipman's jamming signal. The midshipman's goal is to have his jamming signal be of sufficient power to override the signal from the bad transmitter, thus preventing the bad guys from communicating. It is important to note that what we are jamming is the receiver, not the transmitter. As an analogy, imagine trying to yell something to someone across Worden Field. If a third person comes along and wants to prevent you from communicating, what would be more effective: to yell in the ear of the person trying to relay a message or to yell in the ear of the person trying to hear the message? The latter would be more effective. I know what you are saying: Where's the math? For the jammer, the object is that the received jamming power at the Bad Guy receiver be greater than the received signal power from the Bad Guy transmitter. Using the Friis equation, the received jamming power (PJ) in terms of the jammer’s EIRP is (rearranging the equation a little): Similarly, the received signal power from the Bad Guy transmitter is: If we divide the received jamming power by the received signal power, we create the jamming-to-signal ratio (J/S), a term similar to a signal-to-noise ratio: 555 Note that the wavelenths cancel since in order for our jamming to be effective, our jamming signal must be the same frequency as the transmitted signal. This equation is usually used in terms of decibels, so for power in watts, and for power in milliwatts, A J/S ratio greater than one (or a positive dB value) will mean the received jamming signal is stronger than the received Bad Guy transmitter signal. Note that in these J/S equations, the distances to the jammer and to the signal must be in the same units (e.g., meters). Finally, an important assumption this equation makes is that the receiver has an omnidirectional beam pattern. This means the receiver will accept transmissions equally from all directions. If this were not so, then the equation above would need to take the receiver’s beam pattern into account. Practice Problem 26.1 You are located 5500 meters from the omnidirectional receiver you are jamming. The transmitted signal that you are jamming originates 9500 meters from the receiver. The signal transmitter’s EIRP is 15 dBW. Assuming both the transmitter and jammer have line of sight, what EIRPdBW must you transmit to jam the receiver with a J/S of 5 dB? How many watts is this? Solution: Practice Problem 26.2 You can transmit an EIRP of 25 Watts with your jammer. The transmitted signal you are jamming originates 8500 meters from the omnidirectional target receiver. The signal transmitter’s EIRP is 15 dBW. Assuming both the transmitter and jammer have line of sight, how close must your jammer be to the target receiver to achieve a (J/S)dB of 3 dB? Solution: 556 Practice Problem 26.3 Is there a possibility that our jamming scheme would not work if the Bad Guy Receiver was not omnidirectional? Explain. Solution: 557 558 Security Exercise 26 Basics of Electronic Warfare We devoted an entire third of this course to learning about wireless communications systems and the associated considerations, from modulation to gain to antennas and signal propagation. Why? Because “Cyber” doesn’t exist solely in a single computer or a closed network. You can have a significant impact by using Electronic Warfare as an enabler for Cyber attacks. See: http://breakingdefense.com/2013/04/adm-greenert-wireless-cyber-em-spectrum-changing-navy/ Now we’re going to put all that knowledge to the test and apply your cyber skills in a wireless environment. Set-up. Equipment required: □ □ □ □ □ □ □ □ Your issued Laptop MATLAB Code RCcode.m and getkey.m o Located in the EC310 Spring 2014 folder on your Desktop (EC310 Spring 2014\Wireless\Lab 27 Files) LeCroy “Wave Surfer” 104MXS 1GHz Oscilloscope Anritsu MS2711D Spectrum Analyzer Telescoping Antenna w/ BNC connector RC Vehicle Signal Generator & accessories (Instructor will set up) TURN OFF YOUR CELL PHONE! (The next hour of your life will be easier if your cell phone isn’t adding noise to the Electromagnetic Spectrum.) Part I: Data Collection Communications System. For this Security Exercise, we’ll explore the entire communications system employed by a Radio Control (RC) vehicle… And then we’ll exploit it! Answer the questions that follow to examine the RC vehicle’s communications. 559 Note: These images resemble the models in your classroom enough to give you the general idea. We can’t all have Ferraris, after all! Question 1: Which image above (left or right) most closely represents the transmitter? Question 2: Where is the receiver located? Question 3: What type of channel does this communications system involve? Question 4: What do you expect your “information” to be in this case? Question 5: What will happen when the “information” is recovered at the receiver? Question 6: What type of antenna does the transmitter use? Question 7: What would you expect the beam pattern of this antenna to look like? Question 8: Do the transmitter or receiver give any indication of carrier frequency? If so, what is fc? To verify the carrier frequency of the transmitted signal, use the Anritsu MS2711D Spectrum Analyzer. □ □ □ □ □ □ Press “Recall Setup” (Hard Key #6) Ensure “Default” is highlighted Press “Enter” Set “Center” to the carrier frequency determined in the previous question. Set “Span” to 200 kHz Transmit from RC vehicle controller (ensure power is on); signal will display on the spectrum analyzer Question 9: What is the carrier frequency? Draw the signal in the frequency domain. Part II: Jamming Now that we have some basic intel, what could happen if your instructor was to transmit a signal at the carrier frequency? The answer: It depends! In lecture, we learned that the effectiveness of electronic attack/jamming is dependent upon the jamming-to-signal Ratio (J/S). The J/S is dependent upon both the power received by the car from the jammer and the transmitter as well as the distance of the jammer and the transmitter from the receiver. In this security exercise, our scenario looks like this: 560 The J/S depends on the received signal power at the car and the received jamming power at the car: Generally, if the J/S ratio is greater than 1 (or 0 dB), jamming will be effective. □ Play time! Drive your vehicle around the classroom. Question 10: What two conditions (with regards to frequency and received power) must exist for jamming to be effective? Get your instructor’s signature to continue. □ Your instructor will generate a 20 dBm frequency modulation (FM) signal at the carrier frequency. Question 11: What is your instructor’s target? □ While your instructor is transmitting the jamming signal, experiment! Attempt to control the RC car with its transmitter at different distances from both the jammer and the RC car. Question 12: When your instructor transmitted a jamming signal, were you still able to control the RC car? When could you control it? When couldn’t you? Question 13: Use the Anritsu MS2711D Spectrum Analyzer to draw the jamming signal in the frequency spectrum. How does this change if you transmit while standing next to the Spectrum Analyzer? Question 14: How could you increase the range of the jammer? (How is jamming range dependent on signal power?) 561 Part III: Reverse Engineering So now we know the carrier frequency and the effects of transmitting a higher signal power on that frequency, but if we want to make a bigger impact, we need to know more about the RC car’s signal. What does the transmitted signal look like? What type of modulation does it use? How do controls work? To accomplish this, we’re going to look at the signal using the LeCroy “Wave Surfer” 104MXS 1GHz Oscilloscope. First, some initial set-up for the O-Scope (see the figure that follows for button location): □ Touch the yellow box on lower left corner of touch screen to configure Channel 1 with the following settings: o Set Volts/div to 20 mV o Set Coupling to DC50Ω o Set “Trigger” to 25.0 mV o Touch “Timebase” to set Time/Division to 5.00 ms/div o Press “Close” (top right corner for Channel 1 menu) 562 Once you’ve set up your Channel configuration on the O-Scope, it’s time to capture the signal. □ □ □ On “Trigger” section of O-Scope display, select “Normal” Holding RC car transmitter close to the O-Scope, send the “forward” signal by driving the car forward. Ensure antenna is extended! When your signal is displayed on the screen, press “Stop” on Trigger menu, while still sending the “forward” signal. If done correctly, your O-scope display should look similar* to this: * Captured signal may vary – that’s ok for now! Question 15: What type of digital modulation does this car use? Question 16: What pattern of 0s and 1s does the transmitted signal represent? To be able to control the RC car, we want to be able to do more than just drive it forward. How does the signal change for reverse, left, or right? Think about the controls – how many different signals do you expect to control the car? In addition to driving forward, the car can operate in reverse, as well as turning left and right… and any combination thereof! There are actually 8 different combinations of signals, but in the interest of time we’re only going to worry about four: Forward, Reverse, Forward & Right, and Forward & Left. Here’s the catch: the chips that process the signal and control the vehicles motion aren’t necessarily wired the same way in every car, so you need to identify which control operation each transmitted signal represents! Examine each transmitted signal by repeating the process you just followed to capture the signal: □ □ □ On the “Trigger” section of O-Scope display, select “Normal”. Transmit desired signal. o Forward o Reverse o Forward AND Right (This is different from the signal to pivot the wheels to the right only!). o Forward AND Left (This is different from the signal to pivot the wheels to the left only!). When your signal is displayed on the screen, press “Stop” on Trigger menu. Question 17: Match the transmitted signals (shown on the following page) with the operations they represent by circling the correct response. The signals can be distinguished by the number of 1s being transmitted after the 4 large sync pulses. 563 Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1’s: 10) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1’s: 40) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1’s: 34) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1’s: 28) Question 18: Now that you’ve identified the modulated signal that controls the car, could you determine the baseband binary signal (voltage pulses) that are used for each control function? The block diagram for an OOK signal’s generation is shown below. We now know the bits that are transmitted to control the forward, turning, and reverse motions of the RC car. We also know that we can’t transmit the baseband binary signal, so we need to modulate it on a high frequency carrier. If we could reproduce these control signals and transmit by some other means than the car’s remote, do we need the remote to drive the RC car? Let’s find out! Part IV: The Hook In this section, you’ll use the MATLAB code provided and your laptop soundcard to generate and transmit control signals to the RC car. You may have noticed that each transmitted signal consists of 4 wide “sync” pulses followed by a trail of 0’s and 1’s. Since you’ve already matched the waveform to the driving direction, now all you need to do is determine the number of 1’s in the trail following the sync pulses. For example, in the image below represents 564 01110111011101110101010101010101010101110 in binary (check back to HW23 if you’re not a believer yet – you knew this way back when!). For this sequence of bits, it is organized as follows. On the oscilloscope, the control signal will be displayed as seen in the next figure. Question 19: Fill in the table by entering the number of 1’s trailing the sync pulses for each RC car operation determined in Question 18. You must find the exact value! Direction Number of 1’s in trail Forward Reverse Right N/A Left N/A Fwd-Right Fwd-Left Rev-Right Rev-Left N/A N/A The MATLAB code takes input from the arrow keys on your laptop, generates the baseband binary signals to control the RC vehicle, then modulates the signal with OOK. Since we only determined the binary waveform for 4 of the 8 possible operations, we’ll be slightly limited in the operation of our RC vehicle – we won’t be able to turn while operating in reverse. □ In MATLAB, update the “Setup Major Variables” section of your RCcode.m code (shown below) with the number of 1s in the “trail” in preparation of taking over the RC vehicle. %%%%%%%%%%%%%%%% % RC CAR CODE % %%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % PRESS SPACE TO TERMINATE EXECUTION % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % !!!!! NOTE !!!!! % If you do something wrong and Matlab terminates unexpectedly (you get a % lot of angry red Error messages) you will have to close out and restart % Matlab in order to clear out the sound card buffer!!! % % Forward = Up Arrow % Reverse = Down Arrow % Forward Right = Right Arrow % Forward Left = Left Arrow % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% 565 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Clear out memory and initialize default settings % % DO NOT CHANGE THIS SECTION % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% clear all close all set(0, 'DefaultAxesFontSize', 14) set(0, 'DefaultAxesFontWeight','Bold') %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Change This Section! %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Setup major variables % % CHANGE THIS SECTION ONLY!!! (FOLLOW LAB INSTRUCTIONS) % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% forward_1s = 01; reverse_1s = 01; Insert Number of 1’s from Question 20 table here! right_fwd_1s = 01; left_fwd_1s = 01; %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% sam_per_sym = 22; %fs/Rb = 44.1e3/(1/Tb), Tb ~ 500us fs = 44.1e3; % Set sampling rate to sound card rate Rb = fs./sam_per_sym; fif = 10e3; % 10.0 kHz "baseband" (IF) Frequency %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Generate the original data to manipulate the car % % DO NOT CHANGE THIS SECTION % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% sync = [1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0]; forward = [sync repmat([1 0], 1, forward_1s)]; reverse = [sync repmat([1 0], 1, reverse_1s)]; right_fwd = [sync repmat([1 0], 1, right_fwd_1s)]; left_fwd = [sync repmat([1 0], 1, left_fwd_1s)]; pause = zeros(1,500); key = 0; % Initial Keyboard Value %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Reads inputs once per second % % DO NOT CHANGE THIS SECTION % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% while key ~= 32 %Press space to stop key = getkey(1); if key == 30 data = [forward forward forward forward forward forward forward forward]; elseif key == 31 data = [reverse reverse reverse reverse reverse reverse reverse reverse]; elseif key == 29 data = [right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd]; elseif key == 28 data = [left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd]; else data = [pause]; end % Generate Polar NRZ 566 time_stop = length(data).*sam_per_sym; up_data = zeros(1,time_stop); time = linspace(0,(1/fs).*time_stop, length(up_data)); % Upsample for i = 0:length(data)-1 up_data(sam_per_sym.*i + 1 : sam_per_sym.*i + sam_per_sym) = data(i+1); end % Generate the "baseband" (IF) waveform s_lo = cos(2.*pi.*fif.*time); s_if = s_lo.*up_data; soundsc(s_if,fs) end %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% □ □ □ When your code is updated, run it by pressing (the run button). Follow the next instruction carefully! Double click your cursor in the MATLAB Command Window. If all went as planned you should see a window opening and closing rapidly. Press and hold your arrow keys to simulate driving your vehicle. Question 20: What do you hear? What type of signal is being generated? Question 21: What do you need to do to transmit this baseband binary signal so that the car receives it? Get your instructor’s signature to continue. 567 Your instructor will use the same signal generator that transmitted the jamming signal in Part II to transmit the modulated ASK signal. The set up looks like this: □ Bring your laptop to your instructor and get ready to drive! Question 22: Do you need the car’s transmitter to control the car? What just happened? What is now controlling the car? Question 23: List some examples of how this might be significant in a military setting. Need ideas? Check this out! http://www.engr.utexas.edu/features/humphreysspoofing. 568
