Lesson 23: Electronic Warfare
Objectives:
(a) Interpret an antenna's radiation pattern to determine the beamwidth and directions of potentially interfering or eavesdropping
antennas.
(b) Compute received power level for a communication system using Friis Free Space equation.
(c) Given details of a communication scheme, determine whether an interceptor could successfully eavesdrop on a signal.
(d) Define Jamming to Signal ratio (J/S) and calculate the necessary power to jam an emitter.
Connection to Cyber Security
Warfare involves offensive and defensive operations.
In the Host Module, we learned that an adversary can attack our host computer by employing a buffer overflow exploit. To
counter this attack, we have several defensive actions at our disposal; for example, we can avoid the C library functions that
are notorious for inviting buffer overflows, we can use a non-executable stack, a canary can be used to detect an attempt to
overwrite a stored return address, etc. Recall also that, aside from formal attack operations and defensive responses, an
adversary might attempt to look for flaws in our host software. For example, an adversary might enter a ridiculously long
value when prompted to enter something, as a test to see if it can make the program behave erratically.
In the Network Module, we learned that an adversary can attack our network using a Denial-of-Service (DOS) attack or a
Man-in-the-Middle attack.
Not surprisingly, we find in the Wireless Module that the electromagnetic spectrum can also be used for offensive and
defensive operations, as well as for "reconnaissance" operations. In the context of wireless systems, these attack, defensive
and reconnaissance operations are termed electronic warfare. The jamming and taking over of communication links are two
of the ways that cyber attackers exploit wireless communications.
In this lesson, we want to learn the basics of wireless transmission so that we can determine how those signals can be
intercepted or disrupted. We’ll start with antenna transmission patterns, then derive an equation to calculate received power,
and then apply these concepts to electronic warfare (jamming).
Beam Pattern Beam pattern is a diagram that shows specifically what direction(s) the antenna favors. You can think of a
radiation pattern being created by having an antenna radiate a constant power (say 1 W, although any power will do), and
then with a power meter, walk in a complete circle 1 km (or any other constant distance) from the antenna and record the
power received at each point along the circle. The result will look something like the following figure:
An example radiation pattern is shown in this figure in red. Note that antenna beam patterns can be in both azimuth and
elevation. Here the azimuth is shown. In this pattern, relative bearings are shown with 0° being the direction the antenna is
pointing. In this figure, each circle represents a change in received power of 3 dB, and the maximum power is along the 0°
bearing. There are six lobes of transmitted power showing. The mainlobe is oriented towards 0°, the direction the antenna is
pointing. There are four sidelobes, oriented towards ±60° and ±120°, and a backlobe, oriented towards 180° (directly away
from where the antenna is pointing).
In many cases, the mainlobe’s maximum value will be defined as 0 dB, and the power levels at all other points on the pattern
are the number of dB less than the max; this is a measure of power relative to the max power.
This form of a radiation pattern is only one of many that could be used; sometimes the rings are not in dB, sometimes they
represent power density (W/m2), etc. But the general features of the beam pattern will be similar. In actuality, antennas
radiate in 3-dimensions but the radiation patterns we will focus on are 2-dimensional, like the one shown above.
Note that the radiation pattern has some bearings that are not a part of any lobe, for example ±35°. These are called nulls of
the pattern, and at these bearings, no power is transmitted from this antenna (or perhaps a miniscule amount), nor can this
antenna cannot receive signals from these bearings.
Beamwidth Beamwidth is based on the relative bearings where transmitted (or received) power is reduced by a factor of ½
(or -3 dB, since 10 log10 (½) = -3) from the direction of max power. We call these points on the diagram the -3 dB (or halfpower) points. The beamwidth is the angle that subtends these points. The following figure shows the beamwidth
computation for the above beam pattern; the beamwidth is 20°. A narrow beamwidth (small angle) means the antenna is very
directional.
Antenna Gain Because antennas can focus power in certain directions, we say that an antenna can have a gain. Antenna gain
determines how concentrated the transmitted power is in a particular direction (usually the direction of maximal radiation).
Isotropic antennas are theoretical antennas that have no directionality, and radiate their power equally in all directions.
Consider the figure that follows. On the left is an isotropic antenna, located at the center of the sphere. The power it transmits
is spread equally in all directions, in a spherical shape. If it transmits 1 W, that 1 W will be spread over the surface of the
sphere. The power density is uniform across the sphere so as you move farther from the antenna, the received power per unit
area drops dramatically. On the right is a directional antenna. If this antenna also transmits 1 W, that power is spread over a
much smaller surface area, as indicated, so that in the direction the antenna is pointing, the reduction in power is much less as
you move farther from the antenna. The antenna gain is a measure of power transmitted by a directional antenna in the
direction it is pointing relative to that transmitted by an isotropic (uniform) source.
The mathematical definition of antenna gain is
G=
Radiated power density at distance x from directional antenna
Radiated power density at distance x from isotropic antenna
Light can be used as an analogy to antenna gain. Imagine a single light bulb in a lamp. The light bulb sends light equally in
all directions similar to how an isotropic antenna sends radio waves equally in all directions. When we put the lightbulb in a
flashlight, the design of the flashlight focuses light in a single direction. This the lamp and flashlight were next to a wall, the
lamp would illuminate more of the room, while the area the flashlight illumined would be much brighter.
This is similar to how a directional antenna focuses radio waves in a particular direction. Higher gain means a stronger signal,
making communication over longer distances possible. Antenna gain can be thought of as how much brighter the wall is with
the flashlight versus how bright it was with only the light bulb.
Or conversely, using a directional antenna we could communicate the same distance with less transmit power than if we had
used an isotropic antenna. This is appealing to us because in many military applications “getting” more transmit power is not
an option. Marines holding handheld radio are limited to the power available in the batteries, a maximum of approximately
2W.
An antenna with directional gain has some advantages over an isotropic antenna. These include:
• Because energy is only sent in the desired direction, the possibility of interference with other transmitters at
or near the same frequency is reduced.
• More focused power results in increased gain, which means that less transmit power is required.
• Controlling the direction of the beam can help prevent eavesdropping since you must be in the beam in order
to receive the signal.
• A narrow beam can reduce the likelihood of detection in a covert setting for the same reason as was just
discussed.
However, directional antennas don’t work well in mobile situations (imagine keeping your cell phone pointed at a cell tower
as you’re driving past it) and they can be physically large if gain is big.
Wireless Propagation
If the antenna provides the transition from guided to unguided media then it naturally follows that we will be concerned about
free space propagation. There are many cases where free space is the appropriate choice a communication system. Perhaps
you are using military radios for tactical purposes and constantly on the move. Alternatively, perhaps, you live in a remote or
rural area and it’s simply not cost efficient to run cables to distant homes. For these reasons, we must be aware of the
behavior of EM waves in free space.
Propagation is the means by which a signal moves from Point A to Point B. It sounds simple, but it is the most fundamental
and challenging aspect of wireless communications. In a wired system (such as an Ethernet network), propagation is not
really a concern per se. However, wireless transmission requires a fundamental understanding of how electromagnetic waves
move through the atmosphere. The challenges of propagation in free-space include the fact that the transmitter and/or
receiver may be moving, obstacles in the path of propagation, a path that is not necessarily a straight line, and a signal that
takes various paths to get to the receiver.
Though environment definitely plays a very significant role in wireless propagation, it behooves us to look at the most basic
way we can transmit energy from Point A to Point B in an environment devoid of terrain, mountains, buildings, ground, or
atmosphere. Such an environment is known as Free Space, and conveniently, wireless propagation in such an environment is
known as Free Space Propagation.
5.3 Free Space Propagation Let’s consider the following scenario. You have a brand-new iPhone (or Samsung phone as the
case may be), have just signed up for a super-fast LTE plan, and would like to upload a photo, surf the web, browse
Facebook, or just plain make a phone call. To make that happen, your phone has to transmit that information over the air to
the nearest LTE cell tower (cost: $5 Million, that’s why your phone bill is $100/month), which happens to be 5 miles away.
Question: Will your signal make it to the tower and will it have sufficient power to “close the link” and allow you
communicate? Or will you suffer the fate of a cellular “dead zone”? That depends on the amount of signal power that is
received.
Recall our earlier discussion of antenna gain. An antenna has gain if it can focus its transmitted power (or can receive power)
in a certain direction, as opposed to an isotropic antenna that radiates (or receives) power equally in all directions (in a
spherical shape). To figure out how to compute received power, let’s consider how an isotropic antenna radiates in a spherical
shape.
As EM waves move away from the isotropic antenna, the sphere gets larger and larger, until it touches our receive antenna.
The transmitter transmits a constant power, however, the power density is going to decrease as the distance from the transmit
antenna increases. Power density is the amount of power received per unit area (W/m2). The power density that reaches the
receive antenna is going to be based on the surface area of a sphere, where the distance between the transmitter and receiver
(d) is the radius of the sphere. Since the surface area of a sphere of radius d is given by:
Asphere = 4π d 2
the power density (Pd) at the receiver in units of W/m2 is:
𝑃𝑃𝑑𝑑 =
𝑃𝑃𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖
𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎
𝐴𝐴𝑒𝑒
=
𝑃𝑃𝑡𝑡 𝐺𝐺𝑡𝑡
.
4𝜋𝜋𝑑𝑑2
Now, the last thing we need to do is to turn that power density into the actual received power. Power density is power per unit
area, so what is the “area” we are interested in? Since we are receiving the signal on an antenna, the “area” of interest is the
area of the receive antenna. The derivation of the effective area of an antenna is beyond the scope of the course, but it is
mathematically defined as:
G λ2
Ae = r .
4π
Finally, we can put all this together and determine the equation for received power, which is received power density (W/m2)
multiplied by effective area (m2):
Pr = Pd ⋅ Ae =
2
PG
Gr λ 2 PG
t t
t t Gr λ
⋅
=
2
4π d 2 4π
( 4π d )
where the variables are defined as:
Pr
Pt
Gt
Gr
λ
d
Received power (W or mW)
Transmitted power (W or mW)
Transmit antenna gain (unitless)
Receive antenna gain (unitless)
Transmission wavelength (m)
Distance between transmitter and receiver (m)
This is known as the Friis Free Space Equation. It is fundamental to understanding how received power is reduced as a
function of distance for wireless communications.
We could use the Friis Free Space Equation to determine the answer to our cell phone example. Or even better, let’s apply it
to electronic warfare!
Electronic Warfare (EW)
Now that we have a way to estimate wireless signal power, we can use our newfound knowledge to assess electronic warfare
techniques.
The term Electronic Warfare (EW) refers to any action involving the use of electromagnetic energy to attack an adversary or
to otherwise control the electromagnetic spectrum. EW includes three major subdivisions: electronic attack, electronic
defense, and electronic warfare support. We’ll focus on electronic attack and electronic warfare support.
Electronic Warfare Support Electronic warfare support refers to those actions that are taken to search for, intercept,
identify, and locate sources of radiated electromagnetic energy for the purpose of target identification, or for the planning
and conduct of future operations. Phrased another way, electronic warfare support entails gathering knowledge about the
enemy through the use of the electromagnetic spectrum. Let’s consider some of the math behind signal intercept, or
eavesdropping.
Unlike wired communication, wireless communication is inherently insecure because anyone with a wireless receiver that is
in the propagation path can intercept the signal. In order to successfully intercept a signal, two things must be true:
- The eavesdropper must be monitoring the correct frequency (i.e. the same carrier frequency as the transmitter is
using);
- The eavesdropper must receive sufficient signal power from the transmission. (From the Friis free space
equation, we know that this depends on the transmit power, the range, the frequency, and the gain of both the
transmit and receive antennas. It also depends on the beam pattern of the transmitter.)
From the Friis Free Space Equation, we know that our signal intercept success will determine on the power and gain of the
transmitter, the gain of the receiving antenna, the frequency/wavelength of the transmission, and the distance. The diagram
below shows the basic setup.
One example of electronic surveillance devices are those which act like
a cell phone tower so that mobile phones will attempt to connect to
them. (See for example
https://en.wikipedia.org/wiki/Stingray_phone_tracker.) These devices
can then extract certain information about the phone and possibly even
pinpoint the physical location of the phone.
Practice Problem
An enemy is using a cell phone which transmits at a power level of 500
mW with an antenna gain of 1.58. You are attempting to eavesdrop on
their communication with a system that has antenna gain of 6.3. Their
phone transmits at 700 MHz. You must receive at least 90 pW of
power to successfully intercept the signal. How close must you be to
the transmitter?
Desired received power: 𝑃𝑃𝑟𝑟𝑟𝑟𝑟𝑟 =
𝑃𝑃𝑇𝑇 𝐺𝐺𝑇𝑇 𝐺𝐺𝑅𝑅 𝜆𝜆2
(4𝜋𝜋𝜋𝜋)2
𝑐𝑐
3 × 108 𝑚𝑚/𝑠𝑠
=
= 0.429 𝑚𝑚
𝑓𝑓 700 × 106 𝐻𝐻𝐻𝐻
𝑃𝑃𝑡𝑡 = 0.5 𝑊𝑊, 𝐺𝐺𝑇𝑇 = 1.58, 𝐺𝐺𝑅𝑅 = 6.3
Solving for required distance, we have
𝑑𝑑 = 8028 𝑚𝑚
𝜆𝜆 =
= 90 × 10−12 𝑊𝑊
Electronic Attack Electronic attack involves the use of electromagnetic energy to attack personnel, facilities, or equipment
with the intent of degrading, neutralizing, or destroying an enemy's combat capability. The preeminent example of electronic
attack is jamming.
Jamming – Jamming is the transmission of an electromagnetic signal that disrupts an adversary's communications.
Consider the picture below. An enemy transmitter is sending information to an enemy receiver at a certain frequency, say f.
The enemy transmitter and receiver are separated by a distance dS. Meanwhile, our hero is a distance dJ away from the enemy
receiver.
Our hero's goal is to transmit another signal—a jamming signal—at the same frequency—f—that the bad guys are using. The
jamming signal will target the bad guy's receiver. So, the intent is to have two signals arrive at the bad guy's receiver: the
signal sent by the bad transmitter, and the midshipman's jamming signal. The midshipman's goal is to have her jamming
signal be of sufficient power to override the signal from the bad transmitter, thus preventing the bad guys from
communicating.
It is important to note that what we are jamming is the receiver, not the transmitter. As an analogy, imagine trying to yell
something to someone across Worden Field. If a third person comes along and wants to prevent you from communicating,
what would be more effective: to yell in the ear of the person trying to relay a message or to yell in the ear of the person
trying to hear the message? The latter would be more effective.
The following figures show frequency domain representations of successful and unsuccessful jamming attacks.
I know what you are saying: Where's the math?
For the jammer, the object is that the received jamming power at the Bad Guy receiver be greater than the received signal
power from the Bad Guy transmitter. Using the Friis equation, the received jamming power (PJR) is:
𝑃𝑃𝐽𝐽𝑅𝑅 =
𝑃𝑃𝐽𝐽 ⋅ 𝐺𝐺𝐽𝐽 ⋅ 𝐺𝐺𝑟𝑟 ⋅ 𝜆𝜆2
�4𝜋𝜋𝑑𝑑𝐽𝐽 �
2
=�
𝑃𝑃𝐽𝐽 ⋅ 𝐺𝐺𝐽𝐽 𝐺𝐺𝑟𝑟 𝜆𝜆2
��
�
16𝜋𝜋 2
𝑑𝑑𝐽𝐽2
Similarly, the received signal power from the Bad Guy transmitter is:
𝑃𝑃𝑆𝑆𝑅𝑅
𝑃𝑃𝑆𝑆 ⋅ 𝐺𝐺𝑆𝑆 ⋅ 𝐺𝐺𝑟𝑟 ⋅ 𝜆𝜆2
𝑃𝑃𝑆𝑆 ⋅ 𝐺𝐺𝑆𝑆 𝐺𝐺𝑟𝑟 𝜆𝜆2
=
= � 2 ��
�
(4𝜋𝜋𝑑𝑑𝑆𝑆 )2
16𝜋𝜋 2
𝑑𝑑𝑆𝑆
If we divide the received jamming power by the received signal power, we create the jamming-to-signal ratio (J/S), a term
similar to a signal-to-noise ratio:
𝐽𝐽 𝑃𝑃𝐽𝐽𝑅𝑅
=
=
𝑆𝑆 𝑃𝑃𝑆𝑆𝑅𝑅
�
𝑃𝑃𝐽𝐽 ⋅ 𝐺𝐺𝐽𝐽 𝐺𝐺𝑟𝑟 𝜆𝜆2
2 � �16𝜋𝜋2 �
𝑑𝑑𝐽𝐽
2
𝑃𝑃 ⋅ 𝐺𝐺
𝐺𝐺 𝜆𝜆
� 𝑆𝑆 2 𝑆𝑆 � � 𝑟𝑟 2 �
16𝜋𝜋
𝑑𝑑𝑆𝑆
𝑃𝑃𝐽𝐽 ⋅ 𝐺𝐺𝐽𝐽 𝑑𝑑𝑆𝑆2
=�
�� �
𝑃𝑃𝑆𝑆 ⋅ 𝐺𝐺𝑆𝑆 𝑑𝑑𝐽𝐽2
Note that the wavelengths cancel since in order for our jamming to be effective, our jamming signal must be the same
frequency as the transmitted signal.
A J/S ratio greater than one (or a positive dB value) will mean the received jamming signal is stronger than the received Bad
Guy transmitter signal. Note that in these J/S equations, the distances to the jammer and to the signal must be in the same
units (e.g., meters).
Finally, an important assumption this equation makes is that the receiver has an omnidirectional beam pattern. This means the
receiver will accept transmissions equally from all directions. If this were not so, then the equation above would need to take
the receiver’s beam pattern into account.
Practice Problem
You are located 5500 meters from the omnidirectional receiver you are jamming. The transmitted signal you are jamming
originates 9500 meters from the receiver. The signal is transmitting at 3W with a gain of 5.0. Assuming both the transmitter
and jammer have line of sight, and that you also have a gain of 5.0, what power must you transmit to jam the receiver with
J/S = 3?
Solution:
𝑑𝑑𝐽𝐽 = 5500 m
𝑑𝑑𝑆𝑆 = 9500 m
𝑃𝑃𝑠𝑠 = 3 W
𝐺𝐺𝑠𝑠 = 5.0
𝐺𝐺𝐽𝐽 = 5.0
𝐽𝐽 𝑃𝑃𝐽𝐽 ⋅ 𝐺𝐺𝐽𝐽 𝑑𝑑𝑆𝑆2
𝑃𝑃𝐽𝐽 ⋅ 5 9500 2
=
∗ 2>3⟹
∗�
� > 3 ⟹ 𝑷𝑷𝑱𝑱 > 𝟑𝟑. 𝟎𝟎𝟏𝟏 𝑾𝑾
𝑆𝑆 𝑃𝑃𝑆𝑆 ⋅ 𝐺𝐺𝑆𝑆 𝑑𝑑𝐽𝐽
15 W 5500