automatic modulation parameter detection in practice
play

Automatic Modulation Parameter Detection In Practice Johannes Pohl - PowerPoint PPT Presentation

Nov 12, 2022 •629 likes •951 views

Automatic Modulation Parameter Detection In Practice Johannes Pohl and Andreas Noack November 28, 2019 Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Proprietary wireless protocols

  1. Automatic Modulation Parameter Detection In Practice Johannes Pohl and Andreas Noack November 28, 2019

  2. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Proprietary wireless protocols everywhere Example: Smart Home Increase comfort of users through wireless sockets, door locks, valve sensors . . . Devices are designed under size and energy constraints Limited resources for cryptography Risks of Smart Home Manufactures design custom proprietary wireless protocols Hackers may take over households and, e.g., break in without physical traces How can we speed up the security investigation of proprietary wireless protocols? November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 2

  3. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Software Defined Radio Why Software Defined Radios? Send and receive on nearly arbitrary frequencies a Flexibility and extendability with custom software a e.g. HackRF: 1 MHz to 6 GHz (a) USRP N210 (b) HackRF November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 3

  4. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Universal Radio Hacker November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 4

  5. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Universal Radio Hacker Popularity Supported Platforms Available at official linux repositories Windows � , Linux � and OS X  URH is available in official repositories of Arch Linux , Gentoo , Void Linux , Fedora and openSUSE (and homebrew for macOS). Most starred repo on GitHub with #sdr tag Publications DeepSec 2018 [1] Blackhat Arsenal USA 2017 [2] Blackhat Arsenal Europe 2018 [3] WOOT 2018 (USENIX Workshop) [5] IoT S&P 2017 (CCS Workshop) [6] November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 5

  6. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Digital Modulations Bits 1 0 1 0 0 So what is a digital modulation? + Mapping the binary data, i.e. bits , to Carrier a analog carrier to transport the signal over the air ASK Analog signal has the form A · sin(2 π Ft + ϕ ) We can transport information in FSK amplitude A , frequency F or phase ϕ Amplitude Shift Keying (ASK) PSK Frequency Shift Keying (FSK) Phase Shift Keying (PSK) November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 6

  7. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Interpretation in URH Demodulating signals made easy Interpretation Phase Features (apart from demodulation) Synchronized selection between demodulated and raw signal Signal Editor , that is, copy, paste, crop, mute signal selections Configurable moving average and bandpass filters How can we make this even simpler? Automatically detect modulation parameters! November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 7

  8. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Visualization of Parameters For all plots: x axis represents current sample 1 T noise 0 A − T noise − 1 0 1 , 000 2 , 000 3 , 000 4 , 000 5 , 000 6 , 000 7 , 000 1 0 A − 1 0 200 400 600 800 1 , 000 1 , 200 1 , 400 1 , 600 Inst. Freq. 0 . 3 0 . 2 center 0 . 1 Bit length 0 200 400 600 800 1 , 000 1 , 200 1 , 400 1 , 600 November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 8

  9. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Detecting Modulation Parameters Automatic detection of modulation type and parameters in Interpretation IQ Signal Message T noise Non-weak Noise level Modulation Segmen- detection segments Detection tation M Quadrature Rectangular center Bit Length Center Demod- Detection Detection signal ulation November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 9

  10. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Noise Level Detection Finding the noise level T noise of a signal is the basis for message segmentation and works the following way: 1 Divide the signal into equal sized chunks C i . 2 For each chunk, calculate the mean magnitude m i = | C i | . 3 Get minimum mean magnitude m min = min { m i : ∀ i } . 4 Pick magnitudes of chunks those mean magnitudes do not exceed m min by 10%: M noise = {| C j | , m j < 1 . 1 · m min } Finally, the noise level T noise is returned as the maximum of M noise , to cover the full noise range. November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 10

  11. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Message Segmentation: Separate Messages from Noise Message Segmentation Algorithm Based on noise level T noise from previous step Must be robust against outliers Use two internal states: s noise – reading noise, s msg – reading message. Switch states only if consequent samples above/below noise ( c a / c b ) surpass a threshold t o (= outlier tolerance ). In practice, t o = 10 samples performs well. c b ≥ t o s msg s noise c a ≥ t o November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 11

  12. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Modulation Detection with help of Wavelet Transform 5 10 | HWT | | HWT | | HWT | 8 4 6 9 . 5 3 0 500 1 , 000 0 500 1 , 000 0 500 1 , 000 τ τ τ (b) 2-ASK (c) 2-PSK (a) 2-FSK 5 9 . 27 10 | HWT | | HWT | | HWT | 9 . 26 4 9 . 25 9 . 5 3 9 . 24 0 500 1 , 000 0 500 1 , 000 0 500 1 , 000 τ τ τ (e) Normalized 2-ASK (f) Normalized 2-PSK (d) Normalized 2-FSK Figure: Wavelet transforms for FSK/ASK/PSK signals and their amplitude normalized versions November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 12

  13. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Modulation Detection: Feature Extraction Signal σ 2 | HWT | Median filter Variance 1 normalization σ 2 Variance Signal 2 σ 2 | HWT | Median filter Variance 3 σ 2 Variance 4 November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 13

  14. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Modulation Detection: Decision Tree ASK yes σ 2 2 > 1 . 5 · σ 2 PSK 4 yes no no σ 2 σ 2 2 > 10 · σ 2 i < 0 . 15 ∀ i FSK 1 yes no yes Pass FFT OOK check no OOK November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 14

  15. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Center Detection: Take mean of histogram peaks 1 0 A − 1 0 200 400 600 800 1 , 000 1 , 200 1 , 400 1 , 600 Sample (a) 2-FSK modulated message Inst. Freq. 100 0 . 25 Count 0 . 2 50 c = 0 . 125+0 . 25 0 . 15 2 0 . 1 0 0 500 1 , 000 1 , 500 0 . 1 0 . 15 0 . 2 0 . 25 Sample Instantaneous Frequency (b) Rectangular signal R ( n ) after Quad Demod (c) Histogram of R ( n ) with two peaks November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 15

  16. Introduction Automate the Interpretation Experimental Validation Going live Further Steps References Bit-Length and Tolerance Detection How to determine the Bit-Length? Count subsequent samples above/below found center ⇒ plateau lengths vector In theory, vector only contains multiples of bit-length; but: interrupted by outliers Set tolerance to maximum of values smaller than 5% of maximum plateau length Merge plateaus based on found tolerance like this: (200 , 100 ) → (200 , 200 ) , 53 , 3 , 44 , 100 ���� ���� ���� ���� ���� ���� ���� ���� Hi Lo Hi Lo Hi Hi Lo Hi Count how often each plateau length nearly divides other lengths, e.g., for (40 , 40 , 40 , 40 , 40 , 30 , 50 , 30 , 90 , 40 , 40 , 80 , 160 , 30 , 50 , 30) the counts are N near = { 30 : 10 , 40 : 35 , 50 : 3 , 80 : 2 } so bit-length is 40 (most frequent) November 28, 2019 Johannes Pohl and Andreas Noack Automatic Modulation Parameter Detection In Practice Slide 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Fully Parallel DNN Implementation and its Application to Automatic Modulation Classification

A Fully Parallel DNN Implementation and its Application to Automatic Modulation Classification

A Fully Parallel DNN Implementation and its Application to Automatic Modulation Classification Philip Leong | Computer Engineering Laboratory School of Electrical and Information Engineering, The University of Sydney http://phwl.org/talks

476 views • 23 slides
Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party

German Research Center for Artificial Intelligence GmbH Automatic Disfluency Automatic Disfluency Detection in Multi-party Detection in Multi-party www.amiproject.org Conversations Conversations Feast, 30th September 2009 , 30th September

322 views • 28 slides
Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection

Automatic Defect Detection Andrzej Wasylkowski Overview Automatic Defect Detection Horizontal Techniques Specification-checking Techniques Mining-based Techniques Mining Repositories Mining Traces Mining Source Code Mining

683 views • 44 slides
Parameter Tuning. Automatic Algorithm Configuration Petr Po s k P. Po s k c

Parameter Tuning. Automatic Algorithm Configuration Petr Po s k P. Po s k c

CZECH TECHNICAL UNIVERSITY IN PRAGUE Faculty of Electrical Engineering Department of Cybernetics Parameter Tuning. Automatic Algorithm Configuration Petr Po s k P. Po s k c 2016 A0M33EOA: Evolutionary Optimization

747 views • 32 slides
Automatic Key Detection Computer Music Seminar Leon Wittwer June 28, 2017 Table of Contents

Automatic Key Detection Computer Music Seminar Leon Wittwer June 28, 2017 Table of Contents

Automatic Key Detection Computer Music Seminar Leon Wittwer June 28, 2017 Table of Contents Introduction Theory of Tonality and Key Key Detection Symbolic key detection Audio Key Detection Approach in Thesis Music Playing Conclusion 1

380 views • 36 slides
A Circle Detection Method Based on Optimal A Circle Detection Method Based on Optimal Parameter

A Circle Detection Method Based on Optimal A Circle Detection Method Based on Optimal Parameter

A Circle Detection Method Based on Optimal A Circle Detection Method Based on Optimal Parameter Statistics in Embedded Vision Parameter Statistics in Embedded Vision Xiaofeng Lu [1],[2] [1] Shanghai Key Laboratory of Digital Media Processing and

188 views • 15 slides
n f f 1 2 2 T The minimum frequency separation is occurred for n=1 . This

n f f 1 2 2 T The minimum frequency separation is occurred for n=1 . This

Fsk modulation technique is to modulate the data signal to different frequencies to achieve effective transmission . MSK modulation implies the minimum frequency separation that allows orthogonal detection as binary FSK. The

422 views • 10 slides
Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at

Timing Behavior Anomaly Detection for Automatic Failure Detection and Diagnosis Research visit at Charles Univerity Prague Matthias Rohr matthias.rohr@informatik.uni-oldenburg.de Graduate School TrustSoft, Software Engineering Group Department

969 views • 82 slides
Seminar: Medical Image Processing A robust approach for automatic detection and segmentation of

Seminar: Medical Image Processing A robust approach for automatic detection and segmentation of

Introduction Morphology Linear filters Detection Evaluation Summary Seminar: Medical Image Processing A robust approach for automatic detection and segmentation of cracks in underground pipeline images Tim Niemueller &lt; tim@niemueller.de

2.1k views • 165 slides
Parameter estimation methods for fault detection and isolation LAAS-CNRS UPC Teresa Escobet

Parameter estimation methods for fault detection and isolation LAAS-CNRS UPC Teresa Escobet

Parameter estimation methods for fault detection and isolation LAAS-CNRS UPC Teresa Escobet (UPC &amp; LEA-SICA, Spain) Louise Trav-Massuys (LAAS-CNRS &amp; LEA-SICA, France) Parameter estimation methods for fault detection and isolation

265 views • 14 slides
Automatic Parameter-Range Estimation for Cardiac Cells Radu Grosu SUNY at Stony Brook Joint

Automatic Parameter-Range Estimation for Cardiac Cells Radu Grosu SUNY at Stony Brook Joint

Automatic Parameter-Range Estimation for Cardiac Cells Radu Grosu SUNY at Stony Brook Joint work with Ezio Bartocci, Gregory Batt, Flavio H. Fenton, James Glimm, Colas Le Guernic, and Scott A. Smolka Excitable Cells Generate action

1.34k views • 92 slides
Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V

Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V

Multiple Change Point Detection by Sparse Parameter Estimation Ji r Neubauer and V t ezslav Vesel y Department of Econometrics Dept. of Appl. Math. and Comp. Sci. Fac. of Economics and Management Fac. of Economics and

607 views • 38 slides
Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Introduction The automatic detection and extraction of Semantic Relations is a crucial step to

Causal Relation Extraction Eduardo Blanco, Nuria Castell, Dan Moldovan HLT Research Institute, TALP Research Centre, Lymba Corporation LREC 2008, Marrakech Introduction The automatic detection and extraction of Semantic Relations is a

285 views • 16 slides
CS698T Wireless Networks: Principles and Practice Topic 06 Modulation Bhaskaran Raman,

CS698T Wireless Networks: Principles and Practice Topic 06 Modulation Bhaskaran Raman,

CS698T Wireless Networks: Principles and Practice Topic 06 Modulation Bhaskaran Raman, Department of CSE, IIT Kanpur http://www.cse.iitk.ac.in/users/braman/courses/wless-spring2007/ Jan-Apr 2007 CS698T: Wireless Networks: Principles

239 views • 12 slides
Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 25: Speech

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 25: Speech

Automatic Speech Recognition (CS753) Automatic Speech Recognition (CS753) Lecture 25: Speech synthesis (Concluding lecture) Instructor: Preethi Jyothi Nov 6, 2017 Recall: SPSS framework O Speech Speech Train Parameter

273 views • 26 slides
+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li

+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li

+ Event Detection Automatic Extraction of Archaeological Events from Text Wenbin Li littletransformer@gmail.com The Saarbrcken Graduate School of Computer Science + Outline Overview Background Semantic web Natural language

228 views • 22 slides
Underwater Acoustic OFDM: Past, Present, and Future Shengli Zhou Dept. of Electrical and

Underwater Acoustic OFDM: Past, Present, and Future Shengli Zhou Dept. of Electrical and

Underwater Acoustic OFDM: Past, Present, and Future Shengli Zhou Dept. of Electrical and Computer Engineering University of Connecticut http://uwsn.engr.uconn.edu WUWNET11 Dec. 2, 2011 Shengli Zhou (University of Connecticut) Plenary

986 views • 27 slides
Modulation Techniques Signal Encoding Techniques Digital Data, Analog Signals Amplitude

Modulation Techniques Signal Encoding Techniques Digital Data, Analog Signals Amplitude

CMPE 477 Wireless and Mobile Networks Modulation Techniques Signal Encoding Techniques Digital Data, Analog Signals Amplitude Shift Keying Frequency Shift Keying Phase Shift Keying CMPE 477 Analog and Digital Signaling

504 views • 14 slides
Topic Weve talked about signals representing bits. How, exactly? This is the topic of

Topic Weve talked about signals representing bits. How, exactly? This is the topic of

Topic Weve talked about signals representing bits. How, exactly? This is the topic of modulation Signal 10110 10110 CSE 461 University of Washington 1 A Simple Modulation Let a high voltage (+V) represent a 1, and low

577 views • 24 slides
Lecture no: 5 Brief overview of a wireless communication link Radio signals and complex

Lecture no: 5 Brief overview of a wireless communication link Radio signals and complex

RADIO SYSTEMS ETI 051 Contents Lecture no: 5 Brief overview of a wireless communication link Radio signals and complex notation (again) Modulation basics Important modulation formats Digital modulation Ove Edfors,

256 views • 12 slides
Shift Keying by Erol Seke For the course Communications OSMANGAZI UNIVERSITY Basic PCM

Shift Keying by Erol Seke For the course Communications OSMANGAZI UNIVERSITY Basic PCM

Shift Keying by Erol Seke For the course Communications OSMANGAZI UNIVERSITY Basic PCM Binary 1 is represented by voltage A Binary 0 is represented by voltage B Amplitude Shift Keying (ASK) Binary - ASK case carrier If A and B has

592 views • 19 slides
s m e t s y S n o i t a c i n u m m o C Muhammad Obaidullah

s m e t s y S n o i t a c i n u m m o C Muhammad Obaidullah

s m e t s y S n o i t a c i n u m m o C Muhammad Obaidullah Process of Modulation Source Channel Sampling Quantization Encryption Modulator Coding Encoder

732 views • 26 slides
Communication Basics Principles and Dogmas 2010/02/15 (C) Herbert Haas Everything should be

Communication Basics Principles and Dogmas 2010/02/15 (C) Herbert Haas Everything should be

Communication Basics Principles and Dogmas 2010/02/15 (C) Herbert Haas Everything should be made as simple as possible, ...but not simpler. Albert Einstein Information What is information? Carried by symbols Recognized by

399 views • 26 slides
EECS 373 Design of Microprocessor-Based Systems Minute Quiz... Thomas Schmid University of

EECS 373 Design of Microprocessor-Based Systems Minute Quiz... Thomas Schmid University of

EECS 373 Design of Microprocessor-Based Systems Minute Quiz... Thomas Schmid University of Michigan Lecture 12: Wireless Communication October 14, 2010 1 2 Announcements Inter-Integrated Circuit - I 2 C How do we deal with virtual

461 views • 8 slides

More recommend