Electronic Attacks against FM, DAB Wissenschaft + Technologie. and DVB-T based Passive Radar Systems

Similar documents
Commensal Radar. Commensal Radar Francois Louw (7 Nov 2012)

Multi Band Passive Forward Scatter Radar

VHF Radar Target Detection in the Presence of Clutter *

Principles of Pulse-Doppler Radar p. 1 Types of Doppler Radar p. 1 Definitions p. 5 Doppler Shift p. 5 Translation to Zero Intermediate Frequency p.

Boost Your Skills with On-Site Courses Tailored to Your Needs

UAV Detection and Localization Using Passive DVB-T Radar MFN and SFN

Detection of Targets in Noise and Pulse Compression Techniques

CHAPTER 1 INTRODUCTION

Navigation für herausfordernde Anwendungen Robuste Satellitennavigation für sicherheitskritische Anwendungen

Set No.1. Code No: R

Tracking of Moving Targets with MIMO Radar

Fundamental Concepts of Radar

RLSTAP Algorithm Development Tool for Analysis of Advanced Signal Processing Techniques

Rapid scanning with phased array radars issues and potential resolution. Dusan S. Zrnic, V.M.Melnikov, and R.J.Doviak

Principles of Space- Time Adaptive Processing 3rd Edition. By Richard Klemm. The Institution of Engineering and Technology

INTRODUCTION TO RADAR SIGNAL PROCESSING

Lecture Topics. Doppler CW Radar System, FM-CW Radar System, Moving Target Indication Radar System, and Pulsed Doppler Radar System

Target Echo Information Extraction

Radar-Verfahren und -Signalverarbeitung

Space-Time Adaptive Processing Using Sparse Arrays

Application of pulse compression technique to generate IEEE a-compliant UWB IR pulse with increased energy per bit

On the feasibility of DVB-T based passive radar with a single receiver channel

The Analysis of the Airplane Flutter on Low Band Television Broadcasting Signal

Performance Evaluation of Two Multistatic Radar Detectors on Real and Simulated Sea-Clutter Data

Naval Surveillance Multi-beam Active Phased Array Radar (MAARS)

Lecture 3 SIGNAL PROCESSING

Spread Spectrum Techniques

RF and Microwave Test and Design Roadshow 5 Locations across Australia and New Zealand

Scalable Front-End Digital Signal Processing for a Phased Array Radar Demonstrator. International Radar Symposium 2012 Warsaw, 24 May 2012

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

Wireless Technology for Aerospace Applications. June 3 rd, 2012

Passive Coherent Location ( PCL)

Detection of Multipath Propagation Effects in SAR-Tomography with MIMO Modes

K-LC2 RADAR TRANSCEIVER

THE DRM (digital radio mondiale) system designed

DESIGN AND DEVELOPMENT OF A SIGNAL AND DATA PROCESSOR TEST BED FOR A PASSIVE RADAR IN THE FM BAND

Passive Radars as Sources of Information for Air Defence Systems

SIGNAL MODEL AND PARAMETER ESTIMATION FOR COLOCATED MIMO RADAR

Chapter 0 Outline. NCCU Wireless Comm. Lab

Principles of Modern Radar

Automotive Radar Sensors and Congested Radio Spectrum: An Urban Electronic Battlefield?

Selected answers * Problem set 6

EENG473 Mobile Communications Module 3 : Week # (12) Mobile Radio Propagation: Small-Scale Path Loss

Wireless Channel Propagation Model Small-scale Fading

Ambiguity Function Analysis of SFCW and Comparison of Impulse GPR and SFCW GPR

Project = An Adventure : Wireless Networks. Lecture 4: More Physical Layer. What is an Antenna? Outline. Page 1

Adaptive SAR Results with the LiMIT Testbed

ELEC RADAR FRONT-END SUMMARY

Multi-Path Fading Channel

Active Cancellation Algorithm for Radar Cross Section Reduction

Introduction to Radar Systems. Clutter Rejection. MTI and Pulse Doppler Processing. MIT Lincoln Laboratory. Radar Course_1.ppt ODonnell

Robust Wideband Waveforms for Synthetic Aperture Radar (SAR) and Ground Moving Target Indication (GMTI) Applications

Time and Frequency Domain Windowing of LFM Pulses Mark A. Richards

Wireless Medium Access Control and CDMA-based Communication Lesson 16 Orthogonal Frequency Division Medium Access (OFDM)

Digital Sounder: HF Diagnostics Module:Ionosonde Dual Channel ( ) Eight Channel ( )

Investigating jammer suppression with a 3-D staring array

STAP Capability of Sea Based MIMO Radar Using Virtual Array

L-Band and X-Band Antenna Design and Development for NeXtRAD

Data Acquisition and Processing of a Distributed 3D Induced Polarisation Imaging system

MULTI-CHANNEL SAR EXPERIMENTS FROM THE SPACE AND FROM GROUND: POTENTIAL EVOLUTION OF PRESENT GENERATION SPACEBORNE SAR

Channel. Muhammad Ali Jinnah University, Islamabad Campus, Pakistan. Multi-Path Fading. Dr. Noor M Khan EE, MAJU

A Review of Vulnerabilities of ADS-B

UNIK4230: Mobile Communications Spring 2013

A new Sensor for the detection of low-flying small targets and small boats in a cluttered environment

Mobile & Wireless Networking. Lecture 2: Wireless Transmission (2/2)

Three Element Beam forming Algorithm with Reduced Interference Effect in Signal Direction

AMBIGUITY FUNCTION ANALYSIS AND DIRECT- PATH SIGNAL FILTERING OF THE DIGITAL AUDIO BROADCAST (DAB) WAVEFORM FOR PASSIVE COHERENT LOCATION (PCL)

Single Frequency Network Structural Aspects & Practical Field Considerations

THE concept of the passive radar not emitting its own

Comparison of Two Detection Combination Algorithms for Phased Array Radars

An Accurate phase calibration Technique for digital beamforming in the multi-transceiver TIGER-3 HF radar system

DECEPTION JAMMING SUPPRESSION FOR RADAR

Frequency Diversity Radar

Electronic Warfare (EW) Principles and Overview p. 1 Electronic Warfare Taxonomy p. 6 Electronic Warfare Definitions and Areas p.

Antennas and Propagation

Target detection for DVB-T based passive radars using pilot subcarrier signal

Improving Channel Estimation in OFDM System Using Time Domain Channel Estimation for Time Correlated Rayleigh Fading Channel Model

Modern radio techniques

ECE 476/ECE 501C/CS Wireless Communication Systems Winter Lecture 6: Fading

Session2 Antennas and Propagation

ESA Radar Remote Sensing Course ESA Radar Remote Sensing Course Radar, SAR, InSAR; a first introduction

Narrow- and wideband channels

Narrow- and wideband channels

A Bistatic HF Radar for Current Mapping and Robust Ship Tracking

AIR ROUTE SURVEILLANCE 3D RADAR

International Journal of Scientific & Engineering Research, Volume 8, Issue 4, April ISSN Modern Radar Signal Processor

DESIGN AND DEVELOPMENT OF SIGNAL

Performance Evaluation of OFDM System with Rayleigh, Rician and AWGN Channels

Phantom Dome - Advanced Drone Detection and jamming system

Code No: R Set No. 1

Multi-carrier Modulation and OFDM

Wireless Physical Layer Concepts: Part III

Lecture 6 SIGNAL PROCESSING. Radar Signal Processing Dr. Aamer Iqbal Bhatti. Dr. Aamer Iqbal Bhatti

An Improved DBF Processor with a Large Receiving Antenna for Echoes Separation in Spaceborne SAR

SYSTEM ARCHITECTURE OF RADAR NETWORK FOR MONITORING OF HAZARDOUD WEATHER

Complex Sounds. Reading: Yost Ch. 4

Implementation of OFDM Modulated Digital Communication Using Software Defined Radio Unit For Radar Applications

Digital Communications over Fading Channel s

ON WAVEFORM SELECTION IN A TIME VARYING SONAR ENVIRONMENT

Transcription:

armasuisse Science and Technology Electronic Attacks against FM, DAB Wissenschaft + Technologie and DVB-T based Passive Radar Systems Christof Schüpbach, D. W. O Hagan, S. Paine

Agenda Overview FM DAB DVB-T FM Noise jamming Tone jamming Role of direct signal cancellation Digital waveforms Attacking DAB using PRS Attacking DVB-T using pilots Conclusions 2

Work Overview Noise Jamming of an FM Band Commensal Radar M. Inggs, C. Tong, D. O Hagan, U. Böniger, U Siegenthaler, Ch. Schüpbach, and H Pratisto. In Radar Conference, 2015 IEEE, pages 493 498, Oct 2015. Jamming of DAB-based Passive Radar Systems Ch. Schüpbach, U. Böniger, 2016,, 2016 European Radar conference (EuRAD) Electronic Attacks on DVB-T-based Passive Radar Systems Ch. Schüpbach, D.W. O Hagan, S. Paine, 2018,, to be published in 2018 IEEE Radar Conference Ongoing work on FM and DVB-T2 counter measures 3

Work on FM based Systems Simulations using FERS for a typical scenario in Cape Town with real recorded signal of 3 min duration Jammer power ranging from 1 W to 10 W Different jamming waveforms Noise Tone on carrier Assessing detection rate from CFAR output Investigation of role of direct signal cancellation Measurement with UCT system and jammer close to receiver 4

Simulation Geometry Google Map overview of the system geometry and simulation geometry. This geometry corresponds with a receiver site that has been used for field measurements. 5

Simulation Parameters Item Antenna Azimuth Beam Pattern Antenna Gain Antenna Altitude (AMSL) ERP Carrier Frequency Waveform Antenna Azimuth Beam Pattern Transmitter Parameter Omnidirectional 2.15 dbi (Dipole) 400 m 10 kw 89 MHz Real recorded FM signal, 204.8 ksps complex sampled Receiver Sinc Antenna Gain Antenna HPBW Antenna Altitude (AMSL) LO Error Noise Figure Digitisation 7.2 dbi (Yagi) 60 degrees 240 m 50 ppd (std. dev. of 0.01 Hz @ 204.8 ksps) 4 db 204.8 ksps complex, 16 bit quantisation 6

Simulation Parameters Item Initial Altitude Final Altitude Velocity RCS @ 89 MHz Swerling Antenna Azimuth Beam Pattern Antenna Gain Transmit Power Carrier Frequency Waveform Target Jammer Parameter 10 000 m 5 000 m Constant 200 m/s 23 dbsqm (200 m 2, a large airliner) 0 (Non-fluctuating) Sinc 7.2 dbi (Yagi) 1 W to 10 W before antenna gain 89 MHz Gaussian Noise, Single Tone 7

Used Waveforms No jamming 5W noise 5 W tone 8

Direct signal cancellation effects No Jamming Jamming Reference Clean Surveillance Jamming Surveillance Clean Reference (Pd = 29%) Jamming in Reference & Surveillance (Pd = 44%) 9

Tone Jamming CFAR Output Accumulative CFAR output of the single tone jamming simulation. When the CFAR is applied in the Doppler dimension, no target is detected. Accumulative CFAR output with the CFAR applied in the range dimension rather than the conventional Doppler dimension. The target is now detected 14 times (31% detection). 10

Work on DAB and DVB-T Idea: use deterministic parts of signal for attack DAB: phase reference symbol DVB-T: pilot tones Advantages Processing gain Localized effects in range Doppler map Various attack strategies possible Jamming Spoofing Overloading Knowledge of receiver position not necessary for selfprotection jamming 11

Methodology Recorded signals Construct perfect reference by de- and re-modulation Inject (add) jamming signal into surveillance channel Calculate range Doppler map using inverse filtering Assess effect on range Doppler map Synthesize jamming signal 12

DAB 13

DAB frame and symbol structure Frame duration: 96 ms / 76 OFDM symbols (excl. null symbol) PRS PRS Data Symbols null symbol: 1.3ms phase reference symbol (PRS): 1.25ms 75 data symbols: 95 ms 14

Effect on the ARD map Slow Time Delay Slow Time Doppler ST-DFT Delay Slow Time ST-DFT Doppler Doppler Amplitude Amplitude Amplitude Amplitude 15

Results Continuous noise PRS same delay PRS different delays 16

Results with real data Real data (no jamming) Real data with PRS jamming (same delay) 17

DVB-T 18

DVB-T Pilot Structure Synchronization & channel equalization: 701 pilot tones Division into 177 continual and 524 scattered pilots Pre-defined temporal pattern and modulation value 19

Pilot Self-Ambiguity Periodic pattern of pilots lead to strong auto-correlation Periodic patterns in delay and Doppler Main idea: Exploit this for electronic attacks 20

Undisturbed Range-Doppler Map SFN at 562 MHz Dynamic range: 85 db 21

Full Pilot Attack Jamming signal contains all pilots (continual and scattered) Doppler shift: 160 Hz Delay: 65 µs JSR = 0 db 22

Full Pilot Attack II Peaks: -10 db Ridges: - 40 db At JSR= -45 db: JNR = 30 db 23

Pulse Pilot Jamming General principle: Pulsing in frequency pulsing in range Pulsing in time pulsing in Doppler «Pulsing» in frequency is given by choice of pilot carriers BUT: pulsing in time can easily be done by an attacker Options: Turn off every k-th symbol Only turn on every k-th symbol 24

Pulse Jamming I JSR = 0 db Off every 13th symbol Multiplication of pulse period and pilot period (4x13 = 52) 25

Pulse Jamming II Extreme case: only one symbol is jammed per CPI One spike in slow-time ridges in Doppler domain 26

Pulse Jamming III JSR = 0 db Ridges for targeted delay at -65 db Attractive for self-protection jamming 27

Counter Counter Measures? Do not use deterministic parts of signal for radar processing loss in processing gain Look for patterns in range Doppler map to discard false targets Spatially notch jammer (once detected) Use direct signal cancellation stage to suppress jammer Localize jammer by its own transmission But: Before any of these you have to become aware of the attack! 28

Summary and Conclusion FM jamming simulations for different waveforms Role of direct signal canellation Deterministic parts of digital signals offer attack points to Jam Spoof Overload Even if PR location is unknown self-protection jamming can be achieved Once aware, the PR system can counteract Most important from PR perspective: secrecy of location 29

Thank you! 30

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback