Now we re going to put all that knowledge to the test and apply your cyber skills in a wireless environment.

Similar documents
EC312 Security Exercise 15

Parts to be supplied by the student: Breadboard and wires IRLZ34N N-channel enhancement-mode power MOSFET transistor

ArbStudio Triggers. Using Both Input & Output Trigger With ArbStudio APPLICATION BRIEF LAB912

Introduction to Lab Instruments

Frequency Agility and Barrage Noise Jamming

Exercise 2-1. PAM Signals EXERCISE OBJECTIVE DISCUSSION OUTLINE. Signal sampling DISCUSSION

Exercise 3-3. Multiple-Source Jamming Techniques EXERCISE OBJECTIVE

Experiment 19 Binary Phase Shift Keying

Tektronix digital oscilloscope, BK Precision Function Generator, coaxial cables, breadboard, the crystal earpiece from your AM radio kit.

Exercise 3-2. Cross-Polarization Jamming EXERCISE OBJECTIVE

17 - Binary phase shift keying

Agilent 33522A Function Arbitrary Waveform Generator. Tektronix TDS 3012B Oscilloscope

The Discussion of this exercise covers the following points: Filtering Aperture distortion

EE354 Spring 2016 Lab 1: Introduction to Lab Equipment

Exercise 1-5. Antennas in EW: Sidelobe Jamming and Space Discrimination EXERCISE OBJECTIVE

Exercise 8. Troubleshooting a Radar Target Tracker EXERCISE OBJECTIVE

Experiment #3: Micro-controlled Movement

Lab 9 RF Wireless Communications

Deceptive Jamming Using Amplitude-Modulated Signals

RKE/TPS Measurement System Measurement for Automotive Applications

EE 4440 Comm Theory Lab 5 Line Codes

Advanced Lab LAB 6: Signal Acquisition & Spectrum Analysis Using VirtualBench DSA Equipment: Objectives:

Name EET 1131 Lab #2 Oscilloscope and Multisim

ECE 404 e-notes...copyright 2008 by Gregory M. Wierzba. All rights reserved...fall 2008.

PGT313 Digital Communication Technology. Lab 3. Quadrature Phase Shift Keying (QPSK) and 8-Phase Shift Keying (8-PSK)

University of Utah Electrical & Computer Engineering Department ECE 2210/2200 Lab 4 Oscilloscope

Exercise 4. Angle Tracking Techniques EXERCISE OBJECTIVE

3GPP2 Signal Analyzer

Lab 2: Digital Modulations

Project Description and Guidelines

Sampling and Reconstruction

Antenna and Propagation

Notes on Experiment #1

Exercise 6. Range and Angle Tracking Performance (Radar-Dependent Errors) EXERCISE OBJECTIVE

Faculty of Electrical & Electronics Engineering BEE4233 Antenna and Propagation. LAB 1: Introduction to Antenna Measurement

Electronics. RC Filter, DC Supply, and 555

8800SX TETRA Base Station Operation

P a g e 1 ST985. TDR Cable Analyzer Instruction Manual. Analog Arts Inc.

Contents. Introduction 1 1 Suggested Reading 2 2 Equipment and Software Tools 2 3 Experiment 2

FM RADIO TRANSMITTER

Page 1/10 Digilent Analog Discovery (DAD) Tutorial 6-Aug-15. Figure 2: DAD pin configuration

The oscilloscope and RC filters

Exercise 4-1. Chaff Clouds EXERCISE OBJECTIVE

ENGR 1110: Introduction to Engineering Lab 7 Pulse Width Modulation (PWM)

2 Oscilloscope Familiarization

Virtual Lab 1: Introduction to Instrumentation

PXA Configuration. Frequency range

Physics 472, Graduate Laboratory DAQ with Matlab. Overview of data acquisition (DAQ) with GPIB

EC310 Security Exercise 20

CI-22. BASIC ELECTRONIC EXPERIMENTS with computer interface. Experiments PC1-PC8. Sample Controls Display. Instruction Manual

AC Measurements with the Agilent 54622D Oscilloscope

Introduction to Oscilloscopes Instructor s Guide

Laboratory Experiment #1 Introduction to Spectral Analysis

EXPERIMENT 1: Amplitude Shift Keying (ASK)

Name: First-Order Response: RC Networks Objective: To gain experience with first-order response of RC circuits

ECE65 Introduction to the Function Generator and the Oscilloscope Created by: Eldridge Alcantara (Spring 2007)

Page 1 of 9

LABORATORY 4. Palomar College ENGR210 Spring 2017 ASSIGNED: 3/21/17

Exercise 2: Demodulation (Quadrature Detector)

Introduction to Simulink Assignment Companion Document

LLS - Introduction to Equipment

Spectrum Analyzer TEN MINUTE TUTORIAL

Introduction to the Analog Discovery

Experiment 1.A. Working with Lab Equipment. ECEN 2270 Electronics Design Laboratory 1

Emona DATEx. Volume 2 Further Experiments in Modern Analog & Digital Telecommunications For NI ELVIS I and II. Barry Duncan

Oscilloscope Operation. Visualizing Signals and Making Measurements

Experiment # 5 Baseband Pulse Transmission

Exercise 1: RF Stage, Mixer, and IF Filter

FCC PART 80 RADAR TEST REPORT

Memorial University of Newfoundland Faculty of Engineering and Applied Science. Lab Manual

Guardian and DL3282 Modem Interface Technical Service Application Note

The figures and the logic used for the MATLAB are given below.

EE 3302 LAB 1 EQIUPMENT ORIENTATION

EENG-201 Experiment # 4: Function Generator, Oscilloscope

Exercise 2-2. Spectral Characteristics of PAM Signals EXERCISE OBJECTIVE DISCUSSION OUTLINE DISCUSSION. Sampling

Signal Generators for Anritsu RF and Microwave Handheld Instruments

LAB #7: Digital Signal Processing

Addressing the Challenges of Radar and EW System Design and Test using a Model-Based Platform

Amplitude Modulation Methods and Circuits

Synthetic Aperture Radar (SAR) Analysis with STK

MULTILINK LT ENGLISH USER S MANUAL

Exercise 2. Point-to-Point Programs EXERCISE OBJECTIVE

Unprecedented wealth of signals for virtually any requirement

Introduction to project hardware

Lab 4: Measuring Received Signal Power EE 361 Signal Propagation Spring 2017

EXPERIMENT NUMBER 2 BASIC OSCILLOSCOPE OPERATIONS

LABORATORY MANUAL COMMUNICATIONS LABORATORY EE 321

ENSC327 Communication Systems Fall 2011 Assignment #1 Due Wednesday, Sept. 28, 4:00 pm

BeeLine TX User s Guide V1.1c 4/25/2005

Digital Debug With Oscilloscopes Lab Experiment

Exercise 7. The Buck/Boost Chopper EXERCISE OBJECTIVE DISCUSSION OUTLINE DISCUSSION. The Buck/Boost Chopper

IX Feb Operation Guide. Sequence Creation and Control Software SD011-PCR-LE. Wavy for PCR-LE. Ver. 5.5x

EXPERIMENT 2: Frequency Shift Keying (FSK)

University of Utah Electrical & Computer Engineering Department ECE 1250 Lab 4 Pulse Width Modulation Circuit

Introduction to basic laboratory instruments

Lab 13 AC Circuit Measurements

LAB I. INTRODUCTION TO LAB EQUIPMENT

INTRODUCTION TO DATA STUDIO

Exploring QAM using LabView Simulation *

User Guide for the Calculators Version 0.9

Transcription:

We are devoting a good portion of this course to learning about wireless communications systems and the associated considerations, from modulation to gain to antennas and signal propagation. Why? Because Cyber doesn t exist solely in a single computer or a closed network. You can have a significant impact by using Electronic Warfare as an enabler for Cyber effects. http://breakingdefense.com/2013/04/adm-greenertwireless-cyber-em-spectrum-changing-navy/ Now we re going to put all that knowledge to the test and apply your cyber skills in a wireless environment. Set-up. Equipment required: Your issued Laptop MATLAB Code RCcode.m and getkey.m o Located in the EC310 Spring 2014 folder on your Desktop (EC310 Spring 2014\Wireless\Lab 27 Files) LeCroy Wave Surfer 104MXS 1GHz Oscilloscope Anritsu MS2711D Spectrum Analyzer Telescoping Antenna w/ BNC connector RC Vehicle Signal Generator & accessories (Instructor will set up) TURN OFF YOUR CELL PHONE! (The next hour of your life will be easier if your cell phone isn t adding noise to the Electromagnetic Spectrum.) Part I: Data Collection Communications System. For this Security Exercise, we ll explore the entire communications system employed by a Radio Control (RC) vehicle And then we ll exploit it! Answer the questions that follow to examine the RC vehicle s communications. 1

Note: These images resemble the models in your classroom enough to give you the general idea. We can t all have Ferraris, after all! Question 1: Which image above (left or right) most closely represents the transmitter? Question 2: Where is the receiver located? Question 3: What type of channel does this communications system involve? Question 4: What do you expect your information to be in this case? Question 5: What will happen when the information is recovered at the receiver? Question 6: What type of antenna does the transmitter use? Question 7: What would you expect the beam pattern of this antenna to look like? Question 8: Do the transmitter or receiver give any indication of carrier frequency? If so, what is fc? To verify the carrier frequency of the transmitted signal, use the Anritsu MS2711D Spectrum Analyzer. Press Recall Setup (Hard Key #6) Ensure Default is highlighted Press Enter Set Center to the carrier frequency determined in the previous question. Set Span to 200 khz Transmit from RC vehicle controller (ensure power is on); signal will display the spectrum analyzer on 2

Question 9: What is the carrier frequency? Draw the signal in the frequency domain. Part II: Jamming Now that we have some basic intel, what could happen if your instructor was to transmit a signal at the carrier frequency? The answer: It depends! In lecture, we learned that the effectiveness of electronic attack/jamming is dependent upon the jamming-to-signal Ratio (J/S). The J/S is dependent upon both the power received by the car from the jammer and the transmitter as well as the distance of the jammer and the transmitter from the receiver. In this security exercise, our scenario looks like this: The J/S depends on the received signal power at the car and the received jamming power at the car: J P S J = = PJ ( dbm) PS ( dbm) db PS db Generally, if the J/S ratio is greater than 1 (or 0 db), jamming will be effective. Play time! Drive your vehicle around the classroom. Question 10: What two conditions (with regards to frequency and received power) must exist for jamming to be effective? Get your instructor s signature to continue. Your instructor will generate a 20 dbm frequency modulation (FM) signal at the carrier frequency. Question 11: What is your instructor s target? While your instructor is transmitting the jamming signal, experiment! Attempt to control the RC car with its transmitter at different distances from both the jammer and the RC car. 3

Question 12: When your instructor transmitted a jamming signal, were you still able to control the RC car? When could you control it? When couldn t you? Question 13: Use the Anritsu MS2711D Spectrum Analyzer to draw the jamming signal in the frequency spectrum. How does this change if you transmit while standing next to the Spectrum Analyzer? Question 14: How could you increase the range of the jammer? (How is jamming range dependent on signal power?) Part III: Reverse Engineering So now we know the carrier frequency and the effects of transmitting a higher signal power on that frequency, but if we want to make a bigger impact, we need to know more about the RC car s signal. What does the transmitted signal look like? What type of modulation does it use? How do controls work? To accomplish this, we re going to look at the signal using the LeCroy Wave Surfer 104MXS 1GHz Oscilloscope. First, some initial set-up for the O-Scope (see the figure that follows for button location): Touch the yellow box on lower left corner of touch screen to configure Channel 1 with the following settings: o Set Volts/div to 20 mv o Set Coupling to DC50Ω o Set Trigger to 25.0 mv o Touch Timebase to set Time/Division to 5.00 ms/div o Press Close (top right corner for Channel 1 menu) 4

Once you ve set up your Channel configuration on the O-Scope, it s time to capture the signal. On Trigger section of O-Scope display, select Normal Holding RC car transmitter close to the O-Scope, send the forward signal by car forward. Ensure antenna is extended! When your signal is displayed on the screen, press Stop on Trigger menu, sending the forward signal. driving the while still If done correctly, your O-scope display should look similar* to this: * Captured signal may vary that s ok for now! Question 15: What type of digital modulation does this car use? Question 16: What pattern of 0s and 1s does the transmitted signal represent? To be able to control the RC car, we want to be able to do more than just drive it forward. How does the signal change for reverse, left, or right? Think about the controls how many different signals do you expect to control the car? In addition to driving forward, the car can operate in reverse, as well as turning left and right and any combination thereof! There are actually 8 different combinations of signals, but in the interest of time we re only going to worry about four: Forward, Reverse, Forward & Right, and Forward & Left. Here s the catch: the chips that process the signal and control the vehicles motion aren t necessarily wired the same way in every car, so you need to identify which control operation each transmitted signal represents! Examine each transmitted signal by repeating the process you just followed to capture the signal: 5

On the Trigger section of O-Scope display, select Normal. Transmit desired signal. o Forward o Reverse o Forward AND Right (This is different from the signal to pivot the wheels to the right only!). o Forward AND Left (This is different from the signal to pivot the wheels to the left only!). When your signal is displayed on the screen, press Stop on Trigger menu. Question 17: Match the transmitted signals (shown on the following page) with the operations they represent by circling the correct response. The signals can be distinguished by the number of 1s being transmitted after the 4 large sync pulses. Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1 s: 10) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1 s: 40) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1 s: 34) Forward or Reverse or Forward-Right or Forward-Left?? ( # of 1 s: 28) Question 18: Now that you ve identified the modulated signal that controls the car, could you determine the baseband binary signal (voltage pulses) that are used for each control function? The block diagram for an OOK signal s generation is shown below. 6

We now know the bits that are transmitted to control the forward, turning, and reverse motions of the RC car. We also know that we can t transmit the baseband binary signal, so we need to modulate it on a high frequency carrier. If we could reproduce these control signals and transmit by some other means than the car s remote, do we need the remote to drive the RC car? Let s find out! Part IV: The Hook In this section, you ll use the MATLAB code provided and your laptop soundcard to generate and transmit control signals to the RC car. You may have noticed that each transmitted signal consists of 4 wide sync pulses followed by a trail of 0 s and 1 s. Since you ve already matched the waveform to the driving direction, now all you need to do is determine the number of 1 s in the trail following the sync pulses. For example, in the image below represents 01110111011101110101010101010101010101110 in binary (check back to HW23 if you re not a believer yet you knew this way back when!). For this sequence of bits, it is organized as follows. On the oscilloscope, the control signal will be displayed as seen in the next figure. Question 19: Fill in the table by entering the number of 1 s trailing the sync pulses for each RC car operation determined in Question 18. You must find the exact value! Direction Forward Reverse Right Left Fwd-Right Fwd-Left Rev-Right Rev-Left Number of 1 s in trail N/A N/A N/A N/A The MATLAB code takes input from the arrow keys on your laptop, generates the baseband binary signals to control the RC vehicle, then modulates the signal with OOK. Since we only determined the binary waveform for 4 of the 8 possible operations, we ll be slightly limited in the operation of our RC vehicle we won t be able to turn while operating in reverse. In MATLAB, update the Setup Major Variables section of your RCcode.m code (shown below) with the number of 1s in the trail in preparation of taking over the RC vehicle. %%%%%%%%%%%%%%%% % RC CAR CODE % %%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % PRESS SPACE TO TERMINATE EXECUTION % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % %!!!!! NOTE!!!!! % If you do something wrong and Matlab terminates unexpectedly (you get a 7

% lot of angry red Error messages) you will have to close out and restart % Matlab in order to clear out the sound card buffer!!! % % Forward = Up Arrow % Reverse = Down Arrow % Forward Right = Right Arrow % Forward Left = Left Arrow % %%%%%%%%%%%%%%%% % Clear out memory and initialize default settings % % DO NOT CHANGE THIS SECTION % clear all close all set(0, 'DefaultAxesFontSize', 14) set(0, 'DefaultAxesFontWeight','Bold') Change This Section! % Setup major variables % % CHANGE THIS SECTION ONLY!!! (FOLLOW LAB INSTRUCTIONS) % forward_1s = 1; reverse_1s = 1; right_fwd_1s = 1; Insert Number of 1 s from Question 20 table here! left_fwd_1s = 1; sam_per_sym = 22; %fs/rb = 44.1e3/(1/Tb), Tb ~ 500us fs = 44.1e3; % Set sampling rate to sound card rate Rb = fs./sam_per_sym; fif = 10e3; % 10.0 khz "baseband" (IF) Frequency % Generate the original data to manipulate the car % % DO NOT CHANGE THIS SECTION % sync = [1 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0]; forward = [sync repmat([1 0], 1, forward_1s)]; reverse = [sync repmat([1 0], 1, reverse_1s)]; right_fwd = [sync repmat([1 0], 1, right_fwd_1s)]; left_fwd = [sync repmat([1 0], 1, left_fwd_1s)]; pause = zeros(1,500); key = 0; % Initial Keyboard Value %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % Reads inputs once per second % % DO NOT CHANGE THIS SECTION % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% while key ~= 32 %Press space to stop key = getkey(1); if key == 30 data = [forward forward forward forward forward forward forward forward]; elseif key == 31 data = [reverse reverse reverse reverse reverse reverse reverse reverse]; elseif key == 29 8

data = [right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd right_fwd]; elseif key == 28 data = [left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd left_fwd]; else data = [pause]; end % Generate Polar NRZ time_stop = length(data).*sam_per_sym; up_data = zeros(1,time_stop); time = linspace(0,(1/fs).*time_stop, length(up_data)); % Upsample for i = 0:length(data)-1 up_data(sam_per_sym.*i + 1 : sam_per_sym.*i + sam_per_sym) = data(i+1); end % Generate the "baseband" (IF) waveform s_lo = cos(2.*pi.*fif.*time); s_if = s_lo.*up_data; soundsc(s_if,fs) end %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% When your code is updated, run it by pressing (the run button). Follow the next instruction carefully! Double click your cursor in the MATLAB Command Window. If all went as planned you should see a window opening and closing rapidly. 9

Press and hold your arrow keys to simulate driving your vehicle. Question 20: What do you hear? What type of signal is being generated? Question 21: What do you need to do to transmit this baseband binary signal so that the car receives it? Get your instructor s signature to continue. Your instructor will use the same signal generator that transmitted the jamming signal in Part II to transmit the modulated ASK signal. The set up looks like this: Bring your laptop to your instructor and get ready to drive! Question 22: Do you need the car s transmitter to control the car? What just happened? What is now controlling the car? Question 23: List some examples of how this might be significant in a military setting. Need ideas? Check this out! http://www.engr.utexas.edu/features/humphreysspoofing. 10

Security Exercise 20 Answer Sheet Name: Question 1: Question 2: Question 3: Question 4: Question 5: Question 6: Question 7: Question 8: Question 9: Question 10: Question 11: Question 12: Question 13: Question 14: 11

Question 15: Question 16: Question 17: Forward or Reverse or Forward-Right or Forward-Left? ( # of 1 s: 10) Forward or Reverse or Forward-Right or Forward-Left? ( # of 1 s: 40) Forward or Reverse or Forward-Right or Forward-Left? ( # of 1 s: 34) Forward or Reverse or Forward-Right or Forward-Left? ( # of 1 s: 28) Question 18: Question 19: Direction Forward Reverse Right Left Fwd-Right Fwd-Left Rev-Right Rev-Left Number of N/A N/A N/A N/A 1 s in trail Question 20: Question 21: Instructor/Lab Tech Signature Question 22: Question 23: 12

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback