Spectrum Sensing Brief Overview of the Research at WINLAB P. Spasojevic IAB, December 2008
What to Sense? Occupancy. Measuring spectral, temporal, and spatial occupancy observation bandwidth and observation time intervals frequency and time sampling granularity spatial coverage and resolution What proportion of time/bandwidth was occupied? Which time/frequency slots were occupied? Where?
Spectrum Sensing: More Detail? how many transmitters are there? the spectral/temporal occupancy for each transmitter transmit power signal power spectral density modulation type transmitter-to-sensor channel transfer functions transmitter location occupancy time-variation
Why Sense? Licensed spectrum: Detect the presence of the primary user. Unlicensed spectrum: Coordinate an efficient use of spectrum between competing diverse networks. Monitor spectrum: determine selfish/malfunctioning transmitters. Cognitive radio: Adapt signal modulation parameters/protocol
Spectrum Sensing: Design Considerations Propagation characteristics: Channel temporal variation: coherence time Frequency variation: coherence bandwidth Spatial variation Level of transmitter signal description known in advance: signal known or partially known (802.22, 802.11b) signal unknown (cordless phones, future transmitters) Level of cognition detail needed Collaborative vs non-collaborative approaches Processing/protocol complexity requirements
Sensing Research at WINLAB: In Brief channel characterization H. Kremo unlicensed bands: experimental and theoretical G. Ivkovic, R. Miller, C. Raman, D. Borota licensed spectrum: detecting the presence of the primary users Jing Lei sensing in vehicular channels H. Kremo, KC. Huang, D. Borota coordination and scheduling for efficient use of spectrum C. Raman, KC. Huang sensing for security, monitoring L. Xiao, S. Liu
Experimental characterization of the vehicular channel: H. Kremo Vector Network Analyzer sweeps Rx 15m Start/Stop 20 MHz wide channel 50 times per second centered at 2.462 GHz and 5.2 GHz 3.8m 18m Tx Rx Tx VNA low loss RF cable A 4.4m pylons mark the car route console [1] H. Kremo, I. Seskar, and P. Spasojevic, Concurrent Measurements of the Vehicular Channel Transfer Function and the 802.11 Received Signal Strength Index in CCNC/IVCS 09
Transfer function magnitude and power loss Time varying channel caused by the moving vehicle: magnitude changes by ~10dB when the car is close to the antennas Time varying channel gain -45-50 -55 Time invariant channel when the car is not present Start/Stop db -60-65 -70 0 5 10 15 20 25 30 time (s)
Spectrum Sensing in unlicensed band (( )) (( )) Sensor 4 Sensor 5 (( )) (( )) Sensor 3 (x 1, y 1 ) f WiFi-1 f (x 3, y 3 ) (x 2, y 2 ) WiFi-2 f Sensor 1 (( )) Sensor 2 f 1 f 2 time Bluetooth freq Experimental study demonstrating the limitations of RSSI based sensing [RamanSeskarMandayam] Service discovery and device identification in CR networks [MillerXuKamatTrappe] PHY layer approaches to distinguish WiFi & Bluetooth networks with limited bandwidth snapshots
Radio Scene Analysis in Unlicensed Bands: Goran Ivkovic A network of sensors observes multiple packet based radio transmitters: Sink node sensors Each sensor computes spectrogram with some time and frequency resolution Packet based radio transmitters characterized by their power spectra and on/off activity sequences in time From the collected spectrograms, we recover: sources to sensors channel gains(localization in space) PSD for each source(localization in frequency) on/off activity sequence for each source(localization in time)
Four sensors, two 802.11b nodes: 4 sensors/ 2 802.11b transmitters Recovered(full line) and true PSDs: DBPSK signal with Barker sequence spreading Average power vs. time at sensors non-overlapping transmissions in time (typical WLAN traffic ): Recovered on/off sequences: ACKs BW = 20MHz T = 10μs Packets
Cooperative sensing in Cognitive Radio: Jing Lei Cooperative sensing in a CR network based on message passing Tanner graph approach to identify white spaces in the CR network
Adaptive MAC: KC Huang Sparse Network Join with CSMA-like MAC protocol Join with TDMA-like MAC protocol Dense Network
Adaptive MAC(CSMA/TDMA) Switch between CSMA and TDMA Based on Spectrum Awareness, choose lowest traffic CSMA channel as normal mode operation Switch to reserved TDMA channel if traffic QoS not satisfied CH2_CSMA CH1_CSMA Sender CH3_CSMA Control link Data path CH4_CSMA A CH5_CSMA B CH1_CSMA Receiver Delay > 20% CH10_TDMA
Anomalous Spectrum Usage Detection: Song Liu submitted to Infocom 2009 Challenge: Conventional signal processing techniques are insufficient Heterogeneous communication modes hard to enumerate Primary User Emulation (PUE) attack Unknown attacking signal s pattern Goal: Effective detection mechanism relying on non-programmable features, e.g., propagation law Approach Spectrum sensing RSS based detection at spatially distributed sensors, each at a known distance from the authorized transmitter. Significance testing detect unknown anomalous usages
Capturing the Characteristics of the Received Power Propagation Law The received power is roughly linear with the logarithmic distance between the transmitter and receiver Normal Usage Condition A channel is dedicated to a single authorized user Features of the Proposed Detection Methods Distinguishing between single and multiple transmissions in the same channel Utilizing a decision statistic that captures the above characteristics of the received power
Fingerprints in the Ether*: Liang Xiao Fingerprints in the Ether: Spectrum sensing in security domain Exploits multipath to distinguish users Detection of identity-based attacks, e.g., spoofing and Sybil attacks Challenges Channel time variation: terminal mobility & environmental changes Channel estimation error Proposed a channel-based authentication scheme Perform the Generalized Likelihood Ratio Test derived from a generalized frequency-selective Rayleigh channel model, or a more practical version Use the existing channel estimation mechanism: Low system overhead * By Liang Xiao, Larry Greenstein, Narayan Mandayam and Wade Trappe, supported in part by NSF grant CNS-0626439
Experiments with moving vehicle H. Kremo Start/Stop Time invariant channel when the car is not present: fixed multipath Time varying channel caused by the moving vehicle: magnitude changes by ~10dB when the car is close to the antennas Time varying channel gain: VNA vs. RSSI db -56-58 -60-62 -64-66 -68-70 -72 0 5 10 15 20 25 30 time (s)
Detecting a preamble of a 802.11b frame- D. Borota - 802.11b PHY Frame Scrambled 1 s Start of Frame Scrambled x FRA0 Data Rate Locked clock, mod. select SYNC (128 (or 56)) SFD (16) SIGNAL (8) SERVICE (8) LENGTH (16) CRC (16) Lock/Acquire Frame Frame Details (data rate, size) PLCP Preamble (144 (or 72)) PLCP Header (48) PSDU (2304 max) Preamble at 1Mbps (DBPSK) 2Mbps (DQPSK) 5.5 and 11 Mbps (CCK)
Fingerprints in the Ether (cont.) Performance for indoor environments verified via: Numerical simulation based on a generic stochastic channel model A ray-tracing channel emulation software tool (WiSE) Field test using network analyzer Works well, requiring reasonable values of the measurement bandwidth (e.g., W > 10 MHz), number of response samples (e.g., M 10) and transmit power (e.g., P T ~ 100 mw) Both the false alarm rate and miss rate in spoofing detection are below 4% (sample size M=8, SINR of the channel estimation ρ=20 db, the normalized power of the channel variation due to environmental changes is 0.1, and the terminal displacement normalized by carrier wavelength is no more than 0.12) Open issues: Target values for miss rate and false alarm rate Combining with existing higher-layer security protocols
Spectral Density-Based Sensing: Signal Decomposition- G. Ivkovic BT packets WLAN BT WLAN packets Research done prior to the start of the project