Systems for intelligent blocking of cellular telephony, communication channels and control.

Systems for intelligent blocking of cellular telephony, communication channels and control..

INTELLIGENT BLOCKING SYSTEMS OF
CELLULAR TELEPHONY, COMMUNICATION AND CONTROL CHANNELS  

The article briefly examines the strategy for constructing systems for suppressing radio communication and control channels using panoramic reception to detect short signals and block the subscriber's receiver with a short spectrum-matched pulse. A variant of implementing such a system using direct conversion of the frequency range down and subsequent digital processing of quadrature components on the Tornado E67 DSP controller is presented.

The task of signal suppression is extremely important for anti-terrorist equipment for neutralizing remote control radio channels and information leakage channel protection systems. Since in many cases there is negligible a priori data on signals to be blocked, the entire range in which the radio control or information transmission line can operate is usually suppressed. The wider the frequency range covered and the greater the power of the barrage interference, the less likely it is that the command transmitted via the radio line will be executed. Undeniable, but primitive. Energy and human resources are not unlimited. The principles of suppression used in electronic warfare are, to say the least, inhumane in peacetime. The suppression system can be optimized by making it intelligent: first detect the signal and evaluate its parameters, and then pointwise block the radio line receiver to which the information contained in the signal is addressed. As in the missile defense system, we first detect the target, calculate its trajectory, and then launch our anti-missile to destroy it. It is pointless and expensive to fire all the missiles at once.

A typical example of such systems are devices for suppressing cellular communications in a given area, building, or room. Signals in cellular networks can be both a command radio line and used to transmit confidential information. Similar functions can be performed by any modern radio lines that comply with wireless computer network standards (WLAN, Hi-Fi, Zig-Bee), various wireless access systems, etc. Let us consider below the strategy and basic principles of constructing intelligent blocking systems and show by example that the energy gain in such systems, compared to systems using barrier interference, reaches tens of decibels with their equal efficiency.

Detection of a short pulse in a given range

When constructing modern intelligent blocking systems, as well as radio monitoring and information protection systems, the main task is to quickly detect and calculate the parameters of short signals lasting up to several microseconds. These signals can be either single, for example, a coded control command, or an instantaneous sample from a stream of radio pulses of various frequencies. Such a stream can be an information transmission channel in any communication system corresponding to a certain communication standard, where the frequency hopping mode is used to improve noise immunity. The FH mode is characterized by a change in the carrier frequency of the radio pulse according to a pseudo-random law at a high speed, for example, for the Bluetooth standard it occurs 1600 times per second in a band of 79 MHz. Accordingly, the spectrum of one pulse occupies a frequency band of about 1 MHz.

Frequency hopping mode is used for spectrum expansion (FHSS – Frequency Hopping Spread Spectrum) in wireless computer networks for data transmission using the IEEE 802.11 protocol and in various military radio systems.

One of the most typical examples is the FH hopping mode in the GSM cellular communication standard, effectively used to combat signal fading, mainly when driving a car. The duration of a radio pulse, or slot, in the GSM standard is 577 μs, and the duration of a radio pulse when requesting communication by a subscriber handset in both outgoing and incoming calls is only 300 μs. The mobile phone goes on the air with a request pulse (Random Burst) on the duplex frequency of the base station control channel. The entire subsequent process of information exchange between the subscriber terminal and the base station can already occur in the hopping mode. The number of frequency channels used is determined by the base station.

Let us now consider the problem of detecting a short radio pulse, mainly as applied to the GSM standard cellular telephony system. A system solving the problem of detecting a short pulse signal can be constructed in various ways. It is known that the probability of detecting a signal depends on the signal/noise ratio, i.e. on the signal energy and the receiver sensitivity. The most important issue is the matching of the signal and receiver bands. Ideally, the passband of the receiving device to the detector should repeat the shape of the spectrum envelope of the radio signal. Obviously, if the passband of the receiving device, or the filter band of the measuring device operating on the broadband output of the intermediate frequency of the receiver, is several times narrower than the radio pulse band, then such a receiver will simply not respond to the signal acting on its input. To correctly construct a detector, complete a priori data on the signal, including the carrier frequency, are required. In the problem under consideration with a frequency-hopping carrier, it is necessary to know all possible frequencies used for the hopping mode. For the GSM standard, these are frequency channels: 124 full-duplex channels in the range of 890–915 MHz (reverse channels, subscriber terminals – base station) and 935–960 MHz (forward channels, base station subscriber terminals), as well as 374 channels in the range of 1710–1785 MHz and 1805–1880 MHz. The spacing between channels is 200 kHz. In reality, of course, only a certain number of channels are used, on which the base station can operate. This may also be due to the distribution of the frequency grid between different communication operators. So, we will assume that all the a priori data are known to us, and the problem is reduced to energy detection of a signal over a time interval and evaluation of its parameter – the carrier frequency, or the frequency channel number in the GSM system.

As follows from the fundamental relationship (1) for calculating the sensitivity of the receiver, the minimum power of the detected signal increases with the increase of the analysis band, or the receiver bandwidth:

Pmin = -174 dBm + NF + 10lgB + A, (1)
where NF is the receiver noise factor;
B – receiver bandwidth;
A – detection threshold set in accordance with the selected criterion.

In the case where the signal is a radio pulse in a system with a frequency hopping mode (FH), or over n frequency channels, with a total detection band B = nF, where F is the frequency band occupied by one channel, the minimum power of the detected signal, as follows from expression (1), increases compared to a single-channel detector by 10lgB/F = 10lg dB. For a GSM cellular communication system, this is 10lg124 = 20.9 dB for the lower range, and 10lg374 = 25.7 dB for the upper range, respectively.

Thus, a broadband detector is inferior in the energy of the detected signal to a detector matched by the channel band in the examples given by 20 or more decibels. However, with a sufficiently powerful signal, it guarantees detection of the signal, while a single-channel detector in the channel scanning mode has an insignificantly small probability of detection. It is clear that in order to maintain the minimum power of the detected signal and a guaranteed probability of its detection (equal to one), a multi-channel detector is required, in which the number of matched receivers is equal to the number of frequency channels in the system, specifically 124 + 374 = 498 receivers for the GSM system.

Spectral Estimation in the Detection Problem

The problem of multichannel detection can be solved by using digital signal processing methods. The classic method of signal detection is spectral estimation of the components of the direct Fourier transform for the signal + noise mixture acting at the receiver input. To obtain a spectral estimate, it is necessary to convert the signal into digital form and calculate its spectral representation on a digital processor (DSP), using well-known algorithms, such as the fast Fourier transform (FFT). Ideally, the received signal should be digitized as close to the antenna as possible, since in this case the digital representation of the signal will have the minimum possible spectral loss during further digital processing.

The classical way of signal filtering, i.e. separating a narrow-band frequency channel from a wide-band mixture of signal and noise, requires several frequency conversions through mixers and corresponding analog filters until the required accuracy (quality) in channel separation is achieved. The digital signal processing (DSP) system usually uses a signal taken from the wide-band output of the receiver's intermediate frequency, the values ​​of which are usually selected from a standard set: 10.7 MHz, 21.4 MHz, etc. Sometimes additional down-conversion is used to use lower-frequency, but having a greater number of bits and, accordingly, a greater dynamic range ADCs. The signal digitization frequency is selected 2 — 3 times higher than the upper limiting frequency of the receiver's IF path passband.

The rapid development of digital technologies and the emergence of high-speed ADCs with clock frequencies of up to 1 GHz and higher have recently generated a trend of an ever-increasing shift of digital signal processing (DSP) systems towards the antenna. With a standard receiver dynamic range of 60 – 70 dB at the IF output, a 12-bit ADC with its own dynamic range of 72 dB is sufficient to perform digital processing without significant losses. Similar ADCs with a sampling frequency of 65 and 105 MHz are manufactured, for example, by Analog Devices.

In addition, it is possible to expand the frequency range of the analyzed signals approximately to the value of the ADC sampling frequency using modern methods of decomposing the input signal into quadratures. Almost all digital demodulators and digital signal processing systems in cellular telephony, wireless computer networks, etc. operate on this principle. Recently, direct down converters (DDC – Direct Downconverter) have appeared on the market of integrated circuits for processing high-frequency analog signals, allowing to obtain at the output the in-phase and quadrature components of the converted input signal in the frequency range of almost up to 100 MHz. Then the in-phase and quadrature components are fed to two synchronously operating ADCs, the sample is stored in the buffer memory and then transferred to the DSP for spectrum calculation.

System implementation

The above principle was used by developers to solve the problem of constructing the receiving part of the system of intelligent blocking of cellular communications and wireless access of all standards valid in Russia. As an example, let us consider a specific receiving path intended for real-time monitoring of forward or reverse channels of a GSM cellular radio line, in particular, for monitoring the broadcast and determining the carrier frequencies of subscriber devices. The total frequency range in this standard is 100 MHz. For its monitoring, four linear receivers with a bandwidth of 25 MHz each are used, built on the principle of direct conversion of signals “down” with decomposition into quadrature components and an autonomous DSP system. The block diagram of the linear receiver is shown in Fig. 1. The input signal through the switch, switching forward and reverse channels, then goes to the direct converter “down”. The heterodyne contains a VCO and a frequency synthesizer controlled by the DSP system through a microcontroller via the RS-232 bus. The DSP system controls the gain of the converter in the range up to 46 dB. Since the local oscillator frequency is chosen equal to the central frequency of the range and quadrature processing is used, the passbands of the low-pass filters are chosen equal to half the width of the range, i.e. 12.5 MHz. Quadrature signals from the converter after filtering by the low-pass filter are fed to the DSP system.

Fig. 1. Block diagram of the linear receiver

The autonomous DSP system, which performs the functions of a digital detector-analyzer, is built on the basis of an autonomous DSP controller of the TORNADO-E67 type from MicroLab Systems Ltd, on which a daughter board of the high-speed ADC/DAC with a parallel AD/DA interface PIOX DCM is installed, as shown in Fig. 2. The controller with the daughter board has two 12-bit parallel synchronous ADCs at the input with a maximum clock rate of 65 MHz. The clock generator is installed on the board. Thus, the daughter module allows digitizing two input signals in a band of up to ?30 MHz and transmitting data accumulated in the FIFO buffer memory with a capacity of 256 K through a parallel 16-bit PIOX-16 I/F interface to the motherboard of the DSP controller for signal processing. In addition, at the input, the daughter module contains two static 4-bit multiplexers MUX before the ADC, which allows organizing 4 channels of quadrature analog-to-digital conversion, sequentially performing high-speed sampling for calculating the spectrum using FFT algorithms.

Fig. 2.

The main core of the TORNADO controller is the digital signal processor (DSP) TMS 320C6701 (32 bits, floating point 1000MFLOPS) from Texas Instruments, whose architecture is optimized for parallel computing. The board has a high-speed synchronous burst SRAM (SBARAM), synchronous SDRAM and FLASH memory chip. The board has a dual-channel universal synchronous/asynchronous transceiver USART (10 Mbit/s) with two dual-channel interfaces RS422 I/F (10 Mbit/s) and RS232 (115 kbit/s), as well as a USB controller for connecting a control computer via the USB bus. The board contains a PIOX-16 parallel interface for connecting a daughter module, a SIOX serial interface for controlling external devices and a JTAG port for connecting emulators. The controller requires no more than 17 μs to process the data and calculate the complex spectrum 2 by 1024 points using the FFT algorithm. Debugging of hardware and software using TI XDS510 and MicroLAB Systems MIRAG-5100 scan emulators was carried out with the support of the Code Composer Studio IDE integrated software development environment from TI.

The total time of sample accumulation and calculation of the complex spectrum is 20 μs, which allows three times during the action of the request pulse with 100% probability to detect the signal. Having solved the problem of detecting the request pulse and in accordance with the protocol of the standard, the DSP system calculates the channel and time interval in which the base station will transmit information intended for a specific subscriber who issued the request. By controlling the fast frequency synthesizers of the suppression unit, it is easy to put a point interference to the subscriber's receiver and prevent the possibility of receiving the information required for authentication. The subscriber's handset, having made a number of attempts to establish a connection, returns to the idle mode, remaining in service in the network.

The DSP system performs both discrete spectrum analysis functions and receiver and system control functions. One DSP controller fully ensures the detection and analysis of GSM cellular signals in real time, since real-time analysis of the GSM cellular network requires the greatest computing resources. A similar DSP controller simultaneously processes AMPS/DAMPS, CDMA, NMT-450, WCDMA cellular signals and DECT wireless access. The system can operate in a fully autonomous mode or with data output to the control computer via the USB bus. DSP programs and system parameters are also loaded via the USB port. The user interface is shown in Fig. 3.

Fig. 3

The efficiency of suppression by targeted interference in relation to barrage interference for systems with time division of access (TDMA) is determined by the same ratio of the bandwidth of the entire range of barrage interference and the bandwidth of the channel in which the targeted interference operates, i.e. 20 — 26 dB in the lower and upper ranges of the GSM standard. However, given that targeted interference is short-term (a pack of four pulses with a duration of 200 — 300 μs), and barrage interference operates constantly, the real (integral) efficiency of the intelligent suppressor is incomparably higher than the system with barrage interference. The equipment described above is designed to prevent information leakage via cellular telephony and wireless access channels during closed events and meetings in large rooms and halls. To ensure silence it can be used in theaters, concert halls, etc.

Literature

1. Gromakov Yu.A. “Standards and systems of mobile radio communication”, Mobile TeleSystems-Eco-Trends, Moscow, 1997.
2. S.L. Marple-ml. “Digital spectral analysis and its applications”, MIR, Moscow, 1990.
3. Vasiliev O.A., Egorov D.O., Kadykov A.N. “Digital signal processing in a radio monitoring system”, Engineering microelectronics (Chip News), No. 6, 2003.