| 1. |
- Zhang, Kewei, et al.
(författare)
-
Protecting GNSS Open Service-Navigation Message Authentication against Distance-Decreasing Attacks
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- As the security of global navigation satellite systems (GNSS) for civilian usage is increasingly important, navigation message authentication (NMA) significantly improves resilience to spoofing attacks. However, not all attacks can be effectively countered: a strong variant of replay/relay attacks, distance-decreasing (DD) attacks, can shorten pseudorange measurements, without manipulating the cryptographically protected navigation message, thus manipulating the position, velocity, and time solution undetected. First, we discuss how DD attacks can tamper with GNSS signals, demonstrating the attack effectiveness on a recorded Galileo signal. DD attacks might introduce bit errors to the forged signals, but the adversary can keep this error rate very low with proper attack parameter settings. Then, based on our mathematical model of the prompt correlator output of the tracking phase at the victim receiver, we find that the correlator output distribution changes in the presence of DD attacks. This leads us to apply hypothesis testing to detect DD attacks, notably a Goodness of Fit (GoF) test and a generalized likelihood ratio test (GLRT), depending on the victim’s knowledge on the DD attacks. Monte Carlo simulations are used to evaluate the detection probability and the receiver operating characteristic (ROC) curves for two tests, for different adversary configuration and noise settings. Then, we evaluate the effectiveness of the GoF and GLRT tests with a synthesized DD signal. Both tests can detect DD attacks with similar performance in high signal-to-noise ratio (SNR) environments. The GLRT detection probability is approximately 20% higher than that of the GoF test in low SNR environments.
|
|
| 2. |
- Cheng, Hei Victor
(författare)
-
Aspects of Power Allocation in Massive MIMO
- 2016
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The past decades have seen a rapid growth of mobile data trac, both in terms of connected devices and data rate. To satisfy the ever growing data trac demand in wireless communication systems, the current cellular systems have to be redesigned to increase both spectral eciency and energy eciency. Massive MIMO (Multiple-Input-Multiple-Output) is one solution that satisfy both requirements. In massive MIMO systems, hundreds of antennas are employed at the base station to provide service to many users at the same time and frequency. This enables the system to serve the users with uniformly good quality of service simultaneously, with low-cost hardware and without using extra bandwidth and energy. To achieve this, proper resource allocation is needed. Among the available resources, transmit power is one of the most important degree of freedom to control the spectral eciency and energy eciency. Due to the use of excessive number of antennas and low-end hardware at the base station, new aspects of power allocation compared to current systems arises. In the rst part of the thesis, a new uplink power allocation schemes that based on long term channel statistics is proposed. Since quality of the channel estimates is crucial in massive MIMO, in addition to data power allocation, joint power allocation that includes the pilot power as additional variable should be considered. Therefore a new framework for power allocation that matches practical systems is developed, as the methods developed in the literature cannot be applied directly to massive MIMO systems. Simulation results conrm the advantages brought by the the proposed new framework. In the second part of the thesis, we investigate the eects of using low-end ampliers at the base stations. The non-linear behavior of power consumption in these ampliers changes the power consumption model at the base station, thereby changes the power allocation. Two dierent scenarios are investigated and both results show that a certain number of antennas can be turned o in low load scenarios.
|
|
| 3. |
- Mollén, Christopher, 1987-
(författare)
-
High-End Performance with Low-End Hardware : Analysis of Massive MIMO Base Station Transceivers
- 2017
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Massive MIMO (multiple-input–multiple-output) is a multi-antenna technology for cellular wireless communication, where the base station uses a large number of individually controllable antennas to multiplex users spatially. This technology can provide a high spectral efficiency. One of its main challenges is the immense hardware complexity and cost of all the radio chains in the base station. To make massive MIMO commercially viable, inexpensive, low-complexity hardware with low linearity has to be used, which inherently leads to more signal distortion. This thesis investigates how the degenerated linearity of some of the main components—power amplifiers, analog-to-digital converters (ADCs) and low-noise amplifiers—affects the performance of the system, with respect to data rate, power consumption and out-of-band radiation. The main results are: Spatial processing can reduce PAR (peak-to-average ratio) of the transmit signals in the downlink to as low as 0B; this, however, does not necessarily reduce power consumption. In environments with isotropic fading, one-bit ADCs lead to a reduction in effective signal-to-interference-and-noise ratio (SINR) of 4dB in the uplink and four-bit ADCs give a performance close to that of an unquantized system. An analytical expression for the radiation pattern of the distortion from nonlinear power amplifiers is derived. It shows how the distortion is beamformed to some extent, that its gain never is greater than that of the desired signal, and that the gain of the distortion is reduced with a higher number of served users and a higher number of channel taps. Nonlinear low-noise amplifiers give rise to distortion that partly combines coherently and limits the possible SINR. It is concluded that spatial processing with a large number of antennas reduces the impact of hardware distortion in most cases. As long as proper attention is paid to the few sources of coherent distortion, the hardware complexity can be reduced in massive MIMO base stations to overcome the hardware challenge and make massive MIMO commercial reality.
|
|
| 4. |
- Zhang, Kewei
(författare)
-
Secure GNSS-based Positioning and Timing : Distance-Decreasing attacks, fault detection and exclusion, and attack detection with the help of opportunistic signals
- 2021
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- With trillions of devices connected in large scale systems in a wired or wireless manner, positioning and synchronization become vital. Global Navigation Satellite System (GNSS) is the first choice to provide global coverage for positioning and synchronization services. From small mobile devices to aircraft, from intelligent transportation systems to cellular networks, and from cargo tracking to smart grids, GNSS plays an important role, thus, requiring high reliability and security protection. However, as GNSS signals propagate from satellites to receivers at distance of around 20 000 km, the signal power arriving at the receivers is very low, making the signals easily jammed or overpowered. Another vulnerability stems from that civilian GNSS signals and their specifications are publicly open, so that anyone can craft own signals to spoof GNSS receivers: an adversary forges own GNSS signals and broadcasts them to the victim receiver, to mislead the victim into believing that it is at an adversary desired location or follows a false trajectory, or adjusts its clock to a time dictated by the adversary. Another type of attack is replaying GNSS signals: an adversary transmits a pre-recorded GNSS signal stream to the victim receiver, so that the receiver calculates an erroneous position and time. Recent incidents reported in press show that the GNSS functionalities in a certain area, e.g., Black Sea, have been affected by cyberattacks composed of the above-mentioned attack types. This thesis, thus, studies GNSS vulnerabilities and proposes detection and mitigation methods for GNSS attacks, notably spoofing and replay attacks. We analyze the effectiveness of one important and powerful replay attack, the so-called Distance-decreasing (DD) attacks that were previously investigated for wireless communication systems, on GNSS signals. DD attacks are physical layer attacks, targeting time-of-flight ranging protocols, to shorten the perceived as measured distance between the transmitter and receiver. The attacker first transmits an adversary-chosen data bit to the victim receiver before the signal arrives at the attacker; upon receipt of the GNSS signal, the attacker estimates the data bit based on the early fraction of the bit period, and then switches to transmitting the estimate to the victim receiver. Consequently, the DD signal arrives at the victim receiver earlier than the genuine GNSS signals would have, which in effect shortens the pseudorange measurement between the sender (satellite) and the victim receiver, consequently, affecting the calculated position and time of the receiver. We study how the DD attacks affect the bit error rate (BER) of the received signals at the victim, and analyze its effectiveness, that is, the ability to shorten pseudorange measurements, on different GNSS signals. Several approaches are considered for the attacker to mount a DD attack with high probability of success (without being detected) against a victim receiver, for cryptographically unprotected and protected signals. We analyze the tracking output of the DD signals at the victim receiver and propose a Goodness of Fit (GoF) test and a Generalized Likelihood Ratio Test (GLRT) to detect the attacks. The evaluation of the two tests shows that they are effective, with the result being perhaps more interesting when considering DD attacks against Galileo signals that can be cryptographically protected. Moreover, this thesis investigates the feasibility of validating the authenticity of the GNSS signals with the help of opportunistic signals, which is information readily available in modern communication environments, e.g., 3G, 4G and WiFi. We analyze the time synchronization accuracy of different technologies, e.g., Network Time Protocol (NTP), WiFi and local oscillator, as the basis for detecting a discrepancy with the GNSS-obtained time. Two detection approaches are proposed and one testbench is designed for the evaluation. A synthesized spoofing attack is used to verify the effectiveness of the approaches. Beyond attack detection, we develop algorithms to detect and exclude faulty signals, namely the Clustering-based Solution Separation Algorithm (CSSA) and the Fast Multiple Fault Detection and Exclusion (FM-FDE). They both utilize the redundant available satellites, more than the minimum a GNSS receiver needs for position and time offset calculation. CSSA adopts data clustering to group subsets of positions calculated with different subsets of available satellites. Basically, these positions, calculated with subsets not containing any faulty satellites, should be close to each other, i.e., in a dense area; otherwise they should be scattered. FM-FDE is a more efficient algorithm that uses distances between positions, calculated with fixed-size subsets, as test statistics to detect and exclude faulty satellite signals. As the results show, FM-FDE runs faster than CSSA and other solution-separation fault detection and exclusion algorithms while remaining equally effective.
|
|
| 5. |
- Olsson, Gladje Karl, et al.
(författare)
-
Participatory Sensing for Localization of a GNSS Jammer
- 2022
-
Ingår i: 2022 INTERNATIONAL CONFERENCE ON LOCALIZATION AND GNSS (ICL-GNSS). - : Institute of Electrical and Electronics Engineers (IEEE). - 9781665405751 - 9781665405768
-
Konferensbidrag (refereegranskat)abstract
- GNSS receivers are vulnerable to jamming and spoofing attacks, and numerous such incidents have been reported worldwide in the last decade. It is important to detect attacks fast and localize attackers, which can be hard if not impossible without dedicated sensing infrastructure. The notion of participatory sensing, or crowdsensing, is that a large ensemble of voluntary contributors provides the measurements, rather than relying on dedicated sensing infrastructure. This work considers embedded GNSS receivers to provide measurements for participatory jamming detection and localization. Specifically, this work proposes a novel jamming localization algorithm, based on participatory sensing, that exploits AGC and C/N-0 estimates from commercial GNSS receivers. The proposed algorithm does not require knowledge of the jamming power nor of the channels, but automatically estimates all parameters. The algorithm is shown to outperform similar state-of-the-art localization algorithms in relevant scenarios.
|
|
| 6. |
- Gülgün, Ziya, et al.
(författare)
-
Multiple Spoofer Detection for Mobile GNSS Receivers Using Statistical Tests
- 2021
-
Ingår i: IEEE Access. - : Institute of Electrical and Electronics Engineers (IEEE). - 2169-3536. ; 9, s. 166382-166394
-
Tidskriftsartikel (refereegranskat)abstract
- We consider Global Navigation Satellite Systems (GNSS) spoofing attacks and devise a countermeasure appropriate for mobile GNSS receivers. Our approach is to design detectors that, operating after the signal acquisition, enable the victim receiver to determine with high probability whether it is under a spoofing attack or not. Namely, the binary hypothesis is that either the GNSS receiver tracks legitimate satellite signals, H-0, or spoofed signals, H-1. We assume that there exists an unknown number of multiple spoofers in the environment and the attack strategy (which legitimate signals are spoofed by which spoofers) is not known to the receiver. Based on these assumptions, we propose an algorithm that identifies the number of spoofers and clusters the spoofing data by using Bayesian information criterion (BIC) rule. Depending on the estimated and clustered data we propose a detector, called as generalized likelihood ratio (GLRT)-like detector. We compare the performance of the GLRT-like detector with a genie-aided detector in which the attack strategy and the number of spoofers is known by the receiver. In addition to this, we extend the GLRT-like detector for the case where the noise variance is also unknown and present the performance results.
|
|
| 7. |
- Björnson, Emil, et al.
(författare)
-
DISTRIBUTED MASSIVE MIMO IN CELLULAR NETWORKS: IMPACT OF IMPERFECT HARDWARE AND NUMBER OF OSCILLATORS
- 2015
-
Ingår i: 2015 23rd European Signal Processing Conference. - : Institute of Electrical and Electronics Engineers (IEEE). - 2076-1465. - 9780992862633 ; , s. 2436-2440
-
Konferensbidrag (refereegranskat)abstract
- Distributed massive multiple-input multiple-output (MIMO) combines the array gain of coherent MIMO processing with the proximity gains of distributed antenna setups. In this paper, we analyze how transceiver hardware impairments affect the downlink with maximum ratio transmission. We derive closed-form spectral efficiencies expressions and study their asymptotic behavior as the number of the antennas increases. We prove a scaling law on the hardware quality, which reveals that massive MIMO is resilient to additive distortions, while multiplicative phase noise is a limiting factor. It is also better to have separate oscillators at each antenna than one per BS.
|
|
| 8. |
- Mollén, Christopher, et al.
(författare)
-
Analysis of nonlinear low-noise amplifiers in massive MIMO base stations
- 2017
-
Ingår i: 2017 51st Asilomar Conference on Signals, Systems, and Computers. - 1058-6393. - 9781538618233 - 9781538618240 ; , s. 285-289
-
Konferensbidrag (refereegranskat)abstract
- Because of the large number of antennas at the base station, the power consumption and cost of the low-noise amplifiers (LNAs) can be substantial. Therefore, we investigate the feasibility of inexpensive, power efficient LNAs, which inherently are less linear. To characterize the nonlinear distortion, we describe the LNAs using a polynomial model, which allows for the derivation of the second-order statistics of the received signal and the distortion. A massive MIMO system that serves one user in line-of-sight is studied. It is shown that the distortion from the LNAs combines coherently and that the SINR of the symbol estimates therefore is limited by the linearity of the LNAs. Furthermore, the impact of a strong transmitter in the adjacent frequency band is investigated. The second-order statistics show how the power from that transmission leaks into the main band and interferes with the symbol estimates.
|
|
| 9. |
- Selén, Yngve, et al.
(författare)
-
RAKE Receiver for Channels with a Sparse Impulse Response
- 2007
-
Ingår i: IEEE Transactions on Wireless Communications. - 1536-1276 .- 1558-2248. ; 6:9, s. 3175-3180
-
Tidskriftsartikel (refereegranskat)abstract
- We derive the optimal receiver for RAKE diversity combining on channels with a sparse impulse response. The receiver is based on the Bayesian philosophy and thus it requires the knowledge of certain a priori parameters. However, we also derive an empirical Bayesian version of our receiver, which does not require any a priori knowledge, nor the choice of any user parameters. We show that both versions of our detector can outperform a classical training-based maximum-ratio-combining detector.
|
|
| 10. |
- Interdonato, Giovanni, 1986-, et al.
(författare)
-
Downlink Training in Cell-Free Massive MIMO : A Blessing in Disguise
- 2019
-
Ingår i: IEEE Transactions on Wireless Communications. - : Institute of Electrical and Electronics Engineers (IEEE). - 1536-1276 .- 1558-2248. ; 18:11, s. 5153-5169
-
Tidskriftsartikel (refereegranskat)abstract
- Cell-free Massive MIMO (multiple-input multipleoutput) refers to a distributed Massive MIMO system where all the access points (APs) cooperate to coherently serve all the user equipments (UEs), suppress inter-cell interference and mitigate the multiuser interference. Recent works 1, 2 demonstrated that, unlike co-located Massive MIMO, the channel hardening is, in general, less pronounced in cell-free Massive MIMO, thus there is much to benefit from estimating the downlink channel. In this study, we investigate the gain introduced by the downlink beamforming training, extending the analysis in 1 to non-orthogonal uplink and downlink pilots. Assuming singleantenna APs, conjugate beamforming and independent Rayleigh fading channel, we derive a closed-form expression for the peruser achievable downlink rate that addresses channel estimation errors and pilot contamination both at the AP and UE side. The performance evaluation includes max-min fairness power control, greedy pilot assignment methods, and a comparison between achievable rates obtained from different capacitybounding techniques. Numerical results show that downlink beamforming training, although increases pilot overhead and introduces additional pilot contamination, improves significantly the achievable downlink rate. Even for large number of APs, it is not fully efficient for the UE relying on the statistical channel state information for data decoding.
|
|
