Professional Documents
Culture Documents
Hang Wang, Jingbo Guo, Member, IEEE and Zanji Wang, Senior Member, IEEE
Department of Electrical Engineering, State Key Lab of Power System, Tsinghua University
Beijing 100084, China
wanghang99@mails.tsinghua.edu.cn
Abstract—Direct sequence spread spectrum (DSSS) systems countermine the strong jamming signals with adaptive notch
spread the baseband data signal over a broad bandwidth to filters, repeat coding and so on [4], [5].
achieve anti-jamming protection, which increase the difficulty of In order to improve the coverage and capacity in cellular
spectrum surveillance. The current jamming types, including networks, repeaters are broadly used as a cost-effective
broadband noise, partial-band noise and so on, are ineffective at
engineering solution [6], [7]. The principle of transparent
the current jamming power level when the processing gain is
large enough. This paper proposes a new jamming scheme named repeater used in cooperative communications could also be
repeater jamming, which is based upon radio frequency memory used in the process of repeater jamming design. Reference [8]
(RFM). The jamming effect of repeater jamming on victim proposed a design of repeater jamming against DSSS, which is
receiver’s code acquisition and the bit error probabilities are based on radio frequency memory (RFM). RFM is widely
obtained. Moreover, the feasibility of the repeater jamming in applied in simulating target signals, which has been well
practical communications is discussed. The results of simulation established in western countries. It is the hardcore of repeater
show the deduction is right. The repeater jamming proposed in jamming and key field of electronic counter-measures
this paper is a kind of correlative jamming types which are more technology.
effective than current jamming types, and it can be used to
enhance distributed networked jamming systems in the field of The rest of the paper is organized as follows: in Section Ⅱ,
DSSS communication countermeasures besides the commercial we present some current jamming types and describe the design
frequency surveillance. of repeater jamming based on RFM in brief. Section Ⅲ
analyzes the receiver operating characteristic (ROC)
Keywords-DSSS;RFM;Repeater jamming; Security performance in the presence of such repeater jamming; the bit
error rate (BER) performances in both non fading environment
I. INTRODUCTION and Rayleigh fading environment are also given in Section Ⅲ.
The benefits of frequency hopping spread spectrum Next, in Section Ⅳ simulation results are demonstrated and the
feasibility of such repeater jamming in practical
(FHSS) are potentially neutralized by a repeater jammer (also
communications is discussed. Finally, a conclusion wraps up
known as a follower jammer), which has been invest- this paper.
igated for more than ten years. The repeater jamming
technique for FHSS has been used in both military
communications and commercial communications [1]-[3]. In II. CURRENT JAMMING AND REPEATER JAMMING DESIGN
contrast to this, any power-effective jamming technique used The idealized model of passband DSSS system could
in direct sequence spread spectrum (DSSS) has not been almost be found in any textbook on wireless communications.
proposed in public literatures. Meanwhile, the current Because the bit error performances for BPSK and QPSK are
jamming types are ineffective at the current jamming power the same and BPSK is the most prolific modulation type for
level when the processing gain is large enough. So it’s DSSS systems, only the case of BPSK data encoding and bi-
necessary to investigate a new power-effective jamming phase spreading is discussed in this paper. The general form of
technique for the purpose of both commercial frequency the received signal being considered here is as follows:
surveillance and military countermeasures. r (t ) = 2 Rd (t − δ ) p(t − δ )cos(ωc t + θ0 ) + j (t ) + n(t ) (1)
The principal types of jamming on DSSS signals include
broadband noise (BBN) jamming, partial-band noise (PBN) where d (t ) represents the data signal, p(t ) represents spreading
jamming, pulsed jamming and tone jamming. The last of these codes, j (t ) represents the intentional jamming signal and
includes both single tone jamming and multiple tones (MT)
jamming. The effectiveness of these jamming types is not n(t ) represents the noise. The average power of the spread
good, because they are non-correlative jamming types which signal is R and δ denotes the time delay. ωc is the carrier
can not synchronize PN sequences. In order to achieve desired frequency and θ0 denotes the initial phase angle which could be
jamming effectiveness, the jammer has to increase power level assumed to be zero.
of jamming signals. Unfortunately the victim receiver will
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2007 proceedings.
BBN jamming of DSSS systems is when the jamming antenna by appropriate signal processing, associated D/A
signal is noise with a bandwidth Wss approximately the same as conversion, and up-converter. For bi-phase DSSS, the jamming
the DSSS signal. For rectangular pulse shapes and BBN waveform could simply be a reverse replica of the intercepted
jamming, the bit error performance is given by [5] signal, which can be called an intentional echo of intercepted
signal. The waveform, which contains DSSS signal and noise,
is too similar to the desired signal at the victim receiver to
2N cause sufficient jamming because the receiver may sometimes
Pe = Q (2) make wrong decisions by responding to the jamming signal as
1 +ξ if it was the desired signal. Compared with the simplest form
υ mentioned in [9], this design could achieve processing time as
where N is the number of chips per data bit , ξ denotes the low as 0.1 µ s .
jamming-to-signal ratio (JSR) and υ denotes the signal-to-
noise ratio (SNR). Because the width of band pass filter at III. PERFORMANCE ANALYSIS
receivers could be assumed equal to the bit rate, υ could When the victim receiver encounters the repeater jamming,
denote
Eb
. This is the familiar result for BPSK modulation in the received signal should contain a replica of spread signal.
N0
the presence of thermal noise, where the thermal noise level r (t ) = 2 Rd (t − δ ) p(t − δ ) cos(ωc t ) + n1 (t )
has been increased by the BBN jamming. The BER intercepted signal
performances of DSSS under several non-correlative jamming (3)
types are given in [5]. For details, I refer readers to [5]. − 2PJ d (t − δ ' ) p(t − δ ' ) cos(ωc t + θ ) + n2 (t )
All the non-correlative jamming types have two serious repeater jamming signal
disadvantages: where PJ is the average power of the spread signal transmitted
First, the non-correlative jamming types remain relatively by a repeater jammer, δ ' − δ is the arrival-time delay of the
ineffective until the processing gain is overcomed. The jammer jamming relative to the desired signal at the victim receiver.
will need extreme power to overcome the processing gain when θ is the phase difference, which normally could be assumed a
the processing gain is large enough (approximate 20dB for uniform random variable [0, 2π ] . In [8], PJ is assumed equal
IS95). However, it is hard to achieve in some practical to R for simplicity. However, this is an idealized assumption
communication environments. which could not be satisfied in practical environments.
Second, many methods of interference rejection have been First, the power of the original spread signal could be
investigated, which can enhance the receiver anti-jam measured in cooperative communications, while this is hard to
properties. For example, adaptive interference mitigation, be done for a jammer. Second, a repeater jammer receives and
including notch filters, prediction filters and so on, had an reradiates signal on the same channel frequency. To avoid
obvious effect on rejection of narrowband noise. Repeat coding instability caused by a feedback loop, the isolation between the
is also effective against pulse jamming. Moreover, a high- donor antenna and the coverage antenna is necessary.
power hostile jamming could be detected by radars. However, perfect isolation can never be achieved which should
Reference [9] introduced several different configurations of be considered. Third, the fading should be considered in some
repeater used in cooperative communications, which could also areas such as insides of buildings, dense urban district and so
be used to design a repeater jammer. Because the processing on. That means the power of a jamming signal received at
time is an important factor for a jammer, which will be victim receiver can not be constant even though the output
analyzed in Section Ⅳ . And the processing time of power of the jammer is maintained constantly. Considering
conventional repeaters is not satisfying, a novel design is these reasons, a new coefficient β is introduced into (3). And
necessary to achieve a lower processing time. (3) can be rewritten as
2325
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2007 proceedings.
2
(5) Tc − τ 2
R ∧ ∧ 1 ∧ 2 Nυ (1 − β cos θ )
=
2
( Rmm (δ − δ ) − β cosθ Rmm (δ ' − δ )) + ∫
2Tb Tb
n(t ) m(t − δ ) dt
P (e | θ ) = Q Tc (10)
1+ β 2
where Rmm (τ ) is the autocorrelation function of m(t ) . If an m-
sequence with period N is used, then Rmm (τ ) is It should be noticed that the jamming effectiveness depend
on the phase of the jamming signal relative to that of the target
N +1 τ signal. The average probability of error is calculated by
1 − , τ ≤ Tc integrating over θ .
N Tc
Rmm (τ ) = (6)
Time varying multipath causes fading of the received signal
1
− N , otherwise in a wireless mobile environment. A single-ray channel model
is assumed here. The envelope of the fading signal is Rayleigh
From (5), it is easy to see that under the two hypotheses distributed which means β satisfies the following probability
density function.
2
1 ∧
H0 : z = ∫ n(t )m(t − δ ) dt phase not match β β2
2Tb Tb p( β ) = exp( − ) (0 ≤ β ≤ ∞) (11)
(7) σ2 2σ 2
2
R T −τ 1 ∧
where σ = E[ β ] /1.2533 . Therefore, the BER in Rayleigh
H1 : z =
2
(1 − β cosθ c
Tc
)+ ∫
2Tb Tb
n(t )m(t − δ )dt match
fading environment is
Assume Tc Tb , γ denotes the decision threshold. The false
T −τ 2
alarm probability Pfa , is given by 2 Nυ (1 − β cos θ c )
β β2 Tc
exp( − 2 )Q d β (12)
∞
P (e | θ ) = ∫
0 σ 2
2σ 1+ β 2
γ Tb
Pfa = Pr ( z > γ | H 0 ) = exp(− ). (8)
(1 + β 2 ) N0
Denoting τ = δ ' − δ < Tc , the miss probability Pm , is given by There is no known closed-form solution to this integral so it
must be evaluated numerically. The simulated results are given
γ Tb in Section Ⅳ.
N0
u 2 + 2υ '
Pm = Pr ( z ≤ γ | H1 ) = ∫
0
u exp(−
2
) I 0 ( 2υ ' u )du
(9)
IV. SIMULATION RESULTS AND DISCUSSION
Comparison of receiver operating characteristic (ROC)
R T −τ 2 performances in the presence of BBN and repeater jamming is
υ' = ( (1 − β cos θ c )) Tb /((1 + β 2 ) N 0 )
2 Tc illustrated in Fig.2. The coefficientβis set to be 3dB, the τ is
where υ ' is the modified SNR, I 0 (⋅) is the zeroth order modified set to be 75 percent of a chip duration and θ is set to be π / 4 .
It’s easy to see that repeater jamming is severer than BBN in
Bessel function of the first kind. the process of code acquisition. The result could be explained
B. BER Performance
1
Let us first consider the error probability in non fading
environment. The coefficient β could be considered as a 0.9
on. 0.5
0dB,BBN
For binary phase-shift keying, the bit error probability 0.4
0dB,repeater jamming
2326
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2007 proceedings.
0 0
10 10
-1
10
-1
10
-2
Pe
Pe
10
-2
10
-3
10
θ=pi/2
θ=pi/3 BBN
θ=0 PBN
Analysis Repeater Jamming
-3 -4
10 10
-15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5
SNR(dB) SNR(dB)
Figure 3. BERs in the presence of repeater jamming at different θ (β= Figure 5. Comparison of simulated total BERs in the presence of BBN, PBN
and repeater jamming (β=0dB).
3dB, τ = 0.75Tc ).Simulated BERs are plotted as dashed lines and analytical
BERs are plotted as solid lines.
0
10
0
10
-1
10
-1
Pe
10
Pe
-2
10
BBN
PBN
BBN
Repeater Jamming
PBN -2
10
Repeater Jamming -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5
-3
10 SNR(dB)
-15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5
SNR(dB)
2327
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2007 proceedings.
communications can be calculated. Here they are listed in used in the field of commercial frequency surveillance, the
Table.Ⅰ. For instance, if Tc = 1/1.2288µ s (used in IS95), then target is to disables the normal operation of mobile phones
present in a closed area. The closed area could probably be a
DTJ + DJR − DTR ≤ (Tc − 0.1µ s) ⋅ c concert hall or a meeting room. The repeater jamming signals
(14) at victim receivers outside the closed area will not be as strong
≈ 214m
as fingers because of the attenuation due to the walls. The
That means, if the difference in distance between the indirect situation is worse in outdoor environment. It is strongly
transmitter-to-jammer-to-receiver path and the direct suggested that the repeater jamming should work in non
transmitter-to-receiver path exceeds 214m, then the repeater continuous state. Like a pulsed jamming, the repeater jamming
jamming will be ineffective for IS95. It could be seen that in transmits signals for a while and is off for the next fraction of
commercial communications, the repeater jamming can be used the time. From the victim receiver’s view, it is difficult to deal
to disable mobile phones in designated areas; while in military with the repeater jamming signals as steady fingers.
communications, the repeater jamming can also disables the
personal role radio (PRR). Moreover, as a close-approach V. CONCLUSION
correlative jamming, the repeater jamming could be used to
Just as DSSS systems increase the difficulty of spectrum
enhance the WolfPack which is a distributed networked
surveillance, so has the importance of investigating a new
jamming system proposed by Defense Advanced Research
power-effective jamming type. The new jamming type, referred
Projects Agency (DARPA).
to here as the repeater jamming, keeps the property of high
correlation with original spread signal to affect both code
B. Rake Receivers acquisition process and bit error performance.
A Rake receiver is used in almost all the DSSS systems. If
the multipath components (MPCs) are delayed in time by more In order to assess the feasibility of such repeater jamming,
than one chip duration, it attempts to collect these time-shifted three practical questions are discussed. All these results show
versions of the original signal by providing a separate that the repeater jamming is a promising alternative to existing
correlation reveiver for each of the multipath signals. However, jamming types at current jamming power level. And it fulfils
the SNR of each finger could be decreased by the repeater the practical systems' demands, which can be used to enhance
jamming. The performances of all the Rake receivers, distributed networked jamming systems besides the
including conventional Rake receivers, selective Rake receivers commercial frequency surveillance.
and partial Rake receivers, are degrades by such repeater
jamming. ACKNOWLEDGMENT
The authors would like to thank K.Salehian for helpful
C. Area outside Jamming Range information on repeaters used in digital television broadcasting
Considering Rake receivers, the repeater jamming signals service. They would also like to thank B.Agee for many fruitful
may be seemed as new fingers if the victim receiver goes discussions about wireless security.
outside the jamming range. Obviously it’s not an anticipant
result from a jammer’s view. When the repeater jamming is REFERENCES
2328
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the WCNC 2007 proceedings.
[9] K.Salehian, M.Guillet, B.Caron, and A.Kennedy, “On-Channel Repeater [10] P.Shamain, and L.B.Milstein, “ Minimum mean square error (MMSE)
for Digital Television Broadcasting Service,” IEEE Trans. receiver employing 16-QAM in CDMA channel with narrowband
Broadcasting., vol.48, no.2, pp.97-102, June 2002. Gaussian interference,” Proc. IEEE MILCOM 1999, vol.2, pp.826-830,
1999.
2329
Authorized licensed use limited to: INDIAN INSTITUTE OF TECHNOLOGY MADRAS. Downloaded on May 28, 2009 at 21:19 from IEEE Xplore. Restrictions apply.