Stefan van de Beek

Robustness of a TETRA Base Station Receiver Against Intentional EMI

Terrestrial trunked radio (TETRA) is a digital radio standard that was developed to meet the needs of professional mobile radio systems. TETRA is vulnerable to intentional electromagnetic interference (EMI) because of the wireless link. The EMI can easily be front door coupled to the base station via the antenna and cause a denial-of-service of the communication. In this paper, the robustness of TETRA against front door coupled intentional EMI is investigated. Three different interfering mechanisms are discussed: damage of the receiver, saturation of the receiver, and masking the communication signal. The interference mechanisms are fundamentally different and needs to be addressed separately. We present two experimental methods to test the robustness of a base station receiver against different interference mechanisms. Results show that the analyzed TETRA base station is very robust against out-of-channel interference with moderate power levels. Intentional EMI is expected to be in-channel because an adversary will exploit the vulnerable frequencies, and this can disrupt TETRA communications.

Vulnerability of Terrestrial-Trunked Radio to Intelligent Intentional Electromagnetic Interference

The terrestrial-trunked radio (TETRA) specification is produced by the European Telecommunication Standards Institute for private mobile radio systems. We investigated the resilience of TETRA against intelligent intentional electromagnetic interference (IEMI) with low amplitude. Low power signals interfering with the higher layers of the system have the advantage of staying covert. The analysis shows that if the access assignment channel is corrupted, the mobile stations cannot start conversations with the base station. TETRAs modulation scheme is also investigated. π/4 differential quadrature phase shift keying (QPSK) is interfered with a continuous wave and a QPSK signal. The results show that a continuous wave created the largest error vector magnitude, but creates a peak in the received spectrum. The power of the QPSK signal, however, is distributed over a bandwidth and is more difficult to detect than the continuous wave in the received spectrum. From this, we conclude that the QPSK signal functions is more effective as an intelligent interference signal compared to a continuous wave. In this paper, it is shown that it is possible to create an IEMI that combines the vulnerability in the TETRA protocol with the QPSK signal to disrupt the service to the communication system, while staying covert.

Overview of the European project STRUCTURES

An overview of the European project STRUCTURES and its main challenges is given. Current and foreseen Intentional Electromagnetic Interference (IEMI) threats are classified according to their availability, their technical characteristics (such as bandwidth) and their portability. Critical infrastructures are identified and their most characteristic aspects are highlighted, from an electromagnetic point of view. These concepts are used to establish a set of reference threats to be investigated and possible techniques to handle simulations and measurements in this complex environment are explored, emphasizing the use of the topological approach.

Vulnerability of Remote Keyless-Entry Systems Against Pulsed Electromagnetic Interference and Possible Improvements

Remote keyless-entry systems are systems that are widely used to control access to vehicles or buildings. The system is increasingly secured against hacking attacks by use of encryption and code algorithms. However, there are effective hacker attacks that rely on jamming the wireless link from the key fob to the receiver, while the attacker is able to receive the signal from the key fob. In this paper, we show that typical envelope receivers that are often used in remote keyless-entry systems are highly vulnerable to pulsed interference as compared to continuous interference. The effects of pulsed interference on envelope detectors are analyzed through both simulations and measurements. An improved receiver design would use synchronous receivers instead, which are not very sensitive against pulsed interference.

Effect of pulsed interference on an ASK receiver

Wireless communication is vulnerable to intentional electromagnetic interference, and therefore it is important to understand the interfering mechanisms. In this paper we investigate the effect of pulsed interference - as compared to continuous interference - on a receiver of digital amplitude modulated signals. To correctly receive the signals, a threshold estimate has to be computed for the proper detection of the symbols. The threshold estimate is based on average received power over an arbitrary length of time. We show that the effect of pulsed interference on the threshold estimate is severe, as compared to that for continuous interference. For this reason, pulsed interference can be more disruptive than continuous interference on a wireless link. This conclusion is confirmed by bit-error-rate measurements on a wireless receiver of amplitude-shift keying modulated signals.

The european project STRUCTURES: Challenges and results

The project STRUCTURES, funded by the European Union, started in July 2012 to study problems related to the emerging threats of electromagnetic attacks to critical infrastructures. Partners of the team have worked to list possible threats, identify the main characteristics of the critical infrastructures our way of living depends on, test current protection strategies with different simulation and measurement techniques, and condensate the results in guidelines accessible to an audience wider than the one of people working in the field. Here, we summarize the challenges, the solutions, and the results of almost three years of work.

Intentional electromagnetic interference through saturation of the RF front end

There is an increasing use of wireless applications in todays society. A big disadvantage of wireless communication is the high vulnerability to denial-of-service (DoS) attacks. Intentional electromagnetic interference can saturate, and thereby block and desensitize, the wireless receiver. This mechanism of causing a DoS is different from well-studied jamming attacks. It is important to determine and quantify saturation levels of a receiver. The saturation is quantified by the 1-dB compression point, P1-dB. An experimental method is presented that can determine P1-dB over a wide frequency band in a fast and accurate way. Results show the need for a high quality front door filter to be robust against out-of-band interference.

Effect of a metallic object on the quality factor of a reverberation chamber

In this paper the effect of a metallic object on the quality factor of a reverberation chamber is investigated. If we assume equal material properties for both the metallic object and the walls of the reverberation chamber, the decrease in Q due to a metallic object can be easily calculated. It is shown that the conductivity of the walls of the used NIST reverberation chamber is much lower than the conductivity of thin foil.

Validation of a Fully Anechoic Chamber

This paper describes a technique to characterize the performance of a Fully Anechoic Chamber (FAC) from 500 MHz to 3 GHz based on S-Parameter analysis with antennas and a Vector Network Analyzer (VNA. The measurements have been performed by placing one antenna inside the chamber and performing S11 reflection analyses in the frequency domain. Via Inverse Fast Fourier Transformation (IFFT) the reflections in the time domain have been analyzed. Also, experiments where S21 transmission loss is measured by putting 2 antennas at different locations have been performed. One antenna is omnidirectional while the other is directional and measurements have been performed in the frequency domain using the VNA. The results are transformed to time domain using the IFFT and time gating is applied to identify the direct and reflected signals, resulting in the so-called site-Voltage Standing Wave Ratio (sVSWR). This sVSWR method enables the analysis of the reflected wave, or imperfection of the chamber. The measurement results show that the chamber has good performance.

Strategies to Improve Critical Infrastructures Robustness Against the IEMI Threat: A Review of Relevant Standards and Guidelines on the Topic

This paper aims to provide a brief overview of relevant standards, procedures and guidelines to standard bodies to manage the impact of the Intentional ElectroMagnetic Interference (IEMI) threat. It also provides guidelines for CI operators on how to reduce their exposure on IEMI hazards.