Week 10, Comp [34]49, Oct 30

RFID & transmission
	backscatter
	rfid chip modulates the "backscatter" by shorting out the antenna or
	leaving it unshorted.
	
	Pictures in defcon presentation
	
FHSS, DSSS, OFDM


==================================================================================

Update on homework 2: E-tables are now available!

==================================================================================

Exam notes:

Note table 6.2 has a bunch of wrong entries!
Goal was to establish that MPSK and MFSK do have about the same BER
for the same power, even though MFSK spreads it over more spectrum.

Spreading over wider spectrum uses more bandwidth, AND the total 
thermal noise (proportional to bandwidth) is greater, 
BUT sometimes spreading out the bandwidth helps with noise.

5c: what if we use double-every-bit as an encoding?
Short answer: how to tell if 01 is 00 or 11
Longer answer: the 1-bit error blocks 01 and 10 are equidistant,
in Hamming distance, from 00 and 11.

This should put convolution codes into perspective: 
send two bits for each 1, but still have some meaningful error correction.

6a: why have four addresses? 
	STA->STA or STA->wireful: why do we need addr of AP?
	APs can NOT act like Ethernet switches! 
	They must reject all non-associated stations. 
	
==================================================================================

multipath: getting interference from YOUR OWN SIGNAL, slightly later
How can we address this?
	send more slowly
	send with a pattern that is still readable when it overlaps itself
	
==================================================================================

Finish FHSS:

Fig 7.5: fast FHSS; PN rate faster than symbol rate.
Each symbol is sent on two frequencies (in this example).
3 or more frequencies per symbol: can use voting!
Tc = PN time; Ts = symbol time; Tc < Ts here. 
Usually the larger is a multiple of the smaller.

Why do this? 

Calculation of Eb/Nj: 
Nj = Noise due to jamming (deliberate or, more likely, accidental)
Assume jammer bandwidth is Wd. Sj = jammer power.

Eb/Nj = Eb*Wd/Sj (Nj = Sj/Wd)

Spreading Sj out on 2^k frequencies means power on any one frequency is reduced.
*Not* spreading Sj out (as would be the case for most "accidental" jamming)
means that only 1/2^k bits are affected. With ECC, we hope to be able to
fix these.

Note interplay between modulation strategies and ECC.

FHSS and impulse noise: skips around a lot.
We hit all sources of impulse noise, but each only 1/2^k of the time.

FHSS and multipath: next bit is on a completely different frequency!

FHSS and fading: fading is likely bad only on some of the frequencies!

FHSS hop times are coordinated in 802.11 with other times (beacons, etc)

======================================================

DSSS: 
xor the data (symbol) sequence with a much-faster spreading-code PN sequence.
s(t) = data signal, c(t) = code, taking values +1 & -1 instead of 1 and 0
(this way, * is the same as xor of the data values.)

We transmit s(t)*c(t).
recovery: c(t)*c(t) = 1, so received(t)*c(t) = (s(t)*c(t))*c(t) = s(t).


Analysis on page 169 of noise spikes: noise spike is spread OUT by multiplication
by c(t); data signal has bandwidth REDUCED. 
	s_rcvd(t) = s(t) + s_jam(t) + noise(t)
The despreader multiplies s_jam(t) by c(t), **spreading its energy out**. 
Unless it was precisely synchronized with s(t), it is now spread out over 
a bandwidth of +/- 1/Tc (fig 7.9), while the signal is now confined to +/- 1/T.
A bandpass filter removes most of the +/- 1/Tc range.

noise(t), on the other hand, is *not* made worse.

What should we use for c(t)? To come; see section 7.5.

However, resistance of DSSS to ISI does depend somewhat on the
PN sequence used; we want the sequence to be relatively immune to 
"translations" of itself.

======================================================

CDMA: everyone transmits overlapping signals, 
BUT we can separate them out with linear algebra.

we take a bit, and spread it with a spreading code.
Each user's code is "orthogonal" when 0 is replaced by -1:

A: 100101	+--+-+		
B: 110011	++--++
C: 110110	++-++-

Note that A and B are orthogonal in this sense, and A and C,
but *not* quite B and C.

How about 
A	1 1 1 1		(+1 +1 +1 +1)		Examples omitted Week 10
B	1 1 0 0		(+1 +1 -1 -1)
C	1 0 1 0		(+1 -1 +1 -1)

Let a, b,c be +/- 1, the bits that each sends. A sends aA

Signal as received is aA + bB + cC

======================================================

OFDM, p 337: several slow-modulated FM channels.
M here stands for Multiplexing, not Modulation, though that's kind of
a persnickety distinction. But we *are* using multiple simultaneous carriers
here.

Simpler case: non-orthogonal FDM. Then the different frequencies must be
protected by "guard bands", and bandwidth efficiency goes down.

The advantage of having a slower rate is that it is much more resistant
to multipath distortion and ISI (inter-symbol interference).

	multipath is sometimes measured in terms of how much longer the
	longest (significant) alternative path is as compared to the 
	LOS (line of sight) path. That translates directly to a delay,
	which in turn can be translated to bit times (or fractions).
	
	300 meters is a time variation of 1 microsec.
	At 1mbit/sec all on one channel, each "echo bit" could overlap 
	100% with the following bit.
	At 1mbit/sec spread over 10 channels at 0.1mbit each, each bit echo
	can overlap only 10% of the next bit.

IEEE 802.11a: OFDM: 52 carriers with spacing of 312.5 kHz	
(Stallings describes this on p 338 as being "translated" to the 5 gHz range.
However, it takes a fair bit of math to justify this view, and in the end
it's the same output signal as if we simply have carriers at fc, fc+fb, fc+2fb, etc)

Why "orthogonal"? In the past, we've looked at the frequency spectrum of
an ASK-modulated channel somewhat vaguely, as fc +/- data_rate.
See Fig 6.12 for another view.

However, a more accurate frequency spectrum is the "sinc" function, sin(x)/x.
We have most of the energy in the range fc - fb < f < fc + fb, 
fc = carrier, fb = spacing that depends on data rate.
The point is that we have *zero* energy at exactly +/- fb units away from fc.
So, if we space two carriers f1 and f2 by fb: f1 = fc, f2=fc+fb, then the
ASK interference between them is zero. 

Such a tight frequency spacing approaches the Nyquist limit.

Need complex signal-processing devices to generate!
 

===========================================================================
===========================================================================

Section 7.5: generation of spreading sequences

Both FHSS and DSSS use pseudo-noise spreading sequences, c(t). 
CDMA does too, but the requirements are somewhat different:
orthogonality, for one

Stallings material on PN sequences, starting on p 174, is applicable
to FHSS and DSSS.

Basic rules for PN sequences, p 175:
	* uniform distribution
	* a given subsequence of length k should appear about 1/2^k of the time
	  (this takes care of Stallings' Balance property and Run property)
	* independence: no one value should be inferrable from the others.
	
Obviously, independence FAILS: the sequence is computed, after all!
However, "pseudo-independence" is good enough: no one value should be 
inferrable from the others, unless you happen to have been told the
exact PN algorithm.

Correlation property: somewhat more "detailed":

	If a period of length k of the sequence is compared term-by-term with
	any cyclic shift of itself, the number of places the two are the same
	differs from the number of places they are different by at most 1.
	(For k=2r+1 odd, the number of places they are the same is either r or r+1.)
	
This is sometimes important in multipath rejection, where a sequence *is* 
overlapped, in part, with a cyclic shift of itself.

Cryptographic PN sequences: usually called 
	PRGA	Pseudo-Random Generator Algorithm
	PRNG	Pseudo-Random Number Generator

Implementation 1: Linear Feedback Shift Register

Polynomial X^4 + X + 1
Sequence: 0011 (X^3 and X^2 correspond to the 00)
Divisor in CRC: 10011

We have 4 bits (N=4). At each clock cycle, 
   1. Calculate the xor of the bits in the positions marked with 1 in the 0011 
      sequence
   2. shift everything to the right (as in figure 7.13), outputting the 
      rightmost bit. Replace the leftmost bit by the xor from step 1.

Example in Fig 7.13

What is the period of an LFSR? Depends to some degree on initial value (eg 0000 is bad),
also on the polynomial. 
	0101? 
	
	Fig 7.13 for 0101:
	register	b2 xor b0
0	1000		0
1	0100		1
2	1010		0
3	0101		0
4	0010		0
5	0001		1
6	1000		
Sequence length is 6, *not* an m-sequence!

maximal sequences: m-sequences, of period N = 2^n - 1

   * there is always at least one generator that yields an m-sequence
   * any input to that generator (initial state) yields the same m-sequence
     (but shifted, as in Table 7.2)
   * different generators may or may not yield different m-sequences:
     see Table 7.3
   * given a generator polynomial P(X), we can find the sequence it
     generates by 1/P(X), expanded formally or via Taylor series.


different starting points yield same sequence: Table 7.2

Given a length n, how do you find a generator polynomial that
generates an m-sequence?
	Look for polynomial that is prime (not factorable)
	and is itself a factor of X^L+1, for L=2^n-1
	Such polynomials are called "primitive"

Generator polynomials
=====================

Do you believe in algebra? 
	1 + (1/2) + (1/2)^2 + (1/2)^3 + (1/2)^4 + ...  = 2 = 1/(1 - 1/2)
	1 +   x   +     x^2 +     x^3 +     x^4 + ...      = 1/1-x
                                      ______________
Now get this by "formal division" 1-x ) 1

Interpreting this:
	geometric series; converges for |x| < 1
	Taylor series
	purely formal division
	

Can write as A0 + A1*X + A2*X^2 + ... + A[n-1]*X^(n-1) + X^n

Given a generator poly P, we can find the sequence by taking
the "formal" reciprocal 1/P, as a series.

1 + X + X^3

1 + X + X^4 (example of figure 7.13)

Note that the repeat-at-15 is equivalent to this dividing X^15 + 1

Properties
==========
m-sequences look "especially random"; see the properties on p 180:


#1	2^(n-1) 1-bits, 2^(n-1)-1 0-bits
	
#2	if N=2^n - 1, and we slide a "window" of length N along the sequence,
	cyclically, then all n-length sequences appear except the all-zero sequence

#3	runs of 1's and 0's
	n	1	0
	n-1	0	1
	n-2	1	1
	n-3	2	2
	
Autocorrelation	(just started at end of class)
===============

	Shift the m-sequence by amount tau, cyclically 
	(so if i>=N-tau, where N=2^n-1, we shift ith element to i-(N-tau)
	
	Count how many places the original and the shifted sequence are the same.
	Count how many places they're different.
	The two counts will differ by +/- 1

	replace 0's with -1's
	Now calculate R(tau) as:
		1/n * (B dot (B shifted by tau))
		
What correlation means: a measure of relative randomness.
This is good news for CDMA-type sequences: everyones is shifted by 1 place
from everyone else's. Cross-correlation is *close* to zero.

Actually, one usually tries to do better; Walsh codes give correlations
of zero.

For DSSS, what we're really interested in is low correlation with noise.
m-sequences do a good job of giving us that. 


=========================================================================