Book Gnuradio FR 19 en
Book Gnuradio FR 19 en
Book Gnuradio FR 19 en
Array signal processing optimization in GNU Radio for tracking and receiving
applications, Bieber E [et al.] 1
VLBI with GNU Radio, RFNoC and White Rabbit, Boven Paul 6
Using GNU Radio to do signal acquisition and analysis with Scopy, Suciu
Adrian 11
Phase noise & digital noise: what is it and why it is important for ground-
breaking RF-applications., Bourgeois Pierre-Yves 16
1
A LoRaWAN Security Assessment Test Bench, Claverie Tristan [et al.] 19
A 60GHz digital link with GNU Radio and USRP radios, Boeglen Herve 22
Study of the use of a SDR Passive RaDAR for the safe outdoor operation of
an atmospheric LiDAR, Peyrin Frédéric [et al.] 26
Author Index 36
Array signal processing optimization in GNU Radio
for tracking and receiving applications
E. Bieber1 , C. Campo1,2 , L. Bernard1 , H. Boeglen2 , S. Hengy1 , J.-M. Paillot2
1
French-German research institute of Saint-Louis (ISL), Saint-Louis, France
2
Université de Poitiers, XLIM, UMR 7252, Poitiers, France
Abstract
Among other missions the French German research Institute of Saint-Louis (ISL) works on array
signal processing for secured communications between high speed projectiles and allied base stations.
Within that framework, a projectile tracking receiving station based on commercial Software-Defined
Radios (SDR) was developed using four channels to steer an antenna array and recombine the received
signals, hence improving the gain of the receiving station. A transmitter embedded in the projectile
sent data to the developed receiving station at a 2 Mbits/s. In order to decode and process in real
time the data received by the four channel antenna array, a high sampling rate was required. As this
highly resource consuming application resulted in sample overflows that is, in periodic losses of data
between the SDR and the computer, an optimization of our algorithms computed on GNU Radio and
the communication between our blocks proved to be necessary.
This paper intends to provide feedback on our optimization work. Some of the main problems we
encountered and the solutions we propose to solve them are briefly exposed and will be further detailed
in our oral presentation.
1 Introduction
Among other missions, the ISL works on develop-
ing secure communications between fired projectiles
and ground stations for future smart ammunitions.
Antenna arrays then offer many advantages such as
directional radiation patterns that can be dynam-
ically reconfigured to follow a moving transmitter,
fight against hostile jammers or listeners, etc. In
this context a SDR-based receiving station was de-
veloped using GNU Radio and the commercial Uni-
versal Software Radio Peripherals (USRPs) sold by
National Instruments, and proved to be able to elec-
tronically follow a transmitter by steering a four
element Uniform Linear Array (ULA), increasing
Figure 1: Flowgraph runnable at 1MS/s but creat-
the gain on the received signal. However in order
ing data overflows at 8.33MS/s.
to simultaneously decode the transmitted signal at
a 2 Mbits/s baud rate, the sampling rate for all
channels needed to be raised to 8 MSamples/s. To
compose with the SDR requirements it was neces-
sary for our laptop to receive data at a total rate of Fig. 1 exhibits a flowgraph that managed to
33.33 MS/s (for all four channels), process the re- perform projectile following at 1MS/s but created
ceived data with our implemented algorithms such data overflows when higher sampling rates were re-
as beamforming and direction finding (DOA) that quired. The important number of streams and use
were introduced in [1], and record the whole in real of loops instead of vector oriented library kernels
time, resulting in a highly data consuming applica- (Volk) were partly responsible for these overflows.
tion. Our first attempt to run this application with
a laptop equipped with an Intel i7 processor, 32 This paper does not focus on our application and
GB of RAM and a Samsung 850 evo SSD resulted results, but intends to present our work on code
in data overflows, i.e. in periodic data losses due to optimization, especially to extend the computation
the lack of computation power, hence forcing us to efficiency of our algorithms and flowgraphs devel-
think carefully about computation efficiency when oped in C++ in GNU Radio [2]. The remaining of
implementing our application in GNU Radio. this abstract briefly covers suggested improvements
we have explored to avoid overflow issues.
1
2 Suggested improvements for tion will allow GNU Radio threads to have prior-
ity over concurrent threads. Finally blocks using
optimization computationally heavy algorithms like DOA esti-
mation, etc, can be bound to a dedicated proces-
The first and most obvious question that arises is sor core while less demanding threads are bound
the network throughput between the SDR and the to a pool of remaining cores. It can be noted that
laptop, as well as the laptop capability to record all sometimes splitting such blocks into several ones
the needed data fast enough. In the case of our ap- will take advantage of the multi-core environment.
plication, the total 33.33MS/s sampling rate forced
us to install a Thunderbolt 2 SANLink adapter. It
can also be useful to create a RAMDisk if the drive
is not capable to record fast enough. Reducing the
amount of written data will have a positive effect
on the bitrate: users should write binary files rather
than ASCII ones and use data types with smaller
memory size.
Once it is sure network throughput and data
recording speed are not the bottlenecks that cre-
ate data overflows, one can investigate his source
code to enhance his application efficiency. Due to
GNU Radio’s way of processing streams as buffers
of data, the work() method of a block is usually a
two-level loop that parses each sample of each input
stream. One should avoid multiple computations Figure 2: Flowgraph runnable at 8.33MS/s.
of invariant values inside loops, but also try to use
optimized functions such as memcpy() or the Volk Fig. 2 shows an optimized version of the previous
library [3] kernels instead of these loops whenever flowgraph that can be run on the same laptop at
possible. 8.33MS/s with a graphical view of the four received
However even if correctly managing streams be- signals.
tween blocks allows to spare resources, it remains
important to limit those streams when they are ex-
pendable. Although it might be tempting as a fast 3 Conclusion
implementation to simply add a stream to a block
This paper presents the main modifications we
as a trigger or a way to share a variable between
brought to our developed blocks, making our ap-
blocks, it is computationally expensive and can be
plication runnable for four channels at a 8.33MS/s
responsible for data overflows when high sampling
sampling rate. An alternative communication vec-
rates are required. In order to efficiently communi-
tor between blocks that fits some of our particular
cate information between blocks, GNU Radio na-
needs has been mentioned, and all the suggested
tively offers the possibility to tag existing streams
improvements presented above will be further de-
with metadata. Since a tag is associated to a sam-
tailed in our oral presentation.
ple of a data buffer, we can consider tags as a syn-
chronous communication vector. For asynchronous
communication GNU Radio allows blocks to send References
messages to other blocks. A message is a 1 to N
communcation carried out by the sender: the re- [1] C. Campo, L. Bernard, H. Boeglen, S. Hengy,
ceiver message handler is called for each pending J.-M. Paillot, Software-Defined Radio system
message. As no native option is given for users for tracking application, EuCAP London 2018.
to develop blocks that can asynchronously use a
shared variable, we developed a new communica- [2] GNU Radio 3.6.4.2 C++ API documen-
tion vector based on static variables that allow vari- tation at https://www.gnuradio.org/doc/
ables to be read and written by several blocks in doxygen-3.6.4/index.html
a thread-safe way assured by a mutex. Further [3] Vector Optimized Library of Ker-
details on our proposed communication vector be- nels (Volk) doxygen documentation at
tween blocks will be given in our presentation. libvolk.org/doxygen/
After information communication between blocks
has been verified enabling real time scheduling op-
2
SatNOGS: Towards a Modern, Crowd Sourced and
Open Network of Ground Stations
Manolis Surligas1,2 , Matthaios Papamatthaiou1 , Ilias Daradimos1 , Vasilis Tsiligiannis1 ,
Pierros Papadeas1 , Agisilaos Zisimatos1 , Fredy Damkalis1 , Kostis Triantafillakis1 , George Vardakis1,2 ,
Nestoras Sdoukos1,2 , Nikos Karamolegkos1,2
1
Libre Space Foundation, Athens Greece, [email protected]
2
Computer Science Department, University of Crete
Abstract
Over the last years the launching cost of a payload in space has been significantly reduced and this
trend is expected to continue, as the interest for space applications is increasing. The reduced launch
cost and the advancements in technology, gave the opportunity to small satellites to revolutionize access
to space.
The majority of the small satellites missions are targeting the Low Earth Orbit (LEO). Due to the
nature of this particular orbit, communication with a satellite is possible only for a few minutes per day
for a given location. This raises the need for multiple ground stations in several geographic locations.
Although such an infrastructure is possible, most of the times it is both complicated and expensive for
research or educational entities to obtain. Given the fact that each ground station exhibits a small per
day utilization for a specific satellite, the idle time can be used for reception of other missions.
SatNOGS is an open source software and open hardware project that addresses this problem by
interconnecting all participating ground stations, offering their idle time to other users of the SatNOGS
network.
1
ther analysis. The front-end of the SatNOGS Net- The software on its core is written in C++, us-
work provides a set of different web interfaces. For ing also some Python bindings. The first task of
the ground station operators, a web-based control this module is to receive the signal from the SDR
panel is available in order to control and configure front-end, apply coarse filtering and re-sample it.
remotely their stations. It also allows operators to The later is crucial in order to reduce the sampling
schedule rate of the signal originating from the SDR device,
so the processing can be performed in CPU lim-
ited devices like the Raspberry Pi 3. Afterwards
2.2 Rotator hardware and based on the satellite trajectory, the gr-satnogs
SatNOGS Rotator is the mechanism that allows compensates the Doppler effect which introduces a
tracking of satellites in both azimuth and elevation constantly changing center frequency offset. Then,
axis. By design, the goal of the rotator is to keep the Doppler corrected signal passes additional and
the cost low, by using widely available materials of more fine grained filtering stages. Finally, the mod-
common sizes and 3D printed parts. For the users ule tries to automatically demodulate the resulting
that cannot afford a rotator, SatNOGS can still op- signal in real-time, based on the coding/modulation
erate without one, using a less directional antenna. scheme of the targeted satellite. At the same time,
the module produces a waterfall spectrum analysis
plot and an audible representation of the spectrum.
2.3 Client software The waterfall plot is an excellent tool, for imme-
diate and visual spotting of satellite transmissions,
The SatNOGS Client[4] is a Python program that nearby interference, possible RF performance issues
runs on the ground station computer. The client or misconfiguration at the station setup. The audi-
is responsible to retrieve observation jobs from the ble transformation of the spectrum, is a technique
network and execute them. When a new job is re- quite popular in the amateur community and many
ceived from the network, it is placed in an execu- amateur signal analysis tools utilize it. For each
tion queue, sorted in chronological order based on observation, the decoded frames, a waterfall spec-
the start time of the satellite pass. The client con- trum analysis plot and the audio file are uploaded
stantly monitors the local time of the ground sta- back to the SatNOGS Network, for visualization
tion and the starting time of the first observation at and further analysis. Currently, gr-satnogs pro-
the queue. When the timing is proper, the client re- vides automated demodulators decoders that cover
moves the observation job from the queue and pre- a wide range of satellite missions. From beacons to
pares to execute it. To do so, it initializes the SDR weather pictures.
front-end with the RF parameters described by the
job and then executes the appropriate GNU Radio
script provided by the gr-satnogs OOT module[3]. 3 Conclusion
Meanwhile, the client controls the rotator, so the
antennas can track the trajectory of the targeted The use of gnuradio enable an unmatched agility in
satellite. When the observation job is finished, the a groundstation network. The ability to demodu-
client instructs the rotator to place the antennas in late virtually any kind of transmission is fully future
a park position. Then, all the resulting files gener- proof. It only requires automated software update
ated by the grsatnogs OOT[3] are uploaded back to of the client. It is also the perfect match with low
the network. The client continues to operate, wait- cost SDR receiver like rtl-sdr.
ing for the execution of the next job in the queue.
References
2.4 Gnuradio OOT module
[1] SATNOGS Database : https://db.satnogs.
Each ground station is equipped with an SDR de- org/
vice for the signal reception. The architecture is
modular enough, so it can support a wide range of [2] SATNOGS network : https://network.
different SDR hardware, depending on the target satnogs.org/
cost of the station. For example, there are stations [3] gr-satnogs : https://gitlab.com/
using an RTL SDR dongle costing about 15USD, librespacefoundation/satnogs/gr-satnogs
whereas others utilize a high-end device like the
USRP B210 with a cost of 2000USD. For the signal [4] SATNOGS client : https://gitlab.
analysis and demodulation, the GNU Radio Out-of- com/librespacefoundation/satnogs/
Tree (OOT) module called gr-satnogs [3] is used. satnogs-client
2
VLBI with GNU Radio, RFNoC and White Rabbit
P. Boven
JIVE, Netherlands
Abstract
1 Introduction
1
Frequency locking a laser on a spectral hole pattern
with a multi-channel heterodyne method using SDR
and GnuRadio
N. Galland1,2 , N. Lucic2 , H. Alvarez-Martinez2 , S. Zhang2 , B. Fang2 , R. Le Targat2 ,
A. Ferrier3,4 , P. Goldner3 , S. Seidelin1,5 , Y. Lecoq2
1
Université Grenoble Alpes and CNRS, Institut NEEL,
F-38042 Grenoble, France
2
LNE-SYRTE, Observatoire de Paris, Université PSL, CNRS, Sorbonne Université,
61 avenue de l’Observatoire 75014 Paris
3
Université PSL, Chimie ParisTech, CNRS, Institut de Recherche de Chimie Paris,
75005, Paris, France
4
Sorbonne Université, 75005, Paris, France
5
Institut Universitaire de France, 103 Boulevard Saint-Michel,
F-75005 Paris, France
Abstract
High precision spectroscopic probing of a narrow spectral hole pattern imprinted in the inhomo-
geneously broadened absorption spectrum of Eu3+ : Y2 SiO5 crystal can be used to stabilize a laser
frequency. A multi-hole pattern can be burn and all the holes can be probed simultaneously using a
multiple frequency signal. The dispersion induced dephasing acquired by the light through the crystal
is measured to derive an error signal suitable to lock the laser frequency to the spectral hole pattern.
An Ettus USRP X310 driven by a python program based on GNU Radio is used for both generating
the multiple frequency signal and to compute the correction applied to the laser frequency.
1
then probe the spectral hole. The master laser at 4 Conclusion
1160 nm is pre-stabilized to a high finesse FPC. An
offset phase-lock loop is used to servo the slave laser The double-hole based detection has improved a lot
at 1160 nm to the master laser with a controlled the detection noise of the detuning induces disper-
offset frequency (typically 980 MHz). Both lasers sion. Indeed, the previous detection scheme using
are independently frequency doubled to reach 580 only one hole was exhibiting a noise level compati-
nm, the center of the broadened transition 7 F0 → ble with a stability in the low 10−15 at 1 s. The new
5
D0 . The slave laser is then sent to a double-pass scheme shows a detection noise compatible with a
AOM to generate an arbitrary spectral pattern in stability in the mid 10−16 at 1 s.
the light (in the 1 MHz range around the center We then infer that the residual instability of the
frequency). Both yellow lasers are then spatially laser when locked to the spectral hole is not due
overlapped and the resulting beam is splitted in to the detection noise of the setup, but to other
two channels, one going through the crystal and to technical issues. Next imporvement will be to re-
a 2 GHz bandwith photodiode, the other directly duce the thermal fluctuation of the sample holder
to an identical photodiode for reference. in the cryostat and the residual vibration due to
the working cycle of the pulsed tube. An investiga-
The beatnote obtained on each photodiode is de-
tion to find the optimal spectral pattern will also be
modulated to 8 MHz and amplified before acqui-
conducted to reach the low 10−16 at 1 s or below.
sition by the two RX channels of an Ettus USRP
This project has received fundings from Ville de Paris
X310. One TX channel is used to drive the fre-
Emergence Program, LABEX Cluster of Excellence FIRST-
quency offset between the two lasers. The other
TF (ANR-10-LABX-48-01), within the Program “Investisse-
TX channel is used to drive the double-pass AOM.
ments d’Avenir” operated by the French National Research
The GNU Radio flowgraph is on the one hand de- Agency (ANR), Région Ile de France; European Union’s
riving the error signal from the dephasing between Horizon 2020 research and innovation program under grant
RX channels induced by the spectral hole disper- agreement No 712721 (NanOQTech); ANR under grant
sion. A spectral mask is applied to band pass fil- number 14-CE26-0037-01 DISCRYS; EMPIR 15SIB03 OC18
ter the RX signal arround different frequencies and and from the EMPIR program co-financed by the Participat-
remove any unwanted spectral component. The a ing States.
proportionnal and integrator filter applied on the
error signal provides a correction modulating the
TX channel driving the offset frequency. On the References
other hand, another flowgraph is used to generate
an arbitrary spectral pattern applied to the AOM. [1] M. J. Thorpe, L. Rippe, T. M. Fortier, M. S.
Kirchner and T. Rosenband, “Frequency stabi-
lization to 6 × 10−16 via spectral-hole burning”,
Nat. Photon. 5, 688-693 (2011)
3 Results [2] D. R. Leibrandt, M. J. Thorpe, C.W. Chou, T.
M. Fortier, S. A. Diddams,and T. Rosenband,
An optical frequency comb stabilized on a state-of- “Absolute and Relative Stability of an Optical-
the-art ultrastable laser allows us to evaluate the Frequency Reference Based on Spectral Hole
stability of our laser over a timescale from 1 s to Burning in Eu3+:Y2SiO5”, Phys. Rev. Lett.
1000 s. We can therefore measure the stability 111, 237402 (2013)
of the laser pre-stabilized to our FPC to approx-
imately 10−14 fractional frequency instability at 1 [3] O. Gobron, K. Jung, N. Galland, K. Predehl,
s. R. Le Targat, A. Ferrier, P.Goldner, S. Sei-
By using a double hole pattern with one reference delin, and Y. Le Coq, “Dispersive heterodyne
mode (in a wide hole and so experiencing a small probingmethod for laser frequency stabiliza-
dispersion) and one signal mode (in a narrow hole, tion based on spectral hole burning inrare-earth
experiencing a big dispersion as a function ot the doped crystals”, Optics Express 25 (13), 15539-
detuning), we obtain a good frequency lock of the 15548 (2017)
laser on the narrow hole. The laser then exhibits
a stability in the low 10−15 for 1 s to 10 s time
scale. This result is almost one order of magnitude
better than the previous results obtained on this
experiment while using a single hole to derive the
correction signal [3].
2
Embedded and Connected Receiver System for
nano-satellite in Low Earth Orbit (LEO)
F. Spies1,2 , S. Givron2
1
FEMTO-ST Complex Computer System, Montbéliard, France
2
Université de Franche-Comté, Montbéliard, France
Abstract
The objective of this work is to design a set of satellite signal reception, embedded, connected and low
power consumption. This set must be simple to implement with the ambition of being widely deployed
on a global scale to provide complete and continuous coverage so that each satellite transmission can
be received at any time without loss. The altitude of the satellite orbit must allow the planet to be
covered with less than a hundred reception stations on earth. The stations will be located mainly in
universities with an eduroam connection to facilitate the transmission of information on a server.
1 Introduction threshold and thus increases the reception distance.
One of the advantages of using software radio is
Communication systems with nano-satellites re- that it allows you to reconfigure the demodulation
main complex to implement. They must have a chain for each passage of a nano-satellite. There
suitable receiving chain in order to be able to pro- are software programs such as gpredict that inte-
cess small amplitude signals. The implementation grates the paths of all active in-orbit nano-satellites
altitude is around 500 km. The nano-satellite trans- to predict the path times.
mission chain must be as light as possible, includ-
ing the antenna, power amplifier and communica-
tion board. The objective of nano-satellites is to 3 Picsat Demodulation
be as light as possible with a reduced altitude to
limit the cost of placing them in orbit as much as Picsat, a specific nano-satellite put into orbit in
possible. Therefore, the ground station must be 2018, demodulated the signal transmitted in BPSK
able to compensate for the transmission and recep- 1200 baud. The demodulation chain performed by
tion constraints of nano-satellites. It is necessary to [1] integrated all the demodulation functions nec-
be able to amplify weak signals received with mo- essary to interpret the information transmitted by
torized directional antennas combined with power the satellite and send it back to the server central-
amplifiers. The objective of this work is to provide izing all the reception on the planet. Indeed, at
a ground-based reception solution consisting of a this altitude, the flight times of an area are gener-
simple omnidirectional antenna and a Software De- ally between 5 and 15 minutes. We understand the
fined Radio (SDR) interface. The advantage of ra- importance of being able to multiply the number
dio software is that it can receive several different of reception sites around the world in order to be
nanosatellite signals and can be reprogrammed at able to increase the exchange times with the nano-
any time. In addition, this solution can be updated satellite. If ground systems are connected to the
over time to adapt to changes in modulation in the Internet, it is possible to gradually move towards a
nano-satellites of next generations. Finally, a study permanent and continuous connection that would
of the dimensioning of the ground reception module limit the redundancy of data transmitted from the
will make it possible to reduce the unit cost so that satellite and thus increase its ability to transmit in-
a large-scale deployment can be envisaged. formation to the ground. All you need is between
80 and 100 ground receiving systems evenly dis-
tributed to be in permanent communication with
2 Demodulation Chain the nano-satellite. A maximum distance between
2 reception systems of about 3500 km (30 degrees)
The frequencies mostly used by these nano- would allow this continuity of communication.
satellites are VHF/UHF amateur radio frequen-
cies (145 and 435/438 MHz) or the S band (2.2 to
2.3 GHz). Modulations are generally of the FSK, 4 Systems Implementation
BPSK or GMSK type. Baud rates are generally
between 1200 and 9600 baud. The use of two sym- Before attempting to embed the receiving chain on
bols per period significantly reduces the reception low-cost electronic boards, it is preferable to vali-
1
date oversized solutions to facilitate development. the restitution of the transmitted data. Software
Thus, we used a laptop computer, a Raspberry Pi 3, radios have a USB port and can only be connected
a Raspberry Pi zero and a microcontroller ESP8266 to the ESP8266 at a low speed equivalent to version
[2] including a Wi-Fi interface to perform the signal 1.0 or 1.1 of about 1Mbps. We have chosen to use
demodulation. The signal reception was performed the radio software in SDR-IP mode (Fig. 1), i.e.
with a USRP B200 mini, an ADALM-Pluto and an through a Wi-Fi/IP connection to validate the pro-
RTL-SDR. cessing capacity of the microcontroller. Data recep-
On laptops and Raspberry PIs that use a UNIX tion centered on the corrected frequency could be
system, the use of gnuradio is possible. On Rasp- completely integrated, in purely integer functions
berry PI boards, computing power is limited, the for more efficiency. In order to limit the energy
USB interface works in version 2 and the use of consumption by the entire station, it is only exe-
command line gnuradio is preferable. On the micro- cuted when a nano-satellite passes through and re-
controller, the program is downloaded from the Ar- mains in deep sleep between two passes. The times
duino development interface in C/C++/LUA lan- of the visits are obtained on servers located on the
guage. Internet.
5 Signal Generator
When designing a demodulation function, it is nec-
essary to decode a good quality signal, but this
is not enough. It is also necessary to be able to
measure the qualities and characteristics of the al-
gorithm designed to identify the potential of the
reception sensitivity threshold obtained. If the re-
ception sensitivity threshold is too high, decoding
will only be possible when the nano-satellite is near
the zenith of our position. If the sensitivity thresh-
old is low enough, decoding can be carried out up to
positions close to the horizon where the link budget
is most unfavourable. Figure 1: Global Architecture with the Wi-Fi mi-
We have produced several types of files con- crocontroller ESP8266.
taining signals including increasingly large atten-
uations and small constant, linear and polynomial
frequency shifts to gradually reproduce the Doppler
effect of LEO orbits. 7 Conclusion
Porting demodulation functions into a microcon-
6 Decoding Tests troller has allowed us to improve the overall effi-
ciency of the receiving chain. The Doppler effect
First, we validated that reception could be achieved correction remains to be integrated into the micro-
with an omnidirectional antenna placed horizon- controller to complete the demodulation chain. We
tally in the perpendicular of the satellite path finally chose to reintegrate the entire demodulation
connected to a USRP B200 mini interface. The functions into gnuradio to reduce processing time
whole thing was connected to a laptop PC with and use a low-power Raspberry Pi zero that easily
gnuradio/gr-picsat [1] to ensure sufficient comput- connects an SDR interface.
ing power and memory capacity. The reception
time is approximately 8 minutes out of a potential
10 to 12 minutes. This first result was considered References
sufficient to qualify the reception.
[1] PicSat telemetry parser added to gr-
In a second step, we validated the computing and
satellites at https://destevez.net/2018/01/
memory capacity of the Rapsberry Pi zero Wi-Fi
picsat-telemetry-parser-added-to-gr-satellites/
(ARM 1 core 1GHz 512GB RAM) to demodulate
the I/Q signals received in gnuradio/gr-picsat in [2] ESP8266: Wi-Fi microchip with full TCP/IP
command line mode. stack and microcontroller at https://en.
In a third step, the demodulation was coded di- wikipedia.org/wiki/ESP8266
rectly into the micro-code of the ESP8266 to allow
2
Using GNU Radio to do signal acquisition and
analysis with Scopy
A. Suciu
Analog Devices Inc.
Abstract
GNU Radio is the go-to library when it comes to open source software-defined radio. However GNU
Radio can go beyond that. In this paper we will discuss the use of GNU Radio as a base library for
an end product application that requires general signal processing as well as other decoding libraries.
Specifically, we will address how GNU Radio can be leveraged for applications beyond software defined
radio and other communication systems.
1 Introduction 3 Results
We used GNU Radio for an end application that
In order to create Scopy – an open source mixed sig-
does not comply with the traditional scope of the
nal analysis and generation toolkit, we chose to use
framework. Although GNU Radio is well modular-
GNU Radio, along with a variety of open source
ized, starting and stopping instruments has been
libraries and frameworks such as libiio, libsigrok,
one of the challenges we faced. Since there is no
Qt5 or Qwt. Scopy currently interfaces with the
trivial way to reconfigure a GNU Radio flow, we
ADALM-2000 hardware which provides two analog
had to develop a method that recursively deletes
input channels, two analog output channels, as well
blocks starting with a parent. This and the use of
as 16 digital I/O pins – capable of high speed syn-
the copy block eased up flow reconfiguration. Gnu-
chronized buffered operations. Future plans include
radio is a good fit for this application as it abstracts
extending Scopy to interface with other hardware.
the complexities of signal acquisition and analysis
into an efficient data flow giving us more headroom
to develop a more user friendly, touchscreen com-
patible
2 Experimental setup
Scopy uses libiio to interface with ADALM-2000.
4 Background
This allows Scopy to connect to the hardware via The ADALM-2000 also known as M2k [1] is a Soft-
USB, as well as ethernet. By using an off the shelf ware Defined Measurement Platform that is a cross
(COTS) Wi-Fi dongle, the hardware can connect platform (Windows, Mac and Linux) USB oscil-
to a wireless network and Scopy can acquire data loscope and multi-function instrument that allows
remotely from the ADALM-2000. users to measure, visualize, generate, record, and
GNU Radio is used in this context to multi- control mixed-signal circuits of all kinds. It fea-
plex the data streams received from the hardware tures two-channel digital oscilloscope and arbitrary
via gr-iio to the oscilloscope/ spectrum analyzer/ function generator, with Time, Network and Spec-
network analyzer. GNU Radio’s efficient vector- trum Analyzer views. A 16- channel digital logic
optimized operations are used to implement instru- analyzer and pattern generator, with a countless
ment functionalities such as the oscilloscope refer- number of Bus Analyzers for all kind of protocols
ence waveform, digital AC coupling as well as math such as I2C, SPI, UART, CAN, JTAG, SPDIF, etc.
channels. The network analyzer uses the GNU Ra- just to mention a few. Besides this it also has true
dio flow to create a full network analyzer signal RMS voltmeters and programmable power supplies
chain. Combined with the M2K hardware it is able all in a pocket sized instrument.
to characterize circuits up to 30MHz and repre-
sent the results on Bode, Nichols and Nyquist plots.
The spectrum analyzer allows marker operations as References
well as different types of windowing up to 50MHz.
The signal generator uses GNU Radio to output [1] ADALM2000 for Developers at https:
various types of user configurable signals such as //wiki.analog.com/university/tools/m2k/
sine, square waves or the results of time-dependant developers
mathematical equations.
1
Fully Digital Electronics for Fiber-Link Frequency
Transfer Implemented on Red Pitaya
A. C. Cárdenas-Olaya, C. E. Calosso
INRiM, Quantum Metrology & Nanotechnology, Turin, Italy
Abstract
This paper presents a digital instrumentation for frequency transfer on optical fiber links. The pro-
posed system detects the phase and amplitude of the beatnotes at the two ends of the fiber for (actively
or passively) compensating by the phase noise and the polarization rotation. The implementation is
performed on Red Pitaya, an open source platform that integrates fast Analog-to-Digital and Digital-
to-Analog converters with a Zynq System-on-Chip. The system features a detection bandwidth of
10 MHz, compatible with thousand kilometers links, that can be finely tuned for reaching an adequate
Signal-to-Noise Ratio minimizing the generation of cycle slips.
1
tected that differs a factor of two from Doppler to
Two-Way, the detection bandwidth, the data chan-
nels to be stored, etc.
References
[1] K. Predehl et al., A 920-kilometer Optical Fiber
Link for Frequency Metrology at the 19th Deci-
mal Place, Science, April 2012, 336(6080)
Figure 1: General scheme. PD: Photo-detector, [2] L.-S. Ma, P. Jungner, J. Ye and J. L. Hall,
FM: Faraday Mirror, EPC: External Polarization Delivering the same optical frequency at two
Controller, PL: Programmable Logic (FPGA), PS: places: accurate cancellation of phase noise
Processing System (ARM processor). introduced by an optical fiber or other time-
varying path, Optics Letters, Nov. 1994, 19(21)
memory and transferred to an external computer [3] C. E. Calosso, E. Bertacco, D. Calonico, C. Cli-
for post-processing. vati, G. A. Costanzo, M. Frittelli, F. Levi, A.
Fig. 2 sketches the block diagram of one channel Mura and A. Godone, Frequency transfer via
including the fiber emulator. The emulator gen- a two-way optical phase comparison on a mul-
erates the main noise sources involved in a setup tiplexed fiber network, Optics Letters, March
for frequency transfer such as: fiber noise, photo- 2014, 39(5)
detection noise and noise induced by the polariza-
tion. In addition, it is provided with the emulator [4] Red Pitaya, Documentation and technical infor-
of a polarization controller based on a four plates mation, http://redpitaya.readthedocs.io/
configuration. When the emulator is enabled, it en/latest/
acts on the NCO signal (DAC input) that instead
of driving the AOM will be the instrument input,
emulating the beatnote.
3 Conclusion
The proposed digital instrument is a compact so-
lution that integrates different functionalities such
as phase-meter, stability control and polarization
control in a single platform.
The instrument is provided with the capability
of applying different configurations of the two com-
pensation techniques by properly setting the differ-
ent blocks parameters, such as: the compensation
action (open or close loop), compensation band-
width (if any), the frequency of the beatenote de-
2
KiwiSDR as a new GNURadio source
C. Mayer
Abstract
By now, >300 world-wide distributed KiwiSDRs are online. After introducing the KiwiSDR, an
implementation of a GNURadio websocket client for the KiwiSDR. As an example on how to use
the GNURadio KiwiSDR client, the coherent combination of KiwiSDR IQ streams, and decoders
implemented in GNURadio for digital HF modes using the KiwiSDR client are shown.
1 Introduction 3 Decoding digital modes on
The KiwiSDR [1] was developed by John Seamons
HF using GNURadio
ZL/KF6VO and by now >300 of these SDRs are A GNURadio OOT module is being developed
available on the internet [2]. In this contribution, which allows to concisely specify the physical layer
a GNURadio websocket client for the KiwiSDR [3] characteristics of a given phase-modulated digital
is presented, along with some applications [4]. mode on HF in python [5], where preamble cross-
correlation, doppler estimation and adaptive filter-
ing are taken care of the framework. As an exam-
2 Coherent combination of ple the demodulation of a STANAG 4285 signal is
KiwiSDR IQ streams shown in Figure 2.
1
Figure 3 shows cross correlations between a LO- [4] Singal Analysis and Monitoring blog at https:
RAN signal received by two KiwiSDRs, and Fig. 4 //hcab14.blogspot.com/
shows the TDoA map obtained by using the cross
correlations from three KiwiSDRs. [5] gr-digitalhf at https://github.com/hcab14/
gr-digitalhf
[6] TDoA at https://github.com/hcab14/TDoA
References
[1] KiwiSDR at http://kiwisdr.com
[2] Map of available KiwiSDRs at http://rx.
linkfanel.net/
[3] gr-kiwisdr at https://github.com/hcab14/
gr-kiwisdr
2
Phase noise & digital noise:
what is it and why it is important for
groundbreaking RF-applications.
P.-Y. Bourgeois
FEMTO-ST, Time&Frequency dpt, UMR 6174 CNRS, Besançon, France
Abstract
For more than a decade, digital electronics has a massive impact on about every research field offering
flexibility, robustness and reconfigurability.
NCO
In 2018 IEEE International Frequency Control
DDC Symposium (IFCS), pages 1–4. IEEE, 2018.
1
Using GNU Radio Companion to improve student
understanding of signal processing theory through VHF
Omni-Directional Range (VOR) signal demodulation
A. Blais, C. Morlaas
Abstract
The École Nationale de l'Aviation Civile (ENAC), the French Civil Aviation University, proposes a
graduate engineer program with, among three others, a major, in Aeronautical and Space Telecommu-
nications (SAT). This major is characterized by advanced theoretical courses in signal theory, signal
processing, digital communications and navigation in particular. Some practicals are given to help
the students understanding specic points in these courses. However, this scattered approach does
not provide any hindsight on the interest and the usefulness of these courses, either independently nor
together. This is the reason why these practicals are completed by a long project which proposes, as
a global case of application, to demodulate a VHF Omni-Directional Range (VOR) signal. This paper
details this long project, from its pedagogical approach to some interesting points of its implementation.
1 Introduction
The sometimes complex notions being taught in sig- M (t) = 0.3 cos (2π30t − QDR + θ30 )
nal theory and signal processing courses need to + 0, 05 ident(t) cos (2π1020t + θ1200 )
nd some practical realizations to be fully under-
stood by the students. It is the objective of the + 0.3 cos (2π9960t + θ(t) + θ9960 ) (2)
long project described in this paper. Indeed, it pro-
Z
poses the demodulation of a VOR signal using the t
GNU Radio Companion (GRC) software. The si- θ(t) = 16 · 30 · 2π cos(2π30u + θ30 )du
0
multaneous learning of this powerful software is an = 16 · sin(2π30t + θ30 ) − 16 · sin(θ30 ) (3)
interesting aside of this project, even if it is not
its primary goal. The signal in question is either with:
received by mean of a DVB-T USB dongle (one
is distributed per pair of students) or a synthetic • f0 ∈ [108, 118] MHz, the carrier frequency,
one, generated in the course of the project by the
• QDR the magnetic bearing from the station to
students themselves. In the rst part of this pa-
per, a model of the VOR signal is presented. Then, the aircraft, in units of radian,
the pedagogical approach selected by the teaching • ident(t) the identication signal of the VOR
team is described. Two interesting technical points beacon (Morse code),
are adressed in the third part, to point out the sig-
nal processing challenges the students have to face. • θ30 , θ1200 and θ9960 random initial phases.
At last, a brief conclusion is drawn.
A graphical representation of the spectrum corre-
sponding to the amplitude modulation (1 + M (t)),
2 A VOR signal model gure 1, is also shown to train the students to think
in the frequency domain as well as in the time do-
The VOR system is a navigation aid designed to main.
give the angle, in relation to the magnetic north, to
the aircraft from a ground radio beacon of known
position. This is done with the help of an hybrid
signal carrying several components. A noise-free
time model of this signal [1], as seen by the receiver,
is presented to the students:
e(t) = (1 + M (t)) cos (2πf0 t + θ0 ) (1)
Figure 1: Schematic representation of the baseband
spectrum of a VOR signal.
1
The models of the I & Q signals delivered by 4.1 The frequency demodulation
the DVB-T dongle are then derived from equations
(1), (2) and (3)), after a short explanation of how Figure 2 illustrates the demodulation principle the
this dongle works. This is an eective use of the students not only have to implement, but also to
complex envelope concept introduced in the digi- understand! The calculation of the value of the
tal communications course. These models are the delay is always an instructive brainstorm.
starting point of the practical implementation.
2
A LoRaWAN Security Assessment Test Bench
T. Claverie, J. Lopes Esteves
Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI)
Paris, France
Abstract
LoRaWAN is a recent protocol and despite having been already studied from a security perspective,
several attacks have not been reproduced in practice mostly due to a lack of details regarding the test
benches used. After presenting previous work on the LoRaWAN protocol and the various platforms
described, we present an environment based on hardware, software and SDR to study the radio layer
of the protocol. The efficiency of this architecture is demonstrated by reproducing theoretical attacks
on LoRaWAN 1.0.
1
The gr-lora block from [9] provided very good tacker listens and waits until he captures a full join
results along with detailed explanations. However handshake from the targeted device. He captures
significant latency is induced by the decoding layer messages in this first session.
and it only supports demodulating uplink or down- When the device initiates a new join procedure,
link transmissions at once. A minor change has the attacker spoofs the gateway and forces a reini-
been made to enable decoding both uplink and tiation until the DevNonce sent by the device is the
downlink messages within a single LoRa decoder same as in the captured session; the attacker then
block. responds with the captured JoinAccept.
Once the join procedure succeeds, the device
starts sending data frames. Due to the nonce reuse,
they will be encrypted with the same keystream as
the captured session, which allows an attacker to
partially break the confidentiality of the messages.
3 Reproducing the replay or In this paper we described a low cost security as-
sessment platform for the LoRaWAN protocol. We
decrypt attack provided a precise description of the building blocks
in order to guarantee accurate reproducibility of the
The LoRaWAN infrastucture from the development
test conditions.
kit was used as a test network. Being easily pro-
grammable, the FiPy was used to attack. The RTL- Furthermore, we validated our strategy by very
SDR dongle with LoRa decoder block was used to quickly implementing a theoretical attack on Lo-
monitor communications, understand the behavior RaWAN 1.0 (which has been fixed in LoRaWAN
of the devices and investigate in case of problems. 1.1). The theoretical results have been reproduced
and the estimations of the attack cost and complex-
Attack implementation This setup reimple-
ity were confirmed.
ments various radio tests on a LoRaWAN network.
In particular, it was possible to reimplement the re- The hybrid radio approach involving a ready-to-
play or decrypt attack on the LoRaWAN protocol use development kit, a progammable radio dongle
1.0 described in [4]. and a software defined radio has shown interesting
This attack leverages a nonce reuse (DevNonce) benefits in this case, combining the advantages of
in the handshake protocol between a device and the each platform while compensating for their draw-
network: The device sends a JoinRequest message backs.
and the network replies with a JoinAccept message. In particular, it provides an interesting frame-
After that, they both have shared cryptographic work to analyze the impacts of attacks on all lay-
material and can start sending data frames to each ers, such as jamming or intentional electromagnetic
other. The attack scenario is the following: the at- interference, and to test protocol stacks.
2
References [12] Renaud Lifchitz. Security review of LoRaWAN
networks. In Hardwear.io, The Hague, Nether-
[1] Lora-sdr, 2016. https://github.com/ lands, 2016.
myriadrf/LoRa-SDR.
[13] Microchip. Lora technology evaluation
[2] rtl-sdrangelove, 2016. https://github.com/ kit, 2018. https://www.microchip.
hexameron/rtl-sdrangelove. com/DevelopmentTools/ProductDetails/
DV164140-1.
[3] Emekcan Aras, Nicolas Small, Gowri Sankar
Ramachandran, Stéphane Delbruel, Wouter [14] Robert Miller. LoRa Security - Building a Se-
Joosen, and Danny Hughes. Selective Jam- cure LoRa Solution. Whitepaper, MWR Labs,
ming of LoRaWAN Using Commodity Hard- 2016.
ware. In Proceedings of the 14th EAI In-
[15] Robert Miller. LoRa the explorer: Attacking
ternational Conference on Mobile and Ubiq-
and Defending LoRa Systems. In Syscan 360
uitous Systems: Computing, Networking and
Singapore, Singapore, 2016.
Services, MobiQuitous 2017, pages 363–372,
New York, NY, USA, 2017. ACM. event-place: [16] Pieter Robyns. gr-lora, 2018. https://
Melbourne, VIC, Australia. github.com/rpp0/gr-lora.
[4] Gildas Avoine and Loı̈c Ferreira. Rescuing Lo- [17] Sébastien Roy. Lorawan: Déploiement
RaWAN 1.0. Technical Report 651, IACR, d’une infrastructure de test - partie
2017. 1/2. Guide technique, MISC Mag, 2018.
https://www.miscmag.com/lorawan-
[5] LoRa Alliance Technical Committee. Lo- deploiement-dune-infrastructure-de-
RaWAN 1.1 Specification, 2017. test-partie-1-2/.
[6] S. M. Danish, A. Nasir, H. K. Qureshi, A. B. [18] Sébastien Roy. Lorawan: Déploiement
Ashfaq, S. Mumtaz, and J. Rodriguez. Net- d’une infrastructure de test - partie
work Intrusion Detection System for Jamming 2/2. Guide technique, MISC Mag, 2018.
Attack in LoRaWAN Join Procedure. In 2018 https://www.miscmag.com/lorawan-
IEEE International Conference on Communi- deploiement-dune-infrastructure-de-
cations (ICC), pages 1–6, May 2018. test-partie-2-2/.
[7] S. M. Danish, H. K. Qureshi, and S. Jang- [19] S. Tomasin, S. Zulian, and L. Vangelista. Se-
sher. Jamming Attack Analysis of Wireless curity Analysis of LoRaWAN Join Procedure
Power Transfer on LoRaWAN Join Procedure. for Internet of Things Networks. In 2017
In 2018 IEEE Globecom Workshops (GC Wk- IEEE Wireless Communications and Network-
shps), pages 1–6, December 2018. ing Conference Workshops (WCNCW), pages
1–6, March 2017.
[8] Mohamed Eldefrawy, Ismail Butun, Nuno
Pereira, and Mikael Gidlund. Formal secu- [20] X. Yang, E. Karampatzakis, C. Doerr, and
rity analysis of lorawan. Computer Networks, F. Kuipers. Security Vulnerabilities in Lo-
148:328 – 339, 2019. RaWAN. In 2018 IEEE/ACM Third Inter-
national Conference on Internet-of-Things De-
[9] Matt Knight. gr-lora, 2016. https://github. sign and Implementation (IoTDI), pages 129–
com/BastilleResearch/gr-lora. 140, April 2018.
3
A 60GHz digital link with GNU Radio and USRP radios
H. Boeglen1
1
XLIM Laboratory, UMR CNRS 7252, Limoges, France
University of Poitiers
In this communication we present a 60 GHz radio link for Ettus USRP radios. The link is
built around dedicated integrated circuits from Analog Devices. The transmission chain is
validated with a 100Mbps OFDM system designed with GNU Radio.
Keywords: Millimeter wave communications, RF front-ends
References
[1] https://www.pcbway.com/
[2] https://ww2.minicircuits.com/homepage/
homepage.html
Abstract
We present a 802.11 infrared packet transmission system built around GNU Radio and homemade
infrared front-ends. The communication system is validated by a demonstration of audio transmission.
1
of IR technology, the link has to work in base-
band (OOK,L-PPM modulations). To comply with
this requirement, Ettus LFTX and LFRX daugh-
terboards have been selected as they allow com-
munications between 0 and 30MHz. The designed
Figure 1: IR PHY packet structure. TX IR front-end converts the LFTX board voltage
ranging between 0 and 3.3V to a 0-100mA current
into the IR LED thanks to a high speed video op
had to develop a MAC packet data unit (MPDU) amp. The role of the RX front-end is to convert
Parse block. This block is in charge of recovering the very low PIN photodiode current (in the order
the payload.The LLC sub-layer packets are then of 1uA) into a voltage value of around 1V. This is
aggregated in a frame compliant with the 802.11 accomplished by a special type of op amp called
IR PHY standard specification [2], shown in Fig.2. a transimpedance amplifier (TIA).The demonstra-
This is a starting point because this specification tion is made of two parts: first, we send a file from
is no longer present in the latest versions of the the IR transmitter and analyze the frame received
standard. One of our goals is to adapt it to the at the receiver side using Wireshark. Secondly, a
constraints of the ALC project. user directly speaks in a microphone connected to
the PC of the IR transmitter and it is possible to lis-
ten the sound recorded by the computer connected
to the IR receiver.
3 Front-ends & demonstration [2] Wireless LAN Medium Access Control (MAC)
and Physical Layer (PHY) Specifications p1491
The 802.11 PHY IR specification recommends data 2012.
rates of 1 Mbps and 2 Mbps. In a multi-user con-
[3] H Boeglen, Steve Joumessi-Demeffo, et al.. Op-
text, it is essential to have a high data rate to ensure
tical front-ends for USRP radios. French GNU
good communications of all users. For that pur-
Radio Days 2018, Jul 2018, Lyon, France.
pose, we designed RX and TX front-ends [3] hav-
ing a 10MHz bandwidth. Due to the constraints
2
Study of the use of a SDR Passive RaDAR for the
safe outdoor operation of an atmospheric LiDAR
F. Peyrin1 , J.-M. Friedt2
1
OPGC, UMS 833 CNRS, Univ. Clermont Auvergne, Aubière, France
2
FEMTO-ST, UMR 6174 CNRS, Univ. Franche-Comté, Besançon, France
March 28, 2019
Abstract
Our project aims to evaluate the potential of the Software Defined Radio technology associated to
GNU Radio ecosystem in order to propose new and pragmatic solutions when applied to scientists
needs, thus bridging the gap between engineering and research points of view. Here, we study the
ability for a passive RaDAR to detect aircrafts and allow safe operation of a LiDAR.
1 Introduction
The OPGC [1] is an Observatory of Earth Sciences
dedicated to Volcanology and Physical Meteorol-
ogy. Among instruments implemented, a LiDAR
helps to characterize the composition of the atmo-
sphere in aerosol particles.
The LiDAR activity requires compliance with in-
ternational air traffic regulation [2]. Due to strong
Laser emission, the potential ocular hazard for the
pilots must be cancelled by stopping the Laser emis-
sion while an aircraft is flying over the critical zone Figure 1: LiDAR location and critical zone.
of the LiDAR. Usually, air traffic safety is provided
by a X-band pulsed radar determining the presence
(position, altitude, speed) of any aircraft entering We used GNU Radio to acquire and save DVB-T
the vicinity of the LiDAR. signal (Fig. 2) echoed by the moving distant target.
On the one hand, a first alternative solution has
been developed based on acquiring and processing
ADS-B frames transmitted by the IFR aircrafts [3].
On the other hand, we also study and present here
the potential of a passive RaDAR solution based
on J.-M. Friedt previous work [4] using an existing
non-cooperative source.
Experimental setup involves the reception of echoes Then, using MATLAB (MatWorks), we post-
of the local Terrestrial Digital Video Broadcasting processed these data by autocorrelation to find the
(DVB-T) source reflected by cabin’s aircrafts. The transmitted signal, delayed in time, so shifted in
LiDAR and receiver are located (Fig.1) on the roof frequency by Doppler shift.
of the OPGC, 420 m above sea level, 4 km away
from the airport and 11 km from the Puy de Dôme,
1465 m asl., where is located the DVB-T emitter. 3 Results
The receiver hardware configuration was based
on a RTL-SDR USB stick that features the Realtek Several tests have been processed (available at [5]).
RTL2832U chipset and the R820T2 tuner specifi- Among these, a measurement at a bistatic distance
cally designed for use in SDR mode. We used this of 10 km (Fig.3), which is sufficient compared to the
broadband receiver coupled to a UHF yagi antenna critical zone, suggests the ability to detect aircraft
to acquire DVB-T broadcast at 482 MHz. flying up to ten thousand meters above our LiDAR.
1
be complementary for operational purpose if hard-
ware is upgraded and calculation time is lowered.
More generally, SDR implementation may also
be helpful for further Earth Science Experiments
driven at the OPGC, in particular when applied to
remote sensing instruments. For example, Software
Defined Radio could also be dedicated to passive or
active RaDAR concepts involved in characteriza-
tion of atmospheric clouds or volcanic ash plumes.
The main technical objectives are to improve the
ergonomics and the mobility of instruments on the
field, to improve the spatial and temporal resolu-
tions (size and movement of the targets), to reach a
greater modularity (emission-reception, directions,
frequencies ...), and to optimize the overall cost
Figure 3: Remote detection (a.u.) of the target, of development and maintenance of these new sys-
circled with red, at a bistatic distance of 10 km, i.e. tems. This ongoing study will be focused on free
an aircraft at a distance of 5 km in a configuration and open source ecosystem such as GNURadio.
where source, receiver and target are aligned.
References
The DVB-T emitter provides promising results
that need to be confirmed with a suitable hardware, [1] at http://wwwobs.univ-bpclermont.fr/
i.e. two synchronized receivers fed by directional
antennas, one pointing to the transmitter (reference [2] Doc 9815 AN / 447 2003 of the Inter-
signal) and an other one pointing to zenith to de- national Civil Aviation Organization, 2003
tect eventual mobile targets (surveillance channel). at https://www.skybrary.aero/bookshelf/
Separating the reference and monitoring channels books/3849.pdf
improves the signal-to-noise ratio and, more im- [3] Tests of the ADSB-SDR technique to detect
portantly, eliminates artifacts related to autocor- aircrafts - An alternative to radar solution
relations of signals due to multiple targets. for air traffic safety during Lidar activity,
The main limitation currently observed is the F. Peyrin et P. Freville, 2018 at https:
processing time of the acquired signals. In the ab- //www.researchgate.net/publication/
sence of any optimization (arbitrary choice of 221 329874059_Tests_of_the_ADSB-SDR_
processed points, for a Doppler shift analyzed by technique_to_detect_aircrafts_-_An_
steps of 5 Hz between -400 and +400 Hz), and alternative_to_radar_solution_for_air_
post-processing the acquired data with an inter- traffic_safety_during_Lidar_activity/
preted language (GNU / Octave), two minutes are
needed to process every second of recording. With- [4] RADAR passif par intercorrélation de sig-
out considering a processing shorter than the ac- naux acquis par deux récepteurs de télévision
quisition time, the main effort, in addition to the numérique terrestre, J.-M Friedt, 2018 at http:
experimental setup, must focus on the reduction //jmfriedt.free.fr/passive_radar.pdf
of this computation time, highly parallelizable and [5] RADAR passif pour la sécurité d’opération
optimizable in terms of choice of the parameters of d’un LiDAR, F. Peyrin et J.-M Friedt,
analysis. Towards the aim of real time processing, Experiment Findings, 2018 at https:
shifting part of the processing chain from general //www.researchgate.net/publication/
purpose Central Processing Units (CPUs) to FPGA 331929425_RADAR_passif_pour_la_
parallel computing units is being developed [6]. securite_d%27operation_d%27un_LiDAR/
[6] J.-M Friedt, W. Feng, S. Chrétien, G. Goavec-
4 Conclusion, Perspectives Merou, M. Sato, Passive radar for measuring
passive sensors: direct signal interference sup-
This study highlights the potential of the SDR con- pression on FPGA using orthogonal matching
cept in regard to our applications. While detecting pursuit, accepted SPIE Multimodal Sensing and
ADS-B with a dongle could already give an inex- Artificial Intelligence: Technologies and Appli-
pensive solution for air traffic safety during LiDAR cations (München, 2019)
activity, the passive RaDAR implementation could
2
Embedded GNU Radio running on Zynq/PlutoSDR
Abstract
GNU Radio has been ported to the buildroot environment and hence can be run on any plat-
form supported by this development framework, including the Zynq. We extend the frozen version
of buildroot used by Analog Devices (2018.02) to the BR2 EXTERNAL mechanism allowing to use the
latest release of buildroot and hence the latest added packages, including GNU Radio and associated
packages to run on the Zynq as found on the PlutoSDR. We demonstrate running the demodulation
scheme on the PlutoSDR itself, and streaming the resulting audio file, as well as providing custom
FPGA bitstream for embedded RF frontend processing.
1 Introduction
Current embedded platforms and associated elec-
tronics frontends exhibit on the one hand increasing
flexibility and on the other hand increasing embed-
ded computational power, with a bandwidth bot-
tleneck at the data transfer from one processing
unit to another. A demonstration of this evolu-
tion is Analog Device’s (ADI) PlutoSDR combin-
ing on a same board an AD9363 radiofrequency
frontend streaming digital data to the Zynq 7010
System on Chip providing both FPGA (PL) and
general computational (PS) functionalities on the Figure 1: Adding an audio interface to the Plu-
same chip. The resulting complex I/Q data are toSDR through EMIO driven by a PWM added to
then streamed to a personal computer through a the original bitstream. In this example, the PWM
USB connection for further processing. The archi- datapath is independent of the data stream com-
tecture provided by ADI, in which the Zynq is only ing from the AD9363 radiofrequency frontend pro-
used to collect the data and stream them to the viding the raw I/Q signals needed to demodulate
personal computer on the one hand restricts the a broadcast FM station and playing sound on the
available bandwidth due to the USB bus, and pre- headphones.
vents using fully the PS capability of the Zynq. In
order to run GNU Radio on the PS and take ad-
vantage of the processing power as well as the huge ded radiofrequency transceiver.
communication bandwidth between PL and PS, we
have ported the development framework provided 2 Experimental setup
by ADI to the BR2 EXTERNAL framework providing a
homogeneous, fully consistent development frame- ADI’s development framework provided at
work. Hence, the latest release of the buildroot github.com/analogdevicesinc/plutosdr-fw
framework shall be used on the embedded software, uses a Makefile configuration to run multiple
including the latest packages such as the necessary tools in order to generate all the files needed to
extensions to GNU Radio needed to collect data generate the embedded firmware. The kernel is
from the AD9363 and process such data on the compiled out of the buildroot environment, which
embedded board. Since the processing requiring is itself a version frozen at the time of the release.
most bandwidth is run on the PS, the resulting dec- While the generation of the image is functional, its
imated stream becomes consistent with USB band- long term evolution is dependent on porting the
width when streamed to the personal computer. updates to the current kernel to the latest Linux
In addition to providing the Buildroot frame- release. Furthermore, the version of buildroot is
work to add custom software, including GNU Radio frozen to a version not yet supporting GNU Radio.
blocks, to the PlutoSDR, we provide the ability to Various efforts aimed at leveraging the pro-
tune the bitstream configuring the Zynq PL with cessing power of the Zynq [1] include running a
custom processing blocks, such as a sound output, web server on the embedded target (github.com/
making the PlutoSDR a fully autonomous, embed- unixpunk/PlutoWeb) or updating the PL bitstream
1
github.com/timcardenuto/testPlutoSDR. All Beyond allowing for processing datastreams at
these projects still rely on the official ADI frame- the PS side of the Zynq, accessing the bitstream
work whose long term stability is questionable since generated to configure the PL allows for including
buildroot and the linux kernel will keep on evolv- basic preliminary processing steps at the FPGA
ing. In order to avoid freezing features of a given level. Fig. 3 exhibits the initial FPGA con-
buildroot release, we have extracted the mod- figuration provided by ADI to fetch data from
ifications brought by ADI to buildroot and in- the AD9363 and stream them to the PS memory
cluded them in an external branch designed to be through the AXI DMA interface. While the basic
merged with the latest buildroot release as provided design only includes FIR decimator and interpola-
through the BR2 EXTERNAL mechanism. tor blocks between the AD936{1,3} block and the
Furthermore, thanks to the availability of AXI DMA, any additional processing block com-
the PlutoSDR HDL firmware, a bitstream plying with the interfaces might be included to pre-
can be generated to configure the PL with process the data at the FPGA level, hence removing
custom functionalitites. We here promote the bandwidth limitation introduced by the PL to
the compatibility with the OscimpDigital PS communication.
PL/PS co-design framework as documented at
https://github.com/oscimp/oscimpDigital/
tree/master/doc/tutorials/plutosdr/.
3 Results
In order to demonstrate the embedded signal pro-
cessing using GNU Radio, we tune the AD9363
(whose configuration was updated [2] to match an
AD9364 to allow reaching the 100 MHz commer-
cial FM broadcast band) to a broadcast FM sta-
tion, stream the data to an embedded command- Figure 3: FPGA processing chain, from AD9363
line python script generated from GNU Radio Com- to PS memory through the Direct Memory Access
panion, and transfer the resulting audio stream (DMA) AXI stream, and collecting the AXI stream
to the personal computer through the ZeroMQ to feed the custom processing chain here made of
framework. The personal computer then sends the an NCO and a mixer to demonstrate an additional
stream to the sound card to assess the demodula- frequency transposition.
tion quality.
4 Conclusion
A fully functionnal extension to buildroot support-
ing the PlutoSDR to run embedded processing soft-
ware is proposed. All development files are released
at github.com/oscimp/PlutoSDR. The demon-
stration of the operational framework is achieved
by streaming the sound demodulated from the in-
coming commercial broadcast FM radiofrequency
signal onboard the Zynq processor.
References
Figure 2: Flowgraphs running on the Zynq tar-
get (bottom right) and on the host PC (top-right), [1] PlutoSDR: enable 2nd CPU core for better
streaming the FM signal demodulated on the PS of performance at www.reddit.com/r/RTLSDR/
the target (top-left) and using the host as a sound comments/7h2hh2/plutosdr_enable_2nd_
card. cpu_core_for_better/
Fig. 2 exhibits the flowcharts running on the [2] Updating to the AD9364 at wiki.analog.
embedded target and the host computer, as well as com/university/tools/pluto/users/
the resulting oscilloscope output. customizing
2
GNU Radio implementation for Multiuser Multi-Armed
Bandit learning algorithms in IoT networks
Julio Manco-Vasquez1 , and Christophe Moy2 , Faouzi Bader1
1
IETR / CentraleSupélec Campus de Rennes, F-35510 Cesson-Sévigné, France,
{JulioCesar.MancoVasquez, Faouzi.Bader} @CentraleSupelec.fr
2
Univ Rennes, CNRS, IETR - UMR 6164, F-35000, Rennes, France
[email protected]
Abstract
Novel access schemes based on multi-armed bandit (MAB) learning approaches has been proposed to support the
increasing number of devices in IoT networks. In the present work, a GNU radio framework is implemented to recreate
an IoT network where IoT devices embedding MAB algorithms are able to learn the availability of the channel for
their packet transmissions to the gateway. It allows to incorporate several IoT users recognized by an identifier (ID),
and provides a gateway to handle a large number of IDs as well as the packet collisions among IoT devices. The
experimental results show that the introduction of learning mechanism in access schemes can improve the performance
of the network.
1 Introduction
1
Figure 2: A data packet composed of a preamble, a field named
UP/DOWN, and a user ID given by six blocks of QPSK symbols,
Bk .
4 Conclusion
Figure 3: The GRC designs for the IoT device and the gate-
We have presented a GNU radio implementation that
way are described at the top and bottom of the figure, respectively.
The blocks corresponding to our framework are higlighted (in orange
recreates an IoT network for the evaluation of access poli-
boxes) within the flowgraphs.
cies based on reinforcement learning approaches. Our
framework introduces a packet structure to handle a large
threshold is applied to the number of times that a symbol number of IoT users that may incorporate MAB algo-
is received within each block Bk , so that a decision about rithms. Finally, the experimental results show that a UCB
the transmitted symbol is made. Hence a binary sequence approach improves the performance of the IoT user. Fur-
of 6 bits are obtained, and consequently a total of 64 users thermore, the modular design of the proposed framework
can be supported 2 . allows the evaluation of any novel access policy, as well as
the incorporation of other physical layers.
3 Results
References
We evaluate our demo in a scenario with a clear line of sight
(LOS) by placing two IoT users and a gateway, all of them [1] L. Besson, R. Bonnefoi, and C. Moy, “GNU Radio Im-
working at a carrier frequency of 433.5 MHz. Each IoT user plementation of MALIN: ”Multi-Armed bandits Learn-
embedding a UCB algorithm 3 is able to select among four ing for Internet-of-things Networks”,” in To appear in
frequency channels and transmit packets of roughly 0.5 sec- 2019 IEEE Wireless Communications and Networking
onds following a LoRa standar. In Fig. 3, the implemented Conference (WCNC), Apr. 2019.
GNU radio companion (GRC) designs are depicted, where
[2] R. Kumar, S. Darak, A. Sharma, and R. Tripathi,
2 The length of the fields can be adjusted to support more users. In
“Two-stage decision making policy for opportunistic
fact, our implementation allows to divide the blocks Bk into chunks
spectrum access and validation on USRP testbed,”
of symbols so as to convey more bits. Furthermore at higher sample
rates, more symbols per block Bk are available. Springer: Wireless Networks, vol. 24, pp. 1509–1523,
3 For a more detailed illustration of the implemented UCB algo- 2018.
rithm, the reader may refer to [1].
2
Framework for PHY-MAC layers Prototyping in
Dense IoT Networks using FIT/CorteXlab Testbed
Othmane Oubejja, Diane Duchemin, Matthieu Imbert, Leonardo S. Cardoso, Jean-Marie Gorce
Univ Lyon, INSA Lyon
Inria, CITI
F-69621 Villeurbanne, France
[email protected]
Abstract—In this paper we present an Internet-of-Things channel bandwidth, the emitted power and the waveform used
(IoT) network implementation developed as part of the project to communicate. The testbed is located in a large shielded
”Enhanced Physical Layer for Cellular IoT” (EPHYL) , using room which is partially covered with electromagnetic absorb-
FIT/CorteXlab radio testbed. The aim of our work is to provide
a customizable and open source design for IoT networks pro- ing foams. Conclusively, the design of the room enables to
totyping in a massive multi-user, synchronized and reproducible ensure a high level of reproducibility of experimentations.
environment thanks to the hardware and software capabilities of Last but not least, all SDR nodes are remotely accessible
the testbed. The massive access feature is managed by emulating through a service interface allowing to deploy proprietary
several sensors per radio nodes. Two categories of network software [1].
components are used in our design: a base station unit and
a multi-sensor emulator unit. The components are separately III. D ESIGN A RCHITECTURE
hosted in dedicated and remotely accessible radio nodes. Their
design features can be illustrated through a live demo, which is A. Overview
also reproducible as it is available for any interested reader.
Index Terms—IoT, FIT/CorteXlab, NB-IoT, Reproducibility, We started by investigating how we can deploy an IoT-like
LPWAN, Channel Emulation, Software Defined Radio network considering the testbed capabilities for SDR applica-
tions, therefore the objective was to choose then implement
I. I NTRODUCTION key features from NB-IoT systems [2]. Our approach was
to design two classes of nodes. The first class represents a
With the growing needs of rigorous and transparent sci-
Base Station (BS) and the second one a Multi-Sensor emulator
entific experimentation across many research fields, the im-
(MS). In this work, a Sensor is the actual resource user.
portance of reliable testbeds is only getting more crucial in
To ensure time and frequency synchronization, only USRP
order to validate scientific models and simulations. Among
nodes are used, since they are connected to 8-Channel Clock
these fields is wireless communication, and more particularly
Distribution modules. The wireless channels are the downlink
Internet-of-Things (IoT) which is a rapidly growing and chal-
Broadcast Channel (BCH) and the uplink, which is based on
lenging domain. However, one of the challenges is robust joint
a custom and simplified version of NB-IoT PHY layer [2] [3].
hardware/software prototyping that is still lacking due to var-
Fig.1 depicts the overall network structure.
ious reasons (e.g. synchronization, immutable implementation
solutions, unrealistic testing environment) especially for large RF Wireless Uplink Ethernet Downlink RF Wired Sync. link
scale experiments as required for IoT.
FIT/CorteXlab [1] radio testbed has the key properties
BS node
to develop an IoT network framework, remotely and freely
Octoclock
Data Ethernet
used to generate a wired downlink message to MS nodes. This PHY RX
formatting Downlink
message contains information about potential slots usage and
collisions as well as a decoding success score. This feedback
(To MS nodes)
can be used to improve the network usage by adapting the Fig. 3. EPHYL BS Node Block Diagram
access policy and/or PHY layer parameters.
Fig.2 illustrates a functional example of the network flow
MS Node i
during one frame, including one BS node and 3 emulated
Sensors running with different parameters. GNU Radio (Computer) USRP
Sensor M
Frame
....
....
RF state Tx Rx Tx … Sensor 3
IV. D EMONSTRATION
Fig. 2. Example Scenario with slot collision Conducting experiments in FIT/CorteXlab requires a basic
expertise. All required procedures are explained in the testbed
C. Nodes Description Wiki [4] through several tutorials. Furthermore, these latter
1) BS Node: The BS node is disciplined by its Scheduler and the present framework can be carried out by any person
which controls slots timing. On the one hand, the Sched- possessing a FIT/CorteXlab account, an Internet connection
uler triggers the Beacon Generator during the BCH, on the and a Unix Shell. All framework components of this work
other hand, it feeds the demodulation chain which starts are customizable and can be adjusted to users needs. The
with a Header-Payload Demultiplexer and consists of two proposed demo acts as an example to show the flexibility and
other chains. The first one is actually a loop and concerns the modularity of the design.
the header. The Channel Estimation block removes channel V. ACKNOWLEDGMENT
impairments by correlating the expected pilot sequence with
This work was supported by the French National Research Agency (ANR),
the received header. The second chain purpose is to extract the
under grant agreement ANR-16-CE25-0002 (EPHYL project). Experiments
payload, decode it, identify the emitters, count the decoded
presented in this paper were carried out using the FIT/CorteXlab testbed.
messages for each sensor, then broadcast the results in the
wired downlink feedback channel. R EFERENCES
2) MS Node: The MS node is composed of emulated [1] L. Cardoso, A. Massouri, B. Guillon, F. Hutu, G. Villemaud, T. Risset,
Sensor blocks which are connected to a complex adder. After J.M. Gorce, ”CorteXlab: A Cognitive Radio Testbed for Reproducible
the ”wake-up” state, each sensor generates its own packets and Experiments,”. in Proc. Wireless @ Virginia Tech Symposium, May
2014, Blacksburg, United States. 2014.
waits for the Sync block to trigger the local Scheduler as soon [2] Y. -. E. Wang et al., ”A Primer on 3GPP Narrowband Internet of Things,”
as a beacon is detected. The Access Policy block dictates to the in IEEE Communications Magazine, vol. 55, no. 3, pp. 117-123, March
Scheduler which shared slots to use based one the BS feedback 2017.
[3] X. Lin, A. Adhikary and Y. -. Eric Wang, ”Random Access Preamble
and modifies PHY parameters if needed. Then, the generated Design and Detection for 3GPP Narrowband IoT Systems,” in IEEE
waveform passes through a Channel Emulator which applies Wireless Communications Letters, vol. 5, no. 6, pp. 640-643, Dec. 2016.
arbitrary attenuation as well as timing and frequency offsets. [4] ”FIT/CorteXlab Wiki”. [Online]. Available: https://wiki.cortexlab.fr/.
[Accessed: 17- Dec- 2018].
(See Fig.4)
Hacking the DSMx Drone RC protocol
Cyrille Morin1 , Leonardo S. Cardoso1
1
Univ Lyon, Inria, INSA Lyon, CITI, France
Abstract
We present a decoder for a proprietary drone radio-control protocol, DSMx, implemented in GNU-
Radio. This decoder is able to detect a transmission, decode transmitted data, find and follow the
corresponding frequency jump sequence and identify the emitter by its manufacturing ID.
1
Figure 1: GNURadio flowgraph for DSMx detection, decoding, and FHSS channel sequence following
on a random radio channel and contains data de- To get these, the pairing frame can be listened
scribing the transmittter capabilities (RC channel to. This allows to demonstrate the capacity of the
number and protocol type) and, more importantly, USRP to follow the jump sequence over a known
the four ID bytes used in the jump sequence and transmitter.
the PN code selection.
4 Conclusion
3 Demo setup In this demonstration, we present a GNURadio im-
plementation of a system able to decode DSMx
This demonstration presents an implementation of data from an unknown transmitter with a partial
a DSMx decoder in GNURadio. identification of the transmitting radio chip. If the
The USRP listens to one channel at a time at transmitter is known, we can show that the SDR
2Msps. In the three following blocks, the quadra- hardware used is able to follow the protocol’s FHSS
ture demod with the binary slicer handle the GFSK jump sequence quickly enough and not lose frames.
demodulation and the Clock recovery does the syn- Further progress on the system depends on the dis-
chronisation. Then, we look for the preamble for covery of the exact CRC algorithm: It would allow
time synchronisation and use next three custom full transmitter identification and jump sequence
blocks for: packet isolation and PN code discov- computation for full data decoding, selective jam-
ery, data decoding, and frequency jump following ming of the concerned channels or emission of cus-
and GUI output. tom frames.
The implementation code and flowgraph are
available on GitHub at https://github.com/
lscardoso/gr-dsmx-rc.
References
Figure 2: Gui output of the system with current
RC channel values and computed jump sequence [1] Paparazzi. (2017) Paparazzi uav wiki. [Online].
Available: http://wiki.paparazziuav.org/wiki/
The codes used in each frame are based on the Main Page
value of the ID bytes, that we don’t know, but,
[2] Deviation. (2017) Custom firmware for walkera
with the selection algorithm and the radio channel
devo radios. [Online]. Available: https://
number known, it becomes simple to search for the
github.com/DeviationTX/deviation
SOP code in only seven possibilities, and with that
the PN codes can be extracted. So there is no need [3] J. Andersson. (2016) Attacking dsmx spread
to know anything about the transmitter to be able spectrum frequency hopping drone remote
to decode data. control with sdr. [Online]. Available: https://
If the algorithm was known, it would be possible pacsec.jp/psj16/PSJ2016 Andersson Hacking
to search over the space of 2 bytes to extract the DSMx with SDR PacSec 2016 English.pdf
two ID bytes that are not sent with each frame.
Those two bytes would allow for exact transmitter
identification and computation of the radio channel
jump sequence.
2
Author Index
Fang B., 7, 8
Ferrier A., 7, 8
Friedt Jean Michel, 26–29
Galland N, 7, 8
Givron Stéphane, 9, 10
Goavec-Merou Gwenhael, 28, 29
Goldner P., 7, 8
Gorce Jean Marie, 32, 33
Hengy S., 2, 3
Le Targat R., 7, 8
Lecoq Y., 7, 8
Lopes Esteves Jose, 19–21
Lucic N, 7, 8
36