Spectrum monitoring and source separation

Current software-defined radio systems enable transmission at nearly arbitrary frequencies, presenting the possibility of harmful interference to existing communication services when broadcasting over-the-air. The POWDER platform provides software radios whose output can be amplified and transmitted over-the-air. POWDER must include a spectrum monitoring system that can identify users who are transmitting outside allowed frequency bands to ensure wireless spectrum license holders do not experience harmful interference. Power amplifiers in the transmit signal path can create emissions at center frequency harmonics and other spurious emissions. A spectrum monitoring system, coupled with signal paths after all amplifiers in the transmit chain, can detect these emissions. However, incident radio frequency energy combines with the output signal, which is no longer buffered by the amplifier. Incident and transmitted signals must be separated and isolated. The monitor can then analyze the isolated transmitted signal for out-of-band energy. This thesis presents a system that can achieve isolation and identify users that broadcast out-of-band.

SPECTRUM MONITORING AND SOURCE SEPARATION by Boston Clark Terry A thesis submitted to the faculty of The University of Utah in partial fulfillment of the requirements for the degree of Master of Science Department of Electrical and Computer Engineering The University of Utah August 2021 Copyright © Boston Clark Terry 2021 All Rights Reserved The University of Utah Graduate School STATEMENT OF THESIS APPROVAL The thesis of Boston Clark Terry has been approved by the following supervisory committee members: , Chair 04/23/2021 Sneha Kumar Kasera , Member 04/23/2021 Jacobus (Kobus) Van Der Merwe , Member 04/23/2021 Neal Patwari and by Florian Solzbacher the Department/College/School of Date Approved Date Approved Date Approved , Chair/Dean of Electrical and Computer Engineering and by David B. Kieda, Dean of The Graduate School. ABSTRACT Current software-defined radio systems enable transmission at nearly arbitrary frequencies, presenting the possibility of harmful interference to existing communication services when broadcasting over-the-air. The POWDER platform provides software radios whose output can be amplified and transmitted over-the-air. POWDER must include a spectrum monitoring system that can identify users who are transmitting outside allowed frequency bands to ensure wireless spectrum license holders do not experience harmful interference. Power amplifiers in the transmit signal path can create emissions at center frequency harmonics and other spurious emissions. A spectrum monitoring system, coupled with signal paths after all amplifiers in the transmit chain, can detect these emissions. However, incident radio frequency energy combines with the output signal, which is no longer buffered by the amplifier. Incident and transmitted signals must be separated and isolated. The monitor can then analyze the isolated transmitted signal for out-of-band energy. This thesis presents a system that can achieve isolation and identify users that broadcast out-of-band. For Brooke, Oliver, and Isla TABLE OF CONTENTS ABSTRACT....................................................................................................................... iii LIST OF TABLES ............................................................................................................ vii LIST OF FIGURES ......................................................................................................... viii NOTATION AND SYMBOLS ......................................................................................... xi Chapters 1. INTRODUCTION .......................................................................................................... 1 1.1 Objectives ............................................................................................................ 2 1.2 Outline.................................................................................................................. 3 1.3 Background .......................................................................................................... 4 1.3.1 Software-Defined Radios ......................................................................... 8 1.3.2 Hardware for FDM in SDRs .................................................................. 10 1.3.3 Spectrum Monitoring and POWDER .................................................... 13 1.3.4 Directional Couplers and Signal Mixing ............................................... 14 2. RELATED WORK ....................................................................................................... 20 2.1 Spectrum Sensing............................................................................................... 20 2.2 Spectrum Monitoring Systems........................................................................... 22 2.3 Source Separation .............................................................................................. 24 3. SPECTRUM MONITORING ....................................................................................... 27 3.1 POWDER ........................................................................................................... 27 3.2 Hardware ............................................................................................................ 31 3.3 Software ............................................................................................................. 35 4. SOURCE SEPARATION ............................................................................................. 54 4.1 Source Mixing Model ........................................................................................ 55 4.2 Estimating Mixing Matrices .............................................................................. 57 5. RESULTS AND FUTURE WORK .............................................................................. 65 REFERENCES ................................................................................................................. 75 vi LIST OF TABLES Tables 3.1 Anticipated frequency ranges available to POWDER users. ...................................... 41 3.2 Performance of the monitor under various loads... ..................................................... 50 5.1 Averaged isolation values in dB ................................................................................. 73 LIST OF FIGURES Figures 1.1 A hardware block diagram of the USRP B210 used in POWDER for spectrum monitoring. Green boxes represent digital, programmable components. During transmission, signals flow from left to right ..................................................................... 17 1.2 A block diagram of the front-end of a direct conversion receiver. BPF is a band pass filter used to reject out-of-band energy. LNA is a low-noise amplifier, which is capable of properly amplifying a very lower power signal. LO is a local oscillator used to mix the pass band signal down to baseband, centered at 0 Hz. The LO has an in-phase and 90 degrees out of phase (quadrature) component. LPF is a low pass filter used to remove aliasing and other mixing components. Finally, ADC is an analog to digital converter that digitizes the base band, filtered signal. Further processing will be done in a digital computer ........................................................................................................................... 18 1.3 A diagram of the monitor system. The experimental SDR is used by experimenters to transmit out of the antenna or to receive signals from the antenna. A dedicated monitor SDR samples the spectrum from the directional coupler outputs ..................................... 19 3.1 POWDER is a city scale wireless and mobile testbed. The red lines indicate approximate coverage area in the Salt Lake Valley.......................................................... 40 3.2 Hardware components of a POWDER base station. Four USRP radios are available to users. A fifth USRP B210 is used for monitoring. ........................................................... 42 3.3 Hardware components of a POWDER fixed endpoint. Two USRP B210s are available to users. A third USRP B210 is used for monitoring ........................................................ 43 3.4 A diagram of the whole monitoring system. As part of the experimental setup, a user specifies the frequency band they intend to use. The monitor daemon continually monitors spectrum of every experimenter and reports it back to a central server, the controller. The controller compares spectrum measurements computed by the daemon with a database containing FCC allowable spectral parameters which are specific to each frequency band. The controller can remotely shutdown an experiment if needed. .......... 44 3.5 Hardware components of the monitoring system ....................................................... 45 3.6 B210 block diagram. Exterior blue blocks represent hardware components.............. 46 Inside the FPGA block, all blocks represent HDL constructs. The B200 and B210 HDL constructs are only different in that the B210 has two radio cores. .................................. 46 3.7 Re-tune elapsed time histogram .................................................................................. 47 3.8 The directional coupler system. The left image shows a discrete four port coupler schematic. The center image shows four couplers on the same front-end board. The right image shows a labeled diagram of each of the ports. ....................................................... 48 3.9 Software architecture of the monitor. ......................................................................... 49 3.10 Calibration hardware is setup with multiple experimental SDRs under test. All compute nodes controlling the SDRs are connected via a TCP/IP network. Software running on the monitor compute node turns each experimental on and off, at the correct frequency, as needed. The monitor records spectrum measurements over each frequency band ................................................................................................................................... 51 3.11 Calibration software consists of multiple distributed applications. The monitor compute node runs a calibration client, which provides control over the whole system. Each of the experimental nodes and the incident node run calibration servers. These provide RPC methods to the client that control a device object. ...................................... 52 3.12 A monitor calibration timing diagram for one broadcast. The left side represent the RX client. The right side represents some TX server. Synchronized system times and parameterized duration values helped ensure that timing requirements were met. .......... 53 4.1 A diagram of monitor shown again for reference. The primary goal of this chapter is to develop the theory and practice of separating signals X and Y, which are linearly mixed in the coupler and received at R1 and R2. ............................................................. 60 4.2 Two examples of spurious emissions. The top image shows a tone at 2370 MHz and various related spurious tones. This signal was generated by broadcasting a tone near the saturation region of the power amplifier. Lowering the power slightly would cause the spurs to disappear. The second peak largest tone is centered on a multiple of the sample rate away from the main tone at 2400.72 MHz. The bottom image shows a primary tone at 2400 MHz and many smaller tones. Again, this is evidence of nonlinear amplifier emissions that would disappear when power is reduced. Here, the receiver is most likely clipping and any inherent isolation between channel 1 and channel 2 is lost................... 61 4.3 Initial estimates of the absolute value of a1 over 6 GHz of spectrum. Each line represents an estimate at a different bin at the given center frequency. The x axis is an index into the list of the center frequencies. The droop around index 65 is between 2 and 3 GHz. The lowest blue lines are likely outliers. In general, significant variability exists as shown by the height of the band of values at each center frequency. Each point on the X axis represents 30.72 MHz of spectrum divided into 60 kHz bins ............................... 62 ix 4.4 Maximum length sequence (MLS) was modified to make the sequence periodic with a period that is a power of two. Top: MLS of length N − 1. Bottom: MLS of length N, with minimal spectral disruption. The bottom graph is periodic with the length of the FFT and is suitable for use in averaging. .................................................................................. 63 4.5 Received MLS seqeuence. Periodic with period N, same as FFT. Top graph is all 512 samples, bottom graph is first 128 samples zoom. We can see that very little time-domain variation occurs. Averaging should give large boosts in SNR ......................................... 64 5.1 Top: A sweep of 6 GHz spectrum using the monitor system. Harmonics are seen at multiples of the center frequency. Bottom: Another sweep of 6 GHz spectrum but with power slightly reduced so that the harmonics mostly disappear. Some spurs still are seen at low frequencies and some do not diminish with decreasing power. Their origin is still under investigation. ........................................................................................................... 71 5.2 A wideband MLS signal received on channel 1 and 2 then isolated by de-mixing. This figure shows spectral measurements when Y is the MLS and X is zero. Due to reflections, energy from Y shows up on chan 1, which is R2. Increasing the isolation causes this energy to be suppressed. Increasing isolation due to better calibration, better isolation algorithms, or better directional couplers will cause the difference between R1 and R2 to increase. The average distance between R1 and R2 when an MLS is used provides a good measure of performance ......................................................................... 72 5.3 Two wideband MLS signals transmitted simultaneously by the experimental transmitter and the incident transmitter. The incident waveform is centered just below 2.485 GHz and the transmitted signal is centered at 2.510 GHz. The incident signal shows at a lower power on channel two and a higher power on channel one, clearly indicating that it is an external signal. The experimental signal is shown having higher power on channel one and lower power on channel two clearly indicating that it is an experimenter’s signal. ....................................................................................................... 74 x NOTATION AND SYMBOLS 𝑥(𝑡) A continuous time-domain signal 𝑥(𝑛) A discrete time-domain signal 𝑋(𝑓) A continuous frequency-domain signal 𝑋(𝑘) A discrete frequency-domain signal 𝑿 A matrix or vector 𝑿−1 The matrix inverse of 𝑿 𝑿(𝑘) A matrix function of 𝑘 CHAPTER 1 INTRODUCTION As the wireless spectrum has become more crowded with transmitters, wireless systems have had to be improved to better take advantage of the limited spectrum to which they have access. Communication system designers work to maximize spectral efficiency where more information is sent per Hertz. Naturally, the gains to be made in efficiency have an upper limit, and therefore, additional improvement of throughput requires a broader spectral bandwidth. One possible solution is to share the available spectrum among multiple independent systems. If some band of spectrum is unoccupied, another user should be able to occupy the spectrum. This solution requires a variety of technological improvements. Much research has been applied to understanding improvements that must be made, some of which are outlined here. The POWDER platform enables research into next-generation wireless systems. POWDER offers users a limited amount of spectrum and programmable wireless and networking infrastructure. Improvements can be developed and advanced within POWDER. The POWDER system is located on the University of Utah campus and in the Salt Lake City downtown region. POWDER users must not interfere with other users experiments and with existing wireless users, including mobile telecommunications providers. The research outlined in this thesis aims to explore a system within the 2 POWDER framework that enables users to know when they are broadcasting in a prohibited frequency band and to prevent malicious users from continuing to broadcast in prohibited frequency bands. By designing such a system, issues relating to spectrum sharing and spectrum monitoring can be better understood. Mobile telecommunication providers and wireless infrastructure owners want to monitor their spectrum usage. Hence this work provides broad applicability, even though this design is specific to the POWDER system. 1.1 Objectives To better understand the issues involved in spectrum monitoring and sharing, this thesis covers the background of software radios and the POWDER system. It describes the problem of spectrum monitoring and why it is necessary for an advanced wireless testbed. The primary research objectives pursued included (1) a better understanding of the radiofrequency front ends used in POWDER and their role in adding spurious emissions that a user might not expect; (2) design of a spectrum monitoring system that could detect spurious emissions; (3) a better understanding of the issues of the spectrum monitoring system and its limitations. The novel spectrum monitoring system outlined in this thesis has many limitations. However, it aims to provide a useful starting point for other researchers and designers implementing their spectrum monitoring systems. The POWDER platform provides a nearly unique opportunity to explore difficulties involved with designing a spectrum monitoring system. Few other similar platforms exist yet. 3 1.2 Outline This thesis covers some helpful background material. First, spectrum sharing is discussed. Then, software-defined radio systems are introduced. The limitations and advantages of these systems are outlined. Following that, typical hardware components of a software-defined radio and their relation to spectral effects are introduced. In the next section, the POWDER platform is introduced. In the last section of Chapter 1, the spectral monitoring system is detailed. In Chapter 2, a systematic review of related work is detailed. In general, related works are among the categories of general spectrum sensing, advanced and specialized techniques in spectrum sensing, source separation and isolation, and other spectrum monitoring systems. General spectrum sensing includes techniques like energy detection and model-based approaches. These are standard methods that have been in use for sometimes decades and yet are still highly applicable. Advanced and specialized techniques include deep learning-based approaches, cooperative spectrum sensing, and others. Source separation is essential for signal isolation. The design outlined in this thesis relies on source separation before spectrum sensing can be applied. Finally, other spectrum monitoring systems, which are systems that use spectrum sensing, exist. Some of these are briefly discussed. In Chapter 3, spectrum monitoring and the POWDER platform is covered in detail. The software and hardware components involved in the designed spectrum monitoring system are discussed. The system-level design of a spectrum monitoring system involves many sub-components. Each of which is explored in more detail. The limitations and advantages of the hardware and software architecture chosen are discussed. 4 In Chapter 4, particular attention is paid to the design and analysis of the signal isolation algorithm. Experimental results are shown. Because of the importance of signal isolation, careful analysis of a source separation algorithm is reviewed. Signal models are derived, and an algorithm used with that model is shown. A detailed discussion of model calibration follows. In Chapter 5, results are discussed, and general conclusions made. The algorithm is shown to improve isolation leading to more confident spectrum sensing. General and specific limitations of the system are discussed. Finally, future works are explored. 1.3 Background Wireless communication systems allow data to be transmitted using electromagnetic waves broadcast over-the-air. In contrast with wired communication systems, the air is a shared medium. Two wireless transmitters transmitting at the same time can cause neither to communicate successfully. To facilitate sharing, a number of mechanisms are used. One of the most widely used mechanisms is to require each transmitter to only emit energy in a specific frequency band. Receivers can implement front-end filters that reject energy from any other frequency band. Commercial cell services pay large sums of money to have exclusive access to a frequency band. Within that band, other medium sharing mechanisms may be used, but they require more complicated modulation schemes, such as with code-division multiplexing; or more complicated synchronization, such as with time-division multiplexing. Many different entities use the wireless spectrum. Commercial cellular carriers provide data and voice services. Military operators use it for radar and communications. 5 These entities typically have exclusive access, which is regulated in the United States by the FCC [9]. The FCC has also set aside some spectrum for general purpose or scientific use. Restrictions exist, but generally, anyone can use these bands. IEEE 802.11 (Wi-Fi), Bluetooth, medical devices and other commercial products exist here and must take extra care to not interfere with other users. Broadly speaking, synchronization and coordination between frequency bands among different entities is difficult and so typically only frequency division multiplexing is used between entities. Frequency division multiplexing requires the data signal to occupy a frequency band that is typically much higher than the data signals own spectrum. A wireless transmitter mixes the data signal to be broadcast, 𝑠(𝑡), with a local oscillator (LO) up to a higher frequency by multiplying 𝑠(𝑡) with a high frequency sinusoid generated by the LO at a frequency 𝑓𝑐 , called the center frequency. For example, some data signal occupies 10 MHz at baseband (centered at 0 Hz), which is mixed by an LO operating at 1700 MHz. The signal broadcaster has exclusive access from 1695 MHz to 1710 MHz. This user does not interfere with any other spectrum user outside this band, assuming analog components in the transmit signal path do not generate energy outside of the original 10 MHz. Only some of the available spectrum is useful for wireless communications. As frequency increases, attenuation of the electromagnetic waves also increases. The relationship between attenuation and frequency is complicated, but generally, very high frequencies are not usable unless in space or with a clear line of sight. As such, most commercial, terrestrial cell carriers currently use sub-6 GHz frequency bands. Additionally, very low frequencies are not useful for most applications. Wavelength is inversely proportional to frequency, and so antennas, which are often designed to be half 6 the wavelength of the carrier signal, become too large to be realistic. Finally, as described by the Shannon-Hartley theorem, the maximum amount of information that can be transmitted over a real channel is limited by the bandwidth. If a signal uses more of the available spectrum, more information can be transmitted per unit time. More precisely, the channel capacity, C, which is the amount of information that can be transmitted per unit time is proportional to the bandwidth. 𝑆 𝐶 = 𝐵 log 2 (1 + ) 𝑁 𝐵 is the bandwidth in Hertz, and 𝑆/𝑁 is the signal power to noise power ratio. The two knobs that can be turned to increase data rates are increasing the signal power, thus increasing the signal to noise ratio; and increasing the bandwidth of the data signal. Signal power is often limited in urban environments for safety reasons, however. As increasing numbers of devices connect wirelessly to the internet, the spectrum will continue to become more crowded. The available useful spectrum is very scarce already. The wireless spectrum is used for a variety of other purposes besides commercial cellular communication. In the United States, much of the spectrum owned by the government is reserved for the military. Handheld communications, satellite network backbones, radar, and many other military communication services rely on exclusive access to the spectrum. Other government services also need exclusive access, including emergency, law enforcement, and transportation agencies. The spectrum that is not used by the US government is then sold by auction to commercial companies. Commercial wireless cell providers pay vast sums of money for spectrum licenses. Billions of dollars have been raised by the FCC since 1994 when the FCC started conducting auctions. Another approach to spectrum crowding is to switch to much higher frequency 7 bands. Attenuation on earth at frequencies above 6 GHz rapidly increases with increasing frequency. Unlike sub-6 GHz signals, these cannot, generally, pass through walls. For a commercial cell provider to use these higher frequencies, much of their hardware needs to be modified or replaced. Fifth generation (5G) networks plan to use so-called small cells, which are lower power, widely installed cell stations. Some reserved spectrum may very rarely be used. For example, a large amount of spectrum is reserved for the US navy for radar. However, far enough away from the coast inland, radar is used infrequently. New projects by the FCC and others aim to open up availability for commercial services to use this spectrum. In this case, the Navy is called the primary user (PU) and still has priority access to the spectrum. If at an instant in time, they are not using it, secondary users, may broadcast for a specified length of time before sensing for the primary user again. Spectrum Access Systems (SAS) is one such program that opens up the 3.5-3.7 GHz spectrum [10]. Because of extensive crowding of the wireless spectrum, many agencies, including government and commercial entities, are very protective of their spectrum licenses. Strong federal laws exist that protect these agencies against spectrum offenders, which are operators that intentionally or unintentionally broadcast at frequencies that where they do not have an appropriate license. As the growth of the telecom industry continues, commercial providers and government agencies look for new methods for protecting their licenses and developing cognitive radio technology. 8 1.3.1 Software-Defined Radios Conventional wireless transceivers (radios) were designed to operate over a fixed band of frequencies. A current trend in radio design allows for much higher configurability. In particular, the idea that radios can be designed to take advantage of available resources dynamically has been thought of as a solution to the spectrum crowding problem [2]. Spectral resources are generally becoming scarcer as more technologies come to rely on wireless communication. Rather than having a fixed set of channels available, a radio may monitor the spectrum and adjust internal parameters to move center frequencies to an open or less-used channel. This trend of greater and greater configurability and dynamic control has led to radios that are mostly software-controlled. These systems are called softwaredefined radios (SDRs). SDRs design moves much of the signal processing into software, where before all signal processing was done in fixed digital hardware, such as a digital integrated circuit, or analog hardware. Generally, software development is faster and less expensive than hardware development. With software, open-source libraries are more easily found and adapted. The software can usually be ported to other hardware platforms with few issues. Software engineering principles are applicable in many domains, whereas digital engineering tends to be much more specialized. Many programming languages allow for high levels of abstraction that make it easier for non-specialists to work on some parts of the design. Abstraction, as a principle of sound software engineering, generally produces better software. Hardware description languages such as VHDL have improved hardware development times, mainly when used with field-programmable gate arrays (FPGAs), however. 9 Another benefit of software is that it is highly and quickly adaptable. Software has been successfully used to control other domains where hardware control formerly dominated (such as networking), particularly where a high amount of configurability is required [23]. New algorithms and waveforms can be added to software radio platforms remotely. When a radio is deployed to a remote location, such as on a mountain-top or in geosynchronous orbit, remote updates are the only way to add new features or improve performance. SDRs that could automatically transmit and opportunistically receive have been called cognitive radios. These radios can adjust radio frequency parameters and waveform properties so that they do not interfere with existing users. They have sensitive and accurate sensors so that they know when to stop transmitting. They are often able to change frequencies within a band, or even transmit at low power so that they operate at the same frequency but without interference. Software radios have only recently become relatively mainstream. One such platform that has found broad usage is the universal software radio peripheral (USRP) made by Ettus Research. The USRP is currently the industry dominant SDR platform [13]. In the USRP, digital samples are produced in real-time on a general-purpose computer and then transmitted over the wire to a software-controlled RF front-end as shown in Figure 1.1. The center frequency, sample rate, and filter bandwidth are just a few of the parameters that can be set dynamically. Multiple different USRP products exist. USRPs are a core component of the POWDER platform, and thus their design is used as a stand-in for the design of general software-defined radios. While other SDR products exist and vary in their abilities, most work in the same general way. An analysis of one SDR allows a study of general SDRs in more depth. 10 In the POWDER platform, the USRP B210 is used to monitor energy over a wide band of frequencies. Figure 1.1 shows the block diagram of the hardware components in a B210. The green blocks represent programmable, digital components. The B210 provides a USB 3.0 interface for sending and receiving digital samples at rates of up to 5 Gbps. The B210 has a field-programmable gate array (FPGA) used for digital signal processing (DSP) of both in-phase (I) and quadrature (Q) data in parallel. An AD9361 radio frequency integrated chip (RFIC) is used to amplify and mix the digital samples up to a chosen center frequency. Two channels are available for both transmit and receive. For monitoring, only the receive capability is used. Both channels can receive simultaneously at rates of up to 30.72 mega samples per second (MSps). A software library such as GNU Radio or UHD (USRP hardware driver) provides frameworks for generating samples to be sent, and for controlling the B210 over USB. GNU Radio provides pre-built blocks for performing modulation and demodulation, forward error correction (FEC) coding and decoding, equalization, resampling, level control, timing and carrier acquisition and tracking, and many digital signal processing techniques. It also includes pre-built blocks for IP networking and other lower-layer protocols. Using GNU radio blocks with an SDR, complete communication systems can be designed. In one such example by Bastian Bloessel, an 802.11 a/g/p transceiver was implemented [7]. 1.3.2 Hardware for FDM in SDRs Radio hardware can be made simpler by using a direct-conversion (DC) architecture, as shown in Figure 1.2 [31]. This architecture is pervasive in software-defined 11 radios. With direct conversion architectures, the signal is directly converted from the passband to the baseband frequencies and vice-versa. Other architectures like superheterodyne, use two stages. When transmitting, the signal is first mixed to a higher intermediate frequency and then to the final passband broadcast frequency. When receiving, the signal is mixed down in two stages, too. The direct conversion receiver is prevalent in software radios for a few reasons. One is that analog hardware is more straightforward. Fewer components are needed overall [22] compared to a multiple stage architecture. Modern radio frequency integrated circuits (RFICs), such as the popular Analog Devices AD9361, can implement an entire DC architecture front-end on a single chip. The following signal model shows some of the mathematical equations relevant in direct conversion. If 𝑥(𝑡) is the data signal to be sent, it is first broken into two parts, 𝑥𝑖 (𝑡) and 𝑥𝑞 (𝑡). These are the in-phase and quadrature components. It must then be mixed up to the pass band frequency,𝑓𝑐 . 𝑥𝑝𝑏 (𝑡) = 𝑥𝑖 (𝑡) cos(2𝜋𝑓𝑐 𝑡) + 𝑥𝑞 (𝑡) sin(2𝜋𝑓𝑐 𝑡) This produces a copy of 𝑥(𝑡) at +𝑓𝑐 and −𝑓𝑐 . The signal is broadcast and then picked up at the receiver. The receiver front-end has an analog band pass filter (BPF) that removes out-of-band energy, including spurious emissions from the transmitter mixing process. It is then amplified by a low-noise amplifier (LNA). The receiver’s oscillator then mixes the signal back down to base band and into its in-phase and quadrature components: 𝑥𝑏𝑏,𝑖 (𝑡) = 𝑥𝑝𝑏 (𝑡) cos(2𝜋𝑓𝑐 𝑡) 𝑥𝑏𝑏,𝑞 (𝑡) = 𝑥𝑝𝑏 (𝑡) sin(2𝜋𝑓𝑐 𝑡) Low pass filters (LPF) remove down-conversion products and apply anti-aliasing before 12 final digitization by the analog-to-digital converters (ADCs). Some of the functions above are relatively simple mathematical calculations and can be done digitally. Frequency conversion could be done in the digital computer instead of by analog hardware. However, most analog-to-digital converters cannot sample at high enough rates to digitize signals at high frequencies. Often, in SDRs, high frequencies filtering and mixing are done in the analog domain, and everything else is done in the digital domain. Fine-frequency tuning, as well as resampling, are frequently the first operations performed after digitization. For optimal demodulation of the baseband signal, the baseband spectrum must be centered as close to 0 Hz as possible. Digital fine-frequency conversion is responsible for this function. Resampling is performed to get the digital signal to a rate that is appropriate for further baseband processing. Commonly, with software radios, the center frequency can be changed. Changing the center frequency makes transmission possible at a wide variety of frequency bands. The center frequency is controlled by the local oscillator (LO), which is a component that produces a stable signal at a constant frequency. Changing the center frequency requires changing the frequency of the LO. Changing the frequency of the LO is often done with a phase-locked loop (PLL). These are negative feedback devices that can lock to a frequency. A center frequency can be specified with software. A command is sent from the computer to the digital components that control the PLL to set it to the appropriate frequency. After a short duration, the PLL becomes locked, and the frequency becomes stable. Another important analog component that is discussed more in-depth later is the directional coupler. Couplers are devices used to extract a portion of a signal traveling through it. Directional couplers attenuate signals traveling in the reverse direction more 13 heavily. The extracted signal is not present at the main output of the coupler. For monitoring a signal without interfering heavily, the extracted component is usually strongly attenuated. Twenty to thirty decibels of attenuation are common. 1.3.3 Spectrum Monitoring and POWDER The Platform for Open Wireless Data-driven Experimental Research (POWDER) is part of the Platforms for Advanced Wireless Research (PAWR) program. Development of POWDER is being done by the Flux research group at the University of Utah and takes place over a few years. The goal is to provide a testbed for researchers investigating next generation wireless systems and mobile networks, including 5G [14]. The testbed consists of base stations and endpoints placed around the University of Utah campus and Salt Lake City downtown. Each base station and endpoint have multiple software-defined radios and antennas. Some endpoints are mounted on mobile carriers such as buses. Users of POWDER create a project that is approved by the POWDER team and can then request resources. Resources are leased for a limited time to users, during which full administrative access is provided to the user. When requesting resources from POWDER, users indicate which frequency band they intend to transmit on and how much bandwidth they intend to use. The POWDER testbed checks this request against a database of allowed frequency bands. Users can transmit in the unlicensed bands and potentially shared bands such as CBRS at 3.5 GHz [17]. Once in control of the radios, users have the potential to generate RF emissions in any band the radio supports (currently 70 MHz to 6 GHz). Both intentional and accidental misuse of spectrum resources can cause service degradation for existing telecom services. 14 Spectrum power monitoring is needed to ensure fair and legal access. Monitoring of the output of the software-defined radio itself is not sufficient to ensure proper use. Signals emitted by the radio pass through a power amplifier before being transmitted over-the-air. The power amplifier is based on solid-state semiconductor technology and can potentially produce spurious emissions [35]. These include harmonics of the center frequency, intermodulation products, parasitics, and other frequency conversion products. These emissions have the potential to cause significant interference. The generation of digital samples for the SDR can be highly compute intensive. Any kind of monitoring system must run independently on a dedicated system and monitor intentional transmissions as well as spurious emissions 1.3.4 Directional Couplers and Signal Mixing The monitor model shown in Figure 1.3 will be designed and implemented for each POWDER endpoint and base station. Users have access to an experimental SDR, whose output is amplified by a power amplifier (PA) and then output at an antenna. Directional couplers see a copy of the signal going to the antenna at a lower power level, but do not affect the signal sent by the user. To the user, the monitor is undetectable. The monitor receives on two channels simultaneously at R1 and R2. These receive a combination of the output signal X and any incident signal Y originating in the external environment and picked up by the antenna. The directional couplers help separate the incident and transmitted signals due to their directionality. Due to imperfect impedance matching between the PA, the couplers, and the antenna, reflections will occur in both directions. In particular, the transmitted signal will 15 be reflected off the antenna and incident signals will be reflected off of the PA. Any further reflections will not be considered as a simplification. The model for the received signal then is, 𝑅1 = 𝑎1 𝑋 + 𝑎2 𝑌 + 𝑎3 𝑋 + 𝑎4 𝑌 (1.1) 𝑅2 = 𝑎5 𝑋 + 𝑎6 𝑌 + 𝑎7 𝑋 + 𝑎8 𝑌 (1.2) The coefficients 𝑎1 , 𝑎2 , … , 𝑎8 are complex values and represent the attenuation by couplers and reflection, and the phase offset due to the length of the transmission lines and the reflections. Here 𝑎1 represents the attenuation and phase offset applied to 𝑋 as it reflects of the antenna and is received at 𝑅1 . It is attenuated by approximately 23 dB. Of that 23 dB, 3 dB comes from reflection off the antenna, and 20 dB from going through the forward direction of the coupler. 𝑎2 is the signal 𝑌 directly from the antenna and attenuated by 20 dB through the forward direction of the coupler. 𝑎3 represents the attenuation applied to 𝑋, not reflected, going through the reverse direction of the coupler and is approximately 30 dB. Finally, 𝑎4 is the attenuation of 𝑌, reflected off the PA losing 3 dB and an additional 30 dB by going through the reverse direction of the coupler. This relationship is similar but not the same for 𝑅2 . A critical goal of this project is to isolate 𝑋. 𝑋 is the signal that is actually being transmitted by the user and will disappear if the user’s experiment is shut down. If all the coefficients, 𝑎1 , 𝑎2 , … , 𝑎8 , were known, it would be possible to solve for 𝑋 since 𝑅1 and 𝑅2 are linear combinations of 𝑋 and 𝑌. The model can be simplified somewhat without loss of accuracy. Since 𝑎1 , 𝑎2 , … , 𝑎8 are complex coefficients, they can be combined. 𝑅1 = 𝑎1 𝑋 + 𝑎2 𝑌 + 𝑎3 𝑋 + 𝑎4 𝑌 𝑅1 = (𝑎1 + 𝑎3 )𝑋 + (𝑎2 + 𝑎4 )𝑌 16 𝑅1 = 𝑎𝑋 + 𝑐𝑌 𝑅2 = 𝑎5 𝑋 + 𝑎6 𝑌 + 𝑎7 𝑋 + 𝑎8 𝑌 𝑅2 = (𝑎5 + 𝑎7 )𝑋 + (𝑎6 + 𝑎8 )𝑌 𝑅2 = 𝑏𝑋 + 𝑑𝑌 Vector notation will be used going forward to simplify the expressions. 𝑅 𝑎 [ 1] = [ 𝑏 𝑅2 𝑐 𝑋 ][ ] 𝑑 𝑌 (1.3) To get 𝑋, take the inverse of the coefficient matrix and left-multiply by 𝑅1 and 𝑅2 . 𝑎 [ 𝑏 𝑐 −1 𝑅1 𝑋 ] [ ]= [ ] 𝑑 𝑅2 𝑌 (1.4) To isolate 𝑋, the coefficient matrix must be estimated accurately. Estimation of the spectrum follows standard procedures after isolation. Once the spectrum has been estimated, powers are reported to the POWDER system by frequency in 100 kHz bins and compared against a database that records the maximum allowable power for that band. If power values exceed the database value, the experiment will be shut down by the POWDER system. 17 Figure 1.1 A hardware block diagram of the USRP B210 used in POWDER for spectrum monitoring. Green boxes represent digital, programmable components. During transmission, signals flow from left to right. 18 Figure 1.2 A block diagram of the front-end of a direct conversion receiver. BPF is a band pass filter used to reject out-of-band energy. LNA is a low-noise amplifier, which is capable of properly amplifying a very lower power signal. LO is a local oscillator used to mix the pass band signal down to baseband, centered at 0 Hz. The LO has an in-phase and 90 degrees out of phase (quadrature) component. LPF is a low pass filter used to remove aliasing and other mixing components. Finally, ADC is an analog to digital converter that digitizes the base band, filtered signal. Further processing will be done in a digital computer. 19 Figure 1.3 A diagram of the monitor system. The experimental SDR is used by experimenters to transmit out of the antenna or to receive signals from the antenna. A dedicated monitor SDR samples the spectrum from the directional coupler outputs. CHAPTER 2 RELATED WORK Spectrum sensing and source separation both have a long history of development. As such, this work draws on a wide variety of sources. Some of the latest and most related spectral sensing works are discussed in this chapter. Spectrum monitoring systems, which use spectral sensing, are presented, followed by signal separation methods. 2.1 Spectrum Sensing A straightforward way to sense for spectrum occupancy is to look at spectral energy [28]. If noise statistics are well-characterized, a hypothesis test can be used to positively or negatively confirm the presence of a non-noise signal. This method, compared to other methods of spectrum sensing, requires relatively few assumptions about the signal of interest while still showing good performance [34]. Other methods can utilize known statistics of the signal of interest to achieve better performance at lower signal-to-noise ratios (SNRs). Energy-based detection is still frequently used when no assumptions should be made about the signal. In our model, the user is free to transmit arbitrary waveforms. We are also especially interested in spurious emissions. Thus, very few assumptions can be made about the statistics of the transmitted signal. This work uses standard energy detection methods and assumes a relatively high SNR due to the proximity of the 21 transmitter to the monitor. A few other techniques exist that don’t assume statistical models of signals. One such class of techniques uses machine learning to perform spectrum sensing. In most of these techniques, training data is provided to a learning agent such that it learns to identify or quantify spectrum occupancy. Many different machine learning techniques exist, and not all require training data. Deep learning has been shown to be highly effective at identifying pattern [18]. One difficulty with deep learning is that it typically needs enormous amounts of labeled data, which can be challenging to collect. In [12], Generative Adversarial Net- works (GANs) are used to augment the training data set and for domain adaptation. RF channels can vary significantly over time, frequency, and many other parameters. Deep neural networks tend to have a hard time working on domains for which they were not trained, so GANs can be used to compensate for a highly variable domain. GANs are composed of two deep neural networks that provide adversarial feedback. One network generates data to be classified. It tries to cause the discriminator network to make mistakes. The discriminator network tries to classify the generated output. By setting up the GAN to generate data in the desired distribution, highly realistic, yet still artificial, data sets can be produced. Many machine learning-based methods to sense spectrum occupancy have been used recently [32]. Lees et al. compare traditional machine learning techniques such as SVM with deep learning techniques at 3.5 GHz and find many benefits with the more modern approaches [19]. Tian et al. found that SNR variation played a significant role in sensing OFDM waveforms and found that a classic Naive Bayes approach was effective, especially at low SNRs [33]. Other research has shown that deep neural networks perform 22 better at identification at low SNRs [24]. Another group that focused specifically on getting high performance on low SNR signals using deep learning include Ghasemi et. al. In [25], the authors use deep temporal convolutional neural networks to outperform even state-ofthe-art eigenvalue-based methods. Many others explore the ability of deep neural networks to find complex patterns in RF data [4, 25, 26, 29, 30, 36]. While machine learning approaches can be surprisingly effective, they may not always be appropriate. We start from a model-based approach from an understanding of the classical signal mixing problem. The identification of signal energy in our model is relatively simple and does not currently need the complex function approximation provided by deep learning. We are also not as interested in identifying low SNR signals because they are unlikely to interfere with co-located receivers. Another powerful way to analyze RF signals is to use multiple receivers at different locations. When these receivers work together to sense spectrum occupancy, this is called cooperative spectrum sensing. Measurement of signal properties as they vary over space can provide a wealth of information not available to a single receiver [3]. Transmitters can be localized with cooperative sensing techniques, which can be important in a spectrum monitor [27]. Distributed systems can become quite complex and challenging to debug. As many monitors are available in POWDER, future monitoring solutions should consider using cooperative techniques to improve accuracy and confidence. 2.2 Spectrum Monitoring Systems A receiver must be able to sample at very high rates or be able to quickly re-tune to successive center frequencies, sweeping across the spectrum to analyze large bands of 23 spectrum. High-rate receivers can be very costly [13]. Narrowband receivers require a retune of the LO, which can be time-consuming, and short duration signals of interest can be missed when the receiver is tuned to a different frequency band. SweepSense is a solution that uses low-cost narrowband receivers but, with modification to the LO hardware, incorporates a continuous tuning procedure to capture short-duration signals over a broad bandwidth [15]. Continuous tuning introduces distortion, which was solved in SweepSense by incorporating a self-calibration mechanism to remove distortion. Fast re-tunes are highly desirable, but since our work requires the deployment of many dozens of monitoring radios, hand-modification of the hardware was undesirable. In our signal model and our adversarial model, we can miss some short-duration signals without significant impact. In [20], the authors focus on adversarial spectrum monitoring and seek to optimally decide how much time to spend in each measurement channel. We assume that users have the potential to be adversarial; however, since the measurement system is undetectable by the user, we assume that they will not be able to avoid detection indefinitely. A determined adversary could potentially avoid detection by observing side-channel leakage from the monitor and determine the current center frequency or could more reasonably determine the center frequency re-tune period and starting point. With this information, they could potentially avoid detection. As a preventative measure, the monitor could partially randomize the next center frequency as it sweeps over the 6 GHz band. The National Telecommunications and Information Administration (NTIA) provided an overview of their Spectrum Monitoring Pilot program [11]. They design a system that is web-enabled and controlled. Their system, called SCOS, is open-source and available on GitHub. Spectrum sensors and measurements can be added to their system 24 and can be controlled from a web user interface. The system is flexible and was initially considered as a framework for our work. However, it ultimately didn’t fit the web architecture POWDER currently uses. With some extra time, perhaps it could be adapted into a robust addition to the POWDER spectrum monitoring system. The extra features, such as measurement scheduling, are indeed useful. Becker, Baset, et al., designed a spectrum monitoring system for real-time analysis. In addition to spectrum sensing, their system was designed to classify signals. To do this, they limited their analysis to smaller frequency bands to find 802.11g, 802.11p, Bluetooth, and Zigbee signals. Their system also used USRPs, but instead of just UHD, they used GNU Radio. To meet real-time requirements, they split processing into a fast and slow component. The fast component, like our work, used energy detection on the frequency domain signal and then compared spectral parameters against a local database. The slow component used support vector machines to get more accurate classification results. A results merger system combined classification results and provided feedback to the fast component to improve capabilities over time. Our system also uses a lookup table for fast computation of results but does not currently use machine learning techniques. 2.3 Source Separation Source separation is a critical component of our work. We need enough isolation between signal sources to identify energy in prohibited bands accurately. A substantial body of research exists for audio source separation, and much of it is applicable for radio signals, typically with some modifications. Audio signals are generally in the range of 020 kHz, so RF signals have much higher center frequencies and often sample rates. Audio 25 signals are usually represented with real numbers, whereas RF signals almost always operate on quadrature I/Q samples, which are complex valued. Audio source separation techniques can be classified based on the number of sources and measurement channels. When the number of sources, n, is the same as the number of measurement channels m, independent components analysis (ICA) is often considered the state-of-the-art in source separation [16]. When the number of measurement channels is less than the number of sources, methods such as deep learning, non-negative matrix factorization (NMF) have been shown to be highly effective [8]. We use two measurement channels to attempt to separate two sources, so ICA is a natural fit. This work presents some novelty due to the assistance of hardware by means of the directional couplers, using the mixing calibration coefficients as priors and that this is a complex convolutive mixture. More recent work on ICA has been done to investigate complex signals [6] and on convolutive mixtures [5] that can be applied here. Independent components analysis (ICA) is a technique used to isolate independent components of a signal mixture. In ICA, the goal is to find a weight matrix that maximizes the independence of the transformed signals. It assumes that 𝑁 signal sources are combined, and 𝑁 measurement channels are used to measure the combined signals. Let matrix 𝑨 encode the mixing of the signals. The source signals 𝑺 are multiplied by 𝑨 resulting in the measurements X 𝑿(𝑡) = 𝑨𝑺(𝑡) (2.1) Both 𝑨 and 𝑺 are unknown. If the signal sources are non-Gaussian, which is indeed the case for most communications signals, then using ICA, the inverse of 𝑨, 𝑾 can be found such that get the original signals from 26 𝑺(𝑡) = 𝑾𝑿(𝑡) (2.2) are recovered. We start with the deconvolution approach mentioned in chapter 1. ICA could be used as a replacement for the deconvolution method or as a refinement to the method by considering the coefficients found as priors on the ICA weight matrix 𝑾. A slightly different calibration procedure will need to be done to use ICA. In the deconvolution method, only one source is present at a time to remove unknowns. If one source signal is missing, the measurement channel picks up only a source signal and Gaussian noise, which breaks the assumptions of ICA. The coefficients found make the estimation of the mixing coefficients, used as priors, worse. Both source signals, incident, and transmitted, must be present and independent. One way of doing this would be to use two out-of-sync PN noise sequences or two Fourier series with slightly different frequencies. CHAPTER 3 SPECTRUM MONITORING This chapter primarily deals with the system-level design of a spectrum monitoring system. First, the POWDER platform, including its infrastructure and software, is discussed, followed by a more in-depth description of the hardware involved in the monitoring. Then, a detailed description of the monitoring software follows. 3.1 POWDER The Platform for Open Wireless Data-driven Experimental Research (POWDER) is a project-based out of the University of Utah and Rice University. POWDER is a platform for wireless and networking experimentation that includes hardware infrastructure, including software-defined radios, low-latency networking, and bare metal compute access. POWDER builds on the Emulab system to provide a variety of tools that enable high-quality, repeatable research. One of the unique features of POWDER is that it is a so-called living laboratory. POWDER provides realistic environments, including dense, residential, and downtown regions as shown in Figure 3.1. Deployments of POWDER radios here offer a unique opportunity to study next-generation wireless and mobile networking applications. Another essential feature is POWDER experimental profiles. These are programmatic interfaces to 28 POWDER resources that include a request for hardware and virtual network links. They also specify disk images and data sets such that another user can copy the profile, repeat the experiment, and then extend it. As everything is programmable, compositions can be created that let novices and experts use POWDER effectively. A communications systems researcher can develop PHY layer protocols. Network research can develop 5G mobile network protocols without needing to re-invent the lower layers. POWDER provides access to a variety of different resources. These include data centers and high-performance servers connected by a fiber backhaul, stationary fixed endpoint radios mounted on buildings, stationary base stations primarily on rooftops, predictable moving endpoints mounted on university shuttles, and others. Complex networks can be created sufficient to mimic realistic environments. With this infrastructure research into next-generation wireless communication systems such as dynamic access networks, mobile networks such as mobile edge cloud, security such as location privacy preservation, and many others are possible. POWDER and Emulab provide many useful features. A web interface provides utilities for managing projects, experiments, profiles, and others. One particularly important set of features include tools for tracking resource usage. Graphs and tables provide lists of available hardware, aggregated across clusters. Spectrum access is another resource managed through the portal. When instantiating an experiment, a user must request access to a frequency band. Spectrum resources are divided in time and frequency. A single experiment has exclusive access to a frequency band for a limited duration of time. Possible frequencies are shown in Table 3.1. The request system is still in development and likely will take spatial information into account in the future. 29 As an illustrative example, a user wants to test a new 5G waveform. They develop the block using GNU Radio. Their profile uses Python and Geni to specify that they want a base station node, which includes a remote X310 radio and connected servers at the data center. It also specifies that they want a fixed endpoint that has local compute. They instantiate the profile to create a running experiment with a request for access to the band 7 frequency. Software images, including GNU Radio, are loaded to the compute nodes along with data sets at instantiation time. From the users’ laptops, they can run their software on each node. The user can test the transmission and reception of their new waveform over-the-air in a real environment. After collecting data, the user terminates the experiment using the web UI, freeing resources for the next user. Wireless clusters are divided into two main types. Base stations, which are highpower, high-performance systems, and fixed/mobile endpoints, which are lower power and could be mobile (e.g., when they are mounted to buses). A base station diagram and picture are shown in Figure 3.2. Some base stations are equipped with massive MIMO hardware. Four wideband USRPs are connected through an RF front-end and then to antennas. One antenna is banded, and the other is broadband. The front end provides filtering, amplification and provides a common point to monitor each of the radios. Multiple experiments can use the same base station so long as they use separate radios and operate on separate frequency bands. On base stations, connections are made back to the data centers using a fiber backhaul. A local compute node is connected to a USRP B210 and used by the POWDER platform for a variety of uses, particularly for RF monitoring. The other primary type of wireless node is a fixed/mobile endpoint. These nodes are shown in Figure 3.3. Endpoints are by far more numerous. These usually include two 30 USRP B210 SDRs available for experimenters. Another RF front-end allows for monitoring, amplification, and filtering. As these endpoints may be mobile, two different backhaul connections are available. Campus WiFi (802.11) is extensive and high-rate and is the preferred connection type, but LTE is also available. Because data connections may sometimes be erratic and have lower rates than the base stations connected by fiber, local compute is available. An Intel NUC platform is connected to each of the B210s. Another NUC and B210 are used here, like in the base station, for monitoring and other platform utilities. A dedicated monitoring system is present on each node. It is not accessible by experimenters like the other radios and NUCs. The monitor software runs on the control NUC as a software daemon and continually monitors all frequency bands that an experimenter could potentially transmit on, even unintentionally. Figure 3.4 shows how the monitoring system fits in with the larger platform. This work focuses on the system running on the monitors, which provide the spectral measurements to the controller. For full context, the controller takes these measurements and compares them against published FCC limits. These limits vary by frequency band and other parameters such as attack and decay time. The user profile and parameters are combined into a structure called an RSpec. User information, with the RSpec, and FCC parameters are combined and compared by the controller against spectral measurements. If the user is outside the allowed limits, they receive a notice by email. If they continue to broadcast, the experiment can be remotely shut down by the controller. Further, like the bring-your-own-device program (BYOD), some experimenters may also want to bring their license. As the monitor is capable of 31 monitoring nearly the entire spectrum below 6 GHz, many licenses are supported. 3.2 Hardware The main hardware components involved in monitoring are shown in Figure 3.5. These include the control NUC, which is connected to the USRP B210 over USB. The B210 is connected over RF coaxial cable to the front end through the directional couplers and then out to an antenna. The NUC is an x86-64 based system with a quad-core Intel I78650 and 32 GB of DDR4 RAM. It supports USB3 and 802.11AC. The B210 supports USB 3.0 and performs all signal processing on a Xilinx FPGA. The RF front-end is custom built and has pairs of directional couplers as well as power and low-noise amplifiers. The monitor is tasked with observing a large amount of spectrum with a narrow band receiver. A substantial amount of the processing of the data must take place on the CPU of the NUC in software. Generally, as data is processed faster, confidence improves in the performance of the system, as is, are less likely to miss transient emissions. The choice of using a narrow band receiver was based on several criteria. One of these was the cost. Since a monitor would need to be present on each of the POWDER clusters, an expensive receiver would quickly become exorbitantly expensive. The B210 is a good compromise between flexibility, performance, and cost. Software considerations are given in the next section. In this section, performance analyses are done just concerning the hardware. USRP devices, generally can cover frequencies under 6 GHz. The B210 can sample at rates of up to 61 MSps. However, for monitoring, two simultaneous receive channels are needed. Using two channels limits the sample rate to 30.72 MSps. The lower limit of the 32 B210 is 100 MHz. To cover the entire spectrum, the monitor must change center frequencies at intervals of 30.72 MHz, which would take 192 steps. Issues with filtering in the B210 lead us to choose smaller intervals and overlap the frequency bands slightly. Currently, it takes 238 steps to cover the spectrum. With these parameters, the B210 is the bottleneck in terms of speed performance. The B210 also was the primary source of reliability issues, and a significant amount of time and design effort went into working around these issues. Figure 3.6 shows a more in-depth view of the components on the B210. An FX3 chip provides USB transport. All analog radio processing and some digital signal processing occur on the AD9361. A variety of clock sources can drive the B210. Many communication systems have very tight timing requirements and need common clock sources, and this is particularly true for MIMO systems. The monitor B210 uses a GPS disciplined oscillator (GPSDO) to provide the primary clock source. A pulse-per-second can also be used but is generally not used for monitoring. FPGA components also are shown. Ettus/National Instruments provides the hardware description language (HDL) as open-source code. We did not modify HDL structures on the B210, but they were used heavily to understand reliability issues. The AD9361 provides four RF channels, two for receive and two for transmit. As the same LO drives both chains, both RX channels or both TX channels must be tuned to the same center frequency. The AD9361 has two 12-bit digital data lines to the B210 FPGA. When operating in dual-receive configurations, one line is used for in-phase (I) data, and the other is used for quadrature (Q) data. The clock can be run at 61.44 MHz, but the maximum data rate out of the AD9361 is limited to 30.72 MSps because the 12-bit 33 samples must be interleaved between receiver ports. In the B210, these samples are often extended to 32 bits per I or Q sample by the time they are available for processing at the CPU. Usually, this happens in the driver on the CPU. On the FPGA, 16-bit samples are used, so the actual rate over the USB bus is nearly 2 Gbps. On the FPGA, samples are processed and buffered in a 16-bit format. Each I and Q stream can be processed in parallel. To achieve nearly arbitrary rates and center frequencies, the B210 FPGA performs resampling and frequency offset correction in the DDC chain. After the DDC chain, samples are buffered, framed, and eventually sent over USB. The B210 uses a protocol called CHDR (compressed header). One of the early and frequent reliability problems seen with the B210, particularly when changing center frequencies often, is that the sample streams hung. Calls to receive would return zero samples indefinitely. When the CPU is not consuming samples fast enough, an ’O’ is printed to standard out by the driver. The ’O’ is simply an indication of buffer overflow. Built-in mechanisms in the stream protocol back-pressures the device, and the stream stops buffering samples until the CPU is ready to start processing samples again. However, with the stream hanging problem, there are no indications of errors provided by the driver. The stream simply continues to return zero samples each time more samples are requested. The root cause of this issue was never determined, but we were able to design software mechanisms to detect this condition and restart the streams. The AD9361 provides the RF front end of the radio. The on-board PLL and ADC generally dictate the achievable rates and frequencies possible. When a new frequency is requested in software, a control command is sent to the B210. The FPGA translates this command to an AD9361 command, which is sent over an SPI bus to the AD9361. The chip 34 commands the PLL to change frequencies. Some time is required for the PLL, which is driven by a feedback system, to lock on to the new frequency. If the chip detects that the new center frequency is over 100 MHz away from the last frequency, it initiates an onboard calibration. Tune time and calibration time, as the monitor swept across all 6 GHz, was a speed bottleneck. When frequency changes were small, the average time to re-tune was 4 ms. Every 100 MHz section, calibration took 100 ms on average. This latency leads to a total time spent on re-tunes per spectrum pass to be 6.7 seconds. This is shown in Figure 3.7. One problem noticed relatively early on, however, was that the default filter settings on the B210 did not do a sufficient job of rejecting out-of-band energy at this rate. So tighter filters were required. The B210 typically configures the analog and digital filters on the AD9361 based on the requested rate. We discovered what seems to be a bug. When running at the maximum rate with two receive channels, 30.72 MHz, the AD9361 would leave the RF filter wide open at 56 MHz. Additional digital filters seemed to do a mostly adequate job of removing out-of-band energy, but not enough. We noticed when concatenating spectral results after switching to a new frequency that narrowband spikes would appear twice. We reduced the analog filter bandwidth from 100 percent of the rate until a just-out-of-band narrowband tone disappeared. This reduction corresponded to 90 percent of the rate, or 27.6 MHz. When sweeping, we adjusted for this reduced bandwidth by removing all spectral components outside of this bandwidth and shifting the center frequency steps so that the entire spectrum would still be covered. One of the main components of the custom RF front end was the RF directional coupler system, as shown in Figure 3.8. The right image of Figure 3.8 labels the ports. 35 These ports are bi-directional or symmetric, instead. When RF signals are transmitted through P1, they show up with minimal attenuation at the output port P2. The couplers are designed to pull a small amount of energy primarily from the P1-P2 signal. An ideal coupler would provide a lower energy copy of P1 at P3. Anything coming from P2, including reflections of P1, would not be present. As these devices are not ideal, some energy from P2, going in the reverse direction, is present at P3. We measured the directionality with a nearly matched antenna and estimated the isolation due to the couplers to be about 15 decibels. 3.3 Software The design of the software components of the monitoring system was undertaken with a few goals in mind. The monitor should be efficient and should be able to sweep over the available frequency as fast as possible. The system should be reliable, as many monitoring systems would be running concurrently and over very long durations. Most importantly the monitor system should be able to identify transmitted energy in out-ofband regions accurately. A general diagram of the software architecture is shown in Figure 3.9. Nearly all software is implemented with Python 3. The most performance-critical pieces use C++ and C. The main libraries used include NumPy for numerical processing, SciPy for a few signal processing utilities, UHD, and UHD python bindings for controlling and passing data to and from the B210, and XMLRPC. As shown in Figure 3.9, all monitor software was packaged as a python package for easy installation and updates across many clusters. The top-level monitor instantiates an isolation receiver object. This object, in turn, 36 creates a device object. The device is capable of receiving samples from the B210 and handles all low-level UHD protocols. The device is mainly responsible for reliable B210 operation, too. The Isolation Receiver receives two streams of samples from the receive ports and applies an isolation algorithm to un-mix the transmitted and incident RF energy collected at the coupler. The Isolation Receiver then takes the results and reports anything above a specified threshold to the monitor controller. A large variety of signal processing libraries are packaged separately and are used extensively by the Isolation Receiver. The Isolation Receiver loads all calibration matrices at start-up and keeps them in memory for fast processing during spectrum sweeps. Local detailed logging occurs on each device. A central logging server also collects anything printed to standard out. The device class is responsible for handling lower-level device data transfers between the SDR and the processor. Two of the critical mechanisms implemented here were restarting streams appropriately and handling correct frequency changes. When a stream stopped returning samples as discussed above, the device object would send a stop stream command to the radio and give a new command to restart the stream with the current time. With both receive ports running simultaneously, the streams needed to be synchronized at the start. By waiting for the next PPS and a small delay, the streams became synchronized on a sample basis. In most examples provided with the UHD source code, streams were started and stopped after each frequency change to give time for the PLL to lock. Starting and stopping proved to be highly problematic for our application, possibly due to the very high number of frequency changes requested over a fixed interval. To change frequencies efficiently and without causing a stream hang, we set the 37 streamer to run continuously, even through frequency changes. This change substantially mitigated but didn’t completely stop the stream hanging problem. We found that we did need to remove a certain number of samples after a tune because the data would be invalid before the PLL locks. Another supposed bug showed in the UHD driver software, where the software call to check PLL lock always immediately returned true. Our experiment showed conflicting results where signals that were known to be present at a particular frequency band would sometimes vanish. We implemented a time-dependent data dump mechanism to remove data based on how long the re-tune took. This solved the missing signal problem. Since re-tunes could take anywhere from 4 ms to 200 ms, and we couldn’t afford to wait 200 ms each frequency change, a time-dependent mechanism was a reasonable design compromise. The NUC computer used for monitoring is also used for handling the testbed system of that cluster. Especially when an experiment is started, other applications on the computer have a high need for resources. A few tests were run to determine if the NUC would be able to handle streaming and processing at the full 2 x 30.72 MHz sample rate. The NUC has two cores with hyperthreading for four virtual cores. Using the Linux utility stress, a full load was applied on the SDR and UHD in addition to a stress profile. The benchmark utility provided by UHD notes the number of errors during streaming. When the computer is not able to pull data from the SDR fast enough, data packets are dropped, and errors occur. As shown in the Table 3.2, if both cores are not being used, the application should be able to handle processing samples at the full rate. The IO load does not have a significant impact on the error rate. 38 A significant component of the monitoring isolation algorithm was measuring a known signal across the coupler ports and estimating the mixing matrix. We called this procedure monitoring calibration. Each mixing matrix is complex-valued and two by two. We found that the mixing matrix was frequency-dependent, so we modeled mixing in the frequency domain and found a matrix for each discrete Fourier transform (DFT) coefficient. The derivation of this model is done in Chapter four, but for now, we use the results that an FFT size of 512 is appropriate. The set of measurement matrices thus included nearly 500,000 coefficients. To complete this efficiently, since it would need to be done for every radio used, the design shown in Figure 3.10 and Figure 3.11 was created. When the TX server was started, it loaded a reference maximum length sequence (MLS) waveform and synchronized its local clock using the network time protocol (NTP). It used a cluster-specific configuration file to load networking configuration, port configuration, and other cluster-specific parameters. It then started an XML RPC server with broadcast type methods registered. The TX server would not block while transmitting so that the client would immediately know that it had started broadcasting. A software lock was used on the PHY layer transmitter to prevent multiple calls to the server for broadcast. Each broadcast call was parameterized by a center frequency and a broadcast duration. The client would successively make calls to an appropriate transmitter, start recording when the lock was taken, and stop recording after a specified duration of time, but before the lock was released. A timing diagram is shown in Figure 3.12. Only a single RX client would run. It functioned as the controller of the calibration system. Part of initialization was estimating the noise floor so that the RX client can sense that a transmitter occupies the spectrum. The RX client would start from the lowest 39 frequency band and measure spectrum on both channels with each of the transmitters broadcasting. To improve the signal-to-noise ratio, averaging of the DFT coefficients overtime was done at each broadcast frequency. Additional details on this procedure is given in Chapter 4. The RX client saved the coefficients to disk in a data structure that provided easy indexing by center frequency. 40 Figure 3.1 POWDER is a city scale wireless and mobile testbed. The red lines indicate approximate coverage area in the Salt Lake Valley. 41 Table 3.1 Anticipated frequency ranges available to POWDER users. Range (MHz) 698-806 902-928 1710-1755 2110-2155 2500-2570 2620-2690 3550-3650 5150-5925 Commercial/Public Safety Industrial, scientific and medical (ISM) Extended Advanced Wireless Services (EAWS) uplink Extended Advanced Wireless Services (EAWS) downlink LTE Band 7 uplink LTE Band 7 downlink Citizens Broadband Service (CBRS) Unlicensed National Information Infrastructure (U-NII) 42 Figure 3.2 Hardware components of a POWDER base station. Four USRP radios are available to users. A fifth USRP B210 is used for monitoring. 43 Figure 3.3 Hardware components of a POWDER fixed endpoint. Two USRP B210s are available to users. A third USRP B210 is used for monitoring. 44 Figure 3.4 A diagram of the whole monitoring system. As part of the experimental setup, a user specifies the frequency band they intend to use. The monitor daemon continually monitors spectrum of every experimenter and reports it back to a central server, the controller. The controller compares spectrum measurements computed by the daemon with a database containing FCC allowable spectral parameters which are specific to each frequency band. The controller can remotely shutdown an experiment if needed. 45 Figure 3.5 Hardware components of the monitoring system. 46 Figure 3.6 B210 block diagram. Exterior blue blocks represent hardware components. Inside the FPGA block, all blocks represent HDL constructs. The B200 and B210 HDL constructs are only different in that the B210 has two radio cores. 47 Figure 3.7 Re-tune elapsed time histogram. 48 Figure 3.8 The directional coupler system. The left image shows a discrete four port coupler schematic. The center image shows four couplers on the same front-end board. The right image shows a labeled diagram of each of the ports. 49 Figure 3.9 Software architecture of the monitor. 50 Table 3.2 Performance of the monitor under various loads. Test Single CPU full load Dual CPU full load Triple CPU full load 75% IO load 150% IO load Errors 8 56 1335 4 6 Percent Samples Lost 0.12 4.5 91 0.06 0.08 51 Figure 3.10 Calibration hardware is setup with multiple experimental SDRs under test. All compute nodes controlling the SDRs are connected via a TCP/IP network. Software running on the monitor compute node turns each experimental on and off, at the correct frequency, as needed. The monitor records spectrum measurements over each frequency band. 52 Figure 3.11 Calibration software consists of multiple distributed applications. The monitor compute node runs a calibration client, which provides control over the whole system. Each of the experimental nodes and the incident node run calibration servers. These provide RPC methods to the client that control a device object. 53 Figure 3.12 A monitor calibration timing diagram for one broadcast. The left side represent the RX client. The right side represents some TX server. Synchronized system times and parameterized duration values helped ensure that timing requirements were met. CHAPTER 4 SOURCE SEPARATION The monitor model with labels representing signals is shown again in Figure 4.1. A relatively easy way to perform monitoring is to measure the signals coming out of the experimental SDR, but before the power amplifier (PA). In this case, the PA acts as a buffer and prevents any incident signals from interfering with spectral measurements of the transmitter. However, the PA is frequently a source of spurious emissions. The power amplifier can generate harmonics, parasitics, intermodulation products, and other spurious emissions. As the input signal power or gain of the PA increases, the likelihood of generating spurious emissions increases, as shown in Figure 4.2. In a tightly controlled system, the transmitter can be set to power levels that will never generate many of these In POWDER, users have complete control and operate at power levels where spurious emissions can occur. These can cause harmful interference effects to nearby receivers. Thus, our system needed to monitor signals after the PA. Monitoring after the PA, however, means that we would also measure incident RF energy picked up by the antenna. When deciding whether to shut down a user experiment, or otherwise interfere, we need to be sure that the offending signals are coming from the transmitter and are not incident. To do this, we designed a monitoring front end and signal de-mixing algorithm that would increase the level of isolation between the incident and transmitted signal. 55 4.1 Source Mixing Model Directional couplers provide some isolation on their own. Spectral measurements at the second RX port, 𝑅2 , have increased energy contributions from the transmitter, 𝑋. Spectral measurements at the first RX port, 𝑅1 , have increased energy contributions from the transmitter, 𝑌. By comparing the spectrum, frequency bin by frequency bin, between 𝑅1 and 𝑅2 , a reasonable estimation of the transmitted energy can be made. However, due to imperfect impedance matching between the PA, the couplers, and the antenna, reflections occur in both directions. A critical goal of this project is to isolate 𝑋. This is the signal that is being transmitted by the user and will disappear if the user’s experiment is shut down. Since 𝑅1 and 𝑅2 are linear combinations of 𝑋 and 𝑌, we should be able to solve a system of equations to find 𝑋 and 𝑌 if we know the coefficient matrix, 𝑨. That is 𝒓 = 𝑨𝒔, where 𝒓 is a vector consisting of 𝑅1 and 𝑅2 , 𝑨 is a matrix consisting of the complex coefficients 𝑎,𝑏,𝑐, and 𝑑, and 𝒔 is a vector consisting of 𝑋 and 𝑌. This is shown with bracket notation below. [ 𝑅1 𝑎 ]= [ 𝑏 𝑅2 𝑐 𝑋 ][ ] 𝑑 𝑌 (4.1) To get X, take the inverse of the coefficient matrix and left-multiply by R1 and R2. 𝑎 [ 𝑏 𝑐 −1 𝑅1 𝑋 ] [ ]= [ ] 𝑑 𝑅2 𝑌 (4.2) which is 𝑨−1 𝒓 = 𝒔. An important empirical finding was that this coefficient matrix was fairly frequency dependent. This is shown in Figure 4.3. Here a single position on the xaxis indicated one of the 230 center frequencies. Originally, we hypothesized that 39 within 30 MHz, the frequency variability could be low, and a single coefficient would be appropriate. This graph shows that across the entire spectrum, the variability between 56 coefficients 100 kHz apart could be substantial. Instead of collecting one measurement per center frequency, a discrete Fourier transform (DFT) coefficient would be collected for each bin, and isolation would occur in the frequency domain instead of the time domain. Thus, the transfer function in the time domain is instead estimated. The N-point DFT is defined as: 𝑁−1 𝐴(𝑘) = ∑ 𝑊𝑛𝑘𝑛 𝑎𝑛 = ℱ[𝑋(𝑛)] (4.3) 𝑛=0 where 2𝜋 WN = e−𝑖 𝑁 (4.4) and 𝑎𝑛 is the input sequence to the DFT. The coefficients 𝐴𝑘 represent the frequency components of 𝑎. 𝑋(𝑛) is the time domain sequence of samples collected, and ℱ is the DFT operator. For each center frequency, 𝑓𝑐 , and for each bin of the DFT, a coefficient matrix will be computed, for the entire set of spectral bins, 𝐹. 𝑁 is set to 512. Importantly, the DFT operator is a linear operator, so the linear relations shown below hold. [ ℱ[𝑅1 (𝑛, 𝑓𝑐 )] 𝛼(𝑘, 𝑓𝑐 ) ]= [ ℱ[𝑅2 (𝑛, 𝑓𝑐 )] 𝛽(𝑘, 𝑓𝑐 ) 𝛾(𝑘, 𝑓𝑐 ) ℱ[𝑋(𝑛, 𝑓𝑐 )] ][ ], 𝛿(𝑘, 𝑓𝑐 ) ℱ[𝑌(𝑛, 𝑓𝑐 )] (4.5) 𝑓𝑐 ∈ 𝐹, 𝑘 ∈ [0, 𝑁 − 1], 𝑛 ∈ [0, 𝑁 − 1] which, [ and, 𝑅1 (𝑘) 𝛼(𝑘) ]= [ 𝑅2 (𝑘) 𝛽(𝑘) 𝛾(𝑘) 𝑋(𝑘) ][ ] 𝛿(𝑘) 𝑌(𝑘) (4.6) 57 𝛼(𝑘) 𝛾(𝑘) [ ] 𝛽(𝑘) 𝛿(𝑘) −1 [ 𝑅1 (𝑘) 𝑋(𝑘) ]= [ ] 𝑅2 (𝑘) 𝑌(𝑘) (4.7) For each RF port, 512 samples are collected in a sequence at 30.72 MSps. The sequence is windowed using a Hamming window, and then a 512-point DFT is computed. For each DFT coefficient, a matrix is estimated that can be used to transform the DFT coefficients found in 𝑅1 and 𝑅2 , to get the estimated DFT coefficient of 𝑋 and 𝑌. These can easily be 40 converted to power spectral density measurements. Further, measurements are made of the actual power outputs, and a linear conversion is computed to get power in dBm from the computed dB measurements. For general spectral measurements, we based parameters on FCC part 15 regulations, which place limits on emissions by commercial transmitters. Specifically, from section 15.35, an averaging detector with a period of 100 ms and bandwidth of 1 MHz is used for everything above 1 GHz. Below 1 GHz and supplementary to measurements above 1 GHz, a quasi-peak detector is used. This peak detector has a bandwidth of 100 kHz. 100 kHz was thus used as the minimum bin size for the monitor system. As 512 is the nearest power of two to 30.72 MHz divided by 100 kHz, 512 was used for the FFT size. At 30.72 MHz, each bin is sampled every 16 microseconds. We average bins over durations of up to 100 ms to get high-SNR estimations of emissions. We plan to include maximum peak detections to align with the FCC commercial regulations more strictly. 4.2 Estimating Mixing Matrices Robust, accurate estimation of the coefficients in A is needed to ensure good isolation. Monitor calibration is the procedure used to estimate these coefficients. A known signal is transmitted by the device being calibrated and is received by the monitor SDR at 58 both ports. The monitor compares the received signal with the known signal and computes an estimate of A. The problem is made tractable by solving for the coefficients in two steps. First, 𝑋 is set to zero by ensuring that only the incident transmitter is broadcasting (𝑌). Then 𝑌 is set to zero by ensuring that the incident transmitter is not broadcasting 𝛾(𝑘) 𝑋(𝑘) ][ ] 𝛿(𝑘) 0 (4.8) [ 𝑅1 (𝑘) 𝛼(𝑘) ]= [ 𝑅2 (𝑘) 𝛽(𝑘) [ 𝑅1 (𝑘) 𝛼(𝑘)𝑋(𝑘) ]= [ ] 𝑅2 (𝑘) 𝛽(𝑘)𝑌(𝑘) [ 𝑅1 (𝑘)𝑋 −1 (𝑘) 𝛼(𝑘) ]= [ ] −1 𝛽(𝑘) 𝑅2 (𝑘)𝑋 (𝑘) (4.10) [ 𝑅1 (𝑘) 𝛼(𝑘) ]= [ 𝑅2 (𝑘) 𝛽(𝑘) (4.11) [ 𝑅1 (𝑘) 𝛾(𝑘)𝑋(𝑘) ]= [ ] 𝑅2 (𝑘) 𝛿(𝑘)𝑌(𝑘) (4.12) [ 𝑅1 (𝑘)𝑌 −1 (𝑘) 𝛾(𝑘) ]= [ ] −1 𝛿(𝑘) 𝑅2 (𝑘)𝑌 (𝑘) (4.13) 𝛾(𝑘) 0 ][ ] 𝛿(𝑘) 𝑌(𝑘) (4.9) By dividing the known signal DFT, 𝑋, from the received signals 𝑅1 and 𝑅2 , the operation is equivalent to deconvolution in the time domain with a long channel response. That is, if 𝑥1 (𝑛) ⊛ 𝑥2 (𝑛) = 𝑥3 (𝑛), then 𝑋1 (𝑘)𝑋2 (𝑘) = 𝑋3 (𝑘), so multiplication in the frequency-domain is convolution in the time domain. Special care must be given to the case where some frequency bins have values close to zero in the transmitted signal. The division presents a problem where the resulting computed coefficients may explode in value. No values in the DFT of 𝑋 can be zero. By using a pseudo-noise (PN) sequence, a known signal with a flat spectrum is generated. Specifically, a maximum length sequence (MLS) with the same length as the DFT is used. If an N-point DFT is used, the sequence repeats with a period N. The MLS 59 sequence is exactly flat except for at the bin corresponding with frequency 0, which is often called the bias or DC value [21]. This value can be changed in the DFT representation by putting a non-zero value at the zero-bin or in the time domain by adding a constant number to the sequence to prevent the mean from being zero. MLS is typically implemented with linear feedback shift registers. These use m registers to compute a pseudo-random sequence of length 2𝑚 − 1. As the FFT is length 𝑁 (= 2𝑚 ), one extra value must be added to the periodic sequence. A single value was added to the MLS sequence in the frequency domain at bin 𝑁 to keep the spectrum flat through the receive chain. The sequence was inverse-transformed and saved for use by the calibration clients and servers. The absolute value of the DFT of the MLS is still flat except at DC and at the highest frequency. The effect on the time-domain signal is shown in Figure 4.4. While the signal indeed appears noisier, a period of length 𝑁 is important, as shown 42 in Figure 4.5, which shows the received time-domain MLS over three periods where each period is overlain. By keeping the same period as the DFT, even with an unknown starting phase, averaging in the frequency domain at each period, produces higher SNR estimates of the DFT sequence. Each POWDER node uses GPS disciplined oscillators (GPSDOs) for synchronous timing. These GPSDOs are useful here, because the transmitter and receiver are phase-aligned, which is important for averaging over time. 60 Figure 4.1 A diagram of monitor shown again for reference. The primary goal of this chapter is to develop the theory and practice of separating signals X and Y, which are linearly mixed in the coupler and received at 𝑅1 and 𝑅2. 61 Figure 4.2 Two examples of spurious emissions. The top image shows a tone at 2370 MHz and various related spurious tones. This signal was generated by broadcasting a tone near the saturation region of the power amplifier. Lowering the power slightly would cause the spurs to disappear. The second peak largest tone is centered on a multiple of the sample rate away from the main tone at 2400.72 MHz. The bottom image shows a primary tone at 2400 MHz and many smaller tones. Again, this is evidence of nonlinear amplifier emissions that would disappear when power is reduced. Here, the receiver is most likely clipping and any inherent isolation between channel 1 and channel 2 is lost. 62 Figure 4.3 Initial estimates of the absolute value of a1 over 6 GHz of spectrum. Each line represents an estimate at a different bin at the given center frequency. The x axis is an index into the list of the center frequencies. The droop around index 65 is between 2 and 3 GHz. The lowest blue lines are likely outliers. In general, significant variability exists as shown by the height of the band of values at each center frequency. Each point on the X axis represents 30.72 MHz of spectrum divided into 60 kHz bins. 63 Figure 4.4 Maximum length sequence (MLS) was modified to make the sequence periodic with a period that is a power of two. Top: MLS of length N − 1. Bottom: MLS of length N, with minimal spectral disruption. The bottom graph is periodic with the length of the FFT and is suitable for use in averaging. 64 Figure 4.5 Received MLS sequence. Periodic with period N, same as FFT. Top graph is all 512 samples, bottom graph is first 128 samples zoom. We can see that very little time-domain variation occurs. Averaging should give large boosts in SNR. CHAPTER 5 RESULTS AND FUTURE WORK After computing the mixing matrices for each transmitter in the POWDER network, the monitoring system can use the inverse of these matrices to get a better estimate of X. From X, transmissions that are outside allowed bands can be detected and reported by mechanisms discussed in Chapter 3. A power threshold is used to enhance confidence in the results and reduce the number of measurements reported to the POWDER monitor controller. This threshold is set based on experimental measurements. Additionally, to reduce false positives, only results above the threshold, and where the bin-of-interest has a power level in X that is higher than Y. An example frequency sweep using these procedures is shown in Figure 5.1. The threshold is set to -120 dB. The user was allowed to transmit in the 2400-2420 MHz band. A sharp peak was seen within the allowed frequency and was not reported. A harmonic was seen near 4800 MHz and above the threshold. This harmonic was reported to the controller. After the user decreased the power level, the harmonic disappeared. Some peaks are seen at low frequencies but are not well-understood yet. If these continue to flag the controller, filtering stages must be added to the front end. The CBRS band is one of the first bands available to users. It was chosen as a frequency band to study the isolation algorithm in more depth. Currently, transmit power must be set manually for each frequency band during calibration as the gain across the 66 entire band varies significantly. One gain setting leads to erroneous results where clipping is seen in the receiver ADC. The power margin between the noise floor and a power level where clipping is seen is low. To test the performance of the isolation algorithm, measurements of the ability to remove incident energy were designed. In an ideal performance scenario, any incident signal energy is removed from the signal 𝑅1 . Any transmitted signal energy is also removed from the signal 𝑅2 . With just the directional couplers, a base level of performance is achieved. The directional couplers can suppress energy from the undesired signals. For instance, with 𝑋 set to zero (i.e., the transmitter is off), The spectra from 𝑌 will be present in both 𝑅1 and 𝑅2 but will have lower power on average. Increasing isolation by the algorithms described in the preceding chapters should increase the difference in power levels between the desired signal and the undesired signal. This directly improves confidence in the detection scheme. By only reporting spectral measurements where the measurement 49 is higher in the desired signal, spurious detections are minimized. Increasing the distance between the two spectrum measurements 𝑅1 and 𝑅2 , causes fewer false positives and false negatives. Over the CBRS band, isolation between receiver and transmitter signals is estimated with an MLS sequence spectrum. As this signal has a flat spectrum, the average is taken at R1 and R2. The difference is the pre-source de-mixing isolation. After calibration, the receiver measures R1 and R2 again but uses source de-mixing to increase the amount of isolation. This is the post-source de-mixing isolation. The average values for the CBRS band are shown in Table 5.1. The isolation goes from around 4 dB to around 8 dB for two different sites. As seen in Figure 5.2, after isolation the difference between R2 67 and R1 is increased to 8 dB across the band. Figure 5.3 is used to further illustrate the performance of the isolation algorithm. Figure 5.3 shows spectral measurements when both sides of the directional couplers are receiving signal energy. In this case, two sinc-like signals, which are rectangular functions in the frequency domain, are transmitted at different frequencies. X is a signal centered near 2.485 GHz and Y is a signal centered around 2.51 GHz. The bandwidth was chosen such that the signals did not overlap in the frequency domain. Under ideal performance, channel 1 would not measure any energy from Y. Additionally, channel 2 would not measure any energy from X. Isolation can be seen to be near 8 dB in both directions. The undesired signals are suppressed by about 8 dB from the desired signals. During monitoring, the Y signal will correctly not be reported. The coupler provides some isolation, but isolation is frequency dependent. By demixing the signal, isolation is flatter across the band and higher. Clipping was frequency dependent, so hopefully, with a reasonable AGC solution, better isolation would be seen at other bands. An initial way the clipping problem was addressed was with frequency specific gain settings. This solution is possible with the configuration files that are used. during calibration as they site-specific and have a flexible structure. With more than 200 center frequencies and more than 100 sites, this solution needs some work to make automatic. This work provides an initial attempt and investigation into hardware-assisted source separation to provide monitoring of spurious emissions across a wide bandwidth with low-cost receivers. A variety of paths are open for continuation and improvement of this work. Of particular interest are increasing the tuning speed, increasing the bandwidth, 68 and increasing isolation. Some other limitations still exist with this monitor, but either has fixes planned or will be addressed in the future. Currently, measured power output is relative and not in physical units of measurement. A reference is needed. On-going hardware measurements provide a mapping between monitor output and the real value in dBm. This mapping is being done as part of the deployment of each of the sites. Before deployment, a measurement is taken at various frequencies across the spectrum for each SDR. These are stored in a web server and are potentially accessible by the monitor application at run time. The available frequencies are limited at this stage of POWDER’s development. The RF front end can help reject incident signals from the monitor but is limited to only the frequencies currently available. As additional licenses are acquired, the front end becomes more restrictive, and the monitor system is not able to rely on the front end as much. Experiments shown here do not use the front end, so actual measurements and confidence in deployed nodes is higher but probably just temporarily so. The focus was placed on the CBRS band and band seven, as they are the first available to users. A study is needed over all possible frequencies, to provide stronger monitoring capabilities. One challenge with analyzing de-mixing over the entire frequency band was reliability issues with the B210s. Strange results could be difficult to interpret. As reliability issues are solved, the ability to study the entire band become more feasible. At deployment sites where a powerful mobile communications transmitter is colocated with a POWDER transmitter, the ability to remove the external signals is limited. With the current amount of isolation, accurate identification of experimental emissions is difficult because the incident signal Y is much larger, relatively, than the experimental 69 emissions meaning that de-mixing does not work, and effectively no isolation is present. In frequency-division multiple access systems, this is not a problem, because the experimental transmitter is not likely to cause interference at the mobile receivers due to having a lower transmission power. However, in time-division multiple access systems, an experimental transmitter can broadcast while the mobile receiver is receiving at the same frequency causing harmful interference. Currently, these sites are being evaluated on a case-by-case basis. RF front end notch may be used in these cases. Transient signals are still a problem with this method. Tuning faster and at higher bandwidths show immediate improvements. Higher bandwidths are only possible with more capable receiver hardware. The B210-based system in this monitor operates at the maximum bandwidth possible for two channels. High-bandwidth receivers generally are substantially more costly. The tuning speed might be optimized by changing the properties of the AD9361 chip. Another limitation is the need to be physically present at POWDER sites during calibration. An incident transmitter is needed to provide broadband incident energy. While not known for sure, it is hypothesized that the mixing parameters may change over time. After a snowstorm where snow accumulates on the antennas, the reflection properties are almost certain to change. Whether the isolation is still adequate is not yet known. It may be possible to use an existing experimental radio as the incident transmitter. However, various issues exist, including switching in the RF front end, near-field RF effects, and others. Improvements need to be made to the calibration algorithm and possibly the site hardware designs. Improving isolation can be done in a variety of ways. Better isolation parameters 70 in the couplers will help. Algorithmic solutions are also considered. Independent component analysis (ICA) is a promising method to increase isolation. For 2 signal sources and 2 measurement channels, it is state of the art for audio signal source separation. With only 1 measurement channel, deep learning methods are also promising. ICA uses an information-theoretic criterion to maximize the separation between two signals. Like, the deconvolution method explained above, it estimates a mixing matrix. Deep learning methods use training data to learn the mixing matrix. With only a single channel, this is a much more difficult problem. Deep learning uses advances in neural network topologies, faster hardware, and large amounts of data to estimate complicated non-linear functions. The POWDER platform enables cutting edge research into next-generation mobile networks and wireless communication systems. Next-generation systems will require larger bandwidths and more efficient usage of the spectrum. They will likely need new or improved sharing and multiple access mechanisms. As such, spectrum monitoring will be a vital component of these systems, particularly for operators of communication infrastructure. The monitoring system discussed in this work is an attempt to improve upon state of the art for monitoring large spectrum bands with low-cost receivers. In this work, the objectives included a better understanding of the radio-frequency front ends used in POWDER and their role in adding spurious emissions that a user might not expect. This work also included a design of a spectrum monitoring system that could detect spurious emissions, and a better understanding of the issues of the spectrum monitoring system and its limitations. 71 Figure 5.1 Top: A sweep of 6 GHz spectrum using the monitor system. Harmonics are seen at multiples of the center frequency. Bottom: Another sweep of 6 GHz spectrum but with power slightly reduced so that the harmonics mostly disappear. Some spurs still are seen at low frequencies, and some do not diminish with decreasing power. Their origin is still under investigation. 72 Figure 5.2 A wideband MLS signal received on channel 1 and 2 then isolated by demixing. This figure shows spectral measurements when Y is the MLS and X is zero. Due to reflections, energy from Y shows up on chan 1, which is R2. Increasing the isolation causes this energy to be suppressed. Increasing isolation due to better calibration, better isolation algorithms, or better directional couplers will cause the difference between R1 and R2 to increase. The average distance between R1 and R2 when an MLS is used provides a good measure of performance. 73 Table 5.1 Averaged isolation values in dB. Isolation in dB experiment, CBRS Pre-source de-mixing 4.7438 Post-source de-mixing 8.2593 Isolation in dB experiment, band 7 4.7198 8.2817 74 Figure 5.3 Two wideband MLS signals transmitted simultaneously by the experimental transmitter and the incident transmitter. The incident waveform is centered just below 2.485 GHz and the transmitted signal is centered at 2.510 GHz. The incident signal shows at a lower power on channel two and a higher power on channel one, clearly indicating that it is an external signal. The experimental signal is shown having higher power on channel one and lower power on channel two clearly indicating that it is an experimenter’s signal. REFERENCES [1] CBRS Network Service Technical Specification, (2018). [2] R. AKEELA AND B. DEZFOULI, Software-defined radios: Architecture, state-of-theart, and challenges, Computer Communications, 128 (2018), pp. 106–125. [3] I. F. AKYILDIZ, B. F. LO, AND R. BALAKRISHNAN, Cooperative spectrum sensing in cognitive radio networks: A survey, Physical communication, 4 (2011), pp. 40– 62. [4] N. BALWANI, D. K. PATEL, B. SONI, AND M. LÓPEZ-BENÍTEZ, Long short-term memory based spectrum sensing scheme for cognitive radio, in 2019 IEEE 30th Annual International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC), IEEE, 2019, pp. 1–6. [5] D. BENZVI AND A. SHAFIR, An ica algorithm for separation of convolutive mixture of periodic signals, in 2018 IEEE International Conference on the Science of Electrical Engineering in Israel (ICSEE), IEEE, 2018, pp. 1–5. [6] E. BINGHAM AND A. HYVARINEN, Ica of complex valued signals: a fast and robust deflationary algorithm, in Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium, vol. 3, IEEE, 2000, pp. 357–362. [7] B. BLOESSL, S. JOERER, N. NORDIN, C. SOMMER, AND F. DRESSLER, SaFIC: A Spectrum Analysis Framework for Interferer Classification in the 2.4 GHz Band, IEEE Infocom, (2012), pp. 4–5. [8] J.-T. CHIEN, Source Separation and Machine Learning, Academic Press, 2018. [9] R. H. COASE, The federal communications commission, 2013. [10] F. COMMISSION ET AL., Amendment of the commission’s rules with regard to commercial operations in the 3550-3650 MHz band, 2015. [11] M. COTTON, J. WEPMAN, J. KUB, S. ENGELKING, Y. LO, H. OTTKE, R. KAISER, AND D. ANDERSON, An Overview of the NTIA / NIST Spectrum Monitoring Pilot Program, (2015). 76 [12] K. DAVASLIOGLU AND Y. E. SAGDUYU, Generative Adversarial Learning for Spectrum Sensing, IEEE International Conference on Communications, 2018May (2018), pp. 1–6. [13] M. ETTUS AND M. BRAUN, The universal software radio peripheral (usrp) family of low-cost sdrs, Opportunistic Spectrum Sharing and White Space Access: The Practical Reality, (2015), pp. 3–23. [14] A. GOSAIN, Platforms for advanced wireless research: Helping define a new edge computing paradigm, in Proceedings of the 2018 on Technologies for the Wireless Edge Workshop, ACM, 2018, pp. 33–33. 55 [15] Y. GUDDETI, U. C. S. DIEGO, R. SUBBARAMAN, I. I. T. MADRAS, M. KHAZRAEE, A. SCHULMAN, D. BHARADIA, U. C. S. DIEGO, AND I. NSDI, SweepSense : Sensing 5 GHz in 5 Milliseconds with Low-cost Radios, Proceedings of the, Proc. of NSDI, 2019. [16] A. HYVARINEN, J. KARHUNEN, AND E. OJA, Independent component analysis and blind source separation, 2001. [17] A. KLIKS, P. KRYSZKIEWICZ, L. KU LACZ, K. KOWALIK, M. KO LODZIEJSKI, H. KOKKINEN, J. OJANIEMI, AND A. KIVINEN, Application of the cbrs model for wireless systems coexistence in 3.6–3.8 ghz band, in International Conference on Cognitive Radio Oriented Wireless Networks, Springer, 2017, pp. 100–111. [18] Y. LECUN, Y. BENGIO, AND G. HINTON, Deep learning, Nature, 521 (2015), pp. 436–444. [19] W. M. LEES, A. WUNDERLICH, P. J. JEAVONS, P. D. HALE, AND M. R. SOURYAL, Deep learning classification of 3.5-ghz band spectrograms with applications to spectrum sensing, IEEE transactions on cognitive communications and networking, 5 (2019), pp. 224– 236. [20] M. LI, D. YANG, J. LIN, M. LI, AND J. TANG, SpecWatch: A framework for adversarial spectrum monitoring with unknown statistics, Computer Networks, 143 (2018), pp. 176– 190. [21] A. MILEWSKI, Periodic sequences with optimal properties for channel estimation and fast start-up equalization, IBM Journal of Research and Development, 27 (1983), pp. 426– 431. [22] S. MIRABBASI AND K. MARTIN, Classical and modern receiver architectures, IEEE Communications Magazine, 38 (2000), pp. 132–139. 77 [23] B. A. A. NUNES, M. MENDONCA, X.-N. NGUYEN, K. OBRACZKA, AND T. TURLETTI, A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Communications Surveys & Tutorials, 16 (2014), pp. 1617–1634. [24] T. O’SHEA AND J. HOYDIS, An introduction to deep learning for the physical layer, IEEE Transactions on Cognitive Communications and Networking, 3 (2017), pp. 563–575. [25] T. J. O’SHEA, T. ERPEK, AND T. C. CLANCY, Deep learning based mimo communications, arXiv preprint arXiv:1707.07980, (2017). [26] T. J. O’SHEA, T. ROY, AND N. WEST, Approximating the void: Learning stochastic channel models from observation with variational generative adversarial networks, in 2019 International Conference on Computing, Networking and Communications (ICNC), IEEE, 2019, pp. 681–686. [27] N. PATWARI, J. N. ASH, S. KYPEROUNTAS, A. O. HERO, R. L. MOSES, AND N. S. CORREAL, Locating the nodes: cooperative localization in wireless sensor networks, IEEE Signal processing magazine, 22 (2005), pp. 54–69. [28] J. G. PROAKIS AND D. G. MANOLAKIS, Digital signal processing, PHI publication, (2004). 56 [29] Z. QIN, H. YE, G. Y. LI, AND B.-H. F. JUANG, Deep learning in physical layer communications, IEEE Wireless Communications, 26 (2019), pp. 93–99. [30] V. RAJ AND S. KALYANI, Backpropagating through the air: Deep learning at physical layer without channel models, IEEE Communications Letters, 22 (2018), pp. 2278–2281. [31] B. RAZAVI, Design considerations for direct-conversion receivers, IEEE Transactions on Circuits and Systems II: Analog and Digital Signal Processing, 44 (1997), pp. 428–435. [32] S. SHAH AND R. G. YELALWAR, Comparative Analysis of Energy Detection and Artificial Neural Network for Spectrum Sensing in Cognitive Radio, ICTACT Journal on Communication Technology, 10 (2019), pp. 1936–1942. [33] J. TIAN, P. CHENG, Z. CHEN, M. LI, H. HU, Y. LI, AND B. VUCETIC, A machine learning-enabled spectrum sensing method for ofdm systems, IEEE Transactions on Vehicular Technology, 68 (2019), pp. 11374–11378. [34] P. K. VERMA, S. TALUJA, AND R. L. DUA, Performance analysis of energy detection, matched filter detection & cyclostationary feature detection spectrum sensing techniques, International Journal of Computational Engineering Research, 78 2 (2012), pp. 1296–1301. [35] J. VUOLEVI AND T. RAHKONEN, Distortion in RF power amplifiers, Artech house, 2003. [36] T. WANG, C.-K. WEN, H. WANG, F. GAO, T. JIANG, AND S. JIN, Deep learning for wireless physical layer: Opportunities and challenges, China Communications, 14 (2017), pp. 92–111.