Upload
vankhanh
View
215
Download
0
Embed Size (px)
Citation preview
© ICU 2003전파교육센터© ICU 2003전파교육센터1
성균관대학교 성균관대학교 정보통신공학부정보통신공학부
조준동 교수조준동 교수
Software Defined RadioSoftware Defined RadioSystem System ArchitectureArchitecture
© ICU 2003전파교육센터© ICU 2003전파교육센터2
44 세대 이동통신 시스템세대 이동통신 시스템
© ICU 2003전파교육센터© ICU 2003전파교육센터3
Wireless networks Wireless networks standardized by IEEE 802 standardized by IEEE 802
standard committee.standard committee.
Application 7
Session 5
Network 3
Transport 4
Link 2
Physical 1
Transport Medium
Application
Presentation
Session
Network
Transport
Link
Physical
Transport Medium
Transfer
Location A Location B
Relay Point
OSI Reference Model
Network Network
Link Link
Physical Physical
Presentation 6
Transport Medium
Application
Session
Network
Transport
Link
Physical
Transport Medium
Transfer
Location A Location B
Relay Point
OSI Reference Model
Network Network
Link Link
Physical Physical
© ICU 2003전파교육센터© ICU 2003전파교육센터4
Reconfigurability in SDRReconfigurability in SDRMobile station Etc.
Application layer
Application programs (game, user encryption, e-commerce, etc.)Location Finding Service
Programming is opened for third parties, downloadable by users
Middle layer
Authentication, encryption,Radio network,Bandwidth management,Adaptive QoS
Programmed only by manufacturesApproval is necessaryDownloadable by users with some restriction
Physical layer
Radio resource managementMultiple accessModulation schemeChannel separationAntenna pattern
License is necessary
© ICU 2003전파교육센터© ICU 2003전파교육센터5
Modular SDR Modular SDR ArchitectureArchitecture
BB/IF Real/Complex
Digital/Analog
ANTENNA RFChannelSelector/Combiner
BasebandProcessing
DSP
Call/MessageProcessing &
I/O
CommonSystem
Equipment
I/O
MONITOR/CONTROL
Multimedia/WAP
ROUTING
I/O I/O I/O I/O
BBText Flow
Control bits
BBText Flow
Control BitsRFRF
Voice/PSTNData/IP
Flow ControlNSS/Network
AIR
I
C
I
C
I
C
I
C
AUX AUX AUX AUX AUX
Ext. Ref
Clock/StobeRef, Power
Remote Control/Display
Local Control
SDR Forum
© ICU 2003전파교육센터© ICU 2003전파교육센터6
APIs
OTA - Download
User Terminal
Service provider with UCCH support The Software
Component Servers
Software DownloadSoftware Download새로운 사용자 애플리케이션이나 그래픽 인터페이스새로운 사용자 애플리케이션이나 그래픽 인터페이스 (GUI),(GUI),프로토콜 스택과 물리 계층 변경 소프트웨어 등을프로토콜 스택과 물리 계층 변경 소프트웨어 등을다운로드다운로드 , , 소프트웨어 버그 수정소프트웨어 버그 수정 ..
© ICU 2003전파교육센터© ICU 2003전파교육센터7
Software DownloadSoftware Download– Download at Base StationDownload at Base Station
•Software download is relatively easy Software download is relatively easy •Old Software in the flash memory is Old Software in the flash memory is replaced by the new onereplaced by the new one
– Download at Mobile StationDownload at Mobile Station•Software radio can provide the Software radio can provide the terminal agent functionterminal agent function
•this function depends on user’s this function depends on user’s favor (Cost effectiveness, QoS)favor (Cost effectiveness, QoS)
© ICU 2003전파교육센터© ICU 2003전파교육센터8
Component Based Development
• CBD Technology- Is the foundation of the JTRS SCA- Portable, reusable waveform
applications- To realize the reusability objectives
of S/W engineering community- Fundamental premise : “buy, don’t
build”
© ICU 2003전파교육센터© ICU 2003전파교육센터9
For CBD, software component
1. Interface- Component behavior & protocols
2. Implementation - Component implementation
information3. Deployment
- Specific operating environment requirements
© ICU 2003전파교육센터© ICU 2003전파교육센터10
Middleware:Middleware:CORBA (Common Object RequetCORBA (Common Object Requet
Broker Architecture) Broker Architecture)
© ICU 2003전파교육센터© ICU 2003전파교육센터11
Software Communications Software Communications Architecture (SCA), JTRSArchitecture (SCA), JTRS
Core Framework (CF)Commercial Off-the-Shelf (COTS)
Non-Core (Radio) Applications
OE
Red (Non-Secure) Hardware Bus
CFServices &
Applications
CORBA ORB &Services
(Middleware)
Network Stacks & Serial Interface Services
Board Support Package (Bus Layer)
POSIX Operating System
RF API
RF API
Black (Secure) Hardware Bus
CFServices &
Applications
CORBA ORB &Services
(Middleware)
Network Stacks & Serial Interface Services
Board Support Package (Bus Layer)
POSIX Operating System
Core Framework IDL (Logical Software Bus via CORBA)
Non-CORBAModem
ApplicationsNon-CORBAModem API
Non-CORBASecurity
Applications
Non-CORBAHost
ApplicationsNon-CORBASecurity APIRF
ModemApplications
Link, NetworkApplications
SecurityApplications
ModemAdapter
SecurityAdapter
SecurityAdapter
HostAdapter
HostApplications
Modem NAPI Link, Network NAPI Link, Network NAPI
Non-CORBAHost API
Link, NetworkApplications
© ICU 2003전파교육센터© ICU 2003전파교육센터12
JTRS’s SCA v2.2 JTRS’s SCA v2.2 • Common open architecture: Common open architecture: 표준화된 구조 표준화된 구조
정의정의• Multiple domain: Multiple domain: 적용 범위 확대적용 범위 확대• Multiple bands, Multiple modesMultiple bands, Multiple modes• Compatibility with legacy systemCompatibility with legacy system• Technology insertionTechnology insertion• SecuritySecurity• Networking: Networking: 음성음성 , , 데이터데이터 , , 영상 서비스 제공영상 서비스 제공• Software reuse/Common waveform Software reuse/Common waveform
softwaresoftware
© ICU 2003전파교육센터© ICU 2003전파교육센터13
Application Programming Application Programming InterfaceInterface
Tier Tier <Architectual><Architectual>
Tier 1 Tier 1 <Functional><Functional>
Tier 2 <Transport Tier 2 <Transport and and Communication>Communication>
Tier 3 <Physical>Tier 3 <Physical>
•API API 구조의 최상위 구조의 최상위 계층으로서 계층으로서 Radio Radio architecturearchitecture 를 를 정의정의 . . • 양방향성을 양방향성을 가지고가지고 , , 정보와 정보와 제어 기능제어 기능•외부 인터페이스가 외부 인터페이스가 있다있다 . .
•시스템이 시스템이 수행해야 할 수행해야 할 다양한 기능을 다양한 기능을 정의정의• 각 모듈간에 각 모듈간에 어떤 메시지가 어떤 메시지가 교환되어야 하고 교환되어야 하고 그 안에는 어떤 그 안에는 어떤 내용을 담아내용을 담아 야 하는지를 야 하는지를 정의정의 ..
•Tier 1Tier 1 에서 정의된 에서 정의된 메시지가 어떻게 메시지가 어떻게 전송되고 교환되는가를 전송되고 교환되는가를 정의정의 .. 예예 > S/W > S/W 모듈에서는 일반적으로 모듈에서는 일반적으로 공유메모리를 이용한 공유메모리를 이용한 C function callC function call 로 로 정의될 수 있으나 다중 정의될 수 있으나 다중 프로세서 환경에서는 프로세서 환경에서는 serial link serial link 등으로 등으로 메시지가 전달 및 메시지가 전달 및 교환될 수 있다교환될 수 있다 ..
•Plug connectorPlug connector나 나 form factorform factor 와 와 같이 물리적인 같이 물리적인 요소들이 서로 요소들이 서로 어떻게 어떻게 결합되는지를 결합되는지를 나타낸다나타낸다 . . •물리적인 대부분의 물리적인 대부분의 기능을 하나의 기능을 하나의 칩으로 구현시키는 칩으로 구현시키는 제품에서는 이 제품에서는 이 인터페이스는 인터페이스는 의미가 없지만의미가 없지만 , , 각 각 모듈이 표준화된 모듈이 표준화된 plugplug 가 필요한 가 필요한 곳에서는 곳에서는 필수적이다필수적이다 ..
© ICU 2003전파교육센터© ICU 2003전파교육센터14
SDR Plug & Play ArchitectureSDR Plug & Play Architecture
Extensiveuse ofCOTS
Use Of Common/Std
Interfaces
Use ofHigh OrderLanguages
Use OfCommon
BUS
SW COTS include:• POSIX OS• OMG v2 CORBA • SNMP AGENT• WEB SERVER
• OMG v2 CORBA• Ethernet, RS-232, RS-422...• TCP/IP, UDP, SLIP, PPP• Rooftop Net API• Rooftop Radio API• Sockets
•“C++”, JAVA, Ada95 for Control Processors•“C” for Modems and INFOSEC
•Compact-PCI•SPCI•VME•PCI ...
OOA/OODIAW OMG
•UML OOD Notation•CORBA IDL Interface Definition
SDR Plug & PlaySDR Plug & Play ArchitectureArchitectureHW COTS
include:•ASIC • DSP •FPGA
© ICU 2003전파교육센터© ICU 2003전파교육센터15
Plug & Play Capability-Plug & Play Capability-CORBA Based ImplementationCORBA Based Implementation
1. “A” Server requests resource from “B” 2. Destination ORB invokes “B” 3. Once resource is attained, “A” Server invokes the remote operation on “B” Server4. Destination ORB invokes “B” Server operation
“A” OBJECT
TRANSPORT LAYER
“A” SERVER
“B”CLIENT
ORB
“B” OBJECT
TRANSPORT LAYER
“B” SERVER
“A”CLIENT
ORB
BUS
1 23 4
© ICU 2003전파교육센터© ICU 2003전파교육센터16
System Architecture of System Architecture of TRUSTTRUST
Network BearerService Profile
AccessStratumModule
QoS Manager
ProxyReconfiguration Manager
(RPM)
Mode Negotiation andSwitching Module (MNSM)
AuthenticationManager
Location UpdateModule
Terminal Capability Lookup
Table
TerminalReconfiguration
Profile
Resource System Management Module (RSMM)
Software DownloadModule (SDM)
LookupTables
CPUManagement
PowerManagement
MemoryManagement
Applications
ProfileDatabase
User Interface
BandwidthManagement
Module(BMM)
Configuration ManagementModule (CMM)
Reconfiguration ManagementModule (RMM)
ModeIdentification &
MonitoringModule (MIMM)
user
Serviceprovider
NetworkOperator
© ICU 2003전파교육센터© ICU 2003전파교육센터17
Process requirementsProcess requirements1. Available modes lookup1. Available modes lookup2. Detection of new air interface & 2. Detection of new air interface &
monitoringmonitoring3. Authentication3. Authentication4. Mode negotiation4. Mode negotiation5. Making decision to change mode5. Making decision to change mode6. Software download Over The Air 6. Software download Over The Air
(OTA)(OTA)7. Reconfiguration7. Reconfiguration8. Location update8. Location update
© ICU 2003전파교육센터© ICU 2003전파교육센터18
Mode Identification and Mode Identification and Monitoring Module (MIMM)Monitoring Module (MIMM)
• 대체 대체 modemode 의 발견의 발견 , , 식별식별 , , 감시감시
– 단말기의 자원단말기의 자원 // 능력능력
– 단말기의 현재 단말기의 현재 modemode– 사용 가능한 시간의 양사용 가능한 시간의 양
• 식별된 대체 식별된 대체 modemode 들의 감시들의 감시
– 충분한 충분한 service level service level 과 연결 품질 제공 보증 과 연결 품질 제공 보증
• 외부 요소에 의한 지원외부 요소에 의한 지원
– Proxy, other terminal, 3Proxy, other terminal, 3rdrd party party– 발견발견 , , 감시 작업에 대한 단말기의 부하 감소감시 작업에 대한 단말기의 부하 감소
© ICU 2003전파교육센터© ICU 2003전파교육센터19
Mode Negotiation and Mode Negotiation and Switching Module (MNSM)Switching Module (MNSM)
• Mode Mode 협상 작업을 가이드협상 작업을 가이드– 다른 다른 modemode 의 사용가능성 및 요구되는 성능 수준을 단말기가 의 사용가능성 및 요구되는 성능 수준을 단말기가
제공할 수 있는 지 여부 확인제공할 수 있는 지 여부 확인– 시스템의 부하와 연결 품질 고려시스템의 부하와 연결 품질 고려
• 사용 가능한 모드에 대한 이전 지식을 기반으로 작업 사용 가능한 모드에 대한 이전 지식을 기반으로 작업 – 사용자 프로파일사용자 프로파일 , , 단말기 상태단말기 상태 , , eventevent 등을 참조 하여 사용 등을 참조 하여 사용
가능한 가능한 modemode 의 순위 생성 의 순위 생성 • 새로운 새로운 ModeMode 로 변경 여부 결정 시 고려할 정보로 변경 여부 결정 시 고려할 정보
– 사용자 선호도 사용자 선호도 (profile Databases) (profile Databases) 및 및 Link level Link level 품질품질– 재설정 복잡도 재설정 복잡도 ; ; Configuration Management MobileConfiguration Management Mobile– 소프트웨어 다운로드에 소요되는 시간 예상치소프트웨어 다운로드에 소요되는 시간 예상치 ; ; SDM (Software SDM (Software
Download Module)Download Module)– 협상 결과는 차후 사용 대비 협상 결과는 차후 사용 대비 Lookup tableLookup table 에 저장에 저장
© ICU 2003전파교육센터© ICU 2003전파교육센터20
• The terminal check the Network was accessed The terminal check the Network was accessed
previously.If negative, Service Negotiation previously.If negative, Service Negotiation check whether the required service is check whether the required service is accessible in the visiting Network.accessible in the visiting Network.
• QoS NegotiationQoS Negotiation 1. The first step is to map the service classes.1. The first step is to map the service classes. 2. QoS manager will take care of deciding 2. QoS manager will take care of deciding
whether the QoS is likely to be reached.whether the QoS is likely to be reached.• Network Capability negotiationNetwork Capability negotiation software and hardware module software and hardware module
reconfiguration compatibility are checked.reconfiguration compatibility are checked.
Mode NegotiationMode [email protected]@kcl.ac.uk
© ICU 2003전파교육센터© ICU 2003전파교육센터21
QoS ManagementQoS Management
Mapping QoS Mapping QoS parameterparameterMonitering the Monitering the current status of current status of serviceserviceDynamically Dynamically reserving reserving resourceresource
SubjectiveQoS
Perception
QoSManager
Application
Terminal ReconfigurationCapabilities
Network bearercapabilities
User End-UseQoS
ApplicationQoS
TerminalQoS
NetworkQoS
© ICU 2003전파교육센터© ICU 2003전파교육센터22
Configuration Management Configuration Management Module (CMM)Module (CMM)
• 단말기 단말기 core softwarecore software 와 와 hardwarehardware 가 구현의 가 구현의 유연성 제약 없이 통합유연성 제약 없이 통합
• CheckResource, InformationRequest, CheckResource, InformationRequest, Shutdown, Reconfigure, DownloadSoftwareShutdown, Reconfigure, DownloadSoftware
• 현재 현재 mode mode 와 미래 사용 가능한 와 미래 사용 가능한 mode mode 정보를 정보를 mode switching modulemode switching module 에 제공에 제공
• Mode Mode 지원에 필요한 설정간의 지원에 필요한 설정간의 mapping mapping 정보 정보 제공제공
© ICU 2003전파교육센터© ICU 2003전파교육센터23
Proxy Re-configuration Proxy Re-configuration Manager (PRM)Manager (PRM)
• Mode negotiation, Mode negotiation, 식별식별 , , 감시감시 , , 변경변경 , , software software download download 작업작업 , , 설정 작업들에 대한 정보 제공설정 작업들에 대한 정보 제공 , ,
• Provide the mechanism for network Provide the mechanism for network centric software downloadcentric software download
• 단말기의 작업 부하 단말기의 작업 부하 ((CPU, battery CPU, battery 부하부하 ) ) 감소감소
• IP IP 기반 네트워크에 대한 기반 네트워크에 대한 ProxyProxy 의 직접 의 직접 연결을 가능케 함연결을 가능케 함
• 단말기에 대한 단말기에 대한 Information brokerInformation broker
© ICU 2003전파교육센터© ICU 2003전파교육센터24
Software Download Module Software Download Module (SDM)(SDM)
• BMM (Bandwidth Management BMM (Bandwidth Management Module)Module)– Calculate the optimum download strategy Calculate the optimum download strategy
and sends it to the SDMand sends it to the SDM
Download Rquest
Cost Function
Download Method Identification
Download Planning
Download Strategy Download Software
© ICU 2003전파교육센터© ICU 2003전파교육센터25
스마트 카드 스마트 카드 vs vs 무선 다운로드무선 다운로드
Non-OTA (Server Non-OTA (Server connection, PC, Kiosk, connection, PC, Kiosk, smart card)smart card)
Over The Air Over The Air
장점장점 에러가 없고에러가 없고 , , 빠른 다운로드가 빠른 다운로드가 가능가능 , , 네트웍에 무관네트웍에 무관
값이 싸고값이 싸고 , , 소프트웨어가 소프트웨어가 즉시 바뀌며 사용자가 부가 즉시 바뀌며 사용자가 부가 적인 행동 불 필요적인 행동 불 필요
단점단점 고비용고비용 , , 사용자의 불편을 초래사용자의 불편을 초래 , , 소프트웨어를 저장용 메모리소프트웨어를 저장용 메모리 , , 별도 장비필요별도 장비필요 ..
다운로드중에 에러가 발생 다운로드중에 에러가 발생 가능가능 , , 속도가 느리며속도가 느리며 , , 네트웍에 큰 영향을 준다네트웍에 큰 영향을 준다 . . 표준화 필요표준화 필요
© ICU 2003전파교육센터© ICU 2003전파교육센터26
Download ProtocolDownload Protocol
• 초기화초기화 (Initiation) (Initiation) • 상호인증상호인증 (Mutual authentication)(Mutual authentication)• 능력교환능력교환 (Capability exchange)(Capability exchange)• 다운로드 승인교환다운로드 승인교환 (Download (Download
acceptance)acceptance)• 다운로드다운로드 //에러 테스트 에러 테스트
(Download/integrity test)(Download/integrity test)• InstallationInstallation
© ICU 2003전파교육센터© ICU 2003전파교육센터27
Common algorithm Common algorithm structure and appropriate structure and appropriate
parametersparameters• The Frame Structure with Power The Frame Structure with Power
ControlControl– Frame structure concerning power control Frame structure concerning power control
can be characterized by a set of can be characterized by a set of parametersparameters
• ModulationModulation– QPSK : IS-95 CDMA and WCDMA systemsQPSK : IS-95 CDMA and WCDMA systems
– GMSK : GSM and DECT systemsGMSK : GSM and DECT systems
0
)()(n
nQPSK nTtgZtS
0
)()](exp[n
nTtgn
0
])(2exp[)(n
t
nGMSK dnTgdhjtS
0
0 )(n
n nTtCZ
© ICU 2003전파교육센터© ICU 2003전파교육센터28
Software layers on SDRSoftware layers on SDR• Layer A (Application Software)Layer A (Application Software)
– End-user application software such as WWW, user interface, etc
• Layer B (Communication Protocol Layer B (Communication Protocol Software)Software)
– Control call process, handover resource allocation and so on
• Layer C (Signal Processing Algorithm Layer C (Signal Processing Algorithm Software)Software)
– About physical layer related to Modulation, CODEC, interleaving.. etc
© ICU 2003전파교육센터© ICU 2003전파교육센터29
Software download timeSoftware download time • TTddD/R = D/WD/R = D/W• TTdd : the software download time : the software download time• R : the channel data rateR : the channel data rate• D : the code download quantityD : the code download quantity• W : bandwidthW : bandwidth
DD TdTdAA 5MB5MB 150s150sBB 500kB500kB 15s15sCC 50kB50kB 1.5s1.5sPP 50B50B 1.5m1.5m
ss
DD TdTdAA 5MB5MB 150s150sBB 500kB500kB 15s15sCC 50kB50kB 1.5s1.5sPP 50B50B 1.5m1.5m
ssW.200Khz W.1Mhz
The downloading time with the dedicated download channelThe downloading time with the dedicated download channel
© ICU 2003전파교육센터© ICU 2003전파교육센터30
Download ComplexityDownload Complexity
• A set of components for a radio A set of components for a radio functionalityfunctionality
• Right set of components for right timeRight set of components for right time• Time taken for downloadTime taken for download
– Push:download is initiated by base Push:download is initiated by base stationstation
– Pull: download request by user Pull: download request by user terminal terminal
• Validation of downloaded componentsValidation of downloaded components• Compilation of componentsCompilation of components
Jamadagni, Silicon Automation Systems, IndiaJamadagni, Silicon Automation Systems, India
© ICU 2003전파교육센터© ICU 2003전파교육센터31
Pull and PushPull and Push• Pull : SDR terminal locating s/w Pull : SDR terminal locating s/w
components may cause heavy traffic.components may cause heavy traffic.• Push: tailor data to user’s profiles in Push: tailor data to user’s profiles in
anticipation of user “when needed” anticipation of user “when needed”• Download s/w Download s/w
– Computing applicationsComputing applications– Protocol entities or changing of the Protocol entities or changing of the
air interface or serviceair interface or service– Signal processing algorithm for Signal processing algorithm for
modificationmodification
© ICU 2003전파교육센터© ICU 2003전파교육센터32
User Download RequestUser Download Request• Pure-Push: periodic push and Pure-Push: periodic push and
updating without requestupdating without request• Pure-Pull: on a miss, clients send Pure-Pull: on a miss, clients send
a pull request to the servera pull request to the server• Hybrid Push and Pull: The client Hybrid Push and Pull: The client
sends a pull request for a sends a pull request for a component only if the periodicity component only if the periodicity of push by the server is greater of push by the server is greater than a threshold.than a threshold.
© ICU 2003전파교육센터© ICU 2003전파교육센터33
Complete download Complete download scenarioscenario
PULL
PUSH
Push vs Pull for complete download scenario
SignalProcessing
ProtocolComp’s Application
Comp’s
Full personality download
© ICU 2003전파교육센터© ICU 2003전파교육센터34
Incremental personality Incremental personality downloaddownload
• Server Load is low -> Clients in steady state, Pull-based download is Server Load is low -> Clients in steady state, Pull-based download is betterbetter
• Server Load is high -> push approach is better since server requests are Server Load is high -> push approach is better since server requests are queued leading to latencies in servicing requestsqueued leading to latencies in servicing requests
• Server load is moderate -> Server load is moderate -> Hybrid
PULL
PUSH
A Push vs Pull possibility for the incremental download
SignalProcessing
ProtocolComp’s
ApplicationComp’s
Involves just in time download of needed components
© ICU 2003전파교육센터© ICU 2003전파교육센터35
Centralized Distribution of Centralized Distribution of Software, Software, TRUSTTRUST
인터넷 또는 작은 규모의 네트워크에서의 클라이언트 서버 구조인터넷 또는 작은 규모의 네트워크에서의 클라이언트 서버 구조 - - 중앙의 서버로부터 소프트웨어 다운로드후 업그레이드중앙의 서버로부터 소프트웨어 다운로드후 업그레이드 - - 터미널이 업그레이드 되기 위해서 하나의 서버로 충분터미널이 업그레이드 되기 위해서 하나의 서버로 충분 큰 규모의 네트워크에서의 클라이언트 서버 구조큰 규모의 네트워크에서의 클라이언트 서버 구조 - - 하나 이상의 서버가 필요 하나 이상의 서버가 필요 - - 라우팅 메커니즘 도입 필요라우팅 메커니즘 도입 필요 - - 캐시서버캐시서버 (PROXY SERVER)(PROXY SERVER) 이용이용 아주 오랜 시간 업데이트 되거나 수많은 아주 오랜 시간 업데이트 되거나 수많은 server server 또는 프록시를 또는 프록시를
필요로 하게 됨필요로 하게 됨 특정 시간에 준하여 주기적으로 신호를 브로드캐스팅 해서 특정 시간에 준하여 주기적으로 신호를 브로드캐스팅 해서
업그레이드가 가능한지 요청하도록 할 수 있으나 그것 자체가 업그레이드가 가능한지 요청하도록 할 수 있으나 그것 자체가 터미널터미널 -- 네트웍간의 추가적 부하 야기네트웍간의 추가적 부하 야기
© ICU 2003전파교육센터© ICU 2003전파교육센터36
SoftwareSoftwareServer 1Server 1
SW request
SW download
Software
Server 2
Software
Server N
SW requestLoad balancing
Central software Central software distributiondistribution
© ICU 2003전파교육센터© ICU 2003전파교육센터37
SoftwareSoftwareServer 1Server 1
SW requestSW download
SoftwareCacheServer 1
Proxy caching
…SoftwareCacheServer 2
SoftwareCacheServer N
Software distribution with Software distribution with proxies.proxies.
© ICU 2003전파교육센터© ICU 2003전파교육센터38
Decentralized Software Decentralized Software DistributionDistribution
SoftwareSoftwareServer 1Server 1
SW distribution: SW distribution: Step 1Step 1(Central: Server -> (Central: Server -> terminal)terminal)
(2)
(1)
(3) (4)
( (( )) )
( (( )) )
( (( )) )( (( )) )
SW distribution: Step SW distribution: Step 22(Decentral: Terminal -(Decentral: Terminal -> terminal)> terminal)SW distribution: Step SW distribution: Step 33(Decentral: Terminal -(Decentral: Terminal -> terminal)> terminal)
....
© ICU 2003전파교육센터© ICU 2003전파교육센터39
1 21
Access point
Mobile terminal
BlackboardBlackboard List of availableList of available services in the services in the
cellcell Green serviceGreen serviceavailableavailable
BlackboardBlackboard List of availableList of available services in the cellservices in the cell Add green serviceAdd green serviceavailableavailable
이동통신에서 가능한 분산 방식이동통신에서 가능한 분산 방식
2
© ICU 2003전파교육센터© ICU 2003전파교육센터40
ISSUES IN OTA DEVICE SOFTWAREISSUES IN OTA DEVICE SOFTWARE UPGRADESUPGRADES
Figure 1. Elements involved in OTA mobile software upgrade
2.1. Interoperability
2.2. Variations in ME architectures
2.3. Extensibility
© ICU 2003전파교육센터© ICU 2003전파교육센터41
PROPOSED ARCHITECTUREPROPOSED ARCHITECTURE1. Notification and Download Protocol for
patch
SyncML(SYNChronization/device Management protocoL)
=> J2SE at server side, J2ME and MIDP(Mobile Information Device Profile) at client side.
2. Storage and Installation of patch on ME
We have used J2ME at client side for defining Java API for this functionality.
3. Generation and Storage of patch on download server
© ICU 2003전파교육센터© ICU 2003전파교육센터42
Client Application(Midlet)
TM Profile
SyncMLProfile
HTTP
Patch Profile
Security LibraryServer Application(Servlet)
Server Profile
SyncMLProfile
HTTP
MIB
PatchGenerator
SyncML DMProtocol
Management Server(J2SE Environment)
TransportProtocol
Management Client(J2ME Environment)
Figure 2. OTA Mobile Device Software Management Architecture
PersistentMemory
User InterfaceUser Interface
Device Management LogicDevice Management Logic
Data Repository ManagementData Repository Management
DataDataRepositoryRepository
ManagementManagement
© ICU 2003전파교육센터© ICU 2003전파교육센터43
Software Communications Software Communications Architecture (SCA) Security Architecture (SCA) Security
elementselements• The The SCA security supplementSCA security supplement contains several contains several
hundred specific security requirementshundred specific security requirements - Encryption & Decryption Services- Encryption & Decryption Services - Information Integrity- Information Integrity - Authentication & Non-repudiation- Authentication & Non-repudiation - Access Control- Access Control - Auditing and Alarms- Auditing and Alarms - Key and Certificate Management- Key and Certificate Management - Security Policy Enforcement & Management- Security Policy Enforcement & Management - Configuration Management- Configuration Management - Memory Management- Memory Management
John J. FittonJohn J. Fitton
© ICU 2003전파교육센터© ICU 2003전파교육센터44
Encryption & Decryption Encryption & Decryption ServicesServices
• These servicesThese services can be used (1)to can be used (1)to maintain maintain the privacythe privacy of different types of of different types of information; (2)to information; (2)to protect the informationprotect the information; ; (3) to (3) to protect the integrityprotect the integrity of any class of of any class of software for download purposessoftware for download purposes
• The The encryption algorithmencryption algorithm used for download used for download should be standardized on a global levelshould be standardized on a global level
• Efforts should focus on Efforts should focus on minimizingminimizing the the number of different standardsnumber of different standards
• Encryption/Decryption algorithms could be Encryption/Decryption algorithms could be downloaded and executed as part of the downloaded and executed as part of the Security Provider ApplicationSecurity Provider Application
© ICU 2003전파교육센터© ICU 2003전파교육센터45
Information IntegrityInformation Integrity• Information IntegrityInformation Integrity ensures that ensures that
information received or stored at some information received or stored at some earlier point has not been changed either as earlier point has not been changed either as a result of transmission/storage media errors a result of transmission/storage media errors or intentional modificationor intentional modification
• One method of providing this service is to One method of providing this service is to encrypt the informationencrypt the information with an algorithm with an algorithm designed to prevent undetected modification designed to prevent undetected modification of the informationof the information
• Another method might be to perform a form Another method might be to perform a form of of mathematical calculationmathematical calculation using all of the using all of the informationinformation
© ICU 2003전파교육센터© ICU 2003전파교육센터46
Authentication & Authentication & Non-repudiationNon-repudiation
• Authentication and non-repudiationAuthentication and non-repudiation methods are well known by those familiar methods are well known by those familiar with with public key cryptographypublic key cryptography
• These involve the use of These involve the use of digital digital signaturessignatures and and certificates.certificates.
• These security functions as one of the These security functions as one of the most critical to solving the most critical to solving the SDR download SDR download securitysecurity since they provide the means to since they provide the means to verify the legitimacy of a software verify the legitimacy of a software package downloaded onto a SDR terminalpackage downloaded onto a SDR terminal
© ICU 2003전파교육센터© ICU 2003전파교육센터47
Access ControlAccess Control• Access ControlAccess Control mechanisms in mechanisms in
today's environment generally today's environment generally consist of consist of user passwordsuser passwords
• Two areas of concern regarding Two areas of concern regarding access controls are (1) access controls are (1) how how passwords are protectedpasswords are protected within the within the terminal; and (2) terminal; and (2) what access control what access control mechanismsmechanisms are necessary to access are necessary to access any terminal security audit log.any terminal security audit log.
© ICU 2003전파교육센터© ICU 2003전파교육센터48
Auditing and AlarmsAuditing and Alarms• Auditing and alarmsAuditing and alarms security security
functions provide a means to functions provide a means to capture events that the terminal capture events that the terminal records in some manner records in some manner when a when a security process is violatedsecurity process is violated
• This process might be a receipt of This process might be a receipt of an improperly signed software an improperly signed software download or a report of numerous download or a report of numerous failed attempts for password entryfailed attempts for password entry
© ICU 2003전파교육센터© ICU 2003전파교육센터49
Key and Certificate Key and Certificate ManagementManagement
• Key lengths, formats and key tags identifying Key lengths, formats and key tags identifying the function of the key, expiration dates, the function of the key, expiration dates, etc..., are all candidates for etc..., are all candidates for standardizationstandardization
• Standardization efforts must go beyond Standardization efforts must go beyond format and content, and address format and content, and address how, when how, when and where keys and certificates and where keys and certificates will be will be updated and replaced, and updated and replaced, and what security what security mechanisms mechanisms are required to protect these are required to protect these items while they are in transititems while they are in transit
• Decision must be made to define Decision must be made to define who may who may have the authority and resources have the authority and resources to create to create keys and certificateskeys and certificates
© ICU 2003전파교육센터© ICU 2003전파교육센터50
Security Policy Enforcement & Security Policy Enforcement & ManagementManagement
• Security policiesSecurity policies are simply are simply defined as rules governing how defined as rules governing how the security mechanisms are to be the security mechanisms are to be employedemployed
• Specific security policies could be Specific security policies could be downloaded and installed in the downloaded and installed in the same manner assame manner as keys keys or or digital digital certificatescertificates
© ICU 2003전파교육센터© ICU 2003전파교육센터51
Configuration Configuration ManagementManagement
• Configuration managementConfiguration management is necessary is necessary within the SDR to ensure that the terminal within the SDR to ensure that the terminal has the required hardware capability to has the required hardware capability to support a support a new software downloadnew software download
• The terminal should provide a The terminal should provide a copy of an copy of an installation log listinginstallation log listing the hardware the hardware platform type and configuration as well as platform type and configuration as well as an an identifier identifier and and version numberversion number of all of all installed software to the centralized installed software to the centralized configuration managerconfiguration manager
© ICU 2003전파교육센터© ICU 2003전파교육센터52
Memory ManagementMemory Management• Memory managementMemory management can be an can be an
extremely effective security measure extremely effective security measure to guard against surreptitious to guard against surreptitious attempts to attempts to modify installed softwaremodify installed software
• In this role the Radio Security Module In this role the Radio Security Module would have output control signals to would have output control signals to allow the memory allow the memory write-access control write-access control lineslines to activate and support writing of to activate and support writing of programs and data into memoryprograms and data into memory
© ICU 2003전파교육센터© ICU 2003전파교육센터53
SINCGARSNET 1 SDR
NET A
SDR NET C
SINCGARSNET 2
SDRNET D
SDR NET EIW Threat
MonitoringJamming
DeceptionChaos
SDR 1 SDR 1
SDR 1 SDR 1
위성
Wired Infrastructure
Wireless Attacks LOS, HF, SATCOM, UAV
Wired AttacksEthernet
HF/LOSLinks
UAV Links
SATCOMLinks
Wireless & Wired IW Attacks on SDRWireless & Wired IW Attacks on SDR
© ICU 2003전파교육센터© ICU 2003전파교육센터54
SDR Subsystem IWSDR Subsystem IW DetectionDetectionCareful subsystem design, bus access Careful subsystem design, bus access control, control, message authentication, and physical message authentication, and physical LAN security LAN security
Ethernet Interface SecurityMessage
LayerAuthentication
Physical Layer
Detection
RF Subsystem
BlackHost
Red Host
Security Subsystem
Modem Subsystem
PCI Bus
© ICU 2003전파교육센터© ICU 2003전파교육센터55
Physical Layer Physical Layer DetectionDetectionSpecifying waveforms with processing gain Specifying waveforms with processing gain
options for frequency hopping, spreading, options for frequency hopping, spreading, and interference suppressionand interference suppressionCommand changes in operating band and Command changes in operating band and
modulation to modulation to avoid or mitigate the attacking threat.avoid or mitigate the attacking threat.
SDR networks must be designed with the SDR networks must be designed with the flexibilityflexibility to minimize the opportunities for to minimize the opportunities for successful enemy action or disruption.successful enemy action or disruption.
flexibility flexibility multiple modulation formats, multiple modulation formats, frequency bandsfrequency bands
Steer antenna nulls in the direction of the Steer antenna nulls in the direction of the attacker attacker
Information-style attacks that attempt to Information-style attacks that attempt to subvert operation and data in the radiossubvert operation and data in the radios
© ICU 2003전파교육센터© ICU 2003전파교육센터56
SDR SecuritySDR Security• SDR S/W SDR S/W 다운로드할 때다운로드할 때 , , 프로그램의프로그램의
보호보호 ((Protection), Protection), 인증인증((Authentication), Authentication), 암호암호((Encryption) Encryption) 기능 필요기능 필요
• 공개키 암호시스템과 공개키 암호시스템과 SDRSDR– SDR SDR 환경에서는 전력환경에서는 전력 ((Power) Power) 소모와 소모와
구현문제로 적용이 용이하지 않음구현문제로 적용이 용이하지 않음– DSP/FPGADSP/FPGA 로 구현된 로 구현된 SDRSDR 로 암호화에 로 암호화에
필요한 기능 지원 가능필요한 기능 지원 가능
© ICU 2003전파교육센터© ICU 2003전파교육센터57
Security of Existing Security of Existing Wireless SystemWireless SystemItemItem AlgorithmAlgorithm
User AuthenticationUser Authentication Hash function, Hash function, Block cipherBlock cipher
Authentication of N/W Authentication of N/W Operator/Service Operator/Service ProviderProvider
Same aboveSame above
Encryption of User Encryption of User DataData
Stream Stream cipher(scrambling)cipher(scrambling)
Encryption of Control Encryption of Control ChannelChannel Stream cipherStream cipher
Hiding User IDHiding User ID Temporary IDTemporary ID
© ICU 2003전파교육센터© ICU 2003전파교육센터58
Cryptographic SchemeCryptographic SchemeObjectObject ExplanationExplanation
Privacy or Privacy or ConfidentialityConfidentiality
Keeping information Keeping information secretsecret
Data IntegrityData Integrity Ensuring data has not Ensuring data has not been alteredbeen altered
Authentication Authentication or Identificationor Identification
Confirm the identity of an Confirm the identity of an entityentity
Message Message AuthenticationAuthentication
Authentication the Authentication the original messageoriginal message
SignatureSignature Binding information to an Binding information to an entityentity
CertificationCertification Endorsement of Endorsement of informationinformation
© ICU 2003전파교육센터© ICU 2003전파교육센터59
Symmetric and public key Symmetric and public key cryptosystemcryptosystem
– Symmetric key cryptosystemSymmetric key cryptosystem•Encryption key = Decryption keyEncryption key = Decryption key•Sender/Receiver must share the Sender/Receiver must share the same keysame key
– Public key cryptosystemPublic key cryptosystem•Use two different keyUse two different key
– Encryption : Public KeyEncryption : Public Key– Decryption : Secret(or Private) Decryption : Secret(or Private) KeyKey
© ICU 2003전파교육센터© ICU 2003전파교육센터60
Encryption Algorithm of Encryption Algorithm of SDR inSDR in Flexible Security Flexible Security
SystemsSystemsEncryption Encryption algorithmalgorithm
KeyKeyDeliberatioDeliberationnAlgorithmAlgorithm
Existing Existing implementatimplementationion
SDRSDR SecuritSecurityy
ScramblingScrambling Custom chipCustom chip
DSPDSPoror
FPGFPGAA
WeakWeak
StrongStrong
ScramblingScrambling Block Block CipherCipher
Software+ Software+ Custom chipCustom chip
Block Block CipherCipher Custom chipCustom chip
Block Block CipherCipher
Public Key Public Key cryptosystecryptosystemm
Software+ Software+ Custom chipCustom chip
Public Key Public Key cryptosystecryptosystemm
Software+ Software+ Custom chipCustom chip
© ICU 2003전파교육센터© ICU 2003전파교육센터61
Security of ProgramSecurity of Program Download of SDR Download of SDRItemItem CountermeasureCountermeasure
Illegal copying of Illegal copying of download download programprogram
Encryption of Encryption of download download channel, channel, hardware key, hardware key, terminal IDterminal ID
Alteration of Alteration of download download programprogram
CertificationCertification
© ICU 2003전파교육센터© ICU 2003전파교육센터62
Algorithms of EC into SDR Algorithms of EC into SDR NameName Main agentMain agent AlgorithmAlgorithmAVANTAVANT AutomatiaAutomatia DESDESDANMONTDANMONT DANMONTDANMONT SAMSAMGeldKarteGeldKarte KAKA VisaCashVisaCashMONDEXMONDEX Mondex IntMondex Int DES > RSADES > RSANTT Electric NTT Electric CashCash
NTTNTT RSA/FEAL/RSA/FEAL/DESDES
PROTONPROTON BanksysBanksys DES/RSADES/RSAVisaCashVisaCash Visa IntVisa Int DES/RSADES/RSA
© ICU 2003전파교육센터© ICU 2003전파교육센터63
RSA RSA 암암 // 복호화 연산 속도 복호화 연산 속도 및 전력량 비교및 전력량 비교
PlatformPlatform
SpeedSpeed(msec/operation)(msec/operation)
Energy Energy ConsumptionConsumption
(mWs)(mWs)EncryptiEncrypti
ononDecrypDecryp
tiontionEncryptEncrypt
ionionDecrypDecryp
tiontionPentiumIII PentiumIII 800Mhz800Mhz 0.20.2 14.314.3 6.06.0 429429
i486 33.4Mhzi486 33.4Mhz 4.794.79 342342 23.923.9 17101710
DSP TMS-DSP TMS-320C6201320C6201 1.21.2 11.711.7 3.653.65 35.635.6
FPGA XC4085XL-FPGA XC4085XL-3PG559C3PG559C 0.0130.013 0.1260.126 0.002810.00281 0.02740.0274
© ICU 2003전파교육센터© ICU 2003전파교육센터64
ConclusionConclusion
Analog Basebandand RF Circuits
AD FSM
phonebookRTOS
ARQ
Keypad,Display
Control
Coders
FFT Filters
Accelerators(bit level)
analog digitalDSP cores
uC core(ARM)
Logic
Dedicated Logic
Communication Algorithms Protocols
Jan Rabaey
Smart Reconfigurable Radio Architecture