Summary.

md 2024-08-02

Summary
Electromagnetic Spectrum
c
λ =
f

Wired vs Wireless Links

higher packet loss
lower transmission rates
restricted shared medium (e.g. frequencies)
higher delay
higher jitter
shared medium security concerns

Signals
A periodic signal is a time-dependent variation of voltage which can be formalized as a series of sin and cos
waves using the fourier transform.

These waves can be overlayed using the fourier transform to get something closer to the ideal periodic signal
which are bit-based.

Interference
Interference can come from multiple signals on the same frequency (Ii ) and background noise (N ):

I = ∑i Ii + N

Signal-to-Interference-and-Noise-Ratio

1 / 18
Summary.md 2024-08-02

This value can be calculated from the carrier signal strength (C ) divided Interference (I ):

C
W =
I

Communication vs Detection Range

Communication (Transmission) range

Where decoding of the received signals and therefore communication is possible

Detection range

Where it is only possible to detect signal, but not being able to decode them

Influences on Signal Strength

The following factors lead to poor reception especially indoors or in bad weather:

Scattering

Happens around objects that are small in comparison to the wavelength.

Diffraction

Happens at edges or holes and can even bend a wave around an object into areas which would
normally be in shadows.

Refraction

Happens at state transitions e.g. from air to glass or air to concrete. Part of the wave is reflected and
the rest has a slight deviations in the path.

Attenuation

The signal is dampened over the course of its path. Different mediums have different dampening
impacts.

Shadowing

When the attenuation of a specific obstacle is so high that it blocks the signal completly.

Reflection

Happens at at objects that are large in comparison to the wavelength.

Large vs Small Scale Fading Models

A large scale fading model gives a averaged overview for a given transmitter-receiver distance while small
scale fading models are used for small variations in distance and cover more factors like the environment or
surrounding objects.

Free Space Propagation Model

Works only for a clear and unobstructed path between sender and receiver.
2 / 18
Summary.md 2024-08-02

Friis free space equation

Pt
Pr (d) = c 2
d

where: d = transmitter-receiver distance, Pt = transmitted power and Pr = expected received signal

2

strength, c = , Gt and Gr are the gain of the antennas, λ = wavelength, L = unrelated factors
Gt Gr λ

2
(4π) L

With Pr andPt we can calculate the Path Loss:

Pt
P L[dB] = 10log( )
Pr

Two-Ray Ground Propagation Model

Works only for a clear, unobstructed path with a maximum length of between sender and transmitter
20πht hr

3λ

with a second, interfering ground reflected path. Because of the interference from the ground reflected path
the signal loss is more rapid.

Pt
Pr (d) = c
4
d

where: d = transmitter-receiver distance, Pt = transmitted power and Pr = expected received signal

2

strength, c = , Gt and Gr are the gain of the antennas, λ = wavelength, L = unrelated factors
Gt Gr λ

2
(4π) L

Flat vs Frequency Selective

A narrowband channel is flat fading when all frequencies fade by the same amount. This means we have equal
propagation characteristics over the whole bandwidth.

A wideband channel is frequency selective when different frequencies in its bandwidth have different
propagation characteristics.

Log-normal Shadowing Loss

Is relative to a reference distance d0 where the average path loss is know, a path loss exponent n and a
random variable Xσ with standard deviation of σ:

$\overline{PL}d= \overline{PL}(d_0)+ 10n \log(\frac{d}{d_0}) + X_{\sigma}$

Multipath Propagation
The three most important effects are:

rapid changes in signal strength due to variations in amplitude and phase of different signals
random frequency modulation due to varying doppler shifts
time dispersion due to varying delays which can lead to inter-symbol-interference

Flat Scaling Models (Small-scale)

Important factors:

environment

3 / 18
Summary.md 2024-08-02

speed of the mobile receiver/transmitter

speed of surrounding objects
transmission bandwidth

To formalize this we have the following models:

Ricean Fading

Has a dominant multipath component (e.g. LOS-path) with the added small scale fading done with
ricean distribution.

Rayleigh Fading

No dominant multipath component, only small scale fading done with a degenerated ricean
distribution.

Modulation Schemes
To transmit information over electromagnetic waves we need to encode the bits. This can be done by
modulating a carrier signal in one of the following ways:

amplitude modulation (Amplitude-shift Keying)

frequency modulation (Frequency-shift Keying)
phase shift modulation (Phase-shift Keying**)

16- or 64- X-shift Keying

By using multiple power levels (Amplitude), frequencies and phase shifts to transmit more information in the
same time. Gets more error prone with higher bandwidth, because more states need to be distinguished.
Examples:

QPSK: Quadrature PSK uses 4 phase shifts to encode 2 bits

QAM: Quadrature Amplitude Modulation uses ASK and PSK to encode n bits with 2n states.

Access Schemes
4 / 18
Summary.md 2024-08-02

Time Division Multiple Access

each connection gets time alloted where it is allowed to send

shared timing is critical
varying round trip times make guardspaces necessary

Frequency Division Multiple Access

different connections use different frequencies

guard bands needed to seperate frequencies
Frequency Division Duplex possible

Code Division Multiple Access

transmitted information gets encoded with different codes

codes must be orthogonal
robust against interference because of using wideband channels

Space Division Multiple Access

two connections can happen simultaneously if both sender-receiver pairs are spaced far enough
apart.
usage of directed antennas can improve efficency

Wireless Links: Problems

deep fades
high error rate
changing propagation characteristics
hidden station problem
interference from simultaneous connections

WLAN: Basic Building Blocks

STA: Stations which implement SS (System Service)
BSS: Basic Service Set
DS: Distribution System which implements DSS (Distributed System Service)
ESS: Extended Service Set

System Service
Integrated in all STAs

Authentication
Deauthentication
Privacy
MSDU Delivery

Distributed System Service

Performed by the DS together with STAs

5 / 18
Summary.md 2024-08-02

Association
Disassociation
Reassociation
Distribution
Integration

STA: Possible States

State 1: Unauthenticated, Unassociated

Allows following frames: Control Frames like CTS, RTS, ACK

State 2: Authenticated, Unassociated

Allows following frames: Control Frames and Management Frames like

Authentication/Deauthentication, Beacon, Association

State 3: Authenticated, Associated

Allows following frames: Control-, Management- and Dataframes

CSMA/CA: Inter Frame Spacing

CSMA/CA using DCF
If the medium is busy when we need it empty we generate a random backoff time and wait this before
sending, incase of a collision we double our backoff time.

A station with data to transmit can do one of the following:

Without RTS/CTS:
1. Sense the medium and wait for it to be empty
2. Wait a DIFS
3. If medium still free, it can start sending
4. Transmit data and wait for a ACK from receiver (send after a SIFS)
5. Retransmit if ACK was not received
With RTS/CTS
1. Sense the medium and wait for it to be empty
2. Wait a DIFS
3. If medium still free, send a RTS
4. If receiver answers with CTS after a SIFS, start sending data after another SIFS
5. Transmit data and wait for a ACK from receiver (send after a SIFS)
6. Retransmit if ACK was not received

When using RTS/CTS other stations that also "receive" them allocate a Network Allocation Vector (NAV) to
block them from sending during the alloted time in the RTS/CTS.

CSMA/CA using PCF

PCF gets activated and sets a NAV for all stations until we revert to DCF.

6 / 18
Summary.md 2024-08-02

1. Point Coordinator waits a PIFS and polls a station

2. The station answers within SIFS if it has data
3. Else the Point Coordinator polls the next station after a PIFS

CSMA/CA with QOS

With addons a message can have a priority class. This can either be used with DCF (lower backoff times for
higher priority) or PCF (the polling scheduling gets changed).

Hidden Terminal

With this setup Carrier Sense and Collision Detection cant work.

WLAN: Frame Format

Four address fields
Parts of the Protocol Data Units (Header) have different data rates

WLAN: Channel Selection

In WLAN we have different frequencies used in different parts of the world. For a specific connection (e.g. STA
to end device) a non-overlapping channel is chosen. Depending on the IEEE Format and frequency range this
channel can be subdivided for FSK.

Bluetooth: Basic Transmission Facts

3 power classes: 1mW, 2.5mW, 100mW
range of 10m to 100m
79 channels of 1 MHz in the same spectrum as WLAN
frequency hopping (1600 hops/s) to ward off selective fading or interference of specific frequencies

Bluetooth: Piconet
A piconet has one master and up to 7 slaves which are synchronized.

We have two different links supported:

Synchronous Connection Oriented Link (SCO)

Asynchronous Connectionless Link (ACL)

7 / 18
Summary.md 2024-08-02

Bluetooth: Asynchronous Connectionless Link (ACL)

An ACL is typically used for data transmission and has the master poll the slaves as he sees fit (e.g. round
robin). The slave may only answer after being polled. They can use Forward Error Correction and are 1, 3 or
5 slots long.

Bluetooth: Synchronous Connection Oriented Link (SCO)

An SCO link is typically used for audio transmission and has the master allocated specific slots with length 2
for full duplex communication. The maximum bandwidth is 64kbit/s regardless of Forward Error Correction.

Bluetooth: Receive Protocol and ARQ

A ACK is always send at the earliest

NAK when messages was malformed
No return packet = implicit NAK
Sequence Numbers for dedup

Bluetooth: Connection Management

8 / 18
Summary.md 2024-08-02

1. Inquiry
scans for new bluetooth devices in the vicinity similar to paging
devices answer with their address, profile and clock information
2. Paging (used to connect to a known address)
Page Scan (Slave): Listens every 1.28s on of its paging frequencies
Paging (Master): Sends out paging trains on 16 of the 32 frequencies 128 times, switches the
tried frequencies

Bluetooth: Power Saving Modes

For slaves:

Sniff: Only checks for messages on previously negotiated even slots

Hold: Negotiates a HOLD-Intervall where no communication takes place, afterwards they resynchronize
Park: Releases its normal address and receives a PARK-Address

Bluetooth: Profiles
They govern what link is used and what extra features can be used.

9 / 18
Summary.md 2024-08-02

LoRa: Chirp Spread Spectrum

High bandwidth low data rate -> robust and low error rates

Upchirps

Low to high frequency

Downchirps

High to low frequency

Spreading Factor

Higher spreading factor leads lower data and error rate

LoRa: Coding Schemes

Forward Error Correction

Higher Hamming distance due to added bits: (n + CR, n) where n is the codeword length and CR
the added bits, with this we can detect CR bit errors and correct
CR−1

Interleaving
10 / 18
Summary.md 2024-08-02

We take multiple codewords and interleave them diagonally to stop a burst error from not being
correctable by FEC

Whitening

We XOR the datastream with a pseudorandom bit sequence to stop long sequences of identical bits

Gray Indexing

We want to stop Hamming cliffs by redefining the binary sequence for numbers

LoRa: Transmission Modes

Compression mode

Decreased overhead through sending packets one after the other without preamble

Burst mode

Shorter preamble for small packets

LoRa: Network Infrastructure

1. Endpoint Devices
2. Concentrator/Gateways
Used for creating the wireless network and connected to IP and power backbone
3. Network Server
routing from gateways to application server
dedup
4. Application Server
device inventory and join/leave management
encryption
communication with other IoT systems

LoRa: Devices Classes

Class A:
communication initiated by end device
uplink always possible
two downlink windows after uplink
Class B:
Class A
periodic synchronization
scheduled downlink ping windows
Class C:
Class A
constant downlink possible

LoRa: Device Activation

11 / 18
Summary.md 2024-08-02

Over The Air Activation

Join Request from Endpoint device, keys generated on demand, can react to changing network
configuration

Activation By Personalisation

everything preconfigured, reprogramming needed upon network configuration change

LoRa: CIA
Confidentiality

E2E from Endpoint Device to Application Server

Integrity

Message Integrity Code, FEC, CRC

Availability

Unmanaged/Unlicensed frequencies, jamming possible, battery draining attacks

GSM: Architecture
Bottom to Top:

Radio Subsystem
Mobile Station (MS)
Base Station Subsystem
Base Transceiving Station (BTS)
Base Station Controller (BSC)
Network and Switching Subsystem
Mobile Switching Center (MSC)
Visitor Location Register (VLR)
Gateway Mobile Switching Center (GMSC)
Home Location Register (HLR)
Public Land Mobile Network (PLMN) for each Carrier/Country

12 / 18
Summary.md 2024-08-02

GSM: Cellular Network

Many BTS come together to create a network with complete coverage. For this neighboring cells use different
frequencies, this can be done in a static or dynamic way.

GSM: Multiple Access

Parts of the 8*125*2 channels are for management purposes.

FDMA: 25 MHz for Up-/Downlink, each divided into 125 200kHz channels
TDMA: 8 timeslots per 200kHz channel

GSM: Mobile Terminated Call

1. User starts call
2. forwarding to GMSC based on region code
3. call HLR
4. request the specific MS ID from VLR
5. forward correct MSC to GMSC
6. forward call to MSC
7. Check MSC status
8. paging of the MS
9. security checks after MS answers
10. set up direct connection

13 / 18
Summary.md 2024-08-02

GSM: Mobile Originated Call

1. connection request
2. security checks
3. check resource avalability
4. set up direct connection

14 / 18
Summary.md 2024-08-02

GSM: Location Update

A MS without a call will periodically check its connection strength respective to all BTS in range. Connects to
the BTS with the best signal (with a margin to stop pingponging). If the location area identity (broadcasted
by the BTS) changes the MS initiates a location update.

GSM: Handover Types

When a call is currently connected MS still makes signal strength measurements and forwards them to the
current BSC. The BSC will decide when to start the handover and to which BTS.

Intra-Cell

Changes slot or frequency

Intra-BTS

Changes BTS but remains under the same BSC

Inter-BSC

Changes BSC but remains under the same MSC

15 / 18
Summary.md 2024-08-02

Inter-MSC

Changes MSC, this will make the original MSC a Anchor MSC

GSM: Data
Use a standard voice connection together with Terminal Equipment (TE) to connect to the ethernet. Payment
for connection time and not data transmitted. Not great for bursty, assymetric IP-connections.

Long dial-up time

low link capacity
long round-trip times

GSM: Circuit Switched Data

Multiple timeslots can be used together. Transparent for BTS, extra management work for BSC and extra
transformation work for TE and MSC.

GPRS(2.5G): Basics and new Components

1. Gateway GPRS Support Node (equivalent to GMSC)
2. Serving GPRS Support Node (equivalent to MSC/VLR)

No hardware changes at BTS

billing per data
multiple data applications simultaneously
P2P and P2MP
mobility should be transparent for IP

GPRS(2.5G): Connection Classes

Class A:
simultaneous use of packet oriented and circuit switched
Class B:
simultaneous login to GSM and GPRS (no simultaneous traffic possible)
Class C
login only into either GSM or GPRS

GPRS(2.5G): Roaming
1. Static IP (in Home Network)
2. Static IP (in Foreign Network)

IP-data routed over home GGSN trough an interoperator backbone

3. Dynamic IP (no Roaming possible)

IP-data goes through the GGSN that the MS is in

TDMA: GSM CSD vs GSM HSCSD vs GPRS

16 / 18
Summary.md 2024-08-02

GSM CSD

one fixed channel per up- and downlink

GSM HSCSD

assymetric channels for up- and downlink

GPRS

dynamic channel assignment through master-slave system

Mobile IP: Basics

Mobile Station

Receives a Home Address from the Home Agent and a Care-of Address when not in the home
network

Home Agent

Is located in the current home network and gets the Care-of Address when the Mobile Station is
somewhere else

Foreign Agent

Is the located in a foreign network and gives a user the Care-of Address

Mobile IP: Routing Options

Legend: -> direct connection, (->) tunneled connection

Triangle Routing

Correspondent Node -> Home Agent (->) Foreign Agent -> Mobile Station -> Foreign Agent ->
Correspondent Node

Route Optimization

Correspondent Node (->) Foreign Agent -> Mobile Station -> Foreign Agent -> Correspondent Node

Reverse Tunneling

Correspondent Node -> Home Agent (->) Foreign Agent -> Mobile Station -> Foreign Agent (->)
Home Agent -> Correspondent Node

UMTS(3G)/UTRAN: Architecture
Universal Mobile Telecommunication Service and Universal Terrestrial Radio Access Network

Similar to 2G:

Radio Network Controller = Base Station Controller

Radio Network Subsystem = Base Station Subsystem

17 / 18
Summary.md 2024-08-02

Uses CDMA!

UMTS(3G): Soft Handover

Because of CDMA a MS can use multiple stations for uplink if they have a shared spreading code. For
downlink it can also use multiple stations with different spreading codes. Works only with FDD

UMTS(3G): Power Control

Is needed for CDMA as the uplink signal receive power needs to the same for all uplink users.

Open Loop Power Control

Based on the downlink power

Closed Loop Power Control

Based on power commands from the BTS, which computes the power from received transmissions

LTE(4G): Overview
soft frequency reuse between cells
lower rtt
simplified network architecture (IP based)
MIMO

5G: Overview
multiple frequency bands
low band (600-900MHz): IoT
mid band (1.7-4.7GHz): high speed and low latency
high band (24-47GHz): very high speed and limited range
multiple modes
non-standalone mode: uses 4G core network with upgraded BTS
standalone mode: uses 5G core network
dynamic spectrum sharing: dynamically share spectrums over 4G and 5G

18 / 18