vada.skku.ac.krvada.skku.ac.kr/classinfo/system_level_d… · ppt file · web view ·...

© ICU 2003전파교육센터© ICU 2003전파교육센터1

성균관대학교 성균관대학교 정보통신공학부정보통신공학부

조준동 교수조준동 교수

Software Defined RadioSoftware Defined RadioSystem System ArchitectureArchitecture


44 세대 이동통신 시스템세대 이동통신 시스템


Wireless networks Wireless networks standardized by IEEE 802 standardized by IEEE 802

standard committee.standard committee.

Application 7

Session 5

Network 3

Transport 4

Link 2

Physical 1

Transport Medium

Application

Presentation

Session

Network

Transport

Link

Physical

Transport Medium

Transfer

Location A Location B

Relay Point

OSI Reference Model

Network Network

Link Link

Physical Physical

Presentation 6

Transport Medium

Application

Session

Network

Transport

Link

Physical

Transport Medium

Transfer

Location A Location B

Relay Point

OSI Reference Model

Network Network

Link Link

Physical Physical


Reconfigurability in SDRReconfigurability in SDRMobile station Etc.

Application layer

Application programs (game, user encryption, e-commerce, etc.)Location Finding Service

Programming is opened for third parties, downloadable by users

Middle layer

Authentication, encryption,Radio network,Bandwidth management,Adaptive QoS

Programmed only by manufacturesApproval is necessaryDownloadable by users with some restriction

Physical layer

Radio resource managementMultiple accessModulation schemeChannel separationAntenna pattern

License is necessary


Modular SDR Modular SDR ArchitectureArchitecture

BB/IF Real/Complex

Digital/Analog

ANTENNA RFChannelSelector/Combiner

BasebandProcessing

DSP

Call/MessageProcessing &

I/O

CommonSystem

Equipment

I/O

MONITOR/CONTROL

Multimedia/WAP

ROUTING

I/O I/O I/O I/O

BBText Flow

Control bits

BBText Flow

Control BitsRFRF

Voice/PSTNData/IP

Flow ControlNSS/Network

AIR

I

C

I

C

I

C

I

C

AUX AUX AUX AUX AUX

Ext. Ref

Clock/StobeRef, Power

Remote Control/Display

Local Control

SDR Forum


APIs

OTA - Download

User Terminal

Service provider with UCCH support The Software

Component Servers

Software DownloadSoftware Download새로운 사용자 애플리케이션이나 그래픽 인터페이스새로운 사용자 애플리케이션이나 그래픽 인터페이스 (GUI),(GUI),프로토콜 스택과 물리 계층 변경 소프트웨어 등을프로토콜 스택과 물리 계층 변경 소프트웨어 등을다운로드다운로드 , , 소프트웨어 버그 수정소프트웨어 버그 수정 ..


Software DownloadSoftware Download– Download at Base StationDownload at Base Station

•Software download is relatively easy Software download is relatively easy •Old Software in the flash memory is Old Software in the flash memory is replaced by the new onereplaced by the new one

– Download at Mobile StationDownload at Mobile Station•Software radio can provide the Software radio can provide the terminal agent functionterminal agent function

•this function depends on user’s this function depends on user’s favor (Cost effectiveness, QoS)favor (Cost effectiveness, QoS)


Component Based Development

• CBD Technology- Is the foundation of the JTRS SCA- Portable, reusable waveform

applications- To realize the reusability objectives

of S/W engineering community- Fundamental premise : “buy, don’t

build”


For CBD, software component

1. Interface- Component behavior & protocols

2. Implementation - Component implementation

information3. Deployment

- Specific operating environment requirements


Middleware:Middleware:CORBA (Common Object RequetCORBA (Common Object Requet

Broker Architecture) Broker Architecture)


Software Communications Software Communications Architecture (SCA), JTRSArchitecture (SCA), JTRS

Core Framework (CF)Commercial Off-the-Shelf (COTS)

Non-Core (Radio) Applications

OE

Red (Non-Secure) Hardware Bus

CFServices &

Applications

CORBA ORB &Services

(Middleware)

Network Stacks & Serial Interface Services

Board Support Package (Bus Layer)

POSIX Operating System

RF API

RF API

Black (Secure) Hardware Bus

CFServices &

Applications

CORBA ORB &Services

(Middleware)

Network Stacks & Serial Interface Services

Board Support Package (Bus Layer)

POSIX Operating System

Core Framework IDL (Logical Software Bus via CORBA)

Non-CORBAModem

ApplicationsNon-CORBAModem API

Non-CORBASecurity

Applications

Non-CORBAHost

ApplicationsNon-CORBASecurity APIRF

ModemApplications

Link, NetworkApplications

SecurityApplications

ModemAdapter

SecurityAdapter

SecurityAdapter

HostAdapter

HostApplications

Modem NAPI Link, Network NAPI Link, Network NAPI

Non-CORBAHost API

Link, NetworkApplications


JTRS’s SCA v2.2 JTRS’s SCA v2.2 • Common open architecture: Common open architecture: 표준화된 구조 표준화된 구조

정의정의• Multiple domain: Multiple domain: 적용 범위 확대적용 범위 확대• Multiple bands, Multiple modesMultiple bands, Multiple modes• Compatibility with legacy systemCompatibility with legacy system• Technology insertionTechnology insertion• SecuritySecurity• Networking: Networking: 음성음성 , , 데이터데이터 , , 영상 서비스 제공영상 서비스 제공• Software reuse/Common waveform Software reuse/Common waveform

softwaresoftware


Application Programming Application Programming InterfaceInterface

Tier Tier <Architectual><Architectual>

Tier 1 Tier 1 <Functional><Functional>

Tier 2 <Transport Tier 2 <Transport and and Communication>Communication>

Tier 3 <Physical>Tier 3 <Physical>

•API API 구조의 최상위 구조의 최상위 계층으로서 계층으로서 Radio Radio architecturearchitecture 를 를 정의정의 . . • 양방향성을 양방향성을 가지고가지고 , , 정보와 정보와 제어 기능제어 기능•외부 인터페이스가 외부 인터페이스가 있다있다 . .

•시스템이 시스템이 수행해야 할 수행해야 할 다양한 기능을 다양한 기능을 정의정의• 각 모듈간에 각 모듈간에 어떤 메시지가 어떤 메시지가 교환되어야 하고 교환되어야 하고 그 안에는 어떤 그 안에는 어떤 내용을 담아내용을 담아 야 하는지를 야 하는지를 정의정의 ..

•Tier 1Tier 1 에서 정의된 에서 정의된 메시지가 어떻게 메시지가 어떻게 전송되고 교환되는가를 전송되고 교환되는가를 정의정의 .. 예예 > S/W > S/W 모듈에서는 일반적으로 모듈에서는 일반적으로 공유메모리를 이용한 공유메모리를 이용한 C function callC function call 로 로 정의될 수 있으나 다중 정의될 수 있으나 다중 프로세서 환경에서는 프로세서 환경에서는 serial link serial link 등으로 등으로 메시지가 전달 및 메시지가 전달 및 교환될 수 있다교환될 수 있다 ..

•Plug connectorPlug connector나 나 form factorform factor 와 와 같이 물리적인 같이 물리적인 요소들이 서로 요소들이 서로 어떻게 어떻게 결합되는지를 결합되는지를 나타낸다나타낸다 . . •물리적인 대부분의 물리적인 대부분의 기능을 하나의 기능을 하나의 칩으로 구현시키는 칩으로 구현시키는 제품에서는 이 제품에서는 이 인터페이스는 인터페이스는 의미가 없지만의미가 없지만 , , 각 각 모듈이 표준화된 모듈이 표준화된 plugplug 가 필요한 가 필요한 곳에서는 곳에서는 필수적이다필수적이다 ..


SDR Plug & Play ArchitectureSDR Plug & Play Architecture

Extensiveuse ofCOTS

Use Of Common/Std

Interfaces

Use ofHigh OrderLanguages

Use OfCommon

BUS

SW COTS include:• POSIX OS• OMG v2 CORBA • SNMP AGENT• WEB SERVER

• OMG v2 CORBA• Ethernet, RS-232, RS-422...• TCP/IP, UDP, SLIP, PPP• Rooftop Net API• Rooftop Radio API• Sockets

•“C++”, JAVA, Ada95 for Control Processors•“C” for Modems and INFOSEC

•Compact-PCI•SPCI•VME•PCI ...

OOA/OODIAW OMG

•UML OOD Notation•CORBA IDL Interface Definition

SDR Plug & PlaySDR Plug & Play ArchitectureArchitectureHW COTS

include:•ASIC • DSP •FPGA


Plug & Play Capability-Plug & Play Capability-CORBA Based ImplementationCORBA Based Implementation

1. “A” Server requests resource from “B” 2. Destination ORB invokes “B” 3. Once resource is attained, “A” Server invokes the remote operation on “B” Server4. Destination ORB invokes “B” Server operation

“A” OBJECT

TRANSPORT LAYER

“A” SERVER

“B”CLIENT

ORB

“B” OBJECT

TRANSPORT LAYER

“B” SERVER

“A”CLIENT

ORB

BUS

1 23 4


System Architecture of System Architecture of TRUSTTRUST

Network BearerService Profile

AccessStratumModule

QoS Manager

ProxyReconfiguration Manager

(RPM)

Mode Negotiation andSwitching Module (MNSM)

AuthenticationManager

Location UpdateModule

Terminal Capability Lookup

Table

TerminalReconfiguration

Profile

Resource System Management Module (RSMM)

Software DownloadModule (SDM)

LookupTables

CPUManagement

PowerManagement

MemoryManagement

Applications

ProfileDatabase

User Interface

BandwidthManagement

Module(BMM)

Configuration ManagementModule (CMM)

Reconfiguration ManagementModule (RMM)

ModeIdentification &

MonitoringModule (MIMM)

user

Serviceprovider

NetworkOperator


Process requirementsProcess requirements1. Available modes lookup1. Available modes lookup2. Detection of new air interface & 2. Detection of new air interface &

monitoringmonitoring3. Authentication3. Authentication4. Mode negotiation4. Mode negotiation5. Making decision to change mode5. Making decision to change mode6. Software download Over The Air 6. Software download Over The Air

(OTA)(OTA)7. Reconfiguration7. Reconfiguration8. Location update8. Location update


Mode Identification and Mode Identification and Monitoring Module (MIMM)Monitoring Module (MIMM)

• 대체 대체 modemode 의 발견의 발견 , , 식별식별 , , 감시감시

– 단말기의 자원단말기의 자원 // 능력능력

– 단말기의 현재 단말기의 현재 modemode– 사용 가능한 시간의 양사용 가능한 시간의 양

• 식별된 대체 식별된 대체 modemode 들의 감시들의 감시

– 충분한 충분한 service level service level 과 연결 품질 제공 보증 과 연결 품질 제공 보증

• 외부 요소에 의한 지원외부 요소에 의한 지원

– Proxy, other terminal, 3Proxy, other terminal, 3rdrd party party– 발견발견 , , 감시 작업에 대한 단말기의 부하 감소감시 작업에 대한 단말기의 부하 감소


Mode Negotiation and Mode Negotiation and Switching Module (MNSM)Switching Module (MNSM)

• Mode Mode 협상 작업을 가이드협상 작업을 가이드– 다른 다른 modemode 의 사용가능성 및 요구되는 성능 수준을 단말기가 의 사용가능성 및 요구되는 성능 수준을 단말기가

제공할 수 있는 지 여부 확인제공할 수 있는 지 여부 확인– 시스템의 부하와 연결 품질 고려시스템의 부하와 연결 품질 고려

• 사용 가능한 모드에 대한 이전 지식을 기반으로 작업 사용 가능한 모드에 대한 이전 지식을 기반으로 작업 – 사용자 프로파일사용자 프로파일 , , 단말기 상태단말기 상태 , , eventevent 등을 참조 하여 사용 등을 참조 하여 사용

가능한 가능한 modemode 의 순위 생성 의 순위 생성 • 새로운 새로운 ModeMode 로 변경 여부 결정 시 고려할 정보로 변경 여부 결정 시 고려할 정보

– 사용자 선호도 사용자 선호도 (profile Databases) (profile Databases) 및 및 Link level Link level 품질품질– 재설정 복잡도 재설정 복잡도 ; ; Configuration Management MobileConfiguration Management Mobile– 소프트웨어 다운로드에 소요되는 시간 예상치소프트웨어 다운로드에 소요되는 시간 예상치 ; ; SDM (Software SDM (Software

Download Module)Download Module)– 협상 결과는 차후 사용 대비 협상 결과는 차후 사용 대비 Lookup tableLookup table 에 저장에 저장


• The terminal check the Network was accessed The terminal check the Network was accessed

previously.If negative, Service Negotiation previously.If negative, Service Negotiation check whether the required service is check whether the required service is accessible in the visiting Network.accessible in the visiting Network.

• QoS NegotiationQoS Negotiation 1. The first step is to map the service classes.1. The first step is to map the service classes. 2. QoS manager will take care of deciding 2. QoS manager will take care of deciding

whether the QoS is likely to be reached.whether the QoS is likely to be reached.• Network Capability negotiationNetwork Capability negotiation software and hardware module software and hardware module

reconfiguration compatibility are checked.reconfiguration compatibility are checked.

Mode NegotiationMode [email protected]@kcl.ac.uk


QoS ManagementQoS Management

Mapping QoS Mapping QoS parameterparameterMonitering the Monitering the current status of current status of serviceserviceDynamically Dynamically reserving reserving resourceresource

SubjectiveQoS

Perception

QoSManager

Application

Terminal ReconfigurationCapabilities

Network bearercapabilities

User End-UseQoS

ApplicationQoS

TerminalQoS

NetworkQoS


Configuration Management Configuration Management Module (CMM)Module (CMM)

• 단말기 단말기 core softwarecore software 와 와 hardwarehardware 가 구현의 가 구현의 유연성 제약 없이 통합유연성 제약 없이 통합

• CheckResource, InformationRequest, CheckResource, InformationRequest, Shutdown, Reconfigure, DownloadSoftwareShutdown, Reconfigure, DownloadSoftware

• 현재 현재 mode mode 와 미래 사용 가능한 와 미래 사용 가능한 mode mode 정보를 정보를 mode switching modulemode switching module 에 제공에 제공

• Mode Mode 지원에 필요한 설정간의 지원에 필요한 설정간의 mapping mapping 정보 정보 제공제공


Proxy Re-configuration Proxy Re-configuration Manager (PRM)Manager (PRM)

• Mode negotiation, Mode negotiation, 식별식별 , , 감시감시 , , 변경변경 , , software software download download 작업작업 , , 설정 작업들에 대한 정보 제공설정 작업들에 대한 정보 제공 , ,

• Provide the mechanism for network Provide the mechanism for network centric software downloadcentric software download

• 단말기의 작업 부하 단말기의 작업 부하 ((CPU, battery CPU, battery 부하부하 ) ) 감소감소

• IP IP 기반 네트워크에 대한 기반 네트워크에 대한 ProxyProxy 의 직접 의 직접 연결을 가능케 함연결을 가능케 함

• 단말기에 대한 단말기에 대한 Information brokerInformation broker


Software Download Module Software Download Module (SDM)(SDM)

• BMM (Bandwidth Management BMM (Bandwidth Management Module)Module)– Calculate the optimum download strategy Calculate the optimum download strategy

and sends it to the SDMand sends it to the SDM

Download Rquest

Cost Function

Download Method Identification

Download Planning

Download Strategy Download Software


스마트 카드 스마트 카드 vs vs 무선 다운로드무선 다운로드

Non-OTA (Server Non-OTA (Server connection, PC, Kiosk, connection, PC, Kiosk, smart card)smart card)

Over The Air Over The Air

장점장점 에러가 없고에러가 없고 , , 빠른 다운로드가 빠른 다운로드가 가능가능 , , 네트웍에 무관네트웍에 무관

값이 싸고값이 싸고 , , 소프트웨어가 소프트웨어가 즉시 바뀌며 사용자가 부가 즉시 바뀌며 사용자가 부가 적인 행동 불 필요적인 행동 불 필요

단점단점 고비용고비용 , , 사용자의 불편을 초래사용자의 불편을 초래 , , 소프트웨어를 저장용 메모리소프트웨어를 저장용 메모리 , , 별도 장비필요별도 장비필요 ..

다운로드중에 에러가 발생 다운로드중에 에러가 발생 가능가능 , , 속도가 느리며속도가 느리며 , , 네트웍에 큰 영향을 준다네트웍에 큰 영향을 준다 . . 표준화 필요표준화 필요


Download ProtocolDownload Protocol

• 초기화초기화 (Initiation) (Initiation) • 상호인증상호인증 (Mutual authentication)(Mutual authentication)• 능력교환능력교환 (Capability exchange)(Capability exchange)• 다운로드 승인교환다운로드 승인교환 (Download (Download

acceptance)acceptance)• 다운로드다운로드 //에러 테스트 에러 테스트

(Download/integrity test)(Download/integrity test)• InstallationInstallation


Common algorithm Common algorithm structure and appropriate structure and appropriate

parametersparameters• The Frame Structure with Power The Frame Structure with Power

ControlControl– Frame structure concerning power control Frame structure concerning power control

can be characterized by a set of can be characterized by a set of parametersparameters

• ModulationModulation– QPSK : IS-95 CDMA and WCDMA systemsQPSK : IS-95 CDMA and WCDMA systems

– GMSK : GSM and DECT systemsGMSK : GSM and DECT systems

0

)()(n

nQPSK nTtgZtS

0

)()](exp[n

nTtgn

0

])(2exp[)(n

t

nGMSK dnTgdhjtS

0

0 )(n

n nTtCZ


Software layers on SDRSoftware layers on SDR• Layer A (Application Software)Layer A (Application Software)

– End-user application software such as WWW, user interface, etc

• Layer B (Communication Protocol Layer B (Communication Protocol Software)Software)

– Control call process, handover resource allocation and so on

• Layer C (Signal Processing Algorithm Layer C (Signal Processing Algorithm Software)Software)

– About physical layer related to Modulation, CODEC, interleaving.. etc


Software download timeSoftware download time • TTddD/R = D/WD/R = D/W• TTdd : the software download time : the software download time• R : the channel data rateR : the channel data rate• D : the code download quantityD : the code download quantity• W : bandwidthW : bandwidth

DD TdTdAA 5MB5MB 150s150sBB 500kB500kB 15s15sCC 50kB50kB 1.5s1.5sPP 50B50B 1.5m1.5m

ss

DD TdTdAA 5MB5MB 150s150sBB 500kB500kB 15s15sCC 50kB50kB 1.5s1.5sPP 50B50B 1.5m1.5m

ssW.200Khz W.1Mhz

The downloading time with the dedicated download channelThe downloading time with the dedicated download channel


Download ComplexityDownload Complexity

• A set of components for a radio A set of components for a radio functionalityfunctionality

• Right set of components for right timeRight set of components for right time• Time taken for downloadTime taken for download

– Push:download is initiated by base Push:download is initiated by base stationstation

– Pull: download request by user Pull: download request by user terminal terminal

• Validation of downloaded componentsValidation of downloaded components• Compilation of componentsCompilation of components

Jamadagni, Silicon Automation Systems, IndiaJamadagni, Silicon Automation Systems, India


Pull and PushPull and Push• Pull : SDR terminal locating s/w Pull : SDR terminal locating s/w

components may cause heavy traffic.components may cause heavy traffic.• Push: tailor data to user’s profiles in Push: tailor data to user’s profiles in

anticipation of user “when needed” anticipation of user “when needed”• Download s/w Download s/w

– Computing applicationsComputing applications– Protocol entities or changing of the Protocol entities or changing of the

air interface or serviceair interface or service– Signal processing algorithm for Signal processing algorithm for

modificationmodification


User Download RequestUser Download Request• Pure-Push: periodic push and Pure-Push: periodic push and

updating without requestupdating without request• Pure-Pull: on a miss, clients send Pure-Pull: on a miss, clients send

a pull request to the servera pull request to the server• Hybrid Push and Pull: The client Hybrid Push and Pull: The client

sends a pull request for a sends a pull request for a component only if the periodicity component only if the periodicity of push by the server is greater of push by the server is greater than a threshold.than a threshold.


Complete download Complete download scenarioscenario

PULL

PUSH

Push vs Pull for complete download scenario

SignalProcessing

ProtocolComp’s Application

Comp’s

Full personality download


Incremental personality Incremental personality downloaddownload

• Server Load is low -> Clients in steady state, Pull-based download is Server Load is low -> Clients in steady state, Pull-based download is betterbetter

• Server Load is high -> push approach is better since server requests are Server Load is high -> push approach is better since server requests are queued leading to latencies in servicing requestsqueued leading to latencies in servicing requests

• Server load is moderate -> Server load is moderate -> Hybrid

PULL

PUSH

A Push vs Pull possibility for the incremental download

SignalProcessing

ProtocolComp’s

ApplicationComp’s

Involves just in time download of needed components


Centralized Distribution of Centralized Distribution of Software, Software, TRUSTTRUST

인터넷 또는 작은 규모의 네트워크에서의 클라이언트 서버 구조인터넷 또는 작은 규모의 네트워크에서의 클라이언트 서버 구조 - - 중앙의 서버로부터 소프트웨어 다운로드후 업그레이드중앙의 서버로부터 소프트웨어 다운로드후 업그레이드 - - 터미널이 업그레이드 되기 위해서 하나의 서버로 충분터미널이 업그레이드 되기 위해서 하나의 서버로 충분 큰 규모의 네트워크에서의 클라이언트 서버 구조큰 규모의 네트워크에서의 클라이언트 서버 구조 - - 하나 이상의 서버가 필요 하나 이상의 서버가 필요 - - 라우팅 메커니즘 도입 필요라우팅 메커니즘 도입 필요 - - 캐시서버캐시서버 (PROXY SERVER)(PROXY SERVER) 이용이용 아주 오랜 시간 업데이트 되거나 수많은 아주 오랜 시간 업데이트 되거나 수많은 server server 또는 프록시를 또는 프록시를

필요로 하게 됨필요로 하게 됨 특정 시간에 준하여 주기적으로 신호를 브로드캐스팅 해서 특정 시간에 준하여 주기적으로 신호를 브로드캐스팅 해서

업그레이드가 가능한지 요청하도록 할 수 있으나 그것 자체가 업그레이드가 가능한지 요청하도록 할 수 있으나 그것 자체가 터미널터미널 -- 네트웍간의 추가적 부하 야기네트웍간의 추가적 부하 야기


SoftwareSoftwareServer 1Server 1

SW request

SW download

Software

Server 2

Software

Server N

SW requestLoad balancing

Central software Central software distributiondistribution



SW requestSW download

SoftwareCacheServer 1

Proxy caching

…SoftwareCacheServer 2

SoftwareCacheServer N

Software distribution with Software distribution with proxies.proxies.


Decentralized Software Decentralized Software DistributionDistribution


SW distribution: SW distribution: Step 1Step 1(Central: Server -> (Central: Server -> terminal)terminal)

(2)

(1)

(3) (4)

( (( )) )

( (( )) )

( (( )) )( (( )) )

SW distribution: Step SW distribution: Step 22(Decentral: Terminal -(Decentral: Terminal -> terminal)> terminal)SW distribution: Step SW distribution: Step 33(Decentral: Terminal -(Decentral: Terminal -> terminal)> terminal)

....


1 21

Access point

Mobile terminal

BlackboardBlackboard List of availableList of available services in the services in the

cellcell Green serviceGreen serviceavailableavailable

BlackboardBlackboard List of availableList of available services in the cellservices in the cell Add green serviceAdd green serviceavailableavailable

이동통신에서 가능한 분산 방식이동통신에서 가능한 분산 방식

2


ISSUES IN OTA DEVICE SOFTWAREISSUES IN OTA DEVICE SOFTWARE UPGRADESUPGRADES

Figure 1. Elements involved in OTA mobile software upgrade

2.1. Interoperability

2.2. Variations in ME architectures

2.3. Extensibility


PROPOSED ARCHITECTUREPROPOSED ARCHITECTURE1. Notification and Download Protocol for

patch

SyncML(SYNChronization/device Management protocoL)

=> J2SE at server side, J2ME and MIDP(Mobile Information Device Profile) at client side.

2. Storage and Installation of patch on ME

We have used J2ME at client side for defining Java API for this functionality.

3. Generation and Storage of patch on download server


Client Application(Midlet)

TM Profile

SyncMLProfile

HTTP

Patch Profile

Security LibraryServer Application(Servlet)

Server Profile

SyncMLProfile

HTTP

MIB

PatchGenerator

SyncML DMProtocol

Management Server(J2SE Environment)

TransportProtocol

Management Client(J2ME Environment)

Figure 2. OTA Mobile Device Software Management Architecture

PersistentMemory

User InterfaceUser Interface

Device Management LogicDevice Management Logic

Data Repository ManagementData Repository Management

DataDataRepositoryRepository

ManagementManagement


Software Communications Software Communications Architecture (SCA) Security Architecture (SCA) Security

elementselements• The The SCA security supplementSCA security supplement contains several contains several

hundred specific security requirementshundred specific security requirements - Encryption & Decryption Services- Encryption & Decryption Services - Information Integrity- Information Integrity - Authentication & Non-repudiation- Authentication & Non-repudiation - Access Control- Access Control - Auditing and Alarms- Auditing and Alarms - Key and Certificate Management- Key and Certificate Management - Security Policy Enforcement & Management- Security Policy Enforcement & Management - Configuration Management- Configuration Management - Memory Management- Memory Management

John J. FittonJohn J. Fitton


Encryption & Decryption Encryption & Decryption ServicesServices

• These servicesThese services can be used (1)to can be used (1)to maintain maintain the privacythe privacy of different types of of different types of information; (2)to information; (2)to protect the informationprotect the information; ; (3) to (3) to protect the integrityprotect the integrity of any class of of any class of software for download purposessoftware for download purposes

• The The encryption algorithmencryption algorithm used for download used for download should be standardized on a global levelshould be standardized on a global level

• Efforts should focus on Efforts should focus on minimizingminimizing the the number of different standardsnumber of different standards

• Encryption/Decryption algorithms could be Encryption/Decryption algorithms could be downloaded and executed as part of the downloaded and executed as part of the Security Provider ApplicationSecurity Provider Application


Information IntegrityInformation Integrity• Information IntegrityInformation Integrity ensures that ensures that

information received or stored at some information received or stored at some earlier point has not been changed either as earlier point has not been changed either as a result of transmission/storage media errors a result of transmission/storage media errors or intentional modificationor intentional modification

• One method of providing this service is to One method of providing this service is to encrypt the informationencrypt the information with an algorithm with an algorithm designed to prevent undetected modification designed to prevent undetected modification of the informationof the information

• Another method might be to perform a form Another method might be to perform a form of of mathematical calculationmathematical calculation using all of the using all of the informationinformation


Authentication & Authentication & Non-repudiationNon-repudiation

• Authentication and non-repudiationAuthentication and non-repudiation methods are well known by those familiar methods are well known by those familiar with with public key cryptographypublic key cryptography

• These involve the use of These involve the use of digital digital signaturessignatures and and certificates.certificates.

• These security functions as one of the These security functions as one of the most critical to solving the most critical to solving the SDR download SDR download securitysecurity since they provide the means to since they provide the means to verify the legitimacy of a software verify the legitimacy of a software package downloaded onto a SDR terminalpackage downloaded onto a SDR terminal


Access ControlAccess Control• Access ControlAccess Control mechanisms in mechanisms in

today's environment generally today's environment generally consist of consist of user passwordsuser passwords

• Two areas of concern regarding Two areas of concern regarding access controls are (1) access controls are (1) how how passwords are protectedpasswords are protected within the within the terminal; and (2) terminal; and (2) what access control what access control mechanismsmechanisms are necessary to access are necessary to access any terminal security audit log.any terminal security audit log.


Auditing and AlarmsAuditing and Alarms• Auditing and alarmsAuditing and alarms security security

functions provide a means to functions provide a means to capture events that the terminal capture events that the terminal records in some manner records in some manner when a when a security process is violatedsecurity process is violated

• This process might be a receipt of This process might be a receipt of an improperly signed software an improperly signed software download or a report of numerous download or a report of numerous failed attempts for password entryfailed attempts for password entry


Key and Certificate Key and Certificate ManagementManagement

• Key lengths, formats and key tags identifying Key lengths, formats and key tags identifying the function of the key, expiration dates, the function of the key, expiration dates, etc..., are all candidates for etc..., are all candidates for standardizationstandardization

• Standardization efforts must go beyond Standardization efforts must go beyond format and content, and address format and content, and address how, when how, when and where keys and certificates and where keys and certificates will be will be updated and replaced, and updated and replaced, and what security what security mechanisms mechanisms are required to protect these are required to protect these items while they are in transititems while they are in transit

• Decision must be made to define Decision must be made to define who may who may have the authority and resources have the authority and resources to create to create keys and certificateskeys and certificates


Security Policy Enforcement & Security Policy Enforcement & ManagementManagement

• Security policiesSecurity policies are simply are simply defined as rules governing how defined as rules governing how the security mechanisms are to be the security mechanisms are to be employedemployed

• Specific security policies could be Specific security policies could be downloaded and installed in the downloaded and installed in the same manner assame manner as keys keys or or digital digital certificatescertificates


Configuration Configuration ManagementManagement

• Configuration managementConfiguration management is necessary is necessary within the SDR to ensure that the terminal within the SDR to ensure that the terminal has the required hardware capability to has the required hardware capability to support a support a new software downloadnew software download

• The terminal should provide a The terminal should provide a copy of an copy of an installation log listinginstallation log listing the hardware the hardware platform type and configuration as well as platform type and configuration as well as an an identifier identifier and and version numberversion number of all of all installed software to the centralized installed software to the centralized configuration managerconfiguration manager


Memory ManagementMemory Management• Memory managementMemory management can be an can be an

extremely effective security measure extremely effective security measure to guard against surreptitious to guard against surreptitious attempts to attempts to modify installed softwaremodify installed software

• In this role the Radio Security Module In this role the Radio Security Module would have output control signals to would have output control signals to allow the memory allow the memory write-access control write-access control lineslines to activate and support writing of to activate and support writing of programs and data into memoryprograms and data into memory


SINCGARSNET 1 SDR

NET A

SDR NET C

SINCGARSNET 2

SDRNET D

SDR NET EIW Threat

MonitoringJamming

DeceptionChaos

SDR 1 SDR 1

SDR 1 SDR 1

위성

Wired Infrastructure

Wireless Attacks LOS, HF, SATCOM, UAV

Wired AttacksEthernet

HF/LOSLinks

UAV Links

SATCOMLinks

Wireless & Wired IW Attacks on SDRWireless & Wired IW Attacks on SDR


SDR Subsystem IWSDR Subsystem IW DetectionDetectionCareful subsystem design, bus access Careful subsystem design, bus access control, control, message authentication, and physical message authentication, and physical LAN security LAN security

Ethernet Interface SecurityMessage

LayerAuthentication

Physical Layer

Detection

RF Subsystem

BlackHost

Red Host

Security Subsystem

Modem Subsystem

PCI Bus


Physical Layer Physical Layer DetectionDetectionSpecifying waveforms with processing gain Specifying waveforms with processing gain

options for frequency hopping, spreading, options for frequency hopping, spreading, and interference suppressionand interference suppressionCommand changes in operating band and Command changes in operating band and

modulation to modulation to avoid or mitigate the attacking threat.avoid or mitigate the attacking threat.

SDR networks must be designed with the SDR networks must be designed with the flexibilityflexibility to minimize the opportunities for to minimize the opportunities for successful enemy action or disruption.successful enemy action or disruption.

flexibility flexibility multiple modulation formats, multiple modulation formats, frequency bandsfrequency bands

Steer antenna nulls in the direction of the Steer antenna nulls in the direction of the attacker attacker

Information-style attacks that attempt to Information-style attacks that attempt to subvert operation and data in the radiossubvert operation and data in the radios


SDR SecuritySDR Security• SDR S/W SDR S/W 다운로드할 때다운로드할 때 , , 프로그램의프로그램의

보호보호 ((Protection), Protection), 인증인증((Authentication), Authentication), 암호암호((Encryption) Encryption) 기능 필요기능 필요

• 공개키 암호시스템과 공개키 암호시스템과 SDRSDR– SDR SDR 환경에서는 전력환경에서는 전력 ((Power) Power) 소모와 소모와

구현문제로 적용이 용이하지 않음구현문제로 적용이 용이하지 않음– DSP/FPGADSP/FPGA 로 구현된 로 구현된 SDRSDR 로 암호화에 로 암호화에

필요한 기능 지원 가능필요한 기능 지원 가능


Security of Existing Security of Existing Wireless SystemWireless SystemItemItem AlgorithmAlgorithm

User AuthenticationUser Authentication Hash function, Hash function, Block cipherBlock cipher

Authentication of N/W Authentication of N/W Operator/Service Operator/Service ProviderProvider

Same aboveSame above

Encryption of User Encryption of User DataData

Stream Stream cipher(scrambling)cipher(scrambling)

Encryption of Control Encryption of Control ChannelChannel Stream cipherStream cipher

Hiding User IDHiding User ID Temporary IDTemporary ID


Cryptographic SchemeCryptographic SchemeObjectObject ExplanationExplanation

Privacy or Privacy or ConfidentialityConfidentiality

Keeping information Keeping information secretsecret

Data IntegrityData Integrity Ensuring data has not Ensuring data has not been alteredbeen altered

Authentication Authentication or Identificationor Identification

Confirm the identity of an Confirm the identity of an entityentity

Message Message AuthenticationAuthentication

Authentication the Authentication the original messageoriginal message

SignatureSignature Binding information to an Binding information to an entityentity

CertificationCertification Endorsement of Endorsement of informationinformation


Symmetric and public key Symmetric and public key cryptosystemcryptosystem

– Symmetric key cryptosystemSymmetric key cryptosystem•Encryption key = Decryption keyEncryption key = Decryption key•Sender/Receiver must share the Sender/Receiver must share the same keysame key

– Public key cryptosystemPublic key cryptosystem•Use two different keyUse two different key

– Encryption : Public KeyEncryption : Public Key– Decryption : Secret(or Private) Decryption : Secret(or Private) KeyKey


Encryption Algorithm of Encryption Algorithm of SDR inSDR in Flexible Security Flexible Security

SystemsSystemsEncryption Encryption algorithmalgorithm

KeyKeyDeliberatioDeliberationnAlgorithmAlgorithm

Existing Existing implementatimplementationion

SDRSDR SecuritSecurityy

ScramblingScrambling Custom chipCustom chip

DSPDSPoror

FPGFPGAA

WeakWeak

StrongStrong

ScramblingScrambling Block Block CipherCipher

Software+ Software+ Custom chipCustom chip

Block Block CipherCipher Custom chipCustom chip

Block Block CipherCipher

Public Key Public Key cryptosystecryptosystemm


Public Key Public Key cryptosystecryptosystemm



Security of ProgramSecurity of Program Download of SDR Download of SDRItemItem CountermeasureCountermeasure

Illegal copying of Illegal copying of download download programprogram

Encryption of Encryption of download download channel, channel, hardware key, hardware key, terminal IDterminal ID

Alteration of Alteration of download download programprogram

CertificationCertification


Algorithms of EC into SDR Algorithms of EC into SDR NameName Main agentMain agent AlgorithmAlgorithmAVANTAVANT AutomatiaAutomatia DESDESDANMONTDANMONT DANMONTDANMONT SAMSAMGeldKarteGeldKarte KAKA VisaCashVisaCashMONDEXMONDEX Mondex IntMondex Int DES > RSADES > RSANTT Electric NTT Electric CashCash

NTTNTT RSA/FEAL/RSA/FEAL/DESDES

PROTONPROTON BanksysBanksys DES/RSADES/RSAVisaCashVisaCash Visa IntVisa Int DES/RSADES/RSA


RSA RSA 암암 // 복호화 연산 속도 복호화 연산 속도 및 전력량 비교및 전력량 비교

PlatformPlatform

SpeedSpeed(msec/operation)(msec/operation)

Energy Energy ConsumptionConsumption

(mWs)(mWs)EncryptiEncrypti

ononDecrypDecryp

tiontionEncryptEncrypt

ionionDecrypDecryp

tiontionPentiumIII PentiumIII 800Mhz800Mhz 0.20.2 14.314.3 6.06.0 429429

i486 33.4Mhzi486 33.4Mhz 4.794.79 342342 23.923.9 17101710

DSP TMS-DSP TMS-320C6201320C6201 1.21.2 11.711.7 3.653.65 35.635.6

FPGA XC4085XL-FPGA XC4085XL-3PG559C3PG559C 0.0130.013 0.1260.126 0.002810.00281 0.02740.0274


ConclusionConclusion

Analog Basebandand RF Circuits

AD FSM

phonebookRTOS

ARQ

Keypad,Display

Control

Coders

FFT Filters

Accelerators(bit level)

analog digitalDSP cores

uC core(ARM)

Logic

Dedicated Logic

Communication Algorithms Protocols

Jan Rabaey

Smart Reconfigurable Radio Architecture

vada.skku.ac.krvada.skku.ac.kr/classinfo/system_level_d… · ppt file · web view ·...

Documents