Layer 1 encryption and decryption
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Alternative Title |
| |
| Title of Series | ||
| Part Number | 14 | |
| Number of Parts | 29 | |
| Author | ||
| License | CC Attribution 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/18843 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
| |
| Keywords |
Hacktivity 201514 / 29
1
4
6
17
00:00
EncryptionOSI modelComputer networkData modelData typeHypermediaOpticsBit error rateLine (geometry)Wireless LANMereologyTelecommunicationFrequencyDigital signalDisintegrationHeat transferContent (media)Maxima and minimaNormed vector spaceAlgorithmVideo gameNP-hardMessage passingMotion captureTable (information)SequenceSpectrum (functional analysis)SoftwareSoftware-defined radioDuality (mathematics)Musical ensembleContinuous functionTowerPower (physics)Envelope (mathematics)Distortion (mathematics)Level (video gaming)TransmitterDiagramNoiseReading (process)Workstation <Musikinstrument>Video trackingAsynchronous Transfer ModeImage resolutionBlock (periodic table)WaveFast Fourier transform3 (number)Shape (magazine)FingerprintPulse (signal processing)Harmonic analysisDigitizingStaff (military)Data transmissionSource codeWechselseitige InformationPhysical lawInterior (topology)InformationFlagChemical equationRevision controlMultitier architectureMetropolitan area networkUsabilityFreewareRange (statistics)Transformation (genetics)Chemical equationHypothesisReal number1 (number)QuicksortBitService (economics)Physical systemMedical imagingImpulse responseStudent's t-testAlgorithmFrequencyInformationGroup actionFood energyDistribution (mathematics)Set (mathematics)TransmissionskoeffizientSensitivity analysisContent (media)Data transmissionTelecommunicationFingerprintDistortion (mathematics)AnalogyCodeMultiplication signComputer programmingProcess (computing)AdditionDiagramCross-correlationWeb pageObservational studyOrder (biology)Power (physics)Instance (computer science)Branch (computer science)TransmitterWaveUniform resource locatorForm (programming)Direction (geometry)Expert systemSpectrum (functional analysis)Noise (electronics)Sign (mathematics)Universe (mathematics)MathematicsInteractive televisionTask (computing)BEEPNumberCharacteristic polynomialHarmonic analysisDirectory serviceOnline helpPersonal digital assistantForcing (mathematics)PseudozufallszahlenElectric generatorSoftware developerLevel (video gaming)Line (geometry)Shape (magazine)SequenceExtension (kinesiology)Stability theoryLogicBlock (periodic table)Table (information)Channel capacityOperator (mathematics)Image resolutionPoint (geometry)DataflowSurvival analysisKey (cryptography)Integrated development environmentDistanceMultiplicationArithmetic meanEstimatorThermal radiationEntire functionCategory of beingSubsetAnalytic continuationChainRandomizationScheduling (computing)Physical lawSoftwareSocial classView (database)Inheritance (object-oriented programming)Limit (category theory)WeightFigurate numberCASE <Informatik>MeasurementCharge carrierLinearization2 (number)IterationClassical physicsPortable communications deviceTwitterEnvelope (mathematics)Cellular automatonMusical ensembleHypermediaNeuroinformatikState of matterParameter (computer programming)Attribute grammarGoodness of fitLogic synthesisLetterpress printingAsynchronous Transfer ModeCondition numberLinear regressionConsistencyPlanningTrailVirtual machineEndliche ModelltheorieVarianceWater vaporSystem administratorCountingSinc functionFrequency distributionReal-time operating systemRandom number generationCalculationWhiteboardUltrasoundAxiom of choiceDigital signalReduced instruction set computingConnectivity (graph theory)Maß <Mathematik>Metropolitan area networkStapeldateiVariable (mathematics)Lattice (order)Message passingWordExecution unitVideoconferencingClient (computing)Procedural programmingSoftware-defined radioAuthorizationAssociative propertyDegree (graph theory)Greatest elementSelf-organizationHydraulic jumpEuler anglesPopulation densitySoftware testingMathematical optimizationRight angle10 (number)Machine visionTunisDuality (mathematics)GSM-Software-Management AGLink (knot theory)Game controllerInternetworkingSampling (statistics)Function (mathematics)Extreme programmingCovering spaceSemiconductor memoryWorkstation <Musikinstrument>MultilaterationDigitizingPredictabilityRun time (program lifecycle phase)Reflection (mathematics)Natural numberSchmelze <Betrieb>ScatteringConnected spaceFast Fourier transformContext awarenessTraffic reportingMechanism designVideo cardWireless LANEncryptionData miningRouter (computing)Type theoryTowerCodecFloppy diskVulnerability (computing)Phase transitionConstructor (object-oriented programming)Compilation albumRow (database)Escape characterFerry CorstenObject (grammar)Topological vector spaceMixed realityPropagatorSimilarity (geometry)Reading (process)Pattern languageDigital signal processingStanding waveCoprocessorServer (computing)MotherboardStreaming mediaCoordinate systemAlgebraWritingRectangleLecture/Conference
Transcript: English(auto-generated)
00:05
I hope most of you are still awake. If you aren't, I'll try to make them. When we talk about digital communication, everybody knows the seven-layer OSI model
00:24
of the networks. When we talk about protection or checking, we usually talk about layers two and three, where we are looking for various weaknesses, attack points, and these are the places where
00:44
we build our protections. Maybe we extend this layer four but not further. And layer one, as we all know, is the physical layer. We don't have to do anything with that, do we? The network is wired up somehow, and we do trust that it works as it should.
01:04
This, however, depends on the components we use in the network. Traditionally, we have been using wired networks, copper-based networks, and optical fiber networks. These are not really dangerous and not really interesting.
01:22
Because if anybody wants to attack a network like this or compromise a network like this, then they will need to access it. Let's now, for the moment, forget about the situations where a router administrator
01:41
defines a port and mirrors the traffic of a network branch. Instead, let's think of the classical line tapping methods. On a wired network, if we connect a foreign device or a measurement unit to this network,
02:06
this is feasible. This will cause the physical parameters of the network to be measurably changed. Reflections are generated by the extraneous device, and the reflections also allow us
02:28
to find where the network was compromised, where this extraneous device was connected. The same applies to an optical network. If I touch a fiber optic connector to branch it off, it will also cause reflections
02:55
which can be measured, and the runtime of the signal, the time until the reflection
03:02
arrives back at the origin, enables us to determine where exactly physically our network was changed. If we consider wireless networks, this is a bit more interesting.
03:22
If we have a Wi-Fi network, we can monitor it for days or weeks or months, listen to the traffic, and it will leave no trace behind. The owner of the attack system will perhaps only notice that something is wrong because
03:42
data that he thought were protected are starting to be used by unauthorized parties. Another possibility is that the owner will realize that he is the subject of a man-in-the-middle attack, so his local station was replaced by another one, and the data that the owner
04:05
thought were protected are being used. But you can't get much of interest from a Wi-Fi network, at least we do hope. Let's hope that we can, because Wi-Fi vulnerabilities are pretty well known.
04:21
The situation becomes more interesting if we want to eavesdrop on covered communication, which was not meant to be able to be accessed by simple means by anybody.
04:42
And here, consider not only the data content, because it's not only the data content that carries information, but also what the two endpoints are that are communicating. This is a more interesting scenario. For instance, you know the so-called Link 16 communication, also well known in Hungary,
05:06
which is not meant for any years. Because the distress communication among Hungarian MiGs is using this communication,
05:27
and the goal was to hide this from normal users. Now, once something has been irradiated as a radio signal, it is in the ether, and
05:40
with appropriate devices, anybody can listen to them and can use them, assuming he is able to put together the data segments, and the time it takes to decode it only depends on his computing capacity that he can throw at the task.
06:04
Since communication is analog, where this analog communication is protected by some technique, the digital protections, encryption, are relegated to second place,
06:21
because analog communication is going to be extracted, they say. Now, if we talk about Layer 1 and wireless communication, then we are saying that Layer 1 cannot be encrypted, this is analog communication, analog signals are passed through the network, nothing to be done with them.
06:41
They can't even be protected, because these systems usually irradiate into all directions, and even if you have a directed antenna and a point-to-point connection, and even then you have scatterings, you know, based on the Huygens-Fresnel principle,
07:03
that signals are reflected from obstacles and radiate in all sorts of directions, so you cannot even determine whether anybody is listening to this traffic, and you cannot disable them from doing so.
07:21
In traditional radio communication, what we used to have was a sender, which was tuned to a specific frequency, a receiver was also tuned into the same frequency, we pressed a button, the transmission started, and the receiver received the transmitted signal.
07:43
This is not really a safe data transmission method, so we certainly do need something. In digital radio communication, two technological steps open up new opportunities and possibilities.
08:04
One is that so-called direct digital synthesizer transmitters appeared. This means that I tell the sender to operate at a specific frequency, and the sender will then tune into this frequency in a couple of tens of nanoseconds,
08:25
and the receiver is a software-defined radio, an SDR. It can also be told to tune into a frequency, or it can be made to monitor a broad frequency spectrum, and show any radio communication it finds within this broad piece of the spectrum.
08:50
If I know the sender's frequency, I can tune into that frequency with my receiver. If these frequencies are changed sufficiently frequently,
09:06
then the eavesdropper will not be able to find the next frequency I'll continue my transmission on. So I can also digitize my voice signal and mix it or multiplex it with other digital data,
09:29
and I can in this manner use a big number of frequencies simultaneously, so I can change transmission and reception frequencies very frequently.
09:43
This is called frequency hopping. I can even use a pseudo-random sequence of frequencies and hope that the opponent will not be able to find my message.
10:00
What does frequency hopping look like? The sender works at a specific frequency for a certain time. This is package number one. We send this voice data, other data, digitally encoded. This is the first bit.
10:22
Then I give some time to both the sender and the receiver to tune into the next frequency. This is the so-called blank time. The sender, during this time, tunes into the new frequency to be sent on and the receiver also to the same frequency to receive on.
10:41
Now the second batch, the second package of data is sent by the sender, and this is continued in the same manner. When we started working on this topic, we were curious about the frequency of changes,
11:00
and we were told that this is a classified data. So we had a closer look at a similar equipment, and Texas Instruments manufactures the chipset that we use to control this, as it turned out. So we visited Texas Instruments' homepage, and we found a very nice table about the settings that the chipset is able to do.
11:25
And we found that the slowest frequency hop is 1,200 hops per second, and in an extreme case, it can go up to 3,200 frequency changes per second.
11:44
This means that even if I pick up a channel, one channel of this transmission, I won't be able to do anything with it. I just hear a beep and that's all. So you cannot use a traditional receiver to capture these packages.
12:02
On the sender side, we have a so-called direct frequency synthesizer that generates the frequency I'll be using to transmit on, and this frequency will be determined by a pseudo-random generator. Then this signal will be amplified.
12:22
It will be modulated by the pattern that I want to transmit, and when it gets transmitted, the pseudo-random generator must match with the pseudo-random generator in the receiver,
12:41
which also generates a frequency that should be the transmitter's sending frequency. And then this signal can be decoded on the receiver side and then processed. So from this point on, I have my digital signal flow,
13:03
and all I have to do is use the key to decode the transmitted data. Here again we are faced with the problem that the process itself is once again declared to be classified.
13:25
So we could once again turn to the vendor of Texas Instruments, who manufactured the appropriate chip, and we could extract the super sensitive information that was not divulged to us
13:41
when we requested it. So if I want to decode a message like this, then I need to concatenate the various bits of the information that were transmitted on different frequencies. So I need the entire package chain, and only then can I decode it.
14:02
So first I need to hunt together all the packages, concatenate them to a contiguous signal flow, and then I can apply the devices for decoding or cracking the signal flow. If I know the algorithm for the pseudo-random frequency generation,
14:24
then this is relatively simple. So if I have two paired equipment, then it's easy. If I do not, however, know how the pseudo-random generator operates,
14:41
then I am in trouble, because after each waiting time, I'll have to find the carrier frequency of the next package. Commercial frequency hopping equipment uses only a few frequencies. Actually, Texas Instruments uses 17,
15:02
and they follow each other in the steps of 1 MHz. For instance, in the equipment I show you, it's not a big jump, but if I don't know where the hop is, 17 MHz higher or three lower, then I'm in trouble.
15:26
I am sure everybody, all of you, have equipment on your person that uses frequency hopping. Who does have it on this person? Obviously, if you know what it's about, then you will know.
15:42
One of the classical frequency hopping devices are actually cell phones, the GSM cell phones. Both the cell tower and the device in our pockets are capable of direct digital synthesis in order to change the frequency of the transmission
16:02
and also for receiving and concatenating and decoding it as well, obviously. What type of a receiver should I actually acquire in order to perform such an activity? We have already mentioned a so-called software-defined radio.
16:28
This is the only device which is capable of concatenating frequency hopping transmissions. Its most important characteristic is that
16:42
while traditional radio frequency transmitters actually works in a way that selects the certain frequencies, these other ones, I can see the whole range of frequencies,
17:02
digitalizes them into 8, 12 or even 24-bit depth. And from that spectrum, with an FFT, a fast Fourier transformation, it actually selects the frequencies that might be of interest to me.
17:21
So, I can see a 510 rivet 100 MHz spectrum. And within that spectrum, within algebra method, I select those that are real transmission frequencies, which is noise, which has to be subdued.
17:41
And from the interesting frequencies, which is the one that, according to my random number generation, is a transmission assigned to me. It's very similar to the old panoramic receivers, where I could see several frequencies simultaneously, but all panoramic receivers actually swept through a range,
18:04
through a spectrum, and I could not see in real time everything simultaneously. Only with some sort of a delay could I sort out the frequencies, but simultaneously, in real time, I could not download a whole range of frequencies,
18:23
a whole spectrum of frequencies, I could not analyze those. What we see here is a rather professional SDR, with the help of the Belgian Roda Schwartz.
18:43
It's not small, it's 40 kilograms. It works with a 24-bit resolution, and can analyze the spectrum that we find interesting up to 20 GHz.
19:04
We presented a few examples with the help of this device, on how such a frequency-hoping communication looks like. The easiest way to demonstrate is when you switch on your mobile phone, your cell phone.
19:22
You can see this rather simple dual-band GSM phone. It works at 900 MHz and 1.2 GHz. You can see a huge impulse at 900 MHz. This was where the first time was located. Then you see a smaller one. When you communicate with the first time, there's an 1800 MHz one available as well.
19:43
Then you see half of the size, when it received the tower through 1800 MHz and started communicating with that tower as well. Now, if we observe this communication, then we deliberately made the phone enter into constant communication.
20:05
That is, we started talking on the phone. You can see that it uses seven frequencies. This nice shape towards the right actually shows us where we're communicating,
20:23
what the frequency distribution is and what the energy distribution of that frequency is. Practically, even the distribute on the seven frequencies, the energy amount that the cell phone wishes to transmit.
20:44
If we go closer and observe this rectangular shape closer, then we see that its top is undulating,
21:04
but the receiver can still sense it. In this lower diagram, we can see the data packages. Every single horizontal line is a data package,
21:22
and these are the data packages that have to be put together. Now, let's take an even closer look. We see the same frequency peaks, but the two sides, we see parasite frequencies. Those are not programs, but are due to the distortion of the transmitter.
21:43
In the middle, the frequency distribution is quite even, but at the edges near the parasite, there's some sort of a problem. The receiver cannot really handle or manage the situation adequately. We see signals that we don't have to deal with. We don't have to work with them.
22:02
If we open up such a peak from the seven, then we see that even within the peak, there is a movement. The waterfall diagram is practically saturated.
22:22
The data packages are constantly hopping from frequency to frequency. They're coming in everywhere, and these are that we have to distinguish. These are the ones that we have to use to compile the frequency order and the data order, which contains the communication valuable to us.
22:46
Let us take an even closer look. One single dot on the waterfall diagram signifies a data package.
23:00
In real time, we have to locate the n number of data packages that belong together. We do get some help, though, not too much, mind you. One is that the transmitter is not capable of a large frequency open,
23:22
because even if they can't change the frequency, the amplifier and the antenna behind it may not be able to perform that. So if we can locate one frequency, then it's quite safe to say that we can only hop to an extent of five to eight percent
23:44
with great safety in order to ensure the survival of the transmitter and to make sure that the antenna actually transmits the signal. The main essence of what I have said so far is
24:03
that with the help of frequency hopping, we have created a situation where the receiving device that we have not prepared, we have not tuned, finds itself in a very difficult situation,
24:21
because it actually has to select the data packages in a way that the content of those is unknown. The frequency is also unknown. The order of frequency is also unknown. The schedule of the frequencies is unknown, and at the same time it has to compile them. This type of communication, therefore, has a lot of advantages.
24:45
On the one hand, it is protected against jamming, because the jammer has to be able to perform the same order of frequency with the same timing as performed by my transmitter and receiver. At the same time, it is protected against a confrontation
25:04
with any other radio stations. It mitigates the danger of that. It mitigates the opportunity of that to happen. The composition of the data packages is made up in a way that if the receiving was unsuccessful,
25:25
then they can ask for a reiteration of the data package. As we have seen, it is quite difficult to compile the data packages. This is more or less lost in the background noise.
25:43
In the last clip, we saw that if we have a very noisy background, the receiver that is capable of transmitting, and that we have a set and knows the order of the frequencies,
26:01
is capable of performing the compilation of the data. Another advantage is that conventional receivers cannot read this data. What we see here is a 30-, 40-year-old, really good quality radio, used by the Hungarian Defence Force, the Hungarian Army,
26:23
which cannot read this data. When is it also advantageous? For instance, in military application, if we are working with radar, the radar has two functional modes. One is a search mode, and one is a target-following mode.
26:43
In the case of modern radar devices, like in the case of the RAT-31 radars, three of which we have in Hungary, these two can be performed simultaneously. The radar constantly searches, and if it finds anything of interest, anything suspicious, it homes in on it.
27:02
The aircraft or any other machine that is homed in on by the radar knows that this is being followed, and it senses that the radar has now switched to tracking mode as a search mode.
27:21
If this is a civilian machine, then they will do nothing. If it's a military machine that has nothing to do there, it will probably feel embarrassed, to say the least, and try and make its escape. Tracking mode can be recognized by the fact that the radar impulses
27:43
are constantly following the object, even when the radar is not pointed towards the object. But if I change the frequency of the radar, then the airplane, the aircraft, will not notice that this is being followed, because it will receive one radar impulse, and then the next one it will receive in a different frequency.
28:00
That does not disturb the radar, because the radar knows that the frequency has changed, and it will expect the bounce-off signal at the same frequency as well. The main issue here is that the targeted aircraft will not notice that this is being tracked. In order for such a frequency-hopping communication to be acquired,
28:27
we need a software-defined radio, an SDR receiver, similar to the Rode-Schwarz receiver that we saw previously, which only has one problem, namely that it costs you 100,000 euros.
28:42
I would have liked to bring it home with me, but they did not let me for some reason. What does this machine know that the smaller ones do not? Well, namely that it digitalizes up to 24 bits, so I receive a very good digital signal, which allows me for perfect calculation. It has enormous calculation capacity built in.
29:04
It can perform the FFT procedure very efficiently, but unfortunately not sufficiently enough in order to instantly receive such frequency-hopping transmission.
29:23
There actually are better SDRs as well. Not one of these costs you $50. It works with a 12-bit resolution. It's a bit slower than the previously mentioned Rode-Schwarz receiver,
29:41
but the receiver adequate for DBVT receiving, which costs you about $10, also shows you how many signals you have in this spectrum, but that's the end of the line, because the installed calculation capacities are inadequate
30:01
for us to perform the George Fourier transformation that would enable us to compile the data, and the resolution of the device is inadequate for precise calculations. So in order for me to concatenate data packages,
30:29
I must be able to recognize what blocks have come from the same transmitter. This is interesting for many aspects, because if I want to define the location of the transmitter,
30:40
then I need to define the direction. I need to measure the direction. That takes time, and I have to be able to tell you the frequency upon which I want to perform a direction measurement. So I have to identify what transmitter the data blocks are coming from, and I have to be able to compile all the signals coming from that given transmitter.
31:07
I will take into consideration two characteristics of the transmitted signal. One is the harmonic content, which is a constructive characteristic of the transmitter. This cannot be forged, counterfeited, and cannot be changed.
31:24
The other one is the envelope. Namely, how this transmission is commenced, with what steepness, with what speeds can the transmission stabilize, and if a transmission ceases, how long does that take to happen,
31:44
what transients we can count on. And then, based upon that, if I have adequate calculation capacity, I will be able to tell that package books from 1, 5, 9, and 31 came from the same transmission. I was talking about frequencies, obviously.
32:02
Harmonic content can be defined by the FFT. What we see is the harmonic content of two transmitters. This one was traditional. The harmonic content comes from the distortion of the transmitter.
32:30
This actually has a very serious Hungarian background. Dr. Vladimir Tsik actually published a writing on this in the early 1990s,
32:40
and he was applying them on a noise frequency spectrum, but he came up with adequate findings. He actually published a book which had a floppy supplement with it, a five and a quarter inch floppy.
33:00
And what could be calculated with the IT available back then, Professor Tsik did actually perform. This is one parameter that we examine, the harmonic content, and the other one is the envelope. In the case of a regularly operating transmitter,
33:20
according to the first image, the transmitter switches on, it reaches its nominal performance, transmits the data log, data package switches off, and as the transients die down, the radiation of the transmission stops.
33:43
On the second image, you see a transmitter which performed an overshot. The slow starts have received a larger performance of transmission, and even the end is prolonged.
34:03
We can see a long mitigation of the transmission. The third one is a very similar case. It's an overshooting transmitter which dies down slowly. We said that we examined the first couple dozen periods,
34:24
but why? The parameters of the harmonic content, what initial phase looks like, what the last phase looks like, these all depend on the mechanic construction of the transmitter.
34:42
As the first data package or data block starts out, we can see that the temperature starts rising. So the first period will not be like the second one,
35:01
the second will not be like the third one, and after the 20th, 25th period, we see a constant state that we saw in the case of the envelopes. This means that the transmitter is working in a stable fashion. For that reason, we analyzed the first 10 or so periods.
35:23
That's what was worth examining, and based upon that, the radio or the radar transmitter can be identified as basically its fingerprints, and it's actually called the transmitter fingerprinting, as in the act of searching for the fingerprints of the transmitter.
35:42
So what do we have to do? We have to inspect every single new active frequency. We have to collect it and collect them and inspect them. We have to calculate the harmonic content. We have to examine the envelope shape,
36:03
and we have to place all this data into a chart. If there was a number of snapshots that are the same in two lines, then they both came from the same transmitter.
36:21
Well, not much. If I have 3200 frequency hopping, then the dwell time is 311 microsecs. This is very little. From this, the dwell time, the active transmission time is 250 microsecs.
36:42
If I have a 0 MHz frequency, then the first 20 periods take 70 nanoseconds. During these 70 nanoseconds, I'd be able to build a row of the property table that means to determine the harmonics content
37:03
and the shape of the envelope. This won't fly. It is impossible to perform this calculation by the time the next dwell time arrives. So I need to gain some time somewhere.
37:24
How can you win 250 microsecs? At the bottom, you see a switching diagram. This is a delay line. It appeared in practice at the beginning of the 30s of the previous century.
37:41
It was used, what you see is the delay line of a Hammond organ. On the second picture, you can see the delay line, the timing settings of a computer manufactured in the 70s.
38:01
On one end, it uses a signal, it exits on the other end, and each welding point can be used to tap to get out the delayed signal.
38:23
The third one you see is an acoustic delay line for TVs. It's very small, very stable, very low distortion, and extremely cheap. How does it work? The electronic signal is converted to ultrasound
38:44
and sent through an appropriately shaped quartz crystal. Ultrasound propagation time is significantly lower than that of radio signals, and it also pumps to and fro within the crystals, so it will experience a significant delay.
39:04
Actually, in this case, one TV line delay. It will appear undistorted and unchanged at the other end of the circuitry without affecting its harmonics content or envelope.
39:20
At the output of the delay line, I have the signal available without its harmonic content or its envelope having changed at all, so this gives me more time to process. When I send the signal into the delay line,
39:42
I start the FFT, I start tracing the envelope, then I separate the signal into two branches. One branch is sent to the delay line, and nothing else is done to the signal.
40:02
The other branch is sent to an SDR receiver, which has the only task to calculate the shape of the envelope and the harmonics content. These two kinds of information are not even processed.
40:20
They are immediately handed over to a SDR logic, to a digital signal processor, excuse me, which with its RISC processor and optimized for the task will compile the property stable, and based on the property stable, it will tell the SDR receiver which signal to work with
40:47
because this bit, this package, is the continuation of the previous package that it has used before. So with this delay line, I won. I gained the amount of time needed to process,
41:02
and this means that in quasi-real-time with only a couple of microseconds of delay, I have available the signal that the sender thought was protected because I won't be able to find the sequence. This couple of microseconds delay is not disturbing
41:22
if you only do direction measuring, and if you want to decode the concatenated signal, then it doesn't affect you at all. In the case of voice communication, a couple of microseconds delay doesn't count at all.
41:42
This process can, of course, be refined. If I tap the delay line like I showed you, it was possible with this one I showed you, or I concatenate two ultrasonic delay lines,
42:05
and with an SDR receiver in between the two, I refine my calculations, and if based on the first receiver I was not unable to decide which frequencies belong to what,
42:22
then I can use the second stage for these few remaining frequencies I still need to process, and process them with the second stage and end up with, once again, with the restored complete communication. So by adding a delay into the signal,
42:41
I obtain the extra time needed to process the entire signal. This is roughly what it is all about, and here, once again, we see the cheaper equipment, because by increasing the delay,
43:03
I can gain any arbitrary amount of time without decreasing processing quality. So you can play around with these devices, you can even use homemade equipment, because the processor that does the digital signal processing
43:23
can, for instance, be a good quality video card, or a unit server motherboard with multiple video cards, and you can start trying restoring signals. The only thing to take into account
43:41
is that this is a protected process, patent pending, and if you want to use it for commercial purposes, then let me tell you that I like dark beer. So this is my topic. If you have any questions, I'd be happy to answer them.
44:06
So the only signal in the system is the pseudo-random generator stuff, right? Yes. The degree of frequency hopping, I mean, the number of hops has been defined by the chipset.
44:20
The size of the jump, frequency jump or hop, is defined by the receiver's mechanical design. If it is tuned into frequency, then it's optimal at that frequency. If I start deviating from it, I'll experience standing waves. Power will be reflected from the antenna,
44:41
so you can't do the big jumps. Five to eight percent is the largest amount of jump you can make. The other important thing is that instead of a pseudo-random generator, you use a real random generator, and you embed in the package the frequency of the next frequency.
45:02
This can be done. And you cannot use traditional methods to decode this package stream because you have to first decode the package to find the next frequency. But if I can determine with transmitter fingerprinting to determine that this package comes from the previous,
45:22
is the coordination of the previous package, then I have one time and was able to decode the signal stream.
45:48
Well, thank you for your attention.