Schneier on Security

Roger • July 3, 2005 8:41 PM

Although I’m reasonably familiar with DSSS (direct sequence spread spectrum) and frequency hopping SS, I didn’t know much about UWB so I read up on it over the weekend. A couple of points which might help edify those also wondering.

By carrierless, they mean it quite simply in the regular sense; it’s a baseband system. When you’re not actually transmitting a “1” bit, the transmitter is not radiating any energy at all (modulo physical realisability). Practical duty cycles are on the order of half a percent for broadband systems, and much lower for tactical digital voice radios (one example I read about was for a duty cycle of 80 ppm).

It certainly isn’t security by obscurity. Like DSSS and frequency hoppers, the system is keyed and obtains a “process gain” advantage against an opponent who does not know and cannot guess the keying sequence. The process gain represents the ratio of powers required to obtain equivalent performance for jamming, interception, or detection of the system. UWB achieves a process gain by dividing up each bit transmission period into many slices and concentrating the transmitted power into one of these (pseudorandomly selected) slices. For example, a system transmitting a 1.544 Mb/s T1 link (648 ns/bit) with a pulse width of 2.53 ns, would have 256 “slots” where each pulse could be transmitted. If each pulse slot is selected through a CSPRNG, then the opponent has no choice but to spread his jamming power over all 256–but the transmitter has concentrated all of its power into one slot, so if it had an average power of, say, 4 W, it is very briefly transmitting at 1 kW. Similarly an opponent trying to intercept a signal at the limit of interception will not know which slot to listen to, so he is forced to either listen to all 256 (thus getting 256 times as much noise energy), or risk listening to the wrong slot and missing it altogether.

The main interest in UWB arises from the fact that practically realisable process gains in simple, low cost transceivers seem to be much larger than practically realisable process gains from DSSS or frequency hopping. For UWB the process gain is approximately equal to the inverse of the duty cycle. So if you have a duty cycle of 0.39%, an opponent will require approximately 256 times as much radiated power to attain the same level of jamming effectiveness as he previously needed against a simple transmitter otherwise identical to yours (i.e. same average power output, same range, same antenna, same signal transmitted). Or alternatively, the maximum range at which he can jam you is reduced by a factor of 16 times. For the above mentioned tactical digital voice radio, the process gain is a power ratio of 12,500 times, or range ratio of 1/112 th — an opponent who could previously jam me from, say, 10 km away, must now get to less than 100 m. By contrast civilian DSSS or frequency hoppers have process gains between about 10 and 64, while the best military systems are only about 1,000.

All three systems, through broadening their bandwidth, are also able to lower their spectral density, i.e. average transmitted power per Hz of bandwidth. This “loses the signal in the grass” (noise), making it much harder to even detect that a transmission is occurring. However it seems to me as though UWB, like frequency hopping, would not be as resistant to detection as DSSS is. In DSSS, the instantaneous power is spread over a wide bandwidth. In frequency hopping, only the average is, the instantaneous power is as high as usual. Thus if you merely wish to detect a frequency hopper and not intercept its whole signal, you need only listen to one of its frequencies; if you start getting bursts of power on that frequency roughly 1/(process gain) of the time, a frequency hopper is present. Similarly for UWB, you only need to concentrate on one of the time slices, when you keep getting pulses in it you know a UWB transmitter is present.

All of the above about jam resistance only applies if the opponent does not know the spreading code. If forced to use a public spreading code (as the FCC required for CDMA phones and 802.11 frequency hoppers), then it only applies to accidental interference, not deliberate jamming.

UWB has a couple of other advantages. Like both frequency hopping and DSSS, it allows multiple transceivers to share the same bandwidth, by using different spreading codes. And like DSSS (with very fast chipping rates) but unlike frequency hopping, it is also immune to most multipath interference, provided the path length variation is more than the speed of light x the width of a pulse (typically, just under 1 m). However some DSSS systems (CDMA) actually get ~improved~ signal strength through multipath interference, UWB is just immune to it.

Another advantage of UWB is that most of the work can be done in software. Unlike DSSS, the RF side of the system is relatively simple and can be shared by a variety of otherwise quite different systems. (In the past frequency hoppers also required some fancy RF circuitry, but with the rising prevalence of digital radio this is no longer the case.)