Date: Wed, 17 Aug 94 04:30:24 PDT From: Ham-Digital Mailing List and Newsgroup Errors-To: Ham-Digital-Errors@UCSD.Edu Reply-To: Ham-Digital@UCSD.Edu Precedence: Bulk Subject: Ham-Digital Digest V94 #274 To: Ham-Digital Ham-Digital Digest Wed, 17 Aug 94 Volume 94 : Issue 274 Today's Topics: 900MHz phone spread spectrum systems [Q] best software for KAM+ AUTOEXEC.NOS for NOS with BAYCOM modem Does a FAQ exist for packet newbys? Gateway within CA? Jnos-Enet Solved TnX ! JVFAX Interfaces? Send Replies or notes for publication to: Send subscription requests to: Problems you can't solve otherwise to brian@ucsd.edu. Archives of past issues of the Ham-Digital Digest are available (by FTP only) from UCSD.Edu in directory "mailarchives/ham-digital". We trust that readers are intelligent enough to realize that all text herein consists of personal comments and does not represent the official policies or positions of any party. Your mileage may vary. So there. ---------------------------------------------------------------------- Date: 16 Aug 1994 17:53:42 GMT From: ihnp4.ucsd.edu!news.cerf.net!mvb.saic.com!MathWorks.Com!yeshua.marcam.com!zip.eecs.umich.edu!newsxfer.itd.umich.edu!ncar!newshost.lanl.gov!beta.lanl.gov!wolf@network.ucsd.edu Subject: 900MHz phone spread spectrum systems To: ham-digital@ucsd.edu here's the summary of relevant details that arose from my earlier post requesting details on the 900 MHz ss phones. i was somewhat dismayed; very few seemed to have any hard facts on these systems. i tried to sort out the conflicting info, so some of this may not yet be right. hopefully someone in the know will enlighten us. i had asked: " does anyone have any details on the ss systems used in, say, the escort phones? spreading sequence generator, moduation methods, synchronization schemes, etc.? one of the felows that i talked with at cincinnatti microwave suggested that their phones choose a spreading sequence randomly whenever the phone gets used. is this true? " it turns out that there are at least two digital schemes for 900 MHz phones. the second, not ss, is what the tropez phone uses. first i'll point out what appear to be open questions, then i'll summarize the tropez and then move on to the ss phones. finally, i'll note the cryptographic security and attack issues that were mentioned and end with some micellaneous items. ------------------------------------------------------------------------------ Open Questions: what is the spreading sequence mechanism? details? how is the sprerading sequence and digitized audio used? audio sampling rate? spreading sequence rate? for the tropez, there are similar questions, though the modulation is not ss. chip-set details? ------------------------------------------------------------------------------ Tropez one poster suggested: >>p.s. There are reports that the audio is transmitted in the clear on 450 >>MHz. Not sure of the signal level, tho. >> > >yes... I reported this late last week... and am still researching it. My >phone though, is the Tropez 900 DL which is not spread-spectrum but >digitally modulated on single carriers within the 900 MHz band. What I >have found is that there is some leakage of in-the-clear audio in the >430 MHz amateur band from the handset. Others have found and reported >similar signals. I am trying to get someone from VTech (the manufacturer >of the phone) to discuss this with me... but they seem to be having trouble >returning my calls. thus it appears that the tropez does not use ss, and that there is a low level 430MHz or thereabouts (what is the exact frequency?) analog leak from the phone. the same poster gave some details on the tropez phone's digital system: >I believe the modulation is PCM... and it is scrambled with a one of >64K possible patterns that is chosen each time the handset is removed >from the base... what is the pattern generation mechanism? how is it in some sense "randomized". one guess would be that there is a continuously generated pseudorandom sequence and that the time that you start to use the phone determines the phase of the sequence relative to the start time... this would be a silly sort of rng tho. but it would _suffice_ since it is not too difficult to design a pseudorandom sequence generator with a short correlation length. one would also like to know if the pseudorandom sequence bit time is long, or short wrt the analog digitization time. also, what is the method for using the pseudorandom noise with the digitized audio? i.e., are the two x-or'd or something more "interesting"? finally, if there are indeed 64K possible patterns, what generates and determines these patterns? another poster commented on the modulation scheme, gave a bit rate, but did not comment on the number of pseudorandom patterns or their method of generation: >I'm fairly satisified with the 900 MHz Tropez I've got right now. >It goes almost a block radius around my house. The Tropez is *not* >spread-spectrum.. Tropez uses a single channel 16 KHz PCM signal >that is about 100 KC wide. Unless you are in a super saturated >location, I am not convinced that spread spectrum is significantly >superior to the channelized units. later they wrote, but no mention of what use is made of the "key": >The PCM chip in the Tropez is made by Motorola. ... The CPU looks to be >something like a 6809 derivation. > >The key is a 16 bit word. I don't know if there is an easy way to >get in sync once the initial hand-shaking is done -- probably there >is, because the system has to be farily robust in the presence of >signal interruptions and multipath distortion. > >I believe the code is not sent out over the air, but is downloaded >directly into the handset when you put the phone on the base unit. then some comments on how the handset and base sync: >I've noticed the base sends out a little ping when you set the the >handset on the base. I surmised the ping does two things: 1. >Sees if anybody else is on the same channel, if so change to >another channel. ------------------------------------------------------------------------------ SS 900 MHz Systems the folklore is that the 900 ss systems in use use direct sequence ss: >My understanding is that these phones use direct sequence spread spectrum. as to the synchonization scheme, the typical autocorrelation method was guessed: >I think you sort of slide your sequence back and forth over the signal, and >when they're synced, the signal gets clear in an easily detectable way. and another poster said: >Once you know the code and have the incoming signal, you can use some >kind of sliding correlator- try the, say 63, possible starting points >for the sequence, and find which one produces the larges received >signal, ie the biggest correlation peak. Then you continue to lock and a comment on "64K" codes, which i don't understand at all! whatever! maybe someone has some actual details on the ss systems in use? >When they say "Uses digital spread-spectrum techniques with >64,000 different codes," they may probably be saying that there's one >sequence and 64K access codes to dial out, which is the same as an analog >cordless with 64K security. another comment on the spreading sequence (?) states: >The best US system I have heard of uses 16 bit encryption... clearly some details are missing! my guess is that there is a lfsr that is 16 bit wide, generating a 64K m-sequence that is x'or'd with the digitized analog... the normal trick. again, what is the bit rate of the prng? how many spreading sequences are available? etc. so far we've seen no good details... a comment on the setting of the "security code", no details on what "security code means": >According to the AT&T owners manual, The security code changes >automaticly when the phone goes off hook. one poster gave some information on the number of legally available spread- ing sequences: >Each Spread Spectrum user in the 900MHz range has a choice of 4 >types of spreading. I believe they are the same type as the ones allowed >for Hams. note: 2 lfsr schemes x 2 prng schemes = 4 types of modulation schemes. these are the legally available ham modes. ------------------------------------------------------------------------------ Crypto and Security one poster writes: >Direct sequences are easy to figure out. (These are single shift register >generators.) If you know how long it is, say N stages, all you need is N+1 >bits to figure out the code and the synch. another responds: >Strictly speaking what you say is true (and you need 2N consecutive >bits) with two (important) conditions: > > 1. The shift register must be _linear_, i.e., the feedback > bit must be an XOR of some fixed subset of the current bits > of the shift register. > > 2. It is good to have access to the pure spreading sequence > _unmodulated by data_, you see, sometimes one period > of the spreading sequence spans more than one data bit > and this causes inversions. > >Of course, these two problems are trivial in a crypto sense. If it >is right that they're using m-sequences (maximal length sequences) >in these cordless phones, yes m-sequences are linear hence >satisfy condition 1. the second poster gets close to the issue of how to attack a ss phone system. note that if the quiet time digitized audio spans more than 2N bits that you then have an instant "in". is there a reference to the result mentioned? we need details on the sppreading sequences, rates, etc. anyone have a phone and care to look up their part numbers? another comment on security. it would appear that security is nonexistent if only a few spreading sequences are allowed, unless there is some sort of additional crypto layer in the system. note that the fcc does not allow hams to pre-encrypt their transmissions, as is suggested below. >> Spread spectrum was not developed as an encryption scheme. > >Taking a wider view (no pun intended), spread spectrum is just another >method of implementing the physical layer. If you want security, >encrypt the digital data prior to sending it to to the DSSS >"pseudo noise" "mixer". ------------------------------------------------------------------------------ Miscellaneous issues a comment on who is making ss systems (?) >Maxim is now offering some of the 9 GHz process technology they bought >from Tektronix. They have a spread spectrum transmitter chip you might >want to look at. They also have technical information about spread >spectrum to help you. another comment on something relevant to making listening devices ? i'm not sure what this poster intended! >Look up companies QEI and CYLINK. Cylink is in Calf. Both about $5grand. One >is audio only while Cylink is digital u to 500kbaud for real time video >digital stuff. 1200 units can be on same channle AT ONCE? one poster's thought on jamming and encryotion: >Wasn't one of the main purposes of spread spectrum to make it >harder to jam a signal? The encryption is just ancillary, and >not that good? The encryption only becomes secure when you >use a one time pad...right?a and the response (i don't want this to become a thread on how easy it is to hide a ss system. i'm guessing that it would be very difficult given the fcc's mandate (if one poster's statement is correct) that only a few (maybe as few as two) spreading sequences be allowed.) >Spread spectrum was not developed as an encryption scheme. The >properties that makes it desirable are : > > Protection against jammers. This is measured in the AJ (anti- > jam) ratio. Some simple math shows how much more jammer > energy is needed to cause bit errors(digital communications) > > Low probability of intercept. SS signals can be placed below the > noise floor in many cases. This means that covert operation > can be conducted with some communications. --- ======================================================================== david r wolf - wolf@lanl.gov - 1+505-667-3813 - 1+505-662-9102 -- wb4vcq ======================================================================== ------------------------------ Date: Mon, 15 Aug 94 21:10:17 MST From: ihnp4.ucsd.edu!dog.ee.lbl.gov!agate!howland.reston.ans.net!swrinde!cs.utexas.edu!asuvax!ennews!stat!david@network.ucsd.edu Subject: [Q] best software for KAM+ To: ham-digital@ucsd.edu khopper@kimbark.uchicago.edu (Kenneth C Hopper) writes: > New KAM+ owner seeks good software suggestions. > OP only on HF. I'm running Version 9.02 of KaGold for the KAM. Been very happy with it. david wb7tpy --- Editor, HICNet Medical Newsletter Internet: david@stat.com FAX: +1 (602) 451-1165 Bitnet : ATW1H@ASUACAD ------------------------------ Date: 16 Aug 1994 15:31:59 GMT From: ihnp4.ucsd.edu!dog.ee.lbl.gov!agate!howland.reston.ans.net!usenet.ins.cwru.edu!cleveland.Freenet.Edu!ei938@network.ucsd.edu Subject: AUTOEXEC.NOS for NOS with BAYCOM modem To: ham-digital@ucsd.edu Packet Radio Gurus: Would an Elmer help me out of this NOS jam? I need a copy of an AUTOEXEC.NOS file for a PA0GRI NOS configuration on my PC. I am using a BAYCOM modem (finally got that working... more details after I work out the bugs) and the AX.25 drivers for BAYCOM. I had a working copy, but during configuration/testing, it got corrupted and now it is scrambled. My backup NOS.ZIP got scrambled too, so next time I am keeping the backup on the shelf rather than on the computer. I was trying to set the entire system up on a 1.44MB floppy disk, but it somehow did not set up correctly. I think the floppy may be on the fritz... Can/would anyone help out and send me a copy of their AUTOEXEC.NOS for NOS with BAYCOM modem? Thank you in advance. 73! Andrew Lynch, N8VEM alynch@wpgate1.wpafb.af.mil ------------------------------ Date: 16 Aug 1994 17:15:53 GMT From: ihnp4.ucsd.edu!agate!howland.reston.ans.net!gatech!swrinde!elroy.jpl.nasa.gov!lll-winken.llnl.gov!earl.llnl.gov!user@network.ucsd.edu Subject: Does a FAQ exist for packet newbys? To: ham-digital@ucsd.edu If so, where would I find it? Thanks, Gary --------------------------------------------------------------------------- The ramblings expressed above do not reflect the opinions of LLNL. Gary Ross Ross@NOVAX.LLNL.GOV Lawrence Livermore National Laboratory Rossman@eworld.com NOVA Laser Operations Rossman@aol.com P.O. Box 808, L-489 Livermore, CA 94551 ------------------------------ Date: 16 Aug 1994 10:31:55 -0700 From: enews.sgi.com!wdl1!ltis.loral.com!not-for-mail@decwrl.dec.com Subject: Gateway within CA? To: ham-digital@ucsd.edu Is there a gateway in CA that can be used for traffic between a CA packet address and a CA internet address? Or is gate@wb7tpy.ampr.org the only one to be used? Thanks for the help. -- hlb@ltis.loral.com ------------------------------ Date: Fri, 12 Aug 94 13:38:31 BST From: pa.dec.com!csu.napier.ac.uk!ee17@decwrl.dec.com Subject: Jnos-Enet Solved TnX ! To: ham-digital@ucsd.edu Thanks for all the helpful replies to my problem re connecting an ethernet packet driver to Jnos. All sorted out now and working Tickety-Boo :-) PS If your ethernet is not 'flat' remember to add this to your auto.nos: route add default otherwise you won't get off of the segment your on !! regards and thanks again, %% Alastair J. Downs \__\_\_\ a.downs@csu.napier.ac.uk %% %% E.E & Comp.Eng.Dept. \ |\ \ \ phone +44 31 455 4389 %% %% Napier University, Edinburgh | _ fax: +44 31 455 7938 %% %% Scotland, UK |_| |_ GM6NEI@GB7EDN.#77.GBR.EU %% ------------------------------ Date: Mon, 15 Aug 1994 17:02:25 +0000 From: ihnp4.ucsd.edu!ucsnews!sol.ctr.columbia.edu!howland.reston.ans.net!pipex!demon!myth.demon.co.uk!zeus@network.ucsd.edu Subject: JVFAX Interfaces? To: ham-digital@ucsd.edu I am currently running JVFAX 5.1 (anyone know a FTP site for a more recent version?) with the simple comparator interface. Before I launch head on into building the full AM/FM serial port version, are there any plans to use the Sound Blaster ADC?, or are there any alternative circuits, since the ADC chip is proving difficult to source. Cheers. Mike. -- Michael S. Cowgill (Mike) \_ My opinions! MINEMINEALLMINEHAHAHAHA! zeus@myth.demon.co.uk (That's me) \_ " Swirly thing alert! " G1VOX@GB7WRG.GBR.EU 44.131.2.76 \_ " ...Cracking toast Gromit!... " ------------------------------ Date: Mon, 15 Aug 1994 17:45:46 +0000 From: ihnp4.ucsd.edu!dog.ee.lbl.gov!agate!doc.ic.ac.uk!uknet!pipex!demon!llondel.demon.co.uk!dave@network.ucsd.edu To: ham-digital@ucsd.edu References , <1994Aug12.154901.27305@ke4zv.atl.ga.us>, <32h270$12t@hpbab.mentorg.com> Subject : Re: Packet Node Info Wanted There seems to be a load of rubbish in this thread! While DXing to a distant BBS is usually not a good idea, on the basis that it should have the same bulls as your local one, the network should be able to handle a bit of interactive traffic between users who are several nodes apart. I have in the past had useful chats with amateurs several hundred miles away using the node system - when replies arrive in under a couple of minutes it is no problem at all. Having said that, I can sympathise with those who maintain large chunks of the network with no support - my local network is effectively run by three people, with occasional help from a few others. There are probably 600+ users in the coverage area. Dave -- ***************************************************************************** * G4WRW @ GB7WRW.#41.GBR.EU AX25 * * * dave@llondel.demon.co.uk Internet * Stop the World! I want to get off! * * g4wrw@g4wrw.ampr.org Amprnet * * ***************************************************************************** ------------------------------ Date: Tue, 16 Aug 1994 13:01:58 GMT From: ihnp4.ucsd.edu!dog.ee.lbl.gov!overload.lbl.gov!agate!howland.reston.ans.net!gatech!wa4mei!ke4zv!gary@network.ucsd.edu To: ham-digital@ucsd.edu References <326vf6$dir@eagle.natinst.com>, <1994Aug9.135536.9869@ke4zv.atl.ga.us>, <1994Aug15.170956.24013@arrl.org>mei Reply-To : gary@ke4zv.atl.ga.us (Gary Coffman) Subject : Re: local organizations that help people get acquainted with packet radio In article <1994Aug15.170956.24013@arrl.org> zlau@arrl.org (Zack Lau (KH6CP)) writes: >An interesting path I've worked twice on all bands from 1.3 to >10 GHz is Mt Equinox to Woburn, MA. While Equinox is at 3800 ft, >there is Grand Manadnock at 3165 ft. almost in the center of >the path (54% of the way there). On 2 meters, I need 10 watts >and a 10 dBi antenna--with 2 watts to a 7 dBi antenna I need >someone to relay! But, this knife edge path is workable all the >way through 10 GHz running QRP. Path length is 179 km. Fine, but could you guarantee a 60 db fade margin 7x24 52 weeks a year, and no heavy multipath? That's what you need for a reliable data link at a resonable speed (1 Mb+). Gary -- Gary Coffman KE4ZV | You make it, | gatech!wa4mei!ke4zv!gary Destructive Testing Systems | we break it. | uunet!rsiatl!ke4zv!gary 534 Shannon Way | Guaranteed! | emory!kd4nc!ke4zv!gary Lawrenceville, GA 30244 | | gary@ke4zv.atl.ga.us ------------------------------ End of Ham-Digital Digest V94 #274 ******************************