Wireless devices that address specific functional needs are commonplace. Many share common characteristics, but vary greatly in performance and abilities. For example, a cell phone and a video game remote may use the same 2.4 GHz band and have common protocol characteristics, but clearly cannot perform the other’s primary task.
The myriad of communications protocols and standards allow anyone who wants to learn the frequencies, algorithms, modulation schemes, commands, and interactions to gain access to this information. These criteria also work fine if, for example, you are trying to fit your design into an open interconnect standard, where parts are readily available from manufacturers who want to provide first, best, lowest cost, or lowest power solutions for a well-defined application.
Sometimes, however, proprietary communications links are what is needed. A security system link, a medical device, or a locking/unlocking mechanism, for example, cannot run the risk of anyone easily interfering with them. In addition, for simple applications you not only want a low-cost transmitter, but the targeted system may not tolerate step-up transceivers (consider that a remote starter for your car never needs to receive any data, so why add to the cost burden).
The alarm sticker
A sticker on the window or door saying you have an alarm system is pretty effective. It is estimated that a sticker alone will eliminate 80 percent of impulse break-ins.
A closed or proprietary system is like an alarm sticker. If you cannot detect it, manipulate it, or interfere with it using standard tools for standard protocols, then you must undertake a research project to reverse engineer an unknown. Not everyone has the resources to do this, discouraging most illegal or quasi-legal behavior on the part of someone with a development kit and some software.
Of course, it is true that even with a state of the art alarm system, there are experts who can still break in. The same is true for custom RF. Anyone with deep enough pockets and sufficient smarts can unravel anything you come up with if so inclined. However, most will not, which is sufficiently comforting both to those using and designing products such as pacemakers.
A simple technique is to make something addressable with a long preamble that must be correct to gain access control. For example, the Linx Technology TXE-315-KH2 is a stand-alone, preamble-encoded transmitter. Aimed at remote control applications, it uses 10 address lines that are user-set via pull-ups, pull-downs, DIP switches, shunt jumpers, or micro I/O lines as the preamble that will precede the 8-bit payload (see Figure 1).
Figure 1: Before any payload data is decoded, the preamble must be correct.
The 315-, 418-, and 433-kHz bands allow the transmitter to hit ranges up to 3,000 ft., according to Linx. Other than an antenna, no external components are needed for the simplest low-cost and low-power applications. A matching KH2 Series receiver from Linx will decode the signal to drive remote control relays, triacs, or data lines for a receiver station micro, if needed.
Simple preamble techniques are fairly good at keeping remotes rather unique, but can easily be broken with today’s tools and equipment. To make it a bit harder for anyone to break into your link, there are some rules you can customize.
Changing the rules
Some rules you cannot change, but some you can. The FCC will dictate what bands and power ratings you are allowed to transmit depending on the modes. This is a rule you cannot change. However, the commonly used techniques for modulation, and the way they are used, are fair game for change.
Typical schemes such as amplitude modulation (AM or ASK), frequency modulation (FM or FSK), phase-shift-keyed modulation (PSK), and quadrature modulation (QSK, QPK) can be combined to create hybrid links that can be very hard to decode and interfere with. A simple technique that is rather effective is to combine modulation techniques so that either demodulator alone will not recover usable data.
Using a microcontroller along with a modulator and transmitter can make more advanced encoding schemes possible, including adaptive and algorithm based sequencing. A part well suited for this type of design is the Infineon TDK 5100 series of ASK/FSK modulators and transmitters.
Operating in the 433–435 and 868–870-MHz bands, the 5100 family can directly drive a loop antenna and features an integrated frequency synthesizer and external-component-free VCO, making it a good candidate for small-sized and battery-powered applications.
It also has a nice interface for ASK vs. FSK input data (see Figure 2). When a small and low-power microcontroller is placed in front of the two modulator inputs, combined and dynamic modulator signals can be implemented that provide a whole new layer of protection. The signal is no longer ASK or FSK. It is both, depending on when you look.
Figure 2: By providing ASK and FSK digital inputs, mixed mode transmissions can take place that are harder to decode and interfere with.
Another wrinkle to discourage would-be intruders is to use predetermined amplitude steps rather than just carrier-on / carrier-off modulations. Either controlled through a sequencer or microcontroller, a part such as the National LMH6505 can be used in the output driver stage to provide discrete amplitude levels for the ASK signals. A receive-signal-strength (RSSI) level on the receive end can decode an independent signal piggy backed onto the standard ASK signal (see Figure 3).
Figure 3: By providing discrete amplitude thresholds, a signal decoded by a typical AM decoder will not get the real data. Only a receiver sensitive to signal strength will extract real data.
More than just a keychain
For more sophisticated applications, higher data rates and framed packets may be needed. More transmit power is possible when using certain modulation techniques that take advantage of frequency hopping. For example, spread-spectrum emissions are allowed to be higher than narrow-band transmissions so longer distances and higher bandwidths are possible.
Here is where some creative solutions can be implemented to make your RF link virtually impossible to detect and hack. For example, the sequencing for frequency hopping does not have to follow any standard or predetermined algorithm. Instead, user-defined frequency-hopping pages can be stored in the transmit controller. Channel spacing and bandwidth can be modified as well.
An embedded microcontroller makes this possible because of its programmable nature. For example, unique hash codes can be used to seed and generate the hopping chart values. Based on a real-time clock, unique codes can be generated independently at each end of a transmission link.
A good part for this is the Maxim MAX2150. As a wideband modulator peripheral chip, it contains a precision synthesizer with resolution down to 100 MHz. With these types or resolutions, evenly spaced steps are not necessary and the intervals can be interleaved with standard frequencies.
A simple three-wire serial interface provides complete control of the configuration, power levels, synthesizer, and shutdown modes. The on-chip, low noise reference oscillator is useful from 10 to 50 MHz to help reduce fractional spurs which can occur when the frequency is at an offset less than the PLL filter bandwidth.
Similarly, the quadrature-modulating RFMD RF2713TR7 can be used to implement a custom modulator and demodulator by forward feeding I and Q baseband signals. With IF frequency ranges from 100 kHz to 250 MHz, there is a lot of room to transmit in between spaces that standard equipment will not step on or detect.
The low component count allows this to be useful for a small transmit only, receive only, or transceiver modules (see Figure 4).
Figure 4: Both the modulator (A) and the demodulator (B) require few external components to create a small-sized, low-cost transmit-only or receive-only node.
From using closed or proprietary systems, to different coding methods, to changing how you use the frequencies in which the system operates, there are several methods that can be used to secure your wireless communication systems. Using the guidelines presented in this article, you can design your own RF modulation stages and secure your system from outside interference. All of the parts, data, tools, and application information mentioned in this article can be accessed through the provided links to the Hotenda website.