Author: Rob Krumm

Categories
Uncategorized

The Restaurant That Gave Away Free Bread.

A second parable about Wi-Fi monetisation.

This article is part of a series. If you haven’t already done so, go and read “The Advertising Funded Bakery“.

Now let’s get started with the second part.

Imagine that you own a restaurant. You sell a specific kind of cuisine and your restaurant is well known for having good customer-service and the food receives good reviews too.

One day, while looking for ways to further improve your customer-service, you notice that other restaurants have started placing a plate with a variety of breads on each table, before any food is ordered. This seems like a nice amenity that you could provide to your own customers, and so you decide to give do the same.

The bread plate is a pretty simple thing; it contains a few different types of breads, and a condiment like a pat of butter, or some olive oil. 

After a month of providing free bread to your customers you notice some interesting trends. Some of the customers eat the bread without any hesitation, while other customers ignore it. Because you’ve spent some effort on making sure the bread tastes great, your customers have started to view the free bread as one of the many attractive reasons to visit your restaurant. You also notice that, maybe because you’ve satisfied a few hangry customers, and because the bread has been largely well received, your customer reviews have improved, driving more business to your restaurant and increasing the frequency at which people return to your business.

The small cost of providing the free bread is outweighed by the benefits provided to your business. You still make enough margin on your other meals to keep providing free bread, even if some tables only order a salad and a glass of water.

For a real life example of this story, you can read all about Olive Garden’s limitless supply of breadsticks

In the next article in this series, I’ll try to compare the business model of the bakery, with the restaurant.

Categories
Uncategorized

The Advertising Funded Bakery

A parable about Wi-Fi monetisation.

Imagine that you are the owner of a bakery. Maybe a small shop in the central business district of a city or town. Let’s assume that it is reasonably successful and that you have sufficient regular customers to sustain your business.

As the business owner, you understand your fixed and variable costs quite easily. You know that your ovens, facilities and staff are capable of making a maximum number of loaves per day and you know what that cost is. You also know the quantity of raw ingredients (water, flour, salt, yeast), and of gas and electricity that are used for each loaf.

In this model you can quite easily work out how much to sell each loaf for, to achieve a specific revenue, or profit. In this scenario let’s pretend that you have done the math, and you sell each loaf of bread you bake for about $1.00 (USD).

OK so now we are setup for this story.

I am a bakery-monetisation vendor. I approach you and tell you not to worry about selling the loaves of bread anymore. I tell you that restaurants give bread away for free, and the time for selling bread has come and gone. 

I tell you that the right strategy for your business is to give the loaves of bread away for free. It’s what the people want. It is what they deserve! I propose to you that you should instead stamp adverts on the underside of the loaves of bread, and make your money from advertising instead. Or maybe you can hand out a survey with each loaf, that customers can fill in for external advertisers. Perhaps, I even quip, you could ask people for their contact details and sell those to people who want to message your customers about their products.

The only problem, I tell you, is that we can’t get $1 per ad, completed survey, or set of contact details. We can realistically achieve numbers that are about a hundred times lower. But don’t worry, I tell you, you can make up for it with VOLUME! 

If you simply make a hundred times more loaves of bread, you can achieve your original revenue, albeit at a much lower profit.

[At this stage, all of us should be clear on the problem here, but let’s continue with the story.]

You agree to the new scheme. You think passing out free bread to anyone who comes past your shop will improve your brand, and will increase your customers and reach. I install the bread advertising stamping machine, and you start handing out the free loaves of bread.

The first month doesn’t go so well. 

First of all, your staff and your ovens have now worked overtime to deliver the necessary quantity of bread to feed the crowds gathered at your shop each day. This has caused a dramatic increase in your costs and will likely mean future upgrades and maintenance to your oven and other facilities are required. The quality of the bread has also dropped dramatically since you are now just trying to serve as many loaves as you possibly can with your existing equipment and staff, instead of a making a product people want to buy.

Second, when it comes to the revenue, it turns out that advertisers have become accustomed to things like print adverts, that have colours and a much higher resolution. They aren’t willing to pay the relatively high rates for on-bread advertising, and they complain that the reach of the ads is also too small. Advertising sales are not going well.

Ultimately, I do find you an advertiser, but the sell-through rate on the ads is only about 50% and I could negotiate only half the original price. So you are now only making 0.5c on the dollar, and only about half of the time when I can find advertisers.

As the bakery owner, you have given away an enormous amount of bread, incurred dramatically higher costs, lost your ability to deliver a quality product and your return on investment has been negative. If you continue in this fashion, you will most likely go bankrupt faster than if you simply closed your storefront, and kept paying your staff.

In the next post, I will talk about another business that gives bread away for free, yet remains profitable, and compare it with our bakery.

Categories
Ruckus Ruckus ICX Switches

Ruckus ICX7150-C12P – Multiple Address Pools and DHCP Option 54

Note: this was tested on Software Version 08.0.61 of the ICX switch firmware.  If you are using a different release, you may want to verify my findings.

Introduction

I recently came across an interesting problem when trying to add more than one DHCP address pool to my home laboratory’s ICX 7150-C12P switch.  I wanted to add two new address pools to make attaching new x86 server hardware and Wi-Fi access points a little easier!

The rest, is history:

Setting Up Multiple Address Pools

I followed the steps to configure my DHCP address pools contained in this article and ended up with the final configuration of the new pools as follows:

ip dhcp-server enable
ip dhcp-server server-identifier 172.31.255.1
! 
ip dhcp-server pool mgmt_1
 dhcp-default-router 172.31.255.1 
 dns-server 10.0.0.254 8.8.8.8 
 excluded-address 172.31.255.1 172.31.255.99
 lease 0 6 0
 network 172.31.255.0 255.255.255.0
 deploy
!
!
ip dhcp-server pool x86_hosts
 dhcp-default-router 172.31.128.1 
 dns-server 172.31.128.1 8.8.8.8 8.8.4.4 
 excluded-address 172.31.128.1
 lease 1 0 0
 network 172.31.128.0 255.255.255.0
 deploy
!
!
ip dhcp-server pool ap-default
 dhcp-default-router 172.31.129.1 
 dns-server 172.31.129.1 
 excluded-address 172.31.129.1
 lease 0 6 0 
 network 172.31.129.0 255.255.255.0
 deploy
!

I assumed this was a perfectly simple change and that everything would work perfectly and went ahead and attached ALL THE HARDWARE!  I logged into the switch and used the command show ip dhcp-server binding and saw that the DHCP server had indeed, assigned some addresses to the newly attached hardware from my newly configured address pools.

“All is well!”  I smugly thought.  I thought wrong.

Symptom 1: Hello?  Anybody Home?

I attempted to reach the attached hardware, first by WEB UI, then by SSH, and then finally, and rather dejectedly I might add, by using a ping.  Nothing was responding.  This was very strange.  I could reach the gateway of each of my new networks, there was no special routing required to get back to me.   What on earth could it be?  The DHCP server had assigned the addresses… WTF man!?

I decided to plug my laptop into one of the switch ports and check what was going on.  Lo and behold, my laptop reported no assigned IP address.  But the Switch reported that it had in fact assigned me an address.  “The plot thickens…” I thought.

Symptom 2: Acknowledge Me!

At this point I knew that the switch had assigned the laptop an address, and I also knew that the laptop had not received one.  Something, somewhere was going missing and I needed a packet trace to actually see what was happening with the DHCP packets.  I disconnected from the switch, opened up Wireshark, set my filter to udp.port==68, started the trace, and reconnected to the switch.

This is what I saw:

Packet trace of the DHCP exchange with no DHCP Ack.

The packet capture showed up the problem pretty quickly – the switch was not sending a DHCP ACK.

Comparing with a working Address Pool

I knew that the address pool for my management network was working fine. Plugging a client device into an interface using the mgmt_1 address pool worked perfectly! So I had a look at the configuration of the switch (above), and tried to see if there was anything that was different about the DHCP server configs for 172.31.255.1/24 vs 172.31.129.1/24.  Turns out there was only one thing that seemed different:

ip dhcp-server enable
ip dhcp-server server-identifier 172.31.255.1
!

What is the Server-Identifier?

The server identifier is a global configuration for the DHCP Server on the switch. It provides clients with a unique identifier for the DHCP Server in the form of the DHCP server’s IP address. The attribute is sent by the server in DHCP option 54 in the DHCP OFFER packet, and is also used by the client when sending the DHCP REQUEST packet.

This can be a useful feature in environments with multiple DHCP servers.  Remember that DHCP messages sent by the client are always broadcasts.  This feature provides the client with a mechanism to specify which DHCP server, it is sending the DHCP REQUEST message to.   Here is a note from Microsoft explaining the same idea.

Solutions

Changing the Server-Identifier

First I tried configuring the server-identifier to 172.31.129.1. I reconnected to the switch and took another packet trace.  DHCP for my APs now worked, but DHCP on the interfaces dedicated to my management network stopped working.

It is my deduction that the switch’s DHCP Server sees the server-identifier in the DHCP REQUEST Packet and attempts to broadcast the DHCP ACK from the same IP Address.  If you are not in the same network segment as that IP Address, you won’t see the broadcasted DHCP ACK.  In this case 172.31.129.1 is not visible on layer 2 from the management network, meaning that the management network cannot receive any broadcast DHCP ACK messages from that IP.

This isn’t really a great solution, as it still only allows one address pool in the switch’s internal DHCP server to work at any given time.

Removing the Server Identifier

Secondly I tried removing the dhcp-server server-identifier completely.  I can do this because I only have one DHCP server in the network; I don’t really need to worry about giving clients a unique identifier to select a specific server’s lease offer.  This gave me good results! DHCP now works on all my interfaces. Each interface now responds directly to the broadcasted DHCP REQUEST messages they receive.  This solution works well, but only in simple environments where you’re sure your DHCP discover messages will only be heard by one server!

What About Using a Loopback Interface?

Well, I tried this, and rather unsurprisingly, I got the same results I got in my first option.  The DHCP OFFER and DHCP REQUEST packets are sent with the loopback interface’s IP Address specified as the server-identifier in Option 54. The switch fails to send back a DHCP ACK to any physical interface, breaking the DHCP exchange everywhere.  So this is a no go.

Working with DHCP in More Complex Environments

Sometimes we are required to work in more complex environments that may contain multiple DHCP servers serving multiple address pools.  Given what we have seen above, in these scenarios I would strongly advise NOT using the switch’s internal DHCP server.  I would be more inclined to use external DHCP servers along with the switch’s DHCP relay function.   You can configure any interface on your switch with an ip helper-address, that will forward any UDP broadcast messages to the specified DHCP server for that interface.  This also allows you to place DHCP servers in a centralised location, define which DHCP server will respond to a request on any given interface and cuts down on the amount of broadcast traffic flying about in your network.  Ideally, if you are working in a more complicated environment, this is the way to go!

 

As Always, I hope this was useful!

Categories
Uncategorized

Understanding Noise – Part 5: Noise Performance of Cascaded Systems

Thus far in this series on Understanding Noise we have looked at:

Modern radio receivers and electronic communications circuits consist of filters, amplifiers and mixers connected in series.  Each component contributes to the overall noise performance of the system as noise is added by each stage. This post will discuss how to calculate the contributions of each component to the overall noise performance of a cascaded system.  I will also show how system design, and the order that components are placed in can dramatically alter the performance characteristics of a receiver!

A Generalized Cascaded System

First let’s start by considering a generalized cascaded system, shown below with a total of k stages, each denoted by i.  Each stage has its own noise performance denoted by its own Noise Factor (Fni) as well as its own Gain (Gi).

The Noise Factor of the system is:

F_{n} = \frac{P_{no}}{P_{ni}.G_{t}}

G_{t} = G_1.G_2.G_3... ...G_k

For systems design tasks, using components with known characteristics, it would help if we were able to calculate the total noise performance of the system in terms of the noise performance of each of the components.  This leads us to the derivation of the Friis Noise Formulas.

Understanding Pna in terms of Noise Factor

Recall from the previous post that Noise Factor of a system is defined by:

F_n = \frac{P_{no}}{P_{ni}.G}

But we also know that:

P_{no} = (P_{ni} + P_{na}).G

So we can replace Pno with:

F_n = \frac{(P_{ni} + P_{na}).G}{P_{ni}.G}

Simplifying the expression yields:

F_n = 1 + \frac{P_{na}}{P_{ni}}

Making Pna the subject of the equation:

P_{na} = (F_n - 1).P_{ni}

Does this equation look familiar?  It should, go back and check the equation expressing the effective noise temperature of a system in the previous post!

Noise Factor of a Cascaded System

Consider the cascaded system below, constructed using a series of components, each described by the standard model.

If we look at output Noise Power Pno of the entire system we can see that:

P_{no} = (...(((P_{ni}+P_{na1}).G_1 + P_{na2}).G_2 + P_{na3}).G_3 +... P_{nak}).G_k

 You can multiply this expression out to get:

P_{no} = (P_{ni} +P_{na1}).(G_1.G_2.G_3... .G_k) + P_{na2}(G_2.G_3... .G_k) + ... P_{nak}.G_k

Looking at the Noise Factor of the entire system:

F_{nT} = \frac{(P_{ni} +P_{na1}).(G_1.G_2.G_3... .G_k) + P_{na2}(G_2.G_3... .G_k) + (P_{na3}.(G_3...G_k) + ...P_{nak}.G_k}{P_{ni}.(G_1.G_2.G_3...G_k)}

Let’s break this out:

F_{nT} = \frac{(P_{ni} +P_{na1}).(G_1.G_2.G_3... .G_k)}{P_{ni}.(G_1.G_2.G_3...G_k)} + \frac{P_{na2}(G_2.G_3... .G_k)}{P_{ni}.(G_1.G_2.G_3...G_k)} + \frac{(P_{na3}.(G_3...G_k)}{P_{ni}.(G_1.G_2.G_3...G_k)} + ... + \frac{P_{nak}.G_k}{P_{ni}.(G_1.G_2.G_3...G_k)}

If we use the expression for Pna in terms of Noise Factor of a stage we can see that:

F_{nT} = F_{n1} + \frac{F_{n2}-1}{G_1} +\frac{F_{n3}-1}{G_1.G_2} + ... + \frac{F_{nk}-1}{G_1.G_2.G_3...G_{(k-1)}}

Noise Temperature of a Cascaded System

We can also express a system’s noise performance in terms of equivalent noise temperature.  It makes sense to be able to calculate the equivalent noise temperature of a cascaded system.

Let’s start by looking at the model of a cascaded system with noise performance expressed in terms of equivalent noise temperature:

We know that for the first stage of the system the Noise Temperature of the output Tout is given by:

T_{Out1} = T_o + T_{e1}

Recall that this definition allows us to calculate the Noise Density at the output of the first stage as below:

N_o = k.T_{Out1}.G_{1}

where k is Boltzmann’s constant.

Looking at the expression for Tout of the entire system we can also see that:

T_{out} = \frac{(T_{o} +T_{e1}).(G_1.G_2.G_3... .G_k) + T_{e2}(G_2.G_3... .G_k) + (T_{e3}.(G_3...G_k) + ...T_{ek}.G_k}{G_1.G_2.G_3...G_k}

T_{out} = T_{o} +T_{e1} + \frac{T_{e2}}{G_1} + \frac{T_{e3}}{G_1.G_2} + ... \frac{T_{ek}}{G_1.G_2.G_3...G_{k-1}}

The total Equivalent noise temperature for the cascaded system is therefore:

T_{e} = T_{e1} + \frac{T_{e2}}{G_1} + \frac{T_{e3}}{G_1.G_2} + ... \frac{T_{ek}}{G_1.G_2.G_3...G_{k-1}}

 

Thats all for now!

Categories
Fundamental Concepts Wireless Communications

Understanding Noise – Part 4: Noise Factor, Noise Figure & Noise Temperature

Previous posts in this series:

Digital communication systems require received signals to be filtered and amplified before they can be demodulated and passed to the analog to digital converter.  Similarly, transmitted signals must also be passed to an analog amplifier and filter before being transmitted.  These components insert additional noise into the transmitted/received signals, negatively affecting the performance/reliability of a communications system.

Noise Factor, Noise Figure and Noise Temperature allow us to characterize the noise performance of these components.

Noise Factor

Noise Factor provides a way to measure the additional noise added to a signal as it passes through a component.

If we are looking at a component that amplifies the signal by gain G, then we know that the system will amplify the input noise as well as add additional noise.  This is modeled in the diagram below:

A model of a noisy amplifier.

An ideal amplifier that adds no additional noise, will still amplify the input noise (Pni) by the gain G. The output Noise Power of an ideal component is given by:

P_{no} = P_{ni}.G

A realistic component will insert additional noise (Pna) to the system.  We model Pna as entering the component before it is amplified by the gain G.  Therefore the output Noise Power (Pno) of a realistic component is given by:

P_{no} = (P_{ni} + P_{na}).G

The Noise Factor of the component is defined below:

F_n = \frac{P_{no}}{P_{ni}.G}

This is equivalent to looking at the ratio of  the SNR of the signal entering a component/system and the SNR of the signal output:

F_n = \frac{SNR_{in}}{SNR_{out}}

Understanding Noise Factor

You should be able to draw the following conclusions from the above equations:

  • The Noise Factor of an ideal system is 1.
  • The SNR of the input and output signals of an ideal system are equal.
  • The Noise Factor of a realistic system is always greater than 1.
  • The output SNR of a real system will always be smaller than the input SNR.

Input Noise Due to Thermal Noise

If we assume that the input noise Pni is purely due to thermal noise (the minimum possible noise level), then we define Pni to be:

P_{ni} = kT_oB

where To is the standard operating temperature, 290° Kelvin.  It is important to note, when calculating Noise Factor of a component, we always use To = 290° K for Pni.  Similarly, when testing the Noise Performance of a component, the test is always conducted at this temperature.

The calculation for Noise Factor of a system is thus:

F_n = \frac{P_{no}}{k.T_o.B.G}

This will have some implications further on when we discuss Noise Temperature.

Noise Figure

Noise Figure is simply the logarithmic scale equivalent of Noise Factor, expressed in decibels (dB).

N_F = 10Log(F_n)

We can also relate Noise Figure to values of SNR:

N_F = 10Log(\frac{SNR_{in}}{SNR_{out}})

N_{F (dB)} = SNR_{in (dB)} - SNR_{out (dB)}

Noise Temperature

Noise Temperature gives us another way to describe how much noise a system adds to a signal.  In this case, we look at the total noise performance of the system, and calculate an equivalent temperature (Te) that would yield the same noise power at the output via additional thermal noise.  It is important to realize that the noise temperature of a component describes the additional noise that the component inserts onto a signal before it is amplified, as shown in the figure below.

A model of a noisy amplifier using Noise Temperature.

Why Noise Temperature?

This is actually a good question.  The reason we use Noise Temperature is because it allows us an easy way to combine the effects of an antenna and a receiver together.  Antennas are responsible for receiving signals and passing them to a radio receiver where they can be amplified and demodulated.   Antennas also receive noise from the environment they are in as part of the received signal.  Antenna Temperature defines the mount of noise that can be measured at an antenna’s terminals.  Antenna Temperature is not a physical property of the antenna itself, but rather, a function of the antenna’s design and the environment it is installed in.  I will cover Antenna Temperature in some more detail in a future post!

A Simple Example

Assume that we measure the Noise Density at the output terminals of an arbitrary amplifier with a gain factor of 100 and establish it to be 7×10-19 Watts/Hz. What is the Noise Temperature (Te) of this system?

The Noise Density at the output is given by:

N_o = GkT_{out}

Where:

T_{out} = T_o+T_e
k = 1.38064852 \times 10^{-23}
T_o = 290^o

Te is therefore given by:

T_e = \frac{N_o}{Gk}-T_o

T_e = 217^o Kelvin

Converting To Noise Factor

We can also calculate the Noise Factor from the Noise Temperature relatively easily.  Recall that:

F_n = \frac{P_{no}}{k.T_o.B.G}

F_n = \frac{k.T_{out}.B.G}{k.T_o.B.G}

F_n = \frac{T_{out}}{T_o}

F_n = 1 + \frac{T_{e}}{T_o}

We can also convert from Noise Factor to Noise Temperature by making Te the subject of the above formula:

T_e = (F_n - 1)T_o

Further Reading

I found the following sources of information extremely useful for this article, they also cover things from a slightly different angle and extend the ideas presented above to cover cascaded systems:

Categories
Fundamental Concepts Wireless Communications

Understanding Noise – Part 3: Noise Spectral Density

Previous posts in this series:

In this post I want to discuss Noise Spectral Density.

Noise Spectral Density

Noise Spectral Density or Noise Density, (No) is a measurement of the noise power per Hertz.  For white noise, which is constant with respect to frequency we can simply divide the total noise power by the bandwidth of the system.  Assuming that thermal noise is the predominant form of noise in our system, recall the formula for thermal noise:

P = kTB

This means that the Noise Density is simply:

No = kT

where:
k = Boltzmann Constant (1.38064852 x 10-23)
T = Temperature in degrees Kelvin.

At a normal operating temperature of 290° Kelvin, the typical Noise Density is just under 4.004×10-21 Watts/Hz, or on the decibel scale -173.975 dBm/Hz. This produces a total noise power of -100.96 dBm in a 20MHz wide channel.

Other Types of Noise

What if you are calculating the noise density for a type of noise that is NOT constant with frequency, for instance grey noise?  In this case, The Noise Power and Noise Density would both be functions of frequency.  The Noise Density would be the derivative of the Noise Power with respect to frequency.  The total Noise Power is the integral of the Noise Density with respect to frequency.

Thankfully, most noise types in communications systems can be approximated as white noise, and we can leave out the calculus for now!

Useful Information

Here is a great video from the guys at Analog Devices that explains how to convert Noise Spectral Density to RMS Noise and the assumptions we should be aware of!

Categories
Fundamental Concepts Wireless Communications

Understanding Noise – Part 2: Sources of Noise

Previous posts in this series:

Sources of Noise

Thermal Noise

The first major contributor to noise inside electronic components comes in the form of Thermal or Johnson-Nyquist Noise.  This noise is present even when there is no current actually passing through any component.  It is present even when the device is turned off!

Thermal noise is caused by the random movements of electrons inside resistive electrical components.  A perfect capacitor or perfect inductor should exhibit no thermal noise as they have no resistance.  As we add up the random movements of all of the electrons, the net result of the random movements do not add up to zero.  In fact, at any given time, we will find a net movement of charge (a net electrical current) in some direction through the component.

As the temperature of the electrical component is increased, the electrons gain more kinetic energy and the energy of their random movements increases resulting in a higher net movement of charge and a higher noise level!  Johnson-Nyquist Noise is independent of frequency and can usually be modeled as white noise.

Thermal Noise does not account for ALL of the noise in a system.  Rather, it represents the minimum amount of noise that will be found in an ideal system.  There are many other sources of noise present in electronic and optical communication systems that must be accommodated!

Boltzmann Constant

Before we can go any further, we have to look at something called the Boltzmann constant.  This physical constant is the result of dividing the Gas constant R by Avogadro’s Constant NA and defines the linear ratio between the average kinetic energy of particles in a gas and the temperature of the gas.  If the temperature of the gas increases, the average kinetic energy of the particles of the gas increases by a linearly proportional amount!

“What on earth are we talking about gases for?” you might ask.  As it turns out, electrons inside a metallic conductor can be modeled as a gas!  The Boltzmann constant is defined in Joules per degree Kelvin and has a value of:

k =1.38064852 × 10-23 Joules/Kelvin

Going very much further into this topic is not for the faint of physics and is really beyond the scope of this post.

Calculating Thermal Noise:

The video above has a great description of where thermal noise comes from and how we derive the formula:

P = kTB

where:

P = Thermal Noise Power in expressed in dBm (Decibels above a milliwatt)
k = Boltzmann Constant
T = Temperature in Kelvin (0° Celsius = 273° Kelvin)
B = System Bandwidth in Hz

Non-ideal Filters

Remember that some systems do not use very high order filters.  This means that when we are looking at a band-limited system, it may be necessary to take into account the additional noise power introduced to the system by noise in the transition bands of the filters.  This information is referred to as the “Equivalent Noise Bandwidth“.

Thankfully, the filters used in modern digital communication systems are generally designed to have very small transition bands for the sake of spectral efficiency, and so we can generally treat this contribution as negligible.

Problems:

  1. Calculate the expected Thermal noise power for a Wi-Fi receiver, using a 20MHz wide channel at a temperature of 300° Kelvin.
  2. Do the same calculation for the same Wi-Fi receiver, but using a 160MHz wide channel.
  3. Do the same calculation for a standard GSM channel of 200kHz
  4. Do the same for a LoRa channel (125MHz) and a Sigfox channel (100 Hz).

Completing the above calculations should tell you something about the Noise floor for each of these Radio technologies.

Shot Noise

Shot noise is a result of the fluctuation in the rate of flow of individual electrons/photons in a system.  Shot Noise can only exist if there is an electrical current flowing in a device or in the case of an optical sensor, if there is a stream of photons arriving at the detector.  I really like the analogy to a series of raindrops falling on a tin roof given by Frank Rice in the American Journal of Physics.  The intervals between the arrival of the raindrops is actually random, thus the total water flowing onto the tin roof actually fluctuates around an average rate!

Shot noise can be naturally suppressed in some electronic components.  As noted in the article above, electrons tend to repel each other and obey the Pauli Exclusion principle.  This implies that it is unlikely to get large groups of electrons moving together through a system, and thus the noise currents due to shot noise will be naturally limited.  It is worthwhile to note from the article above, that photons do not have the same repulsive effect on each other and correlations between their movements can cause much higher shot noise.

Here are some additional references:

Other Sources of Noise:

There are many sources of noise in semiconductor devices, including some whose exact mechanisms are still not completely understood, such as 1/f noise.  I am not going to talk much about these other forms of noise, but if you want to dig into the topic a bit deeper there are entire books written on the topic!

Thats all for now!

Categories
Fundamental Concepts Wireless Communications

Understanding Noise – Part 1: Defining Noise

One of the supposedly simple things that plagues me in communications theory is the idea of noise.  We are all very comfortable talking about noise.  We refer to noise, the noise floor and interference all the time quite glibly. Yet I must admit, I have always felt like I never truly understood the topic.

In this post I want to take a deeper look at noise: its definition, where it comes from, its characteristics and how to measure it in modern communications systems.

Defining Noise

What is Noise?

Looking this up online, I found a wonderful definition (thanks Google!) that made some sense:

noise (noun) technical
Irregular fluctuations that accompany a transmitted electrical signal but are not part of it and tend to obscure it.

I found another, more specific definition here:
Noise is defined as the deviation from an ideal signal, and is usually associated with random processes. By definition it corrupts the information content and fidelity of the signal, particularly at low levels.

Where Does Noise Occur?

Noise exists in all forms of modern electronic and optical communications systems.  Noise occurs as a result of the way electrons and photons behave in different physical mediums.  The electrons that power our electronic devices and the photons that traverse fiber-optic communication systems exhibit different random behaviors as they . We define each of these phenomena as a different source of noise.  In some situations a certain source of noise may be dominant due to a single physical phenomenon. In other situations noise could be dominated by another factor, or a mix of factors!  

Noise vs Interference

I feel it is important to clearly differentiate between noise and interference as the terms are used separately in communications systems.  For example consider Signal to Noise Ratio (SNR) vs Signal to Interference Noise Ratio (SINR). If you have ever wondered about the difference between the two terms, you may find some illumination below.

I have looked around for a good definition of the difference between noise and interference that I can quote, and I have found nothing that satisfies my need for a generalized but precise definition.  I will therefore go ahead and say the following:

Interference

Interference is typically a deterministic signal (or sum of deterministic signals) that is transmitted on a specific set of frequencies that disrupts a communication signal on the same frequency.  A good example of this would be multiple competing radios transmitting messages simultaneously on the same frequency in the same location.  Another example of a source of interference would be a wide-band signal jammer designed to disrupt wireless communications. Interference typically comes from specific, external sources (i.e other transmitting devices) and only exists on specific frequencies.  It can also be temporary, like intermittent interference caused by the duty cycle of a certain signal or transmitter.

Noise

Noise is the result of random processes that cause fluctuations in electronic signals and is produced by the physical operation of electronic/optical components and circuits. Noise can be modeled as a random process with a certain probability density function.  A good example of this would be thermal noise or shot noise present in electronic equipment.  Noise typically comes from inside radio/electronic equipment and you cannot move away from it and you cannot turn it off!  Some forms of noise like thermal noise are completely inescapable, and cannot be reduced or removed.

 

Colors of Noise

One way of classifying noise signals is to look at the signal’s power as a function of frequency (called the power spectrum of the signal).  Noise signals are assigned colors based on the power level as frequency increases.

White Noise

Consider a noise signal that has constant power with respect to frequency.   This means that the noise signal has an equal amount of power between 0 – 10 Hz, 10 – 20Hz, 100 – 110Hz, and 2010 – 2020Hz and so on.  If you drew a graph of the power against frequency, the average power would be a flat line.  This is termed white noise.  Most forms of electronic noise can be modeled as white noise as they maintain a roughly constant power level through out the device’s band of operation.

Other Colors of Noise

Other colors of noise are defined by how the noise power changes as a function of frequency.  For instance, pink noise loses power at a constant rate of 10dB / Decade of frequency.  Pink Noise is actually constant on a logarithmic scale, i.e there is the same amount of power in 40-60Hz as there is between 400-600Hz and 4000-6000Hz.

Brown noise decreases faster, at a rate of -20dB/Decade.  Blue noise on the other hand INCREASES with frequency at +10dB/Decade.

If you want to read about the other colors of noise and which physical phenomena they are found in, read the wikipedia article and check out their references.  If you want to play with a noise generator and hear what different noise colors sound like, check out the web based noise generator at White Noise & Co.

Categories
Uncategorized

Using the ODROID C2 as a WLAN Testing Tool – Part 4: Installing FruityWifi

My System Specifications

I am running Dietpi on an ODroid C2.  Here are the Details of my OS, most recently updated at the time of this posting.:

root@dietpi:~# cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/

The OS is currently in a default state, I have done nothing except edit some locale/language information and the keyboard layout.  I have basically got a bare bones DietPi installation at this point.

Installing FruityWiFi

I have installed FruityWifi version 2.4.  If you are using Kali Linux you can simply use the apt-get service as FruityWifi is included in those repositories.  I am running a variant of Debian and so need to actually run the installation script itself.   Here is a repeat of the commands on the Wiki that I followed:

root@dietpi:~# wget https://github.com/xtr4nge/FruityWifi/archive/master.zip
root@dietpi:~# sudo unzip master.zip
root@dietpi:~# cd FruityWifi-master
root@dietpi:~/FruityWifi-master# sudo chmod 755 ./install-FruityWifi.sh
root@dietpi:~/FruityWifi-master# sudo ./install-FruityWifi.sh

After reading through some of the issues, it is apparent that the best way to install any of the modules is via the web interface one by one and not all in one go!  You can also install FruityWifi on Android with NetHunter, which is a tempting idea for my Nexus 6…  If you want a quick installation tutorial on that platform, check this or this out.

I will keep an updated list of issues I encounter with each new version of FruityWifi on DietPi here on this page for my own reference and perhaps yours.  But if you want more details on working with FruityWiFi, I think the best idea is to head over to the Wiki.

Reboot / Start-up

I have found that the FruityWiFi web UI is not automatically available when the ODROID boots up.  I had a look at the running processes in my ODROID using top and htop and found that the the web server for FruityWiFi (Nginx) was not running.  I have also found that starting NGINX manually is also failing.

First, let’s try starting Nginx:

root@DietPi:~# /etc/init.d/nginx start
[....] Starting nginx (via systemctl): nginx.serviceJob for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
failed!
root@DietPi:~#

Err. ok that didn’t work… let’s follow the hint shall we?

root@DietPi:~# systemctl status nginx.service
 nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: failed (Result: exit-code) since Mon 2017-08-07 14:19:40 SAST; 1min 51s ago
  Process: 2951 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)

Aug 07 14:19:40 DietPi nginx[2951]: nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (2: No such file or directory)
Aug 07 14:19:40 DietPi nginx[2951]: 2017/08/07 14:19:40 [emerg] 2951#0: open() "/var/log/nginx/access.log" failed (2: No such file or directory)
Aug 07 14:19:40 DietPi nginx[2951]: nginx: configuration file /etc/nginx/nginx.conf test failed
Aug 07 14:19:40 DietPi systemd[1]: nginx.service: control process exited, code=exited status=1
Aug 07 14:19:40 DietPi systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Aug 07 14:19:40 DietPi systemd[1]: Unit nginx.service entered failed state.
root@DietPi:~#

Let’s go and look at exactly what is wrong here, first let’s look for the directory /var/log/nginx which was mentioned explicitly in the errors.

root@DietPi:~# cd /var/log/nginx
-bash: cd: /var/log/nginx: No such file or directory
root@DietPi:~# mkdir /var/log/nginx
root@DietPi:~#

Right, so we have created the directory /var/log/nginx let’s see if that helps?

root@DietPi:~# /etc/init.d/nginx start
[ ok ] Starting nginx (via systemctl): nginx.service.
root@DietPi:~# systemctl status nginx.service
 nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
   Active: active (running) since Mon 2017-08-07 14:30:14 SAST; 7s ago
  Process: 3212 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 3209 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 3213 (nginx)
   CGroup: /system.slice/nginx.service
           ├─3213 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─3214 nginx: worker process
           ├─3215 nginx: worker process
           ├─3216 nginx: worker process
           └─3217 nginx: worker process

Aug 07 14:30:14 DietPi systemd[1]: Started A high performance web server and a reverse proxy server.
root@DietPi:~#

If you had this problem and followed the steps above, you should be able to browse to the FruityWiFi WEB UI now.

Permanently Add /var/log/nginx

The /var/log directory is a temporary set of files that is recreated on each boot.  So even though we have added the /var/log/nginx directory above, if you reboot your SBC, it may disappear and you may have to re-do the steps above to get FruityWiFi working again.

I have tested this and in some reboots, the /var/log/nginx directory disappeared after a reboot.  In other tests, it remained.  I am not entirely sure WHY there was variability in those results, but if the directory does keep disappearing on you, here is a way to fix that.

This forum post on linksprite helped me a lot!  I am going to use nano to edit the rc.local script to add the /var/log/nginx for me at each boot  by adding the line:

mkdir -p /var/log/nginx

immediately before  ‘exit 0’.

This will get the directory in place, but it is not going to get the service up and running on its own. You will have to run the command to start the nginx service once you have booted up.

Right now, I have removed this command from my /etc/rc.local file and everything seems to be working fine without starting the service manually.  I am somewhat bemused by the whole situation, but if I ever run into this problem again I will track back here and update with more details.

Thats all for now!

Categories
WLAN general

WPA2-Personal Encryption is Now Pointless.

 

“It is a secret in the Oxford sense. You may tell it to only one person at a time.”

– Lord Franks (1905-1992) English academic, diplomat and philosopher

 

SHA-1

In the world of telecommunications and technology, nothing lasts forever.  When it comes to the issue of security, nothing is ever truly secure and nothing stays unbroken.

Consider the case of good old Hashing Algorithm SHA-1.  For years researchers have been warning that SHA-1 is weak, and have been actively urging people not to use it for securing their websites and any other encrypted traffic.  Earlier this year, some researchers at Google managed to break it in practice, defining the end of SHA-1’s useful life and forcing many to update their security policies.

WPA2-Personal…

A similar problem has been ominously looming over the WLAN industry for several years.  It has to do with WPA2-Personal, a method widely used to limit access to and encrypt Wi-Fi networks at homes and at workplaces around the world.

For the less technical, WPA2-Personal is also known as WPA/WPA2 Pre-Shared Key, used to control access to the network and encrypt Wi-Fi traffic between a Wi-Fi client and the Access Point using a simple passphrase.  This is the de facto method by which small business owners, home owners, and many other network owners secure and encrypt their networks.

“What’s the password for the Wi-Fi?” is a common refrain in hotels, restaurants, homes, coffee-shops and many other social gathering places all over the world.

WPA2-Personal is extremely popular as it allows you to use an easy to remember passphrase to access your home network.  If someone you know (and trust) needs access, it is as simple as typing in the passphrase.  The encryption algorithm itself (CCMP using AES-128) is strong and the use of unique, dynamic keys, negotiated using a four way handshake between the client and AP to encrypt traffic, keeps things reasonably secure.

What is the Problem?

The problem with WPA2-Personal comes in when you start telling people the passphrase.  To be precise, the problem with WPA2-Personal is not that the encryption algorithm itself is weak like in the case with SHA-1 above.  The problem is that the single key that unlocks everything, spreads by word of mouth.  Eventually, you need to expect that password will land up in the wrong hands.

For those of you into the sciences, think of your WLAN passphrase (all passwords actually) as having a kind of half-life.  As time goes by, their security level decays.

Problems caused by unknown, untrusted people having access to your WLAN’s WPA2-Passphrase come in two general flavors.

1. Easy Access

First of all, we have all, always known that gaining access to a WPA2-Personal secured Wi-Fi network is trivial if you know the key.  It’s built that way by design!  It is supposed to be convenient and easy to gain access.  Once you know the key you can gain full and unfettered access to the wireless network.  If there are no further security policies in place (typical in a small business/home WLAN scenario) you can move around in the network and use whatever resources you want.  Copy some data from the Network Attached Storage, start a peer to peer session with a laptop across the hall, access some sensitive files, it’s all right there.

If you connect to my home WLAN, you have access to everything in my home network.  You can see my NAS drives, my Apple TV, my laptops, my phones, everything.  These networks are typically not built to be secure, they are built to be convenient, to provide plug and play functionality.  An attacker can run port scans on any device in the network, test for open services and vulnerabilities, and inject their own programs, malware etc into the devices on the network with impunity.

2. Easy Decryption

Here is a second, lesser known fact about WPA2-Personal encryption.  Even though your device uses the WPA2 Pre-Shared Key to negotiate unique dynamic keys which are used for strong encryption, that too can be easily decrypted.  As long as the Pre-Shared Key is known and the four-way handshake between your device and the AP has been recorded, your communications are vulnerable.  If I don’t have a capture of the four way handshake, no matter, I can simply de-auth you from your own network, and listen for it as you reconnect.

In this scenario, an attacker would be able to capture and decrypt all of your real time communications that are not encrypted at a higher layer.  It also opens the ability for the hacker to conduct more intrusive attacks that would not have been possible before.  For instance a Man In The Middle Attack mimicking the AP would allow an attacker to observe your online communications and decrypt HTTPS / SSL secured web traffic.

If you ever use a hotspot in a coffee shop and think that it is secure because it has a password, think again and keep the VPN app on your devices running!

Making it Worse

For those focused on securing networks with more sensitive information than the average home, WPA2-Personal has always been considered a non-starter.  It is widely accepted that no network that requires strong security policies and access controls should be using it.

WPA2-Personal has been deemed suitable for home snd small office use due to the fact that typically, passwords in the locations spread more slowly, and only amongst small groups of trusted individuals.  If an unwanted neighbor or visitor starts hogging the Wi-Fi, change the password and start again.  It’s a simple system to manage, and not too arduous or risky.

More recently however, there have been some developments that have prompted me to state flatly that WPA2-Personal is simply no longer good enough, even to secure your home network.

First came Wi-Fi sense, a magical feature in Microsoft Windows 10 that shared Wi-Fi passwords with your contact list and social media connections.  The problem with Microsoft’s move (even though they later removed the feature) is that it automatically allowed a large audience of people access to your network without your explicit permission.

In the iOS 11 release, the implementation of Wi-Fi password sharing is more limited and only activated with the explicit permission of someone who has the key.  Lord Franks would be proud!  I consider this implementation to be not completely irresponsible, but the original problem of passwords being slowly spread, one unauthorized person at a time is still there!

Crypto-Wi: Hold My Beer!

Enter Crypto Wi, a new crypto-currency startup and experts of computer aided voice overs.  Crypto-Wi have launched a scheme that puts even Microsoft’s naivety to shame.

Their idea?  Monetize the sharing of Wi-Fi pass-phrases.

Thats right, you heard me.

With the Crypto-Wi app you will be able to not only share a Wi-Fi password, but get paid with a crypto currency to do so.  Every time someone connects to the network you shared, you will earn a little bit of dosh!  You can head over to their website and check out the app here.

On the surface this looks like a fantastic, innovative project for enabling people to buy and sell cost effective Wi-Fi Access.  I am fairly sure the three founders of this endeavor are working with the best of intentions, but the potential adverse effects from the disruption they are proposing reach far deeper, into a much more cynical place.

Not only do we live in a world where it is becoming easier and easier to carelessly/maliciously share a WPA2 password, we live in a world where people can actually profit off of it.  It is now being incentivized.

Password Sharing Scenarios

Let’s say that you decide to rent out your home WLAN access, that’s pretty cool, and pretty nifty.  But remember, unless you’ve taken extra security measures like an internal firewall, whoever is on that network, can get into your whole home network.  People you don’t know, who have never entered your home, can pay a small amount to use your Wi-Fi, and get to the internet.  They can also scan your local area network and start freely withdrawing and depositing information at will.  Still feeling comfortable?

What about when one of your friends comes over and he/she brings another friend.  They both use the Wi-Fi and later on, your friend’s acquaintance sells your Home WLAN access on Crypto-Wi?

  • Would you even be aware that there was a problem?
  • How do you get rid of all of the free-loaders?
  • Change the password?

Yeah that used to work, and it might give you some respite for a couple days until your friends come back, but it is not the solution it used to be!

What about a scenario where you own a business, say a restaurant, and a non-technical, foolish employee sells off the internal wireless access on the side?  It was never in that person’s interest to do this before, but now that they can make some money from it, why not? The boss will never know, right?

The list of scenarios like this goes on and on.  I am sure you can think of a few on your own.

A Shifted Paradigm

Truly the only thing holding WPA2-Personal from being declared completely and utterly pointless is that passwords typically take some time to spread, one person at a time.  We know that passwords spread through family homes and small businesses, but at least it is somewhat contained.  With a service like Crypto-Wi that whole paradigm of thinking gets blown out of the water!

In this paradigm, using WPA2-Pre-Shared Keys is actually worse than having an open network!  At least with an open network a business owner may have a hotspot portal or some other form of control that limits access!

In this paradigm, anybody can come and go and the business owner will have little idea that it is even happening until the data cap is mysteriously maxed out over night.  Or perhaps the Internet connection will get so clogged and slow that they will call out a technician to come and “fix it”.  In most scenarios, even the technicians won’t realize the real source of the problem.

In a darker and more likely scenario the problem won’t get caught until the business’s bank accounts are emptied or the branch gets a call from the franchise’s head office notifying them that their shop network was the entry point of a global hack of the PoS systems.

In any of the situations above, any malicious party could now easily use Crypto-Wi’s app and pay an anonymous person to join a network without even raising an eyebrow.  They wouldn’t even have to enter the venue and ask for the damn password.

Effectively, Crypto-Wi has built a fantastic business model for dismantling what little security Wi-Fi ‘s WPA2-Passwords once granted.  They have found a way of sharing the Pre-Shared Key indiscriminately and widely enough that it has made the security offered by the actual encryption algorithm irrelevant.  We could use AES-256 and it would make no difference.

The best part is that they have demolished the security of WPA2-Personal in a way that allows them to profit from it without paying a single cent for any of the potential costs of the access they sell or the damage their service will enable.

But is it (really) Dead?

It is my experience that ideas like this do not go away.  Even if Crypto-Wi’s service dies, or never reaches the mainstream market, there will be some implementation of this idea somewhere else.  This kind of application cannot be regulated and will be impossible to police.  Crypto-Wi or any other group with the same idea would have little way of verifying network owners even if they wanted to.  Enforcing restrictions on verified contributors who add networks would simply leave space for another less ethical party to attempt the same service with a lower barrier to entry.

In the case of SHA-1, we chose to accept that evidence of a single practical collision in the hashing function was sufficient to finally declare it dead.  In the case of WPA2-Personal it is not the encryption algorithm itself that is at fault, but rather the way key management is executed and how the ground underneath some assumptions made 13 years ago has suddenly shifted.  It is now possible to share a network key with a wide audience, instantaneously, for direct monetary gain.  Sure, you may work in a company full of responsible adults.  You may trust your friends.  But you can’t trust everyone, and everyone who wants to, can now potentially buy your password.

As far as I am concerned, you can stick a fork in WPA2-Personal.  It is now in the same box as WEP and WPS.  If someone wants to break it, it is rapidly becoming trivially easy to do so.

Thats all for now!