|
detect and isolate Spread Spectrum Signals and I felt it would be wise to post this to the list as there seems to be some misunderstandings about spread spectrum, and the level of security it provides the eavesdropper. very easy to detect, but tricky to demodulate. Also, Spread Spectrum modulation methods only protect against CASUAL detection, and allow "Multiple Access" to the frequency being used. In all reality it provided minumal protection against detection (just the illusion or protection) identification of unknown signals it's a serious liability to rely to heavily demodulation analysis. Of course it is typically not a TSCM'ers job to demodulate the signal, but to isolate and locate what is generating the signals. threat associated with spread spectrum eavesdropping signals. preamplifier, and low loss cables to collect and concentrate as much of the signal as possible. This is important as SS eavesdropping devices commonly place the signal "on top of" an already occupied band (such as the FM band) sweep the frequency range being monitored as quickly as possible (at least 100 times per second). characterized. This is done by allowing the equipment to warm up and performing self alignment. Next disconnect the antenna and terminate the cable with a lab grade terminator. Generate a noise floor correction table, but ensure that each table covers no more then 200-250 MHz of spectrum (typically 4096 correction points per 250 MHz of Span). the antenna sensitivity patterns. polarization) of the antenna has utilized. series of traces (one for each antenna position). The traces which show a noticable increase in the noise floor will require further investigation. Remeber that we are looking for "virtually invisible" signals, so analysis of the noise floor is critical. amplitude. of the signal (or noise floor hump) is centered on the display, with the center of the first side lobes placed on the far edges of the frequency domain display. See the attached image to see what this should look like (its the trace on top) TO OPEN A CHART, CLICK HERE oscilloscope or digitizer. Apply a bandwidth filter that is roughly the width of the primary lobe, and optimize the amplitude and X-axis to stabilize the display (using a threshold trigger will be helpful). pulse width or duration. Also, record the width of the main lobe. In the attached file the trace located at the bottom of the display is in the time domain, with pulse rate indicated by markers. frequency to a list of known spread spectrum signals to determine what is creating the signal (in the attached example a Spread Spectrum telephone chip was used). domain. Next obtain a signature of the signals by bandwidth (of the main lobe) and pulse repetition frequency. Then simply look up the signature to determine components (or product) being used, and if desired set up to demodulate. long, and high threat entries should be marked in bold. isolate, and locate virtually any spread spectrum device on earth. Direct Spread Spectrum, Frequency Hoping, Chirp, and so on may all be detected and located in the same way. searching for a variety of signals. just enough space for a 9 volt battery, electret microphone, and small circuit board. compound. controlled), and a 70 MHz maximum signal spread. for cordless consumer telephones. -72.4 dBm signal reading was taken at a distance of under 3 feet using a tuned antenna. Once a 25 dBm preamplifier was used and the antenna polarization matched to the device a detection range of several hundred feet was obtained. copper-to-copper connection to be just under 3.5 mW. very poor and almost looked "homebrew". are being openly sold (in Spy Shops) for over 10 times that amount. highly directional antenna such as a log periodic with a preamplifier. TO CONTACT THE AUTHOR James Atkinson Email: jmatk@tscm.com Web Site: Http:www.tscm.com |