September 12 - 16, 2016

### 6th Annual GRCon

GRCon is the annual conference for the GNU Radio project & community, and has established itself as one of the premier industry events for Software Radio. It is a week-long conference that includes high-quality technical content and valuable networking opportunities. This year, we expect our largest event yet, with attendees from industry, academia, and government.

With an annual program that has broad appeal, GRCon attracts people new to Software Radio just looking to learn more, folks that want to keep their finger on the pulse & direction of the industry, and seasoned developers ready to show off their latest work.

### Conference Schedule

• 7:30 - 8:30

Check-In & Breakfast

• 8:30 - 8:45

Introduction

Ben Hilburn

• 8:45 - 9:30

Keynote: CU Boulder & SDR

Scott Palo

Scott Palo is the Victor Charles Schelke Endowed Professor & Associate Dean for Research at CU Boulder.

• 9:30 - 10:00

Ben Hilburn

• 10:00 - 10:30

Johnathan Corgan

• 10:30 - 11:00

Break

• 11:00 - 11:45

Why Doesn't My Signal Look Like the Textbook?

Matt Ettus

• 11:45 - 12:15

Low-Cost SDR Hardware

Michael Ossmann

• 12:15 - 1:00

Lunch

• 1:00 - 1:20

Intro to GRC

Sebastian Koslowski

• 1:20 - 1:40

Intro to PyBOMBS & CGRAN

Martin Braun

• 1:40 - 2:00

Intro to Volk

Nathan West

• 2:00 - 2:20

Intro to Synchronization

Derek Kozel

The what, why, and how of frequency, time, and phase synchronization in RF systems. What are the requirements in hardware and software to align each of these signal properties? Why would you want to do so? How do you measure these properties on receivers and transmitters? Example GNU Radio programs will be shown and measurements of real systems.

• 2:20 - 2:50

Break

• 2:50 - 3:10

Hacking the Wireless World

Balint Seeber

Interesting radio signals emanate from terrestrial sources, as well as from space, and GNU Radio continues to prove itself as an ideal prototyping platform for processing and decoding these signals.

• 3:10 - 3:30

Peter Mathys

Typical undergraduate communication theory textbooks start out with a review of continuous time linear systems, followed by amplitude, frequency and phase modulation. In some cases, probability theory and random processes also appear prominently at the beginning of the book. Digital data communication and digital signal processing are usually deferred until the second half of the course and the first complete digital communication system that resembles what is actually used in smartphones and other wireless systems appears only some 300 to 400 pages into the book. That makes it difficult to motivate students and we are thus promoting an approach where we start with a simple ideal communication system, e.g., using binary phase shift keying to transmit ASCII code text messages. In subsequent steps we can then introduce practical constraints and impairments such as channel bandwidth, noise, and timing synchronization. Along the way such concepts as the matched filter, signal space, and phase locked loops can be introduced naturally. To give the students opportunity to experiment and explore ‘what-if’ scenarios, GNU Radio and the gnuradio companion provide an ideal and very affordable platform. But there is a ‘chicken and egg’ problem. If you already know communication theory, GNU Radio is a great tool for experimentation, but if you are new to the field there is a steep learning curve. Just to demonstrate the concept of signal space and what happens if there is noise and the transmitter and receiver are not exactly synchronized, one quickly fills an entire flowgraph screen with some 30 blocks. Thus, some tailored blocks along the lines of an idealized textbook exposition to communications are needed to demonstrate the applicability of the material and let the students gain confidence in their ability to analyze and design such systems. In this talk we are exploring different ways to either combine existing GNU Radio blocks or create new ones for the purpose of an introductory level undergraduate communications course.

• 3:30 - 3:50

Kayla Brosie

Currently, a first of its kind amateur radio emergency communication system is being developed for Northern America as a hosted payload on a geosynchronous satellite projected to launch in 2017. The intent of this system is to act as a transponder in order to ensure reliable communication during emergencies when normal forms of communication, such as cell towers, are destroyed or saturated, as is common in these scenarios. While not serving its primary purpose for emergency communication, the system will be available to licensed amateur radio operators for daily use. In this presentation, an overview of the under development emergency communication system is provided, looking more in depth at the role of GNURadio in simulating the transmitters and receivers of the system and contributing to the overall design of the system. A representation of the system has been created that uses multiple flowgraphs to better model the multiple transmitter and receivers of the system as well as highlighting the use of USRPs and hand held radios.

• 3:50 - 4:10

Some Mil/Aero R&D Using GNU Radio

Stu Card

In our recent survey of Software Defined Radio (SDR) resources for military and aerospace waveform development and implementation, although other software environments appeared better suited for some specific development and test activities, GNU Radio emerged as the de facto definitive environment for general SDR research and development. Rapidly evolving commercial waveforms pose both opportunities and challenges from cyber and physical security perspectives; addressing these is facilitated by various Out Of Tree projects, together with the rapid prototyping and experimentation capabilities enabled by GNU Radio Companion etc. Proliferation of Unmanned Aerial Systems (UASes) presents other issues, including safe integration of UASes into the National Airspace System (NAS); research into some of these, such as UAS command and control data links, is also facilitated by GNU Radio. We briefly present the rationale for our recommendation that SDR researchers start with GNU Radio (at least as a baseline before trying more specialized tools) and some of the military and aerospace work in which we are using it.

• 4:10 - 4:30

Leveraging SDR for Public Safety Communications Research

Jeb Benson

The Public Safety Communications Research (PSCR) group, located in Boulder, CO, is undertaking a 7-yr, $300M R&D endeavor associated with the creation of the National Public Safety Broadband Network (NPSBN). R&D activities will primarily be focused on the acceleration of five key technology areas prioritized by the public safety community, and most readily leveraged using LTE broadband capabilities enabled by the NPBSN. One of these areas is mission critical voice (MCV), which has traditionally been implemented in a variety of land mobile radio technologies, e.g. P.25, TETRA, DMR, analog, etc. This presentation will introduce the key components of MCV, a high-level overview of how they might be implemented in LTE, and the role SDR could play in accelerating the implementation of exciting, critical features like device-to-device communications for early test & evaluation, and new product development. This talk will not focus on ‘what we have done’, but rather how, using our$300M technology accelerator program, we might stimulate interest from the SDR community to contribute to this opportunity.

• 4:30 - 4:45

Break

• 4:45 - 5:45

Panel: "Using GNU Radio in the Real World"

Panelists: Tom Rondeau, Mike Ossmann, Dan CaJacob, Martin Braun
Moderator: The Interrogator

• 7:00 - 10:00

Reception

• 9:30 - 10:30

WiSER FPGA Acceleration

Ning Gao

• 10:30 - 11:00

Break

• 11:00 - 12:15

RFNoC Tutorial Part 1

Ettus Research

• 12:15 - 1:00

Lunch

• 1:00 - 2:20

RFNoC Tutorial Part 2

Ettus Research

• 2:20 - 2:50

Break

• 2:50 - 4:15

RFNoC Tutorial Part 3

Ettus Research

• 4:15 - 4:45

Rapid Design Assembly

Consolidated Logic

FPGA DSP application design with GNU Radio is easier than ever with new platforms that streamline the process. One such platform is the Ettus USRP X-series, and an easy to use FPGA framework, RFNoC. Customizing the RFNoC modules on a USRP is no quick task though, as a user must still have an adept understanding of the Xilinx design tools and wait an hour (or more) for a design compilation to complete. Rapid Design Assembly (RDA)-- a process for rapid FPGA assembly -- has been augmented with new Xilinx Vivado capabilities. RDA extracts metadata from a design to provide an RFNoC compatible precompiled module library where modules can be mixed and matched, and executing a GNU Radio flowgraph reconfigures the USRP's Kintex-7 FPGA in a matter of seconds. This lowers the barrier to entry to use RFNoC, streamlines the design flow, and increases the turns per day when customizing the USRP in the GNU Radio flowgraph. This presentation will explain the basics of RDA, walk through the process of creating an RDA generated bitstream targeting the USRP X310, and explain how the precompiled module library is generated. In the live demo, we will rapidly compile multiple RFNoC modules into a programmable bitstream for the USRP, and interface with GNU Radio.

• 7:30 - 8:30

Check-In & Breakfast

• 8:30 - 9:00

Introduction

Ben Hilburn

• 9:00 - 9:45

Keynote: Deep Neural Signal Processing

Charles Clancy

The past two decades of software-defined and cognitive radio (SDR/CR) engineering have been hampered by the presumption that signal processing components have a one-to-one relationship with traditional hardware processing components. SDR implementations have lacked computational scalability, relying heavily on Moore's law to make commercial SDR feasible. CR has been limited to spectrum sharing applications because the search space of all SDR waveform component permutations is too large to enable fully-cognitive waveforms.

However recent advances in applying deep learning to signal processing are beginning to challenge these fundamental assumptions. By viewing signal processing as a dimensionality reduction problem from passband I/Q data to output content, rather than the composition of waveform components, we can achieve near-Shannon signal processing performance from neural networks. This results in order of magnitude reductions in waveform runtime complexity, in exchange for offline network training.

In this talk we will introduce these new approaches to signal processing, share initial research results, and discuss novel approaches to rapid waveform training such as use of adiabatic quantum computing.

Dr. Charles Clancy is an Associate Professor of Electrical and Computer Engineering at Virginia Tech and directs of the Hume Center for National Security and Technology. Additionally he is co-founder and member of the board of directors for HawkEye 360, a startup company focused on space-based RF analytics. Prior to joining Virginia Tech in 2010, he served as a senior researcher at the Laboratory for Telecommunications Sciences, a defense research lab at the University of Maryland, where he led research programs in software-defined and cognitive radio. Dr. Clancy received his B.S. in Computer Engineering from the Rose-Hulman Institute of Technology, M.S. in Electrical Engineering from the University of Illinois, and his Ph.D. in Computer Science from the University of Maryland. He is a Senior Member of the IEEE and has over 150 peer-reviewed technical publications. His current research interests include cognitive communications and spectrum security.

• 9:45 - 10:15

Ben Hilburn

• 10:15 - 10:45

Break

• 10:45 - 11:00

GRCon Hacking Challenges

Balint Seeber

Introduction & opening of the GRCon Hacking Challenges, sponsored by Bastille!

• 11;00 - 11:45

Ettus Research

Ettus Research

• 11:45 - 12:15

GPU Acceleration: Custom Buffers in GNU Radio

Seth Hitefield

Recent advances in graphics processing units (GPU) have allowed for extremely large single-instruction-multiple-data architectures that can vastly improve the computational speeds of applications. A great example of these systems is the NVIDIA Titan X which contains 3072 individual cores; the NVIDIA Digits Devbox contains 4 Titan X cards, which can reach 28 TFlops of processing power. However, utilizing these powerful discrete cards can be rather difficult since the user must manage memory transfers between the host and each discrete card.

Unlike VOLK which makes use of the host’s SIMD capabilities, GPU frameworks (such as CUDA) need to allocate their own memory. This requires the user to transfer data every call to work() which can result in significant latency. With the new custom buffers feature for GNU Radio, blocks can allocate their own memory buffers which make utilizing GPUs far easier. This presentation will also show an example flow graph making use of custom buffers.

• 12:15 - 1:00

Lunch

• 1:00 - 1:30

DARPA's Spectrum Collaboration Challenge

Paul Tilghman

• 1:30 - 2:00

Matt La Pan

Orthogonal Frequency Division Multiplexing (OFDM) is utilized as a multi-carrier modulation method for many modern communications systems. While GNU Radio currently offers a number of OFDM blocks, there are still shortcomings in terms of reliable implementations both in simulation and more so on embedded hardware targets. This talk explores the under-the-hood details and pitfalls of OFDM in GNU Radio that are critical to a successful implementation.

• 2:00 - 2:30

GNU Radio Outside of the SDR Scope: Intro to Scopy

Paul Cercueil

Scopy is a modern software oscilloscope and signal analysis toolset,
developed at Analog Devices, and designed to work atop the IIO
subsystem of the Linux kernel. One of its particularities is that it
relies on GNU Radio for the internal data flow and some of the
processing, making it one atypical software solution in the SDR-focused

This presentation will go through the reasons behind the choice of GNU
Radio for the piping system, the issues it solved, the challenges we
faced, and our contribution to the GNU Radio community.

• 2:30 - 3:00

Break

• 3:00 - 3:30

Accelerators in SDR

With Moore’s law coming to an end, software defined radio is seeking new ways to achieve greater performance for applications. RF Network on a Chip (RFNoC) creates a new paradigm for software defined radio that will allow prototypes to harness the power of FPGAs and to be designed, tested, and transitioned directly into final products. AHA, in collaboration with AMSAT and Virginia Tech Hume Center, has created DVB-S2X FEC blocks to enable prototypes of high performance satellite systems using GNU radio. AHA is providing free versions of these new RFNoC FEC blocks for researchers to evaluate and use in their high performance communication applications.

• 3:30 - 4:00

Run Your Own Classroom Spectrum Challenge

Fraida Fund

This tutorial will give educators and experimenters the tools necessary to run their own cognitive radio "challenge", using open SDR testbeds and GNU Radio, in a tournament format similar to competitions such as the DARPA Spectrum Challenge. We will describe our experiences running this challenge in courses at the University of Thessaly (Greece) and the NYU Tandon School of Engineering (US). In particular, we will explain how to overcome common points of friction that occur in the classroom setting, including: teaching students to understand "real" RF hardware, gaining access to an SDR testbed, easing the build and setup process, running reference or student designs, extending reference designs, and visualizing "match" results. We will demonstrate some of these in real time, and also refer participants to step-by-step instructions they can follow (with open source code) to run their own Spectrum Challenge.

• 4:00 - 4:30

GNU Radio and VOLK on ARMv8

Doug Geiger

GNURadio and its support library, the Vector-Optimized Library of Kernels (VOLK) are designed to take advantage of single-instruction, multiple data (SIMD) instruction sets, such as SSE, AltiVec, and NEON. Extending support for VOLK, and by extension GNURadio, to the new ARMv8 instruction set should provide more performance on the advanced ARM-based processors and systems-on-chips (SoC’s) now available on the market, as well as future generations of processors. ARMv8 adds additional 128-bit registers, new instructions, and improves IEEE-754 support of the NEON instruction set. We will introduce support to VOLK for the ARMv8/AArch64 architecture, explore the improvements to NEON, and show real-world improvements in GNURadio flow graphs through benchmarking and profiling on an ARM Cortex-A53 processor.

• 4:30 - 4:45

Break

• 4:45 - 5:15

Hacking the Wireless World 3.0

Balint Seeber

Interesting radio signals emanate from terrestrial sources, as well as from space, and GNU Radio continues to prove itself as an ideal prototyping platform for processing and decoding these signals.

This talk will discuss some experiments and enhancements:

The INMARSAT Aero service is used to transfer SATCOM voice and data traffic between aircraft and the ground-based aviation network via a geosynchronous satellite constellation. A prototype GNU Radio decoder is implemented for the coordination channel, with a simple satellite dish feed and SDR, and is used to parse ACARS messages transmitted to airborne flights. This makes for a nice complement to keeping an eye on flights that are out of range of the terrestrial VHF datalink network.

Multipath propagation has impacted all real-life communications system design, but what does it actually look like? A real-time visualisation is created by using a smart correlator block, and terrestrial digital television signals. Due to the high symbol rate, and high power, it is possible to see multiple reflections live as one moves around the receiver’s antenna.

FMCW is a popular choice for RADAR systems, and can easily be implemented to aid with understanding the fundamental nature of the waveform. Some flowgraphs have been developed for use with different transducers (e.g. SDR). Using multiple transmit channels, it is also possible to steer the transmitter’s beam to create a primitive phased array.

Kevin Reid’s wideband ‘un-selective AM’ receiver is re-created. It uses stereo audio spatial separation to convey on which side of the baseband spectrum the most powerful AM transmission is taking place - very handy for listening to the aviation band.

• 5:15 -5:45

SDR Implementation of the Dual Link Algorithm in TDD Mode Using USRP E310

Zhe Feng

• 7:30 - 8:30

Check-In & Breakfast

• 8:30 - 8:45

Introduction

Ben Hilburn

• 8:45 - 9:15

Johnathan Corgan

• 9:15 - 9:45

Whole Packet Clock Recovery

Michael Ossmann

Reverse engineers and others new to SDR frequently stumble when faced
with the challenge of clock recovery. After identifying a signal and
determining its modulation characteristics, reverse engineers often turn
away from SDR tools and rely on crude means such as pen and paper to
decode packets. They do this because traditional SDR clock recovery
techniques are needlessly difficult to use.

These traditional techniques are ill-suited to the scenario in which an
entire packet waveform is stored in memory. Instead of using algorithms
designed to require minimal state, we should have techniques that take
advantage of the availability of a complete packet waveform. Such
methods should make clock recovery more reliable and easier to use, at
the expense of computing resources.

I will report on my investigation of whole packet clock recovery
techniques and will demonstrate an open source implementation that
produces packet data from a demodulated waveform with zero
configuration.

• 9:45 - 10:15

A Cost-Efficient, Field-Ready Sensor to Detect and Decode LTE FDD Downlink at Low Signal Levels

Douglas Anderson

This presentation introduces a GNU radio design implemented on a USRP to detect and decode an LTE Frequency Division Duplex (FDD) downlink control channel by utilizing the srsLTE library. We provide background and motivation, technical requirements, and an initial design. The sensor is designed for unattended field measurements – subsequent technical requirements involve hardware considerations external to USRP, e.g., time discipline, local calibration, processing power, and backhaul to NTIA’s Measured Spectrum Occupancy Database. Technical challenges and solutions are described. Finally, we demonstrate performance of the sensor to time-synch, detect, and decode a simulated LTE FDD downlink at diminishing signal-to-noise ratios. As part of the NTIA Spectrum Monitoring Program, we plan to deploy a network of LTE sensors around Boulder, CO to characterize LTE use of the 700 MHz band and to identify in real-time new entrants in the 1695 – 1710 MHz AWS-3 band. This proof-of-concept sensor also informs on feasibility of GNU Radio programmed SDRs to meet upcoming AWS-3 RFP requirements to monitor the perimeter of NOAA meteorological satellite Earth stations.

• 10:15 - 10:45

Break

• 10:45 - 11:15

Rigorous Moment-Based Automatic Modulation Classification

Darek Kawamoto

In this paper we develop the connection between the high-order moments, orthogonal polynomials, and probability densities representing signal constellations with AWGN in order to improve moment-based Automatic Modulation Classification (AMC). The result is that an approximate weighted $L^2$ distance between probability densities can be computed using a Euclidean distance on vectors consisting of series expansion coefficients. This analysis justifies the use of high-order moments in AMC. A discriminative Deep Neural Network (DNN) is trained to perform AMC, resulting in near-maximum likelihood performance at marginal SNR.

• 11:15 - 11:45

Sniffing and Dissecting nRF24L with GNU Radio and Wireshark

Marc Newlin

Nordic Semiconductor nRF24L transceivers are ubiquitous in wireless peripherals and low power wireless devices, with over one billion sold as of 2013. This presentation will introduce a GNU Radio out-of-tree module which supports transmission and reception of nRF24L packets, along with an nRF24L dissector for Wireshark. Support is included for all of the valid data rate, CRC, packet length, and address length values, and the module can be used as either a fixed configuration transceiver, or a generic sniffer which attempts to decode packets in any configuration. Due to timing constraints imposed by USB and host processing overhead, some valid ACK timeout values are not supported. Both the GNU Radio module and Wireshark dissector will be released open source prior to the conference, and will be used in live demonstrations during the presentation.

• 11:45 - 12:15

Exploring Distributed Sensor Synchronization with GNU Radio and RTL-SDRs without Hardware Modification

Wilbur Myrick

Low-cost distributed sensor processing has been a topic of interest due to its added advantage of sensor placement and processing gain. However, having independent local oscillators at each sensor presents a synchronization challenge for low-cost distributed sensors lacking an external synchronization hardware interface. We explore Signals-of-Opportunity (SOOs) to maintain distributed sensor coherency when an external synchronization hardware interface is unavailable for inexpensive COTS SDRs. Some distributed sensor processing approaches may function without stringent coherency enabling the use of SOOs as synchronization reference beacons in the field of view. We explore the concept of “software” sensor synchronization leveraging GNU Radio and RTL-SDRs with SOOs.

• 12:15 - 1:00

Lunch

• 1:00 - 1:30

SWaP BOOM POW: Advancing the State of the Art with Modular SWaP-Optimized Software Defined Radios

John Orlando

Software defined radio continues to increase its reach into both commercial and defense/security markets at a rapid pace. As this reach increases, a focus on size, weight, and power (SWaP) consumption of the radio architecture has also garnered significant attention. Proper system architecture can allow both modularity and scalability at the radio level as well as the system level, and significantly reduce the time to market for these flexible radio systems. This talk will discuss some of the architectural tradeoffs when developing SDRs that focus on both SWaP as well as modularity, and the interplay with software frameworks such as GNU Radio. A review of currently available SWaP-optimized SDR platforms and a preview of forthcoming SWaP-optimized SDR platforms will be presented.

• 1:30 - 2:30

Panel: "GNU Radio in the Year 2026"

Panelists: Paul Tilghman, Dirk Grunwald, Tim Newman, Matt Ettus
Moderator: Pierre de Vries

• 2:30 - 3:00

Break

• 3:00 - 3:30

Kayla Brosie

Currently, a first of its kind amateur radio emergency communication system is being developed for Northern America as a hosted payload on a geosynchronous satellite projected to launch in 2017. The intent of this system is to act as a transponder in order to ensure reliable communication during emergencies when normal forms of communication, such as cell towers, are destroyed or saturated, as is common in these scenarios. While not serving its primary purpose for emergency communication, the system will be available to licensed amateur radio operators for daily use. In this presentation, an overview of the under development emergency communication system is provided, looking more in depth at the role of GNURadio in simulating the transmitters and receivers of the system and contributing to the overall design of the system. A representation of the system has been created that uses multiple flowgraphs to better model the multiple transmitter and receivers of the system as well as highlighting the use of USRPs and hand held radios.

• 3:30 - 4:00

Leveraging SDR for Public Safety Communications Research

Jeb Benson

The Public Safety Communications Research (PSCR) group, located in Boulder, CO, is undertaking a 7-yr, $300M R&D endeavor associated with the creation of the National Public Safety Broadband Network (NPSBN). R&D activities will primarily be focused on the acceleration of five key technology areas prioritized by the public safety community, and most readily leveraged using LTE broadband capabilities enabled by the NPBSN. One of these areas is mission critical voice (MCV), which has traditionally been implemented in a variety of land mobile radio technologies, e.g. P.25, TETRA, DMR, analog, etc. This presentation will introduce the key components of MCV, a high-level overview of how they might be implemented in LTE, and the role SDR could play in accelerating the implementation of exciting, critical features like device-to-device communications for early test & evaluation, and new product development. This talk will not focus on ‘what we have done’, but rather how, using our$300M technology accelerator program, we might stimulate interest from the SDR community to contribute to this opportunity.

• 4:00 - 4:20

GRC Update

Sebastian Koslowski

• 4:20 - 4:40

PyBOMBS & CGRAN Update

Martin Braun

• 4:40 - 5:00

VOLK Update

Nathan West

• 6:00 - 9:00

GRCon16 Reception

• 7:30 - 8:30

Check-In & Breakfast

• 8:30 - 8:45

Introduction

Ben Hilburn

• 8:45 - 9:30

Keynote: FCC, Friend or Foe? SDR, Trick or Treat?

Pierre de Vries

SDR is a powerful technology that changes the rules of many games, including the game of radio regulation. This talk will explore why SDR work influences spectrum policy, how FCC decisions affect what the SDR community can do, and what you can do about it.

All US radio operation must conform to FCC rules. Therefore, the FCC’s understanding of SDR determines what you can legally do with this technology. The promise of SDR is less visible to policy makers than its risks, from jamming first responder radios and degrading aviation radar to spoofing GPS and hacking home security systems.

The FCC has wrestled repeatedly with SDR, most recently in the debate over third-party Wi-Fi router firmware like DD-WRT. SDR undermines assumptions that underpin regulation, like “a radio’s behavior doesn’t change after it’s been certified for use” and “only a few well-heeled players have access to sophisticated radio technology.”

The SDR community has a choice: engage with spectrum regulators to help them understand the risks and promise of the technology – or live with poorly-informed rules that hamper progress.

Pierre de Vries is Co-Director of the Spectrum Policy Initiative at the Silicon Flatirons Center for Law, Technology, and Entrepreneurship at the University of Colorado, Boulder. His work focuses on maximizing the value of radio operation through smarter management of potential and actual interference. He is a member of the FCC’s Technological Advisory Council, and Visiting Senior Scientist at the Institute for Networked Systems of RWTH Aachen University. Prior to this he was a Technology Advisor to Harris Wiltshire & Grannis LLP in Washington, DC; Senior Fellow at the Annenberg Center for Communication at USC; and held various positions at Microsoft including Chief of Incubation, and Senior Director of Advanced Technology and Policy.

• 9:30 - 10:00

Some Mil/Aero R&D using GNU Radio

Stu Card

In our recent survey of Software Defined Radio (SDR) resources for military and aerospace waveform development and implementation, although other software environments appeared better suited for some specific development and test activities, GNU Radio emerged as the de facto definitive environment for general SDR research and development. Rapidly evolving commercial waveforms pose both opportunities and challenges from cyber and physical security perspectives; addressing these is facilitated by various Out Of Tree projects, together with the rapid prototyping and experimentation capabilities enabled by GNU Radio Companion etc. Proliferation of Unmanned Aerial Systems (UASes) presents other issues, including safe integration of UASes into the National Airspace System (NAS); research into some of these, such as UAS command and control data links, is also facilitated by GNU Radio. We briefly present the rationale for our recommendation that SDR researchers start with GNU Radio (at least as a baseline before trying more specialized tools) and some of the military and aerospace work in which we are using it.

• 10:00 - 10:30

Break

• 10:30 - 11:15

Radio Architecture Design Challenges: An RF Engineer’s Perspective

Shyam Nambiar

• 11:15 - 11:45

It's the RFNoC Life, for Us

Martin Braun

RFNoC is many things: It enables heterogeneous data processing between
FPGAs and host computers, it gets the best out of Ettus Research USRP
devices that you may already own or are planning to buy, it facilitates
deployment of DSP and other algorithms and it's simply a great framework
in which to do FPGA development.
RFNoC is most powerful when used in combination with GNU Radio. In this
presentation, we'll give an update of the state of RFNoC, highlight new
features, and provide an overview of the efforts required to become an
RFNoC developer.

• 11:45 - 12:15

Drone Hijacking and other IoT hacking with GNU Radio

Alexander Chemeris

Internet of things is surrounding us. Is it secure? Or does its security stand on (deemed) invisibility? XTRX SDR (Software-defined radio) and GNU Radio can answer these questions. In this presentation, we will play some modern wireless
devices. They have similar protocols, and none of them encrypts its
traffic. We will show how easy it is to find them using XTRX SDR and
proprietary chipsets, and how to sniff/intercept/fuzz these devices
using a small python script and GNU Radio. As an example we will show a Mousejack attack to wireless dongles, wireless keyboard keylogger and even a drone hijacking.

• 12:15 - 1:00

Lunch

• 1:00 - 1:30

Peter Mathys

Typical undergraduate communication theory textbooks start out with a review of continuous time linear systems, followed by amplitude, frequency and phase modulation. In some cases, probability theory and random processes also appear prominently at the beginning of the book. Digital data communication and digital signal processing are usually deferred until the second half of the course and the first complete digital communication system that resembles what is actually used in smartphones and other wireless systems appears only some 300 to 400 pages into the book. That makes it difficult to motivate students and we are thus promoting an approach where we start with a simple ideal communication system, e.g., using binary phase shift keying to transmit ASCII code text messages. In subsequent steps we can then introduce practical constraints and impairments such as channel bandwidth, noise, and timing synchronization. Along the way such concepts as the matched filter, signal space, and phase locked loops can be introduced naturally. To give the students opportunity to experiment and explore ‘what-if’ scenarios, GNU Radio and the gnuradio companion provide an ideal and very affordable platform. But there is a ‘chicken and egg’ problem. If you already know communication theory, GNU Radio is a great tool for experimentation, but if you are new to the field there is a steep learning curve. Just to demonstrate the concept of signal space and what happens if there is noise and the transmitter and receiver are not exactly synchronized, one quickly fills an entire flowgraph screen with some 30 blocks. Thus, some tailored blocks along the lines of an idealized textbook exposition to communications are needed to demonstrate the applicability of the material and let the students gain confidence in their ability to analyze and design such systems. In this talk we are exploring different ways to either combine existing GNU Radio blocks or create new ones for the purpose of an introductory level undergraduate communications course.

• 1:30 - 2:00

Radio Machine Learning Opportunities and Resources

Tim O'Shea

Machine learning holds significant promise for bringing in a new era of vastly improved radio and signal processing algorithms. By learning radio signal processing tasks and algorithms directly from data while minimizing the use of expert features and algorithms, we believe numerous radio tasks can be learned in highly generalizable ways with the ability to adapt and specialize to a wide range of operating conditions and requirements. We will review several key technology enablers for machine learning in the radio domain and demonstrate several pertinent applications. We will introduce the radioML online community and introduce our benchmark datasets and tasks with which we hope to facilitate quantitative comparison of ML approaches, strategies, and results in the domain.

• 2:00 - 2:30

Reversing and Implementing the LoRa PHY with SDR

Matt Knight

This talk will demonstrate techniques for decoding the LoRa PHY layer and will introduce gr-lora, an open source implementation of the protocol. LoRa is a Low Power Wide Area Network (LPWAN), an emerging class of wireless technology optimized for embedded and IoT applications. LoRa is unique because it uses a chirp spread spectrum modulation that encodes data into RF features more commonly encountered in RADAR systems. LoRa is also designed to operate in unlicensed ISM frequency bands, both avoiding costly spectrum licensing requirements and democratizing long-range network capabilities to consumers and new commercial operators alike. After briefly introducing the audience to LPWANs, I will walk through the SDR and DSP techniques required to demodulate and decode LoRa packets. In addition I will introduce gr-lora, an open-source implementation of the PHY that can be leveraged to design LoRa security test tools, gateways, and end node applications.

• 2:30 - 3:00

Break

• 3:00 - 3:30

Laboratory for Radio Communications Learning in Columbia Based in SDR Technologies

José de Jesús Rugeles Uribe

The Software Defined Radio technology has become today in the most important way to develop, create and innovate in radio technologies. This potential is a big opportunity for the teaching in electronic and Telecommunications in all world, especially in developing countries where the resources are limited. A laboratory with all this equipment requires a very high budget, impossible for most Universities in Colombia. Thus, some of important concepts are studied just theoretically; Sometimes, complemented by basic simulations using software such as Matlab or free software tools like Scilab.

The Telecommunication Engineering Department, decided build a communications laboratory using Software Defined Radio and GNU Radio with the idea of develop and apply this technology in their curriculum, specifically in courses like signal processing, analog and digital communications, mobile and wireless communications, transmission lines, instrumentation, radio propagation, antennas and advanced courses like digital TV, wireless sensor networks and radar technologies.

The hardware used in the laboratory include USRP and Nutaq radios besides instruments like radio-frequency generator (9 MHz - 6 GHz), power meter (50 MHz - 18 GHz), micro-strip, omnidirectional, horn and logperiodic antennas (800 MHz -18 GHz).

• 3:30 - 4:00

Tanguy Risset

CorteXlab (http://www.cortexlab.fr/) is an experimental wireless test-bed inaugurated in 2014 and dedicated to Software Defined Radio (SDR), Cognitive Radio and more generally any physical layer wireless experimentation. CorteXlab a part of the FIT (Future Internet of Things) platform. It is composed of a mix of SDR nodes, SISO and MIMO, installed in a shielded room and programmed from Internet. CorteXlab is provided for scientific and industrial communities and is openly accessible to anyone in the world with an Internet access. The FIT/CorteXlab experimentation room hosts 22 USRP N2932 nodes from National Instruments and 16 Nutaq PicoSDR (4 of them having 4×4 MIMO capabilities). This equipment can be programmed from anywhere in the world using GNU Radio. CorteXlab is a unique opportunity for GNU Radio wireless protocol developer to test their protocol in a real yet controlled environment.

• 4:00 - 4:30

Accelerated Signal-Processing on Embedded Platforms: Paths Forward

Raj Bhattacharjea

In the past ten years, low-power, embedded computers capable of running GNU Radio have become increasingly available, capable, and low-cost. They are quickly becoming the platform of choice for projects that require modest computing capabilities in the maker, hacker, and do-it-yourself communities. Popular platforms include single-board computers, stick computers, and mini-computers. These embedded systems can use GNU Radio to perform the signal-processing functions of a software-defined radio; however, efficient and fast signal-processing performance is not guaranteed out-of-the-box. For efficient performance, the developer must use single instruction, multiple data (SIMD) CPU extensions and/or general purpose computing on graphics processing units (GPGPU). Both SIMD and GPGPU are available on many popular embedded hardware platforms, but software in the GNU Radio ecosystem does not yet fully leverage SIMD and GPGPU on embedded hardware. Therefore, the goal of this talk is to discuss paths forward for integrating efficient signal-processing techniques into GNU Radio and to outline the work that has been done in embedded SIMD and GPGPU signal-processing.

• 4:30 - 4:45

Break

• 4:45 - 5:05

Efficient Waveform Spectrum Aggregation for Algorithm Verification and Validation

Bill Clark

Many algorithms that are designed for analyzing waveforms (e.g., detection, synchronization, or signal classification) face performance degradation
in the presence of interfering signals. The GNU Radio application outlined here allows for testing the algorithms under the presence of interference by specifying the spectral layout in an efficient manner. This approach makes use of channelizers and synthesizers to dynamically aggregate the desired signals and arbitrarily center
them at any given center frequency, which is in contrast to the traditional approach of upsampling and adding the individual signals. This application also allows for convenient white-space access algorithm development as the Primary User’s signals can be model easily within the spectrum. While this approach is presently being used in a file generation manner, it can easily be extended to over-the-air transmissions using SDRs with a high capacity interface.

• 5:05 - 5:25

Seth Hitefield

In the past few years, a significant amount of research has been conducted concerning vulnerabilities of software defined communications systems. However, in many cases this research has focused on exploiting vulnerabilities within a radio protocol rather than the software implementation of the radio itself. With software radio becoming more prevalent in the communications domain, the chances of vulnerabilities existing and being attacked is increasing significantly. The goal of this research is to examine different software radio frameworks and determine what types of vulnerabilities can exist and how they may be exploited by attackers. This presentation will give an overview of the types of vulnerabilities that can exist and demonstrate a few examples, such as buffer overflows and state machine corruption.

• 5:25 - 5:45

Closing

Ben Hilburn

• 7:30 - 8:30

Breakfast

• 8:30 - 12:15

Guided Tutorials

The dev summit this year will include not only the usual collaborative development & hacking, but lightning talks, walk-throughs, and tutorials.

• 12:15 - 1:00

Lunch

• 1:00 - 2:00

Hacking

• 2:00 - 2:30

Hacking Challenge Conclusion

Bastille

• 2:30 - 4:00

Hacking

• 5:00

Open House & BBQ

Hosted by Great Scott Gadgets in Evergreen, CO.