A Novel Scheme for Discrete and Secure LoRa Communications

Abstract

In this paper, we present a new LoRa transceiver scheme to ensure discrete communications secure from potential eavesdroppers by leveraging a simple and elegant spread spectrum philosophy. The scheme modifies both preamble and payload waveforms by adapting a current state-of-the-art LoRa synchronization front-end. This scheme can also be seen as a self-jamming approach. Furthermore, we introduce a new payload demodulation method that avoids the adverse effects of the traditional cross-correlation solution that would otherwise be used. Our simulation results show that the self-jamming scheme exhibits very good symbol error rate (SER) performance with a loss of just 0.5 dB for a frequency spread factor of up to 10.

1. Introduction

In the past few years, LoRa has become a front-runner in low-power wide-area network (LPWAN) solutions applied to low-energy/low-cost Internet of Things (IoT) transceivers and is increasingly implemented to achieve practical solutions in areas such as agro-informatics [1], smart home design [2] and air-quality monitoring systems [3]. The increasing number of LoRa transceivers creates increased opportunities for malicious entities to disrupt or eavesdrop LoRa communications. Many studies have been conducted by the research community to evaluate the impact of jamming on performance and countermeasures have been proposed to tackle these threats. Below, we briefly review relevant studies that consider LoRa jamming schemes.

1.1. Previous Work on LoRa Jamming

In [4], the authors investigated the impact of traditional jammers, such as band and tone jamming, on the LoRa demodulation process and highlighted the sub-optimal energy efficiency of these jamming schemes. Other research has considered smarter and more efficient jammers involving jamming LoRa nodes with LoRa signals. In [5,6,7,8], LoRa reactive jammers (the jamming signal is only sent on detection of an incoming legitimate LoRa signal) and random jammers with a frequency hopping scheme were implemented and assessed on real-world devices. The authors concluded that jammer efficiency is obtained if the LoRa signal detection scheme is well-designed with good detection capability, and has a latency as low as possible to align the jamming signal in time with the signal of interest. In other studies, investigation of jamming where the jammer seeks to prevent a legitimate LoRa node to access the network was considered. In [9], a jammer was designed to reduce received signal strength indicator (RSSI) variations at the legitimate LoRa node, leading to an almost constantly obtained DevNonce key ID and preventing network access. The authors of [10] proposed a simple jammer detection scheme based on this philosophy, while [11,12] evaluated the jamming impact but on the global LoRa WAN network, with, for example, gateway occupancy or dropping probability metrics.

The eavesdropping case has, however, attracted less attention by the research community. To ensure secret communications, most of the proposed solutions rely on cryptographic schemes. For example, a frequency-hopping scheme was proposed in [13], while [14] introduced a reduced complexity advanced encryption system (AES) solution for the key management of LoRa WAN. Finally, recently in [15] a physical layer encryption method leveraging the randomness of the channel was presented to bypass the use of AES that imposes a burden on complexity for low-cost LoRa nodes.

1.2. Novelty and Contributions

In this paper, we propose a cooperative scheme between the transmitter and the receiver that further enhances [15] the scheme by improving the capacity for discrete LoRa transmission. The central notion is to leverage the well-known LoRa interference impact on demodulation but constructively by spreading the useful signal energy in the frequency space with a fixed power constraint. This can be seen as self-jamming with an added layer of spectrum spreading on top of LoRa. As the receiver is cooperative, the latter can then demodulate successfully. However, in realistic conditions, time and frequency synchronization between the transmitter and the receiver must be satisfied. We therefore propose a modified and adapted version of current state-of-the-art LoRa synchronization techniques as a solution.

The key contributions of the paper are as follows:

• Proposal of an enhanced scheme ensuring discrete and secure communication.
• A refined current LoRa synchronization front-end.
• Two variants of the scheme are proposed to adapt to power/complexity constraints of both uplinks and downlinks.

The remainder of the paper is organized as follows. In Section 2, we introduce the system model and some LoRa modulation basics. Section 3 presents a first approach to combatting an eavesdropper by modifying the preamble waveforms (introducing a self-jamming scheme). A modified synchronization front-end based on state-of-the-art techniques is proposed in Section 4. In Section 5, we investigate a possible threat where, in certain circumstances, an eavesdropper may synchronize itself. In Section 6, we enhance our initial self-jamming solution by proposing a modified payload demodulation scheme. Finally, we provide simulation results in Section 7 to evaluate the self-jamming method.

1.3. Notations

Table 1. List of principal notations used in the paper.

Notation and Symbols Meaning
global LoRa parameters
SF	LoRa spreading factor
M	number of possible chirp waveforms per symbol: $2^{\mathrm{SF}}$
T	symbol period
$F_s$	sampling frequency
$T_s$	sampling period
B	LoRa bandwidth
$F_c$	carrier frequency
indexes
k	time index
n	frequency index
i	symbol index
u	virtual path index
m	cross-correlation index
entities
A	Alice
B	Bob
E	Eve
legacy LoRa frame parameters
$N_{up}$	number of upchirp pilot symbols
$N_{down}$	number of downchirp pilot symbols
$N_{pre}$	number of pilot symbols: $N_{up}+N_{down}$
$N_d$	number of payload symbols
$N_f$	total number of symbols: $N_f=N_{pre}+N_d$
a	current transmitted symbol
$x_a\left[k\right]$	transmitted a-symbol waveform
modified LoRa frame parameters
U	number of virtual channel paths
$a_{up}$	upchirp pilot symbol value
$a_{down}$	downchirp pilot symbol value
$a_{data}^{\left(d\right)}$	d-th payload symbol
$m_{up}$	vector of virtual channel delays of upchirp pilot symbols
$m_{down}$	vector of virtual channel delays of downchirp pilot symbols
$ϵ$	minimum DFT gap between virtual channel paths
$P_s$	total transmit power available
$P_J$	power of each virtual channel path: $P_J=P_s/U$
$S_{up}\left[k\right]$	modified upchirp preamble waveform
$S_{down}\left[k\right]$	modified downchirp preamble waveform
$S_{data}\left[k\right]$	modified data waveform
synchronization parameters
$\tau$	STO delay
${\Delta }_f$	baseband carrier residual
$ST{O}_{int}$, $ST{O}_{frac}$	integer and fractional STO part
$CF{O}_{int}$, $CF{O}_{frac}$	integer and fractional CFO part
L	number of preamble upchirps to detect for preamble detection
${\tilde{S}}_{up}^{ref}\left[n\right]$	reference DFT upchirp for synchronization
${\tilde{S}}_{down}^{ref}\left[n\right]$	reference DFT downchirp for synchronization
${\lambda }_{ST{O}_{frac}\approx 0.5}$	threshold for $ST{O}_{frac}\approx 0.5$ case detection
R	oversampling factor for $ST{O}_{frac}$ mitigation
various notations
$\langle x\rangle$	averaged x: $\langle x\rangle =\frac{1}{N}{\sum }_{i=0}^{N-1}{x}_i$

lists the most relevant notations used throughout the paper.

2. System Model

2.1. Eavesdropping Scenario

We consider the eavesdropping scenario presented in Figure 1. There are three entities, Alice, Bob and Eve, denoted with A, B and E characters, respectively. A and B communicate with each other (Alice–Bob direction in the figure) in a cooperative way and exchange sensitive data that must be kept secret from eavesdroppers such as E. B has the role of the gateway and both uplink and downlink links are taken into account, depending on the A role. If A is a pure LoRa sensor, the uplink is much more critical than the downlink as the latter mainly consists of signaling traffic. However, if A is an actuator driven by incoming commands from B, for example, the downlink must be protected from E. We are then interested in securing both up- and downlinks and also ensuring discrete communication, reducing the intercept capability of E. E is, in this context, a fully passive receiver located sufficiently close to A and B to be able to detect both A or B LoRa signals. In this scenario, all channels separating entities are flat with additive white Gaussian noise (AWGN) and they are assumed to be symmetric. Frequency-selective channels may be considered in the future as an extension of this study.

2.2. LoRa Modulation Overview

LoRa waveforms are a type of chirp spread spectrum (CSS) signal. These signals rely on sine waves with instantaneous frequency (IF) that vary linearly with time over the frequency range $f\in [-B/2;B/2]$ and the time range $t\in [0;T)$ (T, the symbol period). This basic signal is called an upchirp or downchirp when IF increases or decreases with time, respectively. A Lora waveform is an M-ary digital modulation, comprised of M possible chirp modulations where the IF of the upchirp is shifted by the M possible values. The modulo operation is applied to ensure that the frequency remains in the interval $[-B/2;B/2]$. The LoRa parameters are chosen such that $BT=M$ with $M=2^{SF}$ and $SF\in \{7,8,\dots ,12\}$ is called the spreading factor, which also corresponds to the number of bits for a LoRa symbol. In the discrete-time signal model, the chip rate ($R_c=1/T_c=M/T$) is usually used to sample the received signal, i.e., the sample period is $T_s=T_c=T/M=1/B$. The signal then has M samples over one symbol period T. Each symbol $a\in \{0,1,\dots ,M-1\}$ is mapped to an upchirp that is temporally shifted by ${\tau }_a=a{T}_c$ period. We note that a temporal shift results in a change in the initial IF.

This behavior is the heart of the M-ary chirp modulation. An expression of discrete LoRa waveforms sampled at $t=k{T}_s$ ($T_s=T_c$) has been derived by the authors in [16]:

$$x(k{T}_s;a)\triangleq x_a\left[k\right]=e^{2j\pi k\left(\frac{a}{M}-\frac{1}{2}+\frac{k}{2M}\right)}k=0,1,\dots ,M-1.$$

(1)

The upchirp is the LoRa waveform with symbol index $a=0$.

2.3. LoRa Demodulation Scheme

The authors of [17] derived a simple and efficient solution to demodulate LoRa signals. In an AWGN flat-fading channel, the demodulation process is based on the maximum likelihood (ML) detection scheme. The received signal is:

$$r\left[k\right]=\alpha x_a\left[k\right]+w\left[k\right]$$

(2)

with $\alpha =\left|\alpha \right|e^{j\varphi }$, the complex gain of the channel and $w\left[k\right]$ an independent and identical distributed (i.i.d.) complex AWGN with zero-mean and variance ${\sigma }^2={E[|w[k]|}^2]$. The signal-to-noise ratio (SNR) is defined as: $SNR={\left|\alpha \right|}^2{P}_s/{\sigma }^2=1/{\sigma }^2$ with $P_s$ the transmitted signal power and, without loss of generality, we assume ${\left|\alpha \right|}^2=P_s=1$. The ML detector aims to select the frequency index n that maximizes the scalar product $\langle r,x_n\rangle \mathrm{for}n\in \{0,1,\dots ,M-1\}$, defined as:

$$\begin{array}{cc}\hfill \langle r,x_n\rangle & =\sum _{k=0}^{M-1}r\left[k\right]x_n^{*}\left[k\right]\hfill \\ \hfill & =\sum _{k=0}^{M-1}\underset{\tilde{r}\left[k\right]}{\underbrace{r\left[k\right]x_0^{*}\left[k\right]}}{e}^{-j2\pi \frac{n}{M}k}=\tilde{R}\left[n\right]\hfill \end{array}$$

(3)

The demodulation stage proceeds with two simple operations:

• multiply the received waveform by a downchirp $x_0^{*}\left[k\right]$ (also called dechirping),
• compute $\tilde{R}\left[n\right]$, the discrete Fourier transform (DFT) of $\tilde{r}\left[k\right]$, and select the discrete frequency index $\widehat{a}$ that maximizes $\tilde{R}\left[n\right]$.

In this way, the dechirp process merges all the signal energy into a unique frequency bin a that can be easily retrieved by taking the magnitude (non-coherent detection) of $\tilde{R}\left[n\right]$. The detected symbol is then:

$$\widehat{a}=\underset{n}{arg\; max}\left|\tilde{R}\left[n\right]\right|$$

(4)

2.4. LoRa Frame Structure

LoRa messages are transmitted in frames that follow the specific format depicted in Figure 2.

The frame consists of a preamble followed by the payload symbols. The preamble is a critical component as it realizes the three following processes required to correctly demodulate the $N_d$ payload symbols:

• detecting the beginning of the frame by leveraging the $N_{up}$ upchirps.
• performing both frequency and time synchronization with the help of the $N_{up}$ upchirps and $N_{down}$ downchirps.
• detecting if the received frame is dedicated to the receiver by checking if the $N_{ID}=2$ consecutive network identification symbols correspond to its stored value.

LoRa transceivers generally use $N_{up}=8$, a variable $N_d$ value, and a fixed value $N_{down}=2.25$. The number of symbols in the preamble and the entire frame are denoted, respectively, $N_{pre}=N_{up}+N_{down}$ and $N_{frame}=N_{pre}+N_{ID}+N_d$.

We choose to slightly change the frame format as depicted in Figure 3 with the following modifications:

• Without loss of generality, the two identification symbols and the last quarter downchirp are ignored. The latter is not leveraged in the synchronization front-end. The symbol number in the frame then becomes $N_{frame}=N_{pre}+N_d$.
• We also set the condition $N_{down}=N_{up}$. This enables a balanced noise immunity between the upchirps and downchirps as these are averaged during the synchronization procedure.

The transmitted frame is then the concatenation of the upchirp, downchirp and payload symbol waveforms:

$$x\left[k\right]=s_{up,frame}\left[k\right]+s_{down,frame}[k-N_{up}M]+s_{data}[k-N_{pre}M]$$

(5)

3. Combat Basic LoRa Eavesdropper with Modified Preamble Waveform

A first approach to combat E is to only modify the preamble waveforms to disrupt its synchronization. A synchronization error will irredeemably lead to a demodulation error, preventing E from obtaining the critical data. The modified preamble waveforms are also designed to considerably increase the noise sensitivity for E and, thus, the discrete capacity of the scheme, while avoiding too much degradation of the performance of the link between A and B. The cooperative receiver leverages these modifications to improve its processing gain as much as possible.

The modified DFT preamble upchirp waveform in the preamble is illustrated in Figure 4. The green DFT bin depicts the legacy format. It consists of a unique DFT bin at known location $n=a_{up}=0$, containing all the signal power $M\sqrt{P_s}$. The basic idea of the discrete scheme is to spread the power over several DFT bins with a uniform distribution in respect of a fixed power constraint. This is represented by the DFT bins with a dashed line in the figure. The modified preamble can be written as:

$$\begin{array}{ccc}\hfill s_{up,frame}\left[k\right]& =& \sum _{i=0}^{N_{up}-1}{s}_{up}[k-iM]\hfill \end{array}$$

(6)

$$\begin{array}{ccc}\hfill s_{down,frame}\left[k\right]& =& \sum _{i=N_{up}}^{N_{pre}-1}{s}_{down}[k-iM]\hfill \end{array}$$

(7)

with:

$$\begin{array}{ccc}\hfill s_{up}\left[k\right]& =& \sqrt{P_J}\sum _{u=0}^{U-1}{x}_{(a_{up}-m_{up}^u)modM}\left[k\right]\hfill \end{array}$$

(8)

$$\begin{array}{ccc}\hfill s_{down}\left[k\right]& =& \sqrt{P_J}\sum _{u=0}^{U-1}{x}_{(a_{down}-m_{down}^u)modM}^{*}\left[k\right]\hfill \end{array}$$

(9)

and U, the number of DFT bins present, $P_J$, the power level of each DFT bin with $P_J=P_s/U$, $m_{up}^u$ and $m_{down}^u$, the u-th relative delay of the preamble upchirp and downchirp, respectively. We also note $m_{up}$, the associated delay vector that is sorted in ascending order, i.e., $m_{up}^0=0$ and $0<m_{up}^{u>0}<M$. Each $m_{up}^u$ delay must be unique to prevent a DFT bin overlapping issue, leading to adding DFT magnitudes and, thus, reducing the discrete capacity of the scheme. Note that $U=1$ and $a_{up}=0$ lead to the legacy format. The preamble downchirps follow the same structure but with $a_{down}$ and $m_{down}$ different from $a_{up}$ and $m_{up}$ to improve privacy.

Neglecting noise, the i-th received dechirped preamble upchirp or downchirp DFT is:

$$\begin{array}{ccc}\hfill {\tilde{R}}_{up}\left[n\right]& =& \alpha M\sqrt{P_J}\sum _{u=0}^{U-1}\delta [n-(a_{up}-m_{up}^u)modM]\hfill \end{array}$$

(10)

$$\begin{array}{ccc}\hfill {\tilde{R}}_{down}\left[n\right]& =& \alpha M\sqrt{P_J}\sum _{u=0}^{U-1}\delta [n-(a_{down}-m_{down}^u)modM]\hfill \end{array}$$

(11)

Note that each DFT bin has a null imaginary part. The DFT bin locations must remain secret from E to prevent its correct synchronization. $a_{up}$, $m_{up}$, $a_{down}$ and $m_{down}$ must then be random values that must be perfectly known by both A and B. That is, a specific procedure needs to be performed to satisfy this constraint. Possible solutions include the physical layer security schemes that leverage the randomness and reciprocity of the channel to enable both A and B to extract a pseudo-random bit sequence. These methods rely on the random received signal strength indicator (RSSI) variations, as LoRa transceivers have a built-in RSSI read-out feature, a solution chosen in [15], or using random channel path phase variation [18]. In practice, the A and B extracted sequences do not match perfectly and a reconciliation procedure is then necessary. This step requires the sequences exchange and may be vulnerable to eavesdroppers. The use of the Chinese remainder theorem (CRT), as in [15], or a code-word approach as in [19], are possible solutions to tackle this issue.

4. Self-Jamming Synchronization Front-End

In this section, we introduce desynchronizations that a receiver undergoes in practice, their effects on the LoRa demodulation, and the synchronization front-end designed to address these issues.

4.1. Time Desynchronization Model—Sampling Time Offset (STO)

In real conditions, the receiver continuously collects chunks of M samples that are not necessarily aligned with the receiver, i.e., the sampling times are different between the transmitter and the receiver. This produces a temporal window shift $\tau$ up to a symbol period T, as depicted in Figure 5. This effect, referred to as the sampling time offset (STO), introduces inter-symbol interference (ISI) if the previous symbol is different from the current symbol, i.e., $a^{-}\ne a$ and $a\ne a^{+}$ in the figure. The higher the value of $\tau$, the greater the ISI, with maximum signal deformation when $\tau \approx T/2$.

The preamble structure prevents ISI that could degrade synchronization performance, as consecutive upchirps and downchirps are identical (see Equations (8) and (9)). $\tau$ is modeled based on the LoRa sampling frequency $F_s=B$ and can then be converted to a certain number of sampling periods as:

$$\tau =\left(\underset{STO}{\underbrace{ST{O}_{int}+ST{O}_{frac}}}\right)\times T_s$$

(12)

with $ST{O}_{int}=\lfloor \tau /T_s\rceil \in [0;M-1]$, the integer number of sampling periods plus a fraction of a sampling period $ST{O}_{frac}=STO-ST{O}_{int}\in$$[-0.5;0.5)$. $\lfloor .\rceil$ denotes the rounding operation to the nearest integer.

4.2. Frequency Desynchronization Model

Due to hardware imperfections, other desynchronizations may occur in the frequency domain, such as the carrier-frequency offset (CFO) and the sampling-frequency offset (SFO).

4.2.1. Carrier-Frequency Offset (CFO)

As a reminder, the CFO is the residual carrier frequency present in the base-band signal at the receiver side. The local oscillators of the transmitter and the receiver are not perfectly centered to the desired carrier frequency $F_c$. A residual frequency appears, then:

$${\Delta }_f=F_c^t-F_c^r$$

(13)

with $F_c^t$ (resp. $F_c^r$), the carrier frequency used by the transmitter (resp. the receiver). By analogy to the STO, ${\Delta }_f$ can be converted to a number of frequency bins:

$${\Delta }_f=\left(\underset{CFO}{\underbrace{CF{O}_{int}+CF{O}_{frac}}}\right)\times \frac{B}{M}$$

(14)

with $CF{O}_{int}=\lfloor {\Delta }_f/(B/M)\rfloor \in [0;M-1]$, the integer number of DFT bins plus a fraction of a DFT bin $CF{O}_{frac}=CFO-CF{O}_{int}\in$$[0;1)$. $\lfloor .\rfloor$ denotes the floor operation.

4.2.2. Sampling-Frequency Offset (SFO)

The SFO is a mismatch between the current and the desired sampling frequency at the receiver side:

$$F_s^{\prime }=F_s+SFO$$

(15)

In hardware implementation, and especially for low-cost IoT transceivers, such as LoRa, the same oscillator is used to perform the sampling and the carrier transposition. That is, the CFO and SFO are generated from the same source and their relationship represented as follows [20]:

$$SFO=\frac{B}{F_c}\times {\Delta }_f$$

(16)

4.3. Time and Frequency Desynchronization Effects on LoRa

$CF{O}_{int}$ and $ST{O}_{int}$ have the effect of shifting the DFT bin position (we consider $U=1$ for the sake of simplicity) by a certain amount that is different when considering either upchirps: ${\widehat{a}}_{up}=(a_{up}+\lfloor CFO+STO\rceil )modM$ or downchirps: ${\widehat{a}}_{down}=(a_{down}+\lfloor CFO-STO\rceil )modM$. The fractional part $CF{O}_{frac}$ and $ST{O}_{frac}$ progressively spread the DFT bin of interest energy to its neighbor as $CF{O}_{frac}$ or $ST{O}_{frac}$ gets closer to 0.5: $n=a_{up}+1$ and $n=a_{down}-1$ for $CFO$; $STO$ has the opposite behavior.

The $SFO$ has the consequence, over time, of progressively distorting the received signal; a discrete model for LoRa is derived in [21] (considering upchirp symbols, for example, neglecting noise and channel path gains):

$${\tilde{r}}_i\left[k\right]\approx {\tilde{x}}_{a_i}\left[k\right]e^{2j\pi ki\left[{\left(\frac{B}{F{s}^{\prime }}\right)}^2-\frac{B}{F_s^{\prime }}\right]}$$

(17)

with ${\tilde{x}}_{a_i}\left[k\right]$, the i-th received LoRa signal with symbol value $a_i$.

4.4. Synchronization Scheme

The adapted state-of-the-art LoRa synchronization front-end of our self-jamming scheme is presented in Figure 6. The front-end starts with a first pre-processing block which involves sampling the received signal at an over-sampled rate $R\times F_s$, dechirping $N_{up}$ blocks of M samples (downsampled by R factor), estimating and correcting $CF{O}_{frac}$ for these $N_{up}$ blocks, and computing the $N_{up}$ corrected DFTs. The receiver continues with the preamble detection as, in practice, the latter operates in real time.

Once the preamble is detected, the receiver re-aligns the symbols in the detected frame by $CF{O}_{frac}$ and estimates the other synchronization parameters, i.e., $CF{O}_{int}$, $SFO$, $ST{O}_{int}$ and $ST{O}_{frac}$. The estimation of both $CFO$ and $STO$ is not trivial. As their effects are not independent of each other, the pipeline must then be designed wisely. It finally performs a frame correction to re-align itself in time and frequency. The over-sampling by the R rate is required to mitigate $ST{O}_{frac}$.

4.4.1. Fractional CFO Correction and Preamble Detection

$CF{O}_{frac}$ can be estimated and compensated in this step. As the $CF{O}_{frac}$ estimator found in [22] has low sensitivity to the presence of multiple DFT peaks and operates blindly, we choose then to use this estimator. To ensure correct $CF{O}_{frac}$ estimation, no energy other than AWGN must be present in the left and right adjacent DFT bins of each of the U DFT peaks. We set the constraint of choosing delays with a minimal gap of $ϵ$ DFT positions between each. This is also valid for proper $ST{O}_{frac}$ estimation. Satisfying the constraint $ϵ$, the maximum number of virtual paths U value is:

$$U_{max}=⌊\frac{M}{ϵ}-1⌉$$

(18)

giving $U_{max}=25$ for $ϵ=5$ and $SF=7$, for example. In [22], the authors proposed an estimator that relies on the well-known three spectral lines (TSL) scheme by deriving ${\widehat{CFO}}_{frac}$ over $N_{up}$ consecutive symbols. Each $N_{up}$ received desynchronized symbol $y_i\left[k\right]$ is then corrected:

$$y_i^{\prime }\left[k\right]=y_i\left[k\right]e^{-2j\pi k\frac{{\widehat{CFO}}_{frac}}{M}}$$

(19)

The preamble detection relies on detecting the presence of consecutive demodulated symbols. With very low AWGN and a well-aligned received signal, $N_{up}$ identical and consecutive symbols should be detected but the noise progressively introduces errors and, in practice, it is very difficult to detect this specific pattern. To improve the detection performance at the cost of an increased false alarm rate, we set the constraint to detect at least L consecutive symbols having a maximum value difference of $\pm 1$.

Due to the presence of multiple DFT peaks of the same magnitude, the classic demodulation scheme in (4) is not suitable as the detected DFT peak location will change over the $N_{up}$ upchirps. To tackle this issue, we propose a cross-correlation approach. As the relative delays $m_{up}$ are perfectly known by the receiver, the latter can rebuild locally the expected dechirped preamble upchirp with assumed transmitted power $P_s=1$. This is denoted ${\tilde{S}}_{up}^{ref}\left[n\right]$. Then, for L consecutive received dechirped symbols, it computes the circular cross-correlation and extracts the maximum argument:

$$\begin{array}{ccc}\hfill F_{up,l}^{\prime }\left[m\right]& =& \sum _{n=0}^{M-1}\left|{\tilde{S}}_{up}^{ref}\left[n\right]\right|\left|{\tilde{Y}}_l^{\prime }[(n-m)modM]\right|\hfill \end{array}$$

(20)

$$\begin{array}{ccc}\hfill n_l& =& \underset{m}{arg\; max}{F}_{up,l}^{\prime }\left[m\right]\hfill \end{array}$$

(21)

with $p\le l\le p+(L-1)$, $p=\{0,1,\dots ,p_{max}\}$, $0\le m\le M-1$ and ${\tilde{Y}}_l^{\prime }\left[n\right]$, the DFT of ${\tilde{y}}_l^{\prime }\left[k\right]$. Note that $p_{max}$ is the last block of L demodulated symbols until preamble detection. Equation (20) can be efficiently computed with a fast Fourier transform (FFT) algorithm as:

$$F_{up,l}^{\prime }=IFFT\left(FFT\left(\left|{\tilde{S}}_{up}^{ref}\right|\right)\times {\left\{FFT\left(\left|{\tilde{Y}}_l^{\prime }\right|\right)\right\}}^{*}\right)$$

(22)

The preamble is detected if $(n_{p+i}+j)modM=n_p$ for $i=\{1,2,\dots ,L-1\}$ and $j=\{-1,0,1\}$. Once the preamble is detected, the rest of the symbols in the frame are corrected by ${\widehat{CFO}}_{frac}$.

4.4.2. Half Fractional STO Detection

As previously stated in Section 4.3, as $ST{O}_{frac}$ gets closer to 0.5, the neighbor DFT bin energy progressively increases, leading to higher noise sensitivity. When $ST{O}_{frac}\approx 0.5$, two DFT peaks with almost the same magnitude are present, creating detection uncertainty and preventing correct $CF{O}_{int}$ and $ST{O}_{int}$ estimation. That is, $ST{O}_{frac}$ must be mitigated before, independently from $CF{O}_{int}$ and $ST{O}_{int}$. The authors in [23] proposed a solution by performing an initial $ST{O}_{frac}$ mitigation, albeit partial, to remove this uncertainty.

We propose a different approach with a binary statistical test by detecting if $ST{O}_{frac}\approx 0.5$. We define the hypotheses $H_0$, $H_1$ as $ST{O}_{frac}\ne 0.5$ and $ST{O}_{frac}=0.5$, respectively. The basic idea is to evaluate the DFT magnitude difference between the peak of interest and its neighbor bin. The less the difference, the closer to 0.5 $ST{O}_{frac}$. Below a certain difference threshold, the receiver decides $H_1$, otherwise $H_0$. The detector is designed as follows:

• The $N_{up}$ preamble upchirp DFTs are averaged to reduce noise sensitivity:

  $$〈{\tilde{Y}}_{up}^{\prime }\left[n\right]〉=\frac{1}{N_{up}}\sum _{i=0}^{N_{up}-1}{\tilde{Y}}_i^{\prime }\left[n\right]$$

  (23)
• The following cyclic cross-correlation is computed and normalized:

  $$\begin{array}{ccc}\hfill F_{up}^{\prime }\left[m\right]& =& \sum _{n=0}^{M-1}\left|{\tilde{S}}_{up}^{ref}\left[n\right]\right|\left|〈{\tilde{Y}}_{up}^{\prime }[(n-m)modM]〉\right|\hfill \end{array}$$

  (24)

  $$\begin{array}{ccc}\hfill F_{up}^{\prime }\left[m\right]& =& \frac{F_{up}^{\prime }\left[m\right]}{\underset{m}{max}{F}_{up}^{\prime }\left[m\right]}\hfill \end{array}$$

  (25)
• We extract the left and right neighbor DFT bin magnitudes of the maximum DFT peak and compute the criterion $\delta$:

  $$n_{max}^{up}=\underset{m}{arg\; max}{F}_{up}^{\prime }\left[m\right]$$

  (26)

  $$\begin{array}{cc}\hfill v^{-}& =F_{up}^{\prime }[(n_{max}^{up}-1)modM]\hfill \\ \hfill v^{+}& =F_{up}^{\prime }[(n_{max}^{up}+1)modM]\hfill \end{array}$$

  (27)

  $$\delta =1-max(v^{-},v^{+})$$

  (28)
• $ST{O}_{frac}\approx 0.5$ is finally detected as:

  $$\delta \underset{H_1}{\stackrel{H_0}{\gtrless }}{\lambda }_{ST{O}_{frac}\approx 0.5}$$

  (29)

The frame contaminated by $ST{O}_{frac}$ is then corrected with ${\widehat{STO}}_{frac}=0.5$ (if detected) by discarding the first $R\times (M-ST{O}_{frac})$ samples. There are then $N_{up}-1$ upchirp symbols in the preamble.

Figure 7 illustrates the evolution of averaged $\delta$, denoted $\langle \delta \rangle$, as a function of $ST{O}_{frac}=\{0,0.1,\dots ,0.9\}$ ($R=10$) for several SNR values $SN{R}_{dB}=\{-15,-12,-9,-6\}$, $U=4$ and $SF=7$. The delays $m_{up}$ are chosen randomly and uniformly in $[0;M-1]$ and satisfying the gap $ϵ$ constraint.

We can see from the figure that $\langle \delta \rangle$ progressively decreases as $ST{O}_{frac}$ gets closer to 0.5 with the minimal point reached for $ST{O}_{frac}=0.5$. $\langle \delta \rangle$ has a symmetric pattern with $ST{O}_{frac}=0.5$. The noise has the effect of flattening the curve, reducing the contrast between $ST{O}_{frac}$ values. The threshold ${\lambda }_{ST{O}_{frac}\approx 0.5}$ must be chosen wisely. A low value will increase the non-detection probability, a situation that must be avoided as far as possible. A very high value will lead to almost constant detection; the corrected frame will then have as many as $ST{O}_{frac}$ residuals with no $ST{O}_{frac}\approx 0.5$ detection enabled.

In simulations, ${\lambda }_{ST{O}_{frac}\approx 0.5}=0.3$ is a balanced value for the LoRa SNR range of interest $SN{R}_{dB}=\{-15,-14,\dots ,-5\}$. We note that adjacent values $ST{O}_{frac}=\{0.4,0.6\}$ are almost constantly detected as $ST{O}_{frac}=0.5$, but the residual is $\pm 0.1$, a value that has a negligible impact on demodulation performance.

Figure 8 illustrates the histograms of $\delta$ for $ST{O}_{frac}=\{0,0.1,0.2,0.3,0.4,0.5\}$, $U=4$, $SN{R}_{dB}=-8$ and $SF=7$. We note that the $\delta$ statistic follows a near-Gaussian distribution as the computed cross-correlation is a sum of Rayleigh random variables (RV). With extensive simulation results, we note that this distribution is slightly U dependent. Furthermore, increasing SF results in similar histograms but for lower SNRs, and the derived histogram for $ST{O}_{frac}^{sym}=1-ST{O}_{frac}$ is nearly the same as for $ST{O}_{frac}$ (symmetry).

4.4.3. CFO and STO Integer Estimation

The next step in the synchronization front-end is to estimate $CF{O}_{int}$ and $ST{O}_{int}$. The process follows the same philosophy as so far applied to the cross-correlation approach. The receiver keeps the previously computed $n_{max}^{up}$ in (26) and performs steps (23), (24), (26) for the preamble downchirps to derive $n_{max}^{down}$. $CF{O}_{int}$ and $ST{O}_{int}$ are simply derived as:

$$\begin{array}{cc}\hfill {\widehat{CFO}}_{int}& =⌊\frac{(n_{max}^{up}+n_{max}^{down})modM}{2}⌋\hfill \end{array}$$

(30)

$$\begin{array}{cc}\hfill {\widehat{STO}}_{int}& =(a_{up}+n_{max}^{up}-{\widehat{CFO}}_{int})modM\hfill \end{array}$$

(31)

The SFO is simply derived as:

$$\widehat{SFO}=({\widehat{CFO}}_{int}+{\widehat{CFO}}_{frac})\times \frac{B^2}{M\times F_c}$$

(32)

As stated in [23], this synchronization scheme cannot correctly detect $CF{O}_{int}\ge M/4$ but, in practice, it is very unlikely to have such a high value.

4.4.4. Fractional STO Part Estimation

The final step is to estimate $ST{O}_{frac}$ in the case where $ST{O}_{frac}\approx 0.5$ has not been detected earlier. The scheme is based on the TSL approach proposed in [23] but with slight modifications to be functional with our self-jamming scheme. The main steps are summarized in what follows:

• The averaged preamble DFT upchirps $〈{\tilde{Y}}_{up}^{\prime }\left[n\right]〉$ are re-aligned by removing ${\widehat{CFO}}_{int}$ and ${\widehat{STO}}_{int}$ shifts. This is simply effected by performing a left circular permutation.
• For each of the U DFT peaks in $〈{\tilde{Y}}_{up}^{\prime }\left[n\right]〉$, we extract its value and the left and right neighbor bins as:

  $$w_{c,u}=〈{\tilde{Y}}_{up}^{\prime }[(a_{up}-m_{up}^u+c)modM]〉,c\in \{-1,0,1\}$$

  (33)
• $ST{O}_{frac}$ is finally averaged over U estimates as:

  $${\widehat{STO}}_{frac}=\frac{1}{U}\sum _{u=0}^{U-1}-\Re \left\{{\Pi }_u\right\}$$

  (34)

  with:

  $${\Pi }_u=\frac{e(-h_u)w_{1,u}-e\left(h_u\right)w_{-1,u}}{2\times w_{0,u}-e(-h_u)w_{1,u}-e\left(h_u\right)w_{-1,u}}$$

  (35)

  $$h_u=({\widehat{STO}}_{int}+a_{up}-m_{up}^u)modM$$

  (36)

  $$e\left(x\right)=e^{2j\pi \frac{x}{M}}$$

  (37)

5. EVE Blind Synchronization Threat

With this modified preamble structure, E cannot synchronize itself correctly without the knowledge of $a_{up}$, $a_{down}$, $m_{up}$ and $m_{down}$. The synchronization error heavily impacts the payload demodulation stage and then prevents E from eavesdropping. In this section, we evaluate the ability of E to blindly estimate synchronization parameters that would possibly threaten the sustainability of our scheme.

As previously stated, $CF{O}_{frac}$ can be blindly estimated by both B and E. However, E cannot synchronize itself if $CFO$ is still present after $CF{O}_{frac}$ correction, i.e., $CF{O}_{int}\ne 0$. That is, E has the ability to blindly estimate $ST{O}_{int}$ only if $CF{O}_{int}=0$. This situation may happen if E is a higher-end device with low hardware impairments and, thus, $CFO<1$.

In what follows, we present a blind method to extract $ST{O}_{int}$. The basic idea is to leverage the fact that the $STO$ introduces ISI only between the last upchirp and the first downchirp in the preamble. Then, E can use a $ST{O}_{int}$ candidate approach by computing an energy cost for each candidate and selecting the one that minimizes the cost function. We denote each $ST{O}_{int}$ candidate by $ST{O}_{int}^{cand}\in \{0,1,\dots ,M-1\}$. The blind extraction method is designed as follows:

• E generates a temporary replica of the received frame and voluntarily simulates a $STO$ with value $ST{O}_{int}^{cand}$ by discarding the first $R\times ST{O}_{int}^{cand}$ samples, consequently modifying the time window process. It is denoted as $y_{cand}^{\prime }\left[k\right]$.
• It then dechirps, computes the DFT magnitude of the last preamble upchirp and the first preamble downchirp to derive the following quantities:

  $$\begin{array}{ccc}\hfill {\gamma }_{up}^{ST{O}_{int}^{cand}}& =& \frac{1}{M}\sum _{n=0}^{M-1}\left|{\tilde{Y}}_{cand,N_{up}-2}^{\prime }\left[n\right]\right|\hfill \end{array}$$

  (38)

  $$\begin{array}{ccc}\hfill {\gamma }_{down}^{ST{O}_{int}^{cand}}& =& \frac{1}{M}\sum _{n=0}^{M-1}\left|{\tilde{Y}}_{cand,N_{up}-1}^{\prime }\left[n\right]\right|\hfill \end{array}$$

  (39)
  To construct the minimum cost function point at $ST{O}_{int}^{cand}=ST{O}_{int}$, E needs to add a left circular permutation of one position to ${\gamma }_{up}^{ST{O}_{int}^{cand}}$. The cost function is simply derived as:

  $$\begin{array}{cc}\hfill {\gamma }^{ST{O}_{int}^{cand}}& ={\gamma }_{up}^{ST{O}_{int}^{cand}}+{\gamma }_{down}^{ST{O}_{int}^{cand}}\hfill \\ \hfill {\gamma }^{ST{O}_{int}^{cand}=M-1}& =\underset{ST{O}_{int}^{cand}}{max}{\gamma }^{ST{O}_{int}^{cand}}\hfill \end{array}$$

  (40)
• $ST{O}_{int}$ is finally estimated as:

  $${\widehat{STO}}_{int}=\underset{ST{O}_{int}^{cand}}{arg\; min}{\gamma }^{ST{O}_{int}^{cand}}$$

  (41)

This blind scheme has the drawback of being unable to correctly estimate $ST{O}_{int}=M-1$ value, slightly increasing the $ST{O}_{int}$ estimation error. Moreover, $ST{O}_{frac}$ progressively increases the estimation error as it gets closer to 0.5, as highlighted in Section 7. If E has correctly estimated $ST{O}_{int}$, it can easily estimate $ST{O}_{frac}$ even without $a_{up}$ and $m_{up}$ knowledge in (36). E can select the DFT bins that are above a given threshold ${\rho }_E$ in $〈{\tilde{Y}}_{up}^{\prime }\left[n\right]〉$ (23) with:

$${\rho }_E={\lambda }_E\times \underset{n}{max}\left|〈{\tilde{Y}}_{up}^{\prime }\left[n\right]〉\right|,{\lambda }_E\in ]0;1]$$

(42)

The derived DFT bin positions set ${\mathcal{A}}_E$ should correspond to $(a_{up}-m_{up})modM$ and, thus, $|{\mathcal{A}}_E|=U$ in high SNR conditions, then enabling an identical $ST{O}_{frac}$ estimation performance to the legitimate receiver if $CFO<1$. In such conditions, E successfully passes the synchronization front-end and can demodulate and retrieve the information in the payload.

We conclude that modification of the preamble only is necessary but not sufficient to ensure a discrete communication. A solution to tackle this more advanced E is then to also modify the payload waveform and is presented in the next section.

6. Combat Advanced LoRa Eavesdropper with Modified Payload Waveform

The payload waveform is modified with the same structure as for the preamble. This has the advantage of reducing scheme knowledge leaks, i.e., preamble symbols $a_{up}$, $a_{down}$, and delays $m_{up}$ and $m_{down}$. The modified payload waveform is then:   

$$s_{data}\left[k\right]=\sum _{d=0}^{N_d-1}{s}_{data}^{\left(d\right)}[k-(N_{pre}+d)\times M]$$

(43)

with:

$$s_{data}^{\left(d\right)}\left[k\right]=\sqrt{P_J}\sum _{u=0}^{U-1}{x}_{(a_{data}^{\left(d\right)}-l_d-m_{data}^{d,u})modM}\left[k\right]$$

(44)

with $l_d$, a random shift (unknown by E) applied to the d-th payload symbol, $m_{data}^{d,u}$ the u-th relative delay of the d-th payload symbol $a_{data}^{\left(d\right)}$. We note $m_{data}^{\left(d\right)}$ the delay vector of the d-th payload symbol. Each $m_{data}^{\left(d\right)}$ may be different between payload symbols to improve privacy. Again, the receiver may use the same legacy cross-correlation approach to demodulate the payload symbol. However, the latter has the drawback of increasing interference peak magnitudes in (20) as U grows. This reduces the AWGN immunity and degrades the symbol detection performance.

We propose a modified cross-correlation implementation, denoted as mod cross-corr, that considerably mitigates this detrimental effect. Considering perfect synchronization, it consists of dechirping the received symbol $r_{data}^{\left(d\right)}\left[k\right]=s_{data}^{\left(d\right)}\left[k\right]+w\left[k\right]$ over multiple downchirp symbols instead of the unique downchirp $x_0^{*}\left[k\right]$:

$${\tilde{r}}_{data}^{\left(d\right)}\left[k\right]=\sum _{u=0}^{U-1}{r}_{data}^{\left(d\right)}\left[k\right]x_{(-m_{data}^{d,u}-l_d)modM}^{*}\left[k\right]$$

(45)

The symbol is still estimated in the frequency domain:

$${\widehat{a}}_{data}^{\left(d\right)}=\underset{n}{arg\; max}\left|{\tilde{R}}_{data}^{\left(d\right)}\left[n\right]\right|$$

(46)

To compare the legacy and the modified cross-correlation, we define the following criterion for the modified cross-correlation:

$${\eta }_{modcross-corr}=\frac{\left|{\tilde{R}}_{data}^{\left(d\right)}\left[a_{data}^{\left(d\right)}\right]\right|}{\frac{1}{M-1}{\sum }_{\begin{array}{c}0\le n\le M-1\\ n\ne a_{data}^{\left(d\right)}\end{array}}^{}\left|{\tilde{R}}_{data}^{\left(d\right)}\left[n\right]\right|}$$

(47)

and for the legacy cross-correlation:

$${\eta }_{cross-corr}=\frac{F_{data}^{\left(d\right)}\left[a_{data}^{\left(d\right)}\right]}{\frac{1}{M-1}{\sum }_{\begin{array}{c}0\le m\le M-1\\ m\ne a_{data}^{\left(d\right)}\end{array}}^{}{F}_{data}^{\left(d\right)}\left[m\right]}$$

(48)

This represents the average magnitude difference between the DFT peak of interest and the interference peaks (AWGN plus cross-correlation peaks).

Figure 9 compares average $\eta$ between the legacy and the modified cross-correlations as a function of $SN{R}_{dB}\in \{-15,-14,\dots ,-6\}$ for several $U=\{1,2,\dots ,10\}$. We assume perfect synchronization and delays chosen randomly, respecting the $ϵ$ constraint.

We can see from the figure that $U=1$ has a maximum and same average $\eta$ between cross-corr and mod cross-corr as it is equivalent to the LoRa legacy demodulation scheme (4). It behaves as an upper limit as the higher average $\eta$, the higher the magnitude difference, and the better the performance. We also note that mod cross-corr has much lower U sensitivity. The loss between $U=1$ and $U=10$ is $\frac{6.475}{2.023}\approx 3.20$ for cross-corr against $\frac{6.475}{5.525}\approx 1.17$ for mod cross-corr at $SN{R}_{dB}=-6$. This solution is only sustainable if the STO has been correctly mitigated as would normally be the case when demodulating the payload. This modified cross-correlation is not suitable for synchronization parameter estimation as a candidate $ST{O}_{int}$ approach is required (similar to the blind $ST{O}_{int}$ estimation procedure) that gives poor synchronization performance.

Table 2. LoRa self-jamming scheme parameters supposed to be known, unknown, kept secret from E, estimated with self-jamming scheme knowledge and blindly estimated by the legitimate or eavesdropper receivers.

Self-Jamming Scheme Parameter	A or B	E
LoRa parameters
SF	★	★
$F_c$, B	★	★
preamble waveform parameters
$N_{up}$, $N_{down}$, $N_d$	★	★
$a_{up}$, $a_{down}$	★	○
$m_{up}$, $m_{down}$	★	○
payload waveform parameters
$m_{data}^{\left(d\right)}$, $l_d$	★	○
$a_{data}^{\left(d\right)}$	☐	○
global self-jamming parameters
U	★	△
$ϵ$	★	○
synchronization parameters
L	★	★
${\lambda }_{ST{O}_{frac}\approx 0.5}$	★	○
$CF{O}_{int}$	☐	+
$CF{O}_{frac}$	△	△
SFO	☐	+
$ST{O}_{int}$, $ST{O}_{frac}$	☐	△

summarizes the parameters of our complete self-jamming scheme that the legitimate and eavesdropper receivers know, do not know, or must be kept secret from E, estimated with self-jamming scheme knowledge and blindly estimated. The symbols used in the table are described in

Table 3. Symbols meaning of symbols used in Table 2.

Symbol	Symbol Meaning
★	known
+	unknown
○	kept secret from E
☐	unknown and estimated with self-jamming scheme knowledge
△	unknown and blindly estimated

. For conciseness, parameters which depend on others are not shown, e.g., $M=2^{SF}$.

Note that, from the table, the only parameter that is identically estimated by the legitimate receiver and the eavesdropper is $CF{O}_{frac}$. Furthermore, E can blindly estimate the STO and retrieve U under the right conditions (see Section 5). However, the critical payload parameters $m_{data}^{\left(d\right)}$ and $l_d$ are almost impossible to retrieve for E without using a brute-force approach, making proper demodulation very difficult.

7. Simulation Results

In this section, we present several simulation results to assess the self-jamming scheme. The following parameters are used, if not stated:

• $SF=7$, $M=128$
• $N_{up}=N_{down}=8$
• $L=3$
• $R=10$
• $F_c=868$ MHz, $B=125$ kHz
• $CFO\in \mathcal{U}[0.1;M/4-1=31]$
  We assume that $CFO<0.1$ is very unlikely to happen in practice.
• $STO\in \mathcal{U}[0;M-1]$
• $\left|\alpha \right|=1$, $\varphi \in \mathcal{U}[0;2\pi ]$
• $P_s=1$, $P_J=P_s/U=1/U$
• ${\lambda }_{ST{O}_{frac}\approx 0.5}=0.3$
• $ϵ=5$

7.1. Preamble Detection Performance

As E does not have $a_{up}$ and $m_{up}$ knowledge, the only possible preamble detection scheme for E is to compute the cross-correlation between two consecutive symbols as:    

$$\begin{array}{ccc}\hfill F_{up,l,\mathbf{E}}^{\prime }\left[m\right]& =& \sum _{n=0}^{M-1}\left|{\tilde{Y}}_l^{\prime }\left[n\right]\right|\left|{\tilde{Y}}_{l+1}^{\prime }[(n-m)modM]\right|\hfill \end{array}$$

(49)

$$\begin{array}{ccc}\hfill n_{l,\mathbf{E}}& =& \underset{m}{arg\; max}{F}_{up,l,\mathbf{E}}^{\prime }\left[m\right]\hfill \end{array}$$

(50)

with $p\le l\le p+(L-1)$ and $p=\{0,1,\dots ,p_{max}\}$. E also searches L consecutive symbols in $n_{l,\mathbf{E}}$ with value difference $\pm 1$ to detect the preamble.

A and B also have the ability to use the modified cross-correlation to improve the preamble detection performance. However, as stated in Section 6, this approach does not demonstrate satisfactory performance if the $STO$ is not mitigated. The preamble detection can only be performed in the presence of $STO$. That is, an $ST{O}_{int}$ candidate approach must be leveraged with the same philosophy as the blind $ST{O}_{int}$ estimation performed by E (see Section 5). To save computation resources, the candidate selection is only performed on the p-th received symbol and kept for the $L-1$ remaining symbols. The modified preamble detection scheme is:

• A or B generates a temporary replica of the received frame and voluntarily simulates an $STO$ with value $ST{O}_{int}^{cand}$ by discarding the first $R\times ST{O}_{int}^{cand}$ samples, consequently modifying the time window process. It is denoted as $y_{cand}^{\prime }\left[k\right]$.
• It then computes the modified cross-correlation of the i-th received symbol and selects the maximum value for each $ST{O}_{int}$ candidate as:

  $${\tilde{r}}_{up,l=p}^{ST{O}_{int}^{cand}}\left[k\right]=\sum _{u=0}^{U-1}{y}_{cand,l=p}^{\prime }\left[k\right]x_{-m_{up}^u}^{*}\left[k\right]$$

  (51)

  $$v_{max,l=p}^{ST{O}_{int}^{cand}}=\underset{n}{max}\left|{\tilde{R}}_{up,l=p}^{ST{O}_{int}^{cand}}\left[n\right]\right|$$

  (52)
• The candidate is selected as:

  $$ST{O}_{int}^{cand,sel}=\underset{ST{O}_{int}^{cand}}{arg\; max}{v}_{max,l=p}^{ST{O}_{int}^{cand}}$$

  (53)
• It then selects the maximum argument for each computed modified cross-correlation ($p\le l\le p+(L-1)$) associated with the chosen candidate:

  $$n_l=\underset{n}{arg\; max}\left|{\tilde{R}}_{up,l}^{ST{O}_{int}^{cand}=ST{O}_{int}^{cand,sel}}\left[n\right]\right|$$

  (54)

Figure 10 presents the preamble detection performance comparison between the legitimate receiver and E as a function of $SN{R}_{dB}=\{-15,-14,\dots ,0\}$ for several $U=\{1,2,3,4,8,10,12\}$ and $SF=7$. We also add the comparison between the legacy and the modified cross-correlation methods.

We can see from the figure that the preamble detection performance progressively decreases when U increases, even when using modified cross-correlation. This is because the same chosen $ST{O}_{int}$ candidate is used for all the symbols in the block of L received symbols. That is, increasing U increases the error probability to $ST{O}_{int}^{cand,sel}\ne ST{O}_{int}$. This error propagates on all symbols and the probability of detecting L consecutive symbols with value difference $\pm 1$ then decreases.

For $U\le 3$, the legacy and modified cross-correlation schemes have similar preamble detection performance, with a slight advantage for the modified cross-correlation method. However, for higher U, the modified cross-correlation scheme progressively outperforms the legacy cross-correlation scheme as U grows, with a performance difference of about 2 dB and a detection probability of 0.5 and $U=12$. Note that the modified cross-correlation performance is almost the same for $U=\{8,10,12\}$.

E has much lower performance with a loss ≈4 dB between $U=1$ and $U=12$, with a detection probability of 0.5 and a loss ≥3 dB when compared to the legitimate receiver using the modified cross-correlation scheme, for a given U. E is much more prone to AWGN errors as the cross-correlation performed in (49) has two sources containing AWGN, while the reference upchirp in (20) is AWGN free.

7.2. Complexity Comparison between the Legacy and the Modified Cross-Correlation Methods

The considerably reduced U sensitivity of modified cross-correlation (see Section 6) is at the cost of increased complexity. The algorithms for both the legacy and the modified cross-correlation functions are provided in Algorithms 1 and 2.

Algorithm 1: Legacy cross-correlation algorithm

inputs: ${\mathbf{r}}_{\mathbf{i}}$: the i-th received symbol vector

$\mathbf{m}$: the delays vector

${\mathbf{x}}_{\mathbf{ref}}$: the reference downchirp or upchirp vector

M: the constellation size

output: s: the maximum peak index of the legacy cross-correlation

1  ${\tilde{\mathbf{R}}}_{\mathbf{i}}:=abs(FFT({\mathbf{r}}_{\mathbf{i}}\odot {\mathbf{x}}_{\mathbf{ref}}))$ 2  ${\tilde{\mathbf{S}}}_{\mathbf{ref}}:={\mathbf{0}}_M$       %init M-size vector 3  ${\tilde{\mathbf{S}}}_{\mathbf{ref}}[-\mathbf{m}modM]:=M\sqrt{P_J}$ 4  ${\mathbf{F}}_{\mathbf{i}}:=IFFT({FFT}^{*}\left({\tilde{\mathbf{S}}}_{\mathbf{ref}}\right)\odot FFT\left({\tilde{\mathbf{R}}}_{\mathbf{i}}\right))$ 5  return$s=arg\; max\left({\mathbf{F}}_{\mathbf{i}}\right)$

It is obvious that the legacy cross-correlation in Algorithm 1 does not depend on U; it then requires the same amount of operations irrespective of the U. However, in Algorithm 2, lines 2–4, U complex sums of M elements are required. That is, increasing U increases the complexity.

Algorithm 2: Modified cross-correlation algorithm

This behavior is highlighted in Figure 11. We execute and report the execution times of C compiled versions of Algorithms 1 and 2 in a MATLAB environment, with $SF=7$.

In Figure 11a, the mod cross-corr/legacy cross-corr execution time ratios of the preamble detection and payload demodulation processes are presented for $U=\{1,2,\dots ,12\}$. We can see for $U=1$ and the payload demodulation considered that mod cross-corr is about $30\%$ faster than legacy cross-corr ($t_{exec}^r$ $\approx 0.7$). Indeed, mod cross-corr with $U=1$ is identical to the LoRa legacy demodulation scheme in (4). Then, computing the legacy cross-correlation for this case adds unnecessary complexity. Equally, when $U=1$, the $ST{O}_{int}$ candidate procedure for preamble detection presented in Section 7.1 is useless, considerably decreasing the complexity, leading to a ratio $\approx 1.04$. Activating the necessary $ST{O}_{int}$ candidate approach for $U>1$ greatly increases the complexity cost, reflected in the high ratio transition from $\approx$0.7 to $\approx$2.8 between $U=1$ to $U=2$. Increasing U progressively increases the mod cross-corr complexity to reach a complexity increase factor of about 3 at $U=12$.

In Figure 11b, mod cross-corr and legacy cross-corr schemes are compared to the LoRa legacy demodulation when used for the payload demodulation and preamble detection processes. We note that the burden of mod cross-corr on preamble processing is much higher than that of the payload process for low U values but progressively reduces to reach a turnover point at $U=11$ where the latter increases the advantage beyond this value. Again, the $ST{O}_{int}$ candidate approach is responsible for the high cost value at $U=2$ but shows less increasing complexity with U. The complexity of mod cross-corr is progressively increased when U increases to reach a factor of about 4.3 at $U=12$.

However, the cost of adding the legacy cross-correlation in the preamble section is very small with a constant ratio $\approx 1.05$ as the legacy cross-correlation computation does not depend on U. We also note that using legacy cross-corr for the payload demodulation has higher relative complexity (≈1.45) than for the preamble detection although its absolute complexity is much lower.

Table 4. Advantages and drawbacks of mod cross-corr.

Advantages
Mitigates U sensitivity
Improves frame detection performance
Improves payload demodulation performance
Drawbacks
Increases the complexity with U

and

Table 5. Advantages and drawbacks of legacy cross-corr.

Advantages
Adds low-complexity burden
Does not increase the complexity with U
Drawbacks
Leads to high sensitivity with U
Reduces frame-detection performance
Reduces synchronization performance

summarize the advantages and drawbacks of the legacy and mod cross-correlation schemes.

From Table 4, we can conclude that mod cross-corr almost completely removes U sensitivity and, thus, improves the frame detection and payload demodulation performances, but at the cost of increased complexity.

Table 5 shows the opposite behavior for legacy cross-corr, where it is more low-complexity compliant but has a high sensitivity with U which decreases the performances. That is, using mod cross-corr for the preamble detection mainly depends on performance–complexity trade-offs.

7.3. Integer STO Part E Blind Estimation Performance

Figure 12 presents the blind $ST{O}_{int}$ estimation performance of E as the average estimation rate (ER) over Monte Carlo trials, defined as:

$$\langle ER\rangle =\frac{1}{N_{trials}}\sum _{t=0}^{N_{trials}-1}ER\left(t\right)$$

(55)

with:

$$ER\left(t\right)=\left\{\begin{array}{cc}1\hfill & \mathrm{if}{\widehat{STO}}_{int}^{\left(t\right)}=ST{O}_{int}^{\left(t\right)}\hfill \\ 0\hfill & \mathrm{else}\hfill \end{array}\right.$$

(56)

The figure plots the average ER as a function of $ST{O}_{frac}=\{0,0.1,\dots ,0.9\}$ for random $ST{O}_{int}\in \mathcal{U}[0;M-2]$, fixed $U=8$, $CF{O}_{int}=0$, two $CF{O}_{frac}$ estimation residuals $CF{O}_r=\{0,0.02\}$ in the cases of no AWGN and several $SN{R}_{dB}=\{-3,0,3,6,9\}$, $SF=7$. We also add the legitimate receiver (B in the figure) performance as a comparison where the latter has the $ST{O}_{frac}\approx 0.5$ case detection activated (see Section 4.4.2), for $SN{R}_{dB}=-3$ and $CF{O}_{frac}=0.02$.

We can see from the figure that, in a perfect $CF{O}_{frac}$ estimation scenario, i.e., $CF{O}_r=0$, the average ER degrades progressively as $ST{O}_{frac}$ gets closer to 0.5. In the no AWGN case, $\langle ER\rangle$ is very good with $\langle ER\rangle \ge 0.87$ in the worst situation $ST{O}_{frac}=0.5$. Increasing the noise power progressively decreases $\langle ER\rangle$ performance with $\langle ER\rangle \le 0.15$ at $SN{R}_{dB}=-3$.

We can conclude that E only has synchronization capability for very high SNR environments, i.e., located very close to A or B for uplinks and downlinks, respectively. Interestingly, the $CF{O}_{frac}$ estimation residual produces a slightly better performance in no/very low AWGN conditions, i.e., $SN{R}_{dB}=\{\infty ,9,6\}$. With sufficiently low SNR, the noise finally overtakes this effect. Note that higher U values slightly reduce $\langle ER\rangle$ performance.

We also see that B has a perfect ER of 1 as the SNR value considered here is high with respect to the traditional SNR range ($SN{R}_{dB}<-8$ usually for $SF=7$) and then exhibits particularly good performance. Higher SNR values will exhibit identical performance and are not shown for the sake of figure clarity.

7.4. Legitimate Receiver SER Performance

Finally, we evaluate the legitimate receiver SER performance with a fully activated self-jamming scheme, i.e., modified preamble with complete synchronization and a modified cross-correlation method to demodulate payload symbols. The preamble is supposed to be detected already.

Figure 13 presents the SER performance of the legitimate receiver as a function of $SN{R}_{dB}=\{-15,-14,\dots ,-6\}$ for several $U=\{8,10,12,14,20\}$ and $SF=7$. We also add the maximum performance reachable as the perfectly synchronized case with no self-jamming, i.e., $U=1$.

We can see from the figure that $U=\{8,10\}$ exhibit very good performance with a loss lower than 0.5 dB. Increasing U progressively degrades performance with a loss of about 3 dB for $U=20$. This can be explained by the fact that the legacy cross-correlation is still used in the synchronization front-end with its U sensitivity (see Section 6), but also because of $CF{O}_{frac}$ estimator limitation. If the preamble DFT peaks are too low, i.e., $U\ge 12$, $CF{O}_{frac}$ will not be correctly estimated in a relatively high SNR. That is, the preamble DFT averaging performed straight afterwards will not perform well; $CF{O}_{int}$ and $ST{O}_{int}$ will then be incorrectly estimated, leading to a payload demodulation error. However, the $U\le 10$ value is more than sufficient to prevent E from correct demodulating, as explained in the next section.

7.5. E Blind Payload Demodulation Ability

In this subsection, we investigate the ability of E to blindly estimate the payload symbols with the modified payload waveform scheme (see Section 6). We assume that E passed the synchronization front-end successfully with the advantageous but restrained conditions $SN{R}_{dB}\ge 6$ and $CFO<1$ with low $CF{O}_{frac}$ residual, as seen in Section 7.3. Since $m_{data}^{\left(d\right)}$ is unknown by E, the latter can only randomly choose one of the DFT magnitude bins that are above a given threshold ${\rho }_{data}^{\left(d\right)}$:

$${\rho }_{data}^{\left(d\right)}={\lambda }_{data}\times \underset{n}{max}\left|{\tilde{S}}_{data}^{\left(d\right)}\left[n\right]\right|,{\lambda }_{data}\in ]0;1]$$

(57)

with $|{\tilde{S}}_{data}^{\left(d\right)}\left[n\right]|$ the DFT magnitude of the d-th payload symbol $a_{data}^{\left(d\right)}$. The set of selected DFT bins and its length are denoted with ${\mathcal{A}}_{data}$ and $\widehat{U}=\left|{\mathcal{A}}_{data}\right|$, respectively. For a chance for E to detect correctly $a_{data}^{\left(d\right)}$, the latter must be in ${\mathcal{A}}_{data}$. We denote the probability that $a_{data}^{\left(d\right)}\notin {\mathcal{A}}_{data}$ as $p_{{\mathcal{A}}_{data}}$. This necessary condition depends on the ${\lambda }_{data}$ value that also drives $\widehat{U}$. Then, ${\lambda }_{data}$ must be chosen appropriately.

Figure 14 presents the impact of ${\lambda }_{data}$ on average $\widehat{U}$ (denoted as $\langle \widehat{U}\rangle$) and $p_{{\mathcal{A}}_{data}}$, respectively. We consider $U=8$ (a value giving very good SER performance for the legitimate receiver, as seen in Section 7.4), $SN{R}_{dB}=\{6,7,8,9\}$, $CFO<1$ with $CFO$ estimation residual $CF{O}_r=0.02$ and random $ST{O}_{frac}\in \{0,0.1,0.2,0.8,0.9\}$. These $ST{O}_{frac}$ values are the range in which E exhibits very good $ST{O}_{int}$ ER performance, as seen in Figure 12. In the simulation, E blindly estimates $ST{O}_{int}\in [0;M-2]$ with the scheme presented in Section 5, and next performs the extraction of the DFT peaks with ${\lambda }_E$ threshold to estimate $ST{O}_{frac}$. The estimated STO is compensated and E can finally proceed to the payload section of the frame.

From Figure 14a,b, we can see that setting ${\lambda }_{data}=0.1$ leads to very low $p_{{\mathcal{A}}_{data}}$ as most of the DFT bins are selected, leading to a very high $\langle \widehat{U}\rangle \approx 70$ at $SN{R}_{dB}=6$. Increasing ${\lambda }_{data}$ up to 0.3 decreases $\langle \widehat{U}\rangle$ a great deal to reach a floor level $\langle \widehat{U}\rangle \approx U=8$. Interestingly, $0.2\le {\lambda }_{data}\le 0.7$ does not impact $p_{{\mathcal{A}}_{data}}$ so much with $0.02\le p_{{\mathcal{A}}_{data}}<0.1$. ${\lambda }_{data}>0.7$ exhibits relatively high $p_{{\mathcal{A}}_{data}}$ up to ≈0.6 because of the benefit of a reduced $\langle \widehat{U}\rangle \approx 4.57$ at ${\lambda }_{data}=0.9$ and $SN{R}_{dB}=6$. In this example, ${\lambda }_{data}=0.3$ is a good value to ensure high payload symbol capture in the DFT window of interest, i.e., $a_{data}^{\left(d\right)}\in {\mathcal{A}}_{data}$ and $\langle \widehat{U}\rangle \approx U$.

Nevertheless, the demodulation brute-force complexity for E is still prohibitively high. If we consider $\langle \widehat{U}\rangle =U$, assuming that $a_{data}^{\left(d\right)}$ is always in ${\mathcal{A}}_{data}$, i.e., $p_{{\mathcal{A}}_{data}}=0$, and payload symbols number $N_d$ in the frame, this leads to the frame demodulation probability (FDP) of:

$$FDP=\frac{1}{U^{N_d}}$$

(58)

For $U=8$ and $N_d=100$, we have $U^{N_d}\approx 2.037\times {10}^{90}$ combinations and $FDP\approx 4.909\times {10}^{-90}$. At an optimistic speed of ${10}^9$ combination trials per second, this would require $6.455\times {10}^{73}$ years of trials. Therefore, it prevents E from efficient correct demodulation.

8. Conclusions

In this paper, we introduced an enhanced LoRa transceiver that ensures discrete and secure communications by leveraging a simple and elegant spread spectrum philosophy. This involved first modifying the preamble LoRa waveforms to prevent eavesdropper synchronization leading to incorrect payload demodulation.

We proposed a modified synchronization scheme based on current state-of-the-art techniques that estimates and mitigates the major synchronization impairments, such as the CFO, SFO and STO. We added a synchronization refinement by considering the pessimistic case $ST{O}_{frac}\approx 0.5$, previously identified in [23], and proposed an approach based on a statistical test.

We also adopted the point of view of the eavesdropper by developing a blind $ST{O}_{int}$ estimation scheme. It exhibits good estimation performance provided that the SNR is much higher than the standard LoRa SNR range, the CFO is low and the received signal is well-aligned with sampling periods. Under these conditions, the eavesdropper is able to perform effective synchronization and finally retrieves the payload information. That is, modification of the preamble waveforms is necessary but not sufficient to ensure a discrete communication.

We then introduced the same modified waveform scheme to the payload but with a modified cross-correlation demodulation scheme to reduce the negative effects of the presence of multiple peaks in the LoRa DFT when using the LoRa legacy cross-correlation, at the cost of increased complexity for the legitimate receiver but much lower than that of the eavesdropper for an arbitrary small frame demodulation error. With the complete transmission scheme enabled, the SER performance loss for the legitimate receiver is less than 0.5 dB for a frequency spread factor up to $U=10$ at $SF=7$.

Table 6. Advantages and drawbacks of the LoRa self-jamming scheme.

Advantages
Enables more discrete LoRa communications
Hides sensitive information from eavesdroppers
Makes design parameter collection difficult for eavesdroppers
Drawbacks
Higher implementation complexity
Reasonably small SER performance loss
Software modifications required on existing LoRa transceivers

summarizes the advantages and drawbacks of our LoRa self-jamming scheme. The main contribution of this scheme compared to other schemes described in the literature is the enablement of both discrete and private LoRa communications by considerably decreasing the eavesdropper’s ability to correctly identify an outgoing LoRa transmission and preventing them from proper demodulation. The potential eavesdropper will also have great difficulty in blindly synchronizing itself and collectingthe most critical system design parameters, i.e., (U, ${\mathbf{m}}_U$, etc.) will only be possible with brute-force approaches. The proposed scheme is, however, not perfect and all of the advantages described are at the cost of higher implementation complexity and SER performance loss that is, however, reasonably small.

Note that this scheme does not interfere with other LoRa physical processing such as coding (e.g., Hamming and Gray coding), whitening and interleaving processes, or with the application layers, such as higher-level encryption mechanisms and LoRaWAN architecture.

From a practical implantation perspective, this scheme would require, at minimum, software modifications of existing LoRa transceivers having higher capabilities (higher computation and memory resources). This scheme may not be suitable for all applications but rather may be used for specific applications (e.g., securing a military area) where complexity constraints are not a priority but the preservation of good AWGN LoRa resilience is desired.

This analytic investigation has generated promising results for a LoRa self-jamming scheme with an adapted synchronization procedure that capitalizes on state-of-the-art LoRa synchronization algorithms. In [22], the authors evaluated the $CF{O}_{frac}$, $CF{O}_{int}$ and $ST{O}_{int}$ estimators, as well as a variant of our $ST{O}_{frac}$ estimator with universal software radio peripheral (USRP) equipment, and obtained good synchronization performances.

However, this scheme needs to be assessed on real-world equipment. It will be of interest to evaluate the impact of this modified waveform on the different components of the hardware front-end. For example, as this scheme adds multiple LoRa waveforms that are not necessarily coherent with each other, it may result in an increase in the peak-to-average power ratio (PAPR) and, thus, lower the performance. This may be investigated, offering interesting research opportunities for the design of modified LoRa self-jamming waveforms that can mitigate potential PAPR increase.