Wireless LAN integration into a mobile phone

by

Eduard Kuusmik

Masters Thesis

Department of Signals and Systems

Chalmers University of Technology
Gteborg, Sweden

Conducted at Elcoteq Design Center Oy

Salo, Finland

Examiner and supervisor: Prof. Arne Svensson

Supervisor at Elcoteq Design Center: Tommi Lehtonen, M.Sc

EX057/2004

September 2004
ACKNOWLEDGEMENTS

I deeply acknowledge Alfred Ots foundation for the scholarship, which gave me
an opportunity to study in Masters program at Chalmers University of
Technology. I am grateful to Mr. Tommi Lehtonen, CTO of Elcoteq Design
Center, for providing with an opportunity to do this thesis work. I also want to
thank Prof. Arne Svensson for being my examiner.

2
ABSTRACT

This thesis report is a technical prestudy on integrating the 802.11 WLAN

technology into a mobile phone. An overview of 802.11 standards and
technology is presented. The need and possible usage scenarios for 802.11 in
a mobile phone are discussed. Basic guidelines for evaluation of 802.11
solutions and integration of the 802.11 technology into a mobile phone are
presented. The prestudy shows that the integration of the 802.11 technology
into a mobile phone is a logical and useful development as this technology
brings new benefits for users, specifically lower cost and higher data rates and
is rather complementary than competing with the current and emerging mobile
phone technologies. However, the requirements for the 802.11 system in a
mobile phone, such as size, power consumption, coexistence with other
wireless subsystems, environmental and other requirements, are unique and
not every 802.11 solution on the market can meet those requirements.

Keywords: WLAN, IEEE 802.11, mobile phone.

3
TABLE OF CONTENTS

ACKNOWLEDGEMENTS ...........................................................................................................2

ABSTRACT .................................................................................................................................3

TABLE OF CONTENTS ..............................................................................................................4

GLOSSARY OF ACRONYMS.....................................................................................................6

1 INTRODUCTION ................................................................................................................8
1.1 Structure of the thesis ...............................................................................................9

2 IEEE 802.11 STANDARDS OVERVIEW .........................................................................10

2.1 Network architecture ...............................................................................................11
2.2 Physical layer ..........................................................................................................13
2.3 Physical layer extensions........................................................................................15
2.3.1 802.11b 15
2.3.2 802.11a 15
2.3.3 802.11g 16
2.3.4 802.11n 17
2.4 MAC layer and MAC layer extensions ....................................................................17
2.4.1 Beaconing 17
2.4.2 Frame exchange 17
2.4.3 Frame format 17
2.4.4 Multiple access 18
2.4.5 Power management 19
2.4.6 Transmit power control and dynamic frequency selection, 802.11h 20
2.4.7 QoS, 802.11e 20
2.4.8 Security, 802.11i 20
2.5 Other miscellaneous 802.11 standards...................................................................22

3 802.11 IN A MOBILE PHONE .........................................................................................23

3.1 Wireless technologies in a mobile phone................................................................23
3.2 802.11 and the current mobile phone technologies ................................................23
3.3 802.11 applications and usage scenarios ...............................................................25
3.4 Emerging technologies targeting mobile phones ....................................................28
3.5 Conclusions.............................................................................................................28

4 SYSTEM ARCHITECTURE .............................................................................................30

4.1 802.11 module ........................................................................................................30
4.1.1 802.11 module architecture 30
4.1.2 Physical implementation and integration trends 32
4.2 Raptor phone ..........................................................................................................33
4.3 System architecture for 802.11 integrated into the Raptor phone...........................34

5 INTEGRATION PROCESS ..............................................................................................36

5.1 802.11 solution selection.........................................................................................37
5.2 Hardware development ...........................................................................................37

4
 5.3 Software development ............................................................................................37
5.4 Design verification...................................................................................................37

6 WLAN INTEGRATION ISSUES.......................................................................................39

6.1 Size and weight.......................................................................................................39
6.2 Operational voltage .................................................................................................39
6.3 Host interface ..........................................................................................................39
6.4 IEEE 802.11 standard compliance..........................................................................40
6.5 Environmental conditions ........................................................................................40
6.6 Power consumption.................................................................................................40
6.6.1 Power consumption of the mobile phone 41
6.6.2 Power consumption of the 802.11 module 41
6.6.3 The overall power consumption measurements 43
6.7 Performance............................................................................................................46
6.7.1 Factors influencing performance 46
6.7.2 Performance testing 50
6.8 Radio compatibility ..................................................................................................54
6.8.1 802.11b/g and Bluetooth coexistence 55
6.8.2 802.11b/g and PCS coexistence 57
6.9 Antenna design .......................................................................................................60
6.9.1 Antenna polarization 61
6.9.2 Antenna diversity 61
6.10 802.11 module placement.......................................................................................65
6.11 Software aspects.....................................................................................................66
6.11.1 802.11 driver issues 66
6.11.2 Test software 67
6.11.3 Security issues 67
6.12 Certification .............................................................................................................67
6.12.1 Regulatory approval 67
6.12.2 Wi-Fi certification 68
6.13 Manufacturing .........................................................................................................68
6.14 Price ........................................................................................................................68
6.15 Which 802.11 standard to chose a, b, or g? .................................................69
6.16 Integration path .......................................................................................................70

7 CONCLUSIONS ...............................................................................................................72

8 FURTHER WORK ............................................................................................................72

REFERENCES ..........................................................................................................................73

APPENDIX A.............................................................................................................................76

5
GLOSSARY OF ACRONYMS

AES Advanced Encryption Standard

AP Access Point
BER Bit Error Rate
BOM Bill of Materials
BSS Basic Service Set
BT Bluetooth
CCK Complementary Code Keying
CDMA Code Division Multiple Access
CMOS Complementary Metal-Oxide Semiconductor
CRC Cyclic Redundancy Check
CSMA/CS Carrier Sense Multiple Access with Collision Avoidance
CTS Clear-to-Send
DBPSK Differential binary phase shift keying
DCF Distributed Coordination Function
DCS Digital Cellular System
DQPSK Differential quadrature phase shift keying
DSSS Direct Sequence Spreading Spectrum
EDCF Enhanced DCF
EEPROM Electrically Erasable Programmable Read Only Memory
EIRP Equivalent Isotropically Radiated Power
EMC Electromagnetic Compatibility
ESS Extended Service Set
FHSS Frequency Hopping Spreading Spectrum
GPRS General Packet Radio Service
GPS Global Positioning System
GSM Global System for Mobile Communications
HSDPA High Speed Downlink Packet Access
HW Hardware
IEEE Institute of Electrical and Electronics Engineers
IP Internet Protocol
IrDA Infrared Data Association
Industrial Science Medicine, refers to 2.4 GHz unlicensed frequency
ISM
band
ISO International Standard Organization
LLC Logical Link Control

6
LNA Low Noise Amplifier
MAC Media Access Control
OFDM Orthogonal Frequency Division Multiplexing
OS Operating System
OSI Open System Interconnection
PA Power Amplifier
PC Personal Computer
PCB Printed Circuit Board
PCF Point Coordination Function
PCS Personal Communication Services
PDA Personal Digital Assistant
QoS Quality of Service
RAM Random Access Memory
ROM Read Only Memory
RTS Ready-to-Send
SAW Surface Acoustic Waves
SDR Software Defined Radio
SNR Signal-to-Noise Ratio
SPI Serial Peripheral Interface
SW Software
TCP Transport Control Protocol
TKIP Temporal Key Integrity Protocol
UDP User Datagram Protocol
Unlicensed National Information Infrastructure, refers to 5 GHz
UNII
unlicensed frequency band
USB Universal Serial Bus
UWB Ultra Wide Band
VPN Virtual Private Network
VSWR Voltage Standing Wave Ratio
WCDMA Wideband CDMA
WEP Wired Equivalent Privacy
WLAN Wireless Local Area Network
WMAN Wireless Metropolitan Area Network
WPAN Wireless Personal Area Network
WWAN Wireless Wide Area Network

7
1 INTRODUCTION

The market of WLAN equipment based on the IEEE 802.11 standards has
grown enormously in recent years. Cost benefits, high data rates,
standardization, interoperability and strong worldwide support by industry are
resulting in broad deployment of this technology across enterprises, homes,
and service providers. Current 802.11 applications include laptop and desktop
computers, personal digital assistances (PDAs), consumer electronics, and
devices interconnecting WLAN and wired networks (access points, routers,
gateways). Mobile phones are seen by many market analysts as one of the
largest potential markets for 802.11 WLAN. For example, TechKnowledge
Strategies [1] forecasted 25 millions of mobile phones with WLAN capability in
2007, corresponding to about 17% market share of the total WLAN equipment
market in 2007.

In order to be better prepared for this emerging market, Elcoteq Design Center,
a subcontracting company offering wireless terminals design and development
services, has initiated a technical prestudy on integrating 802.11 WLAN into a
mobile phone. This prestudy was performed by the author and represented by
this thesis. The Raptor mobile phone, designed by Elcoteq Design Center, was
selected as a reference platform for this project. The Raptor phone is a triple
band GSM/DCS/PCS smartphone platform with GPRS, IrDA, GPS, and
Bluetooth capabilities and Symbian 7.0 operating system.

The main objectives of this thesis were as follows:

Gain knowledge about WLAN standards and technology and investigate

how this technology suits mobile phones

Propose system architecture for the implementation of 802.11 in the

Raptor phone

Make basic guidelines on how to evaluate 802.11 WLAN solutions, to

discern which one will be most suited to the Raptor phone, and how to
integrate 802.11 WLAN into the Raptor phone.

8
1.1 Structure of the thesis

Chapter 2 provides an overview of the IEEE 802.11 standards.

Chapter 3 discusses the need and possible usage scenarios for 802.11 in a
mobile phone.

Chapter 4 describes the system architecture for 802.11 integrated into the
Raptor phone.

Chapter 5 describes how a complete 802.11 integration process falls in place.

Chapter 6 presents the main issues to consider in the evaluation of 802.11

solutions, in order to discern which one will be most suited to the Raptor phone,
and in the integration of 802.11 into the Raptor phone.

9
2 IEEE 802.11 STANDARDS OVERVIEW

IEEE 802.11 [2] is a standard for WLANs designed to provide high-speed data
communication between portable devices. It is intended to allow flexible
wireless networks to be created within local area without the need for the wired
infrastructure and it can be used as an extension of a wired LANs. As any IEEE
802.x standard, for instance 802.3 (Ethernet) and 802.5 (Token Ring) standards
for wired LANs, the 802.11 standard defines both the physical layer and the
Medium Access Control (MAC) layer. As shown in Figure 1, the 802.11
standard together with the IEEE 802.2 standard [3] defines two lowest layers of
the well-known seven-layer ISO Open System Interconnection (OSI) networking
model the physical layer and the data link layer. The IEEE 802.2 standard
defines the Logical Link Control (LLC) layer, which is common for the 802.x
family of standards.

The IEEE 802.11 standard was adopted in 1997. Since then, several
extensions to the standard have been developed, and more are emerging. The
complete family of the current and emerging 802.11 standards is listed in Table
1. This section provides an overview of the original 802.11 standard and its
extensions.

OSI IEEE 802 LAN & MAN

Reference Model Reference Model

Application

Presentation
Upper
Session Layer
Protocols
Transport
Scope of
802.2
Network LLC

Data Link MAC

Scope of
Physical Physical 802.11

Medium Medium

Figure 1. IEEE 802.11 standard and OSI reference model. Adapted from [3]

10
 Standard Description Status
802.11 Original standard Completed
802.11a Physical layer, 54 Mbps, 5 GHz Completed
802.11b Physical layer, 11 Mbps, 2.4 GHz Completed
802.11c Access Point bridging Completed
802.11d Regulatory extensions Completed
802.11e Quality of Service Estimated completion in 2004
802.11f Inter Access Point roaming Completed
802.11g Physical layer, 54 Mbps, 2.4 GHz Completed
Transmit power control, Dynamic
802.11h Completed
frequency selection
802.11i Enhanced security Completed
802.11j Japanese regulatory extensions Estimated completion in 2004
802.11k Radio resource measurement Ongoing
802.11m Maintenance Ongoing
Physical layer, high throughput study Estimated completion in 2006-
802.11n
group 100+ Mbps 2007
Table 1. Summary of IEEE 802.11 standards

2.1 Network architecture

The station is the most basic element of the 802.11 WLANs. A station is any
device that contains the functionality of the 802.11 protocol. The basic service
set (BSS) is the basic building block of 802.11 WLAN and consists of two or
more stations. Figure 2 illustrates the concept of the BSS when applied to two
types of networks defined in the IEEE 802.11 standard: independent and
infrastructure. The ovals used to depict a BSS illustrate the coverage area
within which the member stations of the BSS may remain in communication.
The Independent BSS, often referred as an ad-hoc, is stand-alone self-
configuring network, providing direct communication between stations. The
Infrastructure BSS uses fixed location access points (AP) to provide
connectivity to stations.

Independent BSS Infrastructure BSS

Figure 2. Independent BSS and Infrastructure BSS

11
 Other ESS
networks, e.g. BSS #1
Internet

Distribution system

BSS #2
BSS #3

Figure 3. Extended service set (ESS)

In order to extend the operational range of a BSS, the 802.11 standard defines
an Extended Service Set (ESS), as illustrated in Figure 3. An ESS consists of
multiple BSS interconnected by distribution system, wired or wireless backbone
network. The 802.11 standard does not define the distribution system itself but
the distribution services only. ESS can be interconnected with other wired or
wireless networks, allowing stations within this ESS access to other networks
resources. Each BSS and ESS has its unique identification called BSSID and
ESSID respectively, which are required to implement addressing.

To join an Infrastructure BSS, a station must select an AP and associate with it.
The association service creates a mapping between the station and the AP that
can be provided to the distribution system. The station can then send and
receive messages via the associated AP. The dissociation service terminates
an existing connection. The reassociation service allows a station with an
established association with one certain AP to move its association to another
AP. A station uses the distribution service every time it sends MAC frames
across the distribution system. The integration service connects the 802.11
WLAN to other LANs, including one or more wired LANs or 802.11 WLANs. A
portal performs the integration service. The portal is an abstract architectural
concept that translates 802.11 frames to frames that may traverse another
network, and vice versa. The authentication service can be used by station to

12
 establish the identity of the other station. Also the privacy service is available,
preventing the contents of messages from being read by anyone other than the
intended recipient stations.

2.2 Physical layer

The 802.11 physical layer defines three basic transmission techniques: Direct
Sequence Spread Spectrum (DSSS), Frequency Hopping Spread Spectrum
(FHSS), and Diffuse Infrared. FHSS and Diffuse Infrared have received little
attention and were not used in extensions of 802.11 standard, hence will be
neglected in this thesis.

The DSSS 802.11 system is aimed for globally available unlicensed 2.4 GHz
band, known also as the band designated for the ISM (Industrial, Scientist and
Medical) applications. By supporting different power levels allowed by different
countries regulations, it became possible to develop a wireless LAN standard
that could be used on a global basis, which was the most important reason for
choosing this band.

Two physical layer data rates are defined: 2 Mbps and 1 Mbps. The data is
modulated using DQPSK and DBPSK for the 2 Mbps and 1 Mbps data rates
respectively. The 802.11 system changes data rates to match the radio channel
conditions. As a station moves further away from another station or if
interference source is present, the highest data rate may not provide reliable
transmission of data. To coupe with that, the 802.11 system decreases the data
rate, since lower rates are more tolerant to the noise and thus more reliable
than higher data rates. The 802.11 standard does not define the criteria to use
to decide which data rate to use. The standard only requires that all compliant
products must support all specified data rates for compatibility purpose.

To create a DSSS signal, the data symbol is multiplied with the spreading
sequence. The following 11-chip Barker code has been chosen as the
spreading sequence due to good autocorrelation properties and relatively short
length: +1, 1, +1, +1, 1, +1, +1, +1, 1, 1, 1. After spreading operation, the
bandwidth of the transmitted signal is increased by a factor of 11. This provides
a spreading gain of 10*log10(11)=10.4 dB against narrowband interference
signals and makes a DSSS signal appear as background noise to a
narrowband receiver. On the receiver side, the received data is correlated with
the spreading sequence to obtain the originally sent data. As every user in the
network uses the same spreading sequence, no multiple access (as opposite to
more complex CDMA technique) or security is provided in the 802.11 DSSS
system by means of the data spreading.

13
 The bandwidth of the transmitted signal is always about 22 MHz regardless of
the data rate. Therefore, the 2.4 GHz ISM band with bandwidth of 83.5 MHz
can accommodate up to three non-overlapping channels as shown in Figure 4.
The 802.11 standard defines totally fourteen partly overlapping channels in the
2.4 GHz ISM band.

Figure 5 shows the format of the DSSS physical layer frame. It starts with 128
synchronization bits that the receiver uses to detect the presence of the signal.
The 16-bit start delimiter is used for bit synchronization. The signal field
indicates the modulation that is to be used for transmission and reception of
payload data, 1 Mbps DBPSK or 2 Mbps DQPSK. The 8-bit service field is
reserved for future use. The 16-bit length field indicates the number of bytes in
the payload data. The CRC field, short for Cyclic Redundancy Check, is used
for error detection.

Channel 1 Channel 6 Channel 11

2.4000 GHz 2.4835 GHz

Figure 4. Three 802.11 non-overlapping channels in the 2.4 GHz ISM band

Header, 1 Mbps 1, 2 Mbps

Sync Start frame Signal Service Length CRC Payload data

delimiter (MAC frame)
128 bits 16 bits 8 bits 8 bits 16 bits 16 bits

Figure 5. 802.11 DSSS physical layer frame format. Adapted from [2]

14
 2.3 Physical layer extensions

2.3.1 802.11b

Ratified in 1999, the 802.11b standard [4] adds 5.5 Mbps and 11 Mbps data
rates to the original 1 Mbps and 2 Mbps 802.11 modes. Currently, 802.11b is
the most popular 802.11 technology.

The higher data rates are achieved by using complementary code keying (CCK)
DSSS technology. The CCK technology codes more data bits per 11 spread
bits, 4 bits and 8 bits for 5.5 Mbps and 11 Mbps respectively, than 1 or 2 bits in
the plain 802.11 standard while keeping the same bandwidth of the transmitted
signal. It does this by first using 8 bit spreading sequence instead of the original
11-bit sequence. However, this 8-bit sequence still runs at a rate of 11 Mbps,
which result in the same spreading factor of 11. Thus, the clock rate for data is
increased from 1 Mbps to 1.375 Mbps (8*1.375=11). The CCK encoding does
not use a static spreading sequence; six of the 8 bits are used to choose 1 of
64 complementary spreading codes. Different spreading codes are chosen
based on the incoming data. The same DQPSK is used to modulate spreaded
data.

Figure 6 shows the format of the physical layer frame. The frame header still
runs at 1 Mbps while payload data can run at four different rates depending on
the channel conditions.

Header, 1 Mbps 1, 2, 5.5, 11 Mbps

Sync Start frame Signal Service Length CRC Payload data

delimiter (MAC frame)
128 bits 16 bits 8 bits 8 bits 16 bits 16 bits

Figure 6. 802.11b physical layer frame format. Adapted from [4]

2.3.2 802.11a

The 802.11a standard [4], introduced at the same time as 802.11b, is intended
for the 5 GHz license-free UNII band and provides data rates up to 54 Mbps.
The 5 GHz band has an advantage of large bandwidth allocated for the
unlicensed operations. There are 455 MHz available (5.15 5.35 MHz and
5.470 5.725 MHz) for use by WLAN systems in Europe. This allows 19 non-
overlapping channels in the 5 GHz band versus 3 non-overlapping channels in
the 2.4 GHz band.

15
 The 802.11a is based on Orthogonal Frequency Division Multiplexing (OFDM)
modulation, which allows to achieve higher data rates within about the same
channel bandwidth as 802.11b. OFDM is a multicarrier transmission technique.
The OFDM signal consists of multiple subcarriers, each one being modulated
by a low rate data stream. Low rate data streams are formed by demultiplexing
one high data rate stream. Subcarriers are kept orthogonal, so data symbols
modulated on these subcarriers can be recovered without mutual interference.
Since the symbol rate on each subcarrier is slower than the original data rate,
the OFDM technique is particularly efficient in time dispersive environments.

The 802.11a OFDM signal consists of 52 carriers. Data is sent on 48 carriers

simultaneously, with 4 carriers used as pilots to aid in channel estimation at the
receiver. Forward error correction coding (convolutional coding) is used to
provide error detection and correction. Table 2 shows supported data rates.
Various data rates are provided by changing the redundancy in the error
correction coding and by changing modulation scheme.

2.3.3 802.11g

Adopted in 2003, the 802.11g [6] extension enables 54 Mbps data rates, the
same data rate as provided by the 802.11a standard, but now in the 2.4 GHz
band. This is achieved by using the same data rates and modulation formats as
used in the 802.11a standard. Additionally, the 802.11g standard is backward
compatible with the 802.11b standard, i.e. the 802.11b modulation formats and
data rates are supported.

Coded bits Coded bits Data bits

Data rate,
Modulation Coding rate per per OFDM per OFDM
Mbps
subcarrier symbol symbol
6 BPSK 1/2 1 48 24
9 BPSK 3/4 1 48 36
12 QPSK 1/2 2 96 48
18 QPSK 3/4 2 96 72
24 16-QAM 1/2 4 192 96
36 16-QAM 3/4 4 192 144
48 64-QAM 2/3 6 288 192
54 64-QAM 3/4 6 288 216

Table 2. 802.11a and 802.11g data rates and rate-dependent parameters.

Adapted from [3]

16
2.3.4 802.11n

The 802.11n is the next generation extension of the physical layer. It is

expected that 802.11n will support throughput (useful data rates) of over 100
Mbps. The standard is still in the earlier development phase. Among the
proposed approaches to provide such high data rates are smart antenna
technology, enhanced modulation, and increased channel bandwidth (using
both 2.4 and 5GHz bands). [7], [8].

2.4 MAC layer and MAC layer extensions

The main functions of the 802.11 MAC are following:

Beaconing and frame exchange at the MAC layer to deliver data

Frame formatting

Multiple access to the shared wireless medium

Power management

Quality of service (QoS)

Security

2.4.1 Beaconing

A beacon frame is sent periodically to synchronize the stations in the BSS and
to inform the stations of impending data. In an independent BSS, the
synchronization mechanism is distributed among the stations in the BSS. In an
infrastructure BSS, the AP is responsible for transmitting the bacon frames
regularly.

2.4.2 Frame exchange

About thirty types of frames are defined for the MAC to provide management
and information data exchange between the stations. All stations are required
to decode and react to the information in the MAC header of every frame they
receive. Since wireless medium is not as reliable as wired, the basic frame
exchange consists of two frames: the frame sent and the frame
acknowledgement. If the source does not receive the acknowledgement, the
source attempts to retransmit the frame.

2.4.3 Frame format

The basic MAC frame is shown in Figure 7. Some of the MAC packets do not
include all of the fields. Up to four addresses can be used depending on the

17
 frame type. For example, if two stations communicating with each other are
associated with different APs, then the MAC addresses of both APs and both
stations will be present in the four address fields. Addresses are 48-bit IEEE
802 MAC address (common address space is shared between 802.11 WLAN,
802.3 Ethernet and other 802.x LAN standards). Each station has its own
unique MAC address.

802.2 LLC LLC SNAP IP datagram

header header
3 bytes 5 bytes

802.11 MAC

Frame Duration / Address 1 Address 2 Address 3 Sequence Address 4 Frame body Frame Check
control ID control (payload data) (CRC)
2 bytes 2 bytes 6 bytes 6 bytes 6 bytes 2 bytes 6 bytes max 2312 bytes 2 bytes

Figure 7. 802.11 MAC frame format

2.4.4 Multiple access

Several multiple access mechanisms are defined in the standard to determine

when a station in a BSS is allowed to transmit and when it may be able to
receive data packets over the shared wireless medium. The basic access
method of 802.11 is Carrier Sense Multiple Access with Collision Avoidance
(CSMA/CA), which is defined as a part of the Distributed Coordination Function
(DCF) in the standard. DCF provides support for best-effort asynchronous data
transfer.

CSMA/CA is a "listen before talk" access mechanism. It relies on the physical

carrier sense form the Physical Layers and the virtual carrier sense
implemented in a special field of every frame to determine the state of the
medium. The CSMA/CA protocol avoids collisions among stations sharing the
same medium by utilizing a random backoff time. The period of time
immediately following a busy medium is the highest probability of collisions
occurring, especially under high utilization. The CSMA/CA scheme implements
a minimum time gap between frames from a given user. Once a frame has
been sent from a given transmitting station, that station must wait until the time
gap is up to try to transmit again. Once the time has passed, the station selects
a random amount of time (the backoff interval) to wait before "listening" again to
verify a clear channel on which to transmit. If the channel is still busy, another
backoff interval is selected that is less than the first. This process is repeated
until the waiting time approaches zero and the station is allowed to transmit.

An optional RTS/CTS handshake procedure is used to operate with CSMA/CA

to handle a problem referred to as a hidden terminal problem. This problem

18
 occurs when a receiving station is in range of two transmitting stations, which
are not in range of one another. In this case attempting to detect if the medium
is free does not necessarily work because two transmitting stations, which are
not in range of one another, can not detect one anothers transmissions. Thus,
the packets from two transmitting stations will collide at the receiving station. In
RTS/CTS technique instead of transmitting a data packet after waiting for a free
medium, a station transmits a short ready-to-send (RTS) packet to request the
use of the medium. If this succeeds, the receiver will quickly reply with a short
clear-to-send (CTS) packet. After the successful exchange of an RTS/CTS pair
the actual transmission takes place. This method allows hidden terminals to
hear either CTS or RTS packets. It also means that if packets do collide only a
short RTS or CTS packet is lost, which is preferable than to have collisions of
long data packets. For example, RTS is 20 bytes and CTS is 14 bytes, whereas
data packets can be up to 2300 bytes long. If this optional function is available
at a station it is enabled in one of three modes: always on, always off, or on for
packet sizes above a certain threshold.

The 802.11 standard defines one more optional media access protocol, called
as Point Coordination Function (PCF). The PCF uses a polling procedure to
provide connection-oriented contention-free service. This function is performed
by an AP, which polls stations within the BSS and allows them to transmit. In
this way, delay-sensitive packets such as voice or video can be given priority
over other data.

2.4.5 Power management

Power management is at great importance in battery-powered devices such as

mobile phones. The 802.11 standard specifies an optional power management
function. This function allows stations in a BSS to enter a low power mode of
operation while remain associated within the BSS. Because of difference in
operations between an Independent BSS and Infrastructure BSS, two
mechanisms for power management have been developed.

In an Individual BSS, power management is controlled by the mobile stations. It

is implemented through a beacon frame. The station in a low power mode is
required to wake up to receive every beacon frame and stay awake for a certain
period of time after each beacon for data reception. Sending stations buffer the
frames to be sent to the destination station in the low power mode until the
destination station awakens. No stations that send a bacon frame are allowed
to enter the power save mode until they receive a bacon frame from another
station within the BSS. This restriction ensures that there is at least one station
in the BSS that is in active mode and is able to process requested frames.

In an Infrastructure BSS, the power management mechanism is centralized in

the AP. It is implemented through frame exchange and specific information
transferred in the beacon frame. Transmitted by an AP, the beacon frame

19
 indicates whether a station has frames to receive. Stations are not required to
wake up for each beacon frame. A station is required to inform an AP when the
station enters a low power mode and the number of beacon frames the station
will remain in a low power mode.

2.4.6 Transmit power control and dynamic frequency selection, 802.11h

Recently adopted, the 802.11h extension allows WLANs to meet regulations

initially adopted by European countries for operation in the 5GHz band (later it
was adopted as a global requirement). The regulations call for WLANs to detect
the presence of radars, satellites and space research systems and then protect
them from interference by selecting another operating channel or reducing
transmit power. The 802.11h provides a standard method to avoid interference
by introducing two techniques: transmit power control and dynamic frequency
selection.

The transmit power control is a coordination mechanism in which stations

located in close proximity to access points would decrease their transmit power,
and stations located further away from access points would increase transmit
power. The mechanism allows to reduce the average transmit power across a
WLAN system, resulting in decreased interference level to other WLANs.

The dynamic frequency selection mechanism is intended to avoid interference

between WLANs or between a WLAN system and other radio systems, such as
radars. It does this by detecting the presence of other systems and switching to
the channel with the lowest interference level [10], [8].

2.4.7 QoS, 802.11e

The 802.11e task group is currently working on two main QoS issues: to
improve the efficiency of the MAC protocol and differentiation between different
types of data traffic. Efficiency is an important issue in 802.11. For instance, a
current 11 Mbps 802.11b device in the best case (two communicating devices
in close proximity to each other, no interference) can provide to the network
layer the throughput, the actual data rates of about 5 Mbps. The reason for this
is overheads in the MAC protocol. Differentiation will enable enhanced
multimedia and voice capabilities by giving higher priority for time-sensitive data
packets (video and audio streaming, VoIP) over general data packets whose
delivery time is less critical (e-mail, http, ftp).

2.4.8 Security, 802.11i

The recently ratified 802.11i security extension was probably the most awaited,
especially by enterprises, where security issues are at premium. Wireless
technologies release users from having to be physically attached to the

20
network, but using radio waves as a transmission medium makes wireless
networks susceptible to interceptions and attacks. The traffic can be captured at
any location as long as the signal reaches the receiver. The typical range of
802.11b/g APs is about 100 meters (indoor environment), which hackers can
extend well beyond 500 meters by using directional antennas. This enables so
call war driving or parking lot attack, where hackers can perform traffic
analysis and attacks in a car, by driving around or just by parking nearby.

802.11i is intended to fix the problems that are well known in the original 802.11
security protocol called Wired Equivalent Privacy (WEP) and address all known
attack. WEP is a single static symmetric shared key system in which 40-bit
(also called 64-bit) or 108-bit (also called 128-bit) encryption is applied to
packet transmissions. WEP was intended to protect wireless communication
from eavesdropping and prevent unauthorized access to a WLAN, so to make
WLAN communication as secure as wired LAN data transmission would be.
However, several security flaws have been found in the technique [13]. For
example, there are freely available tools to crack WEP keys, including AirSnort
[14] and Crack [15]. These applications perform statistical analyses on
encrypted packets to eventually determine the secret shared key. The current
implementations require about 500 Mbytes of data before the secret key can be
successfully derived.

The 802.11i standard can be viewed as consisting of three main parts. Two of
the parts are enhanced encryption algorithms in form of Temporal Key Integrity
Protocol (TKIP) and Advanced Encryption Standard (AES). Both of those
standards were specifically designed to fix the known flaws in WEP, with TKIP
being targeted at legacy equipment and AES as long-term replacement of
TKIP. Unlike TKIP, the encryption method based on AES was not designed for
backward compatibility. AES is considered state of the art in encryption
technology. It is stronger than TKIP and scales better to higher data speeds,
however requires significantly more computational power.

The third part is 802.1x-based authentication replacing the non-working 802.11

native WEP authentication. IEEE 802.1x [16] is a standard for network access
control at Data Link layer for both wired and wireless networks. It provides a
framework for user authentication and encryption key distribution, so it can be
used to restrict network access until the user has been authenticated by the
network. It is used in conjunction with one of the upper layer authentication
protocols, such as Extensible Authentication Protocol with Transport Layer
Security (EAP-TLS), supported natively in Windows XP to perform verification
of users and generation of encryption keys. Unlike WEP, 802.1x encryption
keys are unique for each session between an individual client and AP [10], [8],
[17].

21
2.5 Other miscellaneous 802.11 standards

802.11c Access Point Bridging. The 802.11c provides required information

to ensure proper bridge operation, for example to bridge Ethernet and 802.11
WLAN.

802.11d Regulatory Extensions. The usage of spectrum differs from country

to country. The 802.11d extension allows configuring the 802.11 products to be
conformant with worldwide regulations. Also the standard specifies a means for
the access point, which is configured to operate in a particular country, to
broadcast information about what the local regulatory environment is,
specifically which channels are legal in this regulatory domain and what
transmit power level is permitted.

802.11f Inter Access Point Roaming. This technology handles the

registration of APs within a network and the exchange of information when a
user is roaming among coverage areas supported by different vendors' APs. It
helps with fast hand-off from AP to AP.

802.11j Japanese Regulations. The 802.11j extension will allow operations

in new bands in Japan.

802.11k Radio resource measurement. The 802.11k is a manageability

extension. It will allow APs to request the client stations about the state of the
medium around them and report the state to some central point. Thus, the
information about the overall state of the network will be provided at the central
point.

802.11m Maintenance. The 802.11m is not really a standard as such. It is a

task group whose job is to provide interpretations of the standard.

22
3 802.11 IN A MOBILE PHONE

The purpose of this section is to discuss the need for 802.11 in a mobile phone.
This section provides comparison of the 802.11 technology with other wireless
technologies, such as widely adopted in mobile phones but also new emerging,
and describes possible usage scenarios for 802.11 in a mobile phone.

3.1 Wireless technologies in a mobile phone

Many wireless technologies destined for mobile phones have been developed,
and more standards are emerging. Table 3 provides comparison of the most
popular technologies (cellular systems are limited to implemented in Europe).
The technologies listed in Table 3 are divided into groups according to
distances they can cover:

Wireless personal area network (WPAN) covers personal operating

area

Wireless local area network (WLAN) covers buildings or campuses

Wireless metropolitan area network (WMAN) - covers city or county

Wireless wide area network (WWAN) - provides national or global

coverage

Satellite network - provides true global coverage

Figure 8 also shows a comparison of those technologies in terms of bit rate

versus range. If benefits of each technology are examined, it can be seen that
each technology has its strengths and weaknesses, making it more suitable for
specific type of application scenarios.

3.2 802.11 and the current mobile phone technologies

Compared to the cellular technologies, 802.11 has an advantage of much

higher data rates at lower costs. Against this, 802.11 is a short range
technology and provides low mobility (the specification stops at the MAC layer).
Hence, the coverage of the 802.11 WLANs is mainly limited to certain areas
such as homes, offices, universities, and public places (airports, hotels, coffee
houses, conventional centers, city centers, etc.) and will never provide the
ubiquitous coverage of cellular systems due to practical reasons. The low
service cost of 802.11 WLANs is mainly because of unlicensed radio spectrum
being used. However, there is a significant drawback in using unlicensed

23
 spectrum much lower signal quality compared to licensed spectrum. Thus
unlike cellular systems, one WLAN system can undergo interference from other
WLANs, wireless systems or devices, and regulatory bodies will not help to
solve such kind of situations in unlicensed radio spectrum unless interfering
systems and devices exceed regulatory requirements.

Compared to Bluetooth and IrDA, 802.11 has the advantage of longer range
and in most cases higher data rates, but cannot compete with those
technologies in terms of power consumption and price. Thus, Bluetooth and
IrDA domination as a cable replacement technology will not be affected by
802.11 on the market of accessories and low power peripherals, such as
wireless headsets.

Type of Technology Peak bit Coverage/ Freq. Associated Status

network rate range (GHz) relative
(Mbps) (meters) cost
Satellite GPS Location Global ~1,5 High Widely deployed
service
WWAN GSM/GPRS 0,115 Global ~0,9; High Widely deployed
(Cellular) ~1,8;
~1,9
EDGE 0,384 ~0,9; High Under deployment.
~1,8; Expected to be widely
~1,9 deployed in 2004-
2005
WCDMA, 2 uplink/ ~2; High Under deployment.
downlink; Expected to be widely
HSDPA 10 deployed in 2005-
downlink 2006
WMAN/ 802.20 >1 15000 - - Standard is under
WWAN development.
WMAN WiMAX / 15 5000 2-6 - Estimated to be
802.16e completed in 2005
WLAN 802.11b 11 100 ~2,4 Medium Widely deployed
802.11a 54 50 ~5 Medium Under deployment.
802.11g 54 100 ~2,4 Medium Under deployment.
802.11n >100 - - - Standard is under
development.
Estimated completion
in 2006-2007
WLAN/ UWB / >100 10 - 20 3,1 Low Standard is under
WPAN 802.15.3a 10,6 development.
Estimated completion
in 2004
WPAN Bluetooth 1.2 0,720 10 ~2,4 Low Widely deployed
IrDA 1.4 16 2 Optical, Very low Widely deployed
850 nm

Table 3. Comparison of wireless technologies

24
 WPAN WLAN WMAN & WWAN

1000

802.11n
Data rate [Mbps]

100 UWB
802.11a 802.11g

10 802.11b Wi-Max/802.16e
IrDA
802.20
1 3G
Bluetooth
EDGE
GPRS

10 100 1000 Global

Range [meters]

Figure 8. Comparison of wireless technologies in terms of bit rate versus range

3.3 802.11 applications and usage scenarios

The following list illustrates the range of applications that can be covered by
using 802.11 in a mobile phone:

Voice over IP (VoIP)

Web browsing

E-mail

Corporate intranet access

Messaging (instant messaging, SMS, MMS, etc)

Push-to-talk

File up/downloading

Audio and video streaming

PC synchronization and backup (diary, address book, files, etc)

25
 Multiplayer gaming

Positioning

The possible usage scenarios in a mobile phone come from the advantages of
802.11. Three most perspective scenarios from the author point of view are
described below. In the first scenario, the 802.11 mode can be used for fast and
low cost Internet connectivity and low cost VoIP calls wherever the mobile
phone is within coverage of 802.11 WLANs, for example at homes, enterprises,
and public places. Thus, the 802.11 phone will be as a low cost replacement for
traditional wired, cordless and DECT phones at homes and enterprises, and
also will provide data services and will allow to have low-cost connection at
public places. The cellular mode, providing lower data rates at higher cost but
having advantage of the ubiquitous coverage of cellular systems, will be
employed as soon as the mobile phone moves out of the 802.11 WLANs
coverage. In the simplest case, 802.11 WLANs and cellular networks will be
completely separated, thus users will have to select manually the network they
prefer. In more complicated cases, there will be internetworking between
802.11 WLAN and cellular networks, providing an increased level of service for
users. 3GPP, an organization developing technical specifications for a 3rd
Generation Mobile System based on evolved GSM, has defined six 3GPP-
WLAN internetworking scenarios with increased technical complexity [18]:

Common billing and customer care. This is the simplest internetworking

scheme where both networks remain completely separate. However, the
customer will receive one bill for use of both networks and will have a
single customer care relationship.

3GPP system based access control and charging. This is the scenario
where authentication, authorization and accounting are provided by the
3GPP system. The user data traffic will remains completely separate in
both networks.

Access to 3GPP system packet-switched based services. The goal of

this scenario is to provide the WLAN user with at least some of the
packet-switched services provided by 3GPP.

Service continuity. This scenario is about providing handover between

the systems for packet-switched services, but the handover does not
have to be seamless (changes in quality, delays and gaps are allowed)

Seamless services. The goal of this scenario is to provide seamless

handover between the systems for packet-switched services. No
noticeable interruption in the service is allowed.

Access to 3GPP circuit-switched services. This scenario will provide

WLAN users with seamless access to 3GPP circuit-switching services.

26
Additionally, many vendors are developing system solutions, which will allow
seamless handover between VoIP over 802.11 and GSM circuit switched voice.
One of the driving forces is that mobile operators have become involved into
this issue. This move of mobile operators would seem strange as one can think
that deployment of 802.11 WLANs will cut operators revenues. However, one
rationale for this is that operators will have possibility to use WLAN where it is
expensive for them to use traditional cellular networks to provide services
because of the expense of building additional infrastructure or buying additional
licensed spectrum.

The second possible scenario is a wireless access through 802.11 to the

following local services at public WLANs in airports, railway stations, trains,
ferryboats, etc.:

Information services. For example, in the case of railway stations and

airports this can be schedules or information about restaurants located
nearby (menu, prices, open hours)

Positioning services. For example, an interactive map can be provided

with the current location of the person, locations of the restaurants and
the best paths to get to those restaurants.

Tickets sale, check-in

Entertainment services (music, video, games)

The third possible scenario is cable replacement. As mobile phones memory

size and size of external memory cards is constantly increasing, 802.11 can be
used for faster wireless data transfer between a mobile phone and a laptop or
any other 802.11 devices. For example, to fully upload with data the 1 Gbytes
SDIO card, recently introduced by SanDisk, Bluetooth 1.2 will require about 3.5
hours, IrDA 1.4 about 12 minutes, and 802.11a or 802.11g about 4 minutes.
However, it should be noted that introduction of new high-speed cable
replacement technologies, such as UWB (see section 3.4) and based on this
technology Wireless USB standard (recently announced by Intel [47]), will most
likely limit 802.11 usage in this scenario. With target data rate of 480 Mbps,
Wireless USB will require about 20 seconds to upload with data a 1 Gbytes
memory card.

Generally, 802.11 has application to a broad range of types of mobile phones,

from a fairly basic phones that offer basic voice and data services through
middle-class phones that have such features as cameras, MP3 players, MMS
to smartphones. In basic phones 802.11 can be used for VoIP calls and simple
data applications while in higher-class phones it can be used for all applications
described earlier.

27
3.4 Emerging technologies targeting mobile phones

UWB / IEEE 802.15.3a [9]. 802.15.3a is a standard for WPANs. 802.15.3a

working group calls for the support of more than 10 meters distance with 110
Mbps, more than 4 meters with 200 Mbps, and over 480 Mbps speed (range
unspecified). The standards emphasis is on minimizing cost, complexity,
power consumption, and chip size. The standard is based on Ultrawideband
(UWB) technology, which provides ultra-high data rates by utilizing very wide
range of frequency spectrum (several GHz). In the United States, the systems
have been approved for use in the frequency band 3.1 GHz to 10.6 GHz with
the emitted power limit of 41 dBm/MHz. Approval in Europe and Asia is
expected soon. The power spectral density is kept very low (noise level) in
order to eliminate interference with other narrowband wireless systems working
in the same band, such as 802.11 WLAN, 802.16 WMAN and WWAN systems.
The publication of the standard is expected in 2004. UWB is a new strong
competitor to Bluetooth, and also could compete with 802.11 in some short-
range applications, such as cable replacement.

WiMAX / IEEE 802.16e [10]. The IEEE 802.16 standard was designed for fixed
broadband wireless access network. However, the new emerging extension
802.16e is targeting mobile users. 802.16e is expected to provide data rates of
up to 15 Mbps for mobile users traveling at speeds up to 150 km/h. The base
station coverage is up to 5 kilometers. The standard is primary targeting
operation both in licensed and unlicensed frequency bands between 2 GHz and
6 GHz. The publication of the standard is expected in 2005. The second name
for this technology, WiMAX, came from the name of WiMAX Forum [11].
WiMAX Forum, short for Worldwide Interoperability for Microwave Access, is
an organization promoting deployment of broadband wireless access networks
based on IEEE 802.16 standards and certifying interoperability of products and
technologies.

IEEE 802.20 [12]. The IEEE 802.20 group is developing an IP-data optimized
mobile technology for WMAN and WWAN in licensed frequency bands below
3.5 GHz. The technology is expected to provide data rates up to 1 Mbps for
mobile users traveling at speeds up to 250 km/h. The standard targets spectral
efficiencies, user data rates and number of active users higher than achieved
by existing systems. The standard is in development stage and the final
ratification is expected in about two-three years.

3.5 Conclusions

From the all discussed in this section it can be concluded that the integration of
802.11 into a mobile phone is a logical and useful development because it
brings new benefits for users, specifically lower cost and higher data rates, and
802.11 is rather complementary than competing with current mobile phone
technologies - cellular, Bluetooth and IrDA. 802.11 supports wide range of

28
applications and can be employed in a broad range of mobile phones from
basic phones to smartphones. The emerging wireless technologies most likely
will not compete with 802.11 as those technologies are oriented in most of the
cases for different applications and usage scenarios. Even if those technologies
will be able to compete with 802.11 in some applications, the competition will be
very hard because 802.11 is a mature and very widespread technology, with
significant infrastructure deployed and numerous client devices in use. Thus, if
some of the emerging technologies described in this section become very
successful, they most probably will have to coexist within 802.11 in a mobile
phone.

29
4 SYSTEM ARCHITECTURE

This section describes the system architecture for 802.11 integrated into the
Raptor phone. The 802.11 protocol is physically implemented as the 802.11
module and the hardware and the software supporting this module in the mobile
phone. First, overview of the 802.11 module is given. Then overview of the
Raptor phone is presented. The Raptor phone is a smartphone platform
selected for this thesis work as a reference platform for integration of 802.11.
Finally, the proposed architectural concept of 802.11 integrated into the Raptor
phone is presented.

4.1 802.11 module

4.1.1 802.11 module architecture

A basic block diagram of a typical 802.11 module is shown in Figure 9. The

module can be divided into five main sections: antenna system, RF/IF,
baseband processor, MAC controller and power manager.

The 802.11 module typically can support up to two antennas: one antenna is
used for transmission and reception and the other antenna is used for diversity
reception to improve performance in the presence of multipath distortions (see
section 6.9.2 for further information on diversity reception).

Control

Downconverter, Security
Filters, A/D module,
T/R and LNA AGC Barker, MAC
Diversity Amplifiers CCK, Accelerator QoS, etc
Host I/F
Switch, OFDM ----------------
Filters Upconverter, Host I/F
PA Filters, D/A MAC
Processor controller
Amplifiers

Frequency Memory Memory Power

Synthesizer controller manager

RF/IF Baseband MAC

Figure 9. Basic architecture of an 802.11 module

30
The RF/IF is the analog portion of the transceiver. This includes the antenna
switches (transmission/reception and diversity reception), RF filters, RF low
noise amplifier (LNA), automatic gain control (AGC), RF power amplifier (PA),
RF power pre-amplifier with variable gain, frequency synthesizer, down/up-
converters, baseband amplifiers and filters.

There are two main techniques implemented for down- and up-conversion:
super-heterodyne and direct conversion. In the super-heterodyne technique,
the received signal is first converted to intermediate frequency (IF), then filtered
by using SAW filters to reject out-of-channel interference and achieve high
sensitivity and selectivity. The super-heterodyne receiver provides better
performance, however with the need for off-chip SAW filters in combination with
additional IF circuitry. Since SAW filters are fabricated using different material
technology, they cannot be integrated with the transceiver IC. The direct
conversion approach is used by many chipset vendors to eliminate expensive
SAW filters and IF circuitry. In this approach, the RF signal is converted directly
to the baseband frequency and then filtered by using low pass filters. Since
there is no IF stage, the direct conversion technique also is called as Zero-IF.
The direct conversation does not provide the same robust performance as the
super-heterodyne technique, however the direct conversation is simpler and
enables more cost efficient and smaller size solution. In addition, the
performance of direct conversation transceivers is continuously improving.

The baseband processor performs digital processing of receive and transmit

signals. In the receive mode, this unit accepts the digitized data from A/D
converter and then demodulates (Barker DSSS, CCK, or OFDM with
corresponding PSK, QPSK, QAM modulation schemes see section 2.3) and
converts the data into MAC frames. In the transmit mode, the baseband
processor receives MAC frames from the MAC controller, converts those
frames into physical frames, modulates and sends digitized signal to D/A
converter to be delivered to the RF/IF part as an analog signal. The baseband
processor also implements such functions as channel estimation, equalization,
and RAKE receiver to cope with the wireless channel non-idealities.

The MAC controller consists of the processor, memory with memory controller,
host interface controller, and various hardware accelerators. The memory is
used for the transmit/receive data buffering, MAC protocol operations, and for
the storage of the firmware, default configurations, transceiver calibration data,
and MAC address. Various combinations of different types of on-chip and off-
chip memory, such as RAM, ROM, Flash and EEPROM, are used by different
vendors to optimize the cost, size, and performance of the module. The
hardware accelerators perform time-sensitive or heavy computational MAC
functions such as such as checksum calculations, media sense, QoS,
encryption/decryption. The processor runs software that calls as firmware,
which does some time-tolerant MAC protocol functions, manages all other parts

31
 of the module and communicates with the host system. The MAC protocol
functions, which are not implemented in the hardware or firmware, are
performed by the modules driver running on the host device. On the receive
path, the MAC controller processes MAC frames according to MAC protocol,
extracts and sends the payload data to the host device through the host
interface (see section 6.3 for further information on the host interface). On the
transmit path, the reverse process is performed.

The power manager is responsible for power supply for all parts of the module
and implementation of power management schemes (see Section 6.6.2).
Operating power is obtained by the power manager from the host device
through the host interface.

4.1.2 Physical implementation and integration trends

Currently, 802.11 modules are typically implemented in form of two ICs and
some tens of off-chip discrete components. One IC usually includes the analog
radio and the other IC includes the baseband and MAC circuitry. However, as
integration level is constantly increasing, solutions with higher integration are
coming to the market. Thus, Broadcom recently has introduced a single chip, or
actually a single die 802.11b solution [20]. Atheros followed this trend and
introduced a single chip 802.11g solution [21]. Other vendors, targeting
handheld device market, also have single chip (or single die) 802.11b or
802.11g solutions on their roadmaps.

The situation is different with 802.11a. The popular low-cost CMOS technology,
which is commonly used for the digital baseband and MAC ICs, can still be
used at 2.4 GHz allowing a single chip solution. However, this technology does
not well suitable work at 5 GHz yet. More expensive process technologies, such
as SiGe (silicon germanium) and GaAs (gallium arsenide), are required for the
5 GHz radio to obtain good performance. When two different process
technologies are used, two separate chips or single chip with two stacked dies
can only be implemented, which results in increased size and price. Dual band
802.11a/b/g solutions have been predicted to become an important part of the
802.11 market, however higher cost, complexity, and power consumptions put
the dual band 802.11a/b/g solution only to the long-term roadmaps for the
handheld devices.

Another integration trend is represented by processors vendors such as Intel.

Their approach is to integrate the 802.11 baseband and MAC functions into the
host device processor. In this approach, the 802.11 module will be implemented
only as an analog radio chip (or several radio chips for multi-band 2.4 GHz and
5 GHz operations) directly connected to a host processor [8].

32
 Coexistence of multiple wireless technologies within single device drives the
integration further towards the software defined radio (SDR). In the SDR, which
is still under research, software controls a single transceiver and reconfigures it
to support various bands and standards, such as GSM, PCS, WCDMA,
802.11g, 802.11a, etc. [8], [22], [23].

4.2 Raptor phone

The Raptor mobile phone, designed by Elcoteq Design Center, was selected as
a reference platform for this thesis project. The Raptor phone is a triple band
GSM/DCS/PCS smartphone platform with GPRS, IrDA, GPS, and Bluetooth
capabilities and Symbian 7.0 operating system. A block diagram of the Raptor
smart phone is shown in Figure 10. The heart of the Raptor smart phone is an
application processor. The presence of the powerful application processor,
allowing to run reach multimedia applications, distinguishes smart-phone from
traditional mobile phone. The application processor runs Symbian operating
system, drivers, user interface, and applications. It manages all resources of
the phone and hosts communication subsystems. Raptors wireless
communication subsystems include triple band GSM/GPRS transceiver
(GSM900, DCS1800, PCS1900), Bluetooth, GPS, and IrDA.

GSM / GPRS Bluetooth GPS IrDA

3-band (GSM, PCS,
DCS) transceiver

GSM / GPRS Application Peripherals:

processor keyboard,
Controller
display,
camera,
SD/MMC
card,
Audio Memory external
Memory interfaces,
module
etc.

Figure 10. Raptor phone block diagram

33
4.3 System architecture for 802.11 integrated into the Raptor phone

The systems architecture for 802.11 integrated into the Raptor phone is shown
in Figure 11. The solution consists of the 802.11 module and the hardware and
the software in the mobile phone to host the module and to perform 802.11
operation.

The 802.11 module and the mobile phone, or to be more precise the MAC
controller and the mobile phones application processor, are connected through
the host interface. This interface allows the firmware running on the MAC
controller and controlling the 802.11 module to communicate with the software
running on the mobile phones application processor.

Application programs (Web browser, e-mail, video player, VoIP etc.), TCP/IP
networking stack, operating system, and drivers are running on the mobile
phones application processor and providing user with access to 802.11
WLANs services through the module. The application programs interact with
the TCP/IP or UDP/IP networking stack, depending whether connection-
oriented or connection-less networking services are required. The TCP/IP
stack is a part of Symbian OS 7.0 [34].

The OS uses the driver to interface the 802.11 module to the networking stack.
The driver can be separated into three parts:

Host interface driver. It manages the host interface

WLAN framework. The WLAN framework includes LLC sublayer and

some of the 802.11 hardware independent functionality.

802.11 module driver. The module driver is hardware dependent. It

manages the module by accessing registers in MAC controller, provides
interface for data transmission and reception for upper layer, and can
also implement some parts of the MAC protocol.

The host interface driver for standard interfaces (such as USB) and the 802.11
WLAN framework are embedded into the most types of modern operating
systems, including Symbian OS starting from version 7.0, allowing simpler
drivers and shorter development time.

34
 MOBILE PHONE OSI REFERENCE
MODEL
Application layer
Application Presentation layer
Session layer
TCP UDP Transport layer
IP OS Network layer
Ethernet & WLAN
framework Logical link
control
WLAN & host Processor &
(LLC)
interface driver memory sublayer

Data link layer

Host interface

Media access
Firmware MAC Memory control (MAC)
controller buffer sublayer

Antenna
Transceiver Baseband Physical layer
(analog) (digital)

WLAN MODULE
Control information flow
Data flow

Figure 11. Architectural concept of the 802.11 module integrated into the Raptor phone.
Seven-layer OSI model is shown on the right side as reference.

35
5 INTEGRATION PROCESS

This section describes how a complete 802.11 integration process falls in place.
Figure 12 shows the key stages of the integration process. In a high level
sense, the integration process includes four main areas: 802.11 solution
selection, hardware development, software development, and design
verification.

802.11 solutions
evaluation and 802.11 solution
selection selection

Circuit design PCB layout Proto-series

HW development

HW test

Functional test

Pre-certification
test

Certification
Design
verification

Volume
manufacturing

SW test

SW development SW build
and integration SW development

Figure 12. Key stages of the 802.11 integration process

36
5.1 802.11 solution selection

This area includes the evaluation of the various 802.11 solutions on the market
in order to select one or two solutions that will be most suited to the Raptor
phone. The major factors that should be considered during the evaluation
process are described in section 6. Additionally, some specific customer
requirements can affect the decision about 802.11 solutions to be used in the
Raptor phone.

5.2 Hardware development

There are three main steps for the hardware development: circuit design for the
embedded 802.11 module, PCB design, and proto-series. In the proto-series,
components are assembled to PCB and design change proposals are made in
order to improve manufacturability of the product.

5.3 Software development

There are two main areas in the software development: integration of the
802.11 modules driver (provided by the modules vendor) and development
and integration of higher-level software (such as TCP/IP stack and applications,
see section 4.3).

5.4 Design verification

The design verification for hardware and software is done separately and in
parallel. This will allow to avoid hardware and software defects to propagate
into the following testing and certification process and to make the development
time shorter.

The hardware test can be done by disconnecting the embedded 802.11 module
from the application processor and connecting it to the computer running
standard software provided by vendor, the same software that was used for the
stand-alone module evaluation. By doing various testing, the compliance within
the 802.11 and mobile phone specifications can be ensured and problems due
to the hardware integration can be identified and fixed separately from the
software bugs.

During the software test, the 802.11 driver and other software will be
downloaded into the mobile phone and the stand-alone 802.11 module will be
connected to the application processor. In this case, the software design and
debugging process will be independent from the hardware development
process.

37
After both the hardware and the software pass their tests, the functional test is
performed. During the functional test, the 802.11 driver will be downloaded into
the mobile phone. The embedded 802.11 module will be connected to and fully
controlled by the application processor. By doing various testing, the complete
compliance of the mobile phone with the 802.11 and mobile phone
specifications can be ensured.

GSM phones and 802.11 equipment has to pass various certifications before
they can be launched to the market as described in section 6.12. The pre-
certification test will allow to ensure that the mobile phone will pass the required
certifications. After the mobile phone pass pre-certification test, it can be
applied for the required certifications in the countries where it will be sold.

38
6 WLAN INTEGRATION ISSUES

This section describes the main issues to consider in the evaluation of 802.11
solutions, in order to discern which one will be most suited to the Raptor phone,
and in the integration of 802.11 into the Raptor phone.

6.1 Size and weight

Obviously, the 802.11 module must fit physically into the mobile phone,
preferably with as little modifications to mobile phone design and manufacturing
as possible. This strictly limits PCB space available for the 802.11 components.
The maximum available PCB space for the 802.11 components in a mobile
phone is usually less than 600 mm2. The weight issue is not a concern if only
the integrated 802.11 module will not require larger battery capacity.

6.2 Operational voltage

The nominal voltage of the Raptor phones battery is 3.6 V. The mobile phone
will go into the shut down mode when the voltage drops below 2.7 V. Therefore,
2.7 V is the minimum required voltage level at which the 802.11 module has to
remain fully operational.

6.3 Host interface

The host interface should provide required data transfer speed and be
compatible on both ends. USB, SPI, and SDIO interfaces are available in the
Raptor phone to interface the 802.11 module.

Universal Serial Bus (USB) [24] is an interconnect specification for high-speed

plug-and-play synchronous serial connectivity. USB 1.1 supports a maximum
data speed of 12Mbps, what is sufficient to support 802.11b, but is not enough
for 802.11a and 802.11g. USB 2.0 provides a 40-fold increase, reaching
speeds of 480 Mbps, which is fast enough to support 802.11a and 802.11g data
rates. USB 2.0 is backward compatible to USB 1.1.

Serial Peripheral Interface (SPI) is a general purpose synchronous serial

interface originally designed by Motorola, commonly found in various
microcontrollers in the market. Since SPI does not completely define a data
transfer protocol, but the physical link only, different implementations of SPI
exist. The maximum data transfer speed is defined by the maximum clock rate.

Secure Digital Input/Output (SDIO) [25] was designed to provide high-speed

data interface with low power consumption for mobile electronic devices. In the

39
 high-speed mode it provides a maximum data transfer speed of up to 100
Mbps, what is sufficient to support all current versions of the 802.11 standard.
The SDIO specification also includes SPI compatible communication mode.
SDIO is becoming very popular in mobile devices.

The choice depends on the available interfaces in the 802.11 module. It is

preferable that the chosen interface requires as little software (driver)
development as possible.

6.4 IEEE 802.11 standard compliance

The 802.11 module must fully comply with the all corresponding current IEEE
802.11 standards and extensions. In addition, the 802.11 modules vendor
should have a clear roadmap to support the coming 802.11 extensions (see
section 2), especially the 802.11e QoS and 802.11i security extensions.

6.5 Environmental conditions

The Raptor phone is designed to function reliably in normal outdoor

environments with the operating temperature range of -200 to +600C. Therefore,
the same requirement must be applied to the 802.11 module. This requirement
corresponds to the 802.11 standards temperature range Type 3 designated for
industrial environments. The behavior of the 802.11 module under different
temperatures is important to know and can be tested by using a climatic
chamber. The 802.11 module must also pass all the other environmental tests,
which are applied to mobile phones, such as humidity, vibration, tumble, etc.

6.6 Power consumption

Power consumption is a major design concern since mobile phones are battery-
powered devices. The power consumption increase due to the 802.11 operation
is required to be minimal in order to have as little impact on the recharge
interval, weight, and size of the battery as possible.

When the 802.11 module is added to the mobile phone, the overall power
consumption increases due to the following two reasons:

The additional power consumed by the 802.11 module itself

The additional power consumed by the rest of the mobile phone in

supporting the 802.11 module and running WLAN software and
applications

40
6.6.1 Power consumption of the mobile phone

Power consumption of the mobile phone due to 802.11 is mainly contributed

from the activity of the application processor, memory and host interface to
perform the 802.11 operation. Therefore, this power consumption can be
roughly estimated by knowing the load that the 802.11 module and the WLAN
software put on the application processor. The load is typically expressed in
millions of instructions per second (MIPS). The required MIPS figures are often
provided by the vendors of modules and software.

6.6.2 Power consumption of the 802.11 module

The following factors affect the power consumption of the 802.11 module:

Hardware design. This includes ICs design, PCB design, component

selection, etc.

Software design. This includes efficient implementation of the 802.11

operation

Specification. This includes requirements on transmit output power,

sensitivity, etc.

Transmit power control

Power management

Transmit power control is an important technique allowing to save batterys

energy. The direct impact of this technique is a decrease in the power
consumption in the transmit mode when two communicating 802.11 devices are
located in close proximity. The indirect impact is a decrease in the mutual
interference between collocated 802.11 WLANs. Lower interference level will
result in the reduced packet retransmissions due to errors, thus will result in
lower power consumption.

Power management is at great importance in battery-powered devices such as

mobile phones. While by doing the hardware and software optimization
essential power consumption reduction can be achieved, the most significant
results can be obtained by implementing strong power management - powering
down all the circuits that are not currently in use and clocking down all the
circuits that do not require full clock speed at this particular moment. Any
unused cycle is wasted battery life. However, too deep low power modes can
result in a decrease in the data transfer performance due to the increased
wake-up time.

The GSM specification was designed from the very beginning with power
management in mind and provides many features to help minimize GSM phone
power consumption. For example, in the idle mode a typical GSM phone is only
active for about 1% of the time. The rest of the time, only a 32kHz RTC crystal

41
and a counter are running [26]. The 802.11 standard provides optional power
management function that allows 802.11 stations to enter the low power mode
of operation while remain associated within the network (see section 2.4.5).
However, the 802.11 standard, originally conceived to provide wireless
connectivity for laptop computers, is not so focused on low power consumption
as the GSM standard. Therefore, many 802.11 chipset vendors are working on
proprietary aggressive power management solutions. The goal here is to
achieve as low power consumption as possible during all operational modes but
remain associated within the network and do not sacrifice data transfer
performance.

There are four operational modes that the 802.11 module can be in:

Idle. No activity is performed by the 802.11 module, so the module can

enter a low power mode

Listen. The 802.11 module is listening for the radio but is not passing
any data to the application processor

Receive. The 802.11 module is detecting, demodulating, and passing

data to the application processor

Transmit. The 802.11 module is getting data packets from the

application processor, modulates and sends those packets onto the air

The 802.11 chipsets vendors do not always provide the power consumption
information for all modes. In order to obtain those values, the dynamic current
consumption measurements can be performed, such as shown in Figure 13.
The measurements were performed by the author for an 802.11b sample
module. NGMO2 power supply from Rohde & Schwarz [27] was used for the
measurements. Power supply voltage was set to 3.3 V. The measurements
were done for four typical data transfer modes. Power save mode represents
the 802.11 low power mode (see section 2.4.5). The beacon period was set to
41 ms. Big file reception represents large file reception by 802.11 module.
Big file transmission represents large file transmission by 802.11 module.
Music streaming represents MP3 music streaming over 802.11 connection.

The dynamic current measurements also can be used to analyze the peak
current consumption. This is an important to analyze in order to determinate if
the mobile phones battery will be able to handle it together with the peak
current consumption of the other systems within the mobile phone. The GSM
transceiver causes the largest current consumption peaks in a mobile phone as
illustrated in Figure 14. If the total current consumption will exceed
predetermined threshold for a certain period of time, then the protection circuit
of the mobile phones battery will shut down the mobile phone.

42
 Additionally, the current consumption behavior and the functionality of the
802.11 module are worth to analyze under the minimum and the maximum
levels of the supply voltages and the environmental temperature.

The 802.11 transceiver is predicted to spend on average less than 1% of the

total time in transmit mode, about 13% in receive/listen mode, and the rest of
the time in idle mode [8]. Table 4 shows the current consumption values of the
different modes that are normalized with the time being spent in those modes. It
can be seen that the power consumption in idle mode is actually the most
critical one, followed by receive/listen mode. The power consumption in
transmit mode is only a small part of the overall power consumption. Therefore,
in order to avoid significant reduction in standby time of the mobile phone due
to integrated 802.11 the module current consumption in idle mode has to be
only a small fraction of that of the mobile phone (the author thinks that less than
20% is an acceptable value). For example, the integration of the 802.11 module
consuming about 30 mA in idle mode into the mobile phone that has battery
capacity 1500 mAh and the standby time 300 hours will reduce the overall
standby time down to 40 hours. This is very dramatic impact. Therefore, the
current consumption of the module in idle mode is required to be about 1 mA or
less.

6.6.3 The overall power consumption measurements

In order to precisely evaluate and compare the power consumption of the

various 802.11 solutions, the overall power consumption of the mobile phone
with the 802.11 module should be measured, for example as it is proposed in
[28]. In this method, the overall power consumption of the various usage
scenarios is measured, such as 802.11 low power mode, TCP uplink, TCP
downlink. The measurements are done over a long time in order to get the
consistent average value for every mode. These measurements actually reflect
the power consumptions of the different 802.11 operational modes as well as
how good power management is implemented, i.e. how long the module stays
in the low power mode. However, this type of measurements is difficult to
implement at the earlier evaluation phase because this requires 802.11
modules driver and measurement software to be ported into a mobile phone.

43
Figure 13. Dynamic current consumption measurements of an 802.11b sample module under
different usage scenarios

44
 Figure 14. Current consumption of a sample GSM phone in transmission mode

Mode Current Normalized Normalized % of the total

consumption time spent in current normalized
[mA] the mode consumption power
[mA*time consumption
unit]
Idle 30 0.86 25.8 55.7 %
Receive/Listen 130 0.13 16.9 36.5 %
Transmit 360 0.01 3.6 7.8 %
Total 1 46.3 100 %

Table 4. Current consumption values of different modes, normalized with the time spent in
those modes

45
 6.7 Performance

Nothing affects the product reputation as badly as bad user experience.

Therefore, the performance evaluation is a very important stage in evaluation
and integration of the 802.11 solution. The profile of throughput versus distance
between a station and an access point (AP) is used to quantify the overall
performance of 802.11 devices. Throughput is a measurement of the data rate
that can be sent between two users. As the distance between the station and
the AP increases, the probability of data errors will increase due to imperfect
radio medium, thereby forcing automatic retransmission of corrupted packets
and transition to more robust lower rate modulation schemes. This results in
gradual reduction in throughput as distance increases. A far point, beyond
which the station is no longer remain associated with the AP, defines maximum
usable distance called operating range. The 802.11 solutions that provide better
throughput and operating range are clearly more desirable.

6.7.1 Factors influencing performance

6.7.1.1 Protocols overhead

The IEEE 802.11 standard defines various raw data rates for different types of
physical layers, such as 1, 2, 5, and 11 Mbps for the 802.11b standard.
However, the actual throughput experienced by user is always less than the
physical layer data rates due to overheads introduced by the communication
protocols. Overhead can be defined as information and airtime used for
anything that is not data. Overhead in the 802.11 protocols includes:

Packet headers and checksums

Management packets, such as acknowledgements, flow and error

control

Multiple access

Encryption and authentication

Higher layer communication protocols, such as IP, TCP, UDP, etc., also add
their own overheads. The amount of overhead is different for various protocols.
Thus it should be noted, that care must be taken when the throughput values
are presented. The protocol level referred to, the protocols involved, and type of
data traffic being sent should be clear defined.

6.7.1.2 Radio channel

When the transmitted signal propagates to the receiver, it will become

attenuated and distorted due to the following major factors.

46
Path loss. As the transmitted radio waves propagate outwards spherically,
spreading energy over an ever-increasing area, very little part of the transmitted
energy reaches the receiver. This phenomenon is known as free space path
loss. The average free space path loss is depicted by

Pt G G 2
PL( d ) = 10 log = 10 log t r 2 (1)
Pr ( 4d )

where Pt is the transmitted power, Pr is the received power at the distance d

from the transmitter antenna, Gt is the transmitter antenna gain, Gr is the
receiver antenna gain, and is the wavelength.

The free space model assumes no obstacles between the transmitter and the
receiver. However, this is not the case for indoor and urban outdoor
environments, the most typical propagation environments for WLAN systems,
where numerous of physical obstructions that reflect, absorb, diffract, and
scatter the transmitted signal. Therefore the free space model in such
environments is relevant only for short distances of up to 1-2 meters. The
physical proprieties of the specific propagation environment are taken into
account by using a path loss exponent, n, that indicates the rate at which the
path loss increases with distance. Now, the path loss at some distance d is
depicted by

d
PL(d ) = PL(d 0 ) + 10n log (2)
d0

where d0 is the close-in reference distance for which free space path loss and
far field of the antenna conditions can be applied, and d is the transmitter and
receiver antennas separating distance. In free space, n is equal to two, and
when obstructions are present, n normally have a larger value.

By using formulas 1 and 2 it is straightforward to calculate raw data rate profiles

versus distance for the different versions of the 802.11 standard and
transceiver characteristics (transmit power and sensitivity), however there are
more factors to consider in practice.

Multipath fading. Reflection, diffraction, and scattering also result in the other
phenomenon, called multipath propagation, when multiple versions of the
transmitted signal, traveled along different paths, are combined at the receiving
antenna. The summation of many multipath components with random delays,
phases and amplitudes results in fluctuations of the received signal amplitude
as a function of location and frequency, referred to as multipath fading.
Multipath fading is crucial for the 802.11 WLANs as it produces a variable bit
error rate that may result in packets losses and even in interrupts of the
wireless link, even thought the received average SNR is well above the
required threshold.

47
 The relative motions of transmitter, receiver, and surrounding objects result in
time-varying fading. A mobile phone with the 802.11 WLAN will be typically
used at pedestrian speeds. However surrounding objects could have much
higher velocity. For example, cars are the high speed reflecting objects for the
802.11 device located on the street resulting in faster changes in the fading
pattern.

Several techniques can be employed additionally to the technology specified in

IEEE 802.11 standards in order to improve the system performance over
multipath channels. Antenna diversity, RAKE receiver, and equalization are the
most popular techniques. Those techniques have to be adaptive in order to
combat time-varying fading.

Polarization loss. The polarization loss occurs when the polarizations of the
signal and the receiving antenna are different. The polarization loss is
proportional to the cosine of the angle between polarizations of the signal and
the receiving antenna. Two major factors lead to the polarization losses:

Generally random orientation of a mobile phone in space

Reflections. After multiple random reflections, the polarization state of

the signal will be independent of the transmitted polarization [19]

Noise and interference. Noises and interference cause significant

performance problems for 802.11 devices. Firstly, since 802.11 devices operate
in unlicensed frequency bands, beside the conventional channel noises and
own noises of 802.11 devices, signals from a wide variety of other devices
operating in the same bands can cause interference. Among those devices are
other WLANs, Bluetooth, microwave ovens, wireless monitoring and security
systems, cordless telephones, RF tags, radars, medical and industrial
equipment, etc. The problem is becoming more significant as the popularity of
wireless technology is growing. Secondly, integration of a 802.11 WLAN into a
mobile phone, that has already several wireless systems, brings a whole new
set of mutual interference problems between systems, which are described in
section 6.8.

6.7.1.3 The vendor design

The 802.11 modules from different vendors have significantly different

performance due to variations in architecture and design. Here are the main
design aspects affecting performance:

Transmit power. Each countrys regulatory bodies (see Appendix A)

dictate the maximum allowed transmit power for the 802.11 WLAN
systems. For example, in Europe, maximum equivalent isotropically
radiated power (EIRP) is limited to 20 dBm in 2.4 GHz band. The
transmit power is also constrained by price and technical parameters of

48
 WLAN devices, such as power consumption, size, weight. In some
802.11 solutions, the provided maximum transmit power is lower than
actually allowed by regulatory requirements. This is mainly done in order
to decrease power consumption. However, as it is described in section
6.6, the transmit power does not affect much on the overall power
consumption by the 802.11 module. In fact, the reduced transmit power
may actually cause increase in power consumption. There will be link
quality degradation and more packets with errors due to the reduced
maximum transmit power. Retransmission of bad packets and switching
to the lower data rates (increased transmission time) will cause extra
power consumption. In addition, range and data rates will decrease
resulting in bad user experience. Instead of reducing the maximum
transmit power, the transmit power control should be used to decrease
power consumption (see section 6.6).

Sensitivity in the 802.11 standard is defined as the minimum input level

of the received signal at which the certain packet error rate occurs. The
commercially available modules often provide better sensitivity than
specified by the 802.11 standard. However, sensitivity specifications of
802.11 modules are given for the stand-alone module. Any integration
design will probably result in degradation in the sensitivity value as
specified for the module itself. Factors such as RF noise and high
temperature can badly affect sensitivity.

Interference rejection and blocking. These characteristics define how

sensitivity will decrease in the presence of interfering signals (see
section 6.8.2)

Antenna design (see section 6.9)

Technique to combat multipath. Sophisticated techniques yield gradual

reduction in throughput as distance increases in multipath environment,
whereas lack of the multipath mitigation techniques will results in the
throughput after several tens of meters in severe multipath environment.

MAC and security functions implementation. MAC and security functions

can be implemented in software or hardware. Implementation in
software is easy upgradeable, cheaper and has shorter time-to-market,
however may have dramatically reduced performance compared to the
implementation in hardware.

6.7.1.4 Vendor interoperability

Two 802.11 devices from the same vendor typically provide much better
performance than two devices from different vendors can achieve. There is no
certification available for throughput verification between 802.11 devices from
different vendors. Wi-Fi organization does interoperability certification, however

49
 this certification is optional and mainly verifies basic connectivity. Two Wi-Fi
certified products will interoperate with each other, however good performance
might not be achieved. 802.11 modules that provide good performance when
connected to a variety of different vendors devices are more preferred.

6.7.2 Performance testing

There is no standard benchmark available allowing to obtain the throughput

profile and to compare different 802.11 modules from various vendors. This
resulted in that every chipset vendor does own type of measurements, which
differs from other vendors measurements in equipment, software, environment,
and settings used for the measurements. Therefore, the performance statistics
provided by different vendors are typically not comparable.

Generally, the throughput profile can be obtained analytically or through

simulations. However, since many factors are involved and the chipset vendors
do not disclose their proprietary technologies, only simplified throughput profiles
can be obtained, such as calculated by using equations (1) and (2). The
simplified profiles are useful as the first step in the performance evaluation.
However, the precise comparison of the different modules requires the
measurements in real environment.

6.7.2.1 Proposed testing methodology

As has been previously said the most typical environment for the 802.11
module can be described as time-varying multipath indoor environment.
Additionally, 802.11 modules antenna orientation in space is generally random.
The test method proposed in [30] can be used to simulate such environment. In
this method, a rotating motor driving non-conducting table is used to create
time-varying environment and azimuthally random angular orientation between
the AP and the module under test. The test is conducted in typical indoor
environment.

The rotating speed and the radius of the table is selected to obtain the required
speed of the 802.11 module. If the 802.11 module is planned to be mainly used
in indoor environment then the speed is selected equal to the pedestrian speed.
If the 802.11 module will be also used in urban areas then the speed should be
higher. The radius of the table should be much larger than the wavelength, so
the 802.11 module will pass several fades in one rotation.

The throughput between an AP and the module under test is measured at five-
six different test points. The first test point is located close to the AP, about 3-5
meters apart, so the line-of-sign condition is hold. The remaining test locations
located incrementally further away with no line-of-sign to show throughput as a
function of distance. The last test point should be located at the edge of the AP
coverage area.

50
The measurements should be done at several different channels in order to
evaluate the performance over the whole band. For example, channels 1, 6 and
11 can be used in the 2.4 GHz band. Performance with different security
settings should be analyzed as well.

The software used to measure the throughput is important. It must be accurate

and consistent. Netperf [31] is a good candidate. Netperf is a non-commercial
network performance measurement software. It is available for Linux and
Windows operating systems. In addition, open source code is provided, so it
can be modified for special purposes and adapted for other operating systems,
such as mobile phone operating systems. Netperf is designed around the client-
server model. It allows to measure unidirectional stream throughput on top of
the TCP and UDP protocols, i.e. how fast one system can send data to another
and how fast that other system can receive it.

The test setup for the throughput measurements is shown in Figure 15. In order
to evaluate the interoperability performance, every module should be tested
with three or four different types of APs, each based on the most popular
802.11 chipsets on the market from different vendors.

It is essential to ensure the best possible reproducible test environment, so the

comparison of measurements taken at different time makes sense. The
following issues should be considered:

The same test hardware, software, settings, environment, and

measurement points should be used. Ideally, a second reference
golden 802.11 module with known throughput should be included in
the test and placed on the table. Power save modes of the test
computers must be switched off.

The test environment should be isolated. The spectrum should be clear

there should be no other AP or 802.11 stations, microwaves, and
devices using the same frequency band. Movements of people,
elevators, etc. should be minimized. So, it would be preferred to make
measurement after working hours or on weekend.

The testing time should be selected large enough to obtain a good

averaged throughput. This average should include multiple rotations of
the table.

51
 Ethernet 100 Hub
Desktop running Laptop with WLAN card
Netperf client or under test, placed on
server rotating table and running
Netperf server or client

Figure 15. Test setup for the throughput measurements

Sample throughput performance measurements have been performed by the

author to illustrate the described above testing methodology and evaluate the
performance of the latest commercial 802.11 devices. Four different APs and
two modules were used. Some of the specifics of those devices are presented
in Table 5. The TCP throughput performance for the uplink (from a module to
an AP) was measured with Netperf for each pair of a module and an AP. The
measurements were done at six different test points in a semi-open office
environment. 802.11b/g APs were set to operate on the channel 1 (2.412 GHz)
and the 802.11a AP on the channel 60 (5.300 GHz). No security features or
power save modes was used. The test results are presented in Figure 16.

The test results show that the maximum achievable TCP throughput is much
lower than the raw data rates on the air; specifically 4.5 Mbps maximum TCP
throughput was achieved for 802.11b and about 23 Mbps for 802.11a and
802.11g. The throughput decreases gradually as distance increases. 802.11b/g
generally provides better coverage than 802.11a. The test results also show
that there are interoperability issues between different vendors chipsets and
product implementations. Thus, the test results difference due to interoperability
is comparable to the difference between 2.4 and 5 GHz radio propagation.
Generally, products based on the Broadcom chipset showed the best results in
this test followed by the Atheros and Texas Instruments chipsets.

52
Access Points Modules 802.11 type Chipset vendor
Dlink DWL2000AP+ b/g Texas Instruments
Dlink DWL2100AP b/g Atheros
Linksys WRT54G b/g Broadcom
3COM b Intersil
a Atheros
3COM PC card, a/b/g Atheros
3CRPAG175
Linksys PC card, b/g Broadcom
WPC54G

Table 5. APs and modules used for the throughput testing

(3 meters) (40 meters) (80 meters) (100 meters) (120 meters) (140 meters)

Figure 16. Sample TCP throughput performance measurements

53
6.8 Radio compatibility

Integration of the 802.11 module into the Raptor phone, that has already
several radio systems, brings a whole new set of mutual electromagnetic
interference problems as illustrate in Figure 17. The GSM/DCS/PCS, GPS,
Bluetooth, and 802.11 WLAN systems are required to operate simultaneously
and be collocated within less than ten centimeters in the mobile phone or even
share the same antenna. However, the specifications for those radio systems
were not designed with an assumption that the radio systems will have to work
in such proximity. Therefore, it is an important advantage if the 802.11 module
was designed from the start to work in the environment of the GSM phone.

The interference problems would not be discussed if simultaneous operation of

the radio systems were not required. The following examples show the need for
simultaneous operation. In order to remain synchronized within a WLAN, the
mobile phone needs to listen to 802.11 beacons even during a GSM call. The
GSM location update or GPRS routing area update (which requires the GSM
transceiver to transmit) should not affect the 802.11 reception. Bluetooth
headset can be used for VoIP-over-WLAN calls. To provide seamless roaming
between GSM networks and 802.11 WLANs, mobile phone will need to be able
to scan for new networks, so soft handover (new connection has to be made
before old connection is broken) can be achieved, requiring communications in
both networks at once.

GSM
33 dBm DCS PCS
~0.9 GHz 30 dBm 30 dBm
~1.8 GHz ~1.9 GHz
802.11b,g
20 dBm 802.11a
20 dBm
Transmit power

~2.4 GHz
~5.5 GHz

GPS Bluetooth
~1.5 4 dBm
GHz ~2.4 GHz

Frequency

Figure 17. Possible interference sources in the mobile phone. Adapted from [33]

54
 802.11 coexistence with Bluetooth and PCS systems will be discussed in this
section as the most critical issues. This section is only considered on the radio
interference between systems through antennas. Other interference issues
such as switching noise, RF and baseband signals coupling between systems
through PCB or power supply are not discussed in this thesis work as those
problems can be solved through standard design methods: careful PCB design,
shielding, decoupling, etc.

6.8.1 802.11b/g and Bluetooth coexistence

Bluetooth uses a FHSS technique in which the transmission band hops over 79
pre-defined 1 MHz wide channels. The hopping rate is roughly 1600 hops per
second over a random pattern. In this way, Bluetooth spreads energy over the
entire band. However, since Bluetooth doesn't monitor the band before
transmitting, it can easily interfere with other systems trying to use the same
band. In this fashion, if 802.11 is transmitting or receiving when Bluetooth
begins transmission, both air interfaces can fail to operate properly. In contrast
to Bluetooth, 802.11 does monitor its transmission band for other traffic before
beginning to transmit. 802.11 employs DSSS and OFDM air interfaces, and
occupies roughly a quarter of the 83.5 MHz bandwidth available in the ISM
band. Since 802.11 will sense Bluetooth activity and not transmit if Bluetooth is
active, 802.11 service will be very seriously affected when Bluetooth is active.

The coexistence of the 802.11b/g WLAN and Bluetooth is particularly difficult as

those two systems operate in the same frequency band and both systems are
typically designed with a channel pre-select filter that captures the whole 2.4
GHz band. The 802.11b/g and Bluetooth coexistence issues have been studied
thoroughly by many authors. The following results have been presented in [26].
When 802.11b/g and Bluetooth devices are beyond two meters in range, the
mutual interference does not cause noticeable performance degradation. The
separation distance from 2 to 0.5 meters causes graceful performance
degradation. When 802.11b/g and Bluetooth devices are collocated within less
than a half of meter, the interference is severe and results in significant
performance degradation.

The Bluetooth 1.2 specification introduced the Adaptive Frequency Hopping

(AFH) technique with purpose to improve the immunity of the Bluetooth devices
to interference while allowing them to avoid causing interference to other
systems operating in the same band. The principle of AFH is that the frequency
hopping pattern of the Bluetooth radio is dynamically adapted to avoid
frequencies that yield bad performance, e.g. with high interference level from
the 802.11b/g systems. The Bluetooth AFH technique is an example of a non-
collaborative technique, when one system has no a priori knowledge of the
systems operating nearby, so it must learn the channel characteristics and
control its own behaviour in a way it hopes will avoid collisions, based on what it

55
 has learned about the channel. AFH is the most effective when the Bluetooth
and 802.11 radios are not collocated, and progressively loses its effectiveness
when the isolation between two radios becoming less than 40 dB [35], i.e. when
the separation distance becomes less than one meter.

For shorter distances, and especially when both systems share the same
antenna, collaborative techniques are required. In the collaborative
coexistence, collisions are avoided through agreement between the 802.11b/g
and Bluetooth controllers on an arbitration scheme in advance. The arbitration
mechanism schedules (time multiplexing) packet traffic in both systems. The
collaborative technique should support QoS (e.g., real time voice packets
should be given higher priority than e-mail data packets), provide fairness
between systems and maximize both systems throughput. Collaborative
techniques presume direct communication interface to be implemented
between 802.11b/g MAC and Bluetooth controllers. Various collaborative
techniques and communication interfaces have been developed by different
802.11 and Bluetooth vendors. Therefore, it is important to ensure that the
selected 802.11b/g and Bluetooth modules are compatible and that the
supported coexistence techniques provide the required performance.

The possible test setup for the performance evaluation of the coexistence
techniques is shown in Figure 15. Two independent data streams are sent
simultaneously over 802.11 and Bluetooth connections and the performance of
the links can be evaluated by varying both data traffics. Also single data stream
can be sent between the PC 1 and PC 2. In this case the test software in PC 3
will route the data stream between the 802.11 and Bluetooth modules under
test, thus a usage case can be simulated when VoIP data is sent over 802.11
and then routed to the Bluetooth headset.

PC 1 running
test software

802.11 reference 802.11 module

device under test PC 3 running
Signal
combiners test software

802.11& BT
PC 2 running coexistence
test software interface

BT reference BT module
device under test

Figure 18. Test system setup for the performance evaluation of the 802.11 and Bluetooth
coexistence techniques

56
6.8.2 802.11b/g and PCS coexistence

The RF coexistence of 802.11b/g and PCS systems is the second major issue.
PCS is the closest system to 802.11b/g in frequency, it has large transmit
power and there is limited isolation between PCS and 802.11b/g antennas due
to the small size of the mobile phone. An important question is whether those
two systems can be designed to operate simultaneously without complicated
scheduling as in the case of the 802.11b/g and Bluetooth coexistence.

The GSM standard has a comprehensive specification covering transceiver

performance issues such as transmit power, spectrum, sensitivity, blocking, in-
band and out-of-band spurious. The 802.11 specification is silent on several
important issues, for example blocking. An initial glance at the two specification
issues, emissions and blocking, is presented below. It demonstrates that if both
transceivers only marginally comply with the requirements, each receiver will be
jammed while the other system is transmitting. It is therefore necessary to
measure the actual coexistence performance of the 802.11 module and the
mobile phone in order to assess whether design changes are needed in either
systems to achieve simultaneous operation. The proposed measurement
method is presented at the end of this section.

6.8.2.1 Could the 802.11b/g transmitter emissions interfere with the PCS receiver?

The out-of-band transmit power by the 802.11b/g transmitter has to be bound to

the thermal noise floor 174 dBm/Hz in the passband of the PCS receiver in
order to eliminate sensitivity degradation of the PCS receiver. In practice, some
margin added to this requirement (about 5 dB) has insignificant impact.

The 802.11b standard specifies that the transmit spectrum should be 50 dB

below the transmit power in the desired channel at frequencies greater than 22
MHz from the center frequency (The corresponding figure the 802.11g standard
is 40 dB at 30 MHz frequency offset and above, which is less strict). The
maximum transmit power density in the passband of the 802.11b/g transmitter
is typically 10 dBm/MHz. That translates into a requirement of 40 dBm/MHz or
100 dBm/Hz outside of the passband.

Regulatory agencies may place own constrains on the out-of-band spurious

emissions. For example, the ETSI regulation ETS 300 328 limits the wideband
spurious emissions by the 802.11 equipment to 97 dBm/Hz in the 1.8
1.9GHz band. Thus, the ETSI requirement is actually softer than the
requirement specified by the 802.11b standard.

The PCS and 802.11b/g antennas typically can be separated by about 10

centimeters in a mobile phone, yielding 20 dB isolation between the antennas
(by using equation (1) and assuming unity antenna gains). In addition, the PCS
and 802.11b/g antennas typically can provide 5 dB of protection between the

57
 1.9 GHz and 2.4 GHz bands. Now the interference at the input of the PCS
receiver is

100 dBm/Hz 20 dB 5 dB 5 dB = -130 dBm/Hz.

That is 44 dB above the thermal noise floor. Hence, it is clear that the spurious
emissions by 802.11b transmitter can cause sensitivity degradation. Therefore
additional design requirements are certainly needed to provide the required
isolation between the systems, such as additional filtering of the transmit signal
on the 802.11b/g system side.

6.8.2.2 Could the PCS transmitter emissions interfere with the 802.11b/g receiver?

The DCS/PCS standard specifies that the spurious emissions, measured in a 3

MHz-wide band in the frequency band 1 12.75 GHz, should be less than 30
dBm. That translates into a requirement of the PCS transmit power density to
be less than

-30 dBm 10*log(3*106) = -94.8 dBm/Hz

in the passband of the 802.11b/g system. If 20 dB of isolation between the two

antennas is provided then the interference at the input of the 802.11b/g receiver
will be -114.8 dBm/Hz. That is 59.2 dBm above the thermal noise floor. Thus,
PCS transmitter spurious emissions can cause interference problems and
additional design requirements, such as additional filtering of the transmit PCS
signal, are certainly needed.

6.8.2.3 The 802.11b/g receiver blocking by the PCS transmitter

The blocking phenomenon is caused by a strong transmit signal that overloads

the receiver front-end, resulting in sensitivity degradation. The 802.11 standard
does not specify any requirements for the receiver blocking. The standards
specify only that the adjacent channel rejection must be at least 35 dB at 25
MHz from the center frequency of the receiver. Thus, if two systems are located
10 centimeters away the PCS transmitted power at the input of the 802.11b/g
receiver will be

30 dBm 35 dB 20 dB 5 dB = -30 dBm,

where 5 dB is a typical protection that can be provided by the antenna between

the PCS band and the 802.11b/g band. This out-of-band power typically can be
handled by commercially available 802.11b/g receivers without performance
degradation. For example, the Maxim MAX2820 802.11b transceiver [38]
provides the receiver out-of-band blocking performance better than -25 dBm.
However, if two systems will have to be collocated much closer, then the
blocking could be an issue and additional out-of-band filtering on the 802.11b/g

58
 receiver side might be needed to prevent blocking when the PCS transmitter
works at the maximum power levels.

6.8.2.4 The PCS receiver blocking by the 802.11b/g transmitter

The PCS blocking performance for the Raptor PCS receiver is equal to 0 dB in
the frequency band 1.98 12.75 GHz. Thus, if 20 dB of isolation between the
802.11 transmitter and the PCS receiver is provided then the 20 dBm 802.11
transmit signal will not block the PCS receiver.

6.8.2.5 Testing of the 802.11b/g and GSM/DCS/PCS coexistence

The testing method similar to the described in [37] can be used. Figure 19
shows possible test setup. The 802.11 module is placed in the desired place
inside of the mobile phone. Various positions of the 802.11 module inside of the
mobile phone can be evaluated in order to find the one providing the best
performance. The mobile phone test station, such as Agilent E5515 [46], is
used to setup and test the link to the mobile phone, and the 802.11 reference
device and two PCs running test software (typically provided by chipset
vendors) are used to do this for the 802.11 link.

The first step to test the performance of the 802.11 receiver in the presence of
the GSM/DCS/PCS transmission is to setup 802.11 link and to use FER
measurements (the standard values are 8% FER for 802.11b and 10%
802.11g) to set the reference sensitivity level. Then the GSM/DCS/PCS link is
established using the maximum transmit power and the FER of 802.11 is
evaluated. If the FER degradation is present the 802.11 transmit power is re-
adjusted to find the FER used to set the reference sensitivity level. The
difference in two power levels of the 802.11 transmitter when the required FER
is achieved with the GSM/DCS/PCS transmitter on and off is a measure of the
sensitivity degradation of the 802.11 receiver. A similar approach can be used
to determine the GSM/DCS/PCS receiver performance degradation due to the
802.11 transmitter.

59
 Semi-anechoic test chamber
Mobile phone
test station

Mobile phone &

802.11 module
under test

PC 1 running 802.11 reference PC 2 running

test software device test software

Figure 19. Test setup for the 802.11 and GSM/DCS/PCS coexistence evaluation

6.9 Antenna design

The antenna can be provided by a vendor together with the module, purchased
separately, or designed in-house. Whichever approach is chosen, it is important
to ensure that the antenna provides required performance and will be
appropriate for the mobile phone. None of the 802.11 standards regulates the
use of antennas and one is free to choose.

Antenna must provide required bandwidth, central frequency, and impedance.

The following factors are also essential:

Omnidirectional radiation pattern. This allows transmitting and receiving

data to/from all directions.

Small near field. This decreases the near field energy losses caused by
close proximity of the antenna to a human body.

VSWR equal or less than 2.0:1. VSWR of 1.5:1 is preferred (i.e. a

return loss of -14 dB)

Small dimensions

Small PCB area required for the ground plane of the antenna

Operating temperature range -20 0C to +60 0C

Low cost, easy assembly

60
6.9.1 Antenna polarization

There are two design goals to consider when the polarization of the 802.11
antenna is selected:

Minimize the polarization mismatch loss (see section 6.7.1.2)

Maximize isolation between the 802.11 and GSM antennas

The polarization state of the antenna can be chosen to be orthogonal to the

GSM antenna with purpose to increase the isolation between the antennas (an
isolation of 20 dB can be achieved due to orthogonal polarization [37]). Since
vertical polarization is employed by the GSM antenna, the 802.11 antenna has
to use then the horizontal polarization. However, vertically polarized antennas
are typically employed as the transmitting antennas at 802.11 APs. This might
seems to cause the polarization mismatch losses, however other issues should
be considered as well:

The orientation of a mobile phone in space is generally random. This

results in a varying polarization state of the 802.11 antenna.

Propagation environment with multiple reflecting and scattering objects,

such as typical indoor and urban outdoor environments, results in the
polarization state of the received signal to be independent of the
transmitted polarization [19].

Polarization diversity is often employed on the receive side of the

access points which compensates for the polarization mismatches
between the transmitted signal by the 802.11 module and the AP
receive antenna

Thus, the decision about the polarization of the 802.11 antenna should be
made based on the required isolation between antennas (may be it can be
achieved through other techniques, such as filtering), typical usage scenario,
propagation environment, and the polarization properties of the antennas used
by network equipment. The performance of the antenna design can be tested
by using the testing methods described in section 6.8.2.4 (802.11 and cellular
coexistence) and in section 6.7.2 (throughput and range performance).

6.9.2 Antenna diversity

Dual receive antenna diversity is supported in a majority of chipsets and can be

considered to improve the receiving performance of the 802.11 module in a
fading environment. If fading is nearly independent among the antennas then it
is much less likely that both signals are weak as compared to only one of them
being weak. By selecting the best signal or by combining signals the reduction
in the required average received SNR for a given BER can be expected, known
as a diversity gain. Thus, better operating range and throughput can be

61
 achieved. The diversity gain depends on the correlation of the fading among the
antennas. Higher diversity gain can be obtained when the correlation among
antenna signals is low. There are three independent methods to achieve low
correlation: space diversity, polarization diversity, and pattern diversity. In
pattern diversity, antennas with different radiation patterns are used. Since one
of the antennas in the 802.11 module is used for both transmission and
reception and its radiation pattern is required to be omnidirectional, pattern
diversity is not suitable for this particular application and will not be covered
here.

6.9.2.1 Space diversity

In space diversity, spatial separation of the antennas is used to obtain low

correlation of the fading among the antennas. Clarke [38] derived the following
relationship between envelope correlation and antenna separation, assuming
multipath with a uniform angle of arrival distribution in azimuth and antennas
with omnidirectional patterns:

2d
e J 02 (3)

where e is the envelope correlation of two diversity antenna signals, J0 is the
Bessel function of the first kind with zero order, d is the antenna spacing, and
is the carrier wavelength. Figure 20 represents the relationship presented in (3).
Figure 21 illustrates the performance improvement that can be achieved by
using space diversity technique. To perform these measurements, the same
technique as described in section 6.7.2.1 was used by the author. Two
vertically polarized antennas were used at the Linksys AP. The antennas
separation distance was 13 centimeters (about one wavelength at 2.4 GHz).
Although such distance is not feasible for mobile phones, a low enough
correlation to obtain the most of diversity gain can be obtained already at a
quarter of a wavelength separation distance. This distance corresponds to 3.13
and 1.5 centimeters at 2.4 GHz and 5 GHz carrier frequencies respectively, the
distances feasible for mobile phones. Furthermore, it has been shown that the
mutual coupling effect between two closely located antennas can reduce the
envelope correlation of the antenna signals [40]. However, the effect of mutual
coupling can also change the antenna patterns from the free space pattern [42].

62
 Figure 20. Envelope correlation versus antenna spacing

(3 meters) (40 meters) (80 meters) (100 meters) (120 meters) (140 meters)

Figure 21. TCP throughput comparison for spatial diversity, polarization diversity and no
diversity schemes

63
6.9.2.2 Polarization diversity

Two antennas with orthogonal polarization (typically vertical and horizontal or

+/-450 slant polarizations) are used to exploit polarization diversity. Polarization
diversity is based on the concept that after sufficient random reflections, the
polarization state of the signal will be independent of the transmitted
polarization (in practice, however, there is some dependence of the received
polarization on the transmitted polarization) [19]. Thus, in reach multipath
environment, multiple versions of the transmitted signal, traveled along different
paths, will have the polarization state independent of each other, which results
in decorrelation of the signals in orthogonal polarizations.

Figure 21 shows that polarization diversity allows to achieve similar

performance to space diversity. One vertically polarized transmit antenna and
one horizontally polarized diversity receive antenna where used to implement
polarization diversity. The antennas separation distance was about 5
centimeters. In fact, polarization diversity can yield even better performance
than space diversity if the antenna spacing in the space diversity scheme is
less than a half of a wavelength [43].

Advantage of polarization diversity over space diversity is that it allows two

antennas to be colocated. A single physical antenna even can be implemented
with different feeds for each polarization. Additionally, polarization diversity can
also compensate for polarization mismatches due to random orientation of a
mobile phone. As mentioned earlier, polarization mismatch can result in signal
losses of up to 20 dB. The polarization diversity scheme can achieve at least
half the best-case received signal power for even the worst polarization
mismatch. Combined space and polarization diversity scheme can also be
considered to further improve the receiver performance [44].

6.9.2.3 Combining techniques

Scanning diversity dominates in the current 802.11 chipsets, and is the simplest
combining technique. In this method, the antennas are connected to a single
receiver through an RF switch. During the preamble (a priori know signal), the
receiver scans both antennas and selects the one with the best signal. The best
signal can be in terms of signal level or SNR. If during the packet the signal
from the selected antenna falls below the threshold then receiver just switches
to the second antenna. The diversity gain provided by this technique is the
lowest comparing to the other more advanced methods but the advantage with
this method is that only one receiver is required.

Antenna diversity is two-folded. It improves the receiver performance but

requires extra components - RF switch and the second antenna, i.e. more
space and higher price. The RF switch also causes RF losses, thus will partly
compensate the achieved diversity gain.

64
6.10 802.11 module placement

As it was discussed in section 6.8.2, good isolation between the 802.11 and
cellular antennas is important in order to minimize mutual interference between
two systems. Therefore, the 802.11 antenna is proposed to be placed as far as
possible from the cellular antenna. In order to keep RF losses at minimal the
802.11 antenna should be placed as close as possible to the 802.11 transceiver
and in the place where no metal parts, such as metal cover or battery, or users
hand will cover it.

Figure 22 shows possible placement. The 802.11 and Bluetooth modules share
the same antenna assuming that the collaborative coexistence technique is
implemented in the modules. The antenna can be located in ether position 1 or
2, depending on in which position better performance can be achieved and how
much free space is available.

The 802.11 and Bluetooth modules can be placed on the components side of
the mobile phone PCB (Position 1) if there is enough free PCB space available.
Another approach (Position 2) is to place the modules under the keypad and
LEDs, which can be achieved by placing the keypad and LEDs on the separate
PCB and lifting the PCB up to the required height (the height of the 802.11 and
Bluetooth components). A possible drawback of those two approaches is that
802.11 and Bluetooth components are located very close to the mobile phones
microphone and its associated low level signals, which might cause 802.11 and
Bluetooth circuits noise to be picked up. Bluetooth circuits should not cause
problems since Bluetooth and the microphone are typically exclusive in their
operations. However this is not the case for the 802.11, therefore additional
considerations might be required.

65
 GSM antenna

GSM module,
application
processor &
memory
Keypad & LEDs PCB

Battery
WLAN & BT modules
Possible position 2

WLAN & BT modules

WLAN & BT antenna Possible position 1
Possible position 2
WLAN & BT antenna
Possible position 1

Figure 22. Possible placements of the 802.11 and Bluetooth antennas and modules inside of a
mobile phone

6.11 Software aspects

6.11.1 802.11 driver issues

As was discussed in section 4, some functionalities of the 802.11 MAC layer

are implemented in the MAC controllers hardware and firmware, and some in
the 802.11 driver running on the mobile phones application processor. Different
chipset vendors place the boundary differently by making decision on
cost/performance tradeoff. Thus, two main approaches can be distinguished
so-called hardware MAC and software MAC. In the hardware MAC
approach, nearly all MAC functionalities are implemented in the MAC controller.
This approach allows achieving better performance and will place low load on
the mobile phones application processor. In the software MAC approach,
nearly all MAC functionalities, except time sensitive functions, are implemented
in the 802.11 driver. This approach is low cost and allows easy upgrades,
however clearly place much more load on the application processor. Both
approaches are suitable for the Raptor phone, as this phone has powerful
application processor. However, for lower-end phones with no application

66
 processor, where the GSM baseband controller performs all management and
application tasks, only the hardware MAC approach is feasible.

6.11.2 Test software

The test software is required for the testing of 802.11 module during design and
manufacturing phases. It is an important advantage if the vendor can provide
required test software together with the 802.11 module reference design.

6.11.3 Security issues

Due to the Internet access through 802.11 WLAN, the mobile phone will
become open for hackers attacks as ordinary PCs. Therefore additionally to
low-level data security provided by the 802.11 standards, high-level data
security issues must be treated in the same way as it is currently done in the
PC world, e.g., firewall, antivirus, VPN software. Today not so many individuals
can write viruses for smartphones operating systems. However, due to rapidly
increasing popularity of smartphones and that more people get involved into the
software development, the data security problem will become more important.

6.12 Certification

Before being allowed onto the market, every mobile phone has to pass a variety
of certifications. When 802.11 technology is integrated into a mobile phone, the
list of certifications is extended to the certifications described below in this
section. Even if mobile phone and 802.11 module have passed their
certifications in a stand-alone mode, there is no guarantee that a mobile phone
with an integrated 802.11 module will also pass certifications. However, a
certification process is much simplified if the 802.11 module was pre-certified by
the vendor and the vendor also provides further certification support for the
integrated design.

6.12.1 Regulatory approval

802.11 devices are subject to radio certification according to requirements

established by local and national regulations. Radio certification can be divided
into spurious emissions (out of band) and intended emissions (in band). The
allowed operating frequencies, power and spurious emission levels are the
main differences between countries regulations. The documents specifying the
current regulatory requirements for various geographical areas are listed in the
Appendix A.

67
6.12.2 Wi-Fi certification

Wi-Fi Alliance [32] is a nonprofit trade organization promoting the 802.11-based

technology as the global standard for WLANs and certifying interoperability of
the equipment based on the 802.11 standards. Wi-Fi is short for Wireless
Fidelity, and it is now a popular name for the 802.11-based technologies. The
Wi-Fi Alliance currently comprises over 200 members. More than 2500
products have been certified. Wi-Fi certification logo is evidence that equipment
bearing it has passed the interoperability tests of Wi-Fi Alliance. In detail, it
means that the equipment meet the certain performance criteria and certain
requirements of the 802.11 standard. The Wi-Fi test bed consists of a number
of access points and client cards loaded with the specific versions of firmware
and drivers. This certification is not compulsory but recommended. Wi-Fi
Alliance membership is compulsory if a company wants its product to be Wi-Fi
certified. Wi-Fi Alliance member is required to pay the $25,000 annual dues.

6.13 Manufacturing

Impact on the mobile phone manufacturing should be kept minimal in order to

maintain low manufacturing cost. The mobile phone with an integrated 802.11
module will require extra assembly, testing, and firmware downloading
operations. The product should be designed keeping in mind optimization for
volume manufacturing. This includes such issues as BOM and manufacturing
time optimization. For example, instead of two separated Flash memory chips
for the 802.11 module and application processor, the common Flash memory
can be considered to decrease the BOM, assembly time, and time required for
software downloading into the Flash memory. Another example is the local
oscillator sharing between the 802.11 module and mobile phone. Clearly, such
issues should be considered already in earlier design phases.

6.14 Price

The mobile phone market is very price sensitive. Any undervalued increase in
price could result in reduced sales. This results the tight requirement for the
integration cost. The main factors contributing the cost are following:

Hardware BOM cost. For today, the 802.11 feature makes sense in a
smartphone if the 802.11 hardware BOM cost is below $15.

Development cost. This includes costs for the hardware and software
development and the design verification.

Licensees fees to hardware and software vendors

Regulatory and Wi-Fi certifications

68
 Manufacturing costs. This includes costs for the production test systems
and the product manufacturing itself

MAC addresses purchasing. As mentioned earlier, every 802.11 device

has its unique 48-bit IEEE 802 MAC address. MAC addresses are
purchased by manufactures from IEEE organization [45]. The current
price for the batch of 16,777,215 MAC addresses is $1650.

6.15 Which 802.11 standard to chose a, b, or g?

Table 6 shows a comparison of the 802.11 a, b and g standards. As

mentioned earlier, the 802.11a and 802.11b standards were introduced at the
same time. However, only 802.11b become extremely popular and accounts for
more than 90% of the 802.11 products sales today [22]. The situation is slightly
changing now, and 802.11a is becoming more popular, especially in the
enterprise market, where system capacity and data rates are the most
important factors. Recently ratified, the 802.11g standard provides data rates of
802.11a, while operates in 2.4GHz band and has better coverage than 802.11a.
802.11g is backward compatible to 802.11b, and is replacing, in fact, 802.11b in
most of the new devices.

One could argue against 802.11g and 802.11a that such high speeds are not
really needed for a mobile phone, and that 802.11g and especially 802.11a
modules are still more expensive, have larger size and consume more power
during transmit/receive mode than 802.11b modules. On the other hand, higher
speeds result in shorter transmission time, thus interference level will decrease,
the WLAN system capacity will increase, and higher power consumption will be
more or less compensated (also as it was mentioned in section 6.6, power
consumption in the idle mode is the most critical one). And technology
development and higher manufacturing volumes the difference between b and
g, a versions in terms of power consumption, size and price is gradually
vanishing, especially between b and g.

802.11 a, b, and g standards have own pros and cons resulting in

existence of three different versions of 802.11 devices on the market. This gave
rise to dual mode 802.11a/g devices, what are becoming more popular,
enabling users to take advantages of each of technology. The authors opinion
is that 802.11b standard should be used in the beginning. The 802.11g or dual
mode 802.11a/g solutions should be implemented as soon as their price, size,
and power consumption become acceptable.

69
 Standard Band, Raw data Average Additional attributes
GHz rates, indoor
Mbps range
802.11b 2.4 1, 2, 5.5, 100 m - Dominant WLAN technology
11 (90% of the market)
- Mature technology
- Low price
- Low power consumption
802.11g 2.4 1, 2, 5.5, 100 m - Backward compatible with
11; 6, 12, the 802.11b standard
24, 36, 48, - Moderate price
54 - Moderate power
consumption
802.11a 5 6, 12, 24, 50 m - Superior scalability (19 non-
36, 48, 54 overlapping channels vs. 3
non-overlapping channels in
the 2.4 GHz band)
- Clear spectrum (much less
interference sources than in
the 2.4 GHz band)
- High price
- High power consumption
- Not backward compatible
with the 802.11b standard

Table 6. Comparison of the 802.11 a, b and g standards

6.16 Integration path

There are two approaches currently available for adding embedded 802.11
technology to a mobile phone:

Discrete solution, i.e. chipset and some discrete active/passive

components

Pre-manufactured, pre-tested, pre-calibrated and pre-certified module

Table 7 sums up most of the key issues in determining whether to use discrete
components or module.

Criteria Discrete Module

System customisation Very good Bad
Development time Very bad Very good
Certification Very bad Good
Test and calibration time Very bad Very good
Manufacturing time Very bad Very good
Table 7. Discrete versus module solution

70
The module approach is low risk, simplifies design and manufacturing, and
gives short time-to-market. However, the first approach allows greater degree
of design flexibility. Variations of those two options are also available. For
example, ICs vendors often provide complete reference designs, so the design
process can be much simplified.

The size and cost criteria are intentionally excluded from Table 7. By using
discrete components, one might be able to make the 802.11 solution smaller or
fit a unique layout that off-the-shelf modules can not provide. However, most
modules can be made very small because they often use bare ICs rather than
packaged ICs. As a result, a module may actually be smaller than most discrete
approaches. The cost of the module versus the discrete solution could also be
competitive, especially if overheads associated with purchasing, warehousing,
testing, and mounting the discrete components are taken into account.

71
7 CONCLUSIONS

The integration of 802.11 into a mobile phone is a logical and useful

development because it brings new benefits for users, specifically lower cost
and higher data rates. In addition, the 802.11 technology is rather
complementary than competing with current mobile phone technologies, such
as cellular (GSM/GPRS/EDGE), Bluetooth, and IrDA, as well as new emerging,
such as UWB and WiMAX. 802.11 is a mature and widespread technology. It
supports wide range of applications and can be employed in a broad range of
mobile phones from basic phones to smartphones.

While benefits for users are clear, the convergence of many wireless
technologies into such small form factor as a mobile phone with power and
weight constrains brings new design challenges. Size, power consumption,
coexistence with other wireless subsystems, and environmental requirements
for the 802.11 module in a mobile phone are unique. Not every 802.11 solution
on the market can meet those requirements. Therefore, very careful evaluation
of 802.11 solutions and proper integration design are essential.

8 FURTHER WORK

The next step in this project is to make practical evaluation of 802.11 modules
targeting mobile phone applications as soon as they are available. Then a basic
reference design for 802.11 integrated into the Raptor phone will be made by
using the selected 802.11 module(s), which is intended to provide a platform for
further software and hardware development.

72
REFERENCES

[1] TechKnowledge Strategies Inc., http://www.techknowledge-group.com

[2] ANSI/IEEE 802.11 Standard, 1999 Edition. ANSI/IEEE 802.11 standards are
available at: http://standards.ieee.org/getieee802

[3] ANSI/IEEE Standard 802.2, 1998 Edition

[4] ANSI/IEEE Standard 802.11b, 1999 Edition

[5] ANSI/IEEE Standard 802.11a, 1999 Edition

[6] ANSI/IEEE Standard 802.11g, 2003 Edition

[7] IEEE 802.11 Task Groups, http://grouper.ieee.org/groups/802/11/, Viewed:

December 2003

[8] Intel Developer Forum, San Jose, CA, September 2003

[9] IEEE 802.15.3a Task Group, http://www.ieee802.org/15/pub/TG3a.html,

Viewed: December 2003

[10] IEEE 802.16e Task Group, http://grouper.ieee.org/groups/802/16/, Viewed:

December 2003

[11] WiMAX Forum, http://www.wimaxforum.org/about, Viewed: December 2003

[12] IEEE 802.20 Task Group, http://grouper.ieee.org/groups/802/20/, Viewed:

December 2003

[13] Nikita Borisov, Ian Goldberg, David Wagner, (In)Security of the WEP
algorithm, http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html, Viewed:
December 2003

[14] AirSnort, software for breaking WEP keys, http://airsnort.shmoo.com, Viewed:

December 2003

[15] Crack, software for breaking 802.11b WEP secret keys,

http://www.personaltelco.net/index.cgi/WepCrack, Viewed: December 2003

[16] IEEE Standard 802.1x, 2001 Edition, Available at:

http://www.ieee802.org/1/pages/802.1x.html

[17] Dennis Eaton, 802.11 Security, Intersil, 2003

[18] 3GPP TR 22.934 V6.2.0 (2003-09), Feasibility study on 3GPP system to

WLAN interworking (Release 6)

[19] Theodore S. Rappoport, Wireless Communication Principles and Practice,

Prentice Hall Inc., 1996

73
[20] Broadcom BCM4317 AirForce One, complete single-chip 802.11b solution,
http://www.broadcom.com/products/product.php?product_id=BCM4317,
Viewed: January 2004

[21] Atheros AR5005G, complete single-chip 802.11g solution,

http://www.atheros.com/news/AR5005G.html, Viewed: February 2004

[22] Kazuhiro Uehara, Katsuhiko Araki, Masahiro Umehira, Trends in research and
development of Software Defined Radio, NTT Technical Review, Vol.1 No.4,
July 2003.

[23] Helic PolyRadio multi-mode multi-band transceiver,

http://www.helic.com/products.html, Viewed: January 2004

[24] Universal Serial Bus Specification, Revision 2.0, April 27, 2000

[25] Secure Digital Input/Output (SDIO) Card Specification version 1.00, SD

Association, October 2001

[26] Andrew Fogg, GSM.11: Accessing the Wireless Web, TTPCom Ltd., The
Communication Design Conference Paper, 2004

[27] Dual-Channel Analyzer/Power Supply NGMO2, Rohde & Schwarz,

http://www.rohde-schwarz.com

[28] Power Consumption and Energy Efficiency Comparisons of WLAN Products,

White Paper, Atheros Communications Inc., 2003

[29] Jim Lansford, Working Towards the Peaceful Coexistence of Wireless PANs,
LANs, and WANs, September 2002

[30] Ted Edmonson, 802.11 Indoor Testing Methodology, Intersil Corp., April 2003

[31] Netperf software, http://www.netperf.org

[32] Wi-Fi Alliance, http://www.wi-fi.com, Viewed: October 2003

[33] Matthew B Shoemake, Designing for WLAN Integration into Handhelds, Texas
Instruments Inc., http://www.analogzone.com/nett0623.pdf, Viewed: January
2004

[34] http://www.symbian.com/, Viewed: January 2004

[35] Bluetooth and Wi-Fi coexistence overview, Silicon Wave Inc., May 2003

[36] Michel P. Gaynor, Douglas J. Mathews, 2.4 GHz PAN/WLAN System-in-

Package (SiP): Meeting Cost, Size and Performance with Digital Cellular Co-
Existence, High Frequency Electronics, January 2003

[37] Tim Masson, Successful Strategies for Integrating Bluetooth into a Cellular
Telephone, Agilent Technologies eSeminar, April 15, 2003

74
[38] MAX2820 SiGe Zero-IF Transceiver for 2.4GHz 802.11b WLAN,
http://www.maxim-ic.com, Viewed: April 2004

[39] R. H. Clarke, A Statistical Theory of Mobile-Radio Reception, The Bell System

Technical Journal, Vol. 47, No. 6, pp. 957-1000, July-August 1968.

[40] Hon Tat Hui, W. T. Ow Yong, K. B. Toh, Signal Correlation Between Two
Normal-Mode Helical Antennas for Diversity Reception in a Multipath
Environment, IEEE transactions on antennas and propagation, Vol. 52, No. 2,
February 2004

[41] Jukka J. A. Lempiinen and Jaana K. Laiho-Steffens, The Performance of

Polarization Diversity Schemes at a Base Station in Small/Micro Cells at 1800
MHz, IEEE transactions on vehicular technology, Vol. 47, No. 3, August 1998,
pp.1087-1092.

[42] Carl B. Dietrich, Kai Dietze, J. Randall Nealy, Warren L. Stutzma, Spatial,
Polarization, and Pattern Diversity for Wireless Handheld Terminals, IEEE
transactions on antennas and propagation, Vol. 49, No. 9, September 2001

[43] Thomas Svantesson, A Study of Polarization Diversity Using an

Electromagnetic Spatio-Temporal Channel Model, Chalmers University of
Technology, Department of Signals and Systems

[44] Joseph S. Colburn, Yahya Rahmat-Samii, Michael A. Jensen, Gregory J. Pottie,

Evaluation of Personal Communications Dual-Antenna Handset Diversity
Performance, IEEE transactions on vehicular technology, Vol. 47, No. 3,
August 1998

[45] IEEE MAC addresses assignments, http://standards.ieee.org/regauth/oui,

Viewed: April 2004

[46] E5515 Wireless Communications Test Set, Agilent Technologies,

http://www.agilent.com, Viewed: April 2004

[47] http://www.intel.com/technology/ultrawideband/, Viewed: August 2004

75
APPENDIX A

The documents listed below specify the current regulatory requirements for
various geographical areas. They are provided for information only, and are
subject to change or revision at any time. Operation in countries within Europe,
or other regions outside Japan or North America, may be subject to additional
or alternative national regulations. The information is taken from [2].

Europe:

Approval Standards: European Telecommunications Standards Institute

Documents: ETS 300-328, ETS 300-339

Approval Authority: National Type Approval Authorities

France:

Approval Standards: La Reglementation en France por les Equipements

fonctionnant dans la bande de frequences 2,4 GHz "RLAN-Radio Local
Area Network"

Documents: SP/DGPT/ATAS/23, ETS 300-328, ETS 300-339

Approval Authority: Direction Generale des Postes et

Telecommunications

Spain:

Approval Standards: Suplemento Del Numero 164 Del Boletin Oficial

Del Estado

(Published 10 July 91, Revised 25 June 93)

Documents: ETS 300-328, ETS 300-339

Approval Authority: Cuadro Nacional De Atribucion De Frecuencias

Japan:

Approval Standards: Research and Development Center for Radio

Communications (RCR)

Documents: RCR STD-33A

Approval Authority: Ministry of Telecommunications (MKK)

76
North America:

Federal Communications Commission (FCC), USA

Documents: CFR47, Part 15, Sections 15.205, 15.209, 15.247

Approval Standards: Industry Canada (IC), Canada

Documents: GL36

Approval Authority: FCC (USA), Industry Canada (Canada)

77