Non-linear Circuit Am Demodulation
Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors by Denis Foo Kune demonstrates the use of microphone as an AM receiver. I was curious how it was possible for circuits to unintentionally receive AM signals and demodulate it. The antenna theory that long wires which can resonate with the carrier frequency of RF wave was intuitive, but the circuits retrieving the envelope signal was mysterious to me.
Through experiments, I found that when high frequency signals enter non-linear circuits such as diodes, PN transistors, op amps, and many amplifier circuits, the output will create harmonics of the input frequency. For instance, let’s look at an amplifier circuit below. This circuit has a gain of 10 and is biased at 2.5V virtual ground. Op amps usually operates linearly, but when the output signal reaches toward the supply voltage, the output will start to clip and show op amp’s non-linear property. To exaggerate the non-linear property, this circuit is designed with the the limited output range of plus minus 2.5V. With the gain of 10, input signals greater than 0.25V will clip.
Let’s look at amplitude modulated input signals as an example. The following frequency response is observed with 100kHz carrier frequency with 10kHz envelope. The 1st harmonic and its sidebands of the envelope are observed with the biggest peak at 100kHz as expected. (Additionally, the output also produces cross products. These signals’ harmonics are produced at multiples of 100kHz. Their gains decrease as harmonics increase. This result demonstrates and proves the non-linear property of the op-amp. In application, when these amplifier circuits go through low-pass filters, which are common in audio amplifier circuits to get rid of noise above the audible frequency range, the positive sideband at 0th harmonic shows up in the passband and other frequencies are filtered out. In conclusion, if high intensity envelope signals with similar baseband frequency of the circuit, the modulated RF signal will show up along with the audio.
Through this experiment, I was able to understand the working principle of Ghost Talk and injection of RF signals in circuits. I hoped to find applications of Ghost Talk, but I found limitations of the amplitude modulated RF injection. Here are few observations I made as I was working with the Ghost Talk and AM modulated RF injection during the summer. RF injection using the Ghost Talk method requires the underlying circuits with right conditions. Circuits susceptible to Ghost Talk would have the following characteristics. First, the circuit should have a resonant conductive path that works as an antenna. Second, the amplifier should have the gain bandwidth product in the range of resonant frequency. Circuits that fulfill both conditions are hard to find. Usually, accidental antenna paths found in circuits are few inches long, which equate to GHz range of resonant frequency. Few amplifiers will have a high bandwidth that will accommodate such frequency.
Overall, although I couldn’t find more applications of Ghost Talk, which was my initial goal of the summer research, I learned a lot about signals and analog circuits. Previously, I was not fond of analog electronics, but working with the signals and analog electronics made me comfortable. Also, the experience working along with graduate researchers, although it was only three months, gave me insights to what is like to work as a researcher.