Method for checking the association of radio nodes with a radio environment by evaluating interference signal components

Abstract

A method for checking the association of radio nodes with a radio environment having a radio node set by evaluating interference signal components. At least two radio nodes of the radio node set operate as transceivers during a measurement process and at least one radio node operates exclusively as a transmitter or exclusively as a receiver or as a transceiver during the measurement process. The first evaluation step is performed at least once in a first pass for two reference radio nodes and is performed at least once in a second pass for a test radio node and a reference radio node. A positive or negative decision is made on the association with a radio environment on the basis of at least one result of the first pass and at least one result of the second pass.

Claims

1. A method for checking an association of radio nodes with a radio environment, the method comprising: providing a radio node set of at least three radio nodes spaced apart from each other by evaluating interference signal components, wherein each radio node of the radio node set has a radio interface and its own clock, wherein a time offset exists between the clocks of the radio nodes in each case, wherein at least two radio nodes of the radio node set are reference radio nodes, a distance from each reference radio node to the other reference radio nodes is known, and the reference radio nodes constitute a reference system with a radio environment, wherein at least one radio node of the radio node set is a test radio node, and an association of the at least one test radio node with the radio environment of the reference system is checked; performing a measurement process, a subsequent evaluation process, and a comparison process; transmitting and receiving, during the measurement process, signals having a carrier frequency by radio nodes of the radio node set, at least two radio nodes of the radio node are set to operate as transceivers during the measurement process, and at least one radio node operates exclusively as a transmitter or exclusively as a receiver or as a transceiver during the measurement process; providing the evaluation process with an evaluation step; determining an interference signal component in the evaluation step on the basis of a signal transmitted by a first radio node of the radio node set and received by a second radio node of the radio node set; performing, during the evaluation process, a first evaluation step at least once in a first pass for at least one pair of reference radio nodes; performing, during the evaluation process, the first evaluation step at least once in a second pass for a test radio node and a reference radio node; and making, in the comparison process, a positive or negative decision on an association with a radio environment based on at least one result of the first pass and at least one result of the second pass.

2. The method according to claim 1, wherein, the measurement process includes at least two measurement passes, wherein in each measurement pass, a transmit signal with a carrier frequency is transmitted during a transmission time period by each transceiver in succession and the transmit signal that is transmitted is received by at least the other transceivers during a receiving time period, wherein the transmit signals of the transceivers are coherent with one another at least during one measurement pass, wherein the carrier frequency of each measurement pass differs from the carrier frequencies of all other measurement passes or is the same as at least one of the carrier frequencies of the other measurement passes, and wherein, if one radio node operates as a transmitter during the measurement process, the at least one transmitter in each case transmits a transmit signal with a carrier frequency during at least one additional transmission time period before or during or after one of the measurement passes, wherein the transmit signal is received by the transceivers.

3. The method according to claim 2, wherein all signals transmitted during a measurement process are coherent with one another.

4. The method according to claim 1, wherein the measurement process includes at least one alignment measurement step, no radio node of the radio node set transmits a signal and at least one radio node of the radio node set receives an interference signal component during the alignment measurement step, and at least one result of the alignment measurement step is used in the comparison process.

5. The method according to claim 1, wherein the received signal is compared with a reference signal in the evaluation step, and the interference signal component is determined on the basis of deviations from the reference signal.

6. The method according to claim 5, wherein the reference signal is an unmodulated sinusoidal signal with the carrier frequency of the corresponding transmitted signal.

7. The method according to claim 1, wherein a plurality of interference sources and/or a position of at least one interference source and/or a type of at least one interference source is determined for each interference signal component.

8. The method according to claim 1, wherein the measurement process and the evaluation process are carried out multiple times, and a motion profile of interference sources is determined on the basis of the multiple interference signal components.

9. The method according to claim 8, wherein the at least one test radio node is connected to an inertial sensor, and, in the comparison step, a motion profile of the test radio node determined by means of the inertial sensor is compared with the motion profile determined on the basis of the interference signal components.

10. The method according to claim 8, wherein, during each measurement pass, the signal transmitted as a second signal, and each subsequent transmitted signal, are created from at least a part of one of the signals received during a same measurement pass.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The present invention will become more fully understood from the detailed description given hereinbelow and the accompanying drawings which are given by way of illustration only, and thus, are not limitive of the present invention, and wherein:

(2) FIG. 1 shows a reference system and test radio nodes in an exemplary embodiment,

(3) FIG. 2 shows a reference system and test radio nodes in an exemplary embodiment,

(4) FIG. 3 shows linking of interference distributions in the case of a relay attack,

(5) FIG. 4 shows a formation of an expanded radio environment ID in combination with classification and pattern recognition methods for defending against relay attacks, and

(6) FIG. 5 shows a time sequence of measurement.

DETAILED DESCRIPTION

(7) An exemplary embodiment according to the invention of a measurement process of the method for checking the association of radio nodes with a radio node environment on the basis of interference signal profiles is illustrated in FIG. 1. A minimal configuration, formed of a radio node set with three radio nodes F1, F2, and FE, is shown along with a radiated interference source S. The illustration was reduced to a two-dimensional representation for clarity. The two radio nodes F1 and F2 operate as transceivers.

(8) During the measurement process, the additional, here the third, radio node FE operates in one of three modes, namely either exclusively as a receiver, exclusively as a transmitter, or likewise as a transceiver. It is the case for all radio nodes that transmit operation only takes place in assigned time domains, the transmission time periods, and the radio nodes of the radio node set never transmit simultaneously.

(9) In contrast, the radiated interference source S transmits independently of the radio nodes of the radio node set, so that the signals from the radiated interference source S and the signals from the transmitting radio node are superposed at the receiving radio node, which is to say in the received signals.

(10) Two of the three radio nodes F1, F2, and FE in this case are reference radio nodes that are spaced apart from one another and whose distance from one another is known. One of the three radio nodes F1, F2, and FE is a test radio node, whose distance and/or position is unknown and whose association is checked.

(11) The reference radio nodes, with their distances that are known at least relative to one another, form a basis for introducing a reference coordinate system. It is a matter of course that the dimension of the reference coordinate system is determined by the number of reference radio nodes with different positions in space.

(12) According to the stated assumptions, the units are reduced to points in space P.sub.i(x.sub.i,y.sub.i,z.sub.i); these points are located in the center of the associated circles. The propagation paths are represented by lines that begin and end at the points associated with the units. Solid lines denote direct propagation paths between the radio nodes. Dashed lines denote the direct propagation paths between the radiated interference source S and the radio nodes. Lines with two arrowheads indicate that the propagation path is traversed in both directions. Lines with only one arrowhead indicate that the propagation path is traversed in only one direction.

(13) In the exemplary embodiment shown, the additional, or here the third, radio node FE likewise operates as a transceiver during the measurement process; the lines running between the third radio node FE and the transceivers F1 and F2 correspondingly have two arrowheads.

(14) An important property of the system shown is to separate useful signal, which is to say the signal components originating from the other radio nodes of the radio node set, from interference energy, which is to say the signal component originating from the interference source, to a certain degree and to characterize them in the process. This is possible because characteristics of the transmitted signals are known and can be used as reference signals in order to separate the useful portions of the measurement results.

(15) It is a matter of course that in FIG. 1, only a single interference source S is shown purely symbolically for the radiated interference component that is to be analyzed. In principle, the interference components formed of radiation from additional systems located in the vicinity, wherein noise-like sources may also be included. Moreover, implementation-specific aspects can also lead to distortion of the measurement results. These interference quantities, as deviations from ideal system behavior, can be represented by suitable models, and thus the associated parameters can be extracted. If the useful signal component is adequate in relation to the noise or interference energy for suitable extraction, then channel transfer functions, time and frequency offset can also be determined in a further analysis of the useful signal component. However, this method of procedure is not part of the method according to the invention, which concentrates on the extraction of parameters of the received interference signals.

(16) An environment is distinguished by a high degree of individuality on account of the extremely wide variety of objects present. These characteristics can therefore be used for feature extraction. These then form the basis for an authentication based on radio environment.

(17) In the following, the effect of radiated interference on a radio system is explained using the example of an access system composed of a reference system with five reference radio nodes ANT1, ANT2, ANT3, ANT4, and ANT5 (framed radio nodes from FIG. 2), wherein electromagnetic radiation can be generated and also received through each reference radio node. The radio node set additionally includes a test radio node ANT6, the key, wherein the test radio node ANT6 can likewise generate and receive electromagnetic radiation.

(18) FIG. 2 illustrates a complete measurement pass of the system, as well.

(19) The reference system will be considered first: During the measurement, each antenna of the reference system generates a signal that corresponds to the superposition of the radiation from all sources at its position. Based on the knowledge of the relevant signal generated by the system itself, which can be stored as the reference signal, characteristics of sources of electromagnetic radiation not belonging to the system, which are referred to here as interference sources (not shown), can be separated. The interference signal components can be summarized for the reference system in a matrix Q.sup.A(jω, t) with the elements Q.sub.ij.sup.A(jω) wherein A designates the environment of the reference system.

(20) $Q^A\left(j\omega ,t\right)=\left[\begin{array}{ccccc}{Q}_{11}^A& Q_{12}^A& Q_{13}^A& Q_{14}^A& Q_{15}^A\\ Q_{21}^A& Q_{22}^A& Q_{23}^A& Q_{24}^A& Q_{25}^A\\ Q_{31}^A& Q_{32}^A& Q_{33}^A& Q_{34}^A& Q_{35}^A\\ Q_{41}^A& Q_{42}^A& Q_{43}^A& Q_{44}^A& Q_{45}^A\\ Q_{51}^A& Q_{52}^A& Q_{53}^A& Q_{54}^A& Q_{55}^A\end{array}\right]$

(21) In contrast to the extraction of the channel transfer function H.sub.ij.sup.A(jω) and of the time offset and frequency offset T.sub.offs,ij.sup.A, f.sub.off,ij.sup.A, the focus of interest here is not the useful signal component (the portion of the received energy that is transmitted by the system itself), but instead the interference signal component or noise component of the measurement result. The portion of the interference energy, which is to say the interference signal component, in the measurement result can be extracted if the useful signal is basically known in terms of its characteristics and can be used as a reference signal, for example an unmodulated transmit signal with known carrier frequency. If applicable, a substitute reference signal can be generated through approximation of the received signal if not all characteristics of the useful signal are known.

(22) The results of system operations such as channel occupancy measurements (CCA—clear channel assessment) can also be used to generate these elements. The elements Q.sub.ij.sup.A(jω, t) that are marked in bold here can be interpreted differently as a function of system design. If the system has the capability to separate transmitted and received energy (high isolation characteristics are required), the result is an image of the transfer function of the relevant antenna to itself and a corresponding parameter for characterizing the energy from other sources. Consequently, a measured quantity that describes the characteristics or order of magnitude of the electromagnetic energy from interference sources at the place of the relevant antenna can be derived by the means that all antennas are switched to the receive mode according to a third measurement section. In this case, the system does not contribute to the distribution in the surroundings; it is exclusively the energy of other sources at the relevant point in time in the sampled frequency range that is determined.

(23) The characteristics of the radiated interference energy are very specific for a particular radio environment, and moreover are characterized by their non-stationary behavior over time. Consequently, the applicable values Q.sub.ij.sup.A(jω, t) correspond to the received radiated interference energy, which is to say the interference signal component, at the time of the relevant measurement, and can thus be utilized for authentication by means of feature extraction.

(24) In the following, the interaction with the test radio node is considered: An access system, such as the reference system described, interacts in general with other components that are part of a larger overall system and thus should receive access to system resources. In the case of an access system, the solution is directed toward identifying other objects and allowing them access to access areas. Merely by their presence (changing the propagation characteristics through additional reflections) and their function (transmitting electromagnetic radiation), they change or expand the radio environment to a certain extent.

(25) These changes are considered below. The access system shown in FIG. 2 in the presence of the test radio node ANT6 represents such an expanded radio environment A*.

(26) The entry of an additional node leads to changes in the propagation conditions. In the specific case of a key, the effect of the key should be understood in the larger sense, since the key influences the radio environment in conjunction with its bearer, a person.

(27) In principle, a reference system in the simplest case can detect changes in the environment solely as a result of altered propagation behavior. Positioning and motion detection to the level of motion localization are also possible by passive means.

(28) In the active case, all antennas (including the antennas of the additional test radio node) can in principle not only transmit signals but also receive electromagnetic energy, and the received signals can be analyzed with regard to useful signal behavior and interference signal behavior and also with regard to noise characteristics. The expansion of the system by additional test radio nodes results in an expansion of the matrix of the time-varying transmissions by other systems or interference sources Q.sub.ij.sup.A*(jω)=f(I.sub.ij.sup.A*(jω), N.sub.ij.sup.A*(jω)) to be extracted. Furthermore, the space of available node parameters also expands, as is evident from the example of the frequency offset and time offset T.sub.offs,ij.sup.A* and f.sub.offs,ij.sup.A*.

(29) By including the at least one test radio node ANTE in the measurement process, it is possible to expand the features of the radio environment A so that characteristic features of an expanded radio environment A* arise. The corresponding matrix Q.sup.A* likewise expands by one row and one column for each test radio node:

(30) $Q^{A*}=\left[\begin{array}{cccccc}{Q}_{11}^{A*}& Q_{12}^{A*}& Q_{13}^{A*}& Q_{14}^{A*}& Q_{15}^{A*}& Q_{16}^{A*}\\ Q_{21}^{A*}& Q_{22}^{A*}& Q_{23}^{A*}& Q_{24}^{A*}& Q_{25}^{A*}& Q_{26}^{A*}\\ Q_{31}^{A*}& Q_{32}^{A*}& Q_{33}^{A*}& Q_{34}^{A*}& Q_{35}^{A*}& Q_{36}^{A*}\\ Q_{41}^{A*}& Q_{42}^{A*}& Q_{43}^{A*}& Q_{44}^{A*}& Q_{45}^{A*}& Q_{46}^{A*}\\ Q_{51}^{A*}& Q_{52}^{A*}& Q_{53}^{A*}& Q_{54}^{A*}& Q_{55}^{A*}& Q_{56}^{A*}\\ Q_{61}^{A*}& Q_{62}^{A*}& Q_{63}^{A*}& Q_{64}^{A*}& Q_{65}^{A*}& Q_{66}^{A*}\end{array}\right]$

(31) The individual features have only limited validity on account of the time-varying behavior of the various systems. This non-stationary behavior must be taken into account in the integrity and plausibility test.

(32) FIG. 3 additionally shows the effect of a relay attack system on an authentication requirement by means of the relay attack system. Here, the relay attack system is located in a radio environment B and the test radio node is located in a radio environment C.

(33) In this section, the utilization of radiated interference that is present in a radio environment for detecting relay attacks is illustrated. To this end, the differences with regard to the interference profile of a regular authentication process (Q.sup.A*) and a relay attack (Q.sup.A−) are compared.

(34) According to one embodiment, the reference system obtains an overview of the radiated interference situation in its surroundings through overview measurements (also referred to as channel occupancy tests and energy distribution tests over the bandwidth) in a standby mode in which no authentication query takes place. In this process, an image of the interference energy distribution Q.sup.A in the environment of a reference system is created as described above.

(35) The entry of the test radio node into the radio environment A of the reference system causes an expansion of the detectable interference distribution. A transition A.fwdarw.A* or A.fwdarw.A− takes place.

(36) The respective interference distributions can be described by the following matrices.

(37) $Q^{A*}(j\omega ,t,P\left(i,j\right)=\left[\begin{array}{cccccc}{Q}_{11}^{A*}& Q_{12}^{A*}& Q_{13}^{A*}& Q_{14}^{A*}& Q_{15}^{A*}& Q_{16}^{A*}\\ Q_{21}^{A*}& Q_{22}^{A*}& Q_{23}^{A*}& Q_{24}^{A*}& Q_{25}^{A*}& Q_{26}^{A*}\\ Q_{31}^{A*}& Q_{32}^{A*}& Q_{33}^{A*}& Q_{34}^{A*}& Q_{35}^{A*}& Q_{36}^{A*}\\ Q_{41}^{A*}& Q_{42}^{A*}& Q_{43}^{A*}& Q_{44}^{A*}& Q_{45}^{A*}& Q_{46}^{A*}\\ Q_{51}^{A*}& Q_{52}^{A*}& Q_{53}^{A*}& Q_{54}^{A*}& Q_{55}^{A*}& Q_{56}^{A*}\\ Q_{61}^{A*}& Q_{62}^{A*}& Q_{63}^{A*}& Q_{64}^{A*}& Q_{65}^{A*}& Q_{66}^{A*}\end{array}\right]Q^{A-}(j\omega ,t,P\left(i,j\right)=\left[\begin{array}{cccccc}{Q}_{11}^{A-}& Q_{12}^{A-}& Q_{13}^{A-}& Q_{14}^{A-}& Q_{15}^{A-}& Q_{16}^{A-}\\ Q_{21}^{A-}& Q_{22}^{A-}& Q_{23}^{A-}& Q_{24}^{A-}& Q_{25}^{A-}& Q_{26}^{A-}\\ Q_{31}^{A-}& Q_{32}^{A-}& Q_{33}^{A-}& Q_{34}^{A-}& Q_{35}^{A-}& Q_{36}^{A-}\\ Q_{41}^{A-}& Q_{42}^{A-}& Q_{43}^{A-}& Q_{44}^{A-}& Q_{45}^{A-}& Q_{46}^{A-}\\ Q_{51}^{A-}& Q_{52}^{A-}& Q_{53}^{A-}& Q_{54}^{A-}& Q_{55}^{A-}& Q_{56}^{A-}\\ Q_{61}^{A-}& Q_{62}^{A-}& Q_{63}^{A-}& Q_{64}^{A-}& Q_{65}^{A-}& Q_{66}^{A-}\end{array}\right]$

(38) An examination of the characteristics of the individual elements for the derivation of different classes, which are dealt with in a differentiated manner, follows.

(39) Class 1: Q.sub.ij.sup.A*,A− for i, j=1 . . . 5: designates the detected radiated interference energy in the environment of the access system; these elements are closely connected to the elements of the matrix Q.sup.A, and corresponding characteristics can be transferred via equivalence relationships, and thus tested for plausibility. These elements are determined during the evaluation process by means of the first pass.

(40) Class 2: Q.sub.6j.sup.A*,A− for j=1 . . . 5: designates the detected radiated interference energy that is detected by the test radio node, e.g., key/tag, while the individual antennas of the reference system radiate a reference signal. These elements are determined during the evaluation process by means of the second pass for a receiving test radio node.

(41) Class 3: Q.sub.i6.sup.A*,A− for i=1 . . . 5: designates the detected radiated interference energy that is detected by the individual antennas of the reference system while the test radio node, e.g., key/tag, radiates a reference signal. These elements are determined during the evaluation process by means of the second pass for a transmitting test radio node.

(42) Class 4: Q.sub.ii.sup.A*,A− for i=1 . . . 6: designates the detected radiated interference energy that is detected at an antenna of the radio node set when this antenna either operates simultaneously in transmitting mode and receiving mode, or operates only in receiving mode together with all other antennas of the radio node set. These elements are accordingly determined in an alignment measurement step, for example.

(43) In the case of a relay attack, the measured quantities of Class 1 include the interference distribution in the environment of the reference system at the points in time when the corresponding antennas are operated in receiving mode. On account of their local spatial distribution, they form an adequate image of the local interference distribution and serve as the basis for a classification.

(44) The measured quantities of Class 1 thus serve as a starting point or basis of comparison for an integrity and plausibility test with regard to the test radio node, for example a key. The radiated interference energy detected by the test radio node (Class 2) and/or the radiated interference energy detected by the reference system in conjunction with signals transmitted by the test radio node (Class 3) are employed for the comparison.

(45) According to Class 4, the interference signal components are measured directly or only against a noise component. In this way, measurement quantities of Class 4 determined by a test node can be compared directly with measurement quantities of Class 4 measured by a reference radio node. The measurement quantities of Class 4 determined with one or more reference radio nodes also form an adequate image of the local interference distribution.

(46) In this way, an estimation or classification of the radiated interference characteristics of an environment is possible that allows conclusions regarding radiated interference sources to be drawn with respect to: Presence of radiated interference sources (simplest case), Type of radiated interference sources, for example through determination of modulation parameters, Number of radiated interference sources, Location of radiated interference sources, for example through time difference measurements, Motion of radiated interference sources (complex case).

(47) This interference source classification results in high-quality features and thereby permits a check with greater protection.

(48) In the case of a relay attack, the transmitted signals are exposed to the radiated electromagnetic interference distribution in the environment of the reference system Q.sup.A and also to the interference distributions around the relay system Q.sup.B and the radiated interference energy around the key system Q.sup.C. This means that when the test node is receiving the signals from the reference system that are forwarded through the relay system, said test node is exposed to an interference distribution that in practice corresponds to a superposition of the interference sources in all three environments.

(49) These effects are summarized in the following equation:

(50) $Q^{A-}=\left[\begin{array}{cccccc}{Q}_{11}^{A*}& Q_{12}^{A*}& Q_{13}^{A*}& Q_{14}^{A*}& Q_{15}^{A*}& Q_{17}^{A*}.Math.Q_{78}^B.Math.Q_{86}^C\\ Q_{21}^{A*}& Q_{22}^{A*}& Q_{23}^{A*}& Q_{24}^{A*}& Q_{25}^{A*}& Q_{27}^{A*}.Math.Q_{78}^B.Math.Q_{86}^C\\ Q_{31}^{A*}& Q_{32}^{A*}& Q_{33}^{A*}& Q_{34}^{A*}& Q_{35}^{A*}& Q_{37}^{A*}.Math.Q_{78}^B.Math.Q_{86}^C\\ Q_{41}^{A*}& Q_{42}^{A*}& Q_{43}^{A*}& Q_{44}^{A*}& Q_{45}^{A*}& Q_{47}^{A*}.Math.Q_{78}^B.Math.Q_{86}^C\\ Q_{51}^{A*}& Q_{52}^{A*}& Q_{53}^{A*}& Q_{54}^{A*}& Q_{55}^{A*}& Q_{57}^{A*}.Math.Q_{78}^B.Math.Q_{86}^C\\ Q_{71}^{A*}.Math.Q_{87}^B.Math.Q_{68}^C& Q_{72}^{A*}.Math.Q_{87}^B.Math.Q_{68}^C& Q_{73}^{A*}.Math.Q_{87}^B.Math.Q_{68}^C& Q_{74}^{A*}.Math.Q_{87}^B.Math.Q_{68}^C& Q_{75}^{A*}.Math.Q_{87}^B.Math.Q_{68}^C& Q_{66}^{A*}\end{array}\right]$

(51) The superposition of the individual interference distribution is expressed by the x operator.

(52) Since the antenna ANT7 of the relay system (not shown) is located in the expanded environment of the reference system, the interference energy Q.sub.7j.sup.A− detected here corresponds to the energy Q.sub.6j.sup.A* for j=1 . . . 6, which a test radio node would also detect in the case of a qualified entry. Moreover, the energy detected at this point also stands in a plausible relationship with the interference distribution Q.sup.A detected by the access system.

(53) The radiated interference of the relay environment Q.sub.78.sup.B or Q.sub.87.sup.B (depending on the point in time) and the radiated interference in the environment of the (remote) Q.sub.68.sup.C or Q.sub.86.sup.C are superposed on the way to and from the test radio node.

(54) These additional radiated interferences can be identified with integrity and plausibility tests. Although radiated interference is not predictable, the ubiquitous presence of radio systems, especially in the 2.4 GHz band, has the result that these features have good significance with regard to the identification of relay attacks. For example, a relay attack that not only compensates for the direct and indirect propagation paths, but also carries out an identification and correction of interference signals and stays within time limits in doing so is considered unachievable.

(55) FIG. 4 illustrates how an authentication can be implemented through a combination of the method according to the invention based on interference signal analysis with additional test methods, thus achieving an especially reliable detection of relay attacks.

(56) On the left side (A), a positive decision is made on the authentication and access is granted, while on the right side (B), a relay attack is detected and access is denied.

(57) In this process, the following steps are carried out in parallel: Authentication with cryptographic methods (signatures, MAC, . . . ) 1, narrowband transit time measurement 2, determination of the system transfer functions (channel transfer functions or channel impulse responses) 3, interference component determination 4, determination of time and frequency offset 5, motion profile determination through inertial sensors 6.

(58) In a step 7, the authentication by means of cryptographic methods 1 is evaluated as an integrity test. A relay attack may not be detectable, so that (A) and (B) are decided positively (pass).

(59) Steps 2 through 6 can all be carried out, but it is equally possible for only a part of these test methods to be carried out. Following a classification and pattern recognition of the results of steps 2 through 5, in a step 8 the relay attack is reliably detected and accordingly is decided negatively (fail), so that as a result an authentication of the relay attack fails.

(60) FIG. 5 shows a time sequence of a measurement process in a first embodiment. During the measurement process, all three radio nodes of the radio node set, which is to say the two reference radio nodes and the test radio node, operate as transceivers.

(61) The top part of FIG. 5 shows the operation of the three radio nodes over multiple measurement passes, wherein each line corresponds to a radio node. Each of the arrows represents a sample and sample time of a received signal. Heavy bars denote a transition from receiving mode to transmitting mode and vice versa. The lines without arrowheads indicate the concurrent running of the relevant clock or the reception of the relevant time base even while a radio node is in transmitting mode.

(62) The bottom part of FIG. 5 shows the progression of the carrier frequency ω.sub.p.

(63) All radio nodes of the radio node set operate on their own time base T1, T2, or T3, defined by the relevant clock Z(T1), Z(T2), or Z(T3), respectively, each with its own time unit T.sub.MU, T′.sub.MU, or T″.sub.MU, on the basis of which all actions take place. The time units T.sub.MU, T′.sub.MU, or T″.sub.MU, or rather the step size defined in each case, is maintained continuously through one or more repetitions of the measurement pass. The time axes T2 and T3 are shifted relative to the time axis T1 by the time offset T.sub.offs,12 or T.sub.offs,13, respectively.

(64) The index m here designates the index of the repetition of the measurement pass, wherein in this case the frequency of the frequency generators, i.e., the relevant carrier frequency, is changed at the start of each measurement pass. The index m has a value range m=0, 1, . . . , (m.sub.max−1). The value of m.sub.max is determined by the specific implementation and depends on factors including the number of frequencies that are to be determined for a system transfer function.

(65) To distinguish the corresponding quantities of the individual radio nodes, all quantities are identified using different prime symbols (for example, for the frequencies: F1:f.sub.p, F2:f′.sub.p, FE:f″.sub.p).

(66) Each radio node in itself constitutes a discrete time system with T1=n.Math.T.sub.MU+m.Math.T.sub.SF, T2=n.Math.T′.sub.MU+m.Math.T′.sub.SF, or T3=n.Math.T″.sub.MU+m.Math.T″.sub.SF, where the index n designates the time steps of duration T.sub.MU within a measurement pass.

(67) The invention being thus described, it will be obvious that the same may be varied in many ways. Such variations are not to be regarded as a departure from the spirit and scope of the invention, and all such modifications as would be obvious to one skilled in the art are to be included within the scope of the following claims.