Cross-Technology Communication for the Internet of Things: A Survey

Some approaches to avoid collision among heterogeneous devices are similar to those for homogeneous devices. We can leverage the methods of CSMA, TDMA, and frequency hopping to avoid the collisions [37, 38, 39, 40, 41]. But in scenarios where heterogeneous devices coexist, because of the asymmetry of communication ability, computational ability, and other abilities, the data transmission of the weaker device may not be perceived by the stronger device. For example, the weaker device with lower transmission power is in the communication range of the stronger device with higher transmission power, but not vice versa. The stronger device hardly knows the weaker device’s existence and has a significant impact on its data transmission. Therefore, in scenarios where heterogeneous devices coexist, the weaker ones need to avoid the collision actively.

Researchers focus on error detection and recovery methods to achieve the collision tolerance [42, 43, 44, 45, 46]. PPR [47] is a partial retransmission method that proposes retransmission of the parts with errors instead of the whole packet to save cost. In [48, 49], the authors find that the bit errors of a ZigBee packet are temporally correlated with 802.11 traffic. Coding [50, 51] is another method to tolerate the interference. Rateless coding [52, 53] is a recent coding technique that allows the sender to transmit linearly-independent coded packets without knowing the channel condition as a prior. The receiver can decode the packets after accumulating enough correctly-coded packets.

Different wireless technologies can be bridged by building an indirect connection through a multi-radio gateway. With multiple wireless interfaces equipped, a gateway can translate data from different devices following different communication standards. There are many applications that use the gateway to perform the data processing [54, 55, 56]. For example, Shim et al. [57] design a ZigBee-BLE gateway to control and manage home appliances. These IoT systems implement multi-radio gateways that introduce additional hardware, maintenance costs, deployment complexity, and traffic overhead.

CTC opens a new direction which enables direct communication among heterogeneous wireless devices [58, 59, 60, 61]. The ability to communicate with devices of different technologies avoids the unnecessary hardware cost and communication delay, compared to the indirect solutions based on a multi-radio gateway [54]. With CTC, it becomes easier for heterogeneous wireless devices to coordinate even in a shared channel [62]. CTC is also an enabling technology for emerging IoT applications (e.g., industrial surveillance and smart home), where seamless data collection and interoperation are desired [63, 64, 65]. Therefore, CTC brings benefits to interference management, in-situ data exchange, and inter-operation among wireless devices.

In order to improve the network efficiency when IoT devices coexist with WiFi stations, ECT [67] intends to reduce packet collisions by leveraging concurrent transmission and setting priorities for different nodes. As another example of network efficiency improvement with the help of CTC, Amphista [68] presents a novel and effective approach to utilize the 2.4 GHz spectrum. As shown in Figure 2, by leveraging a single ZigBee stream, Amphista enables the ZigBee device to send different information to WiFi and ZigBee devices. The ZigBee to WiFi (Z2W) link embeds sensor data into ZigBee’s transmission power. The same stream is used to disseminate software updates and control messages between ZigBee devices, i.e., Z2Z links. Amphista achieves highly concurrent transmissions and data forwarding of a WiFi video uploading, four groups of ZigBee to WiFi uploading, and four groups of ZigBee intra-communication. The experimental results show that Amphista improves network throughput by up to 400x and reduces transmission latency.

As the rapid growth of IoT devices and sensors, ultra-low power and energy harvesting sensors are gaining more attention in areas such as health monitoring. A simple example would be energy-harvesting sensors, which are implanted in patients and collect data like electrocardiogram, that need to transmit the data to wearable ZigBee devices. The wearable devices also require localization and control data from a cloud server. Considering the energy consumption of traditional ZigBee and the repetitive packets overhead of bridge gateway, existing methods are unable to provide efficient transmission. In [69], researchers propose to modify the WiFi payload of the gateway so that it can transmit a hybrid WiFi and ZigBee signal. As shown in Figure 3, by leveraging productive WiFi packets, a tag backscatters the hybrid signal to transmit its sensor data as well as relay messages to the ZigBee node. The tag changes the frequency of the hybrid signal with power consumption of only 25 \(\mu\)W. It demonstrates the feasibility and possible improvement of leveraging CTC in backscatter networking.

Clock synchronization is a critical function in IoT networks, especially in event-driven scenarios such as environmental surveillance. Crocs [70] is the first work to synchronize clocks of WiFi and ZigBee devices. It consists of two phases. First, a WiFi device transmits beacon messages to form a detectable pattern and let the ZigBee device record timestamps of every received pattern. After agreeing on a unique global time point, timestamps recorded by the WiFi device are sent to ZigBee in the CTC link. Then, clock calibration and adjustment are conducted on ZigBee devices. Crocs provides a robust and accurate synchronization between WiFi and ZigBee with an error of less than 1 millisecond.

Although researchers have proposed many CTC links and applications in IoT networks, CTC transmission is vulnerable to network attacks such as jamming and sniffing [71]. Different from attacks on the existing network, reactively jamming packet-level CTC link requires prior knowledge of specific modulation scheme (e.g., packet pattern, power level). To this end, JamCloak [72] proposes a taxonomy on different CTC protocols and trains a detection model to classify CTC traffic. Then, it conducts a reactive jamming attack on the CTC traffic. The results show that JamCloak can reduce the packet delivery ratio by 80.8% of existing CTC links in practice. In addition, a countermeasure against such attacks is proposed and shown to be capable of resolving the jamming attack.

In RSSI-based packet level CTC, the sender and receiver communicate by producing and sensing the RSSI sequence of a certain pattern in the channel. Figure 4 shows how to establish a side channel based on RSSI between the sender and receiver which utilize heterogeneous technologies but coexist in an overlapping frequency band. Typically, when the sender sends packets in the channel, the receiver senses the existence of them by observing the fluctuation of RSSI values. In Figure 4, the receiver is able to recognize two packets from the sender by analyzing these RSSI samples. In a subsequent analysis of RSSI samples, the receiver can calculate the packet size and packet interval of the sender. These parameters can be manipulated by the sender to convey information. Moreover, the energy gap between RSSI values related to packets and the noise floor is an optional side channel.

In this section, we introduce the representative CTC works where the sender encodes messages in RSSI by manipulating packet energy, packet size, packet schedule or packet content.

CSI is normally used by WiFi to measure the channel variation during the WiFi packet transmission from the WiFi sender to the WiFi receiver. The CSI values include the phase and magnitude attenuation caused by channel changes at the subcarrier level and the CSI values can be obtained from the off-the-shelf WiFi devices (e.g., Intel 5300 card). Considering a WiFi device transmitting packets in the channel, the heterogeneous device can overlap its transmission at both the frequency band and the transmission time. That way, the device can influence the CSI values of the WiFi subcarriers of the same frequency and further, convey information by changing the CSI values.

Specifically, the bandwidth of a WiFi subcarrier (312.5KHz) is several times narrower than one BLE or ZigBee channel (2MHz). In addition, a BLE or ZigBee packet is long enough to hit several WiFi packets in a row. Therefore, BLE or ZigBee devices can convey information by affecting the CSI values of WiFi subcarriers. At the WiFi side, considering a WiFi receiver that receives \(m\) continuous packets at different time and the WiFi band is divided into \(N\) subcarriers. The Figure 8 shows the CSI matrix from time \(T[0]\) to time \(T[m]\) and from subcarrier 1 to \(N\). The blue-colored CSI values are affected by the transmission of heterogeneous devices. The researchers observe that, without the effect of other packets, the neighboring subcarriers (e.g., subcarrier i and i+1) should have very similar CSI readings due to the similar wavelength and multipath effect. So the WiFi device is able to extract the information embedded to the blue colored CSI values by calculating the following equation:where \(Y_{i+1}[k]\) can be used to decode the information from a heteregeneous sender.

Based on the analysis above, the CSI-based CTC achieves the message transfer to WiFi receiver from a heterogeneous sender. Recent works on CSI-based CTC also explore how to improve the reliability in dynamic conditions, extend the transmission range, avoid modifications to MAC-related configurations, or apply it in edge computing scenarios involving gateways.

\(\mathbf {B^2W^2}\) [83] enables CTC from BLE to WiFi while concurrently supports the original BLE to BLE and WiFi to WiFi communications. The basic idea of \(B^2W^2\) is to leverage the CSI variation to embed the CTC symbol from BLE into its overlapped WiFi subcarriers.

To encode and transfer information by CSI, the \(B^2W^2\) sender uses a module named DAFSK to form a sine wave by adjusting the transmission powers of the adjacent BLE packets. As shown in Figure 9, discrete points on the sine wave is corresponding to the BLE packets with different transmission powers. Then the frequency of the sine wave can be changed so that the BLE data streams with different frequencies can represent different CTC symbols. For example, a sine wave with the total duration of eight BLE packets and four BLE packets represents CTC symbol “0” and “1”, respectively. To decode and receive information embedded in the CSI values, the \(B^2W^2\) receiver extracts the CSI values that are affected by the BLE’s transmission and then recovers the discrete sine waves. The \(B^2W^2\) receiver demodulates the CTC symbol according to the frequency of the sine waves. Compared with FreeBee, \(B^2W^2\) achieves 85x throughput improvement by DAFSK.

ZigFi [84] is another work depending on the side channel of CSI, which achieves CTC from a ZigBee sender to a WiFi receiver. The basic idea of ZigFi is to carefully piggy-back ZigBee packets over WiFi packets, without destroying the ongoing WiFi transmissions. In order to use the CSI sequence to enable ZigBee to WiFi CTC, some conditions need to be satisfied: (i) An appropriate subchannel should be selected to make ZigBee and WiFi overlap in the frequency domain. (ii) The ZigBee packet length must be large enough to make ZigBee packets overlap with WiFi packets in the time domain. (iii) An appropriate ZigBee power to make the CSI sequence more distinctive. The ZigFi sender transmits ZigBee packets that satisfy the above conditions and encodes the CTC symbols using the presence or absence of ZigBee packets. The ZigFi receiver receives two sets of information. It decodes packets transmitted by the ZigFi sender as a regular WiFi packet. It also collects the CSI sequence and uses the support vector machine classifier to decode the CTC data. ZigFi achieves a throughput of \(215.9bps\), which is 18x faster than FreeBee.

AdaComm [86] is also related to CSI-based CTC from ZigBee to WiFi. AdaComm aims at maintaining reliable communication performance in dynamic channel conditions. Different from previous work like ZigFi that reactively adjusts the CTC scheme at the sender, AdaComm improves reliability by using an online learning mechanism at the receiver side. The evaluation results demonstrate that AdaComm can significantly reduce the symbol error rate (SER) by \(72.9\%\) and \(49.2\%\), respectively, compared with the existing approaches.

cChirp [87] extends the communication range of CSI-based CTC from ZigBee to WiFi. Due to the asymmetric bandwidth and transmission power, the existing CTC from the low-power and narrow-band technology to the high-power and wide-band technology suffers from serious symbol distortions and has a limited range. Inspired by chirp spread spectrum (CSS) modulation in LoRa, cChirp proposes that the ZigBee sender can use transmissions on multiple ZigBee channels to construct chirps in the WiFi CSI matrix in Figure 10. This method constructs a stable and distinguishable pattern to convey symbols, improves the decoding sensitivity at the WiFi receiver, and achieves a \(60m\) communication range from ZigBee to WiFi with a goodput of about \(90bps\).

DopplerFi [89] explores how to build a CTC channel between BLE and WiFi without modifying the MAC-related configurations such as transmission power or time. As for transmission from BLE to WiFi, DopplerFi is transparent to upper layers and achieves CSI-based CTC from BLE to WiFi with a throughput of \(1.59 Kbps\). DopplerFi takes advantage of the fact that the current designs of BLE can tolerate and compensate 150 KHz central frequency offset (CFO). Particularly, BLE packets are shifted with \(\pm 80\) KHz by CFO calibration in PHY. Such shift has little impact on adjacent channels due to the guard band protection and leaves enough space for BLE to tune carrier frequency and encode bits. It also ensures CFO recovery in legacy packet reception even in the presence of inherent CFO and Doppler effect. Since one BLE channel overlaps with multiple subcarriers in WiFi, WiFi can obtain the information from BLE by extracting the CSI values of WiFi packets. To identify different amounts of frequency shifts in BLE packets, WiFi differentiates them by analyzing the frequency correlations among adjacent CSI values.

With receiver transparent CTC, the receivers can demodulate the heterogeneous transmitters’ signals without any modification. The receiver transparent CTCs mainly utilize the transmitter’s signals (e.g., WiFi) to emulate the receiver’s signals (e.g., ZigBee) by manipulating the transmitter’s payload. According to the emulation target, these works can be divided into two categories, namely time-domain waveform-based emulation and phase-shift-sequence-based emulation. The former mainly emulates the receiver’s time-domain waveform, such as WEBee [22] and PMC [90], while the latter mainly emulates the phase shift sequence of the receiver’s signal, such as WIDE [92] and BlueBee [94].

WEBee [22] introduces a high-throughput CTC from WiFi to ZigBee via emulating the ZigBee time-domain waveform by modifying the WiFi transmitter. Figure 11 illustrates the architecture of WEBee. The WiFi device chooses the payload of a WiFi frame to emulate the ZigBee packet. When the ZigBee device receives signals, the WiFi header, preamble, and trailer are ignored as noise. The WiFi payload is recognized as a legitimate ZigBee packet and is decoded successfully at the ZigBee receiver. The complete WEBee emulation procedure is transparent to the ZigBee receiver and is shown in Figure 12, which mainly consists of three parts: (i) Quadrature Amplitude Modulation (QAM) Emulation, (ii) Channel Coding Emulation, and (iii) Post-QAM Emulation.

QAM Emulation is the core of WEBee. As shown in Figure 13, the process of QAM selection is done in the reverse direction, where the desired ZigBee time-domain signals are sent into the fast Fourier transform (FFT) to select the corresponding QAM constellation points. Whereas the frequency components of the desired ZigBee time-domain signals may not match the WiFi QAM points perfectly, which leads to QAM quantization errors. Parseval’s theorem states that the energy in the time-domain is equal to the energy in the frequency domain. That means minimizing the signal distortion in the time-domain caused by the QAM emulation errors is equal to minimizing the deviation of frequency components. Hence, the QAM emulation is an optimizing process to choose the closest \(n\) QAM points in terms of the difference of FFT points between the desired signals and WiFi signals. Moreover, the Direct Sequence Spread Spectrum (DSSS) also improves the ability to tolerate errors. Specifically, a ZigBee symbol (4-bits) is mapped into a 32-chip sequence. The maximum Hamming distance between the received chip sequence and the standard chip sequence is customizable in commercial off-the-shelf devices. Hence, in WEBee, the maximum Hamming distance can be set more loosely to tolerate QAM emulation errors.

Channel Coding Emulation is used to achieve the emulation of convolutional encoder, scramber, and interleaver. First, the convolutional encoding can be modeled as a matrix \(M\), which satisfies \(M \times _{GF(2)}X=Y\). The Galois field \(GF(2)\) is used to define the relationship between the source bits \(X\) and the coded bits \(Y\). WEBee only needs to control 7 WiFi QAM points to emulate ZigBee signals because the ZigBee channel only covers 7 WiFi subcarriers. So with 64-QAM, WEBee controls only 42 (7 \(\times\) 6) bits of \(Y\) by manipulating \(X\). In addition to convolutional encoder, the scrambling of WiFi is achieved by XORing the incoming source bits with the output of a 7-bit linear feedback shift register. It is easy to reverse the scrambler by XORing the scrambled bits with the same output of the shift register because the scrambler is a one-to-one mapping from the source bits to the scrambled bits. Similarly, the interleaver is also a one-to-one mapping from the coded bits to the permuted bits, and it can be reversed easily.

Post-QAM Emulation has several challenges to be resolved. First, the duration of a ZigBee symbol is four times that of WiFi. Therefore, a complete ZigBee symbol has to be segmented before emulated by four WiFi symbols and such segmentation introduces boundary errors. Second, the cyclic prefix (CP) will also cause errors. The 0.8 \(\mu\)s-CP means that the front segment and the end segment of WiFi signals are the same, introducing additional error for ZigBee. Due to the inherent difference between WiFi and ZigBee, the signal distortion cannot be avoided completely during the emulation. WEBee also proposes repeated transmission and forward error correction (FEC) for reliability.

PMC [90] is another waveform-based CTC from WiFi to ZigBee. Different from WEBee, PMC only uses the signals of the overlapping WiFi subcarriers to emulate ZigBee signals. The other subcarriers still transmit WiFi signals. The system overview is shown in Figure 14. Specifically, PMC firstly develops an offline search algorithm, which can map the desired ZigBee signals to WiFi QAM-modulated signals. This search algorithm iteratively finds the QAM phase states that are most similar to the ZigBee offset quadrature phase shift keying (OQPSK) signals from all possible QAM phase states in the overlapping WiFi subcarriers. It should be noted that it is different from WEBee [22] as it can choose other QAM points besides the original WiFi constellation points. This mapping relationship is stored in a look-up table (LUT). Then WiFi sender goes through the LUT table to get the QAM states corresponding to the ZigBee signals. The signals in other non-overlapping subcarriers are the traditional WiFi signals. The hybrid ZigBee and WiFi signals are sent after the inverse FFT module. In this way, the hybrid signals can be decoded by the WiFi receiver and ZigBee receiver, respectively. It should be noted that the hybrid signals can be directly received and decoded by the ZigBee receiver without any modification, while the WiFi receiver needs to be modified at the link layer to extract the WiFi data from the hybrid signals.

In addition to the person-area network (e.g., WiFi, ZigBee, and Bluetooth), some works focus on the wide-area network (e.g., LTE and Multefire). LTE2B [91] is a representative CTC work that delivers information from LTE to ZigBee. Some works attempt to combine the physical level CTC with backscatter. Passive-ZigBee [69] utilizes a low power backscatter radio to transform a WiFi signal into a ZigBee packet.

On the one hand, in spite of the progress in time-domain waveform emulation, an important fact is often overlooked: the emulated signals from the sender cannot perfectly match the desired signals of the receiver due to the difference in communication standards and the hardware restrictions. There is more or less Hamming distance between the emulated and the desired signals, incurring emulation errors. On the other hand, the receiver transparent CTC receiver (ZigBee, BLE, etc.) uses the phase shift rather than the phase itself or time-domain waveform to decode signals. Specifically, the receiver outputs “1” if the phase shift between two consecutive samples is bigger than 0 and otherwise outputs “0”.

Based on the above finding, WIDE [92] achieves CTC based on the method of digital emulation to reduce emulation errors. Instead of emulating the original time-domain waveform of the receiver, the sender emulates the phase shifts associated with the desired signals. The process of digital emulation is shown in Figure 15. Given the desired data bits of the receiver, the sender calculates the signs of phase shifts. The positive and negative phase shifts represent the bit “1” and “0”, respectively. The sender generates a ladder-shaped phase sequence that matches the signs of phase shifts. The duration of each phase value is equal to the decoding period of the receiver. The ladder-shaped phase sequence corresponds to a waveform, which is then emulated by using the time-domain waveform emulation.

Compared with the time-domain waveform emulation, digital emulation is more flexible and robust. As shown in Figure 15, the phase shift sequence of the desired data bits at the receiver side is not unique, because the receiver decodes signals according to the sign of the phase shift rather than the specific phase shift value. For example, the phase shift value \(+\frac{\pi }{4}\) and \(+\frac{\pi }{2}\) can both be decoded as “1” due to the positive sign of phase shift. The errors at the WiFi sender when emulating different phase shift sequences are different. Therefore, we have the opportunity to reduce the emulation errors by selecting an appropriate phase shift sequence for emulation.

BlueBee [94] proposes a CTC from BLE to ZigBee by emulating legitimate ZigBee packets using BLE packets. It is also based on phase shift sequence emulation. The feasibility of emulating ZigBee packets using BLE packets relies on two key technique insights. First, the modulation techniques of ZigBee and BLE are similar. ZigBee’s OQPSK and BLE’s GFSK both leverage the phase shift between consecutive samples to indicate symbols. Second, the demodulation of Zigbee only considers the sign of the phase shift (“+” or “\(-\)”) instead of a particular phase shift value, which offers great flexibility in emulation. Figure 16(a) depicts the ZigBee signal containing chips “11”. The phase shifts from \(T_1\) to \(T_2\) and from \(T_2\) to \(T_3\) are both \(\frac{\pi }{2}\). Figure 16(b) shows the BLE signal, which is the emulation of Figure 16(a). The bandwidth of BLE is half of the bandwidth of ZigBee, which means the sampling rate of BLE is also half of ZigBee. When the BLE signal is fed into the ZigBee receiver, the ZigBee receives samples at \(T_1\), \(T_2\), and \(T_3\). The phase shifts from \(T_1\) to \(T_2\) and from \(T_2\) to \(T_3\) are both \(\frac{\pi }{4}\). Since the signs of these two phase shifts are positive, the ZigBee chips can be successfully decoded as “11”. In this case, the ZigBee receiver can decode the BLE signal segment as “11” or “00”. Consider that there are “10” and “01” in the DSSS sequence of the ZigBee symbols. The BLE signal is optimally designed such that the inevitable error is minimized and kept under the tolerance of the ZigBee’s OQPSK/DSSS demodulator.

Different from the receiver transparent CTCs that utilize the transmitter’s strong capability to realize the communication from high-end transmitters to low-end receivers, the transmitter transparent CTCs make full use of the receiver’s capability to realize the communication from low-end transmitters to high-end receivers without any modification of transmitters. Now we introduce three transmitter transparent CTC works. The first two of them observe the pattern of the transmitter’s signal at the receiver to achieve cross-decoding, while the third one utilizes the strong computing capability of the WiFi receiver to reconstruct the transmitter’s signal.

XBee [95] is a physical-level CTC from ZigBee to BLE. This work proposes the method of cross-decoding, which interprets a ZigBee frame by observing the bit pattern obtained at the BLE receiver. Cross-decoding is inspired by the following two technical insights. First, Both the ZigBee receiver and the BLE receiver utilize the phase shift to decode their signals. Second, the phase shifts at the BLE receiver are quantized, and only the sign of phase shifts are used. We illustrate the method of cross-decoding with the example shown in Figure 17. A ZigBee symbol lasts 16\(\mu\)s. Considering the sampling rate of BLE is 1\(MHz\), the above ZigBee signals can be demodulated as 8 BLE bits based on the sign of phase shifts. Since the sampling rate of BLE is half of the sampling rate of ZigBee, whether the samples have a left offset or a right offset determines the final decoding result. The BLE decoding bit sequence has some determined bits and some undetermined bits. According to the demodulated BLE bits, the BLE receiver can infer the ZigBee symbols.

LEGO-Fi [96] is another transmitter transparent CTC, which delivers information from ZigBee to WiFi. LEGO-Fi reuses the standard WiFi modules for the ZigBee reception and proposes a concept named cross-demapping. As shown in Figure 18, the authors reuse the WiFi short preamble detection module, the WiFi long preamble detection module, and the quadrature demodulation module to decode ZigBee symbols. First, the received signals after the process of downsampling are fed to the WiFi short preamble detection module. Second, if the periodic ZigBee preamble is detected, we reuse the WiFi long preamble detection module to conduct symbol synchronization to segment each ZigBee symbol. During this process, the start of frame delimiter (SFD) template of ZigBee is fed into the WiFi long preamble detection module to locate the SFD. Third, these received signals are forwarded to the quadrature demodulator to calculate the corresponding phase shift sequence. Finally, LEGO-Fi uses a matching filter to distinguish different ZigBee symbols and accomplish CTC from ZigBee to WiFi.

XFi [98] enables mobile devices to directly and simultaneously collect data from diverse IoT devices by commodity WiFi radio. The key insight is that the IoT data can be captured by the WiFi receiver and retained when the IoT frame collides with a WiFi transmission. XFi obtains the collided IoT data by analyzing the decoded WiFi payload. The detailed procedures of XFi are as follows: (i) reconstruct the waveform of hitchhiking IoT data, and (ii) decode the reconstructed IoT waveform. Figure 19 shows the architecture of XFi. The coded bits are recovered from decode bits by the coded bit reconstructor. The coded bits are mapped to the subcarriers and the IoT waveform can be reconstructed by performing IFFT. A robust decoding algorithm is used to decode the IoT data with these reconstructed waveforms. While the channel decoder of WiFi adopts FEC and attempts to eliminate the hitchhiking IoT signal as interference in the decoded output, the author observes that the decoder almost keeps the corrupted coded bits intact, especially when coded bits are severely disturbed by the IoT signal. So the coded bits can be approximated with decoded bits. On the other hand, with the parity removal and CP removal, nearly a third of IoT waveforms are erased by WiFi hardware and cannot be reconstructed. In this case, XFi customizes an enhanced IoT decoder to provide robust decoding with the symbol-level and chip-level redundancy of IoT signals.

In addition to the above two types of CTCs, another type of CTC modifies both the transmitter and the receiver. Part of them are to enhance the robustness of CTC, such as TwinBee [99], LongBee [100], and SymBee [101]. Other works are to achieve parallel communication between the different wireless protocols, such as Chiron [102] and PIC [103]. We introduce these representative works below.

TwinBee [99] is a representative none transparent CTC work to enhance the robustness of CTC, which is proposed to recover errors introduced by imperfect signal emulation of WEBee. The author analyzes the reasons for these errors and conducts several experiments to explore the chip error patterns. The received 32-chip sequence of ZigBee, whose chip errors are located in the middle and both ends of the chip sequence, is regarded as the error-prone chip. The rest of the chips are regarded as normal chips. Since those chip errors have distinguishable patterns, TwinBee designs a specific chip-combining coding method to recover the errors in error-prone chips.

The cyclic-shift feature of ZigBee chip sequence ensures the feasibility of chip-combining coding. As we know, a 4-bit ZigBee symbol is mapped into a 32-chip sequence, and there are a total of 16 different chip sequences for symbol “0” to symbol “15”. The chip sequence “\(m+2\)” is the right-cyclic-shifted by 4 chips from the chip sequence “\(m\)”.

The basic idea of the chip-combining coding is leveraging the cyclic-shift feature of ZigBee chip sequences to move the error-prone chips away. We suppose the length of error-prone chips is 8 chips. After the chip sequence “\(m+2\)” is shifted by 8 chips, the error-prone chips’ position is exactly complementary to the position of symbol “\(m\)”. Combining these two emulated symbols only with their normal chips will recover the original symbol with all normal chips.

The diagram of chip-combining coding is shown in Figure 20. An original symbol “\(m\)” is to be transmitted. The TwinBee sender firstly selects a twin symbol “\(m+2\)” whose chip sequence is right-cycle-shifted by 8 chips from the original symbol. Then the TwinBee sender combines these twin symbols into one byte and transmits via emulation. The TwinBee receiver left-cyclic-shifts the received chip sequence of symbol “\(m+2\)” by 8 chips, denoted as “\(m+2\lt \lt\)”. The positions of error-prone chips of “\(m+2\lt \lt\)” are different from the original symbol \(m\). In addition, due to the cyclic-shift feature of the ZigBee chip sequence, the chip sequence of “\(m+2\lt \lt\)” is equal to the symbol “\(m\)” in theory. The TwinBee receiver combines the normal chips of these two chip sequences “\(m+2\lt \lt\)” and “\(m\)” together. In this way, the TwinBee receiver gets the chip sequence of the original symbol “\(m\)” with all normal chips, and the error-prone chips can be recovered successfully.

LongBee [100] is another improved CTC work of WEBee. LongBee extends the communication range of CTC to support long-range IoT applications. In terms of signal emulation, LongBee works similarly to WEBee. Moreover, LongBee combines the high transmission power of WiFi and the fine receiving sensitivity of ZigBee together to increase the CTC communication range significantly. SymBee [101] is a symbol-level CTC from ZigBee to WiFi, which is built on the insight of cross-observability on ZigBee-WiFi physical layer. The ZigBee sender transmits specific symbols, and these symbols yield unique and easily detectable patterns when cross-observed at the WiFi receiver. SymBee elaborately selects optimal combinations of ZigBee symbols to achieve two goals. First, these symbols yield the longest stable patterns that maximize the detection under noise and interference. Second, the difference between different combinations of elected symbols used to represent different CTC symbols is maximally distinct. Chiron [102] is a representative none transparent CTC work to achieve parallel communication, as it designs a Chiron receiver and a Chiron sender to enable parallelly transmitting (or receiving) WiFi data and Zigbee data to (or from) commodity WiFi and ZigBee devices.

PIC [103] design a new gateway to achieve the parallel inclusive bi-directional transmission of both WiFi and BLE data simultaneously. The core of the PIC’s design is to generate a frame that contains both WiFi and BLE data which can be demodulated by both WiFi and BLE devices, leveraging the unique modulation schemes of WiFi and BLE. Symphony [104] achieves CTC from both ZigBee and BLE to LoRa. The key ideas of this approach are two techniques: (i) ZigBee and BLE can both generate several specific signals by controlling the payload. (ii) LoRa demodulation mechanism based on FFT can be used to detect the specific signals from ZigBee and BLE.

First, the data rate of packet level CTC is lower than that of physical level CTC. For example, the data rate of packet level CTC is usually no more than a few Kbps, while the data rate of physical level CTC can be up to hundreds of Kbps. That is expected because the physical level CTC uses more fine-grained time-domain signal or phase information to transmit CTC messages, while the packet level CTC uses coarse-grained packet features. A packet can only carry a few bits of CTC messages.

Second, the packet level CTC is usually more reliable than the physical level CTC. Specifically, the packet level CTCs have stronger anti-interference and anti-noise ability than the physical level CTCs.

Third, parallel CTC is often desired can be realized by either a packet level CTC or physical level CTC. For example, the packet level CTC named DCTC [79] and the physical level CTC named WEBee [22] support four-channel concurrent CTC links.

First, the complexity and cost of the packet level CTC are relatively low. For the RSSI-based packet level CTC and the CSI-based packet level CTC, the transmitter sometimes needs to inject extra data packets to construct distinguished RSSI and CSI patterns. At the transmitter, the packet level CTC has no requirement for the data payload and there is no modification on the hardware and the MAC protocol. At the receiver, there is only an add-on demodulation algorithm based on the received RSSI sequence and CSI sequence. The demodulation algorithm of RSSI classification is simple and the computational complexity is \(O(n)\), where \(n\) is the number of samples. Whereas, the demodulation complexity of the CSI-based packet level CTC depends on the classification algorithm. Different CSI classification algorithms, such as variance detection, SVM classifier and CNN classifier, have different complexity and cost.

Second, the complexity of the physical level CTC is higher than that of the packet level CTC. We present brief comparison of them as follows.

(1) Receiver-transparent physical level CTC: In order to emulate the desired signal or phase of the receiver, the transmitter needs to manipulate the packet payload. The emulation process is the reverse-engineering of the modulation process. FFT operation is the most time-consuming operation in the process of signal emulation, and its computational complexity is \(O(lgn)\) where \(n\) is the length of the desired packet. There is no modification on the modulation/demodulation algorithm, transmitting/receiving parameters, hardware, or the MAC protocol at the transmitter and the receiver.

(2) Transmitter-transparent physical level CTC: In order to demodulate the signal from the transmitter without any modification, the receiver reuses and rewires the existing processing modules to obtain a mapping table between the identified patterns and the CTC messages. The receiver only needs to update the demodulation algorithm without the modification on hardware or the MAC protocol. The transmitter also does not require any modification and transmits the data packet directly.

(3) None-transparent physical level CTC. In order to improve the reception radio of the emulated packet, extend the communication distance of CTC, and support CTC links with higher concurrency, the none-transparent physical level CTC leverages more complex operations such as bandwidth conversion and segment stitching. Although there is no modification on the hardware and MAC protocol, the transmitter needs to modify the packet payload and the transmitting parameters (bandwidth, power, and interval). The receiver employs more complex demodulation algorithm at the software layer.

CTC enables interpreting signals from other technologies with dedicated hardware as a helper in a backscatter communication system [110, 111, 112]. Although a basic backscatter communication system consists of dedicated hardware, it can still be a promising alternative to connect different technologies due to its low power consumption and simplicity. By leveraging the receiver-transparent CTC technique, WiTAG [113], shown in Figure 24, designs a MAC-layer backscatter tag that can be read using WiFi devices. It reduces the complexity and cost of deploying backscatter systems by using existing WiFi infrastructures instead of specialized readers. Gatescatter [114] is another backscatter-based CTC connecting commodity IoT to WiFi. The Gatescatter tag can reshape ZigBee packets with an arbitrary payload into a legitimate 802.11b WiFi packet, such that the payload can be decoded at the WiFi receiver.

The above CTC works require the frequency overlapping between the transmitter and the receiver. Nowadays, some CTC works achieve cross-frequency communication between different devices. Interscatter [115] is the first cross-frequency communication work that achieves CTC from Bluetooth to WiFi in different channels by using backscatter technology. TiFi [116] is another cross-frequency communication work. It achieves CTC from the RFID tag (from 840\(MHz\) to 920\(MHz\)) to the WiFi receiver (2.4\(GHz\)). TiFi proposes harmonic backscattering to sew the frequency gap between RFID and WiFi [117]. Due to the rectenna’s nonlinearity effect, RFID tags reflect the reader’s wave at the fundamental frequency (e.g., first at 820\(MHz\)) and at the harmonics (e.g., second at 1.64\(GHz\), third at 2.46\(GHz\)). In this way, the frequency of the harmonic reflected signal of the RFID tag overlaps with WiFi. The illustration of TiFi process is shown in Figure 25. Leveraging the RFID mode of retransmission request, the reader can obtain the message of the RFID tag after one transmission. Later, the reader remodulates the message of the RFID tag with the modulation of WiFi. Therefore, the WiFi receiver can receive packets from the RFID tag.

Existing communication technologies cannot enable communication across medium boundaries, such as across the water-air interface. This is because most wireless signals directly reflect at the media boundary. Besides using RF signals, many advanced works explore acoustic and light signals to achieve cross-media communications. TARF [118] enables submerged underwater sensors to directly communicate with an airborne node, as shown in Figure 26(a). The design of TARF relies on the fundamental physical properties of acoustic waves. The underwater sensor equipped with a sound transducer transmits the acoustic waves as the pressure waves. When the pressure waves hit the water surface, there will be perturbation or displacement caused by the mechanical nature. In order to pick up the displacement of the surface caused by the acoustic waves, TARF’s airborne sensor transmits frequency-modulated carrier wave (FMCW) millimeter-wave to measure the phase of reflected signals. AmphiLight [119] uses laser light to achieve communication across the air-water interface.