Anti-Detection Performance of Code-Hopping Direct Sequence Spread Spectrum System

INTRODUCTION

Our daily lives become more and more dependent on satellite communications. However, satellite communication is easily to be jammed or intercepted for its openness. Not only military satellite systems need secure protection but also civil systems. For Pay-TV broadcasting, security problems cause massive financial losses to the providers. Private and business users expect secure transmission of their data (Hermanns et al., 2005).

Today, no special effort is done in civil satellite communications to secure the transmission on the physical layer. Even some military communications need more solutions to prevent jamming and interceptions. The exiting anti-detection and anti-interception methods in physical layer could be sorted into four kinds. They are space-domain, frequency-domain, time-domain and code-domain. In space-domain, the main idea is beam narrowing. The anti-detection performance is realized by precise directional communication. However, the detector could still be placed just in the beam or closely enough to the transmitter. In frequency-domain, frequency hopping technique is so costly and complicated that civil wireless communications can not afford. In time-domain, though many methods are proposed to increase the difficulty of detection, the benefit is limited. Some mixed modes are also proposed like space-time code scheme (Mingxin et al., 2008).

In code-domain, Direct Sequence Spread Spectrum (DSSS) systems were thought to be secure but all the secure performance is based on the assumption that the code sequence is unknown for interceptors. However, this assumption is not the truth any more. Most DSSS systems are using vulnerable Linear Feedback Shift Register (LFSR) generators to create the spreading sequences. According to the research, the hidden 42-bit LFSR mask value of IS-95 mobile phone communications can be revealed in about 1 sec of interception. The argument of CDMA-based voice privacy in IS-95 is weakened by this (Hermanns et al., 2005). DSSS systems which do not use LFSR could be cracked too with more time and calculations.

Despite wireless communications, DSSS communication system also has applications in optical LAN to transmit private data (Britto and Sankaranarayanan, 2006). Its security mechanism will be broken either when the code is decrypted.

Many detection and interception algorithms are developed. Some of them base on the energy detection. Some utilize autocorrelation of spreading code (Polydoros and Holmes, 1983). Others focus on the higher order spectral features, as well as cepstrum and periodic spectrum. Even matrix calculation is used. Except energy detection, almost all of these algorithms use periodical cycle characteristic. Though the periodical cycle characteristic may be covered by data modulation, it could be extracted by methods like autocorrelation and periodic spectrum. Particularly, algorithms using autocorrelation of DSSS signal are more and more popular.

DSSS detection using second order moment estimators was presented in 2002 (Burel et al., 2001). Because the fourth-order moment chip is blind to the arbitrary Gaussian noise, the detection method based on the quadratic fourth-order moment chip of DS-CDMA was proposed (Zhijin and Junjie, 2009). Advanced detection method based on fluctuating observation of second order statistic estimator was presented in 2010 (Khodadad et al., 2010).

Self-Organizing Feature Map (SOFM) neural network algorithm was presented to detect and identify the PN sequence (Hao et al., 2006). Singular Value Decomposition (SVD) plus Digital Phase Lock Loop (DPLL) was presented to solve the problem of blind Pseudo-Noise (PN) sequence estimation for low signal to noise ratios (SNR) DSSS signals in dynamic environments (Zhang et al., 2008).

Autocorrelation techniques for FH/DS signals detection was presented since 1983 (Polydoros and Holmes, 1983). Segment correlation and amplitude accumulation method was presented by Sun et al. (2006). A long PN code sequence estimation and synchronization algorithm by subsection technique was proposed by Yong et al. (2007). A combination method was presented to estimate the unknown PN spreading sequence for DSSS signals in frequency selective fading channel (Xu, 2008). Communication signals are appropriately to be modeled as cyclostationary stochastic processes. Method based on second order cyclostationary statistics was adopted to detect whether the modulated signal exists in background noise (Yu et al., 2008).

DSSS systems have good anti-interference performance both on data transmission and telemetry tracking and control (Wu et al., 2010). To exploit the power of DSSS system for anti-jamming and low probability of intercept, dynamic spreading codes have to be developed, i.e., Code-Hopping (CH) DSSS systems.

Code hopping technique eliminates periodic cycle which is the most important characteristic for unauthorized detection. Interception and eavesdropping renders impossible for unpredictable and non-circulating spreading codes. At negative SNR, the signal disappears in noise and the attacker can not even detect a signal. The advantages of CH-DSSS grow with the signal bandwidth. Best are modern ultra-wideband (UWB) transmission systems. And the hopping code generation could be supported by fast spread sequence generation technology (Chen et al., 2010; Tong et al., 2011).

Estimation-based Time-domain Sliding Correlating Accumulation (ETSCA) algorithm is based on estimation and weighted accumulation (Li et al., 2010). ETSCA algorithm can successfully detect DSSS signal information in SNR lower than -15 dB when the PN code used is only 15 bits long. SNR required could be even lower when code length increases. ETSCA Algorithm can also estimate data transmitted with good BER performance. In particular, this algorithm could be used to detect CH-DSSS signal with small change. With this method, the Anti-detecting performance of non code-hopping (NCH) DSSS and CH-DSSS systems are compared. Theoretical analysis and simulation lead to a conclusion that CH-DSSS system is more secure than NCH-DSSS system.

SYSTEM DESCRIPTION

DSSS system block diagram is shown in Fig. 1.

For simplicity, ignore the fading. Received signal S (t) which is modulated by BPSK can be expressed as:

(1)

S_i (t) stands for one symbol segment of S (t), it can be expressed as:

(2)

where, d_i (t) is data transmitted, c (t) is the Pseudorandom Noise (PN) code, ω is angular frequency and n_i (t) is Additive White Gaussian Noise (AWGN).

The main difference to traditional NCH- DSSS systems is the dynamization of secure pseudo noise spreading code. CH-DSSS system block diagram is shown in Fig. 2. The PN code generators are controlled by Code Hopping Control (CHC) module. That makes the actual spreading code unpredictable but can still be synchronized by key mechanism. Spreading code can be realized in hardware by Advanced Encryption Standard (AES) blocks in Open for Business (OFB) mode. Simple variants with basic LFSR generators are possible to reuse existing CDMA hardware. By dynamically re-seeding the LFSR, attacks become much harder.

Signal in CH-DSSS system modulated by BPSK can be expressed as:

(3)

where, c_[j] (t) is the hopping code, R is the number of hopping codes and c_i (t) is determined by code hopping table.

Fig. 1:	NCH-DSSS system architecture

Fig. 2:	CH-DSSS system architecture

Comparing Eq. 3 with Eq. 2, the only difference is code c_i (t) in (3) is variable as data symbol changing.

ETSCA METHOD

Most of detecting methods for DSSS signal make use of the cycle repeated feature. ETSCA (Estimation-based Time-domain Sliding Correlating Accumulation) method has good detecting performance and portability. The method can detect DSSS signal period and synchronization in SNR lower than generally working. It can estimate data with BER closed to theoretical BER.

Estimation model: The modulated code Cm (t) can be expressed as:

(4)

Then:

(5)

So d_i (t) can be acquired by integration in code period T_p:

(6)

where, S_i (t) is one segment of DS signal in T_p. LPF [S] means signal S passes low pass filter. For the lack of C_m (t) we use estimated code Cm_E (t) instead. Cm_E (t) can be expressed as:

(7)

where, n_E (t) is estimation noise. Then estimated data d_Ei (t) could be acquired as follow:

(8)

The accuracy of d_Ei (t) is determined by accuracy of Cm_E (t). Cm_E (t) could be calculated by:

(9)

where, M is the total number of segments, P is the probability of d_Ei (t) equaling to d_i (t). P tends to 1 when the estimation is accurate. The second item in tends to be 0 when M is large enough.

Equation 8 and 9 indicate that we can calculate d_E (t) from Cm_E (t), then reversely refresh Cm_E (t) using d_E (t). As this process continuing, the power of estimated noise is reduced gradually. When the actual application, it could choose any signal segment S_i (t) as the initial value of estimated code Cm_E (t)₍₀₎. Simulation results show that the value of d_E (t) and Cm_E (t) will be available after 3 to 5 circular processes.

Parameter detection: ETSCA method adopts time-domain sliding correlation algorithm detects code period and code synchronization. According to this algorithm, signal samples are divided into several segments with the same length by a dividing window. which the size of is T. The dividing window slides to search synchronization position and the sliding offset is P_syn. the final output V (T, P_syn) is as follow:

(10)

where, n is the times of refreshing moves and is one of the segments divided by parameters T and p_syn. V (T, p_syn) gets its maximum value when T equals to code period T_p and p_syn is just the position where code synchronized. If T and p_syn do not match the true value, there will be no spreading gain. Then because of the powerful noise, the estimation is nearly a random guess. It means that the accuracy probability tends to 50% and V (T, p_syn) will be 0.

Figure 3 is a mesh plot of V (T, p_syn). In this simulation, 15 bits code is used and the SNR is -3 dB. Units of both T axis and p_syn axis are sample time T_S. Figure 1 indicates that there is a series of peaks forming a wall at 480 T_S in T axis (where T_p is).

Fig. 3:	Mesh plot for simulation results V (T, psyn)

Fig. 4:	Projection on T plane

Fig. 5:	Section when T equals to Tp

The coordinate of the wall’s highest peak are just code period and synchronization position which we are searching for.

Define V (T) as the maximum V (T, p_syn) for each T. That is the projection on T plane. Figure 4 shows the curve of V (T) which has a clear period spectrum. For convenience, the abscissa is T normalized with code period T_p.

Figure 5 is the Section when T equals to T_p. It’s where the peak wall is. The p_syn axis has been normalized by code period T_p. “0” means it’s just the synchronization position and “1” means the sliding offset is one code period. Figure 4 has clearly shown where the synchronization position is.

DETECTION ON CH-DSSS SYSTEM

CH-DSSS system is developed from NCH-DSSS system. The only difference between them is code sequence in CH-DSSS system is dynamic. Do the same processing with NCH-DSSS system, define:

(11)

then:

(12)

Where:

Dealing with integrator and LPF, 3 items behind in tend to be 0. Thus:

(13)

Comparing Eq. 12 with Eq. 5, it could be found that noise in Eq. 12 is larger than which in Eq. 5 . The coefficient of data item d_i in Eq. 12 is smaller too because of the exiting of R. Similarity with, Eq. 9, consider:

(14)

Assume the distribution of hopping code is uniform. Then Eq. 14 will comes to:

(15)

When SNR is high, P tends to be 1. Then:

(16)

Although the above derivation assumed the inner products of non-relevant items are 0. But in fact, these items are not absolutely relevant. The correlation value can not be ignored when the code length is short. This is equivalent to adding noise with fixed SNR. Especially, this part of the noise can not be depressed by increasing accumulated data length.

SIMULATION

The simulation includes two parts. One is signal parameters anti-detecting performance simulation. In this part, the main work is on weather the detecting method could recognize the signal parameters rightly.

The other part is data demodulation test. After acquiring the signal period and synchronization, the original data transmitted could be demodulated. System using code hopping will get an extra anti-detecting gain in this step.

Parameter anti-detection simulation: in the simulation, 400 bits data have been spread by 15 bits PN code. The filter band is 4 times wide of signal band and the SNR is -6 dB. Figure 5 shows the results V (T) when R is 1, 2, 4 and 8, respectively.

Table 1:	Judgment factors when data length is 400 bits

Figure 6 points out the signal’s main spectrum falls when increasing the number of hopping codes. In another word, the anti-detecting performance gets better when hopping-code number increased.

In order to quantitatively determine whether the maximum spectrum is the real signal, define γ_γ named peak ratio. Firstly, define the maximum peak factor σ_{γ, first} and the second maximum peak factor σ_{γ, second} of vector Y as follows:

(17)

(18)

where, function “Mean (Y)” is to calculate the average value of Y, T_max is the maximum value of Y and Y_submax is the second maximum value of Y. Then define γ_γ as:

(19)

Table 1 shows γ_γ of V (T). It can be seen that, the maximum spectrum is really signal code period spectrum when σ_{γ, first} and γ_γ is large.

Data anti-demodulation simulation: In the same time of recognizing period spectrum, code synchronization information could be obtained by intercepting the p_syn plane including period spectrum in mesh plot.

For NCH-DSSS system, ones making sure the code period and synchronization position, d_Ei (t) could be directly output as blind detection results. Figure 7 gives out BER of d_Ei by different SNR, the theoretical value presents either. It is shown that detecting methods could easily get the original data transmitted.

While in CH-DSSS system, there is a protection from demodulating uncooperative. That is detectors have no idea of the pole of the code. This problem does not exit in NCH-DSSS system, because you can get the right data sequence or the totally opposition which is usable either.

The demodulation results in CH-DSSS system is permutation and combination of hopping codes. It causes fixed bit error according how many hopping codes are used. For example, there are two hopping codes, both demodulation results of two data sequences are the same as shown in Fig. 8.

Fig. 6:	Results for different number of codes, (a) NCH system, (b) CH system when R = 2, (c) CH system when R = 4 and (d) CH system when R = 8

Fig. 7:	BER of estimated data dEi (t)

Fig. 8:	Demodulation of 2 codes hopping system

Noticing data spread by code 2 in the rectangular, either 0 or 1 ill be considered as 1. Therefore, code hopping encrypts the raw data. The more hopping codes, the deeper data are encrypted. Thus intercepting demodulation will have a high ABER (average bit error rate).

However, interceptor could still get right data by decryption like code separation or just has a good luck. When the demodulated results have the same polarity with original data, it is called consistent situation. And the BER in consistent situation is called CSBER.

In simulation, ABER is got by directly demodulating CH signals by ETSCA method. And CSBER is got by using special1 data instead of random data to artificially create consistent situation.

RESULTS ANALYSIS

Parameter anti-detection analysis: It is indicated by Eq. 10 and 15 that the precision of estimation is related to the SNR. As SNR decreasing, the signal’s main spectrum in T plane projection is gradually submerged in noise. It is also reflected as the decreasing of γ_γ. Generally, detection fails when γ_γ is less than 2. Define the SNR is the lowest working SNR when γ_γ equals to 2. The lowest working SNR for different number of hopping codes is shown in Fig. 9.

Anti-detection performance of CH signals is related to the cross correlation of hopping codes adopted. The less cross correlation is, the more efficient the hopping codes are.

Fig. 9:	Lowest working SNR

Fig. 10:	Synchronization detection on NCH system and CH system

That is why the curve of Lowest working SNR for codes 31 bits long is higher than that for codes 15 bits long. For chaos codes and gold codes which are both 15 bits long, anti-detection performance of gold codes is better than that of chaos codes for the same reason.

The curve of lowest working SNR rises logarithmically as the number of hopping codes increasing. The curvature is related to the cross correlation. The curve rises faster when the cross correlation is smaller.

Fig. 11:	BER of CH system (BPSK, 31 bits gold codes)

Generally, the curve approaches a horizontal line when R is bigger than code length. The anti-detecting efficiency is high when the number of hopping codes is below 1/3 code length.

Code hopping system also makes it hard to get synchronization position in p_syn plane which is shown in Fig. 10. We could easily find synchronization position in NCH system’s p_syn plane projection. But it could only get an approximately position in CH system’s projection.

Data anti-demodulation analysis: Demodulation results are shown in Fig. 11. The modulation is BPSK mode. The spreading sequence is gold code and the code length is 31 bits.

In the consistent situation, the encryption offered by different hopping codes is gone, so CSBER is lower than ABER. But these hopping codes also provide another protection-the inter-code interference. For interceptors, unpredictable hopping codes undoubtedly add a lot of noise. So CSBER will be higher than normal BER.

BER of CH system is further bigger than the BER of NCH system. It proves the secure performance of CH system is better. CH signals gets about 12 dB anti-demodulation gains while R is 2. The anti-demodulation gain increases when R grows. In fact, as R growing, the probability of consistent situation decreases quickly. And it’s hardly to separate hopping codes when R is big.