In wireless communications especially satellite communications, as blind detection technologies developing, traditional Direct Sequence Spread Spectrum (DSSS) system is no longer secure enough. Code-Hopping (CH) DSSS system is considered as an evolution for its dynamization. CH-DSSS system gets rid of periodical cycle characteristic with its variable and unpredictable spreading sequence. Therefore, CH-DSSS signal is harder to be detected unauthorized. Theoretical analysis and simulations are carried out on both signal parameters and data demodulation. Results indicate that the anti-detection performance of CH-DSSS system improves logarithmically as the number of hopping codes increases. Considering the limited code sequence resource, the performance curve is given, from which a cost-effective codes number could be chosen.
PDF Abstract XML References Citation
How to cite this article
Our daily lives become more and more dependent on satellite communications. However, satellite communication is easily to be jammed or intercepted for its openness. Not only military satellite systems need secure protection but also civil systems. For Pay-TV broadcasting, security problems cause massive financial losses to the providers. Private and business users expect secure transmission of their data (Hermanns et al., 2005).
Today, no special effort is done in civil satellite communications to secure the transmission on the physical layer. Even some military communications need more solutions to prevent jamming and interceptions. The exiting anti-detection and anti-interception methods in physical layer could be sorted into four kinds. They are space-domain, frequency-domain, time-domain and code-domain. In space-domain, the main idea is beam narrowing. The anti-detection performance is realized by precise directional communication. However, the detector could still be placed just in the beam or closely enough to the transmitter. In frequency-domain, frequency hopping technique is so costly and complicated that civil wireless communications can not afford. In time-domain, though many methods are proposed to increase the difficulty of detection, the benefit is limited. Some mixed modes are also proposed like space-time code scheme (Mingxin et al., 2008).
In code-domain, Direct Sequence Spread Spectrum (DSSS) systems were thought to be secure but all the secure performance is based on the assumption that the code sequence is unknown for interceptors. However, this assumption is not the truth any more. Most DSSS systems are using vulnerable Linear Feedback Shift Register (LFSR) generators to create the spreading sequences. According to the research, the hidden 42-bit LFSR mask value of IS-95 mobile phone communications can be revealed in about 1 sec of interception. The argument of CDMA-based voice privacy in IS-95 is weakened by this (Hermanns et al., 2005). DSSS systems which do not use LFSR could be cracked too with more time and calculations.
Despite wireless communications, DSSS communication system also has applications in optical LAN to transmit private data (Britto and Sankaranarayanan, 2006). Its security mechanism will be broken either when the code is decrypted.
Many detection and interception algorithms are developed. Some of them base on the energy detection. Some utilize autocorrelation of spreading code (Polydoros and Holmes, 1983). Others focus on the higher order spectral features, as well as cepstrum and periodic spectrum. Even matrix calculation is used. Except energy detection, almost all of these algorithms use periodical cycle characteristic. Though the periodical cycle characteristic may be covered by data modulation, it could be extracted by methods like autocorrelation and periodic spectrum. Particularly, algorithms using autocorrelation of DSSS signal are more and more popular.
DSSS detection using second order moment estimators was presented in 2002 (Burel et al., 2001). Because the fourth-order moment chip is blind to the arbitrary Gaussian noise, the detection method based on the quadratic fourth-order moment chip of DS-CDMA was proposed (Zhijin and Junjie, 2009). Advanced detection method based on fluctuating observation of second order statistic estimator was presented in 2010 (Khodadad et al., 2010).
Self-Organizing Feature Map (SOFM) neural network algorithm was presented to detect and identify the PN sequence (Hao et al., 2006). Singular Value Decomposition (SVD) plus Digital Phase Lock Loop (DPLL) was presented to solve the problem of blind Pseudo-Noise (PN) sequence estimation for low signal to noise ratios (SNR) DSSS signals in dynamic environments (Zhang et al., 2008).
Autocorrelation techniques for FH/DS signals detection was presented since 1983 (Polydoros and Holmes, 1983). Segment correlation and amplitude accumulation method was presented by Sun et al. (2006). A long PN code sequence estimation and synchronization algorithm by subsection technique was proposed by Yong et al. (2007). A combination method was presented to estimate the unknown PN spreading sequence for DSSS signals in frequency selective fading channel (Xu, 2008). Communication signals are appropriately to be modeled as cyclostationary stochastic processes. Method based on second order cyclostationary statistics was adopted to detect whether the modulated signal exists in background noise (Yu et al., 2008).
DSSS systems have good anti-interference performance both on data transmission and telemetry tracking and control (Wu et al., 2010). To exploit the power of DSSS system for anti-jamming and low probability of intercept, dynamic spreading codes have to be developed, i.e., Code-Hopping (CH) DSSS systems.
Code hopping technique eliminates periodic cycle which is the most important characteristic for unauthorized detection. Interception and eavesdropping renders impossible for unpredictable and non-circulating spreading codes. At negative SNR, the signal disappears in noise and the attacker can not even detect a signal. The advantages of CH-DSSS grow with the signal bandwidth. Best are modern ultra-wideband (UWB) transmission systems. And the hopping code generation could be supported by fast spread sequence generation technology (Chen et al., 2010; Tong et al., 2011).
Estimation-based Time-domain Sliding Correlating Accumulation (ETSCA) algorithm is based on estimation and weighted accumulation (Li et al., 2010). ETSCA algorithm can successfully detect DSSS signal information in SNR lower than -15 dB when the PN code used is only 15 bits long. SNR required could be even lower when code length increases. ETSCA Algorithm can also estimate data transmitted with good BER performance. In particular, this algorithm could be used to detect CH-DSSS signal with small change. With this method, the Anti-detecting performance of non code-hopping (NCH) DSSS and CH-DSSS systems are compared. Theoretical analysis and simulation lead to a conclusion that CH-DSSS system is more secure than NCH-DSSS system.
DSSS system block diagram is shown in Fig. 1.
For simplicity, ignore the fading. Received signal S (t) which is modulated by BPSK can be expressed as:
Si (t) stands for one symbol segment of S (t), it can be expressed as:
where, di (t) is data transmitted, c (t) is the Pseudorandom Noise (PN) code, ω is angular frequency and ni (t) is Additive White Gaussian Noise (AWGN).
The main difference to traditional NCH- DSSS systems is the dynamization of secure pseudo noise spreading code. CH-DSSS system block diagram is shown in Fig. 2. The PN code generators are controlled by Code Hopping Control (CHC) module. That makes the actual spreading code unpredictable but can still be synchronized by key mechanism. Spreading code can be realized in hardware by Advanced Encryption Standard (AES) blocks in Open for Business (OFB) mode. Simple variants with basic LFSR generators are possible to reuse existing CDMA hardware. By dynamically re-seeding the LFSR, attacks become much harder.
Signal in CH-DSSS system modulated by BPSK can be expressed as:
where, c[j] (t) is the hopping code, R is the number of hopping codes and ci (t) is determined by code hopping table.
|Fig. 1:||NCH-DSSS system architecture|
|Fig. 2:||CH-DSSS system architecture|
Most of detecting methods for DSSS signal make use of the cycle repeated feature. ETSCA (Estimation-based Time-domain Sliding Correlating Accumulation) method has good detecting performance and portability. The method can detect DSSS signal period and synchronization in SNR lower than generally working. It can estimate data with BER closed to theoretical BER.
Estimation model: The modulated code Cm (t) can be expressed as:
So di (t) can be acquired by integration in code period Tp:
where, Si (t) is one segment of DS signal in Tp. LPF [S] means signal S passes low pass filter. For the lack of Cm (t) we use estimated code CmE (t) instead. CmE (t) can be expressed as:
where, nE (t) is estimation noise. Then estimated data dEi (t) could be acquired as follow:
The accuracy of dEi (t) is determined by accuracy of CmE (t). CmE (t) could be calculated by:
where, M is the total number of segments, P is the probability of dEi (t) equaling to di (t). P tends to 1 when the estimation is accurate. The second item in tends to be 0 when M is large enough.
Equation 8 and 9 indicate that we can calculate dE (t) from CmE (t), then reversely refresh CmE (t) using dE (t). As this process continuing, the power of estimated noise is reduced gradually. When the actual application, it could choose any signal segment Si (t) as the initial value of estimated code CmE (t)(0). Simulation results show that the value of dE (t) and CmE (t) will be available after 3 to 5 circular processes.
Parameter detection: ETSCA method adopts time-domain sliding correlation algorithm detects code period and code synchronization. According to this algorithm, signal samples are divided into several segments with the same length by a dividing window. which the size of is T. The dividing window slides to search synchronization position and the sliding offset is Psyn. the final output V (T, Psyn) is as follow:
where, n is the times of refreshing moves and is one of the segments divided by parameters T and psyn. V (T, psyn) gets its maximum value when T equals to code period Tp and psyn is just the position where code synchronized. If T and psyn do not match the true value, there will be no spreading gain. Then because of the powerful noise, the estimation is nearly a random guess. It means that the accuracy probability tends to 50% and V (T, psyn) will be 0.
Figure 3 is a mesh plot of V (T, psyn). In this simulation, 15 bits code is used and the SNR is -3 dB. Units of both T axis and psyn axis are sample time TS. Figure 1 indicates that there is a series of peaks forming a wall at 480 TS in T axis (where Tp is).
|Fig. 3:||Mesh plot for simulation results V (T, psyn)|
|Fig. 4:||Projection on T plane|
|Fig. 5:||Section when T equals to Tp|
The coordinate of the walls highest peak are just code period and synchronization position which we are searching for.
Define V (T) as the maximum V (T, psyn) for each T. That is the projection on T plane. Figure 4 shows the curve of V (T) which has a clear period spectrum. For convenience, the abscissa is T normalized with code period Tp.
Figure 5 is the Section when T equals to Tp. Its where the peak wall is. The psyn axis has been normalized by code period Tp. 0 means its just the synchronization position and 1 means the sliding offset is one code period. Figure 4 has clearly shown where the synchronization position is.
DETECTION ON CH-DSSS SYSTEM
CH-DSSS system is developed from NCH-DSSS system. The only difference between them is code sequence in CH-DSSS system is dynamic. Do the same processing with NCH-DSSS system, define:
Dealing with integrator and LPF, 3 items behind in tend to be 0. Thus:
Comparing Eq. 12 with Eq. 5, it could be found that noise in Eq. 12 is larger than which in Eq. 5 . The coefficient of data item di in Eq. 12 is smaller too because of the exiting of R. Similarity with, Eq. 9, consider:
Assume the distribution of hopping code is uniform. Then Eq. 14 will comes to:
When SNR is high, P tends to be 1. Then:
Although the above derivation assumed the inner products of non-relevant items are 0. But in fact, these items are not absolutely relevant. The correlation value can not be ignored when the code length is short. This is equivalent to adding noise with fixed SNR. Especially, this part of the noise can not be depressed by increasing accumulated data length.
The simulation includes two parts. One is signal parameters anti-detecting performance simulation. In this part, the main work is on weather the detecting method could recognize the signal parameters rightly.
The other part is data demodulation test. After acquiring the signal period and synchronization, the original data transmitted could be demodulated. System using code hopping will get an extra anti-detecting gain in this step.
Parameter anti-detection simulation: in the simulation, 400 bits data have been spread by 15 bits PN code. The filter band is 4 times wide of signal band and the SNR is -6 dB. Figure 5 shows the results V (T) when R is 1, 2, 4 and 8, respectively.
|Table 1:||Judgment factors when data length is 400 bits|
Figure 6 points out the signals main spectrum falls when increasing the number of hopping codes. In another word, the anti-detecting performance gets better when hopping-code number increased.
In order to quantitatively determine whether the maximum spectrum is the real signal, define γγ named peak ratio. Firstly, define the maximum peak factor σγ, first and the second maximum peak factor σγ, second of vector Y as follows:
where, function Mean (Y) is to calculate the average value of Y, Tmax is the maximum value of Y and Ysubmax is the second maximum value of Y. Then define γγ as:
Table 1 shows γγ of V (T). It can be seen that, the maximum spectrum is really signal code period spectrum when σγ, first and γγ is large.
Data anti-demodulation simulation: In the same time of recognizing period spectrum, code synchronization information could be obtained by intercepting the psyn plane including period spectrum in mesh plot.
For NCH-DSSS system, ones making sure the code period and synchronization position, dEi (t) could be directly output as blind detection results. Figure 7 gives out BER of dEi by different SNR, the theoretical value presents either. It is shown that detecting methods could easily get the original data transmitted.
While in CH-DSSS system, there is a protection from demodulating uncooperative. That is detectors have no idea of the pole of the code. This problem does not exit in NCH-DSSS system, because you can get the right data sequence or the totally opposition which is usable either.
The demodulation results in CH-DSSS system is permutation and combination of hopping codes. It causes fixed bit error according how many hopping codes are used. For example, there are two hopping codes, both demodulation results of two data sequences are the same as shown in Fig. 8.
|Fig. 6:||Results for different number of codes, (a) NCH system, (b) CH system when R = 2, (c) CH system when R = 4 and (d) CH system when R = 8|
|Fig. 7:||BER of estimated data dEi (t)|
|Fig. 8:||Demodulation of 2 codes hopping system|
Noticing data spread by code 2 in the rectangular, either 0 or 1 ill be considered as 1. Therefore, code hopping encrypts the raw data. The more hopping codes, the deeper data are encrypted. Thus intercepting demodulation will have a high ABER (average bit error rate).
However, interceptor could still get right data by decryption like code separation or just has a good luck. When the demodulated results have the same polarity with original data, it is called consistent situation. And the BER in consistent situation is called CSBER.
In simulation, ABER is got by directly demodulating CH signals by ETSCA method. And CSBER is got by using special1 data instead of random data to artificially create consistent situation.
Parameter anti-detection analysis: It is indicated by Eq. 10 and 15 that the precision of estimation is related to the SNR. As SNR decreasing, the signals main spectrum in T plane projection is gradually submerged in noise. It is also reflected as the decreasing of γγ. Generally, detection fails when γγ is less than 2. Define the SNR is the lowest working SNR when γγ equals to 2. The lowest working SNR for different number of hopping codes is shown in Fig. 9.
Anti-detection performance of CH signals is related to the cross correlation of hopping codes adopted. The less cross correlation is, the more efficient the hopping codes are.
|Fig. 9:||Lowest working SNR|
|Fig. 10:||Synchronization detection on NCH system and CH system|
That is why the curve of Lowest working SNR for codes 31 bits long is higher than that for codes 15 bits long. For chaos codes and gold codes which are both 15 bits long, anti-detection performance of gold codes is better than that of chaos codes for the same reason.
The curve of lowest working SNR rises logarithmically as the number of hopping codes increasing. The curvature is related to the cross correlation. The curve rises faster when the cross correlation is smaller.
|Fig. 11:||BER of CH system (BPSK, 31 bits gold codes)|
Generally, the curve approaches a horizontal line when R is bigger than code length. The anti-detecting efficiency is high when the number of hopping codes is below 1/3 code length.
Code hopping system also makes it hard to get synchronization position in psyn plane which is shown in Fig. 10. We could easily find synchronization position in NCH systems psyn plane projection. But it could only get an approximately position in CH systems projection.
Data anti-demodulation analysis: Demodulation results are shown in Fig. 11. The modulation is BPSK mode. The spreading sequence is gold code and the code length is 31 bits.
In the consistent situation, the encryption offered by different hopping codes is gone, so CSBER is lower than ABER. But these hopping codes also provide another protection-the inter-code interference. For interceptors, unpredictable hopping codes undoubtedly add a lot of noise. So CSBER will be higher than normal BER.
BER of CH system is further bigger than the BER of NCH system. It proves the secure performance of CH system is better. CH signals gets about 12 dB anti-demodulation gains while R is 2. The anti-demodulation gain increases when R grows. In fact, as R growing, the probability of consistent situation decreases quickly. And its hardly to separate hopping codes when R is big.
Research shows NCH-DSSS signals is indeed insecure. It could be easily detected and even be demodulated. Cycle repeated feature is NCH-DSSS systems biggest weakness which is used by detecting methods. CH-DSSS system eliminates this weakness efficiently by unpredictable hopping codes.
CH-DSSS system has not been applied widely in wireless communication. Thus there is few detecting or intercepting research against CH-DSSS communication system. Separating hopping codes may improve the detecting performance. But it is really hard to distinguish unknown and mixed codes with low SNR.
CH-DSSS system has stronger anti-detection performance in both signal parameters and data demodulation. Increasing hopping codes will be efficient if the cross correlation of hopping codes is small and the number of hopping codes is smaller than 1/3 code length. As the number of hopping codes rising, the efficiency falls down. And when the number of hopping codes is larger than the code length, there will be little improvement.
Hopping codes will also encrypt the raw data and add inter-code interference into interceptors demodulation. The anti-demodulation gain is more than 12 dB and will become bigger when increasing the number of hopping codes.
The cost of increasing anti-detection performance is the system complexity. To improve NCH-DSSS system into CH-DSSS system, NCH-DSSS system needs to add CHC module. Additional requirement of spreading code resources is an important issue. Real-valued direct sequences (Jiang and Lu, 2009) and chaotic PN sequences (Leon et al., 2001) have been developed to solve this problem. The CH synchronization and management of CHC key also need to be studied.
In conclusion CH-DSSS system has good anti-detection performance and should be developed to instead of NCH-DSSS system in secure communications.
This study was supported by the National major special science and technology project of China (2009ZX03005-003).
- Polydoros, A. and J.K. Holmes, 1983. Autocorrelation techniques for wideband detection of FH/DS waveforms in random tone interference. Proceedings of thr Military Communications Conference, Oct. 31-Nov. 2, Washington, DC., pp: 781-785.
- Burel, G., C. Bouder and O. Berder, 2001. Detection of direct sequence spread spectrum transmissions without prior knowledge. IEEE Global Telecommun. Conf. USA., 1: 236-239.
- Zhijin, Z. and P. Junjie, 2009. A detection method of DS-CDMA signal based on the quadratic fourth-order moment chip. Proceedings of th International Conference on Networks Security, Wireless Communications and Trusted Computing, Apr. 25-26, Wuhan, Hubei, pp: 759-762.
- Hao, C., G. Wei and Y. Jingdong, 2006. DSSS signal parameter detection and PN sequence estimation based on SOFM neural network. Proceedings of the 6th International Conference on ITS Telecommunications, (ITS`06), Chengdu, pp: 1275-1277.
- Xu, X., 2008. Blind estimation of PN code in multipath fading direct sequence spread spectrum systems. Proceedings of the 11th IEEE International Conference on Communication Technology, Nov. 10-12, Hangzhou, pp: 213-216.
- Yu, M., S, Li, H, Feng and Z. Yang, 2008. Blind detection and parameter estimation of multiuser and multipath DS-CDMA signal using cyclostationary statistics. Proceedings of the 4th International Conference on Wireless Communications, Networking and Mobile Computing, Oct. 12-14, Dalian, pp: 1-5.
- Li, D., X. Gu and Q. Guo, 2010. Estimation-based blind detection in low SNR on direct-sequence spread spectrum signal. Proceedings of the 6th International Conference on Wireless Communications Networking and Mobile Computing, Sept. 23-25, Chengdu, pp: 1-4.
- Leon, D., S. Balkir, M.W. Hoffman and L.C. Perez, 2001. Robust chaotic PN sequence generation techniques. IEEE Int. Symp. Circuits Syst., 4: 53-56.