Our daily lives become more and more dependent on satellite communications.
However, satellite communication is easily to be jammed or intercepted for its
openness. Not only military satellite systems need secure protection but also
civil systems. For Pay-TV broadcasting, security problems cause massive financial
losses to the providers. Private and business users expect secure transmission
of their data (Hermanns et al., 2005).
Today, no special effort is done in civil satellite communications to secure
the transmission on the physical layer. Even some military communications need
more solutions to prevent jamming and interceptions. The exiting anti-detection
and anti-interception methods in physical layer could be sorted into four kinds.
They are space-domain, frequency-domain, time-domain and code-domain. In space-domain,
the main idea is beam narrowing. The anti-detection performance is realized
by precise directional communication. However, the detector could still be placed
just in the beam or closely enough to the transmitter. In frequency-domain,
frequency hopping technique is so costly and complicated that civil wireless
communications can not afford. In time-domain, though many methods are proposed
to increase the difficulty of detection, the benefit is limited. Some mixed
modes are also proposed like space-time code scheme (Mingxin
et al., 2008).
In code-domain, Direct Sequence Spread Spectrum (DSSS) systems were thought
to be secure but all the secure performance is based on the assumption that
the code sequence is unknown for interceptors. However, this assumption is not
the truth any more. Most DSSS systems are using vulnerable Linear Feedback Shift
Register (LFSR) generators to create the spreading sequences. According to the
research, the hidden 42-bit LFSR mask value of IS-95 mobile phone communications
can be revealed in about 1 sec of interception. The argument of CDMA-based voice
privacy in IS-95 is weakened by this (Hermanns et al.,
2005). DSSS systems which do not use LFSR could be cracked too with more
time and calculations.
Despite wireless communications, DSSS communication system also has applications
in optical LAN to transmit private data (Britto and Sankaranarayanan,
2006). Its security mechanism will be broken either when the code is decrypted.
Many detection and interception algorithms are developed. Some of them base
on the energy detection. Some utilize autocorrelation of spreading code (Polydoros
and Holmes, 1983). Others focus on the higher order spectral features, as
well as cepstrum and periodic spectrum. Even matrix calculation is used. Except
energy detection, almost all of these algorithms use periodical cycle characteristic.
Though the periodical cycle characteristic may be covered by data modulation,
it could be extracted by methods like autocorrelation and periodic spectrum.
Particularly, algorithms using autocorrelation of DSSS signal are more and more
DSSS detection using second order moment estimators was presented in 2002 (Burel
et al., 2001). Because the fourth-order moment chip is blind to the
arbitrary Gaussian noise, the detection method based on the quadratic fourth-order
moment chip of DS-CDMA was proposed (Zhijin and Junjie,
2009). Advanced detection method based on fluctuating observation of second
order statistic estimator was presented in 2010 (Khodadad
et al., 2010).
Self-Organizing Feature Map (SOFM) neural network algorithm was presented to
detect and identify the PN sequence (Hao et al.,
2006). Singular Value Decomposition (SVD) plus Digital Phase Lock Loop (DPLL)
was presented to solve the problem of blind Pseudo-Noise (PN) sequence estimation
for low signal to noise ratios (SNR) DSSS signals in dynamic environments (Zhang
et al., 2008).
Autocorrelation techniques for FH/DS signals detection was presented since
1983 (Polydoros and Holmes, 1983). Segment correlation
and amplitude accumulation method was presented by Sun et
al. (2006). A long PN code sequence estimation and synchronization algorithm
by subsection technique was proposed by Yong et al.
(2007). A combination method was presented to estimate the unknown PN spreading
sequence for DSSS signals in frequency selective fading channel (Xu,
2008). Communication signals are appropriately to be modeled as cyclostationary
stochastic processes. Method based on second order cyclostationary statistics
was adopted to detect whether the modulated signal exists in background noise
(Yu et al., 2008).
DSSS systems have good anti-interference performance both on data transmission
and telemetry tracking and control (Wu et al., 2010).
To exploit the power of DSSS system for anti-jamming and low probability of
intercept, dynamic spreading codes have to be developed, i.e., Code-Hopping
(CH) DSSS systems.
Code hopping technique eliminates periodic cycle which is the most important
characteristic for unauthorized detection. Interception and eavesdropping renders
impossible for unpredictable and non-circulating spreading codes. At negative
SNR, the signal disappears in noise and the attacker can not even detect a signal.
The advantages of CH-DSSS grow with the signal bandwidth. Best are modern ultra-wideband
(UWB) transmission systems. And the hopping code generation could be supported
by fast spread sequence generation technology (Chen
et al., 2010; Tong et al., 2011).
Estimation-based Time-domain Sliding Correlating Accumulation (ETSCA) algorithm
is based on estimation and weighted accumulation (Li et
al., 2010). ETSCA algorithm can successfully detect DSSS signal information
in SNR lower than -15 dB when the PN code used is only 15 bits long. SNR required
could be even lower when code length increases. ETSCA Algorithm can also estimate
data transmitted with good BER performance. In particular, this algorithm could
be used to detect CH-DSSS signal with small change. With this method, the Anti-detecting
performance of non code-hopping (NCH) DSSS and CH-DSSS systems are compared.
Theoretical analysis and simulation lead to a conclusion that CH-DSSS system
is more secure than NCH-DSSS system.
DSSS system block diagram is shown in Fig. 1.
For simplicity, ignore the fading. Received signal S (t) which is modulated by BPSK can be expressed as:
Si (t) stands for one symbol segment of S (t), it can be expressed as:
where, di (t) is data transmitted, c (t) is the Pseudorandom Noise (PN) code, ω is angular frequency and ni (t) is Additive White Gaussian Noise (AWGN).
The main difference to traditional NCH- DSSS systems is the dynamization of secure pseudo noise spreading code. CH-DSSS system block diagram is shown in Fig. 2. The PN code generators are controlled by Code Hopping Control (CHC) module. That makes the actual spreading code unpredictable but can still be synchronized by key mechanism. Spreading code can be realized in hardware by Advanced Encryption Standard (AES) blocks in Open for Business (OFB) mode. Simple variants with basic LFSR generators are possible to reuse existing CDMA hardware. By dynamically re-seeding the LFSR, attacks become much harder.
Signal in CH-DSSS system modulated by BPSK can be expressed as:
where, c[j] (t) is the hopping code, R is the number of hopping
codes and ci (t) is determined by code hopping table.
|| NCH-DSSS system architecture
|| CH-DSSS system architecture
Comparing Eq. 3 with Eq. 2, the only difference
is code ci (t) in (3) is variable as data symbol changing.
Most of detecting methods for DSSS signal make use of the cycle repeated feature. ETSCA (Estimation-based Time-domain Sliding Correlating Accumulation) method has good detecting performance and portability. The method can detect DSSS signal period and synchronization in SNR lower than generally working. It can estimate data with BER closed to theoretical BER.
Estimation model: The modulated code Cm (t) can be expressed as:
So di (t) can be acquired by integration in code period Tp:
where, Si (t) is one segment of DS signal in Tp. LPF [S] means signal S passes low pass filter. For the lack of Cm (t) we use estimated code CmE (t) instead. CmE (t) can be expressed as:
where, nE (t) is estimation noise. Then estimated data dEi (t) could be acquired as follow:
The accuracy of dEi (t) is determined by accuracy of CmE (t). CmE (t) could be calculated by:
where, M is the total number of segments, P is the probability of dEi (t) equaling to di (t). P tends to 1 when the estimation is accurate. The second item in tends to be 0 when M is large enough.
Equation 8 and 9 indicate that we can calculate
dE (t) from CmE (t), then reversely refresh CmE
(t) using dE (t). As this process continuing, the power of estimated
noise is reduced gradually. When the actual application, it could choose any
signal segment Si (t) as the initial value of estimated code CmE
(t)(0). Simulation results show that the value of dE (t)
and CmE (t) will be available after 3 to 5 circular processes.
Parameter detection: ETSCA method adopts time-domain sliding correlation algorithm detects code period and code synchronization. According to this algorithm, signal samples are divided into several segments with the same length by a dividing window. which the size of is T. The dividing window slides to search synchronization position and the sliding offset is Psyn. the final output V (T, Psyn) is as follow:
where, n is the times of refreshing moves and
is one of the segments divided by parameters T and psyn. V (T, psyn)
gets its maximum value when T equals to code period Tp and psyn
is just the position where code synchronized. If T and psyn do not
match the true value, there will be no spreading gain. Then because of the powerful
noise, the estimation is nearly a random guess. It means that the accuracy probability
tends to 50% and V (T, psyn) will be 0.
Figure 3 is a mesh plot of V (T, psyn). In this
simulation, 15 bits code is used and the SNR is -3 dB. Units of both T axis
and psyn axis are sample time TS. Figure
1 indicates that there is a series of peaks forming a wall at 480 TS
in T axis (where Tp is).
|| Mesh plot for simulation results V (T, psyn)
|| Projection on T plane
|| Section when T equals to Tp
The coordinate of the walls highest peak are just code period and synchronization
position which we are searching for.
Define V (T) as the maximum V (T, psyn) for each T. That is the projection on T plane. Figure 4 shows the curve of V (T) which has a clear period spectrum. For convenience, the abscissa is T normalized with code period Tp.
Figure 5 is the Section when T equals to Tp. Its where the peak wall is. The psyn axis has been normalized by code period Tp. 0 means its just the synchronization position and 1 means the sliding offset is one code period. Figure 4 has clearly shown where the synchronization position is.
DETECTION ON CH-DSSS SYSTEM
CH-DSSS system is developed from NCH-DSSS system. The only difference between them is code sequence in CH-DSSS system is dynamic. Do the same processing with NCH-DSSS system, define:
Dealing with integrator and LPF, 3 items behind in tend to be 0. Thus:
Comparing Eq. 12 with Eq. 5, it could be found that noise in Eq. 12 is larger than which in Eq. 5 . The coefficient of data item di in Eq. 12 is smaller too because of the exiting of R. Similarity with, Eq. 9, consider:
Assume the distribution of hopping code is uniform. Then Eq. 14 will comes to:
When SNR is high, P tends to be 1. Then:
Although the above derivation assumed the inner products of non-relevant items are 0. But in fact, these items are not absolutely relevant. The correlation value can not be ignored when the code length is short. This is equivalent to adding noise with fixed SNR. Especially, this part of the noise can not be depressed by increasing accumulated data length.
The simulation includes two parts. One is signal parameters anti-detecting performance simulation. In this part, the main work is on weather the detecting method could recognize the signal parameters rightly.
The other part is data demodulation test. After acquiring the signal period and synchronization, the original data transmitted could be demodulated. System using code hopping will get an extra anti-detecting gain in this step.
Parameter anti-detection simulation: in the simulation, 400 bits data have been spread by 15 bits PN code. The filter band is 4 times wide of signal band and the SNR is -6 dB. Figure 5 shows the results V (T) when R is 1, 2, 4 and 8, respectively.
|| Judgment factors when data length is 400 bits
Figure 6 points out the signals main spectrum falls when increasing the number of hopping codes. In another word, the anti-detecting performance gets better when hopping-code number increased.
In order to quantitatively determine whether the maximum spectrum is the real signal, define γγ named peak ratio. Firstly, define the maximum peak factor σγ, first and the second maximum peak factor σγ, second of vector Y as follows:
where, function Mean (Y) is to calculate the average value of Y, Tmax is the maximum value of Y and Ysubmax is the second maximum value of Y. Then define γγ as:
Table 1 shows γγ of V (T). It can be seen that, the maximum spectrum is really signal code period spectrum when σγ, first and γγ is large.
Data anti-demodulation simulation: In the same time of recognizing period spectrum, code synchronization information could be obtained by intercepting the psyn plane including period spectrum in mesh plot.
For NCH-DSSS system, ones making sure the code period and synchronization position, dEi (t) could be directly output as blind detection results. Figure 7 gives out BER of dEi by different SNR, the theoretical value presents either. It is shown that detecting methods could easily get the original data transmitted.
While in CH-DSSS system, there is a protection from demodulating uncooperative. That is detectors have no idea of the pole of the code. This problem does not exit in NCH-DSSS system, because you can get the right data sequence or the totally opposition which is usable either.
The demodulation results in CH-DSSS system is permutation and combination of
hopping codes. It causes fixed bit error according how many hopping codes are
used. For example, there are two hopping codes, both demodulation results of
two data sequences are the same as shown in Fig. 8.
||Results for different number of codes, (a) NCH system, (b)
CH system when R = 2, (c) CH system when R = 4 and (d) CH system when R
|| BER of estimated data dEi (t)
|| Demodulation of 2 codes hopping system
Noticing data spread by code 2 in the rectangular, either 0 or 1 ill be considered
as 1. Therefore, code hopping encrypts the raw data. The more hopping codes,
the deeper data are encrypted. Thus intercepting demodulation will have a high
ABER (average bit error rate).
However, interceptor could still get right data by decryption like code separation or just has a good luck. When the demodulated results have the same polarity with original data, it is called consistent situation. And the BER in consistent situation is called CSBER.
In simulation, ABER is got by directly demodulating CH signals by ETSCA method. And CSBER is got by using special1 data instead of random data to artificially create consistent situation.
Parameter anti-detection analysis: It is indicated by Eq.
10 and 15 that the precision of estimation is related
to the SNR. As SNR decreasing, the signals main spectrum in T plane projection
is gradually submerged in noise. It is also reflected as the decreasing of γγ.
Generally, detection fails when γγ is less than 2. Define
the SNR is the lowest working SNR when γγ equals to 2.
The lowest working SNR for different number of hopping codes is shown in Fig.
Anti-detection performance of CH signals is related to the cross correlation
of hopping codes adopted. The less cross correlation is, the more efficient
the hopping codes are.
|| Lowest working SNR
||Synchronization detection on NCH system and CH system
That is why the curve of Lowest working SNR for codes 31 bits long is higher
than that for codes 15 bits long. For chaos codes and gold codes which are both
15 bits long, anti-detection performance of gold codes is better than that of
chaos codes for the same reason.
The curve of lowest working SNR rises logarithmically as the number of hopping
codes increasing. The curvature is related to the cross correlation. The curve
rises faster when the cross correlation is smaller.
|| BER of CH system (BPSK, 31 bits gold codes)
Generally, the curve approaches a horizontal line when R is bigger than code
length. The anti-detecting efficiency is high when the number of hopping codes
is below 1/3 code length.
Code hopping system also makes it hard to get synchronization position in psyn plane which is shown in Fig. 10. We could easily find synchronization position in NCH systems psyn plane projection. But it could only get an approximately position in CH systems projection.
Data anti-demodulation analysis: Demodulation results are shown in Fig. 11. The modulation is BPSK mode. The spreading sequence is gold code and the code length is 31 bits.
In the consistent situation, the encryption offered by different hopping codes is gone, so CSBER is lower than ABER. But these hopping codes also provide another protection-the inter-code interference. For interceptors, unpredictable hopping codes undoubtedly add a lot of noise. So CSBER will be higher than normal BER.
BER of CH system is further bigger than the BER of NCH system. It proves the secure performance of CH system is better. CH signals gets about 12 dB anti-demodulation gains while R is 2. The anti-demodulation gain increases when R grows. In fact, as R growing, the probability of consistent situation decreases quickly. And its hardly to separate hopping codes when R is big.
Research shows NCH-DSSS signals is indeed insecure. It could be easily detected and even be demodulated. Cycle repeated feature is NCH-DSSS systems biggest weakness which is used by detecting methods. CH-DSSS system eliminates this weakness efficiently by unpredictable hopping codes.
CH-DSSS system has not been applied widely in wireless communication. Thus there is few detecting or intercepting research against CH-DSSS communication system. Separating hopping codes may improve the detecting performance. But it is really hard to distinguish unknown and mixed codes with low SNR.
CH-DSSS system has stronger anti-detection performance in both signal parameters and data demodulation. Increasing hopping codes will be efficient if the cross correlation of hopping codes is small and the number of hopping codes is smaller than 1/3 code length. As the number of hopping codes rising, the efficiency falls down. And when the number of hopping codes is larger than the code length, there will be little improvement.
Hopping codes will also encrypt the raw data and add inter-code interference into interceptors demodulation. The anti-demodulation gain is more than 12 dB and will become bigger when increasing the number of hopping codes.
The cost of increasing anti-detection performance is the system complexity.
To improve NCH-DSSS system into CH-DSSS system, NCH-DSSS system needs to add
CHC module. Additional requirement of spreading code resources is an important
issue. Real-valued direct sequences (Jiang and Lu, 2009)
and chaotic PN sequences (Leon et al., 2001)
have been developed to solve this problem. The CH synchronization and management
of CHC key also need to be studied.
In conclusion CH-DSSS system has good anti-detection performance and should be developed to instead of NCH-DSSS system in secure communications.
This study was supported by the National major special science and technology project of China (2009ZX03005-003).