INTRODUCTION
Our daily lives become more and more dependent on satellite communications.
However, satellite communication is easily to be jammed or intercepted for its
openness. Not only military satellite systems need secure protection but also
civil systems. For PayTV broadcasting, security problems cause massive financial
losses to the providers. Private and business users expect secure transmission
of their data (Hermanns et al., 2005).
Today, no special effort is done in civil satellite communications to secure
the transmission on the physical layer. Even some military communications need
more solutions to prevent jamming and interceptions. The exiting antidetection
and antiinterception methods in physical layer could be sorted into four kinds.
They are spacedomain, frequencydomain, timedomain and codedomain. In spacedomain,
the main idea is beam narrowing. The antidetection performance is realized
by precise directional communication. However, the detector could still be placed
just in the beam or closely enough to the transmitter. In frequencydomain,
frequency hopping technique is so costly and complicated that civil wireless
communications can not afford. In timedomain, though many methods are proposed
to increase the difficulty of detection, the benefit is limited. Some mixed
modes are also proposed like spacetime code scheme (Mingxin
et al., 2008).
In codedomain, Direct Sequence Spread Spectrum (DSSS) systems were thought
to be secure but all the secure performance is based on the assumption that
the code sequence is unknown for interceptors. However, this assumption is not
the truth any more. Most DSSS systems are using vulnerable Linear Feedback Shift
Register (LFSR) generators to create the spreading sequences. According to the
research, the hidden 42bit LFSR mask value of IS95 mobile phone communications
can be revealed in about 1 sec of interception. The argument of CDMAbased voice
privacy in IS95 is weakened by this (Hermanns et al.,
2005). DSSS systems which do not use LFSR could be cracked too with more
time and calculations.
Despite wireless communications, DSSS communication system also has applications
in optical LAN to transmit private data (Britto and Sankaranarayanan,
2006). Its security mechanism will be broken either when the code is decrypted.
Many detection and interception algorithms are developed. Some of them base
on the energy detection. Some utilize autocorrelation of spreading code (Polydoros
and Holmes, 1983). Others focus on the higher order spectral features, as
well as cepstrum and periodic spectrum. Even matrix calculation is used. Except
energy detection, almost all of these algorithms use periodical cycle characteristic.
Though the periodical cycle characteristic may be covered by data modulation,
it could be extracted by methods like autocorrelation and periodic spectrum.
Particularly, algorithms using autocorrelation of DSSS signal are more and more
popular.
DSSS detection using second order moment estimators was presented in 2002 (Burel
et al., 2001). Because the fourthorder moment chip is blind to the
arbitrary Gaussian noise, the detection method based on the quadratic fourthorder
moment chip of DSCDMA was proposed (Zhijin and Junjie,
2009). Advanced detection method based on fluctuating observation of second
order statistic estimator was presented in 2010 (Khodadad
et al., 2010).
SelfOrganizing Feature Map (SOFM) neural network algorithm was presented to
detect and identify the PN sequence (Hao et al.,
2006). Singular Value Decomposition (SVD) plus Digital Phase Lock Loop (DPLL)
was presented to solve the problem of blind PseudoNoise (PN) sequence estimation
for low signal to noise ratios (SNR) DSSS signals in dynamic environments (Zhang
et al., 2008).
Autocorrelation techniques for FH/DS signals detection was presented since
1983 (Polydoros and Holmes, 1983). Segment correlation
and amplitude accumulation method was presented by Sun et
al. (2006). A long PN code sequence estimation and synchronization algorithm
by subsection technique was proposed by Yong et al.
(2007). A combination method was presented to estimate the unknown PN spreading
sequence for DSSS signals in frequency selective fading channel (Xu,
2008). Communication signals are appropriately to be modeled as cyclostationary
stochastic processes. Method based on second order cyclostationary statistics
was adopted to detect whether the modulated signal exists in background noise
(Yu et al., 2008).
DSSS systems have good antiinterference performance both on data transmission
and telemetry tracking and control (Wu et al., 2010).
To exploit the power of DSSS system for antijamming and low probability of
intercept, dynamic spreading codes have to be developed, i.e., CodeHopping
(CH) DSSS systems.
Code hopping technique eliminates periodic cycle which is the most important
characteristic for unauthorized detection. Interception and eavesdropping renders
impossible for unpredictable and noncirculating spreading codes. At negative
SNR, the signal disappears in noise and the attacker can not even detect a signal.
The advantages of CHDSSS grow with the signal bandwidth. Best are modern ultrawideband
(UWB) transmission systems. And the hopping code generation could be supported
by fast spread sequence generation technology (Chen
et al., 2010; Tong et al., 2011).
Estimationbased Timedomain Sliding Correlating Accumulation (ETSCA) algorithm
is based on estimation and weighted accumulation (Li et
al., 2010). ETSCA algorithm can successfully detect DSSS signal information
in SNR lower than 15 dB when the PN code used is only 15 bits long. SNR required
could be even lower when code length increases. ETSCA Algorithm can also estimate
data transmitted with good BER performance. In particular, this algorithm could
be used to detect CHDSSS signal with small change. With this method, the Antidetecting
performance of non codehopping (NCH) DSSS and CHDSSS systems are compared.
Theoretical analysis and simulation lead to a conclusion that CHDSSS system
is more secure than NCHDSSS system.
SYSTEM DESCRIPTION
DSSS system block diagram is shown in Fig. 1.
For simplicity, ignore the fading. Received signal S (t) which is modulated by BPSK can be expressed as:
S_{i} (t) stands for one symbol segment of S (t), it can be expressed as:
where, d_{i} (t) is data transmitted, c (t) is the Pseudorandom Noise (PN) code, ω is angular frequency and n_{i} (t) is Additive White Gaussian Noise (AWGN).
The main difference to traditional NCH DSSS systems is the dynamization of secure pseudo noise spreading code. CHDSSS system block diagram is shown in Fig. 2. The PN code generators are controlled by Code Hopping Control (CHC) module. That makes the actual spreading code unpredictable but can still be synchronized by key mechanism. Spreading code can be realized in hardware by Advanced Encryption Standard (AES) blocks in Open for Business (OFB) mode. Simple variants with basic LFSR generators are possible to reuse existing CDMA hardware. By dynamically reseeding the LFSR, attacks become much harder.
Signal in CHDSSS system modulated by BPSK can be expressed as:
where, c_{[j]} (t) is the hopping code, R is the number of hopping
codes and c_{i} (t) is determined by code hopping table.

Fig. 1: 
NCHDSSS system architecture 

Fig. 2: 
CHDSSS system architecture 
Comparing Eq. 3 with Eq. 2, the only difference
is code c_{i} (t) in (3) is variable as data symbol changing.
ETSCA METHOD
Most of detecting methods for DSSS signal make use of the cycle repeated feature. ETSCA (Estimationbased Timedomain Sliding Correlating Accumulation) method has good detecting performance and portability. The method can detect DSSS signal period and synchronization in SNR lower than generally working. It can estimate data with BER closed to theoretical BER.
Estimation model: The modulated code Cm (t) can be expressed as:
Then:
So d_{i} (t) can be acquired by integration in code period T_{p}:
where, S_{i} (t) is one segment of DS signal in T_{p}. LPF [S] means signal S passes low pass filter. For the lack of C_{m} (t) we use estimated code Cm_{E} (t) instead. Cm_{E} (t) can be expressed as:
where, n_{E} (t) is estimation noise. Then estimated data d_{Ei} (t) could be acquired as follow:
The accuracy of d_{Ei} (t) is determined by accuracy of Cm_{E} (t). Cm_{E} (t) could be calculated by:
where, M is the total number of segments, P is the probability of d_{Ei} (t) equaling to d_{i} (t). P tends to 1 when the estimation is accurate. The second item in tends to be 0 when M is large enough.
Equation 8 and 9 indicate that we can calculate
d_{E} (t) from Cm_{E} (t), then reversely refresh Cm_{E}
(t) using d_{E} (t). As this process continuing, the power of estimated
noise is reduced gradually. When the actual application, it could choose any
signal segment S_{i} (t) as the initial value of estimated code Cm_{E}
(t)_{(0)}. Simulation results show that the value of d_{E} (t)
and Cm_{E} (t) will be available after 3 to 5 circular processes.
Parameter detection: ETSCA method adopts timedomain sliding correlation algorithm detects code period and code synchronization. According to this algorithm, signal samples are divided into several segments with the same length by a dividing window. which the size of is T. The dividing window slides to search synchronization position and the sliding offset is P_{syn}. the final output V (T, P_{syn}) is as follow:
where, n is the times of refreshing moves and
is one of the segments divided by parameters T and p_{syn}. V (T, p_{syn})
gets its maximum value when T equals to code period T_{p} and p_{syn}
is just the position where code synchronized. If T and p_{syn} do not
match the true value, there will be no spreading gain. Then because of the powerful
noise, the estimation is nearly a random guess. It means that the accuracy probability
tends to 50% and V (T, p_{syn}) will be 0.
Figure 3 is a mesh plot of V (T, p_{syn}). In this
simulation, 15 bits code is used and the SNR is 3 dB. Units of both T axis
and p_{syn} axis are sample time T_{S}. Figure
1 indicates that there is a series of peaks forming a wall at 480 T_{S}
in T axis (where T_{p} is).

Fig. 3: 
Mesh plot for simulation results V (T, p_{syn}) 

Fig. 4: 
Projection on T plane 

Fig. 5: 
Section when T equals to T_{p} 
The coordinate of the wall’s highest peak are just code period and synchronization
position which we are searching for.
Define V (T) as the maximum V (T, p_{syn}) for each T. That is the projection on T plane. Figure 4 shows the curve of V (T) which has a clear period spectrum. For convenience, the abscissa is T normalized with code period T_{p}.
Figure 5 is the Section when T equals to T_{p}. It’s where the peak wall is. The p_{syn} axis has been normalized by code period T_{p}. “0” means it’s just the synchronization position and “1” means the sliding offset is one code period. Figure 4 has clearly shown where the synchronization position is.
DETECTION ON CHDSSS SYSTEM
CHDSSS system is developed from NCHDSSS system. The only difference between them is code sequence in CHDSSS system is dynamic. Do the same processing with NCHDSSS system, define:
then:
Where:
Dealing with integrator and LPF, 3 items behind in tend to be 0. Thus:
Comparing Eq. 12 with Eq. 5, it could be found that noise in Eq. 12 is larger than which in Eq. 5 . The coefficient of data item d_{i} in Eq. 12 is smaller too because of the exiting of R. Similarity with, Eq. 9, consider:
Assume the distribution of hopping code is uniform. Then Eq. 14 will comes to:
When SNR is high, P tends to be 1. Then:
Although the above derivation assumed the inner products of nonrelevant items are 0. But in fact, these items are not absolutely relevant. The correlation value can not be ignored when the code length is short. This is equivalent to adding noise with fixed SNR. Especially, this part of the noise can not be depressed by increasing accumulated data length.
SIMULATION
The simulation includes two parts. One is signal parameters antidetecting performance simulation. In this part, the main work is on weather the detecting method could recognize the signal parameters rightly.
The other part is data demodulation test. After acquiring the signal period and synchronization, the original data transmitted could be demodulated. System using code hopping will get an extra antidetecting gain in this step.
Parameter antidetection simulation: in the simulation, 400 bits data have been spread by 15 bits PN code. The filter band is 4 times wide of signal band and the SNR is 6 dB. Figure 5 shows the results V (T) when R is 1, 2, 4 and 8, respectively.
Table 1: 
Judgment factors when data length is 400 bits 

Figure 6 points out the signal’s main spectrum falls when increasing the number of hopping codes. In another word, the antidetecting performance gets better when hoppingcode number increased.
In order to quantitatively determine whether the maximum spectrum is the real signal, define γ_{γ} named peak ratio. Firstly, define the maximum peak factor σ_{γ, first} and the second maximum peak factor σ_{γ, second} of vector Y as follows:
where, function “Mean (Y)” is to calculate the average value of Y, T_{max} is the maximum value of Y and Y_{submax} is the second maximum value of Y. Then define γ_{γ} as:
Table 1 shows γ_{γ} of V (T). It can be seen that, the maximum spectrum is really signal code period spectrum when σ_{γ, first} and γ_{γ} is large.
Data antidemodulation simulation: In the same time of recognizing period spectrum, code synchronization information could be obtained by intercepting the p_{syn} plane including period spectrum in mesh plot.
For NCHDSSS system, ones making sure the code period and synchronization position, d_{Ei} (t) could be directly output as blind detection results. Figure 7 gives out BER of d_{Ei} by different SNR, the theoretical value presents either. It is shown that detecting methods could easily get the original data transmitted.
While in CHDSSS system, there is a protection from demodulating uncooperative. That is detectors have no idea of the pole of the code. This problem does not exit in NCHDSSS system, because you can get the right data sequence or the totally opposition which is usable either.
The demodulation results in CHDSSS system is permutation and combination of
hopping codes. It causes fixed bit error according how many hopping codes are
used. For example, there are two hopping codes, both demodulation results of
two data sequences are the same as shown in Fig. 8.

Fig. 6: 
Results for different number of codes, (a) NCH system, (b)
CH system when R = 2, (c) CH system when R = 4 and (d) CH system when R
= 8 

Fig. 7: 
BER of estimated data d_{Ei} (t) 

Fig. 8: 
Demodulation of 2 codes hopping system 
Noticing data spread by code 2 in the rectangular, either 0 or 1 ill be considered
as 1. Therefore, code hopping encrypts the raw data. The more hopping codes,
the deeper data are encrypted. Thus intercepting demodulation will have a high
ABER (average bit error rate).
However, interceptor could still get right data by decryption like code separation or just has a good luck. When the demodulated results have the same polarity with original data, it is called consistent situation. And the BER in consistent situation is called CSBER.
In simulation, ABER is got by directly demodulating CH signals by ETSCA method. And CSBER is got by using special1 data instead of random data to artificially create consistent situation.
RESULTS ANALYSIS
Parameter antidetection analysis: It is indicated by Eq.
10 and 15 that the precision of estimation is related
to the SNR. As SNR decreasing, the signal’s main spectrum in T plane projection
is gradually submerged in noise. It is also reflected as the decreasing of γ_{γ}.
Generally, detection fails when γ_{γ} is less than 2. Define
the SNR is the lowest working SNR when γ_{γ} equals to 2.
The lowest working SNR for different number of hopping codes is shown in Fig.
9.
Antidetection performance of CH signals is related to the cross correlation
of hopping codes adopted. The less cross correlation is, the more efficient
the hopping codes are.

Fig. 9: 
Lowest working SNR 

Fig. 10: 
Synchronization detection on NCH system and CH system 
That is why the curve of Lowest working SNR for codes 31 bits long is higher
than that for codes 15 bits long. For chaos codes and gold codes which are both
15 bits long, antidetection performance of gold codes is better than that of
chaos codes for the same reason.
The curve of lowest working SNR rises logarithmically as the number of hopping
codes increasing. The curvature is related to the cross correlation. The curve
rises faster when the cross correlation is smaller.

Fig. 11: 
BER of CH system (BPSK, 31 bits gold codes) 
Generally, the curve approaches a horizontal line when R is bigger than code
length. The antidetecting efficiency is high when the number of hopping codes
is below 1/3 code length.
Code hopping system also makes it hard to get synchronization position in p_{syn} plane which is shown in Fig. 10. We could easily find synchronization position in NCH system’s p_{syn} plane projection. But it could only get an approximately position in CH system’s projection.
Data antidemodulation analysis: Demodulation results are shown in Fig. 11. The modulation is BPSK mode. The spreading sequence is gold code and the code length is 31 bits.
In the consistent situation, the encryption offered by different hopping codes is gone, so CSBER is lower than ABER. But these hopping codes also provide another protectionthe intercode interference. For interceptors, unpredictable hopping codes undoubtedly add a lot of noise. So CSBER will be higher than normal BER.
BER of CH system is further bigger than the BER of NCH system. It proves the secure performance of CH system is better. CH signals gets about 12 dB antidemodulation gains while R is 2. The antidemodulation gain increases when R grows. In fact, as R growing, the probability of consistent situation decreases quickly. And it’s hardly to separate hopping codes when R is big.
CONCLUSION
Research shows NCHDSSS signals is indeed insecure. It could be easily detected and even be demodulated. Cycle repeated feature is NCHDSSS system’s biggest weakness which is used by detecting methods. CHDSSS system eliminates this weakness efficiently by unpredictable hopping codes.
CHDSSS system has not been applied widely in wireless communication. Thus there is few detecting or intercepting research against CHDSSS communication system. Separating hopping codes may improve the detecting performance. But it is really hard to distinguish unknown and mixed codes with low SNR.
CHDSSS system has stronger antidetection performance in both signal parameters and data demodulation. Increasing hopping codes will be efficient if the cross correlation of hopping codes is small and the number of hopping codes is smaller than 1/3 code length. As the number of hopping codes rising, the efficiency falls down. And when the number of hopping codes is larger than the code length, there will be little improvement.
Hopping codes will also encrypt the raw data and add intercode interference into interceptors’ demodulation. The antidemodulation gain is more than 12 dB and will become bigger when increasing the number of hopping codes.
The cost of increasing antidetection performance is the system complexity.
To improve NCHDSSS system into CHDSSS system, NCHDSSS system needs to add
CHC module. Additional requirement of spreading code resources is an important
issue. Realvalued direct sequences (Jiang and Lu, 2009)
and chaotic PN sequences (Leon et al., 2001)
have been developed to solve this problem. The CH synchronization and management
of CHC key also need to be studied.
In conclusion CHDSSS system has good antidetection performance and should be developed to instead of NCHDSSS system in secure communications.
ACKNOWLEDGMENT
This study was supported by the National major special science and technology project of China (2009ZX03005003).