
A. EBRAHIMZADEH, A. FALAHATI
2
cess the despread spectrum and receives only a signal
similar to noise, a perfectly secure radio transmission
channel is achieved [3-5].
Moreover, specifically the security of the frequency
hopping code division multiple access (FH-CDMA) sys-
tem mainly relies on the long-code generator that con-
sists of a 42-bit long-code mask generated by a 42-bit
LFSRs. However, if eavesdroppers can obtain 42 bits of
plaintext-cipher-text pairs, the long-code mask can be
recovered after dropping the transmission on the traffic
channel for about one second [3,6,7].
The fast correlation attack method based on a recently
established linear statistical weakness of decimated
LFSR sequences for reconstruction of LFSR code is de-
scribed in [8]. With this method eavesdropper can re-
cover LFSR sequence that he knows the LFSR feedback
polynomial. A method of blind estimation of PN code in
multipath fading direct sequence spread spectrum sys-
tems is proposed in [9]. In this article a combed method
is presented to estimate the unknown PN spreading se-
quence for direct sequence spread spectrum (DS-SS)
signals in frequency selective fading channel. It is proven
that LFSR codes are vulnerable to cipher-text-only at-
tacks [10] and security weakness of white Gaussian se-
quence is investigated in [11].
This preface and further studies show that LFSR codes,
white Gaussian sequences and other unencrypted codes
have security weaknesses and can be recovered by eaves-
droppers. So a method which can guarantee systems
against the probable attacks is urgently required.
In this manuscript, a new method called hidden fre-
quency hopping spread spectrum is proposed to augment
the built-in security of FH-CDMA systems by applying
cryptographic algorithm in the channelization code se-
quence.
2. Security Enhancement in FHSS System
with Encryption Hidden within SS
In FHSS technique, several users spread their signal
spectrum through available wideband frequency spec-
trum as narrowband sections with a special code which is
called frequency hopping. These codes must have a low
cross-correlation since other signals have little interfere-
ence over the desired signal. On the other hand, although
M-sequences which are generated by LFSR have fair
cross-correlation properties but they produce a weak se-
curity system for eavesdroppers to track the transmitted
spread signals. Therefore, FH-CDMA uses a long-code
to scramble the signal in wireless channels, thus the se-
curity is set up in the physical layer. The available secu-
rity which is produced by this method is very low and not
suitable for data communication considered. In this arti-
cle, for security enhancement, a model is proposed that
every user encrypts a special spreading code (e.g. a code
that is made by the M-sequence generators) with his pri-
vate key. The model is shown in Figure 1. Encrypted
codes are then used as the spreading code in the chan-
nelization section. At destination, the receiver who knows
his private key is able to regenerate the spreading code to
de-spread the transmitted signal [3].
On the other hand, the security by the proposed me-
thod is related to the encryption algorithm, not to the
LFSR complexity. If a suitable algorithm such as RC5,
IDEA or any block cipher algorithm is chosen, then a
desired high privacy can be obtained [12,13].
3. The Proposed System Model
Although spread spectrum systems are used for narrow-
band interference mitigation and have good efficiency in
preventing intentional and unintentional channel inter-
ference, if jammer uses similar spreading codes method,
it can be successful in deteriorating such techniques. The
level of signal destruction depends on similarity between
jammer and transceiver PN codes. This mechanism is
different for FHSS and DSSS systems but FH systems
are desired. In this method, jammer operates intelligently,
after accessing the channel and receive spread signals, it
finds spreading technique and PN sequence pattern. Then
it generates similar PN pattern and can synchronize itself
with the transceiver system to track the modulation type.
It should be mentioned that jammer can be located be-
tween transmitter and receiver so to provide the man in
the middle attack. So jammer can interfere with data sig-
nal or change receiver to a useless one and mask itself as
an allowable user.
A proposed hidden frequency hopping method can be
used to prevent sequence pattern disclosure. Therefore,
complexity in this process solely depends upon encrypt-
tion complexity. Let’s consider MFSK transceiver which
employs FHSS with encrypted PN sequences, Gaussian
noise power and partial band noise jamming function j(t).
Suppose that jammer can access channel and obtain de-
sired information from this system.
First a Key Distribution Centre (KDC) generates and
transmits agreeable session key to receiver by secure
procedure. Session key is a symmetrical key that BTS
and SS know and its transmission would be performed by
asymmetric pair public-privet key encryption. In this
manner symmetric key encrypts SS public key and only
SS can decrypt it. Then desired key is transmitted trough
unsecure channel by secure process. Public asymmetric
key is called Key Encryption Key (KEK). After key ex-
change, transmitter and receiver have the same encryp-
tion key to be able to encrypt PN codes that generate
hidden narrow band frequencies. The transceiver system
can now be synchronized, track encrypted PN codes,
access hidden hopped frequencies and finally obtains
Copyright © 2013 SciRes. JIS