WIRELESS COMMUNICATIONS AND MOBILE COMPUTING Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Published online in Wiley InterScience (www.interscience.wiley.com) DOI: 10.1002/wcm.0000

On Cracking Direct-Sequence Spread-Spectrum Systems †

Youngho Jo and Dapeng Wu∗ Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, 32611, U.S.A.

Summary

Secure transmission of information over hostile wireless environments is desired by both military and civilian parties. Direct-sequence (DS-SS) is such a covert technique resistant to interference, interception and multipath fading. Identifying spread-spectrum signals or cracking DS-SS systems by an unintended receiver (or eavesdropper) without a priori knowledge is a challenging problem. To address this problem, we first search for the start position of data symbols in the spread signal (for symbol synchronization); our method is based on maximizing the spectral norm of a sample covariance matrix, which achieves smaller estimation error than the existing method of maximizing the Frobenius norm. After synchronization, we remove a spread sequence by a cross-correlation based method, and identify the spread sequence by a matched filter. The proposed identification method is less expensive and more accurate than the existing methods. We also propose a zigzag searching method to identify a generator polynomial that reduces memory requirement and is capable of correcting polarity errors existing in the previous methods. In addition, we analyze the bit error performance of our proposed method. The simulation results agree well with our analytical results, indicating the accuracy of our analysis in additive white Gaussian (AWGN) channel. By simulation, we also demonstrate the performance improvement of our proposed schemes over the existing methods. Copyright °c 2008 John Wiley & Sons, Ltd.

KEY WORDS: Direct-Sequence Spread-Spectrum; PN sequence; code generator polynomial; linear feedback shift register; cracking; probability of error

1. Introduction symbols in the intercepted spread signal for the purpose of symbol synchronization, (b) estimate data In this paper, we consider the problem of eavesdrop- symbols, (c) estimate the PN sequence, and (d) ping on the adversary’s communication, which uses estimate the code generator polynomial of the PN Direct-Sequence Spread-Spectrum (DS-SS). The DS- sequence. SS is a covert communication technique; the informa- To identify the start position of data symbols, tion symbols are modulated by a pseudorandom noise we present a method based on the spectral norm (PN) sequence prior to transmission. This results in which achieves smaller estimation error in Section 4. a wideband signal, which is resistant to interference, After the symbol synchronization, we remove a PN jamming, interception and multipath fading [1, 2, 3]. sequence from the intercepted signals by a correlation To eavesdrop on the adversary’s communication, method to estimate data symbols without a priori one needs to (a) identify the start position of data knowledge about that PN sequence in Section 5. Identification of a PN sequence is processed by a matched filter between the intercepted signal and the ∗Correspondence to: Prof. Dapeng Wu, Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, estimated data symbols in Section 6. 32611, U.S.A. [email protected]fl.edu, http://www.wu.ece.ufl.edu. One of the harder problems in eavesdropping Copyright °c 2008 John Wiley & Sons, Ltd. Prepared using wcmauth.cls [Version: 2007/01/09 v1.00] 2 Y. JO AND D. WU on DS-SS signals is the polarity ambiguity of to show the effectiveness and to validate the analytical the estimated spread sequence and data symbols: probability of error of our approaches. Section 9 Erroneous reversal of polarity of each in the concludes this paper. estimated PN sequence compared to the true PN sequence is a major source of the performance 2. Related Works degradation of an eavesdropper. Therefore, we need to estimate a code generator polynomial to mitigate Wireless communications are very common both for this polarity problem. We propose a searching method military and commercial parties. The ability to use to identify the code generator polynomial in order to communication while mobile has great benefits for correct polarity errors as well as to reduce memory both parties. However, wireless communication has requirement of an eavesdropper in Section 7. Saving many security issues, since communication takes place hundreds or thousands of sequence bits in the memory over a wireless channel while the users are usually of an eavesdropper is very expensive. mobile. Such a wireless channel suffers from a number The probability of error performance of an of vulnerabilities: (i) The channel is vulnerable to eavesdropper is a function of signal-to-noise ratio eavesdropping. (ii) The data can be altered. (iii) The (SNR), the number of data symbols, and the length absence of wired link makes it much easier to cheat of the spread sequence of the intercepted signal. on identities. (iv) The channel can be overused. (v) Therefore, we need to study the analytical probability Finally, the channel can be jammed, notably in order of error performance of the eavesdropper with respect to perpetrate a denial-of-service (DoS) attack [5, 6]. to these parameters. By doing so, we can efficiently To eavesdrop on the adversary’s communication predict the performance of the eavesdropper. which uses DS-SS, the estimation of the spread First, we use a Gaussian approximation method in sequence from the intercepted signal is a key to crack Ref. [4] in order to find a marginal probability density on these DS-SS systems and is a challenging problem. function of the symbol estimator in Section 5 and the The literature on this subject is not rich. We briefly sequence estimator in Section 6, respectively. Second, discuss some related works which have studied this we find the probability of error of the symbol detector problem. without the proposed code generator estimator as a First, an eavesdropper needs to detect any sum of products of error functions and frequencies of transmission of DS-SS signals in order to crack the number of errors in the estimated spread sequence. a secure DS-SS signal. A method based on the Finally, we compare the probability of error with and fluctuation of an autocorrelation estimator, instead of without the proposed generator polynomial estimator on the autocorrelation itself, was proposed in [7]. in Section 7. The fluctuation of the autocorrelation estimator was The contributions of this paper are: (i) a generator used to estimate an accurate spread code period. polynomial estimator which can identify a code gener- Since the intercepted signal may experience delay, ator polynomial and can correct polarity errors in the the interceptor must find the start position of a data estimated PN sequence and estimated data symbols, symbol in the spread signal. To identify the start (ii) a theoretical verification of the probability of error position of a data symbol in the spread signal, Ref. [8] of a code generator estimator with respect to signal-to- proposed a correlation-based method. A method of noise ratio (SNR), the number of data symbols, and the maximizing the Frobenius norm of a covariance of length of the spread sequence of the intercepted signal, the intercepted signal was proposed in [9]. However, and (iii) the accuracy of performance prediction of an the Frobenius norm may result in the increase of eavesdropper. estimation error as the period of the PN sequence The remainder of this paper is organized as follows: increases; hence, their method does not work well for Related works are discussed in Section 2. Section the PN sequence of a long period. To address this 3 describes the signal model. Section 4 introduces limitation, a method based on the spectral norm which our method of identifying the start position of a data achieves smaller estimation error than the Frobenius symbol in the spread signal. Section 5 presents how norm based method is proposed in Section 4. to remove data symbols from the intercepted signal. Second, to identify the PN sequence, several Then, estimation of a spread sequence is presented methods were proposed in the literature [8, 10, 11, in Section 6. Section 7 discusses how to identify a 12]. In Ref. [10], a method based on a multichannel PN code generator polynomial and how to correct identification technique was proposed to recover polarity errors. Section 8 presents simulation results the convolution between the PN sequence and the

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 3 channel response for blind channel estimation; the complete expression for the probability of error of a limitation of this method is high computational symbol detector in Section 7. complexity. In Ref. [12], a method based on principal component analysis (PCA) was used to estimate the PN sequence from eigenvectors corresponding 3. Signal Model to the first and the second largest eigenvalues of the sample covariance matrix; however, the A baseband representation of a DS-SS signal is given computational complexity required by PCA is high. by [10, 12]: Ref. [8] suggested the use of chip-by-chip detection to estimate the PN sequence and to use a parallel X+∞ processing to combat the polarity ambiguity in y(t) = alh(t − kTs) + n(t) (1) successive demodulation and decoding. However, l=−∞ their parallel processing approach has a limitation: It PX−1 increases memory requirement and does not mitigate h(t) = ckp(t − kTc) (2) the polarity error. Ref. [11] proposed a multiple k=0 subsection cross-correlation averaging method to where Ts is the symbol duration, and al is a QPSK or estimate the PN sequence; however, the method used † only half of the captured symbols. It is known that BPSK modulated symbol transmitted at time kTs . We the more data symbols used, the more accurate the assume the symbols al are centered and uncorrelated. estimation is. In Section 6, we propose a cross- Let n(t) denote the noise at the output of the received correlation based method that uses all captured filter and the noise is additive white Gaussian noise symbols and achieves higher estimation accuracy. (AWGN) and uncorrelated with the information signal Third, to correct the polarity ambiguity in the al. The effect of the transmitter filter, the reception estimated spread sequence and data symbols, an filter, the channel response and the pseudo-random eavesdropper needs to estimate a code generator sequence ck is represented by h(t). Let p(t) denote the polynomial. The estimators used in Refs. [11, 12] convolution of all filters of the transmission chain. Tc did not consider the problem of polarity errors in is the chip duration and {ck}k=0,··· ,P −1 is the pseudo- the estimated PN sequence, i.e., erroneous reversal of random sequence of length P where P = Ts/Tc. In polarity of each chip in the estimated PN sequence this paper, we assume the symbol duration Ts can be (compared to the true PN sequence). Therefore, the estimated by the method in Ref. [7] for simplicity. probability of correct estimation of the PN sequence, Note that we consider the AWGN channel only in using their estimators, may be less than 50%. This this paper. Our study can be extended to multipath leads to significant performance degradation in terms environments if we use a blind channel estimation of bit error rate (BER) or symbol error rate (SER). method proposed in Ref. [10]. However, in the current We solve this problem by identifying the PN code work, we limit ourselves to the AWGN channel for generator polynomial in Section 7. Not only is it simplicity. Table I lists the notations used in this paper. important to estimate the PN sequence, but we also need to identify the PN code generator. Identifying the PN code generator polynomial improves the accuracy 4. Symbol Synchronization of estimating the PN sequence and data symbols by a The captured signal y(t) in (1) is sampled and factor of two, over the methods proposed in Refs. [11, divided into non-overlapping windows with the 12]. eavesdropper’s sampling duration T . We assume In [8], the probability of error of their sequence ev the sampling duration of an eavesdropper is the estimator was analyzed for each chip of a spread chip duration for simplicity, however this is not a sequence. They found a marginal probability density requirement of our method. Therefore, P · (L + 1) function of that sequence estimator by a numerical samples are available by sampling (L + 1) · T long integration. However, they did not consider the polar- s signal with the sample duration T . Rewriting P · ity ambiguity in their correct estimation probability c analysis. Therefore, their analysis had a limitation. In Section 7, we consider the polarity ambiguity in †For reasons of simplicity and clarity of presentation, we only focus on the QPSK/BPSK . If we adopt a blind the analysis of the probability of error of a sequence modulation detection method, our work can be applied to higher estimator and a symbol detector. We also provide a order modulation like 64-QAM with little modification.

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 4 Y. JO AND D. WU

Table I. List of Notations.

Pr(·) probability of (·) Pb probability of error (·)H conjugate transpose of (·) (·)T transpose of (·) Re(·) real part of (·) Im(·) imaginary part of (·) GF Galois field or finite field F Field E(·) expectation of matrix (·) sgn(x) sign of x a a vector (or set) of sequence (symbol) a∗ − sgn(a) b·c the nearest integer less than equal (·) aˆ estimation of a < x, y > inner product of x and y erfc(·) complementary error function of (·)

k · k2 spectral norm of (·) k · kF Frobenius norm of (·) N normal distribution B binomial distribution th λ eigenvalue ai,j the (i, j) entry of a matrix A L the number of synchronized data symbols P the length of the spread sequence

k e (L + 1) samples as a matrix y with dimension P × where hl denotes a vector containing the end of (L + 1), we have: the spreading waveform for a duration of Ts − kTc b £ ¤ followed by zeroes for a duration kTc; hl+1 is a vector k k k k k y = y−1 ··· yl−1 yl ··· yL−1 (3) containing zeroes for a duration Ts − kTc followed by the beginning of the spreading waveform for a where the superscript k represents the kTc time- k duration kTc; al denotes a vector containing two delayed desynchronized signal of (1) for k = k desynchronized symbols al and al+1; n stands for k 0, ··· ,P − 1. Let yl denote a column of the the noise. Therefore, it is necessary to make a column desynchronized yk. We may write yk as follows: k l yl have only one data symbol al. That is: £ ¤T k 0 £ ¤T yl = yl,k ··· yl,P −1 yl+1,0 ··· yl+1,k−1 y = y ··· y y ··· y   l l,0 l,k−1 l,k l,P −1 (6) a h + n 0 0 l l,k k = hl al + n  .   .   .  and (3) becomes:  a h + n  =  l l,P −1 P −1  £ ¤  a h + n  0 0 0 0 0  l+1 l+1,0 0  y = y0 ··· y y ··· y (7)  .  l−1 l L−1  .  Note that samples which belong to a and a in (3) a h + n −1 L l+1 l+1,k−1 k−1 are truncated in the synchronized intercepted signal (4) (7). Let R denote the covariance matrix of (5).

T th H where [·] denotes the transpose, yl,k is the k entry R = E[ykyk ] k l h l i of a column yl and hl,k is the spreading sequence of H H = hkE akak hk + σ2 I (8) yl,k. Now, we can modify (4) as follows: l l l l n P

    H hl,k 0 nk where [·] is the conjugate transpose, IP represents a  . .   .   . .   .  P × P identity matrix, E[·] denotes expectation, and  . .  · ¸  .  2     σn is the noise variance. k  hl,P −1 0  al  nP −1  To place the starting spread sequence h in the yl =   +   l,0  0 hl+1,0  al+1  n0  proper position in (4), we search for a maximum of the  . .   .   . .   .  spectral norm of the sample covariance matrix of (8). 0 hl+1,k−1 nk−1 The spectral norm of a matrix is the square root of the £ ¤ largest eigenvalue of R in Ref. [13]. Let kyk denote = he hb ak + nk 2 l l+1 l the spectral norm of the square covariance matrix. k k k = hl al + n p (5) kyk2 = λmax(R) (9) Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 5 where λ (R) stands for the largest eigenvalue of the max 36 covariance matrix. Then, the spectral norm of (7) is: Theorectical 34 L=128 2 £ ¤ L=256 0 0 2 2 32 L=512 kyl k2 = khl k E |al| + σn (10) 30 However, the spectral norm of (5) is: 28 2 || ( £ ¤ k e 2 2 2 Ts ||y 26 k khl k E |al| + σn if kTc ≤ 2 kyl k2 = 2 £ ¤ b 2 2 Ts 24 khl+1k E |al+1| + σn if kTc > 2 (11) 22 if the singular values are expressed in decreasing 2 20 order. Since kh0k2 ≥ khek2 or kh0k2 ≥ khb k , we l l l l+1 18 can determine the synchronized version of (3) by −15 −10 −5 0 5 10 15 k maximizing the spectral norm in (9) with respect to k = 0, ··· ,P − 1 as follows: k Fig. 1. Theoretical and simulated spectral norm, ky k2, in (12) with P = 31 and SNR=-5dB 0 k yˆ = argmax ky k2 k∈[0,P −1] p = argmax λmax (R) k∈[0,P −1] (12) 200 L=128/||y|| r 2 ³ h i´ 150 L=256/||y|| k kH 2 = argmax λ E y y L=512/||y|| max 2 k∈[0,P −1] 100 L=128/||y||

MSE F L=256||y|| F 50 L=512/||y|| In Ref. [9], the Frobenius norm was used to search F for the start position of a data symbol. Note that 0 2 −20 −15 −10 −5 0 5 the square of the Frobenius norm kykF is the sum SNR(dB) of squares of the singular values of y. There are (a) P = 31,L = 128, 256, 512 errors in the eigenvalue decomposition of the sample covariance Rˆ due to the noise according to matrix 800 P=15/||y|| perturbation theory [13]. The expected value of the 2 600 P=31/||y|| 2 2 2 perturbation error of the Frobenius norm is P · σn, P=61/||y|| 2 2 while that of the spectral norm is σ [13]. The 400 P=15/||y||

n MSE F P=31/||y|| Frobenius norm has a tendency to increase the mean F 200 P=61/||y|| square error (MSE) as the spread sequence length F 0 increases. Thus, their method does not perform well −20 −15 −10 −5 0 5 for long length sequences. To mitigate this limitation, SNR(dB) we use the spectral norm in (12). (b) L = 128,P = 15, 31, 63 Fig. 1 shows the theoretical and simulated squared ˆ 2 k Fig. 2. Comparison of MSE, E[(k − k) ], by the spectral spectral norm ky k2 in (12). For the calculation, norm vs. Frobenius norm 10,000 trials are carried out and averaged together. In the simulation, we use QPSK. The PN sequence is an m-sequence [1, 14, 15] with the length P = 31 and with a generator polynomial f(x) = 1 + x2 + x5. The norm, when the sequence length P = 31 is fixed and SNR is -5dB. When k = 0, the spectral norm has a the number of symbols L is 128, 256 and 512. We can peak. Note that the more samples, the more accurate estimation of yˆ0 in (12) can be achieved. synchronize the captured signal with fewer symbols We also compare the MSEs in the estimation of by the spectral norm. Fig. 2(b) shows the case with the ˆ 2 fixed number of symbols L = 128 and with the varied the time-delay kTc, E[(k − k) ], between the spectral norm and the Frobenius norm. The same simulation length of spread sequence P =15, 31, and 63. As the parameters are used in Fig. 1, except that SNR is length P increases, the MSE is increased by a factor varied from -20dB to 5dB. Fig. 2(a) shows that the of P 2; that is, the MSE, normalized by the squares of spectral norm has smaller MSEs than the Frobenius the sequence length P 2, is almost the same.

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 6 Y. JO AND D. WU

2 2 2 5. Symbol Estimation where ² = |ck| , σ = σn/², and n¯l,k is a Gaussian random process with zero mean and a unit variance, After symbol synchronization, we need to remove the i.e., n¯l,k ∼ N (0, 1). From the above definitions, we spread sequence in (6) to estimate the information have the SNR ρ = ²/σ2 = 1/σ2. symbol a from the synchronized signal y0 in (7). n l l + + + With the property of strong self-correlation and weak Let α = 1 + σn¯0,k, β = 1 + σn¯l,k, and γ = + + + 2 cross-correlation of spread spectrum, we use a method α β . Since n¯l,k ∼ N (0, 1), α ∼ N (1, σ ) and + 2 based on a cross-correlation between a test column, β ∼ N (1, σ ). We want to find the marginal 0 0 probability density f(γ+) which is a product of two say yt , and a column of a data symbol al, say yl , of the synchronized signal in (7). Then, we have: normal distributions. To find the marginal density f(γ+), we need to integrate the product of a 0 0H conditional distribution f(γ+|β+) and a marginal Cy0y0 (τ)=yt yl (τ) (13) t l distribution f(β+) with respect to β+. If the spread sequence is an m-sequence [1, 14, 15], Z Cy0y0 (τ = 0) ≥ Cy0y0 (τ 6= 0). Then, ∞ t l t l f(γ+) = f(γ+|β+)f(β+)dβ+ −∞ PX−1 " # ∗ Z ∞ µ + + ¶2 Cy0y0 (0)= yt,kyl,k (14) 1 1 1 γ − β t l = exp − dβ+ k=0 2 + 2 + 2πσ −∞ |β | 2σ β Z ∞ · ¸ Now we can estimate the symbol al from (14) as 1 1 1 ¡ + ¢2 + + 2 + exp − 2 β − 1 dβ follows: 2πσ −∞ |β | 2σ h ³ ´i (18) aˆ = sgn Re C 0 0 (0) l yt y h ³ l ´i (15) + j · sgn Im Cy0y0 (0) The integration in (18) can be obtained using a t l numerical integration, a Monte Carlo, or a Gaussian where Re(·) takes the real part and Im(·) takes the approximation with a given ρ [4]. Among these three imaginary part of a complex. sgn(x) is the sign methods, we use an approximation of products of two function with value 1, if x > 0, and -1 otherwise. Note normal distributions. Let µγ+ denote the mean and 2 + + + that the estimated symbol aˆl in (15) is estimated up σγ+ denote the variance of γ . Since α and β are to an unknown multiplicative factor. Therefore, the independent of each other, the mean and variance of sign of the symbol in (15) can be reversed by this γ+ are: multiplicative factor. This problem was not considered in Refs. [11, 12]. We will solve this problem by + + µ + = E[α β ] estimating a code generator polynomial in Section 7. γ + + (19) In order to analyze the performance of the symbol = E[α ]E[β ] = µα+ µβ+ = 1 estimator in (14), we use a Gaussian approximation of the sum of products of two random variables in order to find a marginal probability density function of the 2 + + 2 + + 2 σγ+ =E[(α β ) ] − (E[α β ]) ∗ symbol estimator in (14). Let ql,k = yt,kyl,k, at = a0, + 2 + 2 2 2 =E[(α ) ]E[(β ) ] − µα+ µβ+ and h0,k = hl,k = ck in (14) for simplicity. (20) 2 2 2 2 2 2 =µα+ σβ+ + µβ+ σα+ + σα+ σβ+ ∗ ql,k = (a0ck + n0,k)(alck + nl,k) =2σ2 + σ4 µ ¶ µ ∗ ¶ n0,k ∗ ∗ nl,k = ck a0 + ck al + ∗ ck c (16) + µ ¶ µ k ¶ The mean and variance of ²γ are ²µγ+ and n n∗ 2 2 2 0,k ∗ l,k ² σγ+ . Since data symbols {ql,k} are independent = |ck| a0 + al + ∗ ck ck of each other and have the same distribution, the distribution of aˆl will be approximately normally Assume a0 = 1 and al = 1 for generality. Then, distributed according to the central limit theorem ³ ´ [16]. Therefore, the distribution of aˆl is a normal q = ² (1 + σn¯ ) 1 + σn¯∗ (17) 2 2 l,k 0,k l,k distribution N (²P µγ+ , ² P σγ+ ) for P À 1. Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 7

T Under the condition that a0 = 1, the probability of and cˆ = [ˆc0, ··· , cˆP −1] stands for a vector of the the error estimation of aˆl is estimated spread sequence. The sign of the sequence in (25) can also be reversed by a multiplicative factor p(ˆal < 0|al = +1) in (15). " # Z 0 2 To analyze the performance of the sequence 1 (x − ²P µ + ) q γ = exp − 2 2 dx estimator in (25), we use the same Gaussian −∞ 2 2 2² P σ + 2π² P σγ+ γ approximation method in Section 5. The sequence à s ! estimator (25) can be rewritten as follows: 1 P = erfc µγ+ 2 L−1 2 2σγ+ X (21) cˆk = yl,k · aˆl l=0 (26) where LX−1 Z = (alhl,k + nl,k) · aˆl 2 ∞ erfc (x) = √ exp (−t2)dt (22) l=0 π x Let ωl,k = yl,ka¯l, and hl,k = ck for simplicity. 2 For al = −1, with similar notations µγ− and σγ− and Assume ck = 1 for generality. Then we have: using the same procedure, we have: ω = (a c + n )a ˆ l,k lµk l,k ¶l p(ˆal > 0|al = −1) n " # = a c + l,k aˆ Z ∞ 2 l k l 1 (x − ²P µ − ) al q γ √ = exp − 2 2 dx 0 2 2 2² P σ − = ² (1 + σn¯l,k)a ˆl (27) 2π² P σγ− γ à ! s 2 2 2 + 1 P where σ = σn/², ² = |al| . Let u = 1 + σn¯l,k, = 1 − erfc µ − + + + + 2 γ 2σ2 γ =a ¯l, and w = u γ . Since n¯l,k ∼ N (0, 1), γ− + 2 à s ! u ∼ N (1, σ ). We need to find a marginal probabil- 1 P ity density f(w+) which is a product of two normal = erfc µγ+ 2 distributions as (18): 2 2σγ+ (23) Z ∞ f(w+) = f(w+|γ+)f(γ+)dγ+ (28) 2 2 −∞ since µγ− = −µγ+ and σγ− = σγ+ . The bit-error rate of estimation of the symbol al is: 2 Let µw+ denote the mean and σw+ denote the variance of w+. Since u+ and γ+ are independent, the mean P a = p(ˆa > 0|a = −1)p(a = −1) b l l l and variance of w+ are: + p(ˆal < 0|al = +1)p(al = +1) à s ! + + µw+ = E[u γ ] 1 P (29) = erfc µ + + + γ 2 = E[u ]E[γ ] = µu+ µγ+ = 1 2 2σγ+ (24) 2 + + 2 + + 2 σw+ =E[(u γ ) ] − (E[u γ ]) + 2 + 2 2 2 =E[(u ) ]E[(γ ) ] − µu+ µγ+ 6. Spread Sequence Estimation 2 2 2 2 2 2 (30) =µu+ σγ+ + µγ+ σu+ + σu+ σγ+ To recover the PN sequence in (6), we use a matched =3σ2 + 3σ4 + σ6 filter operation between the synchronized intercepted √ + signal y0 in (7) and the estimated data symbols aˆ in Therefore, the mean and variance of ²w are √ 2 (15). That is: ²µw+ and ²σw+ . Since the sequence {ωl,k} is inde- pendent of each other and has the same distribution, ¡ 0 ¢ cˆ = sgn < y , aˆ > (25) the distribution of cˆk will be approximately normally distributed according to the central limit theorem where h·, ·i denotes inner product, aˆ = [16]. Therefore, the distribution of cˆk is a normal T √ 2 [ˆa0, ··· , aˆL−1] is a vector of the estimated symbol, distribution N ( ²Lµw+ , ²Lσw+ ) for L À 1. Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 8 Y. JO AND D. WU

Under the condition that ck = 1, the probability of Let F = GF (q) where q is a prime or a power of a ‡ the error estimation of cˆk is: prime where GF denotes a finite field and q is called the order of the field F [14]. If the feedback function p(ˆck < 0|ck = +1) f(x0, ··· , xn−1) is a linear function; that is, if it can Z 0 · √ 2 ¸ 1 (x − ²Lµw+ ) be expressed as = q exp − 2 dx −∞ 2 2²Lσ + 2π²Lσ + w w f(x0, ··· , xn−1) = Ã s ! (34) 1 L w0x0 + ··· + wn−1xn−1, wi ∈ F = erfc µw+ 2 2 2σw+ where wi denotes a tap weight of the LFSR for i = (31) 0, ··· , n − 1 over F . Then, sequences have the linear

2 recursion relation [14]: For ck = −1, with similar notations µw− and σw− and using the same procedure, we have: nX−1 ck+n = wick+i, k = 0, 1, 2,... (35) p(ˆc > 0|c = −1) k k i=0 Z 0 · √ 2 ¸ 1 (x − ²Lµw− ) = q exp − 2 dx If we have 2n successive sequence bits, we can −∞ 2 2²Lσw− 2π²Lσw− estimate the generator polynomial of sequence c = à s ! (c0, ··· , cP −1) over F = GF (q). We may rewrite 1 L the recursion relation (35) into the following matrix = erfc µw+ 2 2 2σw+ representation [14]: (32)       cn c0 c1 ··· cn−1 w0 2 2       since µw− = −µw+ and σw− = σw+ .  cn+1   c1 c2 ··· cn   w1  The probability of error P c in estimation of the  .  =  . . . .   .  (36) b  .   ......   .  sequence ck is: c2n−1 cn−1 cn ··· c2n−2 wn−1 c Pb = p(ˆck 6= ck) We can solve the recursion relation in (36) over = p(ˆck > 0|ck = −1)p(ck = −1) GF (q) to obtain tap weights w = (w0, ··· , wn−1). + p(ˆck < 0|ck = +1)p(ck = +1) (33) The next successive sequence bit can be generated à s ! 1 L and tested with the estimated tap weights wˆ and n = erfc µ + successive sequences using transform matrix M of 2 w 2σ2 w+ LFSR as follows [14]: Note that the probability of error in (24) and (33)   0 0 ··· 0w ˆ does not account for the polarity error. We will address 0  1 0 ··· 0w ˆ  this problem in the succeeding section.  1  M =  . . . . .  (37)  ......  0 0 ··· 1w ˆ 7. Identification of Generator Polynomial n−1 It is expensive to save hundreds or thousands and of sequence bits, say cˆ = [ˆc , ··· , cˆ ]T , in the 0 P −1 (ˆc ,cˆ , ··· , cˆ ) memory of the eavesdropper. This motivates us to k+1 k+2 k+n k+1 (38) estimate a generator polynomial of the estimated =(ˆc0, cˆ1, ··· , cˆn−1)M spread sequence from (25). n Shift registers are the practical and efficient Note that det(M) = (−1) wˆ0 and thus M is implementation for the spread sequence. We con- invertible if and only if wˆ0 6= 0. sidered a linear feedback shift register (LFSR) as The method we propose is called a “zigzag the implementation technique for PN sequence. The estimator” which searches for a generator polynomial correct selection of the n-tuple tap-weights (or n primarily based on (36) and (38) from the estimated feedback stages) will result in a maximal sequence of the length N = 2n − 1 [1, 14]. ‡Finite fields are called Galois fields. See [14].

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 9

cˆ nˆ nˆ + 1n ˆ + 2n ˆ + 3 Note that the method proposed in this section can also be applied to Gold codes. Some pairs of m-sequences with the same degree can be used to generate Gold Codes by linearly combining two m-sequences with different offsets in Galois cˆ∗ nˆ nˆ + 1n ˆ + 2n ˆ + 3 field. If the estimated generator polynomial can be decomposed into two preferred pairs of m- sequence, we can decompose the estimated generator Fig. 3. A graphical illustration of the zigzag estimator where polynomial into two m-sequences. For example, a nˆ = blog (P + 1)c and cˆ∗ = − sgn(cˆ) 2 generator f(x) = 1 + x + x2 + x3 + x4 + 5 6 3 x + x can be factored into f1(x) = 1 + x + x and 2 3§ sequence cˆ in (25), and also corrects the polarity f2(x) = 1 + x + x . error in the estimated sequence cˆ and data symbol Finally, we use a matched filter operation between s aˆ. A graphical representation of the zigzag estimator the intercepted signal y and the sign corrected is given in Fig. 3. A fundamental idea in correcting estimated sequence cˆzigzag in (Step 6). That is: signs of the estimated sequence is that the zigzag ¡ ¢ ˆ 0 ˆ estimator returns the non-sign reversed sequence if the azigzag = sgn < y , czigzag > (39) zigzag estimator can find a code generator polynomial However, from the estimated sequence cˆ. Let us introduce some ¡ ¢ mathematical notations. Let c = (c0, c1, ··· ) be the aˆ = sgn < y0, cˆ > (40) set of sequence or symbols. Let cˆ denote the estimated non−zigzag ∗ version of c and c be the sign-flipped version of c, Now we are ready to find the probability of error of ∗ i.e., c = − sgn (c). Let bnc denote the nearest integer the zigzag estimator in (39). First, we will find the less than or equal to n. Following is an algorithm for probability of error of the symbol detector without the the zigzag estimator. Note that we do not claim the zigzag estimator of (40). After that, the probability algorithm herein is optimal or sub-optimal. of the symbol detector by the zigzag estimator (39) will be analyzed. A symbol detector of a cooperative (Step 1) Estimate cˆ by (25). Store s ← ˆc (s temporal 1 receiver (Rx) can be written as follows: memory of ˆc). Initialize TestFlag ← 0, FlipCount ← 0, and nˆ ← blog (P + 1)c 2 aˆ = sgn (hy, ci) = sgn (hca + σn¯, ci) ˆ (Step 2) Estimate fnˆ (x) by (36). = sgn (a hc, ci + σ hn¯, ci) (41)

(Step 3) Generate 2ˆn successive αˆi by (38). Increase where n¯ ∼ N (0, 1). Then, signal-to-noise ratio ρRx of FlipCount← FlipCount+1. the cooperative receiver is:

(Step 4) Test cˆi =α ˆi,i=2ˆn,··· ,4ˆn−1. hc, ci2 P ρ = = (42) Rx σ2kck2 σ2 (4a) If cˆi =α ˆi,i=2ˆn,··· ,4ˆn−1, set TestFlag ← 1 and go to (Step 6). Therefore, the probability of error of the cooperative (4b) If cˆi 6=α ˆi,i=2ˆn,··· ,4ˆn−1, set TestFlag ← receiver with the known spread sequence c is [17]: 0 and go to (Step 5). Ãr ! 1 P (Step 5) If TestFlag=0, flip the sequence cˆ ← cˆ∗ P a = erfc (43) b,Rx 2 2σ2 (5a) If FlipCount=1, increase FlipCount← FlipCount+1. Go to (Step 2). However, signal-to-noise ratio ρEv of the eavesdrop- per (Ev) is: (5b) If FlipCount=2, increase nˆ ← nˆ + 1 and reset FlipCount ← 0. Go to (Step hc, cˆi2 hc, cˆi2 2). ρ = = (44) Ev σ2kcˆk2 σ2P (Step 6) Check polarity errors. If s 6= cˆ, cˆ ← cˆ∗. § Store cˆzigzag ← cˆ. See 4.4 Decomposition of LFSR sequences in [14].

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 10 Y. JO AND D. WU

1 ¡√ ¢ Table II. Relationship among Pr(K = k) in (45), hc, cˆi, and 2 erfc ρEv in (47) where k denotes the number of errors in the estimation of the spread sequence of the non-zigzag method.

k 0 1 ··· P hc, cˆi PP − 2 · · · −P ¡ ¢ ³ q ´ ³ q ´ ³ q ´ 1 √ 1 1 1 1 1 1 2 erfc ρEv 2 erfc P 2σ2P 2 erfc (P − 2) 2σ2P ··· 2 erfc −P 2σ2P c c c Pr(K = k) f(0; P,Pb ) f(1; P,Pb ) ··· f(P ; P,Pb )

c In Section 6, we find the probability of error Pb in is odd, the estimation of each chip in (33). The number of a,odd incorrect estimations of each chip c in the spread P b,non−zigzag = k à ! sequence c is an independent yes/no experiment with bP/2c r X 1 1 a fail probability P c. Let K denote the number of erfc (P − 2k) f(k; P,P c) b 2 2σ2P b errors in the estimation of the spread sequence c of k=0 à ! the length P . Then, we can write K ∼ B(P,P c). The bP/2c r b X 1 1 probability of getting exactly k errors in the estimation + erfc (2q − P ) f(q; P, 1 − P c) 2 2σ2P b of the spread sequence c with the length of P is given q=0 by: (48) If P is even, Pr(K = k) = f(k; P,P c) µ ¶ b P a,even = P c k c P −k (45) b,non−zigzag = (Pb ) (1 − Pb ) k P/2−1 à r ! X 1 1 erfc (P − 2k) f(k; P,P c) 2 2σ2P b for k = 0, 1, 2, ··· ,P with the binomial coefficient k=0 µ ¶ P µ ¶ + (P c)P/2(1 − P c)P/2 P P ! P/2 b b = (46) k (P − k)!k! P/2−1 à r ! X 1 1 + erfc (2q − P ) f(q; P, 1 − P c) 2 2σ2P b If there is no error in the estimation of the spread q=0 sequence c, i.e., c = cˆ or k = 0, hc, cˆi = P and (49) 2 ρEv(K = 0) = 1/σ . If there is only one error in the estimation of the spread sequence c, i.e., k = 1, The meanings of (48) and (49) are (i) the probability 2 2 distribution of hc, cˆi is symmetric, (ii) the probability hc, cˆi = P − 2 and ρEv(K = 1) = (P − 2) /(σ P ). distribution of hc, cˆi > 0 follows f(k; P,P c), and Table II shows the relationship among hc, cˆi, ρEv and b Pr(K = k) in (47) and (45). Therefore, the probability (iii) the probability distribution of hc, cˆi < 0 follows c of error in the estimation of symbol without the zigzag f(q; P, 1 − Pb ). estimator can be written as follows: The zigzag estimator in (39) can identify the PN code generator polynomial to correct the polarity error a in the estimation of the spread sequence if hc, cˆi = P b,non−zigzag = à ! −P or k = P or q = 0. Then, the probability of error P r X 1 1 in the estimation of symbols with the zigzag estimator erfc (P − 2k) Pr(K = k) 2 2σ2P P a is: k=0 b,zigzag (47) a P b,zigzag = à ! P −1 r Since f(k; P,P c) = f(P − k; P, 1 − P c), the prob- X 1 1 b b erfc (P − 2i) Pr(K = k) ability of k errors in the estimation of the spread 2 2σ2P k=0 sequence is the same as that of P − k correct Ãr ! 1 P estimations of the spread sequence. Let Q denote the + erfc Pr(K = P ) number of correct estimations of the spread sequence 2 2σ2 and q = P − k. If the length of the spread sequence P (50)

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 11

The probability of error of (50) by the zigzag estimator 1

is enhanced by a factor of two, compared to (47) ~ l

a 0 without the zigzag estimator, if the zigzag estimator −1 can estimate a code generator polynomial. We will 10 20 30 40 50 60 validate the probability of error of the symbol detector l (a) Estimated data symbols aˆ in (39) and (40) in the following Section 8.

1 l

8. Simulation and Validation a 0

In this section, we present a complete simulation −1 10 20 30 40 50 60 example to illustrate our approaches. We consider l information symbols modulated by an m-sequence (b) True data symbols a with the generator polynomial f(x) = 1 + x2 + x5 of Fig. 5. Data symbols estimation by (15) length N = P = 31. Signal constellation is BPSK and the number of data symbols is L = 128. The received 100 signal is corrupted by AWGN noise with SNR=-10dB. ~ k We assume the sampling rate of an eavesdropper is c 0 the chip rate Tc, however this is not required by our −100 0 5 10 15 20 25 30 method. k (a) Noisy estimated sequence cˆ 5

1

y 0 ~ k

c 0 −5 −30 −20 −10 0 10 20 30 k −1 k=26 0 5 10 15 20 25 30 (a) Desynchronized signal y0 k (b) Estimated sequence sgn (cˆ) 5

1

y 0 k

c 0 −5 −30 −20 −10 0 10 20 30 k −1 0 0 5 10 15 20 25 30 (b) Synchronized signal y0 k (c) True sequence c 5 Fig. 6. Spread sequence estimation by (25)

y 0

1 −5 −30 −20 −10 0 10 20 30 k ~ k

c 0 (c) True signal y

−1 0 5 10 15 20 25 30 Fig. 4. Symbol synchronization by the spectral norm where k the dashed ¤ denotes a−1, the solid ◦ denotes a0, the (a) Sign corrected sequence cˆ dashed-dotted ∗ denotes a1, respectively

1 First, we need to determine a synchronized version ~ l

a 0 of the intercepted signal by (12). Fig. 4(a) shows k=26 −1 a desynchronized signal y delayed by 26Tc. 10 20 30 40 50 60 k=26 l Therefore, a sample window y−1 contains the end (b) Sign corrected data symbol aˆ of a symbol a−1 for a duration of 5Tc followed by the beginning of next symbol signal a0 for a duration Fig. 7. Sign correction by the zigzag estimator k=0 26Tc. A synchronized signal y0 by (12) is shown in Fig. 4(b). Note that the desynchronized samples which belong to a−1 are truncated. Fig. 4(c) shows

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 12 Y. JO AND D. WU two synchronized sample windows for the purpose of Second, we compare Pr(hc, cˆi = P ) between with comparison. the zigzag estimator and without the zigzag estimator Second, estimations of data symbols and spread in (47) and (50), respectively. Fig. 9 shows the sequences are followed by the symbol synchroniza- Pr(hc, cˆi = P ) with different combinations of the tion. Fig. 5 shows the first 62 estimated data symbols number of data symbols L and the length of the spread aˆ by (15). Fig. 6 shows the noisy estimated sequence cˆ sequence P . Note that the Pr(hc, cˆi = P ) corresponds by (25). Note that the estimated data aˆ in Fig. 5(a) and to Pr(K = 0) without the zigzag estimator and the estimated sequence in Fig. 6(b) are sign reversed Pr(K = 0) + Pr(K = P ) with the zigzag estimator. versions of the true symbol a and the true sequence c, The Pr(hc, cˆi = P ) increases as the number of the respectively. Therefore, hc, cˆi = −P . We can correct intercepted symbols L increased and also increases polarity errors in the estimated data symbol aˆ and the as the length of the spread sequence P increased. spread sequence cˆ by the proposed zigzag estimator. Therefore, the Pr(hc, cˆi = P ) obtained by the zigzag Third, we can correct polarity errors in the estimated estimator is almost two times greater than that without data symbol aˆ and the spread sequences cˆ by the our proposed zigzag estimator. zigzag estimator. The zigzag estimator in Section 7 Third, we compare the simulated probability of searches and tests a generator polynomial from the error of the symbol detector in (39) and the analytical a estimated sequence cˆ by the recursion relation in (36) probability of error in (50). Fig. 10 shows the Pb,zigzag and the transform matrix in (37). Fig. 7 shows the sign with different combinations of the number of data corrected sequence cˆzigzag and data symbol aˆzigzag symbols L and the length of the spread sequence P . by the proposed zigzag estimator. Note that Pb,Rx/P = 64 denotes the probability of We also conduct a simulation to evaluate the error of a cooperative receiver in (43) with P = 64 for a performance of the proposed zigzag estimator. The comparison. The Pb,zigzag is enhanced as the number generator polynomial used in this simulation is of samples L increases and as the length of sequence an m-sequence with f(x) = 1 + x + x11 + x12 + x14 P increases. Moreover, the analytical performance n a and the sequence is truncated, P < N = 2 − 1 for Pb,zigzag of the symbol detector in (50) is almost comparison. We randomly seed initial conditions and the same as that of the simulated probability of error randomly generate data symbols corrupted by AWGN in (40). Since the simulated Pr(hc, cˆi = P ) ' 1 for noise. The signal constellation is BPSK. 10,000 P = 64, L = 128, SNR=-5dB in Fig. 9 over 10,000 a simulation trials are carried out and averaged. trials, Pb,zigzag ' Pb,Rx. Therefore, the analytical First, we compare the histogram of hc, cˆi between probability of error in (50) is a good approximation with the zigzag estimator and without the zigzag of the performance of an eavesdropper. This analytical estimator to verify the relation between (47) and performance can provide an efficient prediction of the (50). In this simulation, we use the number of performance of our proposed zigzag estimator. data symbol L = 128, the length of the spread Finally, we conduct a simulation with the n-tuple sequence P = 64, and SNR=−5dB. Fig. 8 shows the code generator polynomial to validate the performance comparison of histograms hc, cˆi between with the of the proposed zigzag method with the long length zigzag estimator and without the zigzag estimator. The sequence. The length of the spread sequence is P = horizontal axis is the value hc, cˆi and the vertical 2n − 1. We randomly seed initial conditions and axis represents the normalized occurrence frequency randomly generate data symbols corrupted by AWGN of hc, cˆi. The occurrence frequency of hc, cˆi = P is noise with SNR = −10dB. The signal constellation is 0.9991 and 0.4939 for with the zigzag estimator and BPSK and 10,000 simulation trials are carried out and without the zigzag estimator, respectively. However, averaged. Fig. 11 shows the probability of the correct the occurrence frequency of hc, cˆi = −P with the estimation of the spread sequence Pr(hc, cˆi = P ) zigzag estimator and without the zigzag estimator is with n = 6, ··· , 13 with the number of data symbols 0.0000 and 0.5052. The zigzag estimator in Section L = 256. The Pr(hc, cˆi = P ) increases as the length n 7 can identify the PN code generator polynomial of the spread sequence P = 2 − 1 increased. to correct the polarity error in the estimation of the spread sequence when hc, cˆi = −P . Therefore, 9. Conclusion the occurrence frequency hc, cˆi = P with the zigzag estimator is the sum of that of hc, cˆi = P and hc, cˆi = In this paper, we consider the problem of eaves- −P without the zigzag estimator. This validates the dropping on the adversary’s communication, which relation between (47) and (50). uses Direct-Sequence Spread-Spectrum (DS-SS). To

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 13

1 1

0.9 0.9

0.8 0.8

0.7 0.7

0.6 0.6

0.5 0.5

Pr() 0.4 Pr() 0.4

0.3 0.3

0.2 0.2

0.1 0.1

0 0 −60 −40 −20 0 20 40 60 −60 −40 −20 0 20 40 60 (a) w/o the zigzag estimator (b) w/ the zigzag estimator

Fig. 8. Histogram of hc, cˆi with P = 64, L = 128, and SNR=-5dB

1 1 w/ zigzag/L=128 w/ zigzag/P=64 0.9 w/ zigzag/L=256 0.9 w/ zigzag/P=128 w/ zigzag/L=512 w/ zigzag/P=256 0.8 w/o zigzag/L=128 0.8 w/o zigzag/P=64 w/o zigzag/L=256 w/o zigzag/P=128 0.7 0.7 w/o zigzag/L=512 w/o zigzag/P=256 0.6 0.6

0.5 0.5

0.4 0.4

0.3 0.3

Probability of correct estimation 0.2 Probability of correct estimation 0.2

0.1 0.1

0 0 −20 −15 −10 −5 0 5 −20 −15 −10 −5 0 5 SNR(dB) SNR(dB) (a) P =64, L =128, 256, 512 (b) L =512, P =64, 128, 256

Fig. 9. Comparison of the probability of correct estimation of the spread sequence Pr(hc, cˆi = P ) intercept the adversary’s communication, one needs signal. In addition to obtaining the PN sequence and to (a) identify the start position of a data symbol in the data symbols, we also proposed a zigzag estimator the spread signal for symbol synchronization purpose, to identify the PN code generator polynomial and (b) remove the PN sequence, (c) estimate the PN proposed a method to identify the polarity in the sequence, and (d) estimate the generator polynomial. received signal. Our method improves the probability In this paper, we propose effective methods to address of correct estimation by a factor of two, compared to these four problems. To identify the start position the previous method. We also analyze the probability of a data symbol, we developed a method that uses of error of the zigzag estimator in terms of SNR, the the spectral norm of the sample covariance matrix. number of intercepted data symbols, and the length After symbol synchronization, a method based on the of the spread sequence. Our validation by simulation cross-correlation was used to estimate data symbols up and theoretical analysis show the effectiveness of to an unknown multiplicative factor. These estimated our proposed method. Our proposed method can be symbols were used by a matched filtering operation used by an interceptor to eavesdrop on an adversary’s for identifying the PN sequence from the intercepted communication. Other applications of our method

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm 14 Y. JO AND D. WU

0 0 10 10 Simulated Simulated −1 −1 10 Analytical 10 Analytical

−2 −2 10 10

−3 −3 10 10

−4 −4 10 P 10 P b,Rx b,Rx

−5 −5 Bit error rate 10 Bit error rate 10

−6 −6 10 10

−7 −7 10 10

−8 −8 10 10 −20 −15 −10 −5 0 5 −20 −15 −10 −5 0 5 SNR(dB) SNR(dB) (a) P =64, L =128 (b) P =64, L =256

0 0 10 10 Simulated Simulated −1 −1 10 Analytical 10 Analytical

−2 −2 10 10

−3 −3 10 10

−4 −4 10 P 10 P b,Rx b,Rx

−5 −5 Bit error rate 10 Bit error rate 10

−6 −6 10 10

−7 −7 10 10

−8 −8 10 10 −20 −15 −10 −5 0 5 −20 −15 −10 −5 0 5 SNR(dB) SNR(dB) (c) P =128, L =256 (d) P =128, L =512

a Fig. 10. Comparison of the simulated and analytical probability of bit error Pb,zigzag with the zigzag estimator in (50) where Pb,Rx is the probability of error of an cooperative receiver (Rx) include altering an adversary’s information, isolating 2003/15, University of Canterbury, Christchurch, New an adversary’s communication link, and jamming Zealand 2003. 5. Buttyan L, Hubaux JP. Security and Cooperation in Wireless by a denial-of-service (DoS) attack by our smart Networks. Cambridge University Press: Cambridge. eavesdropper. Furthermore, our method can be used 6. Poisel AR. Modern Communications Jamming Principles and for the synchronization by estimating the received Techniques. Artech House Publishers, November 30, 2003. 7. Burel G. Detection of Spread Spectrum Transmissions using spread code by an intended receiver. fluctuations of correlation estimators. IEEE Int. Symp. on Intelligent Signal Processing and Communication Systems (1SPACS’2000) 2000; . References 8. Zhan Y, Cao Z, Lu J. Spread-spectrum sequence estimation for DSSS signal in non-cooperative communication systems. 1. Simon MK, Omura JK, Scholtz RA, Levitt BK. Spread IEE Proceedings Communications Aug 2005; 152(4):476– spectrum communications handbook (revised ed.). McGraw- 480, doi:10.1049/ip-com:20045197. Hill, Inc.: NY, USA, 1994. 9. Bouder C, Azou S, Burel G. A robust synchronization 2. Scholtz RA. The Origins of Spread-Spectrum Communica- procedure for blind estimation of the symbol period and the tions May 1982; COM-30, No.5:822–854. timing offset in spread spectrum transmissions. IEEE Seventh 3. Peterson RL, Borth DE, Ziemer RE. An Introduction to International Symposium on Spread Spectrum Techniques and Spread-Spectrum Communications. Prentice-Hall, Inc.: Upper Applications 2002; 1:238–241, doi:10.1109/ISSSTA.2002. Saddle River, NJ, USA, 1995. 1049322. 4. Ware R, Lad F. Approximating the Distribution for Sums 10. Tsatsanis MK, Giannakis GB. Blind estimation of direct of Products of Normal Variables. Research Report UCDMS

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm ON CRACKING DIRECT-SEQUENCE SPREAD-SPECTRUM (DS-SS) SYSTEMS 15

1

0.9

0.8

0.7

0.6

0.5

0.4

0.3

Probability of correct estimation 0.2

0.1

0 6 7 8 9 10 11 12 13 n

Fig. 11. Probability of correct estimation of the spread sequence Pr(hc, cˆi = P ) by the zigzag estimation with n- tuple generator polynomial, P = 2n − 1, SNR=-10dB and L=256

sequence spread spectrum signals in multipath. IEEE Transactions on Signal Processing 1997; 45:1241–1252. 11. Jiang L, Ji H, Li L. A Blind Estimation Algorithm for PN Sequence in DS-SS Signals. 8th International Conference on Signal Processing 16-20 2006; 3:–, doi:10.1109/ICOSP.2006. 345866. 12. Burel G, Bouder C. Blind estimation of the pseudo-random sequence of a direct sequence spread spectrum signal. 21st Century Military Communications Conference Proceedings 2000; 2:967–970, doi:10.1109/MILCOM.2000.904074. 13. Stewart GW. Perturbation Theory for the Singular Value Decomposition. Technical Report CS-TR-2539 1990. 14. Golomb SW, Gong G. Signal Design for Good Correlation: For Wireless Communication, Cryptography, and Radar. Cambridge University Press: NY, USA, 2004. 15. Sarwarte DV, Pursley MB. Cross-Correlation Properties of Pseudorandom and Related Sequences May 1980; 68, No.5:593–619. 16. Peebles PZJ. Probability, random variables and random signal principles. McGraw Hill, New York, 2001. 17. Verdu S. Multiuser Detection. Cambridge University Press, 1998.

Copyright °c 2008 John Wiley & Sons, Ltd. Wirel. Commun. Mob. Comput. 00: 1–15 (2008) Prepared using wcmauth.cls DOI: 10.1002/wcm