Attacks and enhancement on security architecture of IS-95

Through analyze the structure of the channel, we find there is an inherent signal feature on the plaintext in IS-95 CDMA system. Based on it, a new ciphertext-only attack method is proposed, which can solve the initial phase of the key sequence by eavesdropping 20ms ciphertext frame. By exploiting the linear relations between the key sequence and the state of the long code generator, an algorithm for decoding the private mask is proposed. Hence, the voice encryption of IS-95 system is provably unsecure against ciphertext-only attack. Direct against the safety defect of IS-95 system and possible attack methods, we propose a new enhancement scheme to improve the security architecture of IS-95 system.

[1]  Tongtong Li,et al.  Physical Layer Built-In Security Analysis and Enhancement Algorithms for CDMA Systems , 2007, EURASIP J. Wirel. Commun. Netw..

[2]  Soojong Kim,et al.  Parallel scrambling techniques for multibit-interleaved multiplexing environments , 1993, Proceedings of ICC '93 - IEEE International Conference on Communications.

[3]  Dae Hyun Ryu,et al.  A Security Weakness of the CDMA(Code Division Multiple Access) Cellular Service , 2006 .

[4]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[5]  A. Falahati,et al.  Notice of Violation of IEEE Publication PrinciplesSecurity Enhancement in CDMA with a Hidden Direct Sequence Spread Spectrum System , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[6]  Xingbin Zeng,et al.  A new CDMA long code fast computing method , 2003, IEEE/Siberian Conference on Control and Communications (IEEE Cat. No.03EX687).

[7]  Christopher Carroll,et al.  Analysis of IS-95 CDMA Voice Privacy , 2000, Selected Areas in Cryptography.

[8]  Tat-Chee Wan,et al.  Security Analysis and Enhancement of Authentication in CDMA based on Elliptic Curve Cryptography , 2012 .