L.Krishna Bharathi et al.

/ (IJCSE) International Journal on Computer Science and Engineering

Vol. 02, No. 02, 2010, 237-245

Security Enhancement Using Mutual

Authentication in Existing CDMA Systems
L. Krishna Bharathi1, Gnanou Florence Sudha2,
Department of ECE, Department of ECE,
Pondicherry Engineering College, Pondicherry Engineering College,
Pondicherry, India. Pondicherry, India.

(Pseudo-Random Noise) Sequence called Long Code

Abstract Even though CDMA2000 wireless to scramble voice and data [1]. The existing CDMA
networks are being widely deployed as a cellular digital systems uses Cellular Authentication and Voice
standard around the world, it has some hidden Encryption (CAVE) algorithm. It provides only
vulnerabilities concerned with security issues. The existing unilateral authentication which leads to false base
CDMA systems use authentication mechanism by CAVE
(Cellular Authentication and Voice Encryption)
station attacks and it is also prone to cryptographic
algorithm. This authentication method has several attacks. These are the major challenges in the existing
disadvantages. Only one way authentication is provided, CDMA systems.
that is, only a base station authenticates a subscriber. This work proposes to apply ESA instead of CAVE
And, CAVE algorithm is prone to cryptographic attacks. in the authentication process of CDMA mobile
This work proposes to implement authentication method communication systems. If ESA can be applied in the
using ESA (Enhanced Subscriber Authentication) existing systems, demerits of CAVE algorithm can be
algorithm instead of CAVE algorithm in the existing improved. The rest of the paper is d e s i g n e d as
CDMA systems. Authentication mechanism using ESA follows. Section II discusses about the CAVE
algorithm uses AKA (Authentication and Key Agreement)
to enhance security strength and to provide mutual
algorithm and its drawbacks. Section III and IV
authentication between a base station and a mobile discuss a b o u t t h e p r o p o s e d scheme in detail.
terminal. AKA with 128-bit key adopts the SHA1 hash Section V discusses the simulation results and section
algorithm to generate authentication value and message VI concludes the proposed work. Finally, section VII
encryption keys. Performance analysis of the proposed discuss about the future work.
work is done by calculating the autocorrelation, cross-
correlation of the transmitted voice signal and also the II. SECURITY IN EXISTING CDMA2000
BER (Bit Error Rate) of the system. Thus the proposed NETWORKS
work enhances the security strength of the system with
Security has been a major concern for both service
increased key strength and bilateral authentication. The
proposed scheme can readily be applied to the existing providers and subscribers, since the birth of the cellular
CDMA systems because only the algorithm is replaced but industry. Service providers are primarily concerned
the input parameters remain the same. with security to prevent fraudulent operations such as
cloning, while subscribers are mainly concerned with
KeywordsESA, AKA, CAVE, CDMA, authentication privacy issues. CDMA2000 1xRTT network security
protocols rely on a 64-bit Authentication Key (A-Key)
I. INTRODUCTION and the ESN of the mobile. A random binary number
called RANDSSD, which is generated at the
As wireless services become increasingly prevalent,
Authentication Center (AC), is been used for
new possibilities and challenges continue to emerge.
authentication procedure. This section discusses about
Security becomes vital to delivering solutions that meet
the generation of Shared Secret Data (SSD) and
todays demand for mobility.
Authentication signature using CAVE algorithm and
the drawbacks of CAVE algorithm.
Code Division Multiple Access (CDMA) mobile
communication system starts from IS-95, called 2nd A. Cellular Authentication and Voice Encryption
generation system, to CDMA2000 1x, which is the 3rd Algorithm
generation system. And now, CDMA2000 1x EV-DO Cellular Authentication and Voice Encryption
system for high speed packet data is served in many (CAVE) is a set of cryptographic algorithms
countries. CDMA 2000 1xRTT technology makes collectively referred to as the CAVE algorithm which is
eavesdropping very complex. It uses 42-bit PN used during the authentication process. Based on the

ISSN : 0975-3397 237

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

inputs used, the CAVE algorithm enables calculation of 1) False base station attacks: Authentication
SSD and authentication signature during mechanism by CAVE algorithm provides only one way
challenge/response procedure. authentication, i.e. only a base station authenticates a
subscriber and subscriber cannot authenticate the base
1) Authentication key: The Authentication Key (A- station. This leads to base station impersonation or false
key) also known as master key, is the cornerstone of base station attacks [3]. False base station attacks leads
CAVE-based authentication. The A-key is provisioned to eavesdropping of private identity information of the
in the home Authentication Center and the mobile subscriber.
station (MS).The purpose of the A-key in authentication
is to generate Shared Secret Data. 2) Cryptographic attacks: A hash function must be
able to withstand all known types of cryptographic
2) Shared secret data: Shared Secret Data is a 128- attacks. As a minimum, it must have the following
bit value that is calculated using the CAVE algorithm. properties:
The SSD has two parts: SSD_A (64 bit) and SSD_B a) Pre-image resistance: Given a hash h, it
(64 bit) [2]. The mobile uses the SSD_A and the should be difficult to find any message m such that h =
broadcast RAND as inputs to the CAVE algorithm to hash(m). Functions which dont satisfy this property are
generate an 18-bit authentication signature and sends it vulnerable to pre-image attacks.
to the base station. Figure 1 illustrates the generation of
b) Second pre-image resistance: Given an input
shared secret data in existing CDMA 2000 networks.
message m1, it should be hard to find another input
This signature is then used by the base station to check message m2 (not equal to m1) such that hash(m1) =
that the subscriber is legitimate. hash(m2). Functions which dont satisfy this property
are vulnerable to second pre-image attacks.
The mobile uses the SSD_B and the CAVE algorithm
to generate a Public Long Code Mask (PLCM), a c) Collison resistance: It should be difficult to
Cellular Message Encryption Algorithm (CMEA) key find two different messages m1 and m2, such that
(64 bits), and a data key (32 bits). The PLCM is utilized hash(m1) = hash(m2). Functions which dont satisfy
in both the mobile and the network to change the this property are vulnerable to collision attacks.
characteristics of a Long code. This modified Long d) Reconstruction attack : The reconstruction
code is used for voice encryption. attack on CAVE shows that the security offered by
CAVE- 4 is less than 12 bits as it computes a pre-image
for a given hash value in around 2^11 hashing
operations of the algorithm (around 2^13 for CAVE-8).
This attack clearly reveals that, 4-round CAVE can be
broken in average time equivalent to 1.3*2 ^10 and 8-
round CAVE can be broken in 1.25*2^12 executions of
the algorithm [4, 5]. Increasing number of rounds from
4 to 8 increases only the workload by 8 times. Hence,
increasing the number of rounds of CAVE is not an
effective way to increase security.
e) List attack: The second approach to attack
CAVE is List attack. In this attack, precomputation is
done to establish look-up-tables that define the operation
of a segment in CAVE [4, 5]. These experiments reveal
that the resulting data sets can specify about half of the
Figure 1. Generation of shared secret data
unknown LFSR (Linear Feedback Shift Register) bits.
B. Drawbacks of CAVE Algorithm
III. ENHANCED SUBSCRIBER AUTHENTICATION
The CAVE algorithm is intended to authenticate a ALGORITHM
legitimate subscriber to the wireless network and
protect the network and customers of mobile phones Enhanced Subscriber Authentication refers to the 3rd
from the cloning fraud. The different attacks on CAVE generation authentication, this new form of
algorithm namely false base station attacks and authentication is based on 3GPP Authentication and
cryptographic attacks are described as follows. Key Agreement (AKA). Authentication mechanism by
CAVE algorithm uses a symmetry key cryptosystem

ISSN : 0975-3397 238

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

with Challenge-Response protocol between a base 1) Construction of ESA input to produce SSD:
station and a mobile station. This authentication Construction of ESA input to produce SSD involves the
mechanism has several disadvantages. Only one way construction of Input 1 and Input 2. Figure 3 shows the
authentication is provided, that is, only a base station construction of Input 1. 512-bit length Input 1 is
authenticates a subscriber and CAVE algorithm is also comprised of 16 words and size of each word is 32 bits.
prone to cryptographic attacks. But, Authentication First word is the value XORed Index into standard
mechanism using ESA algorithm uses AKA to enhance SHA1 constant value [6]. SHA1 constant value can be
security strength and to provide mutual authentication any value with 32-bit length. Second word is the value
between a base station and a mobile terminal. This XORed ESN into SHA1 constant value. And, third and
section discusses about the implementation of the ESA fourth words are each XORed first and second word of
algorithm to the existing CDMA systems and also the
RANDSSD into SHA1 constant value.
generation of shared secret data, authentication
signature value, voice privacy code and signaling
message encryption key using ESA algorithm.

A. Implementation of the ESA Algorithm to the

Existing CDMA Systems

Implementation of the ESA algorithm to the

Figure 3. Construction of Input 1
existing CDMA systems involves the following three
phases Generation of SSD from A_Key, Generation
of Auth_Signature from SSD_A and Generation of Next is to construct 160-bit Input 2. Input 2 consists
PLCM from SSD_B. Figure 2 illustrates the ESA of 5 words. Figure 4 shows the construction of Input 2.
algorithm implementation in the existing CDMA First and second words are each XORed A_Key into
systems. To reduce the simulation runtime the Long first and second words of standard SHA1 Initial Vector.
Code has been replaced by Short code in this proposed
work.

Figure 4. Construction of Input 2

2) Generation of SSD_A and SSD_B: Input 1 and

Input 2 are used for the generation of SSD_A and
SSD_B. Figure 5 shows the Generation of SSD_A and
SSD_B by ESA algorithm. Input 1 and Input 2 are
Figure 2. ESA algorithm implementation in the existing CDMA loaded into SHA1. Run SHA1 to produce 160-bit
systems output [7]. And then, polynomial AX+BmodG is
computed, where A and B are predetermined 160-bit
B. Generation of SSD from A_Key random numbers and treated as polynomials with
binary coefficients in the variable T. X is a 160-bits
Generation of SSD from A_Key, involves the output from SHA1 operation.
generation of shared secret data for authentication,
SSD_A and shared secret data for encryption, SSD_B,
using ESA algorithm and subscribers secret key
A_key. As a preceding work to do this, construction of
inputs of ESA algorithm is done.

ISSN : 0975-3397 239

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

D. Generation of PLCM from SSD_B

The generation of voice privacy code, PLCM,

CMEAKEY, using ESA algorithm can be discussed as
follows:

1) Construction of ESA Input to Produce PLCM :

Construction of ESA input to produce PLCM is almost
similar to the construction of Input 3 and Input 4.
Besides, first word of Input 3 is the value XORed Index
into SHA1 constant value to produce Input 5. And,
SSD_A in Input 4 is replaced by SSD_B to produce
Input 6.

2) Generation of PLCM : Input 5 and Input 6 are

used for the generation of PLCM and CMEAKEY.
Figure 5. Generation of SSD_A and SSD_B by ESA algorithm Most steps are similar to Figure 5, however, only least
significant 15 bits is used for PLCM and 64 bits for
C. Generation of Auth_Signature from SSD_A CMEAKEY are extracted from the 160 bit output.

The generation of authentication signature value E. Advantages of ESA over CAVE Algorithm
Auth_Signature, using ESA algorithm can be discussed
as follows: ESA algorithm overcomes the false base station
1) Construction of ESA input to produce attacks using AKA mechanism. It also overcomes the
auth_signature : cryptographic attacks. Table I shows the comparison of
Construction of ESA input to produce attacks in ESA and CAVE algorithm.
AUTH_SIGNATURE is almost similar to the
construction of Input 1 and Input 2 besides some Table I: Comparison of attacks in ESA and CAVE
parameters are changed as follows. Figure 6 shows the
construction of Input 3. Referring to the construction of Types of attacks CAVE algorithm ESA algorithm
Input 1, first word of Input 3 is filled with SHA1
constant value which is the same value used in Input1. Pre-image attack 2^128 hashing Nil
operations
Second word is the value XORed ESN into SHA1
Second pre-image 2^128 hashing Nil
constant value. The construction of Input 4 is identical attack operations
with the construction of Input 2 besides A_key is Collision attack 2^16 hashing 2^52 hashing
replaced with SSD_A. operations operations
Reconstruction 2^91 hashing Nil
attack operations
List attack 2^72 hashing Nil
operations

IV. AUTHENTICATION AND KEY AGREEMENT

Figure 6. Construction of Input 3 Authentication and Key Agreement relies on an

authentication key associated with the MS and available
only to the MS and its home AC. AKA involves a
2) Generation of auth_signature: Input 3 and Input challenge process that allows the network to
4 are used for the generation of Auth_Signature. Most authenticate the MS. However, in AKA the information
steps are similar to Figure 5, however, only least provided during this challenge also enables the MS to
significant 18 bits of final 160 bits is extracted as authenticate the network, providing for bilateral
Auth_Signature. authentication [8]. Following the bilateral
authentication, AKA also allows for the generation of
new Cipher Key (CK) and Integrity Key (IK). These
128-bit keys enable a security association between the
MS and the serving MSC for supporting security

ISSN : 0975-3397 240

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

services such as data integrity and data encryption. This

section discusses about the various phases involved in
AKA process.

A. Phases involved in AKA Process

AKA process involves four major phases -

Distribution of Authentication Vectors (AV),
Authentication of the network by the MS,
Authentication of the MS by the network,
Establishment of security association between MS and
MSC. Figure 7 illustrates the AKA mechanism.

Figure 8. Information contained in an authentication vector

C. Authentication of the Network by the MS

To ensure synchronization between MS and

network, a sequence number is provided by the network
and compared against the sequence number maintained
by the MS. To validate the authenticity of the message,
a MAC_A (Message Authentication Code) is provided
by the network and compared against an XMAC_A
(Expected Message Authentication Code) computed by
the MS.

D. Authentication of the MS by the Network

Authentication of the MS by the network in AKA is

similar to a unique challenge without shared SSD in
CAVE. The Authentication response (RES) received
from the MS is verified against the Expected RES
(XRES) received from the home system in the network
authentication token (AUTN).

E. Establishment of Security Association between MS

Figure 7. Authentication and key agreement mechanism and MSC

B. Distribution of Authentication Vectors

The CK, IK and UIM authentication key (UAK) are
generated by the MS in such a way that they are
An Authentication Vector (AV) is essentially a identical to the ones provided to the visited network in
group of information used for one AKA attempt. Figure the AV. The security association between MS and MSC
8 illustrates the information contained in an involves using these keys to support security services
authentication vector. AVs are generated by the home such as confidentiality and integrity. The last phase
AC and distributed to the visited network [8]. Each AV involves the establishment of a security association
contains all information required by the visited network following bilateral authentication between MS and
to locally perform AKA with an AKA-enabled mobile network.
station. To thwart replay attempts, each AV must be
used for only one AKA attempt.

ISSN : 0975-3397 241

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

V. PERFORMANCE METRICS

In this Section, the performance of the ESA

algorithm has been evaluated by effective voice
transmission and reception and also by calculating
autocorrelation, cross-correlation and BER of the
system in a CDMA environment.

A. Speech Signal

For the security analysis, the proposed method

utilized speech signal of the type WAV (Waveform
Audio File Format), which is sampled at 16 kHz. The
generated short PN-sequence is been XORed with the
given voice signal to generate scrambled voice. The
Figure 9 shows the speech waveform and Figure 10
shows the autocorrelation of short PN-sequence. The Figure 10. Autocorrelation for short PN-sequence
short PN-sequence generated using the LFSR has been
used to scramble the given voice signal. All simulations
are done using Matlab 7.8.0 version software.

Figure 11. Cross-correlation between voice and scrambled-voice

B. Authentication and Key Agreement Process

Figure 9. Speech signal waveform

Implementation of the ESA algorithm to the
existing CDMA system is followed by the
1) Cross-correlation between voice and scrambled- authentication and key agreement process. In AKA, the
voice: Cross-correlation compares two sequences from MS authenticates the network, similarly, the network
different sources rather than a shifted copy of a authenticates the MS and finally security association is
sequence with itself. The cross-correlation between established between MS and MSC.
voice and scrambled voice is shown in Figure 11. From
this figure, it is observed that the correlation between 1) Establishment of Bilateral Authentication
the voice and scrambled voice is zero, i.e. both the between MS and Network: The establishment of
sequences are dissimilar. security association between MS and the network leads
to bilateral authentication between the MS and the
network. The bilateral authentication between MS and
network is shown in Figure 12. From this figure, it is
observed that successful completion of AKA process

ISSN : 0975-3397 242

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

leads to bilateral authentication between MS and for generation of short code, the generated short code is
network. in turn used for voice encryption. The performance

analysis is done by calculating the BER of the system.

Figure 12. Establishment of bilateral authentication between MS
and network

C. Descrambling Process

The scrambled voice which has been generated at the

MS, after successful mutual authentication is
transmitted to the MSC where the descrambling process
takes place. If the mutual authentication fails, the
descrambling of the voice signal does not takes place.

1) Cross-correlation between voice and

descrambled-voice: Cross-correlation compares two
sequences from different sources rather than a shifted
copy of a sequence with itself. The cross-correlation
between voice and descrambled voice is shown in
Figure 13. From this figure, it is observed that the
correlation between the original voice and descrambled Figure 13. Cross-correlation between original voice and descrambled-
voice is one, i.e. both the sequences are similar. voice
1) BER comparison for ESA PLCM and RAND
D. Performance Analysis of ESA in CDMA PLCM: The BER comparison for ESA PLCM and
Environment
RAND PLCM is shown in Figure 14. Here, RAND
PLCM is nothing but the PLCM which has been
Performance analysis of the ESA algorithm is done randomly generated without using ESA algorithm.
after implementing the ESA algorithm in a CDMA. From this figure, it is observed that the proposed
Using ESA, PLCM has been generated which is used

ISSN : 0975-3397 243

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

algorithm shows better performance starts at low Authentication algorithm enhances the security of the
power. Consider the BER of 1/10000, the power CDMA systems.
utilized by the proposed algorithm is about 13db, while
VII. SCOPE FOR FUTURE WORK
the power utilized by RAND PLCM is about 15db and
the error rate is also less. This clearly implies that the
performance of ESA algorithm is better than existing Though the proposed method enhances the security
algorithm. of CDMA systems, it can be further enhanced by
employing AES in the scrambling process, instead of
pseudo-random scrambling. It enhances the physical
BER Performance of ESA & RAND PLCM
0
10 layer built-in security of CDMA systems through
ESA PLCM secure scrambling. AES consumes less memory and
RAND PLCM also ease of implementation and flexibility. CDMA
-1
10 systems with secure scrambling improve the system
performance and information privacy.

-2
10
Since, SHA1 algorithm is prone to collision attack, it
can be overcome by using SHA2 algorithm instead of
BER

SHA1. In addition to that, the short PN-sequence can

-3 also be replaced by Gold codes to yield better system
10
performance.
ACKNOWLEDGMENT
-4
10 The authors would like to express their cordial
thanks to Dr. E. Srinivasan for his valuable advice.
-5
10
0 2 4 6 8 10 12 14 REFERENCES
Eb/N0(db)
[1] M.Naidu and C.Wingert, CDMA 1xRTT Security
Overview, Qualcomm Inc., August 2002.
Figure 14. BER performance of ESA and RAND PLCM [2] K.Chung, D.Hong and K.Kim, Application of ESA in the
CAVE Mode Authentication, World Academy of Science,
VI. CONCLUSION Engineering and Technology, Vol.18, pp.92-96, June
2006.
[3] Bellcore and S.Patel, Weakness of North American
Thus the proposed work enhances the built-in Wireless Authentication Protocol, IEEE Personal
security of CDMA systems by applying the ESA Communications Magazine, Vol.4, pp.40-44, June 1997.
algorithm instead of CAVE algorithm in the [4] P.Gauravaram and W.Millan, Cryptanalysis of the
Cellular Authentication and Voice Encryption
authentication process of existing CDMA mobile Algorithm, IEICE Electronics Express, Vol.1, No.15,
communication systems. The proposed method is also pp.453-459, November 2004.
compatible to the existing CDMA systems because only [5] P.Gauravaram and W.Millan, Improved Attack on the
the algorithm is replaced but the input parameters Cellular Authentication and Voice Encryption Algorithm,
Proceedings of International workshop on Cryptographic
remain the same. Algorithms and their Uses, Australia, pp.1-13, July 2004.
[6] FIPS 180-2, Secure Hash Standard, NIST, August 2002.
This method utilizes the Authentication and Key [7] 3GPP2 S.S0055, Enhanced Cryptographic Algorithms,
Agreement which provides mutual authentication January 2005.
[8] 3GPP AKA: http://www.cdg.org/
between a base station and mobile terminal with
increased key size. Mutual authentication overcomes
BIOGRAPHY
the problem of false base station attacks, thereby
preventing the voice privacy or private identity
information of the subscribers from being Krishna Bharathi received the
B.E degree in Electronics &
compromised. The ESA algorithm also dismantles the
Communication Engineering in
cryptographic attacks such as reconstruction attack and 2007 from Anna University,
list attack, thereby enhancing the security of existing Chennai, India. He is currently
CDMA systems. The simulation results also clearly pursuing M.Tech in the
indicates that ESA based systems consumes less power Department of Electronics &
and the error rate is also less when compared with Communication Engineering at
CAVE based system. Thus, the Enhanced Subscriber Pondicherry Engineering College
in the field of Wireless

ISSN : 0975-3397 244

 L.Krishna Bharathi et al. / (IJCSE) International Journal on Computer Science and Engineering
Vol. 02, No. 02, 2010, 237-245

communication. His fields of interests include mobile and

wireless network security.

Gnanou Florence Sudha

completed B.Tech in Electronics &
Communication Engineering from
Pondicherry Engineering College
affiliated to Pondicherry University
in 1992. Obtained M.Tech in
Electronics & Communication
Engineering from Pondicherry
Engineering College in 1994.
Completed PhD in Electronics &
Communication Engg in 2005. She joined the Dept. of
Electronics & Communication Engg, Pondicherry
Engineering College as Lecturer in 1995. She worked as
Senior Lecturer in the same institute from 2000 to 2005.
Currently, she is Associate Professor in the same department.
She has published more than 36 journals and conference
papers and her fields of research interests are in Signal
Processing and Bio-Medical engineering.

ISSN : 0975-3397 245