A friend asked me how secure CDMA or cell phones calls were, and I told him that they were incredibly secure (without knowing the full details), so I decided to look into this matter in more detail.  Here’s some of the highlights of what CDMA can provide you.

From web research, CDMA was first adopted by the military for Naval communications.  CDMA is extremely secure due to it’s nature of spread spectrum communications and security at every level.   

1.  Communications from network to phone, scrambled using ”Long Code” 42 Bit PIN Pseudo Random Code.  From network to mobile it’s scrambled at a rate of 19.2 Kilo symbols per second.  From the mobile to the network it’s scrambled at 1.2288 Mega chips per second.  An unintended listener would need the PIN and to time their listening on both ends to the exact same communication timing (extremely difficult).  This I believe relates to the spread spectrum transmission over several frequencies and at different timing. 

2.   A 64 Bit encryption key (A-Key) is actually on the phone device.  This key and the phone ESN is used in several other security parameters that generate random keys for additional services.  Voice privacy uses this A-Key to generate a sub-key which is the used by the network for voice communications privacy.  A key that makes another key specific to the service of the phone.  Not only are you secure by having authentication encryption, but you are secure by service used on the mobile device.

3.  CDMA uses CAVE (Cellular Authentication and Voice Encryption), a 128-Bit sub-Key generated called “Shared Secret Data” (SSD).  Inputs to generate the SSD are A-Key, ESN, and network supplied Random binary numbers.  The SSD can be shared between networks for authentication and roaming (just image what this means for global phones for a second…it’s amazing).  The SSD is broken into two pieces, 64-Bit each, one for user authentication and the other is an encryption key for the voice and signaling messages.

Here is a Qualcomm white paper on the matter for a more detailed discussion.  There is a great diagram (although confusing) that organizes this data for more concise consumption. 

http://www.cdg.org/technology/cdma_technology/white_papers/cdma_1x_security_overview.pdf 

Permalink