Archived from groups: alt.cellular.sprintpcs (
More info?)
Pete Stephenson wrote:
> Does Sprint offer any sort of privacy-enhancing service such as this, or
> is one limited to the frequency-hopping benefits of CDMA?
Actually, Sprint is using probably one of the more secure interfaces,
even though there's no overt encryption layer beyond the CDMA air
interface itself.
One important thing to note is that the flavor of CDMA being implemented
by Sprint isn't frequency hopping. Instead, portions of the speech in
the conversation are broken up into discrete chunks and simultaneously
broadcast or a wide spectrum across the carrier's frequency band. If you
hit across one portion, it's not enough to decipher what is being said,
and likewise, if you jam one portion of the conversation, the vast
majority of the conversation will still be intelligible to the parties
who legitimately should be hearing it (you and whoever you're speaking
to). What portions are broadcast where (known as the "code mask") change
from one call to the next and are based on psuedorandom keys which are
never broadcast over the air.
Steven Den Beste's CDMA FAQ (
http://tinyurl.com/4yhg8 ) explains it better:
"When you speak into your CDMA phone, your voice is digitized and
compressed into 50 digital packets per second. These are then spread,
interleaved, passed through a Viterbi forward-error-correction encoder,
scrambled using the Walsh code for the channel you've been assigned,
scrambled again with the short code, possibly encrypted, scrambled yet
again with a modified version of the long code and then transmitted in
quadrature with spread spectrum. The creepy voyeur with his FM scanner
can't even pick up spread spectrum, and if he had the right receiver it
would just sound like a very high frequency hiss (well beyond the range
of human hearing) bearing no resemblance whatever to your voice."
So, to eavesdrop successfully on a call, you would need to know:
1. The phones' ESN, MDN and MSID combinations.
2. The authentication key being used (also a pseudorandom number that
changes from call to call)
3. The shadow mask values (Walsh code, long code and Short code)
4. You would have to correctly guess at what modulo of #3 and #4 the
phone is currently using or will use next.
If you don't have all of these elements, then all you hear is white
noise, if that.
And if you want to hazard a guess at the iterations of walsh, short and
long code in use at the time the call is initiated, it's the worst
lottery ever: the Walsh code can be any of 64^64 values (the actual
number is 116 digits long), the short code can be any of 32,768 values
and repeats every 26 1/3 milliseconds, and the long code (are you ready
for this?) is comprised of 1,099,511,627,776 values and repeats once
every 41.4 *days*.
And all of that is BEFORE any overt encryption is added to the mix.
Needless to say, Sprint has yet to find a reason to justify the use of
any additional encryption layers.
> I have no reason to suspect that anyone would be monitoring my calls,
> but in today's society it is wise to be prudent.
To again paraphrase Steve: If there is someone out there with the desire
and means to successfully eavesdrop on your CDMA calls over the air,
then you have way more important things to worry about than just this.
--
E-mail fudged to thwart spammers.
Transpose the c's and a's in my e-mail address to reply.