8/12/2019 CDMA Works
1/46
50
CHAPTER NO. 6
MULTIPLE ACCESS TECHNIQUES FOR MOBILE COMMUNICATION
Frequency Division Multiple Access (FDMA)
Time Division Multiple Access (TDMA)
Code Division Multiple Access (CDMA)
These multiple access systemshave very different approachesto the bandwidth problem.
6.1: FREQUENCY DIVISION MULTIPLE ACCESS (FDMA)
Each FDMAsubscriber is assigned a specific frequency channel (Fig. 6.1). No one
else in the same cell or a neighboring cell can use the frequency channelwhile it is
assigned to a user. This reduces interference, but severely limits the number of users.
FIG. NO. 6.1 FREQUENCY DIVISION MULTIPLE ACCESS (FDMA)
8/12/2019 CDMA Works
2/46
51
Frequency-division multiplexing (FDM) advantage of the fact that the useful bandwidthof
the mediumexceeds the required bandwidthof a given signal
6.2: TIME DIVISION MULTIPLE ACCESS (TDMA)
TDMA users share a common frequency channel (Fig. 6.2), but use the channelfor
only a very short time. They are each givena time slotand only allowed to transmit during
that time slot. When all available time slotsin a given frequency are used, the next user
must be assigned a time sloton another frequency. These time slicesare so smallthat the
human ear does not perceive the time slicing
FIG. NO. 6.2: TIME DIVISION MULTIPLE ACCESS (TDMA)
Time-division multiplexing (TDM)takes advantage of the fact that the achievable bit rate
of the medium exceedsthe required data rateof a digital signal
6.3: CODE DIVISION MULTIPLE ACCESS (CDMA)
Code-Division Multiple Access (CDMA) is one of the most important concepts to
any cellular telephone systemis that of multiple access.A large number of usersshare acommon pool of radio channels and any user can gain access to any channel. In other
words CDMAis a form of multiplexing, which allows numerous signalsto occupy a single
transmission channel, optimizing the use of available bandwidth. Though CDMAs
application in cellular telephone is relatively new, but it is not a new technology. CDMA
has been used in many military applications, such as anti-jamming (because of the spread
8/12/2019 CDMA Works
3/46
52
signal In March 1992,the TIA (Telecommunications Industry Association)established the
TR-45.5 subcommitteewith the charter of developing a spread spectrum digital cellular
standard. In July of 1993, the TIAgave its approval for the CDMA Technologystandard .A
CDMA call starts with a standard rate of 9.6 Kbps. This is then spread to a transmitted rate of
about 1.23 Mbps. The CDMA channel is nominal 1.23 MHz Wide CDMA is compatible
with other cellular technologies
CDMA users share a common frequency channel (Fig 6.3). All users are on the
same frequency at the same time.However, each pair of usersis assigned a special code
that reduces interference while increasing privacy.
FIG. NO. 6.3: CODE DIVISION MULTIPLE ACCESS (CDMA)
2 MB s3GCDMA 200064 Kps - 140 Kps2.5GCDMA (IS-95B)
56 Kps2GGSM34 Kps1GAMPS
Data transmission capacityGenerationCellulartechnolo
8/12/2019 CDMA Works
4/46
8/12/2019 CDMA Works
5/46
54
vocoder uses its full ratewhen a person is talking very fast. It uses the 1/8
ratewhen the person is silent or nearly so.
FIG. NO. 6.5: GENERATING AN A/D COMPRESSED SIGNAL
(III) ENCODING AND INTERLEAVING
Encoders and interleavers are built into the BTS and the phones. The
purpose of the encoding and interleaving is to build redundancy into the
signal so that information lostin transmission can be recovered.The type of
encodingdone at this stage is called "convolutional encoding." A simplified
encoding schemeis shown here. A digital messageconsists of four bits (A,
B, C, D) of vocoded data. Each bit is repeated three times.These encoded
bits are called symbols. The decoder at the receiver uses a majority logic
rule. Thus, if an error occurs, the redundancy can help recover the lost
information.
EXAMPLE:
BURST ERROR: A burst error is a type of error in received digital
telephonesignals. Burst errorsoccur in clumpsof adjacent symbols. These
errors are caused by fading and interference. Encoding and interleaving
reduce the effects of burst errors. Interleaving is a simple but powerful
method of reducing the effects of burst errors and recovering lost bits. In the
8/12/2019 CDMA Works
6/46
55
exampleshown in the Fig. 6.6,the symbolsfrom each group are interleaved
(or scrambled) in a pattern that the receiver knows.De-interleaving at the
receiver unscrambles the bits, spreading any burst errorsthat occur during
transmission.
FIG. NO. 6.6: ENCODING AND INTERLEAVING
(IV) CHANNELIZING
The encoded voice datais further encoded to separate it from other encoded
voice data. The encoded symbolsare then spreadover the entire bandwidth
of the CDMA channel. This processis called channelization.
The receiverknows the code and uses it to recoverthe voice data.
KINDS OF CODES: CDMA uses two important types of codes to
channelize users.
(a) Walsh codeschannelize users on the forward link (BTS to mobile).
Walsh codes provide a means to uniquely identify each user on the
forward link. Walsh codes have a unique mathematical property,
that is, they are "orthogonal." In other words, Walsh codes are
uniqueenough that a receiver applying the same Walsh codecan only
recover the voice data. All other signals are discarded as
background noise.
8/12/2019 CDMA Works
7/46
56
(a)Pseudorandom Noise (PN) codes channelize users on the reverse link
(mobile to BTS). Pseudorandom Noise (PN) codes uniquely identify
userson the reverse link. A PN codeis one that appears to be random,
but isn't. The PN codes used in CDMA yield about 4.4 trillion
combinations of code. This is a key reasonwhy CDMA is so secure.
(IV) CONVERSION OF DIGITAL TO RADIO FREQUENCY (RF) SIGNAL
The BTScombines channelized data from all calls into one signal. It then
converts the digital signal to a Radio Frequency (RF) signal for
transmission.
6.5: CODE CHANNELS USED IN CDMA
A code channel is a stream of data designated for a specific use or person. This
channelmay be voice data or overhead control data. Channelsare separated by codes.The
forward and reverse linksuse different types of channels.
(I) FORWARD LINK CHANNELS:uses four typesof channelsto transmit voice
and control datato the mobile. The types of forward linkchannels are:
i. Pilot
ii. Sync
iii. Paging
iv. Traffic
FIG. NO. 6.7: FORWARD LINK CHANNELS
8/12/2019 CDMA Works
8/46
57
(i) PILOT CHANNELThe BTS constantly transmits the pilot channel. The mobile uses the pilot signal
to acquire the system. It then uses the pilot signal to monitor and adjust the power
needed in order to transmit back to the BTS.
FIG. NO. 6.8: PILOT CHANNEL
(ii) SYNC CHANNEL
The BTS constantly transmits over the sync channelso the mobilecan synchronize with
the BTS.It provides the mobilewith the system time and the identification number of
the cell site.The mobile ignores the sync channelafter it is synchronized.
FIG. NO. 6.9: SYNC CHANNEL
8/12/2019 CDMA Works
9/46
58
(III) PAGING CHANNEL
CDMAuses up to seven paging channels. The paging channeltransmits overhead
informationsuch as commands and pages to the mobile. The paging channelalso
sends commands and traffic channel assignment during call set-up. The mobile
ignores the paging channelafter a traffic channelis established.
FIG. NO. 6.10: PAGING CHANNEL
(IV) FORWARD LINK TRAFFIC CHANNEL
CDMAuses between fifty-five and sixty-one forward traffic channelsto send both
voice and overhead control data during a call. Once the call is completed, the
mobile tunes back in to the paging channelfor commands and pages.
FIG. NO. 6.11: TRAFFIC CHANNEL
8/12/2019 CDMA Works
10/46
59
(II) REVERSE LINK CHANNELS:uses two typesof channelsto transmit voice and
control datato BTS.The types of reverse linkchannels are:
i. Access
ii. Traffic
FIG. NO. 6.12: REVERSE LINK CHANNELS
(i) ACCESS CHANNEL
The mobile uses the access channel when not assigned to a traffic channel. The
mobileuses the access channelto:
Register with the network
Originate calls
Respond to pages and commands from the base station
Transmit overhead messages to the base station
FIG. NO. 6.13: ACCESS CHANNEL
8/12/2019 CDMA Works
11/46
60
(II) REVERSE LINK TRAFFIC CHANNEL
The reverse traffic channel is only usedwhen there is a call. The reverse traffic
channel transmits voice data to the BTS. It also transmits the overhead control
information during the call.
FIG. NO. 6.14: REVERSE LINK TRAFFIC CHANNNEL
6.6: CALL PROCESSING STAGES IN CDMA
There are four stagesor modes in CDMA call processing(Fig. 6.15):
Initialization mode Idle mode Access mode Traffic mode.
(I) INITIALIZATION MODE: During initialization, the mobileacquires the system
via the Pilot code channelsynchronizes with the system via the Sync code channel
(II) IDLE MODE: The mobile is not involved in a call during idle mode, but it must
stay in communication with the base station. The mobile and the base station
communicate over the access and paging code channels. The mobile obtains
overhead information via the paging code channel.
8/12/2019 CDMA Works
12/46
61
FIG. NO. 6.15: CALL PROCESSING STAGES IN CDMA
(III) ACCESS MODE: The mobile accesses the network via the Access code
channelduring call origination. The Access channel and Paging channel carry
the required call set-up communicationbetween the mobile phone and the BTS
until a traffic channel is established.
(IV) TRAFFIC MODE:During a land to mobile (LTM)call: The mobile receivesa
page on the paging channel. The mobile respondson the access channel. The
traffic channelis established and maintained throughout the call.
During a mobile to land call (MTL):The callis placed using the Access channel.
The base station responds on the paging channel. The traffic channel is
established and maintained throughout the call.
Call processing (messages): During the call overhead messaging continues on
the traffic channelin a limited fashion. This messaginguses "Dim and Burst"
or "Blank and Burst" signaling, which replaces part of the voice traffic with
system messages. The user does not detect this signaling, however, due to the
strong datarecovery schemes inherent to CDMA.
8/12/2019 CDMA Works
13/46
62
FIG. NO. 6.16: MOBILE CALL PROCESSING
6.7: FEATURES OF CDMA
CDMA has several unique features that make it a cost-effective, high quality
wireless solution. The following features are unique to CDMA technology:
(a) Universal frequency reuse
(b)Fast and accurate power control
(c)Different types of handoff(a)FREQUENCY REUSE: The frequency spectrum is a limited resource.
Therefore, wireless telephony, like radio, must reuse frequency assignments.
Each BTS in a CDMA network can use all available frequencies. Adjacent
cells can transmit at the same frequency because users are separated by code
channels, not frequency channels. This feature of CDMA, called "frequency
reuse of one,"eliminates the need for frequency planning
8/12/2019 CDMA Works
14/46
63
FIG. NO. 6.17: POWER CONTROL
(b)POWER CONTROL: Power controlis a CDMA featurethat enables mobiles
to adjust the powerat which they transmit.This ensures that the base station
receives all signals at the appropriate power. The CDMA network
independently controls the powerat which each mobile transmits. Both forward
and reverse linksuse power control techniques.
Reverse link power control: Reverse link power control consists of two
processes:
Open loop power control: Open loop is the mobile's estimateof the
power at which it should transmit. The open loop estimate is based
on the strength of the pilot signal the mobile receives. As the pilot
signal gets weaker or stronger, the mobile adjusts its transmission
strength upwards or downwards. Open loop is used any time the
mobile transmits.
Closed loop power control: In closed loop, the BTS sends a command
to the mobile to increase or decrease the strength at which it is
transmitting. The BTSdetermines this command based on the quality
of the signal it receives from the mobile. Closed loop is only used
during a call. Closed loopcommands are sent on the forward traffic
channel.
8/12/2019 CDMA Works
15/46
64
(C) HANDOFF IN CDMA: Handoff is the process of transferring a call from one
cell to another.This is necessary to continue the call as the phone travels.
CDMAis uniquein how it handles handoff.
TYPES OF CDMA HANDOFF: CDMA has three primary types of
handoff:
i. SOFT
ii. HARD
iii. IDLE
(i) SOFT HANDOFF
A soft handoff establishes a connection with the new BTS prior to breaking the
connection with the old one. This is possible because CDMA cells use the same
frequency and because the mobile uses a rake receiver.
FIG. NO. 6.18: SOFT HANDOFF
Variations of the soft handoff: There are two variations of soft handoffs involving
handoffs between sectors within a BTS:
Softer
Soft-softer
The softer handoff: occurs between two sectors of the same BTS. The BTS decodesand
combines the voice signal from each sectorand forwards thecombined voice frameto the
8/12/2019 CDMA Works
16/46
65
BSC.The soft-softer handoff is combination handoff involving multiple cells and multiple
sectors within one of the cells.
FIG. NO. 6.19: SOFTER HANDOFF
(ii) HARD HANDOFF
A hard handoffrequires the mobileto break the connectionwith the old BTS prior
to making the connection with the new one. CDMA phones use a hard handoff
when moving from a CDMA systemto an analog systembecause soft handoffs are
not possible in analog systems. A Pilot Beacon Unit (PBU)at the analog cell site
alerts the phone that it is reaching the edge of CDMA coverage. The phone
switchesfrom digital to analogmode as during the hard handoff.
Hard handoffmay also be used when moving to a different:
- RF channel- MTSO- Carrier- Market
(iii) IDLE HANDOFF
An idle handoffoccurs when the phone is in idle mode. The mobile will detect a
pilot signal that is stronger than the current pilot. The mobileis always searching
for the pilotsfrom any neighboring BTS. When it finds a stronger signal, the mobile
simply begins attending to the new pilot.
8/12/2019 CDMA Works
17/46
66
6.8: ADVANTAGES OF CDMA
CDMA technologyhas numerous advantagesincluding:
i. COVERAGE
ii. CAPACITY
iii. CLARITY
iv. COST
v. COMPATIBILITY
vi. CUSTOMER SATISFACTION
(i) COVERAGE
CDMA's featuresresult in coveragethat is between 1.7 and 3 timesthat of TDMA.
Power control helps the network dynamically expand the coverage area. Coding
and interleavingprovide the ability to cover a larger areafor the same amount of
available powerused in other systems.
(II) CAPACITY
CDMA capacity is ten to twenty times that of analog systems, and it's up to four
times that of TDMA.
Reasons for this include:
CDMA's universal frequency reuse
CDMA users are separated by codes, not frequencies
Power controlminimizes interference, resulting in maximized capacity.
CDMA's soft handoffalso helps increase capacity. This is because a soft handoffrequires
less power.
FIG. NO. 6.20: ADVANTAGES OF CDMA
8/12/2019 CDMA Works
18/46
67
(iii) CLARITY
Often CDMA systems can achieve "wire line" clarity because of CDMA's strong
digital processing.Specifically:
The rake receiverreduces errors
The variable rate vocoder reduces the amount of data transmitted per
person, reducing interference.
The soft handoffalso reduces powerrequirements and interference.
Power controlreduces errorsby keeping power at an optimal level.
CDMA's wide band signal reduces fading. Encoding and interleaving reduce
errors that result from fading.
(iv) COSTCDMA'sbetter coverage and capacityresult in cost benefits:
Increased coverage per BTSmeans fewer are needed to cover a given area.
This reduces infrastructure costsfor the providers.
Increased capacityincreases the service provider's revenue potential.
A CDMA cost per subscriber has steadily declined since 1995 for both
cellular and PCS applications.
FIG. NO. 6.21: COST OF CDMA
8/12/2019 CDMA Works
19/46
68
(v) COMPATIBILITY
CDMA phonesare usually dual mode. This means they can work in both CDMAs
systems and analog cellular systems. Some CDMA phonesare dual band as well
as dual mode. They can work in CDMA mode in the PCS band, CDMA mode in
the cellular band, or analog mode in an analog cellular network.
(vi) CUSTOMER SATISFACTION
CDMA results in greater customer satisfactionbecause CDMA provides better:
Voice quality
Longer battery life due to reduced power requirements
No cross-talk because of CDMA's unique coding
Privacy--again, because of coding
FIG. NO. 6.22 CDMA CUSTOMER SATISFACTION6.8: ARCHITECTURE OF THE CDMA NETWORK
A CDMA networkis composed of several functional entities, whose functions and
interfacesare specified. The CDMA networkcan be divided into three broad parts. The
Mobile Stationis carried by the subscriber.The Base Station Subsystemcontrols the radio
link with the Mobile Station. The Network Subsystem, the main part of which is the
Mobile services Switching Center (MSC), performs the switching of calls between the
mobile users, and between mobile and fixed network users. The MSC also handles the
mobility management operations. Not shown is the Operations and Maintenance Center,
which oversees the proper operation and setup of the network. The Mobile Station and the
Base Station Subsystem communicate across the Um interface, also known as the air interface
8/12/2019 CDMA Works
20/46
69
or radio link. The Base Station Subsystem communicates with the Mobile services Switching
Center across the A interface.
FIG. NO. 6.23 GENERAL ARCHITECTURE OF A CDMA NETWORK
(I) MOBILE STATION
The mobile station (MS)consists of the mobile equipment. The mobile equipment
is uniquely identifiedby the International Mobile Equipment Identity (IMEI).
FIG. NO. 6.24: MOBILE EQUIPMENTS
(II) BASE STATION SUBSYSTEM
The Base Station Subsystemis composed of two parts:
(a) The Base Transceiver Station (BTS)
(b) The Base Station Controller (BSC).
8/12/2019 CDMA Works
21/46
70
These communicate across the standardized Abis interface, allowing operation between
components made by different suppliers.
FIG. NO. 6.25: BASE STATION SUBSYSTEM
(a) The Base Transceiver Station (BTS)houses the radio transceiversthat define a
cell and handles the radio-link protocolswith the Mobile Station. In a large urban area,
there will potentially be a large number of BTSsdeployed, thus the requirements for a BTS
are ruggedness, reliability, portability, and minimum cost.
The base station is under direction of a base station controller so traffic gets sent
there first. The base station controllergathers the callsfrom many base stationsand passes
them on to a mobile telephone switch. From that switch come and go the calls from the
regular telephone network.
(b) The Base Station Controller (BSC) manages the radio resources for one or
more BTSs. It handles radio-channel setup, frequency hopping, and handovers, as
described below. The BSC is the connection between the mobile station and the Mobile
service Switching Center (MSC). Another difference between conventional cellular and
CDMA is the base station controller. It's an intermediate step between the base station
transceiver and the mobile switch. This a better approach for high-density cellular
networks. As If every base station talked directly to the MSC, trafficwould become too
congested. To ensure quality communications via traffic management, the wireless
infrastructure network uses Base Station Controllers as a way to segment the network
and control congestion. The resultis that MSCs route their circuits to BSCs which in turn
are responsible for connectivity and routingof calls for 50 to 100 wireless base stations."
8/12/2019 CDMA Works
22/46
71
FIG. NO. 6.26: BASE STATION CONTROLLER
BSC functions includes:
Performs vocoding of the voice signal
Routes calls to the MTSO
Handles call control processes
Maintains a database of subscribers
Maintains records of calls for billingThe voice coders or vocoders are built into the handsets a cellular carrier
distributes. They're the circuitrythat turns speech into digital. The carrier specifies which
ratethey want traffic compressed,either a great deal or just a little. The cellular systemis
designed this way, with handset vocodersworking in league with the equipment of the base
station subsystem.
(III) THE MOBILE SWITCHING CENTER
The central component of the Network Subsystem is the Mobile services
Switching Center (MSC).
FIG. NO. 6.27: THE MOBILE SWITCHING CENTER
8/12/2019 CDMA Works
23/46
72
It acts like a normal switching node of the PSTN or ISDN, and additionally
provides all the functionalityneeded to handle a mobile subscriber, such as registration,
authentication, location updating, handovers, and call routing to a roaming subscriber .
These services are provided in conjunction with several functional entities, which together
form the Network Subsystem. The MSC provides the connection to the fixed networks
(such as the PSTN or ISDN). Signaling between functional entities in the Network
Subsystem uses Signaling System Number 7 (SS7),used for trunk signalingin ISDNand
widely used in current public networks.
(IV) HOME LOCATION REGISTER (HLR) & VISITED LOCATION REGISTER (VLR)
The Home Location Register (HLR) and Visitor Location Register (VLR), together
with the MSC, provide the call routing and roaming capabilities. The HLR contains all the
administrative information of each subscriber registered in the network, along with the
current location of the mobile. The location of the mobile is typically in the form of the
signaling address of the VLR associated with the mobile station. The Visitor Location
Register (VLR) contains selected administrative informationfrom the HLR,necessary for
call controland provision of the subscribed services, for each mobile currently locatedin
the geographical areacontrolled by the VLR. Most often these twodirectoriesare located
in the same place. The HLR and VLRare big databasesmaintained on computerscalled
servers, often UNIX workstations. To operate its nationwide cellular system, iDEN,
Motorola uses over 60 HLRs nationwide.
(V) EQUIPMENT IDENTITY REGISTER (EIR)
The other two registers are used for authentication and security purposes. The
Equipment Identity Register (EIR) is a database that contains a list of all valid mobile
equipment on the network, where each mobile station is identified by its International
Mobile Equipment Identity (IMEI).An IMEI ismarked as invalid if it has been reported
stolen or isnot type approved.
(Vi) THE INTERFACESCellular radio'smost cryptic termsbelong to these names: A, Um, Abis, and Ater.
A telecom interfacemeans many things. It can be a mechanical or electrical linkconnecting
equipment together. Or a boundary between systems, such as between the base station
system and the network subsystem. Interfaces are standardized methods for passing
8/12/2019 CDMA Works
24/46
73
information back and forth. The transmission media isn't important. Whether copper or
fiber optic cable or microwave radio, an interface insists that signals go back and forthin
the same way, in the same format. With this approach different equipment from any
manufacturerwill work together.
A-bis " is a French term meaning 'the second A Interface. In most cases the
actual span or physical connectionis made on an E1 line. But regardless of the material
used, the transmission media, it is the signaling protocolthat is most important.
Although the interface is unlabeled, the mobile switch communicates with the
telephone network using Signaling System Seven, an internationally agreed upon
standard. More specifically, it uses ISUP over SS7. "ISUP defines the protocol and
procedures used to set-up, manage, and release trunk circuits that carry voice and data calls
over the public switched telephone network (PSTN). ISUP is used for both ISDN and
non-ISDN calls."
6.9: COMPARISON OF MULTIPLE ACCESS SYSTEMS
The table summarizes in Fig.6.28 shows some of the technical aspects of the multiple
access technologies. The technologyused determines the channel's capacity. TDMAtriples
the capacity of FDMA, but CDMA capacitycan be up to seven times that of TDMA.
FIG. NO. 6.28: COMPARISON OF MULTIPLE ACCESS SYSTEMS
********
8/12/2019 CDMA Works
25/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
1
Code Division Multiple Access (CDMA)
The Concept of signal spreading and its uses in communications
Lets take a stright forward binary signal of symbol rate 2.
Figure 1 A binary information signal
To modulate this signal, we would multiply this sequence with a sinusoid and itsspectrum would look like as In figure 2. The main lobe of its spectrum is 2 Hz wide. The
larger the symbol rate the larger the bandwidth of the signal.
Figure 2 Spectrum of a binary signal of rate 2 bps
Now we take an another binary sequence of data rate 8 times larger than of sequence
shown in Fig. 1.
Page 1 / 18
8/12/2019 CDMA Works
26/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
2
Figure 3 A new binary sequence which will be used to modulate the information
sequence
Instead of modulating with a sinusoid, we will modulate the sequence 1 with this new
binary sequence which we will call the code sequence for sequence 1. The resultingsignal looks like Fig. 4.
Since the bit rate is larger now, we can guess that the spectrum of this sequence will have
a larger main lobe.
Figure 4 Each bit of sequence 1 is replaced by the code sequence
The spectrum of this signal has now spread over a larger bandwidth. The main lobebandwidth is 16 Hz instead of 2 Hz it was before spreading. The process of multiplying
the information sequence with the code sequence has caused the information sequence to
inherit the spectrum of the code sequence (also called the spreading sequence).
Figure 5 The spectrum of the spread signal is as wide as the code sequence
The spectrum has spread from 2 Hz to 16 Hz, by a factor of 8. This number is called the
the spreading factor or the processing gain (in dBs) of the system. This process can also
Page 2 / 18
8/12/2019 CDMA Works
27/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
3
be called a form of binary modulation. Both the Data signal and the modulating sequence
in this case are binary signals.
If original signal is x(t) of power Ps, and the code sequence is given by g(t), the resultant
modulated signal is
)()(2)( tgtdPts s=
The multiplication of the data sequence with the spreading sequence is the firstmodulation. Then the signal is multiplied by the carrier which is the second modulation.
The carrier here is analog.
)2sin()()(2)( tftgtdPts cs =
On the receive side, we multiply this signal again with the carrier. What we get is this.
)2(sin)()(2)( 2 tftgtdPtrcv cs =
By the trigonometric identity
)4cos(1)2(sin 2 tftf cc =
we get
Where the underlined part is the double frequency extraneous term, which we filter outand we are left with just the signal.
)()(2)( tgtdPtrcv s=
Now we multiply this remaining signal with g(t), the code sequence and we get
)()()(2)( tgtgtdPtrcv s=
Now from having used a very special kind of sequence, we say that correlatation of g(t)
with itself (only when perfectly aligned) is a certain scalar number which can beremoved, and we get the original signal back.
)(2)( tdPtrcv s=
( ) 2 ( ) ( )(1 cos(4 ))s c
rcv t P d t g t f t =
Page 3 / 18
8/12/2019 CDMA Works
28/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
4
In CDMA we do modulation twice. First with a binary sequence g(t), the properties of
which we will discuss below and then by a carrier. The binary sequence modulationahead of the carrier modulation accomplishes two functions, 1. It spread the signal and 2.
It introduces a form of encryption because the same sequence is needed at the receiver to
demodulate the signal.
In IS-95 and CDMA 2000 we do this three times, once with a code called Walsh, then
with a code called Short Code and then with one called Long code.
Properties of spreading codes
Multiplication with the code sequence which is of a higher bit rate, results in a much
wider spectrum. The ratio of the code rate to the information bit rate is called both the
spreading factorand the processing gainof the CDMA system. In IS-95, the chipping
rate is 1.2288 and the spreading factor is 64. Processing gain is usually given in dBs.
To distinguish the information bit rate from the code rate, we call the code rate, chipping
rate. In effect, we take each data bit and convert it into k chips, which is the codesequence. We call it the chipping rate because the code sequence applied to each bit is as
you can imagine it chipping the original bit into many smaller bits.
For CDMA spreading code, we need a random sequence that passes certain quality
criterion for randomness. These criterion are
1. The number of runs of 0s and 1s is equal. We want equal number of two 0s and1s, a length of three 0s and 1s and four 0s and 1s etc. This property gives us aperfectly random sequence.
2. There are equal number of runs of 0s and 1s. This ensures that the sequence isbalanced.
3. The periodic autocorrelation function (ACF) is nearly two valued with peaks at 0shift and is zero elsewhere. This allows us to encrypt the signal effectively and
using the ACF peak to demodulate quicklt.
Binary sequences that can meet these properties are called optimal binary sequences, or
pseudo-random sequences. There are many classes of sequences that mostly meet these
requirements, with m-sequences the only ones that meet all three requirements strictly.These sequences can be created using a shift-registers with feedback-taps. By using a
single shift-register, maximum length sequences can be created and called often by
their shorter name of m-sequence, where m stands for maximum.
m-sequences and the Linear Feed Shift-Register
Page 4 / 18
8/12/2019 CDMA Works
29/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
5
1 2 3
3 stage LFSR generating m-sequence of period 7., using taps 1 and 3.
1 2 3
Another 3 stage LFSR generating m-sequence of period 7, using taps 2 and 3
Figure 6 The structure of linear feedback registers (LFSR) from which m-sequences
can be created
msequences are created using linear feedback registers (LFSR). Figure 6 shows a
three register LFSR with two different tap connection arrangements. The tap connections
are based on primitive polynomials on the order of the number of registers and unless thepolynomial is irreducible, the sequence will not be a m-sequence and will not have the
desired properties.
Each configuration of N registers produces one sequence of length 2N
. If taps are
changed, a new sequence is produced of the same length. There are only a limitednumber of m-sequences of a particular size.
The cross correlation between an m-sequences and noise is low which is very useful in
filtering out noise at the receiver. The cross correlation between any two different m-
sequences is also low and is useful in providing both encryption and spreading. The lowamount of cross-correlation is used by the receiver to discriminate among user signals
generated by different m-sequences.
Think of m-sequence as a code applied to each message. Each letter (bit) of the message
is changed by the code sequence. The spreading quality of the sequence is an added
dimensionality and benefit in CDMA systems.
Gold sequences
Combining two m-sequences creates Gold codes. These codes are used in asynchronousCDMA systems.
Page 5 / 18
8/12/2019 CDMA Works
30/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
6
Gold sequences are an important class of sequences that allow construction of long
sequences with three valued Auto Correlation Function ACFs. Gold sequences areconstructed from pairs of preferred m-sequences by modulo-2 addition of two maximal
sequences of the same length.
Goldsequences are in useful in non-orthogonal CDMA. (CDMA 2000 is mostly anorthogonal CDMA system) Gold sequences have only three cross-correlation peaks,which tend to get less important as the length of the code increases. They also have a
single auto-correlation peak at zero, just like ordinary PN sequences.
The use of Gold sequences permits the transmission to be asynchronous. The receiver cansynchronize using the auto-correlation property of the Gold sequence.
.
1 2 3
1 2 3
EX-OR
Figure 7 Generating Gold codes by combining two preferred pairs of m-sequences
More codes
IS-95 and IS-2000 use two particular codes that are really m-sequences but have special
names and uses. These are called long codesand short codes.
Long code
The Long Codes are 242
bits (created from a LFSR of 42 registers) long and run at 1.2288
Mb/s. The time it takes to recycle this length of code at this speed is 41.2 days. It is used
to both spread the signal and to encrypt it. A cyclically shifted version of the long code isgenerated by the cell phone during call setup. The shift is called the Long Code Mask
and is unique to each phone call. CDMA networks have a security protocol called CAVE
that requires a 64-bit authentication key, called A-key and the unique ESN (ElectronicSerial Number, assigned to mobile based on the phone number). The network uses both
of these to create a random number that is then used to create a mask for the long codeused to encrypt and spread each phone call. This number, the long code mask is not fixed
but changes each time a connection is created.
Page 6 / 18
8/12/2019 CDMA Works
31/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
7
There is a Public long code and a Private long code. The Public long code is used by themobile to communicate with the base during the call setup phase. The private long code
is one generated for each call then abandoned after the call is completed.
Short code
The short code used in CDMA system is based on a m-sequence (created from a LFSR of
15 registers) of length 215
1 = 32,767 codes. These codes are used for synchronization in
the forward and reverse links and for cell/base station identification in the forward link
The short code repeats every 26.666 milliseconds. The sequences repeat exactly 75 times
in every 2 seconds. We want this sequence to be fairly short because during call setup,the mobile is looking for a short code and needs to be able find it fairly quickly. Two
seconds is the maximum time that a mobile will need to find a base station, if one is
present because in 2 seconds the mobile has checked each of the allowed base stations inits database against the network signal it is receiving.
Each base station is assigned one of these codes. Since short code is only one sequence,
how do we assign it to all the stations? We cyclically shift it. Each station gets the samesequence but it is shifted.
From properties of the m-sequences, the shifted version of a m-sequences has a verysmall cross correlation and so each shifted code is an independent code. For CDMA this
shift is 512 chips for each adjacent station. Different cells and cell sectors all use the
same short code, but use different phases or shifts, which is how the mobiledifferentiates one base station from another. The phase shift is known as the PN Offset.
The moment when the Short code wraps around and begins again is called a PNRoll.If I call the word please a short code, then I can assign, leasep to one user, easeplto another and so on. The shift by one letter would be my PN Offset. So if I say your ID
is 3, then you would use the code aseple.
A mobile is assigned a short code PN offset by the base station to which it is transmitting.The mobile adds the short code at the specified PN offset to its traffic message, so that
the base station in the region knows that the particular message is meant for it and not to
the adjacent base station. This is essentially the way the primary base station is identifiedin a phone call. The base station maintains a list of nearby base stations and during
handoff, the mobile is notified of the change in the short code.
There are actually two short codes per base station. One for each I and Q channels to beused in the quadrature spreading and despreading of CDMA signals.
Walsh codes
In addition to the above two codes, another special code, called Walsh is also used in
CDMA. Walsh codes do not have the properties of m-sequences regarding cross
correlation.. IS-95 uses 64 Walsh codes and these allow the creation of 64 channels from
Page 7 / 18
8/12/2019 CDMA Works
32/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
8
the base station. In other words, a base station can talk to a maximum of 64 (this number
is actually only 54 because some codes are used for pilot and synch channels) mobiles atthe same time. CDMA 2000 used 256 of these codes.
Walsh codes are created out of Haddamardmatrices and Transform. Haddamard is the
matrix type from which Walsh created these codes. Walsh codes have just oneoutstanding quality. In a family of Walsh codes, all codes are orthogonal to each other
and are used to create channelization within the 1.25 MHz band.
Here are first four Hadamard matrices. The code length is the size of the matrix. Each
row is one Walsh code of size N. The first matrix gives us two codes; 00, 01. The second
matrix gives: 0000, 0101, 0011, 0110 and so on.
=
10
001H
=
0110
1100
1010
0000
2H
=
10010110
00111100
01011010
11110000
01100110
1100110010101010
00000000
3H
In general each higher level of Hadamard matrix is generated from the previous by the
Hadamard transform
=+
NN
NN
NHH
HHH 1
Where NH is the inverse of NH .
Page 8 / 18
8/12/2019 CDMA Works
33/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
9
Their main purpose of Walsh codes in CDMA is to provide orthogonality among all the
users in a cell. Each user traffic channel is assigned a different Walsh code by the basestation. IS-95 has capability to use 64 codes, whereas CDMA 2000 can use up to 256
such codes. Walsh code 0 (which is itself all 0s) is reserved for pilot channels, 1 to 7 for
synch and paging channels and rest for traffic channels. They are also used to create an
orthogonal modulation on the forward link and are used for modulation and spreading onthe reverse channel.
Orthogonal means that cross correlation between Walsh codes is zero when aligned.However, the auto-correlation of Walsh-Hadamard codewords does not have good
characteristics. It can have more than one peak and this makes it difficult for the receiver
to detect the beginning of the codeword without an external synchronization. The partialsequence cross correlation can also be non-zero and un-synchronized users can interfere
with each other particularly as the multipath environment will differentially delay the
sequences. This is why Walsh-Hadamard codes are only used in synchronous CDMA and
only by the base station which can maintain orthogonality between signals for its users.
User 1
Walsh
code No.
WS 1 Mask 1 BS 1 SC
Long
code
Short
code
User 2
WS 2 Mask 2 BS 1 SC
User 3
WS 3 Mask 3 BS 1 SC
User 1
Walsh
code No.
WS 1Mask 1BS2 SC
Long
code
Short
code
User 2
WS 2Mask 2BS 1 SC
User 3
WS 3Mask 3BS 3 SC
Base
Station 1
Base Station
2
Base Station
3
Channel with
distortions
Channel with
distortions
Figure 8 Relationship codes used in CDMA
The above is simplified look at the use of these codes. Assume there are three users in
one cell. Each is trying to talk to someone else. User 1 wants to talk to someone who is
outside its cell and is in cell 2. User 3 wants to talk to someone in cell 3.
Lets take User 1. Its data is first covered by a channel Wash code, which is any Walsh
code from 8 to 63. It is assigned to the user by the base station 1 in whose cell the mobile
is located. The Base Station has also assigned different Walsh codes to users 2 and 3. Allthree of these are different are assigned by base station 1 and are orthogonal to eachother. This keeps the data apart at the base station. Now based on the random number
assigned by the BS, the mobile generates a long code mask (which is just the starting
point of the long code sequence and is a scalar number). It now multiplies the signal by
Page 9 / 18
8/12/2019 CDMA Works
34/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
10
this long code starting at the mask ID. Now it multiplies it by the short code of the base
station to whom it is directing the signal.
When the base station receives this signal, it can read the long code and see that the
message needs to be routed to base station 2. So it strips off 1st short code and adds on
the short code of base station 2 which is then broadcast by the BS 1 to BS 2 or sent bylandlines. BS2 then broadcasts this signal along to all mobiles in its cell. The users who is
located in this cell, now does the reverse. It multiplies the signal by the BS 2 short code
(it knows nothing about BS 1 where the message generated) then it multiplies the signalby the same long code as the generating mobile. How? During the call paging, the mobile
was given the same random number from which it creates the same long code mask.
After that it multiplies it by the Walsh code sequence (also relayed during call setup).
So thats about it with some additional bells and whistles, which we shall get to shortly.
Channel waveform properties
The communications between the mobile and the base station takes place using specific
channels. Figure below shows the architecture of these channels.
The forward channel (from base station to mobile) is made up of the following channels:
Pilot channel (always uses Walsh code W0) (Beacon Signals)Paging channel(s) (use Walsh codes W1-W7)
Sync channel (always uses Walsh code W32)
Traffic channels (use Walsh codes W8-W31 and W33-W63)
The reverse channel (from mobile to base station) is made up of the following channels:
Access channelTraffic channel
Figure 9 Forward channel
Forward Channel description
Page 10 / 18
8/12/2019 CDMA Works
35/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
11
A base station can communicate on up to 64 channels. It has one pilot signal, one synch
channel and 8 paging channels. The remaining are used for traffic with individualmobiles.
Walsh 0
Long
Code
1 to 64
DecimatorPaging channel
mask
Convolutional
Encoder
r = 1/2
Symbol
Repetition
Interleaver
Walsh 32
All 0'sPilot Channel
Synch data
at 1.2 kb/s
Sync Channel
4.8 kb/s
Convolutional
Encoderr = 1/2
Symbol
Repetition
Interleaver
Walsh 1-7
Paginga mobile
Paging Channel
19.2 kb/s
LongCode
1 to 64Decimator
Traffic Channelmask
Convolutional
Encoder
r = 1/2
Symbol
Repetition
InterleaverData
mobile
PowerControl Bits
MUX
Walsh x
Base Station
Short Code forI channel
Base Station
Short Code forQ channel
LPF
LPF
Cos(t)
Sin(
t)
Traffic Channel
I
Q
Figure 10 Forward channel is the transmission of all traffic from the base station within
its cell. All data is sent simultaneously.
Page 11 / 18
8/12/2019 CDMA Works
36/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
12
Pilot Channel
Lets start with how the base station establishes contact with the mobiles within its cell. It
is continually transmitting an all zero signal, which is covered by a Walsh code 0, a all
0s code. So what we have here is a one very long bit of all zeros. For this reason, thepilot channel has very good SNR making it easy for mobiles to find it. This all zero signal
is then multiplied by the base stations short code, which if you recall is the same short
code that all base station use, but each with different PN offset. Pilot PN Offsets arealways assigned to stations in multiples of 64 chips, giving a total of 512 possible
assignments. The 9-bit number that identifies the pilot phase assignment is called the
Pilot Offset.
This signal is real so it only goes out on the I channel, and is up-converted to the carrier
frequency which in the US is 845 MHz.
On the receive side, the mobile picks up this signal and notes the base station that istransmitting it. Here is a question, if the short code is cyclical, how does the receiver
know what the phase offset is. Do not all the signals from all the other nearby basestations look the same? Yes, and the mobile at this point does not know which base
station it is talking to, only that it has found the network. To determine of all the possible
base station and there can 256 of them, each using a 512 chip shifted short code, thenetwork uses the GPS signal and timing.
The zero offset base station aligns its pilot transmission with every even second time tickof GPS. So lets say that your mobile is in the cell belonging to a base station with PN
offset ID of 10. That means that is will start its transmission 10 x 512 chip = 5120 chipsafter every even second time tick. So when the mobile wakes up and looks at it time, it
knows exactly where each base station short code should be. Then all it has to do is to do
a correlation of the bits it is seeing with each of the 256 possible sequences. Of course, it
tries the base station where it was last but if it has been moved then theoretical it willhave to go through all 256 correlations to figure out where it is. But it does do it and at
the end of the process, it knows exactly which of the base stations it is hearing.
100101110 100101110 100101110 100101110 100101110 100101110
100101110 100101110 100101110 100101110 100101110 100101110
100101110 100101110 100101110 100101110 100101110 100101110
100101110100101110 100101110 100101110 100101110 100101110
100101110 100101110 100101110 100101110 100101110 100101110
100101110100101110 100101110 100101110 100101110 100101110
Page 12 / 18
8/12/2019 CDMA Works
37/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
13
Figure 11 The mobile looks for the code that aligns with GPS timing. It picks off the
code received at this time, does a correlation with stored data and knows which basestation it has found.
Synch Channel
The Synch channel information includes the pilot offset of the pilot the mobile has
acquired. This information allows the mobile to know where to search for the pilots in the
neighbor list. It also includes system time, the time of day, based on Global PositioningSatellite (GPS) time. The system time is used to synchronize system functions. For
instance, the PN generators on the reverse link use zero offset relative to the even
numbered seconds in GPS time. However, the mobiles only know system time at the basestations plus an uncertainty due to the propagation delay from its base station to the
mobile's location. The state of the long code generator at system time is also sent to the
mobile in the Synchronization message. This allows the mobile to initialize and run its
long code generator very closely in time synchronism with the long code generators in
the base stations. The Synchronization message also notifies the mobile of the pagingchannel data rate, which may be either 4800 or 9600 bits/sec. The data rate of this
channel is always 1200 bps.
Paging Channel
Now the mobile flashes the name of the network on its screen and is ready to receive and
make calls. Your paging channel may now be full of data. It may include a ring tone or a
voicemail received message. The data on the paging channel sent by the base station,includes mobileElectronic Serial Identification Number (ESIN), and is covered by a
long code. How does the mobile figure out what this long code is? At the paging level,the system uses a public long code. This is because it is not talking to a specific mobile, it
is paging and needs to reach all mobiles. When the correct mobile responds, a new
private long code will be assigned at that time before the call will be connected. The
mobile while scanning the paging channel recognizes its phone number and responds byringing. When you pick up the call, an access message goes back to the base station.
The mobile using Qualcomm CDMA generatse a 18-bit code. The mobile sends thisauthentication sequence to the base station during the sync part of the messaging
protocol. The base station checks the authentication code before allowing call setup. It
then issues a random number to the mobile, which the mobile uses in the CAVEalgorithm to generate a call specific long code mask. At the same time, the base station,
will also do exactly that. The two now have the same long code with which to cover the
messages.
Traffic Channel
The base station can transmit traffic data to as many as 54 mobiles at the same time. Itkeeps these channel separate by using Walsh codes. This is a code division multiplexing
rather than a frequency based channelization. Walsh codes are used only by the base
Page 13 / 18
8/12/2019 CDMA Works
38/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
14
station and in this fashion, it is a synchronous CDMAon the forward link, whereas on
the return link it is asynchronous CDMA, because there is no attempted separationbetween the various users. But the use of m-sequences for spreading, the quality of
orthogonality although not perfect is very very good.
The traffic channel construct starts with baseband data at 4.8 kbps. It is thenconvolutionally encoded at rate of , so the data rate now doubles to 9.6 kbps. Symbol
repetition is used to get the data rate up to 19.2 kbps. All information rates are sub-
multiples of this rate. Data is then interleaved. The interleaving does not change the datarate, only that the bits are reordered to provide protection against burst errors. Now at
this point, we multiply the resulting data sequences with the long code, which starts at the
point determined by the private random number generated by both the base station andthe mobile jointly. This start point is call-based and changes every time. Mobiles do not
have a fixed long code assigned to them. Reverse CDMA Channel can have up to 242
-1
logical channels or the total number of calls that can be served are 17179869184.
Now the data is multiplied by a specific Walsh codes which is the nth call that the basestation is involved in. Mobile already knows this number from the paging channel.
The base station then combines all its traffic channels (each covered by a different Walsh
code) and all paging channels (just 8) and the one pilot channel and one synch channel
adds them up, does serial to parallel conversion to I and Q channels. Each is then coveredby a I and a Q short code and is QPSK modulated up to carrier frequencies and then
transmitted in the cell.
Reverse Channels
In IS-95, there are just two channels on which the mobile transmits, and even that never
simultaneously. It is either on the access channel or it is transmitting traffic. The channel
structure is similar but simpler to the forward channel, with the addition of 64-ary
modulation.
Page 14 / 18
8/12/2019 CDMA Works
39/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
15
Convolutional
Encoder
r = 1/3
Symbol
Repetition
InterleaverData
mobile
64-ary
Modulation
Traffic Channel
Burst
randomizer
Convolutional
Encoder
r = 1/3
Symbol
Repetition
Interleaver64-ary
Modulation
Access Channel
A
T
Long Code Traffic Mask
From Base Station
Access Channel
Traffic Channel
Long Code
Generator Base Station
Short Code for
Q channel
LPF
LPF
Sin(t)
I
QHalf
Sym
delay
Cos(t)
Base Station
Short Code for
I channel
Access Channel
Traffic Channel
Figure 12 Reverse Channel - from mobile to base station communication
64-ary modulation
This block takes a group of six incoming bits (which makes 26= 64 different bit
sequences of 6 bits) and assigns a particular Walsh code to each. We know that each
Walsh code sequence is orthogonal to all the others so in this way, a form of spreadinghas been forced on the arbitrarily created symbols of 6 bits. And this spreading also
forces the symbols to be orthogonal. It is not really a modulation but is more of a
spreading function because we still have not up converted this signal to the carrier
frequency. After this, a randomization function is employed to make sure we do not gettoo many 0s or 1s in a row. This is because certain Walsh codes have a lot of
consecutive 0s.
Next comes multiplication with the long code starting at a particular private start point.
Then comes serial to parallel conversion, and application of baseband filtering which can
be a Gaussian or a root cosine shaping.
Then the Q channel (or I, it makes no difference) is delayed by half a symbol, as shown
below. The reason this is done is to turn this into an offset QPSK modulated signal. The
Page 15 / 18
8/12/2019 CDMA Works
40/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
16
offset modulated signal has a lower non-linearity susceptibility and is better suitable to
being transmitted by a class C amplifier such as may be used in a CDMA cell phone.
From there, each I and Q channel is multiplied by the rf carrier, (a sine and a cosine of
frequency fc) and off the signal goes to the base station.
On the demodulation side, the most notable item is the Rake receiver. Due to the
presence of multipath, Rake receivers which allow maximal combining of delayed and
attenuated signal, make the whole thing work within reasonable power requirements.Without Rake receivers, your cell phone would not be as small as it is.
Power control
Assume that there is only one user of the system. The carrier power
C = SNR = Eb/Tb= R Eb
If we define the transmit power equal to W and signal bandwidth equal to B, then the
Interference power at the receiver is equal to
I = W N0
Now we can write
0
0
/
/
b bR E E NC
I W N W R= =
The quantity W/R is the processing gain of the system. Now lets call M the number ofusers in this system. The total interference power is equal to
( 1)I C M=
Substituting this in the above equation, we get,
1
( 1) 1
C C
I C M M= =
and with one more substitution we get
0
0
/ 1
/ 1
11
/
b
b
E NC
I W R M
WM M
R E N
= =
=
Page 16 / 18
8/12/2019 CDMA Works
41/46
CDMA Tutorial
Copyright 2002 Charan Langton www.complextoreal.com
17
So we conclude that the system capacity is a direct function of the processing gain for a
given Eb/N0. What you may not have noticed is that we made an assumption that allusers have similar power level so the interferences are additive. No one user overwhelms
all the others. If the power levels of all users are not equal then the system capacity is
compromised and the C/I expression above is not valid.
The CDMA systems manage the power levels of all mobiles so that the power level of
each mobile is below a certain required level and is about the same whether the mobile is
very close to the base station or far at the edge of the cell. Multipath and fading alsoattenuate power levels so the system maintains a power control loop.
IS-95 has a open-loop and a closed loop power management system. The open loop is aquicker way to manage power levels. The forward and reverse links are at different
frequencies so they fade differently and open loop power control allows the mobile to
adjust its power without consulting with the base station. In closed loop power control the
base station measures the power level of the access channel signal sent by the mobile and
then commands with 1 in the synch channel if the power needs to be raised and with 0 ifit is to be reduced by 1 dB at a time. The closed loop power control also uses an outer
loop power control. This method measures the Frame Error Rate (FER)both by themobile and the base station and then adjusts the power according to whether the FER is
acceptable.
CDMA 2000
This is an evolution and extension of capabilities and builds on the IS-95 standard. One
of the big ways in which CDMA 2000 differs from IS-95 is that it includes beamforming. Each base station cell is now divided in three sectors such that frequency is
reused. This increases the gain at the mobile and allows better SNR and a larger number
of users. The other significant way that IS-2000 differs from IS-95 is that it allows
additional forward and reverse channels. Some of these channels are the same as IS-95and others are new. Spreading codes are also changed to allow larger data rates. The 1.25
MHz channel with the 1.2288 mbps spreading rate called 1X can now be 3X 93 x 1.2288
mbs) or 5X (5 x 1.2288 mbps)
Page 17 / 18
8/12/2019 CDMA Works
42/46
CDMA 1xRTT Security OverView August, 2002
Q U A L C O M M I N C O R P O R A T E D 3
2. Secur ity CDMA NetworksThe security protocols with CDMA-IS-41 networks are among the best in the industry. By
design, CDMA technology makes eavesdropping very difficult, whether intentional or accidental.
Unique to CDMA systems, is the 42-bit PN (Pseudo-Random Noise) Sequence called Long
Code to scramble voice and data. On the forward link (network to mobile), data is scrambled at a
rate of 19.2 Kilo symbols per second (Ksps) and on the reverse link, data is scrambled at a rate of
1.2288 Mega chips per second (Mcps).
CDMA network security protocols rely on a 64-bit authentication key (A-Key) and the
Electronic Serial Number (ESN) of the mobile. A random binary number called RANDSSD,
which is generated in the HLR/AC, also plays a role in the authentication procedures. The A-Key
is programmed into the mobile and is stored in the Authentication Center (AC) of the network. In
addition to authentication, the A-Key is used to generate the sub-keys for voice privacy and
message encryption.
CDMA uses the standardized CAVE (Cellular Authentication and Voice Encryption)
algorithm to generate a 128-bit sub-key called the Shared Secret Data (SSD). The A-Key, the
ESN and the network-supplied RANDSSD are the inputs to the CAVE that generates SSD. The
SSD has two parts: SSD_A (64 bit), for creating authentication signatures and SSD_B (64 bit), for
generating keys to encrypt voice and signaling messages. The SSD can be shared with roaming
service providers to allow local authentication. A fresh SSD can be generated when a mobilereturns to the home network or roams to a different system.
2.1. Authentication
In CDMA networks, the mobile uses the SSD_A and the broadcast RAND *as inputs to the
CAVE algorithm to generate an 18-bit authentication signature (AUTH_SIGNATURE), and sends
it to the base station. This signature is then used by the base station to verify that the subscriber is
legitimate. Both Global Challenge (where all mobiles are challenged with same random number)
and Unique Challenge (where a specific RAND is used for each requesting mobile) procedures are
available to the operators for authentication. The Global Challenge method allows very rapid
authentication. Also, both the mobile and the network track the Call History Count (a 6-bit
counter). This provides a way to detect cloning, as the operator gets alerted if there is a mismatch.
* Broadcast RAND, generated in the MSC, should not be confused with the RANDSSD from the HLR*
8/12/2019 CDMA Works
43/46
CDMA 1xRTT Security OverView August, 2002
Q U A L C O M M I N C O R P O R A T E D 4
The A-Key is re-programmable, but both the mobile and the network Authentication Center
must be updated. A-Keys may be programmed by one of the following: a) The factory b). The
dealer at the point of sale c) Subscribers via telephone d) OTASP (over the air service
provisioning). OTASP transactions utilize a 512-bit Diffie-Hellman key agreement algorithm,
making them well suited for this function. The A-Key in the mobile can be changed via OTASP,
providing an easy way to quickly cut off service to a cloned mobile or initiate new services to a
legitimate subscriber. Security of the A-Key is the most important component of CDMA system.
2.2. Voice, Signaling, and Data PrivacyThe mobile uses the SSD_B and the CAVE algorithm to generate a Private Long Code Mask
(derived from an intermediate value called Voice Privacy Mask, which was used in legacy TDMA
systems), a Cellular Message Encryption Algorithm (CMEA) key (64 bits), and a Data Key (32
bits). The Private Long Code Mask is utilized in both the mobile and the network to change the
characteristics of a Long code. This modified Long code is used for voice scrambling, which adds
an extra level of privacy over the CDMA air interface. The Private Long Code Mask doesnt
encrypt information, it simply replaces the well-known value used in the encoding of a CDMA
signal with a private value known only to both the mobile and the network. It is therefore
extremely difficult to eavesdrop on conversations without knowing the Private Long Code Mask.
Additionally, the mobile and the network use the CMEA key with the Enhanced CMEA (E-
CMEA) algorithm to encrypt signaling messages sent over the air and to decrypt the information
received. A separate data key, and an encryption algorithm called ORYX, are used by the mobile
and the network to encrypt and decrypt data traffic on the CDMA channels. Figure 3 illustrates
the CDMA authentication and encryption mechanism.
FIGURE 3:
8/12/2019 CDMA Works
44/46
CDMA 1xRTT Security OverView August, 2002
Q U A L C O M M I N C O R P O R A T E D 5
By design, all CDMA phones use a unique PN (Pseudo-random Noise) code for spreading the
signal, which makes it difficult for the signal to be intercepted.
2.3. AnonymityCDMA systems support the assignment of a Temporary Mobile Station Identifier (TMSI) to a
mobile to represent communications to and from a certain mobile in over the air transmissions.
This feature makes it more difficult to correlate a mobile users transmission to a mobile user.
8/12/2019 CDMA Works
45/46
CDMA 1xRTT Security OverView August, 2002
Q U A L C O M M I N C O R P O R A T E D 6
3. 3g CDMA 2000 Security
Third Generation technologies add more security protocols, including the use of 128-bit
privacy and authentication keys. For CDMA2000 networks, new algorithms such as Secure
Hashing Algorithm-1 (SHA-1) are being used for hashing and integrity, and the Advanced
Encryption Standard, AES (Rijndael) algorithm for message encryption. The AKA
(Authentication and Key Agreement) protocol will be used for all releases following CDMA2000
Release C. The AKA protocol will also be used in WCDMA-MAP networks, along with the
Kasumi algorithm for encryption and message integrity.
8/12/2019 CDMA Works
46/46
CDMA 1xRTT Security OverView August, 2002
Appendix : Glossary
AC (AuC) Authentication Center
AES Advanced Encryption Standard
AKA Authentication and Key Agreement
CAVE Cellular Authentication and Voice Encryption
CDMA Code Division Multiple Access
CMEA Cellular Message Encryption Algorithm
ESN Electronic Serial Number
HLR Home Location Register
IDC International Data Corporation
IS Interim Standard
MAP Mobile Applications Part
MSC Mobile Switching Center
OTASP Over The Air Service Provisioning
RAND RANDom challenge
SHA-1 Secure Hash Algorithm -1
SSD Shared Secret Data
TDMA Time Division Multiple Access
TMSI Temporary Mobile Station Identifier