Attacks and enhancement on security architecture of IS-95

Through analyze the structure of the channel, we find there is an inherent signal feature on the plaintext in IS-95 CDMA system. Based on it, a new ciphertext-only attack method is proposed, which can solve the initial phase of the key sequence by eavesdropping 20ms ciphertext frame. By exploiting the linear relations between the key sequence and the state of the long code generator, an algorithm for decoding the private mask is proposed. Hence, the voice encryption of IS-95 system is provably unsecure against ciphertext-only attack. Direct against the safety defect of IS-95 system and possible attack methods, we propose a new enhancement scheme to improve the security architecture of IS-95 system.