Unit I

Security Model: Security problem in computing- Security Attacks – Security Services–

Security Mechanisms –OSI Security Architecture-Model for Network Security-
Network Access Security Model-Spread Spectrum Technologies-Spreading
Techniques and CDMA.

INTRODUCTION TO CRYPTOGRAPHY AND NETWORK SECURITY

Computer Security - generic name for the collection of tools designed to protect data and to
thwart hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission over a collection of
interconnected networks

 Plain Text : An original / intelligible message or data

 Cipher text: coded message
 Enciphering/Encryption: process of converting plain text to cipher text
 Deciphering/ Decryption: restoring the plain text from the ciphertext
 Key: the secret material used for performing encryption
Encryption scheme is computationally secure if: 
 Cost of breaking the cipher exceeds the value of encrypted information 

 The time required to break the cipher exceeds the useful lifetime of the information
Cryptography: a word with Greek origins, means “secret writing.” However, we use the term to
refer to the science and art of transforming messages to make them secure and immune to
attacks. 
Cryptanalysis: Techniques for deciphering a message without any knowledge of enciphering
details. 
Cryptology: Cryptography + Cryptanalysis

 Steganography: “covered writing,” in contrast with cryptography, which means “secret

writing.” Eg: writing with soap in cloth will be visible when we make it wet. 
1
Digital signature:
Digital signature is a mathematical scheme to verify the authenticity of digital documents or
messages. Also, a valid digital signature allows the recipient to trust the fact that a known sender sent
the message and it was not altered in transit.
Authentication:
In computing, authentication is the process of verifying the identity of a person or device. A
common example is entering a username and password when you log in to a website. Entering
the correct login information lets the website know 1) who you are and 2) that it is actually you
accessing the website.

THREE KEY OBJECTIVES OF COMPUTER SECURITY:

1.Confidentiality:
Data confidentiality: Assures that private or confidential information is not made available or
disclosed to unauthorized individuals.
Privacy: Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.

2. Integrity::
Data integrity: Assures that information and programs are changed only in a specified and
authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.

3.Availability: Assures that systems work promptly and service is not denied to authorized
users.

These three concepts form what is often referred to as the CIA triad as shown in fig.1.1. The
three concepts embody the fundamental security objectives for both data and for information
and computing services.

2
 Fig1.1Security Requirement Triad
OSI SECURITY ARCHITECTURE:
 The Open Systems Interconnection (OSI) security architecture provides a systematic
framework for defining security attacks, mechanisms, and services.
 Security attacks are classified as either passive attacks, which include unauthorized
reading of a message of file and traffic analysis or active attacks, such as modification of
messages or files, and denial of service.
 A security mechanism is any process that is designed to detect, prevent, or recover from
a security attack.
 Examples of mechanisms are encryption algorithms, digital signatures, and
authentication protocols.
 Security services include authentication, access control, data confidentiality, data
integrity, nonrepudiation, and availability.

To assess effectively the security needs of an organization and to evaluate and choose various
security products and policies, the manager responsible for security needs some systematic
way of defining the requirements for security and characterizing the approaches to satisfying
those requirements. This is difficult enough in a centralized data processing environment; with
the use of local and wide area networks, the problems are compounded.

The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as

• Security attack: Any action that compromises the security of information owned by an
organization.

• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.

• Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to
provide the service.

3
SECURITY PROBLEMS IN COMPUTING
 Security is not as simple as it might first appear to the novice. The requirements seem
to be straightforward; indeed, most of the major requirements for security services can
be given self-explanatory, one-word labels: confidentiality, authentication, non
repudiation, or integrity. But the mechanisms used to meet those requirements can be
quite complex.

 In developing a particular security mechanism or algorithm, one must always consider

potential attacks on those security features. In many cases, successful attacks are
designed by looking at the problem in a completely different way, therefore exploiting
an unexpected weakness in the mechanism.

 The procedures used to provide particular services are often counter intuitive. Typically,
a security mechanism is complex, and it is not obvious from the statement of a particular
requirement that such elaborate measures are needed. It is only when the various
aspects of the threat are considered that elaborate security mechanisms make sense.

 Having designed various security mechanisms, it is necessary to decide where to use

them. This is true both in terms of physical placement (e.g., at what points in a network
are certain security mechanisms needed) and in a logical sense [e.g., at what layer or
layers of an architecture such as TCP/IP (Transmission Control Protocol/Internet
Protocol) should mechanisms be placed].

 Security mechanisms typically involve more than a particular algorithm or protocol. They
also require that participants be in possession of some secret information (e.g., an
encryption key), which raises questions about the creation, distribution, and protection of
that secret information. There also may be a reliance on communications protocols
whose behavior may complicate the task of developing the security mechanism. For
example, if the proper functioning of the security mechanism requires setting time limits
on the transit time of a message from sender to receiver, then any protocol or network
that introduces variable, unpredictable delays may render such time limits meaningless.

 Computer and network security is essentially a battle of wits between a perpetrator who
tries to find holes and the designer or administrator who tries to close them. The great
advantage that the attacker has is that he or she need only find a single weakness, while
the designer must find and eliminate all weaknesses to achieve perfect security.

 There is a natural tendency on the part of users and system managers to perceive little
benefit from security investment until a security failure occurs.

 Security requires regular, even constant,monitoring, and this is difficult in today’s short-
term, overloaded environment.
4
  Security is still too often an afterthought to be incorporated into a system after the design
is complete rather than being an integral part of the design process.

 Many users and even security administrators view strong security as an imped iment to
efficient and user-friendly operation of an information system or use of information.

OSI SECURITY ARCHITECTURE:

 To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the
approaches to satisfying those requirements. This is difficult enough in a centralized
data processing environment; with the use of local and wide area networks, the
problems are compounded.

The OSI security architecture focuses on security attacks, mechanisms, and services. These
can be defined briefly as

• Security attack: Any action that compromises the security of information owned by an
organization.

• Security mechanism: A process (or a device incorporating such a process) that is designed
to detect, prevent, or recover from a security attack.

• Security service: A processing or communication service that enhances the security of the
data processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security mechanisms to
provide the service.

Threat

A potential for violation of security, which exists when there is a circumstance, capability, action,
or event that could breach security and cause harm. A threat is a possible danger that might
exploit a vulnerability.

SECURITY SERVICES:

A processing service or communication service that enhances the security of the data
processing systems and the information transfers of an organization. The services are
intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service. X.800 divides these services into five categories and
fourteen specific services. That are,

1. AUTHENTICATION: Authentication is the assurance claimed by the communicating

entity to communicate. There two types of authentication that are,
i. Peer Entity Authentication: It is the assurance used in association with a
5
 logical connection to provide confidence that identity of the entities
connected.
ii. Data Origin Authentication: It is associated in a connectionless transfer, to
provide assurance for the source of received data.
2. ACCESS CONTROL: The security service prevents unauthorized use of a resource
is called access control. (i.e., this service controls who can have access to a
resource, under what conditions access can occur, and what those accessing the
resource are allowed to do)
3. DATA CONFIDENTIALITY: Data confidentiality is the service that can protect data
from unauthorized disclosure. So Confidentiality protects transmitted data from
passive attacks. With respect to the content of a data transmission, several levels of
protection can be identified. That are,
i. Connection Confidentiality: The security service that protects all user data
on a connection.
ii. Connectionless Confidentiality: The protection of all user data in a single
data block
iii. Selective-Field Confidentiality: The confidentiality of selected fields within
the user data on a connection or in a single data block.
iv. Traffic Flow Confidentiality: The protection of the information that might be
derived from observation of traffic flows.
4. DATA INTEGRITY: Data Integrity is the assurance that received data are exactly as
sent by an authorized entity. Without any modification, insertion, deletion or replay by
third party.
i. Connection Integrity with Recovery: Provides integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any
data within an entire data sequence, with recovery attempted.
ii. Connection Integrity without Recovery: As above, but provides only
detection without recovery.
iii. Selective-Field Connection Integrity: Provides integrity of selected fields
within the user data of a data block transferred over a connection and takes
the form of determination of whether the selected fields have been modified,
inserted, deleted, or replayed.
iv. Connectionless Integrity: Provides integrity of a single connectionless data
block and may take the form of detection of data modification. Additionally, a
limited form of replay detection may be provided.
v. Selective-Field Connectionless Integrity: Provides for the integrity of
selected fields within a single connectionless data block; takes the form of
determination of whether the selected fields have been modified.
5. NONREPUDIATION: Security service provides protection against denial by one of
the entities involved in a communication.
i. Nonrepudiation, Origin: Proof that the message was sent by the specified
party.

6
 ii. Nonrepudiation, Destination: Proof that the message was received by the
specified party.

SECURITY ATTACKS:

Security attacks are classified as,

Passive attacks
Active attacks

PASSIVE ATTACKS

A passive attack attempts to learn or make use of information from the system but does
not affect system resources. The goal of the opponent is to obtain information that is
being transmitted. Two types of passive attacks are,

 Release of message contents

 Traffic analysis

Release of message contents: The release of message contents is easily

understood from fig 1.2. A telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions, if the third party
learned the information is called release of message contents

Fig.1.2 Release of message contents

Traffic Analysis: The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being
exchanged but could not extract the information available in the message. The
determined information might be useful in guessing the nature of the communication that
was taking place as shown in fig.1.3 .

7
 Fig.1.3 Traffic Analysis

ACTIVE ATTACKS

Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories that are,

 Masquerade,
 Replay,
 Modification of messages
 Denial of service.

Masquerade: A masquerade takes place when one entity pretends to be a different entity as
shown in figure 1.4. Authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few privileges
to obtain extra privileges

Fig.1.4 Masquerade

Replay: involves the passive capture of a data unit and its subsequent retransmission to

8
produce an unauthorized effect as shown in figure 1.5

Fig.1.5 Replay

Modification of messages simply means that some portion of a legitimate message is altered,
or that messages are delayed or reordered, to produce an unauthorized effect as shown in
figure 1.6.

Fig.1.6 Modification of messages

Denial of Service: Prevents or inhibits the normal use or management of communications

facilities as shown in figure 1.7 This attack may have a specific target; for example, an entity
9
may suppress all messages directed to a particular destination (e.g., the security audit service).
Another form of service denial is the disruption of an entire network, either by disabling the
network or by overloading it with messages so as to degrade performance.

Fig.1.7 Denial of Service

SECURITY MECHANISM

A security mechanism is process (or a device incorporating such a process) designed

to detect, prevent, or recover from a security attack. Examples of mechanisms are
encryption algorithms, digital signatures, and authentication protocols. Security mechanisms
are divided into two categories that are,

 Specific Security Mechanisms- Security mechanisms can be implemented in a specific

protocol layer
 Pervasive Security Mechanisms- It is not specific to any particular protocol layer or
security service it can be implemented in any layer

Specific Security Mechanisms: May be incorporated into the appropriate protocol layer in
order to provide some of the OSI security services. It may be,

i. Encipherment : The use of mathematical algorithms to transform data into a form

that is not readily readable. The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
ii. Digital Signature: Data appended to, or a cryptographic transformation of, a data
unit that allows a recipient of the data unit to prove the source and integrity of the
data unit which is protected against forgery (e.g., by the recipient).
iii. Access Control: The security service prevents unauthorized use of a resource is
called access control. (i.e., this service controls who can have access to a resource,
under what conditions access can occur, and what those accessing the resource are
10
 allowed to do). A variety of mechanisms that enforce access rights to resources.
iv. Data Integrity: It is the assurance that received data are exactly as sent by an
authorized entity. Without any modification, insertion, deletion or replay by third
party.
v. Authentication Exchange: A mechanism intended to ensure the identity of an entity
by means of information exchange.
vi. Traffic Padding: The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
vii. Routing Control: Enables selection of particular physically secure routes for certain
data and allows routing changes, especially when a breach of security is suspected.
viii. Notarization: The use of a trusted third party to assure certain properties of a
data exchange.

Pervasive Security Mechanisms: Mechanisms those are not specific to any particular OSI
security service or protocol layer. It may be,

i. Trusted Functionality: That which is perceived to be correct with respect to some

criteria (e.g., as established by a security policy).
ii. Security Label: The marking bound to a resource (which may be a data unit) that
names or designates the security attributes of that resource.
iii. Event Detection: Detection of security-relevant events.
iv. Security Audit Trail: Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system records and activities.
v. Security Recovery: Deals with requests from mechanisms, such as event handling
and management functions, and takes recovery actions.

MODEL FOR NETWORK SECURITY:

A message is to be transferred from one party to another across some sort of Internet service.
The two parties, who are the principals in the transaction, must cooperate for the exchange to
take place. A logical information channel is established by defining a route through the Internet
from source to destination and by the cooperative use of communication protocols (e.g.,TCP/IP)
by the two principals. Security aspects come into play when it is necessary or desirable to
protect the information transmission from an opponent who may present a threat to
confidentiality, authenticity etc.

The techniques for providing security have two components:

 A security-related transformation on the information to be sent. Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.
 Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

11
A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.

Fig.1.8 Model for network security

Fig.1.8 shows that there are four basic tasks in designing a particular security service:

1. Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

MODEL FOR NETWORK SECURITY:

A message is to be transferred from one party to another across some sort of Internet service.
The two parties, who are the principals in the transaction, must cooperate for the exchange to
take place. A logical information channel is established by defining a route through the Internet
from source to destination and by the cooperative use of communication protocols (e.g.,TCP/IP)
by the two principals. Security aspects come into play when it is necessary or desirable to
protect the information transmission from an opponent who may present a threat to
confidentiality, authenticity etc.

The techniques for providing security have two components:

12
 A security-related transformation on the information to be sent. Examples include the
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can be
used to verify the identity of the sender.
 Some secret information shared by the two principals and, it is hoped, unknown to the
opponent. An example is an encryption key used in conjunction with the transformation to
scramble the message before transmission and unscramble it on reception.

A trusted third party may be needed to achieve secure transmission. For example, a third party
may be responsible for distributing the secret information to the two principals while keeping it
from any opponent. Or a third party may be needed to arbitrate disputes between the two
principals concerning the authenticity of a message transmission.

The general model shows that there are four basic tasks in designing a particular security
service:

 Design an algorithm for performing the security-related transformation. The algorithm

should be such that an opponent cannot defeat its purpose.
 Generate the secret information to be used with the algorithm.
 Develop methods for the distribution and sharing of the secret information.
 Specify a protocol to be used by the two principals that makes use of the security
algorithm and the secret information to achieve a particular security service.

NETWORK ACCESS SECURITY MODEL:

A general model of the other situations is illustrated in figure1.9 which reflects a concern
for protecting an information system from unwanted access. The hacker can be someone who,
with no malignintent, simply gets satisfaction from breaking and entering a computer system.
Or, the intruder can be a disgruntled employee who wishes to do damage, or a criminal who
seeks to exploit computer assets for financial gain (e.g., obtaining credit card numbers or
performing illegal money transfers).

.
Fig.1.9 Network Access Security Model

13
Another type of unwanted access is the placement in a computer system of logic that exploits
vulnerabilities in the system and that can affect application programs as well as utility programs,
such as editors and compilers. Programs can present two kinds of threats:

 Information access threats intercept or modify data on behalf of users who should not
have access to that data.
 Service threats exploit service flaws in computers to inhibit use by legitimate users.
Viruses and worms are two examples of software attacks. Such attacks can be introduced
into a system by means of a disk that contains the unwanted logic concealed in otherwise useful
software. They can also be inserted into a system across a network; this latter mechanism is of
more concern in network security.

The security mechanisms needed to cope with unwanted access fall into two broad categories.
The first category might be termed a gatekeeper function. It includes password-based login
procedures that are designed to deny access to all but authorized users and screening logic that
is designed to detect and reject worms, viruses, and other similar attacks. Once either an
unwanted user or unwanted software gains access, the second line of defense consists of a
variety of internal controls that monitor activity and analyze stored information in an attempt to
detect the presence of unwanted intruders.

SPREAD SPECTRUM TECHNOLOGIES

In some situations it is required that a communication signal be difficult to detect, and difficult
to demodulate even when detected. In other situations a signal is required that is difficult to
interfere with, or ‘jam’. The ‘spread spectrum’ signal has properties which help to achieve these
ends. Spread spectrum signals may be divided into two main groups - Direct sequence spread
spectrum (DSSS), and frequency hopping spread spectrum (FHSS).

DIRECT SEQUENCE SPREAD SPECTRUM

The direct sequence (DS) (or pseudo noise—PN) is an averaging type system where the
reduction of interference takes place because the interference can be averaged over a large
time interval. The frequency-hopping (FH) and time-hopping (TH) systems are avoidance
systems. Here, the reduction in interference occurs because the signal is made to avoid the
interference a large fraction of the time.

14
 Fig.1.10 Block diagram of DSSS Transmitter

Fig.1.10 shows the block diagram of DSSS transmitter, in which

 The information signal, b(t) [with symbol rate 1/T], is multiplied by a unique, high-rate
digital spreading code, c(t), that has many [~100] zero crossings per symbol/bit interval
 The Spreading Code, c(t), is periodic with a period of T sec. [the source symbol period]
 Bandwidth spread by code bits (called Chips) before transmission
 The transmitted signal, b(t)c(t) is wideband and has the bandwidth of the spreading code
At the transmitter (eg, a cellular Base Station), Multiple Signals are combined on to
oneradio frequency channel
 In IS-95: Only transmit rf bits when there is active speech

Fig.1.11 Block diagram of DSSS Receiver

Figure1.11 shows the block diagram of DSSS receiver, in which

 Each signal looks like “noise” to the desired received signal

 Spread Signal Multiplied Again by a Synchronized Replica of the Same Code to “De-
Spread” and Recover Original Signal [Note: c2(t) = 1, for all values of “t”]
 Signal from Multiple Users Recovered via their Unique/Different Codes
 Codes from different users are orthogonal if their time bases are aligned
15
  Cellular: Speech activity factor [~0.4] reduces interference [when codes not
synchronized] and increases capacity

FREQUENCY HOP SPREAD SPECTRUM TECHNIQUES

 One of the common methods to spread the transmission spectrum of a data signal is to
(pseudo) randomly hop the data signal over different carrier frequencies. This spreading
method is called frequency hop spread spectrum (FH-SS). Usually, the available band is
divided into non-overlapping frequency bins. The data signal occupies one and only one
bin for a duration Tc and hops to another bin afterward. When the hopping rate is faster
than the symbol rate, the FH scheme is referred to as fast hopping. Otherwise, it is
referred to as slow hopping.

 Frequency hopping entails the transmission carrier frequency hopping between available
channels within the spread-spectrum band. A narrow spectral band and an individual
carrier frequency at the center of the band define each transmitted channel. Successive
carrier frequencies are chosen in accordance with the pseudo-random phases of the
spreading code sequence.

 There are two widely used FH schemes:

(1) Fast frequency hopping where one complete, or a fraction of the data symbol, is
transmitted within the duration between carrier hops. Consequently, for a binary system,
the frequency hopping rate may exceed the data bit rate.

(2) On the other hand, in a slow frequency hopping system, more than one symbol is
transmitted in the interim time between frequency hops. Figures illustrate how the carrier
frequency hops with time. Let time duration between hops be T h and data bit duration be
denoted by Tb, then:

Th ≤ Tb for fast hopping

Th > Tb for slow hopping

16
 Fig.1.12 Slow Frequency Hop Spread Spectrum Using MFSK (M=4, k=2)

Fig.1.13 Fast Frequency Hop Spread Spectrum Using MFSK (M=4, k=2)

The basic FH modulation system, depicted in figure1.14 comprises a digital phase or frequency
shift keying modulator and a frequency synthesizer. The latter generates carrier frequencies
according to the pseudo-random phases of the spreading code sequence that is then mixed
with the data carrier to originate the FH signal.

17
 Fig.1.14 Frequency Hopping Spread Spectrum System (Transmitter)

Fig.1.15 Frequency Hopping Spread Spectrum System (Receiver)

In the basic FH receiver, shown in Figure 1.15, the received FH signal is first filtered using a
wideband band pass filter and then mixed with a replica of the FH carrier. The mixer output is
applied to the appropriate demodulator. A coherent demodulator may be used when a PSK
carrier is received. The incoming signal is multiplied by the signal from the PN generator
identical to the one at the transmitter. Resulting signal from the mixer is a binary FSK, which is
then demodulated in a "regular" way. Error correction is then applied in order to recover the
original signal. The timing synchronization is accomplished through the use of early-late gates,
which control the clock frequency.

18
CODE DIVISION MULTIPLE ACCESS

 Spread spectrum methods can be used a multiple access technique, in order to

multiplex (share) a communication resource among numerous users. The technique,
termed code division multiple access (CDMA), since each simultaneous user employ a
unique spread spectrum signaling code. One of the ‘by products’ of this type of multiple
access is the ability to provide communication privacy between users with different
spreading signals. An unauthorized user cannot easily monitor the communications of
the authorized users.

 As shown in fig.1.16 in DS-CDMA, each of N user groups is given its own code, gi(t),
where i=1,2,3,…N. The user codes are approximately orthogonal, so that the cross
correlation of two different codes is near zero. Fig1.9 shows a DS/CDMA. The first block
shows the data modulation of a carrier A Cos ω ct. The output of the data modulator
belonging to a user from group 1 is A1 Cos (ωct+ø1)

Fig.1.16 DS/CDMA

 The next block, the data modulated signal is multiplied by the spreading signal belonging
to user group 1, and the resulting signal is transmitted over the channel. Simultaneously,
users from group 2 through N multiply their signals by their own code functions.
Frequently, each ode function is kept secret, and its use is restricted to the community of
authorized users. The signal present at the receiver is the linear combination of the
received signals from N users. The first stage of the receiver multiples the incoming
signals by g1(t) [for user 1]. The output of the multiplier will yield the signal,

g12s1(t)+g1(t)g2(t)s2(t)+ g1(t)g3(t)s3(t)+….+ g1(t)gN(t)s2(t)

 If the code functions are g1(t) chosen with orthogonal properties, the desired signals

can be extracted perfectly in the absence of noise. since and the

19
 undesired signals are easily rejected, since

RAKE RECEIVER

 In CDMA spread spectrum systems, CDMA spreading codes are designed to provide
very low correlation between successive chips, propagation delay spread in the radio
channel provides multiple version of the transmitted signal at the receiver. Delaying
multipath components by more than chip duration will appear like uncorrelated noise at a
CDMA receiver. CDMA receiver may combine the time delayed versions of the original
signal to improve the signal to noise ratio at the receiver. RAKE receiver collects the
time shifted versions of the original signal by providing a separate correlation receiver for
M strongest multipath components. Outputs of each correlator are weighted to provide a
better estimate of the transmitted signal than provided by a single component.
Demodulation and bit decisions are based on the weighted output of the correlators.
Schematic of a RAKE receiver is shown in figure 1.17

Fig.1.17 Block Diagram of RAKE Receiver

20