2' Conventional networks 2'3 Cellular networks

1
2. Conventional networks2.3 Cellular networks

• Overview
• Network capacity
• Security the Lin-Harn protocol
• Billing

• Prof. JP Hubaux

2
The Public Switched Telephone Network (reminder)
Transit switch
Transit switch
Transit switch
Long distance network
Local switch
Local switch
Incoming call
Outgoing call
- Transfer mode circuit switching - all the
network (except part of the access network) is
digital - each voice channel is usually 64kb/s
3
Trunk Dimensioning in the Telephone Network
(reminder)
Trunk with N channels each channel carries a
traffic of
Virtually infinite sources
B blocking probability ()
A offered traffic
Erlang formula
Output utilization

• Assumptions
• Loss system calls are dropped if they cannot be
  immediately accepted
• The sources are independent from each other
• The time between call arrivals is drawn from an
  exponential distribution

() the blocking probability is defined as the
probability of an incoming call to be
rejected, because all N channels are already
occupied.
4
Principle of the basic call (reminder)
Calling terminal
Called terminal
Network
Off-hook
Resource allocation
Dial tone
Dialing
Translation routing
Alert signal
Ring indication
Off hook
Remove ring indication
Bi-directional channel
Conversation
On hook
On hook signal
Billing
5
Basic architecture of a cellular network
Server(e.g., Home LocationRegister)
External Network
Mobilestation
Basestation
Mobileswitchingcenter
Cellular network
6
Registration
Tuning on the strongest signal
7
Service Request
079/4154678 079/8132627
079/4154678 079/8132627
8
Paging broadcast
079/8132627?
079/8132627?
079/8132627?
079/8132627?
Note paging makes sense only over a small area
9
Response
079/8132627
079/8132627
10
Channel Assignment
Channel 47
Channel 47
Channel 68
Channel 68
11
Conversation
12
Handover (or Handoff)
13
Message Sequence Chart
Base Station
Base Station
Switch
Caller
Callee
Periodic registration
Service request
Service request
Page request
Page request
Paging broadcast
Paging broadcast
Assign Ch. 47
Tune to Ch.47
Alert tone
Ring indication
Ring indication
14
Peculiarities of Personal Communication Systems
(PCS)

• Mobility
• User location gt periodic registration and/or
  paging
• Moving form a cell to another gt handoff
  procedures
• Moving from one network to another gt roaming
• Ether
• Multiple users per cell gt access technology
  (FDMA, TDMA, CDMA)
• Channel impairments gt coding, error
  detection, retransmission, forward error
  correction
• Bandwidth gt channel reuse, signal compression,
  efficient modulation and coding
• Privacy and security gt encryption
• Energy
• Limited autonomy gt power control, discontinuous
  transmission

15
Services offered by current PCS

• Telephony services (including voice mail, call
  transfer,)
• Short message services
• Voiceband data and fax
• Packet switched data (e.g., GSM/GPRS, CDPD)
• Closed user groups
• Telemetry

16
Relevant service features (user perspective)

• Terminal characteristics (weight, size,
  robustness, price)
• Battery life / autonomy
• Modes of operation of the terminal (as a cellular
  phone, a cordless phone, with a satellite,)
• Service price
• Range of services
• Coverage area (of the home network roaming
  agreements)
• User environment while roaming
• User interface ease of use, programmability
• Call blocking (service denial)
• Call dropping
• Setup time
• Transmission quality (error rate, signal to
  distortion ratio, delay)
• Maximum speed of the terminal
• Authentication technique
• Privacy
• Confidentiality
• Secure billing
• Radiated power

17
Operator perspective

• Spectrum efficiency
• Cell radius
• Infrastructure cost
• Deployment timing and adaptability
• Roaming agreements
• Resistance to fraud
• Non repudiability of bills

18
Air interface
Messages
Structure, content
Packet structure, error detection/retransmission T
opology one to one one to many (e.g., synch
signals) many to one (e.g., service request)
Packets
Multiple access (e.g., CDMA, TDMA, FDMA) Duplex
(e.g., Frequency Division Duplex -
FDD) Modulation, source coding, channel
coding, interleaving, diversity reception,
channel equalization
Bits
Terminal
Base Station
19
User Tracking Geographic-based Strategy
Location area 1 (ID 1)
Location area 2 (ID 2)
5. Inform the HLR of the new LA ID of the
end user
1. Change LA
2. Receive the ID of the LA 3. Compare with
stored ID 4. If different, update and ask for
registration

• All base stations within the same LA
  periodically broadcast the ID of the LA
• Each user compares its last LA ID with the
  current ID, and transmits a registration message
  whenever the ID is different
• When there is an incoming call directed to a
  user, all the cells within its current LA are
  paged

20
Cellular networks

• The area to be covered is tesselated in a
  (usually large) number of cells
• There is usually one antenna per cell
• A mobile communicates with one (or sometimes
  two) antennas
• Antennas are controlled by Mobile Switching
  Centers (MSC)
• Cells are usually represented by hexagons,
  although the real shape can be quite variable
• In all systems, cells interfere with each
  other
• To increase the capacity of the network, the
  usual technique consists in increasing the
  number of cells

21
Frequency reuse

• Cells with the same name use the same set of
  frequencies
• In this example, the cluster size N 7
• In order to tesselate, the geometry of
  hexagons is such that N can only have values
  which satisfy N i2 ij j2 with i 1, 2,
  and j 1, 2,
• Channel assignment strategies
• fixed each cell is allocated a predetermined
  set of voice channels
• dynamic each time a call request is made, the
  serving base station requests a channel from
  the MSC

22
Handover principle
Receivedsignallevel
Level at point B
Level at which handover is made(call properly
transferred to BS2)
time
B
A
BS1
BS2
23
Decibels (reminder)
24
Handover strategies

• The handover power level must be carefully
  chosen
• If too small risk of superfluous handovers
• If too high risk of losing the call due to weak
  signal conditions
• Dwell time time during which a call is
  maintained in the same cell (hence without
  handover)
• Mobile Assisted Handover (MAHO) every mobile
  measures the power from surrounding base stations
  and report these measurements to the serving base
  station. A handover is initiated if the power of
  the signal received from another station exceeds
  the one of the serving one by a certain threshold
  for a certain amount of time.
• Inter-system handover when changing network
• Prioritising handovers over new calls 2 methods
• Guard channels (spare channels in each cell)
• Queuing of handover requests
• Coping with stations moving at very different
  speeds (e.g., cars vs pedestrians) umbrella
  cells
• Typical values for GSM handover threshold
  between 0 and 6 dB, execution time of around 1 to
  2 seconds
• Soft handover in the case of CDMA

25
Interference and system capacity

• Possible sources of interference
• Another mobile in the same cell
• A call in progress in a neighboring cell
• Other base stations operating in the same
  frequency band
• Any noncellular system which inadvertently leaks
  energy into the frequency band
• Consequences of interferences
• On data channel crosstalk (voice), erroneous
  data (data transmission)
• On control channel missed calls, dropped calls
• 2 major types of system-generated interference
• Co-channel interference (same frequency), see
  hereafter
• Adjacent channel interference (adjacent frequency)

26
Co-channel interference (1/4)
27
Co-channel interference (2/4)
28
Co-channel interference (3/4)
DR
D
DR
R
A
D-R
D
D-R
First tier of co-channel cells for a cluster size
of N7 Note the marked distances are
approximations
29
Co-channel interference (4/4)
30
Capacity of cellular networks (1/2)
31
Capacity of cellular networks (2/2)

• Techniques to improve capacity
• Cell splitting
• Sectoring

32
Capacity of cellular CDMA

• The capacity of CDMA is interference limited,
  while it is bandwidth limited in TDMA and FDMA.
• Techniques to reduce interference
• Multisectorized antennas
• Discontinuous transmission mode (takes advantage
  of the intermittent nature of speech) duty
  factor typically between 3/8 and ½.
• Power control for a single cell, all uplink
  signals should be received approximately with the
  same power at the base station

33
Capacity of cellular CDMA single cell case (1/2)
34
Capacity of cellular CDMA single cell case (2/2)
35
Capacity of cellular CDMA multiple cells case
(1/3)
B6
B5
B1
B0
B2
B4
B3
36
Capacity of cellular CDMA multiple cells case
(2/3)
Concentric circular geometry
M1 number of wedge-shaped cells of the
firstsurrounding layer of cells A1 area of
the firstsurrounding layer A1 M1 A To let
all cells have thesame size A, we must have M1
8q1 450 By recursion, for the ith layer Ai
i8A qi p/4i
Adjacent cell
q1
3R
2Rd0
2R-d0
R
d0
Considered cell
2d0
Firstsurroundinglayer
37
Capacity of cellular CDMA multiple cells case
(3/3)
3R
2Rd0
2R-d0
R
d0
d
q
d
Innersublayer
Outersublayer
38
Roaming principle
Roaming agreement
User
39
Roaming architecture
PSTN Data Network
Home Location Register
Visiting Location Register
Service logic
Service logic
Home Network
Visited Network
Base Station
Base Station
40
Security of cellular networks

• Unauthorized access to data
• Threats to integrity
• Denial of service
• Repudiation
• Unauthorized access to services

• Eavesdropping, traffic analysis
• Maskerade as
• - Mobile station (e.g. for fraudulent usage)
• - Base station
• Denial of service

Mobile station
Base station/
Home network
Foreign network

• Misuse of a stolen terminal
• Tamper with the crypto information
• (e.g., cloning)
• Repudiation of service usage

• Unveiling crypto information of the user
• Unveiling identity/location of the user

41
The Lin Harn protocol

• Purpose provide security in case of roaming
  mobile users
• Protect the mobile user, the visited network and
  the home network
• In particular
• Protect the identity of the mobile user
• Avoid unveiling cryptographic material to the
  visited network, which it could use (or an
  attacker could use) against the will of the
  mobile user.

42
The Lin Harn protocol requirements

• Security requirements
• Caller ID confidentiality the identity of the
  user should be hidden, including to the visited
  network
• Non-repudiation of service (e.g., the mobile user
  should not be able to deny the usage of service)
• Shared secret key between the mobile and the
  visited network, renewed for each session
• Implementation requirements
• Limited computing power of the mobile station ?
  time-consuming public key cryptographic
  techniques should be avoided
• Validation delay ? the number of interactions
  between the mobile station, the visited network
  and the home network should be limited

43
The Lin Harn protocol mobile station registration
Base station B (visited network)
Home Network H
Mobile M
Initial shared key KMH
Allocate a temporary identity Mt to M
44
Computation of the parameters
KMH
EKMH(NB)
r1
r2
rm
c2
h3
c1
h3
cm
h3
NM
h1
h2
h1
h2
h1
h2
h1
h2
k0
k1
k2
km
h1, h2 one-way keyed hash function h3
one-way hash function ci session key of
the ith session
45
The Lin Harn Protocol Mobile Station Origination
Protocol
Base station B (visited network)
Mobile M

• Compute ri h1(KMH, ki-1)

• Check that h3(ri)ci
• Set the session key to ci
• Compute ki h2(ki-1, ri)

• Check that h3(ri)ci
• Set the session key to ci

This protocol is activated for each call request
made by the mobile
46
The Lin Harn Protocol analysis

• Security
• The subscriber can prove itself by presenting the
  ris to the visited network knowing the checking
  values cis, the visited network can verify the
  legitimacy of the subscriber
• The identity of the mobile user is protected
• Security parameters of the mobile user (stored at
  the visited network) are protected
• Non-repudiation by demonstrating the possession
  of the ris, the visited network can prove that
  the service has been used
• Performance
• Small number of exchanged messages
• The computational effort on the mobile side can
  be limited e.g., encryption with the public keys
  PKH and PKB can be based on the low-exponent of
  the RSA algorithm 3.

47
Billing in mobile networks Example Scenario
1. Technical view
Information server
Backbone network
2. Business view
48
Business model
gt 1 B potential users
Privacy? Authentication? Payment and
billing? User customization? National
regulations? Disputes (bankrupts, order or usage
repudiations,)?
1 M connectivity and information service provide
rs
49
The customer care
Cellular network operators
Customer care agency
Long distance network operators
Satellite network operators
Information service providers
User
50
Requirements
Customer care agency
R7 Future-proofmechanism
R6 accurate and non repudiable bill
R3 Agreement on tariff at session setup
R1 Free choice of the customer care agency
R4 Very small amounts supported
R5 Continuous information about cost
User
R2 Protection of users privacy (anonymity)
Service provider
51
Facts and problems

• Facts
• growing number of mobile users (gt 1 billion in
  the near future)
• growing number of service providers ( millions
  in the near future)
• basic communication services (connectivity)
• value-added services (information services)
• Problems
• lack of trust
• service providers do not trust users
• illegitimate service usage (fraud)
• denial of service usage
• users do not trust service providers
• leaking of information related to service usage
  (monitoring of users activity)
• incorrect charging
• scalability
• on-line cross-domain authentication

52
Customer Care Agency Vs Service Provider
53
Operating principle
2. generate ticket
Customer care agency
54
Initial situation
Customer care agency (A)
Knows PKS
Long-term key KUA
Business agreement
Knows PKA
User (U)
Service provider (S)
55
Ticket acquisition
Customer care agency
User
Service provider
56
Ticket usage (setup)
Customer care agency
Service provider
User
57
Ticket Usage (service provision)
Customer care agency
d price of the first piece of service
(expressed in ticks)
Service provider
User
d
cn-d g(n-d)(c0)
cn-d
g(d)(cn-d) cn ?
58
Clearance and billing
Customer care agency
Check consistency With Ticket T
Bill (after aggregation)
Payment (after aggregation)
Service provider
User
59
Trust and scalability

• Trust
• access to services is based on anonymous tickets
• the customer care agency can link tickets to real
  identities
• the service provider is always authenticated
• potential loss due to incorrect charging or to
  denial of payment is very low (ticket slicing)
• Scalability
• no on-line cross-domain authentication
• interaction with the customer care agency is
  removed from the critical path (off-line)

60
Further advantages

• Separation of roles
• the customer care role is factored out from
  service providers
• Gradual deployment
• at the beginning, the customer care role can be
  played by service providers
• later, other organizations (e.g., credit card
  organizations) are expected to play the customer
  care role
• Efficiency
• expensive operations are off-line
• mobile users have a stationary agent in the fixed
  network
• Flexibility
• very short term relationships between users and
  service providers

61
Some (unavoidable?) disadvantages

• Centralized solution
• the customer care agency can be a bottleneck and
  single point of failure it is therefore an ideal
  target to attack
• Complex (cryptographic) protocols
• Infrastructure
• customer care agencies
• Commonly deployed mechanisms
• standardized protocols for tickets

62
Conclusion on billing

• Problem
• lack of trust, scalability problems in future
  mobile networks
• Solution
• new business role customer care agency
• ticket based access to services
• Features
• solves the trust and scalability problems
• clear separation of roles
• gradual deployment
• efficiency and flexibility
• requires complex, standardized protocols and
  infrastructure
• centralized solution

63
General conclusion on cellular networks

• Huge technical problem
• Physical layer barely considered in this course
• We have addressed network capacity, security and
  billing
• System aspects not covered in this chapter
• MAC layer
• traffic analysis
• network dimensioning

64
References

• About cellular networks in general
• S. Tabbane Handbook of mobile radio
  networksArtech House, 2000
• About the capacity of cellular networks
• T. Rappaport Wireless Communications, 2nd
  edition, Prentice Hall, 2001
• About security in cellular networks
• H. Lin, L. Harn Authentication protocols for
  personal communication systems. SIGCOMM95
• About billing
• L. Buttyan and JP Hubaux Accountable Anonymous
  Service Usage in Mobile Communication Systems.
  Workshop for Electronic Commerce (WELCOM), Oct.
  1999 (available at lcawww.epfl.ch)
• M. Peirce and D. OMahony Flexible Real-Time
  Payment Methods for Mobile Communications. IEEE
  Personal Communications, Dec. 1999