Title: 2' Conventional networks 2'3 Cellular networks
12. Conventional networks2.3 Cellular networks
- Overview
- Network capacity
- Security the Lin-Harn protocol
- Billing
2The Public Switched Telephone Network (reminder)
Transit switch
Transit switch
Transit switch
Long distance network
Local switch
Local switch
Incoming call
Outgoing call
- Transfer mode circuit switching - all the
network (except part of the access network) is
digital - each voice channel is usually 64kb/s
3Trunk Dimensioning in the Telephone Network
(reminder)
Trunk with N channels each channel carries a
traffic of
Virtually infinite sources
B blocking probability ()
A offered traffic
Erlang formula
Output utilization
- Assumptions
- Loss system calls are dropped if they cannot be
immediately accepted - The sources are independent from each other
- The time between call arrivals is drawn from an
exponential distribution
() the blocking probability is defined as the
probability of an incoming call to be
rejected, because all N channels are already
occupied.
4Principle of the basic call (reminder)
Calling terminal
Called terminal
Network
Off-hook
Resource allocation
Dial tone
Dialing
Translation routing
Alert signal
Ring indication
Off hook
Remove ring indication
Bi-directional channel
Conversation
On hook
On hook signal
Billing
5Basic architecture of a cellular network
Server(e.g., Home LocationRegister)
External Network
Mobilestation
Basestation
Mobileswitchingcenter
Cellular network
6Registration
Tuning on the strongest signal
7Service Request
079/4154678 079/8132627
079/4154678 079/8132627
8Paging broadcast
079/8132627?
079/8132627?
079/8132627?
079/8132627?
Note paging makes sense only over a small area
9Response
079/8132627
079/8132627
10Channel Assignment
Channel 47
Channel 47
Channel 68
Channel 68
11Conversation
12Handover (or Handoff)
13Message Sequence Chart
Base Station
Base Station
Switch
Caller
Callee
Periodic registration
Service request
Service request
Page request
Page request
Paging broadcast
Paging broadcast
Assign Ch. 47
Tune to Ch.47
Alert tone
Ring indication
Ring indication
14Peculiarities of Personal Communication Systems
(PCS)
- Mobility
- User location gt periodic registration and/or
paging - Moving form a cell to another gt handoff
procedures - Moving from one network to another gt roaming
- Ether
- Multiple users per cell gt access technology
(FDMA, TDMA, CDMA) - Channel impairments gt coding, error
detection, retransmission, forward error
correction - Bandwidth gt channel reuse, signal compression,
efficient modulation and coding - Privacy and security gt encryption
- Energy
- Limited autonomy gt power control, discontinuous
transmission
15Services offered by current PCS
- Telephony services (including voice mail, call
transfer,) - Short message services
- Voiceband data and fax
- Packet switched data (e.g., GSM/GPRS, CDPD)
- Closed user groups
- Telemetry
16Relevant service features (user perspective)
- Terminal characteristics (weight, size,
robustness, price) - Battery life / autonomy
- Modes of operation of the terminal (as a cellular
phone, a cordless phone, with a satellite,) - Service price
- Range of services
- Coverage area (of the home network roaming
agreements) - User environment while roaming
- User interface ease of use, programmability
- Call blocking (service denial)
- Call dropping
- Setup time
- Transmission quality (error rate, signal to
distortion ratio, delay) - Maximum speed of the terminal
- Authentication technique
- Privacy
- Confidentiality
- Secure billing
- Radiated power
17Operator perspective
- Spectrum efficiency
- Cell radius
- Infrastructure cost
- Deployment timing and adaptability
- Roaming agreements
- Resistance to fraud
- Non repudiability of bills
-
18Air interface
Messages
Structure, content
Packet structure, error detection/retransmission T
opology one to one one to many (e.g., synch
signals) many to one (e.g., service request)
Packets
Multiple access (e.g., CDMA, TDMA, FDMA) Duplex
(e.g., Frequency Division Duplex -
FDD) Modulation, source coding, channel
coding, interleaving, diversity reception,
channel equalization
Bits
Terminal
Base Station
19User Tracking Geographic-based Strategy
Location area 1 (ID 1)
Location area 2 (ID 2)
5. Inform the HLR of the new LA ID of the
end user
1. Change LA
2. Receive the ID of the LA 3. Compare with
stored ID 4. If different, update and ask for
registration
- All base stations within the same LA
periodically broadcast the ID of the LA - Each user compares its last LA ID with the
current ID, and transmits a registration message
whenever the ID is different - When there is an incoming call directed to a
user, all the cells within its current LA are
paged
20Cellular networks
- The area to be covered is tesselated in a
(usually large) number of cells - There is usually one antenna per cell
- A mobile communicates with one (or sometimes
two) antennas - Antennas are controlled by Mobile Switching
Centers (MSC) - Cells are usually represented by hexagons,
although the real shape can be quite variable - In all systems, cells interfere with each
other - To increase the capacity of the network, the
usual technique consists in increasing the
number of cells
21Frequency reuse
- Cells with the same name use the same set of
frequencies - In this example, the cluster size N 7
- In order to tesselate, the geometry of
hexagons is such that N can only have values
which satisfy N i2 ij j2 with i 1, 2,
and j 1, 2, - Channel assignment strategies
- fixed each cell is allocated a predetermined
set of voice channels - dynamic each time a call request is made, the
serving base station requests a channel from
the MSC
22Handover principle
Receivedsignallevel
Level at point B
Level at which handover is made(call properly
transferred to BS2)
time
B
A
BS1
BS2
23Decibels (reminder)
24Handover strategies
- The handover power level must be carefully
chosen - If too small risk of superfluous handovers
- If too high risk of losing the call due to weak
signal conditions - Dwell time time during which a call is
maintained in the same cell (hence without
handover) - Mobile Assisted Handover (MAHO) every mobile
measures the power from surrounding base stations
and report these measurements to the serving base
station. A handover is initiated if the power of
the signal received from another station exceeds
the one of the serving one by a certain threshold
for a certain amount of time. - Inter-system handover when changing network
- Prioritising handovers over new calls 2 methods
- Guard channels (spare channels in each cell)
- Queuing of handover requests
- Coping with stations moving at very different
speeds (e.g., cars vs pedestrians) umbrella
cells - Typical values for GSM handover threshold
between 0 and 6 dB, execution time of around 1 to
2 seconds - Soft handover in the case of CDMA
25Interference and system capacity
- Possible sources of interference
- Another mobile in the same cell
- A call in progress in a neighboring cell
- Other base stations operating in the same
frequency band - Any noncellular system which inadvertently leaks
energy into the frequency band - Consequences of interferences
- On data channel crosstalk (voice), erroneous
data (data transmission) - On control channel missed calls, dropped calls
- 2 major types of system-generated interference
- Co-channel interference (same frequency), see
hereafter - Adjacent channel interference (adjacent frequency)
26Co-channel interference (1/4)
27Co-channel interference (2/4)
28Co-channel interference (3/4)
DR
D
DR
R
A
D-R
D
D-R
First tier of co-channel cells for a cluster size
of N7 Note the marked distances are
approximations
29Co-channel interference (4/4)
30Capacity of cellular networks (1/2)
31Capacity of cellular networks (2/2)
- Techniques to improve capacity
- Cell splitting
- Sectoring
32Capacity of cellular CDMA
- The capacity of CDMA is interference limited,
while it is bandwidth limited in TDMA and FDMA. - Techniques to reduce interference
- Multisectorized antennas
- Discontinuous transmission mode (takes advantage
of the intermittent nature of speech) duty
factor typically between 3/8 and ½. - Power control for a single cell, all uplink
signals should be received approximately with the
same power at the base station
33Capacity of cellular CDMA single cell case (1/2)
34Capacity of cellular CDMA single cell case (2/2)
35Capacity of cellular CDMA multiple cells case
(1/3)
B6
B5
B1
B0
B2
B4
B3
36Capacity of cellular CDMA multiple cells case
(2/3)
Concentric circular geometry
M1 number of wedge-shaped cells of the
firstsurrounding layer of cells A1 area of
the firstsurrounding layer A1 M1 A To let
all cells have thesame size A, we must have M1
8q1 450 By recursion, for the ith layer Ai
i8A qi p/4i
Adjacent cell
q1
3R
2Rd0
2R-d0
R
d0
Considered cell
2d0
Firstsurroundinglayer
37Capacity of cellular CDMA multiple cells case
(3/3)
3R
2Rd0
2R-d0
R
d0
d
q
d
Innersublayer
Outersublayer
38Roaming principle
Roaming agreement
User
39Roaming architecture
PSTN Data Network
Home Location Register
Visiting Location Register
Service logic
Service logic
Home Network
Visited Network
Base Station
Base Station
40Security of cellular networks
- Unauthorized access to data
- Threats to integrity
- Denial of service
- Repudiation
- Unauthorized access to services
- Eavesdropping, traffic analysis
- Maskerade as
- - Mobile station (e.g. for fraudulent usage)
- - Base station
- Denial of service
Mobile station
Base station/
Home network
Foreign network
- Misuse of a stolen terminal
- Tamper with the crypto information
- (e.g., cloning)
- Repudiation of service usage
- Unveiling crypto information of the user
- Unveiling identity/location of the user
41The Lin Harn protocol
- Purpose provide security in case of roaming
mobile users - Protect the mobile user, the visited network and
the home network - In particular
- Protect the identity of the mobile user
- Avoid unveiling cryptographic material to the
visited network, which it could use (or an
attacker could use) against the will of the
mobile user.
42The Lin Harn protocol requirements
- Security requirements
- Caller ID confidentiality the identity of the
user should be hidden, including to the visited
network - Non-repudiation of service (e.g., the mobile user
should not be able to deny the usage of service) - Shared secret key between the mobile and the
visited network, renewed for each session - Implementation requirements
- Limited computing power of the mobile station ?
time-consuming public key cryptographic
techniques should be avoided - Validation delay ? the number of interactions
between the mobile station, the visited network
and the home network should be limited
43The Lin Harn protocol mobile station registration
Base station B (visited network)
Home Network H
Mobile M
Initial shared key KMH
Allocate a temporary identity Mt to M
44Computation of the parameters
KMH
EKMH(NB)
r1
r2
rm
c2
h3
c1
h3
cm
h3
NM
h1
h2
h1
h2
h1
h2
h1
h2
k0
k1
k2
km
h1, h2 one-way keyed hash function h3
one-way hash function ci session key of
the ith session
45The Lin Harn Protocol Mobile Station Origination
Protocol
Base station B (visited network)
Mobile M
- Check that h3(ri)ci
- Set the session key to ci
- Compute ki h2(ki-1, ri)
- Check that h3(ri)ci
- Set the session key to ci
This protocol is activated for each call request
made by the mobile
46The Lin Harn Protocol analysis
- Security
- The subscriber can prove itself by presenting the
ris to the visited network knowing the checking
values cis, the visited network can verify the
legitimacy of the subscriber - The identity of the mobile user is protected
- Security parameters of the mobile user (stored at
the visited network) are protected - Non-repudiation by demonstrating the possession
of the ris, the visited network can prove that
the service has been used - Performance
- Small number of exchanged messages
- The computational effort on the mobile side can
be limited e.g., encryption with the public keys
PKH and PKB can be based on the low-exponent of
the RSA algorithm 3.
47Billing in mobile networks Example Scenario
1. Technical view
Information server
Backbone network
2. Business view
48Business model
gt 1 B potential users
Privacy? Authentication? Payment and
billing? User customization? National
regulations? Disputes (bankrupts, order or usage
repudiations,)?
1 M connectivity and information service provide
rs
49The customer care
Cellular network operators
Customer care agency
Long distance network operators
Satellite network operators
Information service providers
User
50Requirements
Customer care agency
R7 Future-proofmechanism
R6 accurate and non repudiable bill
R3 Agreement on tariff at session setup
R1 Free choice of the customer care agency
R4 Very small amounts supported
R5 Continuous information about cost
User
R2 Protection of users privacy (anonymity)
Service provider
51Facts and problems
- Facts
- growing number of mobile users (gt 1 billion in
the near future) - growing number of service providers ( millions
in the near future) - basic communication services (connectivity)
- value-added services (information services)
- Problems
- lack of trust
- service providers do not trust users
- illegitimate service usage (fraud)
- denial of service usage
- users do not trust service providers
- leaking of information related to service usage
(monitoring of users activity) - incorrect charging
- scalability
- on-line cross-domain authentication
52Customer Care Agency Vs Service Provider
53Operating principle
2. generate ticket
Customer care agency
54Initial situation
Customer care agency (A)
Knows PKS
Long-term key KUA
Business agreement
Knows PKA
User (U)
Service provider (S)
55Ticket acquisition
Customer care agency
User
Service provider
56Ticket usage (setup)
Customer care agency
Service provider
User
57Ticket Usage (service provision)
Customer care agency
d price of the first piece of service
(expressed in ticks)
Service provider
User
d
cn-d g(n-d)(c0)
cn-d
g(d)(cn-d) cn ?
58Clearance and billing
Customer care agency
Check consistency With Ticket T
Bill (after aggregation)
Payment (after aggregation)
Service provider
User
59Trust and scalability
- Trust
- access to services is based on anonymous tickets
- the customer care agency can link tickets to real
identities - the service provider is always authenticated
- potential loss due to incorrect charging or to
denial of payment is very low (ticket slicing) - Scalability
- no on-line cross-domain authentication
- interaction with the customer care agency is
removed from the critical path (off-line)
60Further advantages
- Separation of roles
- the customer care role is factored out from
service providers - Gradual deployment
- at the beginning, the customer care role can be
played by service providers - later, other organizations (e.g., credit card
organizations) are expected to play the customer
care role - Efficiency
- expensive operations are off-line
- mobile users have a stationary agent in the fixed
network - Flexibility
- very short term relationships between users and
service providers
61Some (unavoidable?) disadvantages
- Centralized solution
- the customer care agency can be a bottleneck and
single point of failure it is therefore an ideal
target to attack - Complex (cryptographic) protocols
- Infrastructure
- customer care agencies
- Commonly deployed mechanisms
- standardized protocols for tickets
62Conclusion on billing
- Problem
- lack of trust, scalability problems in future
mobile networks - Solution
- new business role customer care agency
- ticket based access to services
- Features
- solves the trust and scalability problems
- clear separation of roles
- gradual deployment
- efficiency and flexibility
- requires complex, standardized protocols and
infrastructure - centralized solution
63General conclusion on cellular networks
- Huge technical problem
- Physical layer barely considered in this course
- We have addressed network capacity, security and
billing - System aspects not covered in this chapter
- MAC layer
- traffic analysis
- network dimensioning
64References
- About cellular networks in general
- S. Tabbane Handbook of mobile radio
networksArtech House, 2000 - About the capacity of cellular networks
- T. Rappaport Wireless Communications, 2nd
edition, Prentice Hall, 2001 - About security in cellular networks
- H. Lin, L. Harn Authentication protocols for
personal communication systems. SIGCOMM95 - About billing
- L. Buttyan and JP Hubaux Accountable Anonymous
Service Usage in Mobile Communication Systems.
Workshop for Electronic Commerce (WELCOM), Oct.
1999 (available at lcawww.epfl.ch) - M. Peirce and D. OMahony Flexible Real-Time
Payment Methods for Mobile Communications. IEEE
Personal Communications, Dec. 1999