Month: July 2013

New York Metro Wireless Coverage – First Stations Connected At Last

Ny-wirelessNext to the London tube, New York's underground transportation system is one of the few places I have noticed over the years that still lack wireless coverage on a broad scale. It looks like things are changing though as I was positively surprised to have coverage in one of New York's metro stations recently. Have a look at the picture on the left to see how the antennas look like. I had to smile a bit because the cables and antennas are significantly bigger than those in the Paris metro for example. Also one antenna in the Paris metro suffices for four networks while New York needs three. But then, everything seems to be a bit bigger in the US.

Anyway, I did a bit of background research to see how far the project has come so far. Looks like there are currently 36 stations covered but there is no talk of the tunnels in between the stations. For details see here. Better than nothing but that's lacking a bit of ambition. I am sure some will point to the fact that the New York metro is old and tunnels are narrow. That hasn't stopped in-tunnel coverage in Paris though where similar conditions can be found.

The article linked above has some interesting details concerning who pays for the deployment and how much it costs. It looks like a separate company called Transit Wireless was established to bundle all technical and financial matters:

Transit Wireless and the carriers are paying 100 percent of the cost of
the project, estimated at up to $200 million [MS: for around 280 stations], including the cost of NYC
Transit forces that provide flagging, protection and other support
services. The MTA and Transit Wireless evenly split the revenues from
occupancy fees paid by the wireless carriers and other sub-licensees of
the network. Transit Wireless is paying MTA a minimum annual
compensation that will grow to $3.3 million once the full build out of
the network is complete.

When dividing the $200 million by 280 base stations and potentially 4 network operators (leaving the Wi-Fi coverage that is also part of the project out of the equation for the moment) the cost of covering one station is about $180k per network operator. I can imagine that this is more than the costs of setting up a base station site above ground but it still seems to be a reasonable sum to me, especially when compared to the tens of thousands of people that pass through a station daily that generate traffic and revenue.

The post above then also describes some technical details of how coverage is distributed to the underground stations:

Wireless carriers […] co-locate their Base Stations with Transit Wireless’ Optical distribution equipment at a Transit Wireless Base Station Hotel, which is a resilient, fault-tolerant commercial facility with redundant air-conditioning and power.

[…] These Base Stations connect to Transit Wireless’ Radio Interface and Optical Distribution System in the Base Station Hotel. Radio signals are combined, converted to optical signals and distributed on Transit Wireless’ fiber optic cable through ducts under city streets to subway stations where the optical cables connect to multi-band Remote Fiber Nodes.

Remote Fiber Nodes are located on every platform, mezzanine and at various points within public access passageways. Coaxial cable is connected to each Remote Fiber Node and extends signals to strategically located antennas throughout each subway station. Utilizing this approach, low-level radio signals are evenly distributed providing seamless coverage from above ground to underground stations.

According to the article, the deployment includes free Wi-Fi as well which is good news for international travelers that are reluctant to use cellular data services due to high roaming charges.

Raising the Shields – Part 3: PRISM Break

It's quite obvious that privacy and anonymity doesn't come built into most computing and online products today. I hope my 'Raising the Shields' posts are giving you some ideas and background information what is possible and what you might want to use yourself both while mobile and at home.

While doing some research I came across an interesting site called 'PRISM Break – Opt out of PRISM, the NSA's global data surveillance program'. Lots of great links there to programs that protect your privacy online in areas such as web browsing, email, search (ever head of Duck Duck go!?), maps, instant messaging, voice and video calling, cloud storage, etc. etc. etc.

I immediately found half a dozen tools I haven't come across so far and that I definitely want to try out in the weeks to come. So head over and have a closer look!

Learning How Computers Work vs. How To Work With Computers

Nostalgia post – part 2. During the revival of my electronic kits use from my teenage years about which I blogged previously I stumbled over a 30 year old computer advertisement conveniently put on the back of one of the instruction manuals. No, we are not talking about computers as we know them today. No, this was an advertisement for a 4-bit (!) experimental computer, the Busch electronic 2090 microcomputer.

Based on a TMS-1600 processor and designed less than a decade after Intel produced their first microprocessor (the 4004) it would have been a dream for that 13 year old boy. Unbelievable nowadays when kids use "real" computers today before they even go to school. So that was my object of desire and today it feels like I would have willingly forgone 5 years of pocket money to get one. But I never got one, partly due to me not having the money to buy one myself and partly because I guess my parents had no idea why in the world they should spend money on this. Different times. Out of interest I did a bit of research of how much that Busch 2090 cost in the mid 1980's. I didn't find anything on the net at first but then I remembered that I have a few computer magazines from the 1980's in my cabinet that might contain an advertisement. And indeed I found an advertisement in the first C't magazine ever published in December 1983 from the manufacturer where the price was given as 299 DM (Deutsche Mark). With inflation and salary increases included I estimate that the price would be equivalent to what 300 Euros are worth in 2013. The magazine is available as a PDF from the publisher here. Have a look at page 26.

As can be seen in the only video on Youtube that shows the device, there's no keyboard as we know it, no screen, just a hex-input block and a 6 digit 7-segment display, 4k ROM and around half a kilobyte of RAM. Almost unfathomably little today. But it did one thing very well then and would still do it today: It shows how computers work (and not how to work with computers).

The manual that can be downloaded from the history section of the manufacturer's website teaches on only 80 pages the very basics of a computer. How does a microprocessor work, what is a bus, what's binary, what's the hexadecimal system and why it is needed, boolean logic, input and output, how does a microprocessor calculate, etc. etc. On 80 pages (including the code) and written in a way understandable for teenagers with no previous knowledge about the topic. Amazing!

Unfortunately these devices have become very rare. They were probably already rare 30 years ago as most kids probably experienced the same difficulties getting one as I did. So I keep my eyes open on eBay, perhaps I will get lucky one day. In the meantime I was wondering if there are equivalent learner kits today. Raspberry Pis are great for learning how to work WITH a computer, how to program it and to build many cool things. But it runs a full operating system, so everything is abstracted to such a level that it's difficult to use it for learning HOW a computer works. Arduino's might be better for the purpose perhaps but the way I understand the goal of that platform is that the software that comes with it again abstracts the underlying hardware to give people easy access to a device that can interact with the real world. That's great of course but again it doesn't teach people of how computers work.

When searching on my favourite web store portals I equally came up empty handed. Can it really be that today there are no computing kits for kids in their teens (or to grown ups that don't aspire to get a bachelor in computing but still want to know how a computer works) so they can learn how a CPU works and how it interacts with memory, input output devices and all the other magic!? It seems not but please prove me wrong, I'd really like to hear about it.

In the meantime I keep musing about whether perhaps an Arduino with an input/output shield, a hex keyboard and a 7-segment display combined with a software similar to what ran on the Busch 2090 could do the trick today. Open source for the enjoyment of parents and kids!?

Raising the Shields – Part 2: Certificate Patrol

In the majority of cases, https provides privacy and security by encrypting and decrypting data traffic to and from a web server. The mechanism is based on web server SSL (Secure Socket Layer) certificates and public/private keys that are exchanged during connection establishment. Data sent to the other end is always encrypted using the public key of the recipient. Decryption is only possible with the corresponding private key on the other side. This kind of encryption works as the private keys are never exchanged and hence nobody intercepting the data on its way from source to destination can decrypt the information. There is one weakness, however, most people are not aware about.

How does a web browser know that the web server's public key was actually sent from the web server and not from someone that sits in between the web browser and the server? For this purpose the web server sends an SSL certificate during the https session establishment that is signed by a certificate authority the web browser trusts. To get such a signed certificate a web site owner has to register with a certificate authority that web browsers trust. Unfortunately, there are a huge number of certificate authorities today that are trusted by web browsers and many are operated by what some would consider less than trusted entities. And here lies the weakness.

If a man in the middle gets hold of such a certificate authority he can create certificates for any domain on the fly. As a web browser does not check if the certificate authority for a web site has changed since it was last visited this goes unnoticed and opens the door to anyone that is able to perform a man in the middle attack with traffic diversion.

This is where Certificate Patrol, a Firefox add-on comes in. It stores certificates it has previously seen and compares them against the certificate presented by a website it has come across before. If they don't match a warning is shown to the user with the details. There are valid reasons for websites to exchange their certificates such as for example once their validity time has expired. This is also checked and Certificate Patrol informs the user that the certificate change was likely o.k. due to this reason. I've been using the add-on for quite some time now and it has become quite refined these days. I haven't come across fraudulent certificates so far but it feels good to know that I would see it should it ever happen. What's missing at this point is something similar in Thunderbird for ensuring the certificates for POP3 and SMTP email communication are not tampered and a similar solution for my smartphone.

Agreed, creating certificates on the fly and inserting oneself in the
traffic stream is far from easy to do but I would not be surprised if
this was part of the toolkit of certain three-letter agencies.

Book Review: Voice over LTE (VoLTE)

Do you want to learn about VoLTE but you are not sure where to start? If so, here's a tip for you:

Volte-bookLearning how VoLTE works in a reasonable amount of time is not an easy task, there's just so many things to learn. Reading the 3GPP specifications to get up to speed as a first step is probably the last think one should do as there is just too much detail that confuses the uninitiated more than it helps. The get the very basics, my books probably serve the purpose. As they don't focus only on VoLTE however, that might be too little for people who want to focuson VoLTE. This is where Miikka's Poikselkä book on VoLTE comes in that he has written with others such as Harri Holma and Antti Toskala, who are also very well known in the wireless industry.

If you are involved in Voice over LTE, you have probably heard the name Miikka Poikselkä before. He must have been involved in IMS since the beginning as he's published a book on IMS already many years ago and he is also the maintainer of the GSMA specifications on VoLTE and other topics (e.g. GSMA IR.92). In other words, he's in the best position to give a picture of how VoLTE will look like in the real world vs. just a theoretical description.

I've spent a couple of quality time hours so far reading a number of different chapters of the book and found it very informative, learned quite a few new things and got a deeper understanding of how a number of things influence each other along the way. The topic of the book could have easily filled 500 pages but that would have looked a little overwhelming to many. But I am quite glad it wasn't that much and in my opinion the 240 pages of the book strike a very good balance between too much and too little detail.

The book is perhaps not for beginners as many concepts are only quickly introduced without going deeper, which, however, suited me just fine. In other words, you'll do fine if you have some prior knowledge in wireless networks. With my background I found the introduction chapters on deployment strategies and the VoLTE system architecture, that also dig down a bit to the general LTE network architecture to be just at the right level of detail for me to set things into context. This is then followed by the VoLTE functionality chapter that looks at radio access and core network functionalities required for VoLTE, IMS basics on fifty pages, IMS service provisioning on an equal level of detail and finally a short into to the MMTel (Multimedia Telephony) functionality. Afterward, there's a detailed discussion about VoLTE End-to-End signaling that describes IMS registration, voice call establishment and voice call continuity to a circuit switched bearer on 60 pages, again at the right level of detail for me. CS Fallback, although not really part of VoLTE is described as well. Other VoLTE topics discussed are emergency calls, messaging and radio performance.

In other words, a very good book the bring yourself up to speed on VoLTE if you have some prior experience in wireless and a good reference to refresh your memory later on. Very much recommended!

Raising the Shields – Part 1: Off-The-Record (OTR) Instant Messaging

OtrI use instant messaging between family members and friends quite a lot as it's a fast and efficient communication tool. But communication is easily intercepted as everything is transferred over a centralized server. That's not good as I like my conversations to be private. In a recent Security Now podcast, Steve Gibson has made me aware of an interesting solution called 'Off-The-Record' (OTR).

Not only does OTR provide perfect forward secrecy for message content for all kinds of IM systems (except unfortunately for Skype as it's proprietary) but it also has a built in mechanism for 'plausible deniability', i.e. it's not possible to prove later-on that a particular message has actually been sent by a particular person. A bit like talking in a sound proof room between two people: Nobody can hear what's said when it's said and its not possible to proof what was said later-on by anyone as there are no witnesses. To find out how exactly this is done I recommend to listen to the security now episode linked above.

On Ubuntu, the OTR plugin for Pidgin is already in the repository and installation is simple. For Windows and Mac it has to be installed separately via the author's web page. On Android, Xabber might have what I'm looking for but I haven't tried it so far and I also haven't checked out if the program itself comes from a trustworthy source.

While OTR protects the content of messages it can't of course protect the information of who communicates with whom as the centralized server is aware from and to which an encrypted message is transferred. This can only be fixed by using a non-public instant messaging server. So for family related IM I am strongly thinking about installing my own Jabber server at home on a Raspbery Pi. I haven't done that so far but it seems to be straight forward. More on this once I've tried.

Prism & Co.: Raising the Shields Is Not Enough

In the past couple of weeks a number of revelations have shown the extent of secret service organizations from around the world tapping the Internet to spy on their citizens and those of other nations, store data about them, record their use of the network and communication metadata such as phone call records. While I think that some of these measures are justified when it comes to counter international crime and terrorism, the line for me is crossed when data of innocent people from around the world is copied and stored indefinitely. Also, wiretapping embassies of other nations and using resources for industrial and political espionage against friends and partners is also something that I find unacceptable. This has to stop and I hope that people and politicians around the world in free and democratic countries will find the courage to control and restrict their secret services and those supporting them and not have their liberty and freedom restricted and undermined by them.

Having said this, I find myself ever more encouraged to protect myself when using the Internet. Using Owncloud to ensure my private data is hosted on my own servers and communicating with them in a secure fashion can only be the first step. I have quite a number of things in mind I want to change over the course of the next months. Watch out on this blog for the details to come.

But raising the shields by storing my data in my own network and encrypting more of my communication is not the cure, it's just treating the symptoms. Privacy and freedom have to come back to communication and only internationally agreed limits to what intelligence agencies are allowed to do on and off the Internet will bring back what we have lost.