Author: Martin

In the previous post I had a couple of links to interesting information on what is between an antenna and the baseband radio chip in today's smartphones. As a quick follow-up here's my cheat-sheet which lists the components which is best used with this diagram over at Anandtech:

Downlink (Receive, RX) Path:

RF Front End Components

• Antennas (e.g. 2 required for diversity or LTE MIMO)
  

• Optional:  Antenna Tuner – Matches the (changing) impedance of the antenna with the transceiver. Impedance scenarios can be loaded dynamically when the environment (hand, grip, body location) changes.

• Antenna switch – Pipes the signal to/from the antenna to band specific filters and power amplifiers for the band currently used.

• Duplexers – Sit in each path after the antenna switch to combine/split the uplink and downlink signal that is transmitted/received from the antenna(s). Also, the duplexers include band specific filters.

Transceiver – includes the following sub-components:

• Low noise Power Amplifiers (PA), several present, each covering different band(s). 

• Down-converter: converts the frequency of the signal to a baseband frequency (to remove the carrier frequency (700 MHz to 5 GHz). Have a look at the Superhetrodyne receiver article over at Wikipedia for more information.

• Another Power Amplifier stage

• (Latest development from a Qualcomm 9×45 point of view: No companion chip necessary anymore for LTE carrier aggregation!)

After all of these steps the analog signal is ready to be given to the baseband modem split into in-phase and quadrature components. It's still analogue so the first task of the baseband chip (e.g. the 9×15 / 25 / 35 / 45 Qualcomm MDMs) convert the signal from analog to digital and it then starts it's magic to decode the information (which is outside the scope of this cheat-sheet).

Uplink (Transmit, TX) Path:

• Baseband: The digital baseband chips's last stage is a digital to analog converter to deliver a weak analog signal to the transmitter chain of the transceiver chip.

• Transciever:

• Narrow-band amplifiers

• Up-converter: Raises the signal to the transmit frequency

• Driver amplifier raises the signal before it leaves the transceiver

• Power Amplifiers: A switch inside the transceiver chip forwards the output signal to one of several power amplifiers, each dedicated to a specific frequency range. Several power amplifiers are typically included in a single chip outside of the transceiver chip. Optional: An envelope tracker chip can control the power amplifiers to reduce power requirements. The envelope tracker gets information of how much power to apply directly from the modem (i.e. the component before the transceiver!)

• Duplexer: Mixes transmit and receive signals as they use the same antenna

• Antenna switch

• Antenna

Back in July 2014 I wrote a post with a link over to Anandtech with a great introduction to the components and chips that sit in front of the baseband modem chip of a modern smartphone. Now the team over at Anandtech has greatly expanded on this and have written another article on the topic.

If you are interested but new to the topic it's worth to read the older post first as it includes a great diagram that shows how the components are connected together and to then continue with their latest post.

And once you've done that it's worth having a look at the tear-down of the iPhone 6 over at iFixit where they show how most of the components discussed in the posts above are used in this device. By my standards, the iPhone 6 has the most advanced modem front end to date as it supports 20 LTE bands, more than any other device currently on the market I'm aware of.

And if you are still looking for additional background information have a look at Wikipedia for extra knowledge on Superhetrodyne receivers and Envelope Tracking.

Last year I bought a prepaid SIM card in Austria with unlimited Internet access for 18 euros a month. It's done me a great service and has done so again recently when I was staying in Austria for a few weeks again. The place I was staying had a 5 Mbit/s DSL line but I nevertheless preferred to use the 3G connectivity instead.

You might wonder why but there's a simple reason: The uplink! While the DSL line only provided a few hundred kilobits per second, I could upload my documents at almost 10 times the speed over 3G, i.e. around 3 Mbit/s.

But things were getting quite tight over the air. In the early morning hours I could easily achieve the 10 Mbit/s in the downlink direction which was the subscribed limit. During daytime and in the evening, however, I could only get around 2-3 Mbit/s, despite the dual-carrier configuration of the 3G base station. In other words, things are getting quite busy. Time for LTE to arrive in the Austrian country side.

Last year it was discovered that a Marriott owned hotel in the US was intentionally blocking private Wi-Fi access points in an attempt to force their guests to use their heavily overpriced Wi-Fi system. After a complaint to the FCC an investigation was started that led to a $600.000 fine and a public consultation. Cisco, Aruba Networks and Ruckus Networks came to Marriott's help and defended the practice, probably because they are selling the weapons, i.e. the equipment that detects other hotspots and send de-authentication packets to devices that use them. Shame on them!

Fortunately lots of companies such as Microsoft, Google and CTIA took the side of liberty and freedom of choice by positioning themselves against such active 'jamming' systems. A couple of days ago the FCC has now published a final 2 page 'enforcement advisory' with crystal clear wording:

"Warning – Wi-Fi Blocking is Prohibited

Persons and Businesses Causing Intentional Interference to Wi-Fi hotspots are Subject to Enforcement Action

[…] the Bureau is protecting consumers by aggressively investigating and acting
against such unlawful intentional interference. […]"

Thanks FCC and yes, Marriott you'll stay on my list of companies I will not do business with anymore!

via Heise here and here

Quite often I'm in multi-day meetings with lots of participants. In recent years more and more hotels have bought Wi-Fi equipment that can handle 80-100 participants with twice the number of Wi-Fi devices in a single room. Unfortunately, there's still ample opportunity to be trapped in meetings for several days where the Wi-Fi fails once the room starts filling up. For such cases I've developed a solution that can fix the issues for everyone but unfortunately it's not always possible to put it into action.

In such cases I'm now resorting to plan B, which is a Raspberry Pi that acts as a Wi-Fi access point for my devices that tunnels my traffic into the Internet via smartphone tethering, i.e. a second Wi-Fi link. In addition, the Raspberry acts as a VPN tunnel aggregator so all my data is transported over an encrypted tunnel to my home and only from there to the 'unprotected' Internet. If you are interested in the details and the scripts to configure a Raspberry Pi of your own for a similar purpose have a look at this blog post from a couple of months ago.

While this helps me it unfortunately doesn't help the other meeting participants as data over cellular is still too expensive to give 100 people access. But with the introduction of affordable global roaming data rates in 2014 I now have at least a solution for myself. This requires, of course, cellular reception in the meeting room which is sometimes also a challenge…

Over the last years I've seen Linux being used in quite a number of places from churches to airplanes. Here's an other airplane example of which I could take a picture when the on-board information and entertainment system of an A320 rebooted before the flight. Judging by the copyright notice and other messages during the boot procedure it was based on a Red Hat Linux from back in 2002 running on an Intel x86 based system with 500 MB of RAM. Each seat seemed to have it's own embedded system as the boot process did not go through the same stages everywhere at the same time. 2002, that was 13 years ago… Quite an eternity in the digital age…

Ever since I can remember I loved to explore all things around electronics and computing, to find out how things work and to find out what's possible with stuff. When I was a teenager, however, this meant that every now and then I pushed the limits just a bit too far. When one day a little soldering experiment broke my computer I was out of business for a couple of weeks as one couldn't just get a replacement around the corner or go online and order something on Amazon. No, in those days it meant sending the equipment back to the manufacturer and to wait anxiously for a couple of weeks for the repaired computer to come back with a nice little bill attached that more than just strained the budget of a teenager. It was a defining lesson and I got a lot more cautious after that. Later, when I went to university, the story continued. I would have loved to play around with Linux but computers were expensive and I was dependent on my computer to work. So I didn't venture out to experiment as I would have liked but treated my computer as sacrosanct.

Incredible how the world has changed since then. Experimenting with electronics and computers has become so much easier and the worst thing that can happen today when tinkering with devices like Arduinos and Raspberry Pis is to fry a 20-30 Euro device. Wi-Fi or other wireless technologies can keep a computer physically separate so even if the hardware fries the effect can't jump to that expensive notebook. And even notebooks are not that expensive anymore and I have an older spare at home that I regularly use to try out things with first before I apply them on my main machine or to one of my servers that I run at home. Actually it was a second generation eeePC that opened the world of Linux to me on which I could try out things I would have never dared to do on my main PC. Today, all my personal machines run Linux that let's me experiment freely and openly without any limitations. Microsoft stuff that limits me to a single device is all gone.

And most of the time these days it's not even necessary anymore to use a physical device for experimenting. Instead I can just try new things in a virtual machine. After all, if the installation in the physical machine is broken one can just go back to the last restore point and things are running again in a few seconds. The degrees of freedom all of these things offer today compared to what was possible 20 years ago is just staggering. Not that I regret having lived through those times but sometimes I wonder what would be different today if I had all these possibilities already then!?

Anyway, I still catch myself every now and then being too cautious as sometimes the thought crosses my mind that things could break if I tried this or that before I remind myself that I can just press the reset button to start things over. How liberating!

Looking through various log files for suspicious activities in my home cloud is part of my security routine. Recently, I found some interesting entries in the Apache web server log file on the server I run Owncloud and Selfoss, my RSS server. Every 7 days I get a couple of http requests from China. What!?

O.k. I am in China every now and then but not every 7 days. So since it's my private server and runs on a non-standard tcp port to keep crawlers and script kiddies away that is quite suspicious. Digging a bit deeper and having had a look at the requests before and after the requests coming from China I finally found the reason for those requests: On my mobile devices I use “Opera Mobile” for web browsing which includes accessing my RSS feed aggregated by Selfoss. For quick access I've added a shortcut to the speed dial screen. On this screen, shortcuts are represented with a thumbnail of the web page. It seems the thumbnails are updated every 7 days but the thumbnail is not created by the smartphone itself but by a server on the Opera backend that tries to fetch the webpage, creates a new thumbnail, which is then downloaded to the phone. And it seems that this server is in China as the requests are always coinciding with me accessing my Selfoss RSS web page via Opera from my smartphone. How interesting! The picture on the left shows the temporal correlation.

In my case the web page is http digest password protected so there is no real thumbnail. And that's a good thing because if there were that would mean that Opera would send my password to their backend. But they don't so that's at least something.

And just to make sure the IP address reported by the tool being in China really is in China, I ran a traceroute:

[…]

 5  80.157.129.186 (80.157.129.186)  32.988 ms  33.312 ms  33.885 ms
 6  202.97.58.53 (202.97.58.53)  233.826 ms  223.837 ms  223.892 ms
 7  202.97.53.241 (202.97.53.241)  222.172 ms  219.059 ms  240.293 ms
 8  202.97.53.109 (202.97.53.109)  243.943 ms  249.146 ms  250.505 ms
 9  * * *
10  bj141-130-74.bjtelecom.net (219.141.130.74)  301.600 ms * *
11  bj141-147-82.bjtelecom.net (219.141.147.82)  320.768 ms bj141-131-162.bjtelecom.net (219.141.131.162)  320.731 ms bj141-147-82.bjtelecom.net (219.141.147.82)  320.721 ms
12  242.88.202.1.static.bjtelecom.net (1.202.88.242)  306.327 ms  320.606 ms  320.585 ms
13  211.151.224.194 (211.151.224.194)  325.090 ms 211.151.224.106 (211.151.224.106)  221.285 ms  223.845 ms
14  59.151.96.162 (59.151.96.162)  228.515 ms  268.986 ms  270.306 ms
15  59.151.99.90 (59.151.99.90)  270.648 ms  273.096 ms  275.106 ms
16  59.151.106.247 (59.151.106.247)  274.853 ms  287.711 ms  292.621 ms

Hop 5 is the last leg of the route to the destination IP address in Europe before the packets hop into a transit link to China. The delay of hop 6 already shows the other end of the tunnel is quite far away and a Whois lookup reveals that this is a transit link of China Telecom. Hop 16 is the IP address from which Opera's requests have originated and Whois reveals that the IP address is assigned to 21ViaNet in Beijing.

After the recent terrorist attacks in Paris a lot of high government officials and even prime ministers are calling for new laws to allow them to decrypt any kind of communication if it is deemed necessary. That makes me wonder if we are headed for another crypto war!?

I find it highly disconcerting that governments of liberal and democratic countries are seriously considering to outlaw private communication, a basic human right in a feeble attempt to improve security. Perhaps this thinking still comes from the days when wire tapping was the main means to intercept communication. Still today, a court order can get you a tap on anyone's phone line or mobile phone in the country and conversations can be recorded and listened to in real time. It was a different world then. No mobile computers, dumb 'terminals', you had to use the fixed infrastructure that was in place, encryption systems for the masses were none existent. From that point of view I can understand the push to get the same means for other forms of communication that have sprung up in recent years, too. But the world has changed dramatically over the past decades. Networks and services have split, dump 'terminals' for fixed line networks with voice only capabilities have become smartphones and strong encryption is used everywhere and is the foundation for our global economy today. Applying the principle of wire taping to other forms of communication would effectively spell the end of free and democratic societies as we know them today and would have a profound impact on everybody's lives, whether, even for those who claim that they have nothing to hide. So here are a couple of points why attempts to increase security by requiring a second key for governments is hoplessly useless and has become impossible to implement:

Classic Wire Tapping And Crypto Phones

To stay with the classic wire tapping example there's nothing to stop people from using crypto-phones today to encrypt a phone conversation. This is very different from 30 years ago when such technology was simply not available to everyone. Government officials have a need for this today to keep their conversations private, people working for companies around the world have a need for this today because they have a need to keep sensitive information private. As a consequence, people like you and me who are no less important and who have the same rights should therefore also have the right to encrypt their phone calls without anyone being able to tap in somewhere in between, not in the least because privacy is a basic human right. The proposals above would mean that such crypto-systems have to have a second key that the government can get access to. So who produces crypto equipment and software and how do you ensure no foreign governments and other entities eventually get the key? That makes me actually wonder which government should get the key? And what if I travel abroad with my mobile phone, should the government of the country I travel to get the key as well? If not, how could you stop to foreigners in a country to call each other and use cryptography which has a second key for their home country but not for the country they have traveled to?

Instant Messaging

Let's venture a bit further out to instant messaging. Let's say Google, Apple, Microsoft, Facebook and all others are suddenly required by law to give governments (plural!) access to private conversations and to prevent people from using end to end encryption. But how would they stop people from using a further layer of encryption over their government pseudo-crypto? They can't. Governments could outlaw such overlays but that again would violate my human rights for privacy.

Next example: Today, I'm using a private instant messaging server at home and end to end encryption for communication with close relatives and friends. With a crypto-intercept law in place, would I have to give a second key from all clients to the government? Or would there be an exception because I'm not a commercial service provider? And if so, what keeps the bad guys from just not being a commercial service provider themselves? And further along those lines what keeps anyone from using an instant messaging service for which the server is located in a country that is not on good terms with the government of the country you currently reside in? Does that mean that ISPs will be required to block their users from using such services? And how exactly should that work, clever protocols would just look for a way around.

Secure HTTP

Another example: I have a web server at home and access it using https. On my devices I use Certificate Patrol to ensure that a certificate change required for interception is indicated and communication is aborted. Would crypto-intercept mean that programs like Certificate Patrol are outlawed? And if so what keeps me from installing it anyway? As it's a passive method to ensure privacy there's not even a way to detect it from the outside. Or would such a law require me to give my private SSL key to the government? And what if I travel from Germany to Austria, would that mean that I had to send my private SSL key to the Austrian government as well? Doing so would require an encrypted connection. But then the German government needs to listen in. So would the Austrian government thus have a second key for the German government and for all other governments of nations from which people come to visit Austria? and what about the transit countries over which the encrypted communication flow is transported? It's getting absurd pretty quickly

Secure Shell

Yet another example: To administer my servers at home I use the Secure Shell Protocol (SSH) like millions of other system administrators. It uses perfect forward secrecy and certificates for the server and the client and strong public/private keys. Unlike secure http where man in the middle attacks with government signed certificates are possible, SSH is bullet proof in this respect. Does that mean that I have to give the government a second key whenever I set up a new server or change my certificates? What happens when I travel to France or Russia? Do I have to give those governments my keys in advance? Or maybe a law should be in place to require ISPs to block all ciphered communication over country borders for which no second key is available to all the governments over who's territories the data packets are sent!? Good luck working out a mechanism for that.

The only way to enforce this is to ban the use of any crypto-system that does not contain a second key for the government of the country you currently reside in. That will make traveling with computing equipment across national borders pretty difficult to impossible unless you come up with a system where governments around the world can get a key for your communication. Does anyone really want that!? Would it even be possible?

Would 2-nd Keys To Intercept Traffic of Large Internet Companies Change Anything For The Bad Guy?

These are just a couple of thoughts that show how ridiculous it would be to require big Internet companies to give second keys to governments. The overhead to play this game with 200 countries is ridiculous, the potential for fraud enormous and instead of 1.000.000.000 ways to communicate securely, bad guys would be left with only 999.999.999.

Less Is More

In the end, the only way is to tap the bad guys at the source before data is encrypted. That is not trivial but it shouldn't be anyway as otherwise governments would just spy on anyone. After the Snowden revelations there is little if any doubt on that. When looking at terrorist incidents I can't find a single one after which it is discovered that the terrorists were already known by the authorities but manpower was missing to have a closer look. There is no need to ban encryption to get even more data, police can't even handle the data they already have access to. So in my opinion they should even be required to collect less data rather than more for their own sake.

These days I seem to experience Youtube issues more and more frequently when I'm at home, especially in the evenings. Sometimes, some videos just don't stream very well while others work o.k. It seems this is related to the content distribution server Youtube selects for my location or the link to it which seem to be overloaded from time to time. The proof in point is that I can get around the issue by opening a VPN tunnel to a VPN gateway located in another country. When doing that, the video that I just had problems with just plays fine after re-opening the browser and going back to the video that I had problems with just seconds before. While this work around is certainly far from ideal, I've just found another use for my VPN.