Full Web Browsing in the Metro – No Thanks

iPhone and Android users are very outspoken about the nice full web browsing experience on their device. That is, until they step into the Paris metro and then try do do anything meaningful with their device. With 'only' EDGE available and the network being quite busy anyway most of the time, you can't get more than a couple of kbit/s out of the line. That's nowhere near sufficient to download full web pages in any reasonable amount of time.

Now there is an obvious solution to the problem and that is to put UMTS into the metro as well, but I don't expect to see that anytime soon. In the meantime, I am happily surfing away with my OperaMini and network side compression while the full-web guys give up after a couple of minutes and tuck away their device. At least the people using Android could put Opera Mini on their device to help out, if they are aware of it.

Wi-Fi Hotspots and Cookies

As many of you know, but the general public probably isn't really aware of, Wi-Fi hotspots are not encrypted and hence the data transmitted can be read by anyone nearby with just a bit of knowledge and no special equipment required. But how much is actually possible and how easy is it to do it?

First, here are some things which are not problematic:

  • Most hotspots I have encountered in the past encrypt the authentication and payment pages so an attacker can't steal credit card information. One has to look closely though at the URL of the landing page and ensure that the connection is really encrypted (URL marked in green or blue on the left side in Firefox)
  • Online shopping: I've tested Amazon which by default does not encrypt pages until the time you click on the checkout button. Attackers can therefore see what you are looking for on Amazon but the payment process itself is encrypted.
  • Online banking: All online banking pages I use are fully encrypted, so attackers can only see which banks I am using but not what I am doing there.

And now some things which require special attention:

  • POP and SMTP for e-mail: The default configuration of most e-mail programs is not to use encryption. While over a properly secured Wi-Fi network at home this is not really an issue, an attacker in a public Wi-Fi hotspot can easily intercept user names and passwords. Switching on encryption is not difficult in most e-mail programs but one has to be aware of it and actually do it.
  • Of particular interest for me are blogging systems as I use one of them myself for this blog. Some of them do not use https for the editing process and use cookies to identify the session. When the pages are not encrypted and an open Wi-Fi hotspot is used, the cookies can be easily intercepted and misused. At home in my own encrypted Wi-Fi network (for which I obviously have the key and where it is legal to experiment) I ran a proof of concept: First, I intercepted the http request for the blog editor web page with Wireshark, copied the cookies and imported them into Firefox on a second computer. Then, I requested the same page on the second computer and could easily access the blogging front end. The damage that can be done this way is limited as a password change requires knowledge of the old password so an attacker can't lock out the owner of the blog. And as soon as the logout button is pressed, the session is closed for the owner and the attacker. Better than nothing but still way to insecure for my purposes.
  • I tried the same with my facebook account at home and after transferring the cookies, the session was usable from both computers while the logout button was not pressed. But who presses the logout button? Other web applications such as flickr for example also use non encrypted http so I expect things to be the same.

So there isn't really a way around a VPN tunnel such as this one if you want to securely connect over a public Wi-Fi hotspot.

HSDPA Indicator

When HSDPA was first specified it was unfortunately forgotten to put an indicator somewhere on the broadcast channel so a mobile could distinguish a 3G network from a 3.5G HSDPA network and show something to the user. It was added in a later release of the standard but I haven't seen a device yet that would do something with the information or networks that would actually broadcast it. Turns out that quite some networks have this turned on by now and some phones like for example the Nokia N72 display "3.5G" instead of 3G permanently and not only while an HSDPA data transfer is ongoing. How nice, but it's too late now. Some network operators use HSDPA now but have chosen not to activate the indication, hence, the E72 still shows 3G despite the network being HSDPA capable.

3G to Wi-Fi Bridges are a Meeting Organizer’s Best Friend

Those who attend international multi-company meetings probably know the issue: How to get Internet access during the meeting so documents can be passed around (without a memory stick) and you are not cut from your daily flow of e-mails. If held in a company building, IT departments are usually less than under-motivated to provide proper Internet access.

But 3G to Wi-Fi bridges can help! Treat your company to such a device if you organize such meetings and the spirit in the meeting room lifts by 150%. When I recently attend a multi-day meeting, the organizer brought such a bridge along and even with 30 people using the connection for e-mails and web access it was nicely usable.

Agreed, if participants are all from the same country and are in their home country, they can bring their 3G sticks themselves. But as soon as international roaming comes into play that's usually no longer an option. Also, it helps to be in a country where prices per GB are reasonable because 30 people consume heavily.

McDonalds Wi-Fi – Tested

Called 'Mc-Do' in Paris, I have to admit that I am not really a frequent customer and so I've never considered using their free Wi-Fi so far. However, last week I had a bit of time so I thought I'd give it a try. I didn't know what to expect so I didn't really expect much. The more was I surprised that access is granted without any kind of verification if you bought something or not, e.g. via a code on the receipt. The positive surprise didn't stop there as I got a downlink throughput of 5 MBit/s and even my PPTP VPN client could connect to my home network and ensured an encrypted connection via the unsecured hotspot. And I was not the only customer with a notebook / netbook in the restaurant I might add. By the way, the others had some food and drink on their table as well so it wasn't a free lunch, eh, Wi-Fi.

European Digital Dividend Band for LTE Now In the Spec – Band 20

I've been wondering for a long time when 3GPP would finally define the band for the European digital dividend, i.e. spectrum between 790 and 862 MHz. Looks like they've finally done it: With v9.2.0 of TS 36.301, released at the End of December 2009, Band 20 with 791 – 821 MHz in downlink and 832 to 862 MHz in uplink now covers that area.

Interesting detail: The downlink is in the lower range. I assume that was done to keep the UEs uplink transmissions as far away as possible from the spectrum still used by TV. Anyone got more inside on this?

With the spectrum auction in Germany about to start, it's about time!

LTE RRC Complexity Compared to UMTS

One of the good things about LTE is that especially in the radio network, it represents a fresh start so a lot of "optionality" that tends to bloat a specification over time is avoided in the general baseline. To see what I mean, let's compare the Radio Resource Control (RRC) specification of UMTS with LTE:

UMTS RRC

The original Release 99 UMTS RRC specification (3GPP TS 25.331 v 3.1.0) is about 865 pages long. In Release 8, the same specification document (v 8.1.0) now contains 1435 pages.

LTE RRC

The RRC specification for LTE can be found in 3GPP TS 36.331. The December 2009 version (v.8.8.0) contains 208 pages. That's only a fraction of even only the R99 UMTS specification.

I am a bit surprised the volume difference is this big. I compared chapter headings to see if there are things that the UMTS RRC spec contains which are not in the LTE RRC. However, it all looks pretty similar.

Video Interview With Martin Cooper – Wireless Pioneer

For all of you interested in the past and future of wireless, here's a link to a video interview with Martin Cooper, who created the first portable wireless phone back in the 1970's at Motorola. Great insights into how everything started and great ideas on what will happen next and what shouldn't. Enough said, if you have 32 minutes to spare, head over and enjoy. And if you have the time later, bookmark this and return later 🙂

[via IntoMobile]

CPC Is Not Sexy – Part 4

Back in 2007 I wrote three posts about Continuous Packet Connectivity (CPC), a bundle of 3GPP features aimed at improving network interactions for applications on 3G HSPA devices that only require a low bitrate or only poll the network periodically (e.g. once every few minutes).For details see here, here and here. All these features were part of 3GPP Release 7. One important feature was missing though, and that was to improve uplink speeds and reaction time in more power efficient states. This feature was added in 3GPP Release 8 in the "Enhanced Uplink for CELL_FACH State" Work Item. For details see RP-070677.

And here is what the feature actually does:

Today, when a HSPA mobile device is not in the Cell-DCH state, i.e. it is not observing and receiving data over the High Speed Shared Channels, but is instead in the less power consuming Cell-FACH, Cell-PCH or URA-PCH states, uplink packets are sent over the Random Access Channel (RACH). While this works quite o.k. there are several shortcomings:

  • The capacity of the RACH is very limited. Hence, when the network detects that a device uses this channel for more than just a small IP packet or two, the connection  is immediately transferred to the fully active state (Cell-DCH). That requires a lot of signaling and in case the mobile ceases transmission again afterward, e.g. because it only wanted to send a keep-alive or poll message, it wastes capacity in the cell.
  • State transitions from Cell-FACH to Cell-DCH take some time, in the order of hundreds of milliseconds, so it has a negative impact on user experience.
  • As capacity on the RACH is very limited, only few users can use it at a time.
  • Round trip delay times due to the use of the RACH are in the order of 250 to 300 ms compared to far less than 80 ms in fully active state.
  • Only very small data packets can be transferred in on RACH slot. The document linked above contains an analysis that comes to the conclusion that an IP packet with 500 bytes requires over 10 RACH transmissions.

O.k., so what is the solution!? Instead of the RACH, Release 8 has specified how to use a fast Enhanced Uplink Channel (E-DCH) that was originally specified for HSUPA. This E-DCH is configured with default values, i.e. a modulation and coding scheme that is conservative enough so even devices at the edge of a cell can use it. No power control and channel quality feedback is necessary. Access to the channel is controlled by the network with the Acquisition Indication Channel (AICH) as before.

Looks like a very worthwhile feature to me, let's see when it appears in practice.

Is A Ribbon Interface The Right Thing For A Netbook?

I really really really like my netbook, it is so convenient, especially when traveling and not having a lot of space. But one of the things that is missing is screen real estate, especially on the vertical. My Ubuntu and the Gnome GUI make good use of what's available as the icons and window frames are smaller than on MS Windows. But even with MS Windows, working with a netbook should be o.k. But what about Microsoft Office that uses a ribbon interface instead of the traditional menu / icons on top of the window? The height of the ribbons costs precious vertical space and as far as I know there's no way to change that!? So I wonder if Microsoft at some point will come with a netbook / small screen optimized UI for its Office suite!?

What about you, how do you feel about 'ribbons' on smaller screens?