WirelessMoves – Page 226 – My Thoughts on the Evolution of Wireless, FOSS and the Past, Present and Future of Computing

Meet Me at the Mobile World Congress at the Wiley Booth

The Mobile World Congress 2009 in Barcelona is coming closer and I am happy to announce that my publisher John Wiley and I will feature a "Meet The Author" session at their booth to promote the launch of my latest book "Beyond 3G – Bringing Networks, Terminals and the Web Together".

The details:

Where: John Wiley and Sons, Hall 2, 2A130
When: Wednesday, 18th February
Time: 2 to 4 p.m.

So no matter whether you already have a copy, are interested in the content, are thinking about picking one up, or if you just want to have a chat with me I am very much looking forward to meeting you there!

For those interested in taking a copy home, Wiley will offer a 20% discount. If your suitcase is already full, there's also the option to place an order at the booth and have to book shipped to you.

Over the years, this blog has become a very frequented place and I had many e-mail conversations with people working in the industry from all over the world. Now it's time to put some of these conversations into the real world. Again, it would be a pleasure meeting you at the Congress! See you there!

Carnival of the Mobilists #159 at The Mobile Broadband Blog

This week, the Carnival of the Mobilists has stopped over at Ram Krishnam's "The Mobile Broadband Blog". It's edition 159 this week, quite amazing, and I still remember how I was part of one of the first single or double digits ones by accepting to run an edition by exchanging e-mails with Russel Buckley on my mobile phone while being on the way from Lisbon airport to a meeting. Nothing special these days anymore but at the time, quite something. Tomi Ahonen would probably say it was a magical moment. So without further ado, I can warmly recommend to head over and enjoy the great writeup.

Email As The Simple Way Out

Another normob (normal mobile user) story today. A friend of mine keeps track of her notes on her Nokia N82 as it's quite convenient to use it together with a Bluetooth keyboard while traveling. While most of those notes stay on the phone, every now and then they should also end up on the PC. So how can that be done best, i.e. quickest? As a normob, that's a difficult question (but shouldn't be).

The answer is quite simple once you've set up an email account on the phone and are used to using the Wi-Fi connectivity at home with the phone. Then you just go to the notes application, click on send via email and the note ends up in the email inbox on the PC a couple of seconds later. Simple and straight forward once you've figured out how. And again, that's the problem, figuring it out in the first place. Too many pieces have to fall into place first before it becomes easy.

On the other hand, now that there is one 'killer application' for mobile email and use of the Wi-Fi at home (in addition to VoIP telephony) with the phone (and to her it's still a phone and not a mobile device…), it might lead to discovery that the mobile email client can be used for much more than to just forward notes.

Hm, maybe that's the difference between the iPhone vs. the competition from a normob point of view: While the iPhone is seen as 'something + a phone', other devcies are still seen as 'a phone + something'!?

The T-Mobile Dance

Here’s some free advertising for T-Mobile. Stunning, so I had to link. Watch in HQ and full screen!

The T-Mobile Dance in Liverpool station:

And the ‘making of’:

Enjoy!

How Do You Compete With Your DSL Competition?

I've just read an interesting article about how difficult it is today in some countries for DSL and cable operators to compete due to the sheer number of rivals in this sector. True, I can see it in France, for example. In Paris I can choose between at least 10 different DSL providers and the highwater mark for tripple play services (Internet access, unlimited landline calls and IPTV) is 30 euros per month, set-top box included. And competition is getting fiercer with alternative providers such as Free adding service upon service while sticking with the 30 euros per month price tag.

So the only real differentiator you could have against that competition is a wireless 2G/3G network that you bring into the bundle. To stay with the French example, Orange, SFR and Bouygues are going in the direction and are now all offering a DSL and set-top box. For now, I don't see a lot of combined fixed/mobile offers except maybe common billing, which won't make a lot of people switch to another DSL provider. But I suspect that might change in the not so far future when solutions mature to let people access the content stored in their set-top box or in their home network from their mobile device while being away. A unique chance for mobile operators with fixed line assets as they are in the right place to pre-configure the mobile devices and the set-top box (maybe even centrally) of a household to work together seamlessly.

Throw some femtos into the equation or simply a 3G USB modem with a SIM card that automatically installs when you plug it into your notebook. A daily fee or a couple of euros extra a month automatically and transparently put on your monthly invoice. Quite a number of options DSL/cable only players do not have. I am curios which fixed/mobile player will go ahead first to heat up the competition.

SAE Review Part 1: Let’s Be Flexible and Redundant

Release 8 of the 3GPP specification is nearing completion and I thought it's the right time to have a closer look at one of the key core network architecture specifications for LTE, or to be precise, the SAE (System Architecture Evolution) in 3GPP TS 23.401. It's title 'GPRS enhancements for E-UTRAN' is a bit misleading as it is an architecture document in itself that shows the full architecture and not only enhancements. It has become a massive document, 219 pages at the moment, so a single blog post won't do to describe the features which are different compared to GSM and UMTS. So I've decided to split the review into several parts and start with the flexibility and redundancy of network elements which is built into the system from day one.

In the initial 3GPP specs for UMTS (Release 99 or Release 3 if you will after the current counting method), the network was pretty hierarchical. One UMTS base station (NodeB) was connected to one radio network controller (RNC) which was in turn connected to one MSC for voice calls and one SGSN (Serving GPRS Support Node) for packet data traffic. In later 3GPP releases the RNC interface has become more flexible (the famous Iu flex) and in theory, a single UMTS RNC can now be connected to several MSCs and SGSNs for redundancy and load sharing purposes. In practice, however, I suspect it is not used a lot (yet).

Splitting the gateway into MME and SGW and assigning several to a single base station

In the LTE/SAE specs, flexibility and redundancy is built in from day one. A single LTE base station, called eNodeB, can now be connected to several gateway nodes simultaneously. The gateway node itself is split into a Mobility Management Entity (MME) and a Serving Gateway (SGW) and an interface has been defined between the two. So in practice both can be in the same physical device or split into two different devices. There is also no need to have the same number of MMEs and SGWs in the network, so capacity can be independently increased for the management part (MME) or the datapath (SGW) as needed.

Moving subscribers from one gateway to another and creating redundancy

There are even functions foreseen to move subscribers of one MME or SGW to another MME or SGW, for example to upgrade the software and then reboot the device. Another benefit of pools is that in case one device fails, not all users in the area are affected. If one node fails and the connection is interrupted a device can quickly reconnect and be assigned to a different node. Quite a difference to today where the failure of a single SGSN immediately renders a part of the network useless. It happens often enough…

[Updated 7. September 2009] Tracking Area Lists to prevent border hopping

Another piece of flexibility are tracking area lists, which used to be called location areas (LAs) or routing areas (RAs) in UMTS. Like LAs and RAs, a tracking area is a conglomerate of one or more cells. Mobile devices currently not connected to the network only have to report to the network when they change to a tracking area which is not in the list that was assigned to them by the MME during the last tracking area update. This reduces power consumption and reduces mobility management signaling in the network. Tracking area lists in effect blur the tracking area boundaries and prevent scenarios in which a mobile device keeps hopping between two cells in different tracking areas resulting in frequent signaling exchanges and battery drain.

Packet Data Network Gateway flexibility

And of course the packet data gateway (PDN-GW), the gatekeeper between the mobile network and the Internet (or a fixed line IP network in general) is also not fixed but can be chosen from a pool.

Summary

As shown above, the whole LTE/SAE architecture has been defined in a very flexible way for several reasons. Compared with the flexibility added to GSM/GPRS and UMTS over time, this goes one step further and the use of IP for all interfaces helps a great deal to make this much more simple than in 2G and 3G networks.

So much for today. In the next part, I'll look at Mobility- and Connection Management (EMM and CMM) and the differences to UMTS's Packet Mobility Management and Session Management (PMM and SM).

Sandboxie

Not a truly mobile story today by itself but one that started as a such some time ago on this blog. A while back I reported on a first weakness found in the Wi-Fi WPA encryption. I didn't get all the facts right the first time and was promptly corrected by a reader who was kind enough to supply a link to Security Now, a great podcast show, that each week explains security issues at great length but easy to understand. I listened to the podcast, corrected my mistakes and subscribed to the podcasts on my N95 to have interesting podcasts while traveling. Recently I listened to podcast 172 about a program called Sandboxie for Windows machines that I think is so useful that I would like to mention it here.

With Sandboxie, you can put programs like web browsers, e-mail clients, instant messengers, etc. in a sandbox that redirects write access to files and the registry to a copy instead of to the original. This way should you catch a virus via a web page or via that attached power point file of an e-mail from a trusted friend, all the malicious code can do is harm a copy of the file and the registry. It can still steal data as it has standard read access to all other files but it can't harm the machine anymore. As soon as the last program in the sandbox ends, the files in the sandbox are deleted and gone is the threat.

It's even possible to install programs in the sandbox. They just run just fine afterward, but only in the Sandbox of course. Once you are done with testing, delete the sandbox and you can start from scratch. No orphan files remaining, no extra clutter in the already fat registry. So the concept of Sandboxie is quite similar to that of a virtual machine except that the applications have read access to the outside. The big advantages are that it requires no extra memory and processor resources, it just adds a shell of protection around those programs so they can't do any harm.

Completely blocking write access has it's drawbacks, too, of course. With a complete isolation, it's not possible to permanently store bookmarks for example and you will also loose your e-mail that is stored in local files once the sandbox is deleted. But the author has thought about that as well and it's possible to activate exceptions for the most well known programs so that their configuration and data files are not sandboxed. For less well known programs, it's possible to configure files or directories that are excluded from the sandbox manually. And, with the registered version, it's even possible to define programs which are automatically run in the sandbox when they are started. Great for an installation for less computer savy users to make the sandbox almost transparent for them.

So while it's not the purpose of Sandboxie to replace an anti-virus scanner it's a great tool to add another layer of protection. It takes some knowledge to configure it for individual purposes but once done, even less computer savvy users should not have a problem with it. So while the proof for that is still outstanding, I'll install it on a normob notebook soon 🙂

I love it how one gets from A to B on the web, I would never have heard of it would I not have blogged about the Wi-Fi WPA attack, if someone would not have commented and left a link and if someone else hadn't bothered to do a great podcast every week I listened to on my mobile phone during a long car trip. In this way, it is actually a mobile story after all.

Carnival of the Mobilists 158 over at the VoIP Survivor

This week, the Carnival of the Mobilists has stopped over at Tsahi Levent-Levi's blog, aka the VoIP survivor for an as usual impressive roundup of what's been happening in the mobile blogging sphere over the past week. To my great pleasure and surprise, my entry on the use of Wi-Fi in mobile devices has been voted for being the best post of the week. Thanks for that, I really appreciate it! So for all the best from the mobile blogging sphere, don't hesitate, head over and enjoy!

Wireless Repeaters in the Spa?

Yes, yes, one should go to a spa to relax but I couldn't help to notice that even in a spa there are interesting wireless things going on. Recently we went to the Linsberg spa near Vienna, newly opened a couple of months ago, a place that even the old Romans would have approved of. It's a bit outside the small village of Bad Erlach and one wouldn't expect great mobile coverage there. To my surprise, however, the ground level was well covered by all but one of the wireless networks by the antennas in sight over in the village. On the lower level, things looked a bit different, the concrete walls are probably too thick for signals to make it through.

Nevertheless, Mobilkom's GSM and UMTS networks were available with full signal strength while all other networks didn't quite make it through. Quite interesting so I had a closer look around. There is an antenna on the roof of the adjacent spa hotel so the good signal could come from there. Or it is those little boxes installed throughout the building with a "Mobilkom" sticker on it (see the pictures below)?

I can't be fully certain that those are 2G/3G repeater antennas but it pretty much looks like it. So it looks like Mobilkom has seen a business opportunity in specifically covering this location. I wonder if they are 'only' providing mobile coverage or if they are also providing the infrastructure for local communication, both fixed and mobile!?

I think it would make a lot of sense to be an end-to-end telecom/Internet provider for both employees and customers at such a place. You install your infrastructure once and get paid by several user groups. But that's all speculation on my part, of course. I think there's lots one could do with that. For example: Instead of installing a separate data infrastructure and Wi-Fi access points in the hotel for those that don't yet have a 3G USB modem one could rent out dongle docks such as the D100 to guests. Also, covering meeting rooms with Wi-Fi and backhauling it over 3G saves a lot of money as well.

So, if anyone from Mobilkom (or anyone else for this matter) is reading this and would like to comment, please do.

How To Secure The BarackBerry

Some sources have started speculating if the secret service lets President Barack Obama continue to use some sort of Blackberry. The latest speculations are that he might get a Sectra Edge, a ruggedized and secured Palm Treo 750. You can find the specs here but while they are interesting, they don't (of course?) go into the details of how things are secured in practice. Tomi Ahonen over at Communities dominate brands has a good post on possible angles of attacks. I think these are quite possible for someone with time, monetary resources and a couple of infiltrators. Tomi suggests a couple of countermeasures which I think are quite interesting and I've come up with some of my own while commuting today that I thought I'd share here:

Phone identification and targeting

The first thing that needs to be done is to ensure anonymity. Today, there are two IDs in GSM/UMTS systems that can be exploited if somebody knows them and can get access to the core of the mobile network to find out the current location of the phone up to the level of the radio tower. These IDs are the International Mobile Subscriber Identity (IMSI) on the SIM card and the International Mobile Equipment ID (IMEI) of the mobile phone itself. Also, knowledge of one of the two values can also be used by someone who has access to the core of the mobile mobile network to intercept non end-to-end encrypted voice calls and Internet traffic.

To ensure anonymity these IDs should be changed in regular intervals. If I were the secret service I would get a large number of IMSI's of several network operators, get the SIM card vendor on board and devise a scheme to change the IMSI on the SIM card on a regular basis. Concerning the IMEI a changing random number would do.

Another thing I would do is to use the pool of IMSI's not only for the president but also give similar phones to his aides and other people in the government that need to communicate with him and others securely. This ensures encrypted communication. At the same time more than one IMSI of the pool is active, so its fruitless to get hold of the IMSIs of the pool as the attacker still wouldn't know which one is currently used for the president's phone.

Changing IMSI's on a regular basis has one big disadvantage: Whenever an IMSI is used for the first time it is transmitted in clear over the network. In all subsequent communication establishment requests a changing temporary id (the TMSI and the P-TMSI) is used. So an attacker could use this to try finding the president's phone by scanning the air interface for those rare IMSI based connection establishments. In addition the scanner used would have to be near the location of the phone (i.e. in the same cell) and the attacker would need the list of IMSI's used for the purpose. A very remote possibility and the attacker could not do a lot with the info anyway. A countermeasure would be to have many such phones around the president (e.g. those of his aides) doing the same thing.

Outgoing Voice calls

Both network encrypted and end-to-end encrypted calls could be directly connected to the destination. However, I would put a gateway in the middle to which all calls are sent and which then forwards them over a secured link to a second gateway which brings it back into the public network again. This way the current phone number of the president linked to the IMSI could not be seen at the other end and could also not be tracedby someone having access to the public network.

Incoming Voice calls

A bit more tricky as other persons don't know the presidents current phone number. Again, a gateway would help which knows the current number of the president. It could be informed via an encrypted data connection by the phone itself of the current phone number (see below).

Getting to the Microphone and Camera

Every now and then one can find reports that hackers can get access to the microphone of a phone by giving it a secret hidden call. It might work or not with some public phones but not with one that was inspected by the NSA. Also, frequently changing IMSI's should prevent anyone from knowing which number to call.

GPS Positioning

By controlling the operating system itself and the applications that run on the smartphone it can be ensured that even if the phone has a GPS the coordinates are not smuggled out. Not a big issue here.

Internet connection

I'd only allow a "full tunnel" solution, i.e. everything goes through an encrypted tunnel to a gateway and only from there to the Internet. The tunnel termination on the network side must be well protected, of course, but I think the people working at Ford Meade know how to do that.

Smartphone viruses

With a customized OS version I would ensure that applications can't be installed and that all applications running on the phone have no hidden weaknesses and backdoors. Not trivial but I am sure it could be done with a tiny fraction of the NSA's budget.

E-Mail

The e-mail client must of course be able to use strong end-to-end authentication and encryption, and authentication and encryption for transmission to the server itself. Needless to say that the server should be well secured.

Web surfing

To prevent bad things in web pages harming the smartphone I would run all communications via a secured and monitored web proxy. No direct contact with the Internet for the web browser. Another benefit of the proxy is to anonymize the traffic.

And the rest

I'd block all other Internet traffic from or to the phone to ensure that the e-mail client and the web browser are the only applications that can communicate with the outside world. Also, I'd give the TCP/IP stack a very hard look to ensure no buffer overflows from malformed packets can cause any harm.

Lot's of stuff to be done to secure such a phone, no question about that. But I guess the president of the United States is not the only person requiring air tight security so the cost can be split. Also I would be very surprised if a lot of this infrastructure is not already in place. Like all security measures, securing the BarackBerry is a cat and mouse game and not a one shot operation. I am sure the list above is far from complete. Further ideas?