Ericsson And Telstra Experiement With 200 km UMTS Cell Range

In this press release Ericsson and Telstra (Australia) report that they have successfully tested a range update of Telstra’s W-CDMA UMTS/HSDPA network operating in the 850 MHz band to support cell ranges of up to 200 km. The press release says that downlink speeds of 2.3 MBit/s were achieved over this distance.

It would have been nice if the press release would have gone a bit more into the details of how this was achieved as that sort of range and speed can not be achieved with the typical cell site on a rooftop transmitting at 10 watts and a standard mobile phone in the hands of a user. It is more likely that a base station with high transmit power on an elevated position like a hill was used in combination with a stationary handset, power amplifier and directional antenna.

It would also have been interesting to hear some details from Telstra on where they plan to deploy this. Australia is a big country so I guess there is quite an opportunity this way to bring high speed internet to people living far away from cities where broadband Internet is available either by conventional UMTS coverage, DSL or cable. Also, this offers interesting opportunities to cover ship routes along costs.

The technical background: Looks like this is the result of Ericsson’s recent Release 7 work item in 3GPP on "Extended WCDMA Cell Range up to 200km" which was reported to completed in December 2006 in TSG#34. According to the work item, a Node-B (base station) so far was only able to report propagation delays on the random access channel in the order of 768 chips, or a range of about 60 km. The work item description further says that changing this parameter in the radio network has no impact on currently deployed terminals, hence, the measure is backwards compatible.

Note that for conventional network deployment scenarios, being able to report propagation delays for the random access channel of up to 60 km is more than enough given the fact that due to capacity reasons and propagation in urban environments, UMTS cells are usually spaced just 2 km or even less apart.

Cryptophone: End to End Encryption for Voice Calls

Cryptophone
I’ve known for some time that there are special mobile and fixed line phones out there which can encrypt calls from end to end. I recently met Dr. Björn Rupp, CEO of GSMK, a company developing such phones. While probably not of much interest for the average person, there are a lot of people out there from politicians, police, top level managers, etc. who want to be sure their call is not intercepted. Not by the government, not by a secret service, not by tech savvy reporters or nosy mobile phone company employees. All these people can get access to normal mobile calls as the only interface over which the call is encrypted is between the mobile phone and the base station (GSM) or the radio network controller (UMTS). Over all other interfaces, the call is sent without any encryption and core networks even contain standardized interfaces for law enforcement agencies to tap into calls.

The phones developed by GSMK encrypt calls end to end by establishing a data connection between the two ends instead of a normal voice call and then use a strong encryption algorithm to ensure eavesdroppers have no chance. Dr. Rupp’s business card is also the first one I’ve ever seen which contains his PGP key ID and fingerprint. Also, they’ve published the source code of their encryption algorithm on their website, so no security through obscurity. Cool stuff, I am impressed!

3G Licensens Of T-Mobile U.S. Are Incompatible With The Rest Of The World Today

UMTS is operated on the 2.1 GHz band (or UMTS operating band I) pretty much everywhere around the globe. The U.S., however, is a special case. There, the band is already occupied for other uses. Thus, operators are using the 1900 MHz band both for 2G and 3G wireless (UMTS operating band II) and in addition the 850 MHz band (operating band V), again both for 2G and 3G. It looks like T-Mobile ran a bit out of luck when it came to 3G as they had to resort to a frequency band which is not used by anyone else so far.

During FCC frequency auctions last year, T-Mobile received frequencies in the what seems to be the new 1700/2100 MHz band (UMTS operating band IV). Here’s a report from Unstrung that describes this detail. The 1700 MHz part is used for the uplink while the 2100 MHz part of the spectrum is used for the downlink (network to mobile). I guess this is a bit confusing because speculations have been going on if T-Mobile will be compatible with UMTS devices sold in the rest of the world in the areas where they deploy 2100 MHz. Well no, they are not because the 2100 MHz part is just the downlink part of their spectrum. The uplink is on 1700 MHz and not on 1920-1980 MHz as for UMTS operating band I devices.

3gfrequencybands_2
Here’s the table of UMTS operating bands from the standards (3GPP TS 25.101). Take a look on line 4. The frequency ranges match with those in the Unstrung report about the auction I linked to above.

Therefore be careful! Some people are saying that T-Mobile U.S. uses 2100 MHz but it is slightly off the European band. Well, that’s not accurate. The 2100 MHz portion is inside the frequency range used in the rest of the world. The uplink however, is totally off mark.

I am not sure if T-Mobile U.S. will be happy with these frequencies both long and short term. Not even the latest and greatest data cards supporting multiple UMTS bands like the Globtrotter from Option supports band IV today. Also, I wonder if the band will be used in other regions of the world in the future. If not, T-Mobile might have a big problem with 3G handset vendors as the market for band IV devices will be quite small. Also, the use of yet another frequency range for 3G in the U.S. will fracture the market even more.

MEX 2007 – The Different Mobile User Experience Conference

Mex
The 3GSM Congress 2007 is over but the year continues to provide interesting meeting and discussion opportunities in real life for people working in the mobile industry. London is not only attractive for it’s monthly Mobile Monday gatherings but also for Symbian’s Smartphone Show and the Mobile User Experience Conference (MEX) which will take place on the 2nd and 3rd of May at the Wallacespace near Covent Garden.

It seems this conference is different for a number of reasons. Firstly, the conference has a 10 point ‘manifesto’ which deals with the current state of the mobile user experience and how the organizers around Marek Pawlowski think it can be improved. No beating around the bush, they come right to the point. The manifesto was then given out to potential speakers of the conference for them to choose one of these topics to kick off discussion from their point of view during the conference.

The speaker lineup is very interesting indeed as well. Christian Lindholm for example, one of my favorite ‘mobile’ personalities, formerly director at Nokia and serving as a VP at the mobile division of Yahoo for some time will lead a session on how mobiles and applications should adapt to changing physical environments of the mobile user. Among others, the speaker lineup also includes Cliff Crosbie, Director of Retail Marketing at Nokia, Al Russell, head of Mobile Internet & Content services at Vodafone, Mathew Menz, Head of Interaction Design of Motorola and Antti Ohrling, co-founder of Bylk.

The venue itself is also quite interesting. Instead of a standard conference place, the organizers have selected Wallacespace, which, judging from the pictures on their web space, is quite comfortable and very much different from normal conference places. I am quite thrilled about the whole lineup so if my daytime job allows, I’ll attend.

Not the dumb little cousin of the Internet

Every now and then I see a presentation or read a piece on something and I think "yeah, he/she’s so right". It happened to me again this evening when I found "Mobile the 7th mass media is to internet like TV is to radio" by Tomi T. Ahonen over at Communities Dominate Brands. I you haven’t seen it so far take a look, it’s a real eye opener on why the mobile Internet does not only include all benefits of print media, audio and video recordings, the TV and the Internet but far surpasses them due to it’s unique capabilities.

He goes on to explain that developers should not aim at improving and creating new services to make the mobile Internet experience resemble the desktop Internet as close as possible. The is because the mobile is "Not the dumb little cousin of the Internet" as Tomi puts it. Instead, he argues that developers should use the mobile’s advantages such as it’s close relationship to it’s user, it’s unique identity, that it’s always on and always carried, that it has instant payment possibilities and it’s instantaneous support of the users creative impulses as guides and opportunities to create new services. Truly a masterpiece!

It’s good to see some companies have already understood this concept as mobile’s such as the Nokia’s NSeries phones, Sony Ericsson UIQ phones and others are great platforms to base such ideas on. The best phones, however, are no good if operators hide inside their walled gardens. But some of them have already understood and are embracing the future rather than to fight against it. Shining examples in recent months are Three with their free international roaming, German MVNOs offering prepaid mobile Internet access for a fair price to the masses, and operators such as One in Austria who have started selling high volume wireless Internet access for fair prices as well.

“European” 3G Phones Now Also Usable In South Korea

Until recently, European travelers to South Korea could not use their mobile phones due to incompatible wireless standards. Recently, however, KTF and SK Telecom have chosen to change standards and are now deploying UMTS/HSDPA networks (see here and here).

To use these networks with "European" UMTS phones, two other things need to be in place. First, these networks must be deployed in the 2.1 GHz frequency band, which is the band supported by European UMTS phones. Second, the home operator must have a roaming agreement with at least one of the operators that are deploying HSDPA networks.

Looks like all three things came together for a colleague of mine who traveled to South Korea recently. He’s a subscriber with T-Mobile Germany and was able to use KTF’s UMTS/HSDPA network without any trouble with his Nokia E-60 3G phone. Funnily enough, T-Mobile lists KTF still as CDMA network in their roaming data base.

Similarly in Japan, foreign visitors from Europe can now also use their 3G phones since NTT-DoCoMo and Softbank (former Vodafone K.K.) both operate UMTS/HSDPA networks in the 2.1 GHz band. Not many places on earth now anymore with a wireless network in range where a GSM/UMTS phone can not be used. For a world wide overview of GSM/UMTS coverage, take a look here.

Deep Inside the Network: Wifi Authentication with EAP-SIM

In a previous post, I’ve been looking at how authentication is performed in WPA enabled Wifi networks. A growing number of GSM and UMTS devices now also include Wifi as an alternative access technology and if cellular operators decide to run Wifi hotspots, a convenient way must be found to authenticate these hybrid devices there as well. A number of different solutions exist but most of them require the user to input information. To remove this user interaction, an authentication method now known as EAP-SIM was recently specified in RFC 4186. With EAP-SIM, user interaction is no longer required when the device registers to the Wifi network, as all required authentication information is taken from the SIM card. Here is how it works:

Small_eap_sim_authentication
EAP-SIM uses the same authentication framework as described for WPA personal and enterprise authentication. The figure on the left shows the messages exchanged between the mobile station and the authentication server via an EAP-SIM capable access point during authentication. After the Wifi open system authentication and association, the access point starts the EAP procedure by sending an EAP Identity Request to which the mobile device has to respond to with an EAP Identity Response message. The identity returned to the network in this message is composed of a identity type identifier, the IMSI (International Mobile Subscriber Identity), which is taken from the SIM card, and an operator specific postfix. Alternatively, the mobile device can also send a temporary identity (pseudonym) which has been agreed with the network during a pervious authentication procedure. The pseudonym is similar to the TMSI (Temporary Mobile Subscriber Identity) used in GSM networks but has a different format and is used to hide the subscriber’s real identity from eavesdroppers.

In the next step, the network sends an EAP SIM Start request which contains a list of different versions of supported EAP SIM authentication algorithms. The client device selects one of the algorithms it supports and sends an EAP SIM Start response message back to the network. This message also contains a random number which is used for a number of subsequent calculations on the network side in combination with a secret (the Kc) which is shared between the mobile device and the network. This way the network is also able to authenticate itself to the client.
At this point the authentication server in the network uses the subscriber’s IMSI to request authentication triplets from the GSM/UMTS Home Location Register (HLR) / Authentication Center (AuC) (cp. e.g. Chapter 1.6.4 of my book). Two or three GSM random values and GSM ciphering keys returned by the HLR are then used to generate EAP SIM authentication keys, EAP SIM encryption keys and other values required for the EAP-SIM authentication process. These are sent in encrypted form together with the two or three GSM random values in plain text to the client device in an EAP SIM Challenge request to the mobile device.

The mobile device then uses the GSM random values received in the message and forwards them to the SIM card. The SIM card then generates the GSM Signed Response and GSM ciphering keys which used afterwards to decipher the EAP SIM parameters received. If those values are identical to the values used by the network, the mobile device is able to send a correct response message which is then verified on the network side. If verification was successful an EAP Success message is returned and the client is admitted to the network.

Small_eap_entities
The second figure on the left shows the different devices and protocols used during authentication. On the left side the mobile client sends its EAP messages via the EAPOL protocol. For the messaging between the access point and the authentication server, the RADIUS protocol can be used. The authentication sever finally communicates with the HLR/AuC via the SS-7 circuit switched signaling network and the Mobile Application Part (MAP).

Currently, only few Wifi hotspot networks run by cellular operators support EAP-SIM authentication. One that does already, however, seems to be the hotspot network run by Swiss Mobile, as they announce it as part of the network name and also sell EAP-SIM compatible combo GPRS/UMTS/Wifi cards.