2. conventional networks 2.3 cellular networks
DESCRIPTION
2. Conventional networks 2.3 Cellular networks. Overview Network capacity Security: the Lin-Harn protocol Billing. Prof. JP Hubaux. The Public Switched Telephone Network (reminder). Transit switch. Transit switch. Transit switch. Long distance network. Local switch. Local - PowerPoint PPT PresentationTRANSCRIPT
1
2. Conventional networks2.3 Cellular networks
Prof. JP Hubaux
• Overview• Network capacity• Security: the Lin-Harn protocol• Billing
2
The Public Switched Telephone Network (reminder)
Localswitch
Localswitch
Transitswitch
Outgoingcall
Incomingcall
Transitswitch
Transitswitch
Long distance network
- Transfer mode: circuit switching- all the network (except part of the accessnetwork) is digital- each voice channel is usually 64kb/s
3
Trunk Dimensioning in the Telephone Network (reminder)
Trunk with N channels;each channel carries a traffic of
Virtuallyinfinitesources
A: offered traffic
B: blocking probability (*)
(*): the blocking probability is defined as the probability of an incoming call to be rejected, because all N channels are already occupied.
Assumptions:• Loss system: calls are dropped if they cannot be immediately accepted• The sources are independent from each other• The time between call arrivals is drawn from an exponential distribution
B A
N Ai
N
i
i
N FHGIKJ! !0
Erlang formula:
Output utilization:
1 B AN
b g calls/s * seconds/call (Erlang),
where represents the duration of calls
A E X
X
4
Principle of the basic call (reminder)Callingterminal Network
Calledterminal
Off-hook
Dial tone
Dialing
Ring indication Alert signal
Off hookRemove ring indication
Bi-directional channel
On hook
Billing
On hook signal
Resource allocation
Translation + routing
Conversation
5
Basic architecture of a cellular network
ExternalNetwork
Cellular network
Mobilestation Base
stationMobile
switchingcenter
Server(e.g., Home Location
Register)
6
Registration
Tuning on the strongest signal
Term. Nr: 079/4154678
7
Service Request
079/4154678079/8132627 079/4154678
079/8132627
8
Paging broadcast
079/8132627?079/8132627?
079/8132627?
079/8132627?
Note: paging makes sense only over a small area
9
Response
079/8132627
079/8132627
10
Channel Assignment
Channel47
Channel47 Channel
68
Channel68
11
Conversation
12
Handover (or Handoff)
13
Message Sequence Chart
CallerBase
StationSwitch Base
Station Callee
Periodic registration Periodic registration
Service request Service request
Ring indicationRing indication
Page requestPage requestPaging broadcast Paging broadcast
Paging responsePaging response
Assign Ch. 47Tune to Ch.47
Assign Ch. 68 Tune to Ch. 68
Alert tone
User responseUser responseStop ring indicationStop ring indication
14
Peculiarities of Personal Communication Systems (PCS)
Mobility User location ==> periodic registration and/or paging Moving form a cell to another ==> handoff procedures Moving from one network to another ==> roaming
Ether Multiple users per cell ==> access technology (FDMA, TDMA,
CDMA) Channel impairments ==> coding, error detection,
retransmission, forward error correction Bandwidth ==> channel reuse, signal compression, efficient
modulation and coding Privacy and security ==> encryption
Energy Limited autonomy ==> power control, discontinuous
transmission
15
Services offered by current PCS
Telephony services (including voice mail, call transfer,…)
Short message services Voiceband data and fax Packet switched data (e.g., GSM/GPRS, CDPD) Closed user groups Telemetry
16
Relevant service features (user perspective) Terminal characteristics (weight, size, robustness, price) Battery life / autonomy Modes of operation of the terminal (as a cellular phone, a cordless phone, with a
satellite,…) Service price Range of services Coverage area (of the home network + roaming agreements) User environment while roaming User interface: ease of use, programmability Call blocking (service denial) Call dropping Setup time Transmission quality (error rate, signal to distortion ratio, delay) Maximum speed of the terminal Authentication technique Privacy Confidentiality Secure billing Radiated power
17
Operator perspective
Spectrum efficiency Cell radius Infrastructure cost Deployment timing and adaptability Roaming agreements Resistance to fraud Non repudiability of bills …
MHzcellsonsconversatiE
18
Air interface
Messages
Logicalchannels
Radio link
Messages
Logicalchannels
Radio link
Packets
Messages
Bits
Structure, content
Packet structure, error detection/retransmissionTopology: one to one
one to many (e.g., synch signals)many to one (e.g., service request)
Multiple access (e.g., CDMA, TDMA, FDMA)Duplex (e.g., Frequency Division Duplex - FDD)Modulation, source coding, channel coding,interleaving, diversity reception, channel equalization
Terminal Base Station
19
2. Receive the ID of the LA3. Compare with stored ID4. If different, update and ask for registration
User Tracking: Geographic-based Strategy
Location area 1 (ID = 1) Location area 2 (ID = 2)
• All base stations within the same LA periodically broadcast the ID of the LA• Each user compares its last LA ID with the current ID, and transmits a registration message whenever the ID is different• When there is an incoming call directed to a user, all the cells within its current LA are paged
1. Change LA
5. Inform the HLR of the new LA ID of the end user
20
Cellular networks• The area to be covered is tesselated in a (usually large) number of cells• There is usually one antenna per cell• A mobile communicates with one (or sometimes two) antennas• Antennas are controlled by Mobile Switching Centers (MSC)• Cells are usually represented by hexagons, although the real shape can be quite variable• In all systems, cells interfere with each other• To increase the capacity of the network, the usual technique consists in increasing the number of cells
21
Frequency reuse
F3F4
F5
F2F7
F6F1
F3F4
F5
F2F7
F6F1
F3F4
F5
F2F7
F6F1
• Cells with the same name use the same set of frequencies
• In this example, the cluster size N = 7
• In order to tesselate, the geometry of hexagons is such that N can only have values which satisfy: N = i2 + ij + j2 with i = 1, 2,… and j = 1, 2,…
• Channel assignment strategies:• fixed: each cell is allocated a predetermined set of voice channels• dynamic: each time a call request is made, the serving base station requests a channel from the MSC
22
Handover: principle
BS1 BS2
A B
time
Receivedsignallevel
Level at point B
Level at which handover is made(call properly transferred to BS2)
23
Decibels (reminder)
100
0
The decibel is used to express a power ratio:
10.log
where P is the reference power level and P is the power level at the considered point of the system.Example: if the transmission power
PBP
0
10
P is 10W and the received power Pis 0.1W, the loss is 10log (1/100) 20 .
A decibel (dB) expresses a ratio. An absolute value can be expressed indecibels relative to 1 Watt (dBW) or (more frequent
dB
10
ly) in decibels relativeto 1 mW (dBm).
The latter is expressed by: 10.log1
PPmW
24
Handover strategies The handover power level must be carefully chosen:
If too small: risk of superfluous handovers If too high: risk of losing the call due to weak signal conditions
Dwell time: time during which a call is maintained in the same cell (hence without handover)
Mobile Assisted Handover (MAHO): every mobile measures the power from surrounding base stations and report these measurements to the serving base station. A handover is initiated if the power of the signal received from another station exceeds the one of the serving one by a certain threshold for a certain amount of time.
Inter-system handover: when changing network Prioritising handovers over new calls; 2 methods:
Guard channels (spare channels in each cell) Queuing of handover requests
Coping with stations moving at very different speeds (e.g., cars vs pedestrians): umbrella cells
Typical values for GSM handover: threshold between 0 and 6 dB, execution time of around 1 to 2 seconds
Soft handover: in the case of CDMA
25
Interference and system capacity
Possible sources of interference: Another mobile in the same cell A call in progress in a neighboring cell Other base stations operating in the same frequency band Any noncellular system which inadvertently leaks energy
into the frequency band Consequences of interferences:
On data channel: crosstalk (voice), erroneous data (data transmission)
On control channel: missed calls, dropped calls 2 major types of system-generated interference:
Co-channel interference (same frequency), see hereafter Adjacent channel interference (adjacent frequency)
26
Co-channel interference (1/4)
0
1
Co-channel reuse ratio:
3
Signal-to-interference ratio (SIR):
where is the desired signal power from the desired base station, is the interference power caused by the ith interferin
i
ii
i
DQ NR
S SI
I
S I
0
00
00
g co-channel base station and is the number of co-channel interfering cells.Average received power at a distance d from the transmitting antenna:
or
(dBm) (dBm) 10 log
r
r
r
iP
dP Pd
dP Pd
0 0where is the power received at a small distance from the transmitting antenna, and is the path loss exponent.
P d
27
Co-channel interference (2/4)
0
1
If the transmit power of each base station is equal and is the samethroughout the coverage area:
Considering only the first layer of interfering cells (and assuming their centers are
i
ii
S RI D
0 0
all at distance Dof the considered base station):
3( ) NS D RI i i
28
Co-channel interference (3/4)
A
R
D-R
D-R
D
D+R
D+R
D
First tier of co-channel cells for a cluster size of N=7Note: the marked distances are approximations
29
Co-channel interference (4/4)
Approximation of the signal-to-interference ratio at point A:
2( ) 2 2( )Thus:
12( 1) 2 2( 1)
Numerical example:If 7 and 4, then 4.6 and / 49.56 17.8
S RI D R D D R
SI Q Q Q
N Q S I dB
30
Capacity of cellular networks (1/2)
We consider the downlink channel interference.Assume the mobile to be located at the edge of the cell,and consider only the interference of the 6 closest cells.We want C/I to be greater than a given m
0
min
min
1
1/
min
inimum /
Then we need:
16
As / , we get:
6
i
ii
C I
S R R CI D ID
Q D R
CQI
31
Capacity of cellular networks (2/2)
t
c
2
/ 2min
Radio capacity of a cellular network:
radio channels/cell
where B is the total allocated spectrum for the systemand B is the channel bandwidth.
As Q= 3N, we get:
63 3
t
c
t t
c c
BmB N
B BmQ CB B
I
2/
Techniques to improve capacity:• Cell splitting• Sectoring
32
Capacity of cellular CDMA
The capacity of CDMA is interference limited, while it is bandwidth limited in TDMA and FDMA.
Techniques to reduce interference: Multisectorized antennas Discontinuous transmission mode (takes advantage of the
intermittent nature of speech); duty factor typically between 3/8 and ½.
Power control: for a single cell, all uplink signals should be received approximately with the same power at the base station
33
Capacity of cellular CDMA: single cell case (1/2)
b
0
N: number of usersS: power of the signal received at the base station from a single user
1( 1) 1
Energy-to-noise ratio:E / /N ( 1)( / ) 1where R is the bitrate and W is the available ban
SSNRN S N
S R W RN S W N
b
0
0
dwidth.Taking the thermal noise into account:E /N ( 1) ( / )Thus the number of users that can access the system is:
/1 - /S/b
W RN S
W RNE N
34
Capacity of cellular CDMA: single cell case (2/2)
´ ´0 0 0 0
´0 0
b´0
With antenna sectorization, becomes , with
For example, with 3 antennas covering 120 each:13
: duty cycle of voice: number of users per sector
E /N ( 1) ( / )If the number o
o
s
s
N N N N
N N
NW R
N S
´0
f users is large and noise is neglected:
1 /1sb
W RN EN
35
Capacity of cellular CDMA: multiple cells case (1/3)
B0
B6
B5
B4
B3
B2
B1
0
0
0
0
controls the transmit power of each of its own in-cell users,but not the power of users in neighboring cells.Frequency reuse factor on the uplink:
where is the total interference po
i aii
B
NfN U N
N
wer received from the-1 in-cell users, is the number of users in the ith adjacent
cell, and is the average interference power for a userlocated in the ith adjacent cell.Average received power
i
ai
N UN
from users in an adjacent cell:/
where is the power received at the base station of
interest from the the th user in the th cell.
ai ij ij
ij
N N U
N
j i
36
Capacity of cellular CDMA: multiple cells case (2/3) Concentric circular geometry
d0
Consideredcell
R
2R+d02R-d0
3R
2d0
Adjacent cell
number of wedge-shaped cells of the firstsurrounding layer of cells
Aarea of the firstsurrounding layer
A1 = M1 A
To let all cells have thesame size A, we must have:M1 = 8 = 450
By recursion, for the ith layer:Ai = i8Ai = /4i
Firstsurroundinglayer
37
Capacity of cellular CDMA: multiple cells case (3/3)
d0
R
2R+d0
2R-d0
3R
Innersublayer
Outersublayer
d
d’
0
0
22 20
22 20
0
For the inner sublayer:
' sin 2 cos for (2 1) (2 )
For the outer sublayer:
' sin cos 2 for (2 ) (2 1)
Interference power at B from the th subscriber of
d d Ri d d i R d i R d
d d d Ri d i R d d i R
j
0, , 0 0 0 0
the th cell :
( , , ) ( '/ ) ( / )
In practice, the frequency reuse efficiency for CDMA is in the order of 0.3 to 0.7 (as a comparison, in the case of FDMA with cluster size = 7, = 1/7)
i j
i
P r d P d d d d
f
f
.
38
Roaming: principle
Roaming agreement
Subscriberdatabase
(IDs,keys,
bills,…)
Home network
Subscriberdatabase
(IDs,keys,
bills,…)
Visited network
User
39
Roaming: architecture
Servicelogic
HomeLocationRegister
BaseStation
Servicelogic
VisitingLocationRegister
BaseStation
PSTN + Data Network
HomeNetwork
VisitedNetwork
40
Security of cellular networks
Mobile station Base station/ Home network Foreign network
• Eavesdropping, traffic analysis• Maskerade as: - Mobile station (e.g. for fraudulent usage) - Base station • Denial of service
• Misuse of a stolen terminal• Tamper with the crypto information (e.g., cloning)• Repudiation of service usage
• Unveiling crypto information of the user• Unveiling identity/location of the user
• Unauthorized access to data• Threats to integrity• Denial of service• Repudiation• Unauthorized access to services
41
The Lin Harn protocol
Purpose: provide security in case of roaming mobile users
Protect the mobile user, the visited network and the home network
In particular: Protect the identity of the mobile user Avoid unveiling cryptographic material to the visited
network, which it could use (or an attacker could use) against the will of the mobile user.
42
The Lin Harn protocol: requirements
Security requirements Caller ID confidentiality: the identity of the user should be
hidden, including to the visited network Non-repudiation of service (e.g., the mobile user should not
be able to deny the usage of service) Shared secret key between the mobile and the visited
network, renewed for each session Implementation requirements
Limited computing power of the mobile station time-consuming public key cryptographic techniques should be avoided
Validation delay the number of interactions between the mobile station, the visited network and the home network should be limited
43
The Lin Harn protocol: mobile station registration
( , ( ), ), ,H MHPK K B M BE M E N N N H
Mobile M Base station B(visited network)
HomeNetwork H
BN
( , ( ), ), ,H MHPK K B M BE M E N N N H
0 1, , ,...,M mk N c c
Allocate a temporaryidentity Mt to M( , , )
ok t M BE M N PK
Initial shared key KMH
0
1
1
2( , 1( ( ), )), 1,...,
1( , )2( , )3( )
MHMH K B M
i MH i
i i i
i i
k h K h E N N i m
r h K kk h k rc h r
44
Computation of the parameters
KMH
EKMH(NB)
NM h1 h2
k0
h1
r1
h2
k1
h1
r2
h2
k2
h1
rm
h2
km
h1, h2: one-way keyed hash functionh3 : one-way hash functionci : session key of the ith session
h3 c1 h3 c2 h3 cm
45
The Lin Harn Protocol: Mobile Station Origination Protocol
Mobile M Base station B(visited network)
( , )BPK t iE M r
( )ik iE r
• Check that h3(ri)=ci • Set the session key to ci
• Compute ki= h2(ki-1, ri)
This protocol is activated for each call request made by the mobile
• Check that h3(ri)=ci • Set the session key to ci
• Compute ri= h1(KMH, ki-1)
46
The Lin Harn Protocol: analysis
Security The subscriber can prove itself by presenting the ri’s to the
visited network; knowing the checking values ci’s, the visited network can verify the legitimacy of the subscriber
The identity of the mobile user is protected Security parameters of the mobile user (stored at the visited
network) are protected Non-repudiation: by demonstrating the possession of the
ri’s, the visited network can prove that the service has been used
Performance Small number of exchanged messages The computational effort on the mobile side can be limited;
e.g., encryption with the public keys PKH and PKB can be
based on the low-exponent of the RSA algorithm: 3.
47
Billing in mobile networksExample Scenario
Informationserver
Backbone network
1. Technical view:
2. Business view:
User
Access NetworkOperator
Backbone NetworkOperator
InformationService Provider
Service provisionPayment
Trust
48
Business model
> 1 Bpotential
users
1 M +connectivity
and informationservice
providers
Privacy?Authentication?
Payment and billing?User customization?National regulations?Disputes (bankrupts,
order or usage repudiations,…)?
49
The customer care
User
Customercare
agency
Cellular network operators
Long distance network operators
Satellite network operators
Information service providers
50
Requirements
Customer care agency
User
Service provider
R1: Free choice of the customer care agency
R2: Protection of user’s privacy (anonymity)
R3: Agreement on tariff at session setup
R4: Very small amounts supported
R5: Continuous information about cost
R6: accurate andnon repudiable bill
R7: Future-proofmechanism
51
Facts and problems Facts
growing number of mobile users (> 1 billion in the near future) growing number of service providers (~ millions in the near future)
• basic communication services (connectivity)• value-added services (information services)
Problems lack of trust
• service providers do not trust users– illegitimate service usage (fraud)– denial of service usage
• users do not trust service providers– leaking of information related to service usage (monitoring of
users’ activity)– incorrect charging
scalability• on-line cross-domain authentication
52
Customer Care Agency Vs Service Provider- selects / recommends service providers for its users- handles payments on behalf of its users- protects user privacy- prevents / resolves conflicts- provides personal customization- etc.
- control- business agreements
- specialization- control- reputation- separation of concern
53
Operating principle
1. request 6. ticks
3. ticket
4. ticks
7. payment
User
Customer care agency
Service provider5. service
2. generate ticket
off-line
on-line
54
Initial situation
Customer care agency (A)
User (U)Service provider (S)
Long-t
erm ke
y KUA
Knows PKS
Knows PKA
Business agreement
55
Ticket acquisitionCustomer care agency
User
Service provider
Ticket
Header
n Ti
c ks
1
( )0( )
( , , mod , )U
A
nn
an UPK
c g c
T Sig sn c p PK
10 0( , , , , )
UAK U UE T c a PK rnd
0
1
: freshly generated random seed: freshly generated random number
: one-way function: serial number of the ticket and : publicly known
: secret D-H parameter
: private key of the agencyU
A
crndgsn
pa
PK
PK
1: private key of the userU
0Request ( , )Uid rnd
56
Ticket usage (setup)Customer care agency
User
Service provider
Ticket
Header
n Ti
c ks
modSa p
11 ,Servi ( , , mod , )ce request: U
A
an UPK
rnd T Sig sn c p PK
2 1Tariff proposa ,: )l , ( , ,rnd tf h tf k rnd
-1U
2PK SigCommitment to tari f ( ,f : , )sn tf rnd
( ) modS Ua ak p
( ) modU Sa ak p
: tariff: session key : one-way hash function
tfkh
57
Ticket Usage (service provision)
d
cn-dcn-d = g(n-d)(c0)
g(d)(cn-d) = cn ?
Customer care agency
Service provider
Ticket
Header
Userd ticks
d: price of the first piece of service (expressed in ticks)
User
Ek(service)
58
Clearance and billing
Bill (afteraggregation)
Customer care agency
User Service provider
User
1 -1U
2PKSig (Sig ( , , ), )
SlPK
sn tf rnd c
Check consistency With Ticket T
Payment (afteraggregation)
59
Trust and scalability
Trust access to services is based on anonymous tickets the customer care agency can link tickets to real
identities the service provider is always authenticated potential loss due to incorrect charging or to denial of
payment is very low (ticket slicing)
Scalability no on-line cross-domain authentication interaction with the customer care agency is removed
from the critical path (off-line)
60
Further advantages
Separation of roles the customer care role is factored out from service providers
Gradual deployment at the beginning, the customer care role can be played by
service providers later, other organizations (e.g., credit card organizations) are
expected to play the customer care role Efficiency
expensive operations are off-line mobile users have a stationary agent in the fixed network
Flexibility very short term relationships between users and service
providers
61
Some (unavoidable?) disadvantages
Centralized solution the customer care agency can be a
bottleneck and single point of failure; it is therefore an ideal target to attack
Complex (cryptographic) protocols Infrastructure customer care agencies
Commonly deployed mechanisms standardized protocols for tickets
62
Conclusion on billing
Problem: lack of trust, scalability problems in future mobile networks
Solution: new business role: customer care agency ticket based access to services
Features: solves the trust and scalability problems clear separation of roles gradual deployment efficiency and flexibility requires complex, standardized protocols and infrastructure centralized solution
63
General conclusion on cellular networks
Huge technical problem Physical layer barely considered in this course We have addressed network capacity, security and
billing System aspects not covered in this chapter:
MAC layer traffic analysis network dimensioning
64
References
About cellular networks in general: S. Tabbane: Handbook of mobile radio networks
Artech House, 2000 About the capacity of cellular networks:
T. Rappaport: Wireless Communications, 2nd edition, Prentice Hall, 2001
About security in cellular networks: H. Lin, L. Harn: Authentication protocols for personal communication
systems. SIGCOMM’95 About billing:
L. Buttyan and JP Hubaux: Accountable Anonymous Service Usage in Mobile Communication Systems. Workshop for Electronic Commerce (WELCOM), Oct. 1999 (available at lcawww.epfl.ch)
M. Peirce and D. O’Mahony: Flexible Real-Time Payment Methods for Mobile Communications. IEEE Personal Communications, Dec. 1999