640 likes | 793 Vues
2. Conventional networks 2.3 Cellular networks. Overview Network capacity Security: the Lin-Harn protocol Billing. Prof. JP Hubaux. The Public Switched Telephone Network (reminder). Transit switch. Transit switch. Transit switch. Long distance network. Local switch. Local
E N D
2. Conventional networks2.3 Cellular networks • Overview • Network capacity • Security: the Lin-Harn protocol • Billing Prof. JP Hubaux
The Public Switched Telephone Network (reminder) Transit switch Transit switch Transit switch Long distance network Local switch Local switch Incoming call Outgoing call - Transfer mode: circuit switching - all the network (except part of the access network) is digital - each voice channel is usually 64kb/s
Trunk Dimensioning in the Telephone Network (reminder) Trunk with N channels; each channel carries a traffic of Virtually infinite sources B: blocking probability (*) A: offered traffic Erlang formula: Output utilization: • Assumptions: • Loss system: calls are dropped if they cannot be immediately accepted • The sources are independent from each other • The time between call arrivals is drawn from an exponential distribution (*): the blocking probability is defined as the probability of an incoming call to be rejected, because all N channels are already occupied.
Principle of the basic call (reminder) Calling terminal Called terminal Network Off-hook Resource allocation Dial tone Dialing Translation + routing Alert signal Ring indication Off hook Remove ring indication Bi-directional channel Conversation On hook On hook signal Billing
Basic architecture of a cellular network Server(e.g., Home LocationRegister) External Network Mobilestation Basestation Mobileswitchingcenter Cellular network
Registration Term. Nr: 079/4154678 Tuning on the strongest signal
Service Request 079/4154678 079/8132627 079/4154678 079/8132627
Paging broadcast 079/8132627? 079/8132627? 079/8132627? 079/8132627? Note: paging makes sense only over a small area
Response 079/8132627 079/8132627
Channel Assignment Channel 47 Channel 47 Channel 68 Channel 68
Message Sequence Chart Periodic registration Paging response Paging response Tune to Ch. 68 Assign Ch. 68 User response User response Stop ring indication Stop ring indication Base Station Base Station Switch Caller Callee Periodic registration Service request Service request Page request Page request Paging broadcast Paging broadcast Assign Ch. 47 Tune to Ch.47 Alert tone Ring indication Ring indication
Peculiarities of Personal Communication Systems (PCS) • Mobility • User location ==> periodic registration and/or paging • Moving form a cell to another ==> handoff procedures • Moving from one network to another ==> roaming • Ether • Multiple users per cell ==> access technology (FDMA, TDMA, CDMA) • Channel impairments ==> coding, error detection, retransmission, forward error correction • Bandwidth ==> channel reuse, signal compression, efficient modulation and coding • Privacy and security ==> encryption • Energy • Limited autonomy ==> power control, discontinuous transmission
Services offered by current PCS • Telephony services (including voice mail, call transfer,…) • Short message services • Voiceband data and fax • Packet switched data (e.g., GSM/GPRS, CDPD) • Closed user groups • Telemetry
Relevant service features (user perspective) • Terminal characteristics (weight, size, robustness, price) • Battery life / autonomy • Modes of operation of the terminal (as a cellular phone, a cordless phone, with a satellite,…) • Service price • Range of services • Coverage area (of the home network + roaming agreements) • User environment while roaming • User interface: ease of use, programmability • Call blocking (service denial) • Call dropping • Setup time • Transmission quality (error rate, signal to distortion ratio, delay) • Maximum speed of the terminal • Authentication technique • Privacy • Confidentiality • Secure billing • Radiated power
Operator perspective • Spectrum efficiency • Cell radius • Infrastructure cost • Deployment timing and adaptability • Roaming agreements • Resistance to fraud • Non repudiability of bills • …
Air interface Messages Messages Logical channels Logical channels Radio link Radio link Messages Structure, content Packet structure, error detection/retransmission Topology: one to one one to many (e.g., synch signals) many to one (e.g., service request) Packets Multiple access (e.g., CDMA, TDMA, FDMA) Duplex (e.g., Frequency Division Duplex - FDD) Modulation, source coding, channel coding, interleaving, diversity reception, channel equalization Bits Terminal Base Station
User Tracking: Geographic-based Strategy Location area 1 (ID = 1) Location area 2 (ID = 2) 5. Inform the HLR of the new LA ID of the end user 1. Change LA 2. Receive the ID of the LA 3. Compare with stored ID 4. If different, update and ask for registration • All base stations within the same LA periodically broadcast the ID of the LA • Each user compares its last LA ID with the current ID, and transmits a registration message whenever the ID is different • When there is an incoming call directed to a user, all the cells within its current LA are paged
Cellular networks • The area to be covered istesselated in a (usually large) number of cells • There is usually one antenna per cell • A mobile communicates with one (or sometimes two) antennas • Antennas are controlled byMobile Switching Centers(MSC) • Cells are usually represented by hexagons, although the real shape can be quite variable • In all systems, cells interfere with each other • To increase the capacity of the network, the usual technique consists in increasing the number of cells
Frequency reuse F4 F4 F4 F3 F3 F3 F5 F5 F5 F1 F1 F1 F2 F2 F2 F6 F6 F6 F7 F7 F7 • Cells with the same name use the same set of frequencies • In this example, the cluster size N = 7 • In order to tesselate, the geometry of hexagons is such that N can only have values which satisfy: N = i2 + ij + j2 with i = 1, 2,… and j = 1, 2,… • Channel assignment strategies: • fixed: each cell is allocated a predetermined set of voice channels • dynamic: each time a call request is made, the serving base station requests a channel from the MSC
Handover: principle Receivedsignallevel Level at point B Level at which handover is made(call properly transferred to BS2) time B A BS1 BS2
Handover strategies • The handover power level must be carefully chosen: • If too small: risk of superfluous handovers • If too high: risk of losing the call due to weak signal conditions • Dwell time: time during which a call is maintained in the same cell (hence without handover) • Mobile Assisted Handover (MAHO): every mobile measures the power from surrounding base stations and report these measurements to the serving base station. A handover is initiated if the power of the signal received from another station exceeds the one of the serving one by a certain threshold for a certain amount of time. • Inter-system handover: when changing network • Prioritising handovers over new calls; 2 methods: • Guard channels (spare channels in each cell) • Queuing of handover requests • Coping with stations moving at very different speeds (e.g., cars vs pedestrians): umbrella cells • Typical values for GSM handover: threshold between 0 and 6 dB, execution time of around 1 to 2 seconds • Soft handover: in the case of CDMA
Interference and system capacity • Possible sources of interference: • Another mobile in the same cell • A call in progress in a neighboring cell • Other base stations operating in the same frequency band • Any noncellular system which inadvertently leaks energy into the frequency band • Consequences of interferences: • On data channel: crosstalk (voice), erroneous data (data transmission) • On control channel: missed calls, dropped calls • 2 major types of system-generated interference: • Co-channel interference (same frequency), see hereafter • Adjacent channel interference (adjacent frequency)
Co-channel interference (3/4) D+R D D+R R A D-R D D-R First tier of co-channel cells for a cluster size of N=7 Note: the marked distances are approximations
Capacity of cellular networks (2/2) • Techniques to improve capacity: • Cell splitting • Sectoring
Capacity of cellular CDMA • The capacity of CDMA is interference limited, while it is bandwidth limited in TDMA and FDMA. • Techniques to reduce interference: • Multisectorized antennas • Discontinuous transmission mode (takes advantage of the intermittent nature of speech); duty factor typically between 3/8 and ½. • Power control: for a single cell, all uplink signals should be received approximately with the same power at the base station
Capacity of cellular CDMA: multiple cells case (1/3) B6 B5 B1 B0 B2 B4 B3
Capacity of cellular CDMA: multiple cells case (2/3) Concentric circular geometry M1 : number of wedge-shaped cells of the firstsurrounding layer of cells A1 : area of the firstsurrounding layer A1 = M1 A To let all cells have thesame size A, we must have: M1 = 8q1 = 450 By recursion, for the ith layer: Ai = i8A qi = p/4i Adjacent cell q1 3R 2R+d0 2R-d0 R d0 Considered cell 2d0 Firstsurroundinglayer
Capacity of cellular CDMA: multiple cells case (3/3) 3R 2R+d0 2R-d0 R d0 d q d’ Innersublayer Outersublayer
Roaming: principle Visited network Home network Subscriber database (IDs, keys, bills,…) Subscriber database (IDs, keys, bills,…) Roaming agreement User
Roaming: architecture PSTN + Data Network Home Location Register Visiting Location Register Service logic Service logic Home Network Visited Network Base Station Base Station
Security of cellular networks • Unauthorized access to data • Threats to integrity • Denial of service • Repudiation • Unauthorized access to services • Eavesdropping, traffic analysis • Maskerade as: • - Mobile station (e.g. for fraudulent usage) • - Base station • Denial of service Mobile station Base station/ Home network Foreign network • Misuse of a stolen terminal • Tamper with the crypto information • (e.g., cloning) • Repudiation of service usage • Unveiling crypto information of the user • Unveiling identity/location of the user
The Lin Harn protocol • Purpose: provide security in case of roaming mobile users • Protect the mobile user, the visited network and the home network • In particular: • Protect the identity of the mobile user • Avoid unveiling cryptographic material to the visited network, which it could use (or an attacker could use) against the will of the mobile user.
The Lin Harn protocol: requirements • Security requirements • Caller ID confidentiality: the identity of the user should be hidden, including to the visited network • Non-repudiation of service (e.g., the mobile user should not be able to deny the usage of service) • Shared secret key between the mobile and the visited network, renewed for each session • Implementation requirements • Limited computing power of the mobile station time-consuming public key cryptographic techniques should be avoided • Validation delay the number of interactions between the mobile station, the visited network and the home network should be limited
The Lin Harn protocol: mobile station registration Base station B (visited network) Home Network H Mobile M Initial shared key KMH Allocate a temporary identity Mtto M
Computation of the parameters KMH EKMH(NB) r1 r2 c2 rm h3 c1 cm h3 h3 NM h1 h2 h1 h2 h1 h2 h1 h2 k0 k1 k2 km h1, h2: one-way keyed hash function h3 : one-way hash function ci : session key of the ith session
The Lin Harn Protocol: Mobile Station Origination Protocol Base station B (visited network) Mobile M • Compute ri= h1(KMH, ki-1) • Check that h3(ri)=ci • Set the session key to ci • Compute ki= h2(ki-1, ri) • Check that h3(ri)=ci • Set the session key to ci This protocol is activated for each call request made by the mobile
The Lin Harn Protocol: analysis • Security • The subscriber can prove itself by presenting the ri’s to the visited network; knowing the checking values ci’s, the visited network can verify the legitimacy of the subscriber • The identity of the mobile user is protected • Security parameters of the mobile user (stored at the visited network) are protected • Non-repudiation: by demonstrating the possession of the ri’s, the visited network can prove that the service has been used • Performance • Small number of exchanged messages • The computational effort on the mobile side can be limited; e.g., encryption with the public keys PKHand PKB can be based on the low-exponent of the RSA algorithm: 3.
Service provision Payment Information Service Provider Trust Backbone Network Operator User Access Network Operator Billing in mobile networks Example Scenario 1. Technical view: Information server Backbone network 2. Business view:
Business model > 1 B potential users Privacy? Authentication? Payment and billing? User customization? National regulations? Disputes (bankrupts, order or usage repudiations,…)? 1 M + connectivity and information service providers
The customer care Cellular network operators Customer care agency Long distance network operators Satellite network operators Information service providers User
Requirements Customer care agency R7: Future-proofmechanism R6: accurate and non repudiable bill R3: Agreement on tariff at session setup R1: Free choice of the customer care agency R4: Very small amounts supported R5: Continuous information about cost User R2: Protection of user’s privacy (anonymity) Service provider