Sunday 27 August 2017

Bluetooth 5 for IoT


Bluetooth 5 (not 5.0 - to simplify marketing messages and communication) was released last year. The main features being 2x Faster, 4x Range (Bluetooth 4 - 50m outdoors, 10m Indoors; Bluetooth 5 - 200m outdoors, 40m indoors) & 8x Data.
I like this above slide by Robin Heydon, Qualcomm from a presentation he gave in CW (Cambridge Wireless) earlier this year. What is highlights is that Bluetooth 5 is Low Energy (LE) like its predecessor 4.0.For anyone interested, a good comparison of 5 vs 4.2 is available here.

In addition, Mesh support is now available for Bluetooth. I assume that this will work with Bluetooth 4.0 onwards but it would probably only make sense from Bluetooth 5 due to support for reasonable range.

The Bluetooth blog has a few posts on Mesh (see here, here and here). I like this simple introductory video below.


This recent article by Geoff Varral on RTT says the following (picture from another source):

Long distance Bluetooth can also be extended with the newly supported mesh protocol.

This brings Bluetooth into direct competition with a number of other radio systems including 802.15,4 based protocols such as Zigbee, LoRa, Wireless-M (for meter reading), Thread and 6 LowPAN (IPV6 over local area networks. 802.11 also has a mesh protocol and long distance ambitions including 802.11ah Wi-Fi in the 900 MHz ISM band. It also moves Bluetooth into the application space targeted by LTE NB IOT and LTE M though with range limitations.

There are some interesting design challenges implied by 5.0. The BLE specification is inherently less resilient to interference than Classic or EDR Bluetooth. This is because the legacy seventy eight X 1 MHz channels within the 20 MHz 2.4 GHz pass band are replaced with thirty nine two MHz channels with three fixed non hopping advertising channels in the middle and edge of the pass band.

These have to withstand high power 20 MHz LTE TDD in Band 40 (below the 2.4 GHz pass band) and high power 20 MHz LTE TDD in band 41 above the pass band (and Band 7 LTE FDD). This includes 26 dBm high power user equipment.

The coexistence of Bluetooth, Wi-Fi and LTE has been intensively studied and worked on for over ten years and is now managed with surprising effectiveness within a smart phone through a combination of optimised analogue and digital filtering (SAW and FBAR filters) and time domain interference mitigation based on a set of  industry standard wireless coexistence protocols.

The introduction of high power Bluetooth however implies that this is no longer just a colocation issue but potentially a close location issue. Even managing Bluetooth to Bluetooth coexistence becomes a non-trivial task when you consider that +20 dBm transmissions will be closely proximate to -20 dBm or whisper mode -30 dBm transmissions and RX sensitivity of -93 dBm, potentially a dynamic range of 120dB. Though Bluetooth is a TDD system this isolation requirement will be challenging and vulnerable to ISI distortion. 

More broadly there is a need to consider how ‘5G Bluetooth’ couples technically and commercially with 5G including 5G IOT

Ericsson has a whitepaper on Bluetooth Mesh Networking. The conclusion of that agrees that Bluetooth may become a relevant player in IoT:

Bluetooth mesh is a scalable, short-range IoT technology that provides flexible and robust performance. The Bluetooth Mesh Profile is an essential addition to the Bluetooth ecosystem that enhances the applicability of Bluetooth technology to a wide range of new IoT use cases. Considering the large Bluetooth footprint, it has the potential to be quickly adopted by the market. 

With proper deployment and configuration of relevant parameters of the protocol stack, Bluetooth mesh is able to support the operation of dense networks with thousands of devices. The building automation use case presented in this white paper shows that Bluetooth mesh can live up to high expectations and provide the necessary robustness and service ratio. Furthermore, the network design of Bluetooth mesh is flexible enough to handle the introduction of managed operations on top of flooding, to further optimize behavior and automate the relay selection process.


Moreover, another Ericsson article says that "smartphones with built-in Bluetooth support can be part of the mesh, may be used to configure devices and act as capillary gateways."

A capillary network is a LAN that uses short-range radio-access technologies to provide groups of devices with wide area connectivity. Capillary networks therefore extend the range of the wide area mobile networks to constraint devices. Figure above illustrates the Bluetooth capillary gateway concept.

Once there are enough smartphones and Bluetooth devices with Bluetooth 5 and Mesh support, It would be interesting to see how developers use it. Would also be interesting to see if it will start encroaching LoRa and Sigfox markets as well.

Sunday 20 August 2017

Enhanced 5G Security via IMSI Encryption


IMSI Catchers can be a real threat. It doesn't generally affect anyone unless someone is out to get them. Nevertheless its a security flaw that is even present in LTE. This presentation here is a good starting point on learning about IMSI Catcher and the one here about privacy and availability attacks.


This article by Ericsson is a good starting point on how 5G will enhance security by IMSI encryption. From the article:
The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface. By using probabilistic asymmetric encryption scheme – one that uses randomness – the same IMSI encrypted multiple times results in different values of encrypted IMSIs. This makes it infeasible for an active or passive attacker over the air-interface to identify the subscriber. Above is a simplified illustration of how a mobile device encrypts its IMSI. 
Each mobile operator (called the ‘home network’ here) has a public/private pair of asymmetric keys. The home network’s private asymmetric key is kept secret by the home network, while the home network’s public asymmetric key is pre-provisioned in mobile devices along with subscriber-specific IMSIs (Step 0). Note that the home network’s public asymmetric key is not subscriber-specific. 
For every encryption, the mobile device generates a fresh pair of its own public/private asymmetric keys (Step 1). This key pair is used only once, hence called ephemeral, and therefore provide probabilistic property to the encryption scheme. As shown in the figure, the mobile device then generates a new key (Step 2), e.g., using Diffie–Hellman key exchange. This new key is also ephemeral and is used only once to encrypt the mobile device’s IMSI (Step 3) using symmetric algorithm like AES. The use of asymmetric and symmetric crypto primitives as described above is commonly known as integrated/hybrid encryption scheme. The Elliptic Curve Integrated Encryption Scheme (ECIES) is a popular scheme of such kind and is very suitable to the use case of IMSI encryption because of low impact on radio bandwidth and mobile device’s battery. 
The nicest thing about the described concept is that no public key infrastructure is necessary, which significantly reduces deployment complexity, meaning that mobile operators can start deploying IMSI encryption for their subscribers without having to rely on any external party or other mobile operators.

'3GPP TR 33.899: Study on the security aspects of the next generation system' lists one such approach.


The Key steps are as follows:

  1. UE is configured with 5G (e)UICC with ‘K’ key, the Home Network ID, and its associated public key.
  2. SEAF send Identity Request message to NG-UE. NG-UE considers this as an indication to initiate Initial Authentication.
  3. NG-UE performs the following:
    1. Request the (e)UICC application to generate required security material for initial authentication, RANDUE, , COUNTER, KIARenc, and KIARInt.
    2. NG-UE builds IAR as per MASA. In this step NG-UE includes NG-UE Security Capabilities inside the IAR message. It also may include its IMEI. 
    3. NG-UE encrypts the whole IAR including the MAC with the home network public key.
    4. NG-UE sends IAR to SEAF.
  4. Optionally, gNB-CP node adds its Security Capabilities to the transposrt message between the gNB-CP and the SEAF (e.g., inside S1AP message as per 4G).
  5. gNB-CP sends the respective S1AP message that carries the NG-UE IAR message to the SEAF.
  6. SEAF acquirs the gNB-CP security capabilities as per the listed options in clause 5.2.4.12.4.3and save them as part of the temporary context for the NG-UE.
  7. SEAF follows MASA and forward the Authentication and Data Request message to the AUSF/ARPF.
  8. When AUSF/ARPF receives the Authentication and Data Request message, authenticates the NG-UE as per MASA and generates the IAS respective keys. AUSF/ARPF may recover the NG-UE IMSI and validate the NG-UE security capabilities.
  9. AUSF/ARPF sends Authentication and Data Response to the SEAF as per MASA with NG-UE Security Capabilities included.
  10. SEAF recovers the Subscriber IMSI, UE security Capabilities, IAS keys, RANDHN, COUNTER and does the following:
    1. Examine the UE Security Capabilities and decides on the Security parameters.
    2. SEAF may acquire the UP-GW security capabilities at this point after receiving the UP-GW identity from AUSF/ARPF or allocate it dynamically through provisioning and load balancing.
  11. SEAF builds IAS and send to the NG-UE following MASA. In addition, SEAF include the gNB-CP protocol agreed upon security parameters in the S1AP message being sent to the gNB-CP node.
  12. gNB-CP recovers gNB-CP protocol agreed upon security parameters and save it as part of the NG-UE current context.
  13. gNB-CP forwards the IAS message to the NG-UE.
  14. NG-UE validates the authenticity of the IAS and authenticates the network as per MASA. In addition, the UE saves all protocols agreed upon security parameters as part of its context. NG-UE sends the Security and Authentication Complete message to the SEAF.
  15. SEAF communicates the agreed upon UP-GW security parameters to the UP-GW during the NG-UE bearer setup.

ARPF - Authentication Credential Repository and Processing Function 
AUSF - Authentication Server Function 
SCMF - Security Context Management Function
SEAF - Security Anchor Function
NG-UE - NG UE
UP - User Plane 
CP - Control Plane
IAR - Initial Authentication Request 
IAS - Initial Authentication Response
gNB - Next Generation NodeB

You may also want to refer to the 5G Network Architecture presentation by Andy Sutton for details.

See also:

Tuesday 15 August 2017

AT&T Blog: "Providing Connectivity from Inside a Cactus"


A recent AT&T blog post looks at how the fake cactus antennas are manufactured. I also took a closeup of a fake cactus antenna when I went to a Cambridge Wireless Heritage SIG event as can be seen in tweet below.

The blog says:
To make a stealth site look as real as possible, our teams use several layers of putty and paint. Our goal is to get the texture and color just right, but also ensure it can withstand natural elements – from snowy Colorado to blistering Arizona. 
Tower production takes 6-8 weeks and starts with constructing a particular mold. The molds quickly become 30-foot tall saguaro cacti or 80-foot tall redwood trees.But these aren’t just steel giants. 
The materials that cover the stealth antennas, like paint or faux-leaves, must be radio frequency-friendly. Stealth antennas designed to look like church steeples or water towers are mostly made of fiberglass. This lets the signal from the antennas penetrate through the casing. 
These stealth deployments are just one of the many unique ways we provide coverage to our customers. So take a look outside, your connection may be closer than you think—hidden in plain sight!
This videos gives a good idea


If this is a topic of interest, then have a look at this collection of around 100 antennas:



See also:



Thursday 10 August 2017

Mobile can help with United Nations SDGs, only if prices go down

I came across this interesting article in WSJ, courtesy of the Benedict Evans newsletter, which discusses how Indians are using their smartphones even more and consuming far more data than they previously did. Due to low incomes, spending money on mobile top-up is to the detriment of other sectors. To quote the article:
“There was a time when kids would come here and blow their pocket money on chips and chocolate,” said Anup Kapoor, who runs a mom-and-pop grocery shop in New Delhi. These days, “they spend every last rupee on a data recharge instead.”

United Nations have created 17 very ambitious Sustainable Development Goals (SDGs) that universally apply to all, countries will mobilize efforts to end all forms of poverty, fight inequalities and tackle climate change, while ensuring that no one is left behind.
The SDGs, also known as Global Goals, build on the success of the Millennium Development Goals (MDGs) and aim to go further to end all forms of poverty. The new Goals are unique in that they call for action by all countries, poor, rich and middle-income to promote prosperity while protecting the planet. They recognize that ending poverty must go hand-in-hand with strategies that build economic growth and addresses a range of social needs including education, health, social protection, and job opportunities, while tackling climate change and environmental protection.
I have talked about Rural connectivity on this blog and a lot more on small cells blog. In fact the heart touching end user story from Rural England was shared multiple times on different platforms. GSMA has done a good amount of work with the rural communities with their mobile for development team and have some interesting videos showing positive impacts of bringing connectivity to rural communities in Tanzania (see here and here).

While you will always hear about the challenges in bringing connectivity to these rural communities, all technological challenges can be solved. There are many highly ambitious projects using balloons, drones, creating droneways, Helikites, Satellite backhaul, drone based backhaul, mmWave backhaul, etc. The real problem to solve here are the costs (spectrum, infrastructure, etc.) and the end-user pricing.

Coming back to the first story of this post about India, when given an option about selecting mobile data or shampoo, people will probably choose mobile data. What about mobile data vs food? While there are some innovative young companies that can help bring the costs down, there is still a big hurdle to leap in terms of convincing the operators mindsets, bureaucracy, etc.

To help explain my point lets look at an excerpt from this article in Wired:
It’s the kind of problem that Vanu Bose, the founder of the small cell network provider CoverageCo, has been trying to solve with a new, ultra-energy-efficient mobile technology. Bose chose two places to pilot this tech: Vermont and Rwanda. “We picked these two locations because we knew they would be challenging in terrain and population density,” he says. “What we didn’t expect was that many of the problems were the same in Rwanda and Vermont—and in fact the rollout has been much easier in Africa.
The good news is that things are changing. Parallel Wireless (see disclosure at the bottom) is one such company trying to simplify network deployment and at the same time bring the costs down. In a recent deployment with Ice Wireless in Canada, this was one of the benefit to the operator. To quote from MobileSyrup:
A radio access network is one of the key components in the architecture of any wireless network. RANs sit between consumer-facing devices like smartphones and computers and the core network, helping connect those devices to the larger network.  
Essentially where the likes of Nokia and Huawei ask clients to buy an expensive hardware component for their RAN needs, Parallel Wireless offers allows companies like Ice Wireless to use off-the-shelf computer and server components to emulate a RAN. The company also sells wireless base stations like the two pictured above that are smaller than the average cell tower one sees in cities and less remote parts of the country.  
Besides reducing the overall price of a network deployment, Parallel’s components present several other advantages for a company like Ice Wireless.  
For instance, small base stations make it easier for the company to build redundancies into its network, something that’s especially important when a single arctic snowstorm can knock out wireless service for thousands of people.
These kind of benefits allow operators to pass on the cost reduction thereby allowing the price reduction for end users. In case of Ice Wireless, they have already got rid of roaming charges and have started offering unlimited data plans for the communities in Canada's North.

Finally, to quote David Nabarro, Special Adviser of the United Nations Secretary-General on the 2030 Agenda for Sustainable Development from the GSMA 2016 Mobile Industry Impact Report: Sustainable Development Goals:
Achieving the SDGs demands new technologies, innovations, and data collection that can integrate and complement traditional statistics. A driving force behind this data revolution is mobile technology. 
Mobile phone technology has already transformed societies around the globe, even the poorest countries and communities. It is helping to empower women, create jobs, spur financial independence, improve education, boost agriculture production, and promote better health. Mobile phones have enabled communities to monitor elections, hold governments accountable, and save lives in natural disasters. 
As we focus on implementing the Sustainable Development Goals, the mobile industry has a critical role in working with governments and the international community to expand connectivity, to lower barriers to access, and to ensure that tools and applications are developed with vulnerable communities in mind. 

With 5G just round the corner, I hope that the operators and vendors will be able to get their costs down, resulting in lower end-user prices. That would be a win-win for everyone.

*Full Disclosure: I work for Parallel Wireless as a Senior Director, Strategic Marketing. This blog is maintained in my personal capacity and expresses my own views, not the views of my employer or anyone else. Anyone who knows me well would know this.