Showing posts with label UMTS. Show all posts
Showing posts with label UMTS. Show all posts

Wednesday 8 December 2010

SON for reducing Opex in Legacy Networks

Presented by Stéphane Téral, Principal Analyst, Mobile and FMC Infrastructure, Infonetics Research in the 1st Self-Organizing Networks Conference, 30th Nov and 1st Dec. 2010 at the Waldorf Hilton.

Wednesday 20 October 2010

Fast Dormancy in Release-8

Nokia Siemens Networks has collaborated with Qualcomm to carry out the industry’s first successful interoperability test of the new 3GPP standardized Release 8 Fast Dormancy feature. Unlike proprietary approaches to fast dormancy, the new standard allows operators to take full advantage of smart network features such as Cell_PCH without worrying that individual handset settings will ignore network controls.

The test was conducted at Nokia Siemens Networks’ Smart Lab in Dallas using Nokia Siemens Networks’ Flexi Multiradio Base Station and Radio Network Controller and Qualcomm’s QSC7230TM smartphone optimized chipset. The test showed how smartphones can act dynamically, exploiting Cell_PCH on Nokia Siemens Networks’ smart networks or adjusting to Fast Dormancy on other vendors’ traditional networks.

In fact the operators have been getting upset quite for some time because of smartphone hacks that save the UE battery life but cause network signalling congestion. See here.

To explain the problem, lets look at the actual signalling that occurs when the UE is not transmitting anything. Most probably it gets put into CELL_PCH or URA_PCH state. Then when keep alive messages need to be sent then the state is transitioned to CELL_FACH and once done its sent back to CELL_PCH. Now the transitioning back from CELL_FACH (or CELL_DCH) to CELL_PCH can take quite some time, depending on the operator parameters and this wastes the UE battery life.

To get round this problem, the UE manufacturers put a hack in the phone and what they do is that if there no data to transmit for a small amount of time, the UE sends RRC Signalling Connection Release Indication (SCRI) message. This message is supposed to be used in case when something is gone wrong in the UE and the UE wants the network to tear the connection down by sending RRC Connection Release message. Anyway, the network is forced to Release the connection.

If there is another requirement to send another keep alive message (they are needed for lots of apps like Skype, IM's, etc.) the RRC connection would have to be established all over again and this can cause lots of unnecessary signalling for the network causing congestion at peak times.

To speed up the transitioning to CELL_PCH state in Release-8 when the UE sends SCRI message, its supposed to include the cause value as "UE Requested PS Data session end". Once the network receives this cause it should immediately move the UE to CELL_PCH state.

This is a win win situation for both the network and the UE vendors as long as a lot of UE's implement this. The good thing is that even a pre-Rel8 UE can implement this and if the network supports this feature it would work.

GSMA has created a best practices document for this feature which is embedded below.



Further Reading:

Monday 18 October 2010

TETRA Evolution

Couple of Interesting presentation on TETRA Evolution.





Tuesday 5 October 2010

3GPP Green activities / Energy Saving initiatives


3GPP has been working on Energy saving initiatives for Release-10 and Release-11. Here is a very quick summary of some of these items.

Telecommunication management; Study on Energy Savings Management (ESM)

Most mobile network operators aim at reducing their greenhouse emissions, by several means such as limiting their networks' energy consumption.

In new generation Radio Access Networks such as LTE, Energy Savings Management function takes place especially when mobile network operators want e.g. to reduce Tx power, switch off/on cell, etc. based on measurements made in the network having shown that there is no need to maintain active the full set of NE capabilities.

By initiating this Work Item about Energy Savings Management, 3GPP hopes to contribute to the protection of our environment and the environment of future generations.

The objective of this technical work is to study automated energy savings management features. Usage of existing IRPs is expected as much as possible, e.g. Configuration Management IRP, etc. However, this technical work may identify the need for defining a new IRP.

The following operations may be considered in this study item (but not necessarily limited to):
• Retrieval of energy consumption measurements
• Retrieval of traffic load measurements
• Adjust Network Resources capabilities


OAM aspects of Energy Saving in Radio Networks

There are strong requirements from operators on the management and monitoring of energy saving functions and the evaluation of its impact on the network and service quality. Therefore an efficient and standardized Management of Energy Saving functionality is needed. Coordination with other functionalities like load balancing and optimization functions is also required.

The objectives of this work item are:
• Define Energy Savings Management OAM requirements and solutions for the following use cases,
• eNodeB Overlaid
• Carrier restricted
• Capacity Limited Network
• Define OAM requirements and solutions for coordination of ESM with other functions like
• Self-Optimization
• Self Healing
• Traditional configuration management
• Fault Management
• Select existing measurements which can be used for assessing the impact and effect of Energy Saving actions corresponding to above Energy Saving use cases.
• Define new measurements which are required for assessing the impact and effect of Energy Saving actions, including measurements of the energy consumption corresponding to above Energy Saving use cases.


Study on impacts on UE-Core Network signalling from Energy Saving

Energy Saving (ES) mechanisms are becoming an integral part of radio networks, and consequently, of mobile networks. Strong requirements from operators (for reasons of cost and environmental image) and indirectly from authorities (for the sake of meeting overall international and national targets) have been formulated. With the expected masses of mobile network radio equipment as commodities, in the form of Home NB/eNBs, this aspect becomes even more crucial.

It is necessary to ensure that ES does not lead to service degradation or inefficiencies in the network. In particular:
• the activation status of radio stations (on/off) introduces a new scale of dynamicity for the UE and network;
• mass effects in signalling potentially endanger the network stability and need to be handled properly.

It is unclear whether and how currently defined procedures are able to cope with, and eventually can be optimized for, ES conditions; thus a systematic study is needed.

The study aims, within the defined CT1 work areas, at:
• analysing UE idle mode procedures and UE-Core Network signalling resulting from frequent switch on/off of radio equipment in all 3GPP accesses, including home cell deployment and I-WLAN;
• performing a corresponding analysis for connected mode UEs;
• analysing similar impacts from activation status of non-3GPP access networks;
• documenting limitations, weaknesses and inefficiencies in these procedures, with emphasis on mass effects in the UE-Core Network signalling;
• studying potential optimizations and enhancements to these procedures;

The study shall also evaluate and give recommendations on potential enhancements to 3GPP specifications (whether and where they are seen necessary).


Study on Solutions for Energy Saving within UTRA Node B

Due to the need to reduce energy consumption within operators’ networks, and considering the large amount of UMTS network equipment deployed in the field around the world, the standardisation of methods to save energy in UMTS Node Bs is seen as an important area of study for 3GPP.There has not been a large amount of focus on energy-saving in UMTS networks so far in 3GPP, although some solutions have been agreed in Release 9. Therefore it is proposed to start an initial study phase to identify solutions and perform any initial evaluation, such that a subset of these proposals can be used as the basis for further investigation of their feasibility.

The objective is to do an initial study to identify potential solutions to enable energy saving within UMTS Node-Bs, and do light initial evaluation of the proposed solutions, with the aim that a subset of them can be taken forward for further investigation as part of a more focused study in 3GPP.

The solutions identified in this study item should consider the following aspects:
• Impacts on the time for legacy and new UEs to gain access to service from the Node B
• Impacts on legacy and new terminals (e.g. power consumption, mobility)

Some initial indication of these aspects in relation to the proposed solutions should be provided.


Study on Network Energy Saving for E-UTRAN

The power efficiency in the infrastructure and terminal should be an essential part of the cost-related requirements in LTE-A. There is a strong need to investigate possible network energy saving mechanisms to reduce CO2 emission and OPEX of operators.

Although some solutions have been proposed and part of them have been agreed in Release-9, there has not been a large amount of attention on energy saving for E-UTRAN so far. Many potential solutions are not fully shown and discussed yet. Therefore, it is proposed to start an initial study phase to identify solutions, evaluate their gains and impacts on specifications.

The following use cases will be considered in this study item:
• Intra-eNB energy saving
• Inter-eNB energy saving
• Inter-RAT energy saving

Intra-eNB energy saving, in EUTRAN network, a single cell can operate in energy saving mode when the resource utilization is sufficiently low. In this case, the reduction of energy consumption will be mainly based on traffic monitoring with regard to QoS and coverage assurance.

A lot of work on Inter-eNB energy saving has already been done for both LTE and UTRA in Rel-9. This Study Item will investigate additional aspects (if any) on top of what was already agreed for R9.

Inter-RAT energy saving, in this use case, legacy networks, i.e. GERAN and UTRAN, provide radio coverage together with E-UTRAN. For example E-UTRAN Cell A is totally covered by UTRAN Cell B. Cell B is deployed to provide basic coverage of the voice or medium/low-speed data services in the area, while Cell A enhances the capability of the area to support high-speed data services. Then the energy saving procedure can be enabled based on the interaction of E-UTRAN and UTRAN system.

The objective of this study item is to identify potential solutions for energy saving in E-UTRAN and perform initial evaluation of the proposed solutions, so that a subset of them can be used as the basis for further investigation and standardization.

Energy saving solutions identified in this study item should be justified by valid scenario(s), and based on cell/network load situation. Impacts on legacy and new terminals when introducing an energy saving solution should be carefully considered. The scope of the study item shall be as follows:
• User accessibility should be guaranteed when a cell transfers to energy saving mode
• Backward compatibility shall be ensured and the ability to provide energy saving for Rel-10 network deployment that serves a number of legacy UEs should be considered
• Solutions shall not impact the Uu physical layer
• The solutions should not impact negatively the UE power consumption

RAN2 will focus on the Intra-eNB energy saving, while RAN3 will work on Inter-RAT energy saving and potential additional Inter-eNB energy saving technology.


Study on Solutions for GSM/EDGE BTS Energy Saving

There has not been a large amount of focus on energy-saving in GSM/EDGE networks so far in 3GPP, although some solutions have been agreed in previous Releases, notably MCBTS. Therefore it is proposed to start an initial study phase to identify solutions and perform any initial evaluation, such that a subset of these proposals can be used as the basis for further investigation of their feasibility.

The objective is to study potential solutions to enable energy saving within the BTS (including MCBTS and MSR), and evaluate each proposed solutions in detail. These potential solutions shall focus on the following specific aspects
• Reduction of Power on the BCCH carrier (potentially enabling dynamic adjustment of BCCH power)
• Reduction of power on DL common control channels
• Reduction of power on DL channels in dedicated mode, DTM and packet transfer mode
• Deactivation of cells (e.g. Cell Power Down and Cell DTX like concepts as discussed in RAN)
• Deactivation of other RATs in areas with multi-RAT deployments, for example, where the mobile station could assist the network to suspend/minimise specific in-use RATs at specific times of day
• And any other radio interface impacted power reduction solutions.

The solutions identified in this study item shall also consider the following aspects:
• Impacts on the time for legacy and new mobile stations to gain access to service from the BTS
• Impacts on legacy and new mobile stations to keep the ongoing service (without increasing drop rate)
• Impacts on legacy and new mobile stations implementation and power consumption, e.g. due to reduction in DL power, cell (re-)selection performance, handover performance, etc.
• Impacts on UL/DL coverage balance, especially to CS voice

Solutions shall be considered for both BTS energy saving non-supporting and supporting mobile stations (i.e. solutions that are non-backwards compatible towards legacy mobile stations shall be out of the scope of this study).

Thursday 30 September 2010

RF Pattern Matching adopted in 3GPP Release-10

RF Pattern Matching is now a recognized unique location method in standards that provides carriers and OEMs with the ability to offer high accuracy location-based services that traditionally haven’t been available with low-accuracy Cell-ID based technologies. RF Pattern Matching will be incorporated into Release 10 of the 3G UMTS specifications, expected to become final in late 2010 or early 2011. This will also set the stage for opportunities to incorporate RF Pattern Matching into LTE and other future air interfaces.


“The decision to incorporate RF Pattern Matching into the 3G UMTS specifications is needed for all service providers wanting to provide the highest-SLA option for LBS as it gives them more credible options for public safety and commercial applications,” said Manlio Allegra, president and chief executive officer at Polaris Wireless. “This level of LBS accuracy will create an improved user experience for wireless customers, which ultimately generates additional revenue streams for carriers and other enterprises offering LBS applications.”


Polaris WLS™ is a patent-protected implementation of RF Pattern Matching, which provides the best network-based location performance in urban and indoor settings and is a perfect complement to A-GPS, enabling a best-in-class hybrid solution. Polaris’ WLS™ works without the RF Pattern Matching definition in standards, but standardization through 3GPP allows for future performance enhancements and provides flexibility for the solution and carrier implementations. Polaris’s current WLS products will continue to operate within existing standards.


By being included in the 3G UMTS standard, Polaris’ location technology has received further validation as one of the most accurate in the world. Polaris will now be considered a preferred provider to Tier 1 carriers and infrastructure vendors who want to add a high accuracy location solution to their technology mix that meets the new 3GPP standard.


The FCC is currently considering new E911 Phase II regulations that would improve indoor location capabilities for first responders. Using RF Pattern Matching, Polaris’ WLS™ software solution enables carriers and OEMs to be prepared to meet these new FCC requirements with little or no investment in new infrastructure or hardware.

RF Pattern Matching Discussion document presented in 3GPP is embedded below:


Tuesday 14 September 2010

Femtocell Interference Management in real life

Couple of years back we blogged about the Femtocell Inteference in Macro network. Since then things have moved on a long way. There are commercial rollouts happening with Vodafone leading the way. Yesterday, I was reading Prof. Simon Saunders article on Femtocell and the following struck me.

A major technical challenge that femtocell designers initially faced was the need to manage potential interference. It takes up to two years to install conventional base stations, during which time radio engineers meticulously plan a station’s position and radio characteristics to avoid interference. However, such an approach is not viable in the case of femtocells, deployed potentially in their millions at random. Automating a process conducted by radio engineers was no mean feat and simply would not have been possible a few years ago.

Fortunately, the fact that the walls of buildings keep 3G signals out and keep the femtocell’s signals in provides strong inherent interference mitigation for indoor femtocells. Extensive studies have shown that proper implementation of a few key techniques to reduce interference can take advantage of this attenuation in an intelligent manner. Such techniques include frequent monitoring of the cell’s surrounding radio environment combined with adaptive power control. Indoor users gain faster data rates, as do outdoor users who now operate on less congested cells, while it costs less for operators to deliver higher overall network capacity. Large-scale, real-world deployments are demonstrating that these techniques work in practice and even allow new approaches, such as operating 3G networks in the same spectrum as 2G networks.

AT&T has deployed femtocells on the same frequencies as both the hopping channels for GSM macrocells and with UMTS macrocells. They have tested thousands of femtocells, and found that the mitigation techniques implemented successfully minimise and avoid interference. The more femtocells are deployed, the more uplink interference is reduced.

It is very interesting to see that the interference is not causing any problems in real life.


Back in Feb, Femto Forum released a new report on "Interference Management in UMTS Femtocells". A similar report was released in Dec. 08. Then in March they released a similar report for OFDMA (covering both LTE and WiMAX) femtocells. They are interesting reading for those who are interested in this area.


European Union is having a similar program called FREEDOM (Femtocell-based network enhancement by interference management and coordination of information for seamless connectivity ). FREEDOM focuses on:
  • Advanced interference-aware cooperative PHY techniques,
  • Improvement of the control plane procedures for seamless connectivity, and
  • System-level evaluation and hardware demonstrator of the proposed femto-based network architecture.

More info on their website (http://www.ict-freedom.eu/). You can see their scenario document that shows different interference scenarios and also compares different approaches including those of Femto Forum, 3GPP and WiMAX.

Tuesday 3 August 2010

Double whammy for GSM Security

Via PC World:

A researcher at the Def Con security conference in Las Vegas demonstrated that he could impersonate a GSM cell tower and intercept mobile phone calls using only $1500 worth of equipment. The cost-effective solution brings mobile phone snooping to the masses, and raises some concerns for mobile phone security.

How does the GSM snooping work?

Chris Paget was able to patch together an IMSI (International Mobile Identity Subscriber) catcher device for about $1500. The IMSI catcher can be configured to impersonate a tower from a specific carrier. To GSM-based cell phones in the immediate area--the spoofed cell tower appears to be the strongest signal, so the devices connect to it, enabling the fake tower to intercept outbound calls from the cell phone.

What happens to the calls?

Calls are intercepted, but can be routed to the intended recipient so the attacker can listen in on, and/or record the conversation. To the real carrier, the cell phone appears to no longer be connected to the network, so inbound calls go directly to voicemail. Paget did clarify, though, that it's possible for an attacker to impersonate the intercepted device to the wireless network, enabling inbound calls to be intercepted as well.

But, aren't my calls encrypted?

Generally speaking, yes. However, the hacked IMSI catcher can simply turn the encryption off. According to Paget, the GSM standard specifies that users should be warned when encryption is disabled, but that is not the case for most cell phones. Paget explained "Even though the GSM spec requires it, this is a deliberate choice on the cell phone makers."

What wireless provider networks are affected?

Good news for Sprint and Verizon customers--those networks use CDMA technology rather than GSM, so cell phones on the Sprint or Verizon networks would not connect to a spoofed GSM tower. However, AT&T and T-Mobile--as well as most major carriers outside of the United States--rely on GSM.

Does 3G protect me from this hack?

This IMSI catcher hack will not work on 3G, but Paget explained that the 3G network could be knocked offline with a noise generator and an amplifier--equipment that Paget acquired for less than $1000. With the 3G network out of the way, most cell phones will revert to 2G to find a viable signal to connect to.

Another one from CNET:

A researcher released software at the Black Hat conference on Thursday designed to let people test whether their calls on mobile phones can be eavesdropped on.

The public availability of the software - dubbed Airprobe -- means that anyone with the right hardware can snoop on other peoples' calls unless the target telecom provider has deployed a patch that was standardized about two years ago by the GSMA, the trade association representing GSM (Global System for Mobile Communications) providers, including AT&T and T-Mobile in the U.S.

Most telecom providers have not patched their systems, said cryptography expert Karsten Nohl.

"This talk will be a reminder to this industry to please implement these security measures because now customers can test whether they've patched the system or not," he told CNET in an interview shortly before his presentation. "Now you can listen in on a strangers' phone calls with very little effort."

An earlier incarnation of Airprobe was incomplete so Nohl and others worked to make it usable, he said.

Airprobe offers the ability to record and decode GSM calls. When combined with a set of cryptographic tools called Kraken, which were released last week, "even encrypted calls and text messages can be decoded," he said.

To test phones for interception capability you need: the Airprobe software and a computer; a programmable radio for the computer, which costs about $1,000; access to cryptographic rainbow tables that provide the codes for cracking GSM crypto (another Nohl project); and the Kraken tool for cracking the A5/1 crypto used in GSM, Nohl said.

More information about the tool and the privacy issues is on the Security Research Labs Web site.


Friday 28 May 2010

UMTS/HSPA State Transition Problems to be solved with LTE

The way UMTS/HSPA is designed is that the Mobile (UE) is always in IDLE state. If there is some data that needs to be transferred then the UE moves to CELL_DCH. If the amount of data is very less then the UE could move to CELL_FACH state. The UE can also move to CELL_PCH and URA PCH if required but may not necessarily do so if the operator has not configured those states.

The problem in UMTS/HSPA is that these state transitions take quite some time (in mobile terms) and can slow down the browsing experience. Martin has blogged about the state transition problems because of the keep alive messages used by the Apps. These small data transfers dont let the UE go in the IDLE state. If they do then whole raft of signalling has to occur again for the UE to go to CELL_FACH or CELL_DCH. In another post Martin also pointed out the sluggishness caused by the UE in CELL_FACH state.


Mike Thelander of the Signals Research Group presented similar story in the recently concluded LTE World Summit. It can be seen from the figure above that moving from IDLE to CELL_DCH is 1-3secs whereas FACH to DCH is 500ms.

In case if some Apps are running in the background, they can be using these keep alive messages or background messages which may be very useful on the PC but for the Mobiles, these could cause unnecessary state transitions which means lots of signalling overhead.

The Apps creators have realised this problem and are working with the Phone manufacturers to optimise their messaging. For example in case of some Apps on mobiles the keep alive message has been changed from 20 seconds to 5 mins.

3GPP also realised this problem quite a while back and for this reason in Release-7 two new features were added in HSPA+. One was Continuous Packet Connectivity (CPC) and the other was Enhanced CELL_FACH. In Release-8 for HSPA+, these features were added in UL direction as well. The sole aim of these features were to reduce the time it would take to transit to CELL_DCH. Since CPC increases the cell capacity as well, more users can now be put in CELL_FACH instead of being sent to IDLE.

An interesting thing in case of LTE is that the RRC states have been simplified to just two states as shown here. The states are IDLE and CONNECTED. The intention for LTE is that all the users can be left in the CONNECTED state and so unnecessary signalling and time spent on transitioning can be reduced.

The preliminary results from the trials (as can also be seen from here) that were discussed in the LTE World Summit clearly show that LTE leads to a capacity increase by 4 times (in the same BW) and also allow very low latency. I am sure that enough tests with real life applications like Skype, Fring and Yahoo IM have not been done but I am hopeful of the positive outcome.

Monday 1 March 2010

GSM-UMTS Network migration towards LTE


Another interesting white-paper from 3G Americas. The following from their press release:

A 3rd Generation Partnership Project (3GPP) specification, LTE will serve to unify the fixed and mobile broadband worlds and will open the door to new converged multimedia services. As an all-IP-based technology, LTE will drive a major network transformation as the traditional circuit-based applications and services migrate to an all-IP environment, though introducing LTE will require support and coordination between a complex ecosystem of application servers, devices/terminals and interaction with existing technologies. The report discusses functionality and steps GSM-UMTS network operators may use to effectively evolve their networks to LTE and identifies potential challenges and solutions for enabling the interaction of LTE with GSM, GPRS and UMTS networks.

“This white paper reveals solutions that facilitate a smooth migration for network operators as they deploy LTE,” stated Chris Pearson, president of 3G Americas. “3GPP has clearly defined the technology standards in Release 9 and Release 10, and this paper explores the implementation of these standards on 3GPP networks.”



A reported
130 operators around the world have written LTE into their technology roadmaps. In December 2009, TeliaSonera launched the world’s first LTE networks in Norway and Sweden and an estimated 17 operators are expected to follow in its footsteps in 2010.

“LTE is receiving widespread support and powerful endorsements from industry leaders around the world, but it is important to keep in mind that the evolution to LTE will require a multi-year effort,” Pearson said. “LTE must efficiently and seamlessly coexist with existing wireless technologies during its rise to becoming the leading next-generation wireless technology.”

Operators planning LTE deployments must consider the implications of utilizing LTE in an ecosystem comprising 2G, 3G and future “4G” wireless technologies. Therefore, operators planning an LTE deployment will need to offer multi-technology devices with networks that allow mobility and service continuity between GSM, EDGE, HSPA and LTE.


Thursday 11 February 2010

UICC and USIM in 3GPP Release 8 and Release 9


In good old days of GSM, SIM was physical card with GSM "application" (GSM 11.11)

In the brave new world of 3G+, UICC is the physical card with basic logical functionality (based on 3GPP TS 31.101) and USIM is 3G application on a UICC (3GPP TS 31.102). The UICC can contain multiple applications like the SIM (for GSM), USIM and ISIM (for IMS). There is an interesting Telenor presentation on current and future of UICC which may be worth the read. See references below.

UICC was originally known as "UMTS IC card". The incorporation of the ETSI UMTS activities into the more global perspective of 3GPP required a change of this name. As a result this was changed to "Universal Integrated Circuit Card". Similarly USIM (UMTS Subscriber Identity Module) changed to Universal Subscriber Identity Module.

The following is from the 3G Americas Whitepaper on Mobile Broadband:

UICC (3GPP TS 31.101) remains the trusted operator anchor in the user domain for LTE/SAE, leading to evolved applications and security on the UICC. With the completion of Rel-8 features, the UICC now plays significant roles within the network.

Some of the Rel-8 achievements from standards (ETSI, 3GPP) are in the following areas:

USIM (TS 31.102)
With Rel-8, all USIM features have been updated to support LTE and new features to better support non-3GPP access systems, mobility management, and emergency situations have been adopted.

The USIM is mandatory for the authentication and secure access to EPC even for non-3GPP access systems. 3GPP has approved some important features in the USIM to enable efficient network selection mechanisms. With the addition of CDMA2000 and HRPD access technologies into the PLMN, the USIM PLMN lists now enable roaming selection among CDMA, UMTS, and LTE access systems.

Taking advantage of its high security, USIM now stores mobility management parameters for SAE/LTE. Critical information like location information or EPS security context is to be stored in USIM rather than the device.

USIM in LTE networks is not just a matter of digital security but also physical safety. The USIM now stores the ICE (In Case of Emergency) user information, which is now standardized. This feature allows first responders (police, firefighters, and emergency medical staff) to retrieve medical information such as blood type, allergies, and emergency contacts, even if the subscriber lies unconscious.

3GPP has also approved the storage of the eCall parameters in USIM. When activated, the eCall system establishes a voice connection with the emergency services and sends critical data including time, location, and vehicle identification, to speed up response times by emergency services. ECalls can be generated manually by vehicle occupants or automatically by in-vehicle sensors.

TOOLKIT FEATURES IMPROVEMENT (TS 31.111)
New toolkit features have been added in Rel-8 for the support of NFC, M2M, OMA-DS, DM and to enhance coverage information.

The contactless interface has now been completely integrated with the UICC to enable NFC use cases where UICC applications proactively trigger contactless interfaces.

Toolkit features have been updated for terminals with limited capabilities (e.g. datacard or M2M wireless modules). These features will be notably beneficial in the M2M market where terminals often lack a screen or a keyboard.

UICC applications will now be able to trigger OMA-DM and DS sessions to enable easier device support and data synchronization operations, as well as interact in DVB networks.

Toolkit features have been enriched to help operators in their network deployments, particularly with LTE. A toolkit event has been added to inform a UICC application of a network rejection, such as a registration attempt failure. This feature will provide important information to operators about network coverage. Additionally, a UICC proactive command now allows the reporting of the signal strength measurement from an LTE base station.

CONTACT MANAGER
Rel-8 defined a multimedia phone book (3GPP TS 31.220) for the USIM based on OMA-DS and its corresponding JavaCard API (3GPP TS 31.221).

REMOTE MANAGEMENT EVOLUTION (TS 31.115 AND TS 31.116)
With IP sessions becoming prominent, an additional capability to multiplex the remote application and file management over a single CAT_TP link in a BIP session has been completed. Remote sessions to update the UICC now benefit from additional flexibility and security with the latest addition of the AES algorithm rather than a simple DES algorithm.

CONFIDENTIAL APPLICATION MANAGEMENT IN UICC FOR THIRD PARTIES
The security model in the UICC has been improved to allow the hosting of confidential (e.g. third party) applications. This enhancement was necessary to support new business models arising in the marketplace, with third party MVNOs, M-Payment and Mobile TV applications. These new features notably enable UICC memory rental, remote secure management of this memory and its content by the third party vendor, and support new business models supported by the Trusted Service Manager concept.

SECURE CHANNEL BETWEEN THE UICC AND TERMINAL
A secure channel solution has been specified that enables a trusted and secure communication between the UICC and the terminal. The secure channel is also available between two applications residing respectively on the UICC and on the terminal. The secure channel is applicable to both ISO and USB interfaces.

RELEASE 9 ENHANCEMENTS: UICC: ENABLING M2M AND FEMTOCELLS
The role of femtocell USIM is increasing in provisioning information for Home eNodeB, the 3GPP name for femtocell. USIMs inside handsets provide a simple and automatic access to femtocells based on operator and user-controlled Closed Subscriber Group list.

Work is ongoing in 3GPP for the discovery of surrounding femtocells using toolkit commands. Contrarily to macro base stations deployed by network operators, a femtocell location is out of the control of the operator since a subscriber can purchase a Home eNodeB and plug it anywhere at any time. A solution based on USIM toolkit feature will allow the operator to identify the femtocells serving a given subscriber. Operators will be able to adapt their services based on the femtocells available.

The upcoming releases will develop and capitalize on the IP layer for UICC remote application management (RAM) over HTTP or HTTPS. The network can also send a push message to UICC to initiate a communication using TCP protocol.

Additional guidance is also expected from the future releases with regards to the M2M dedicated form factor for the UICC that is currently under discussion to accommodate environments with temperature or mechanical constraints surpassing those currently specified by the 3GPP standard.

Some work is also expected to complete the picture of a full IP UICC integrated in IP-enabled terminal with the migration of services over EEM/USB and the capability for the UICC to register on multicast based services (such as mobile TV).

Further Reading:

Monday 14 September 2009

TD-SCDMA, TDD and FDD

After my posting on TD-SCDMA so many people asked me about what TD-SCDMA is. I am surprised that so many people are not aware of TD-SCDMA. So here is a quick posting on that.

TDD and FDD Mode of Operation

Basically most of the UMTS networks in operation are Frequency Division Duplex (FDD) based. There is also another variant called the Time Division Duplex or TDD. In reality there is more than one variant of TDD, so the normal 5MHz bandwidth TDD is called Wideband TDD of WTDD. There is also another name for WTDD to confuse people, called the High Chip Rate TDD (HCR-TDD). There is another variant of TDD as would have guessed known as the Narrowband TDD (NTDD). NTDD is also known as Low Chip Rate TDD (LCR-TDD) and most popularly its known as TD-SCDMA or Time Division Synchronous CDMA.

"Synchronous" implies that uplink signals are synchronized at the base station receiver, achieved by continuous timing adjustments. This reduces the interference between users of the same timeslot using different codes by improving the orthogonality between the codes, therefore increasing system capacity, at the cost of some hardware complexity in achieving uplink synchronization.

The normal bandwidth of FDD or TDD mode of operation is 5 MHz. This gives a chip rate of 3.84 Mcps (Mega chips per second). The corresponding figure for TD-SCDMA is 1.66 Mhz and 1.28 Mcps.


Assymetric operation in TDD mode

The advantage of TDD over FDD are:
  • Does not require paired spectrum because FDD uses different frequencies for UL and DL whereas TDD uses the same frequency hence its more easy to deploy
  • Channel charachteristics is the same in both directions due to same band
  • You can dynamically change the UL and the DL bandwidth allocation depending on the traffic.
The dis-advantage of TDD over FDD are:
  • Switching between transmission directions requires time, and the switching transients must be controlled. To avoid corrupted transmission, the uplink and downlink transmissions require a common means of agreeing on transmission direction and allowed time to transmit. Corruption of transmission is avoided by allocating a guard period which allows uncorrupted propagation to counter the propagation delay. Discontinuous transmission may also cause audible interference to audio equipment that does not comply with electromagnetic susceptibility requirements.
  • Base stations need to be synchronised with respect to the uplink and downlink transmission times. If neighbouring base stations use different uplink and downlink assignments and share the same channel, then interference may occur between cells. This can increase the complexity of the system and the cost.
  • Also it does not support soft/softer handovers
Timing Synchronisation between different terminals

By the way, in Release 7 a new TDD mode of operation with 10 MHz bandwidth (7.86 Mcps) has been added. Unfortunately I dont know much about it.

You can read more about TD-SCDMA in whitepaper 'TD-SCDMA: the Solution for TDD bands'

You can find more information on TD-SCDMA at: http://www.td-forum.org/en/

Wednesday 8 July 2009

UK: Ofcom releases 3G coverage maps

Ofcom has just released (or as The Register puts it; found under the sofa) 3G coverage maps for UK. Its useful for people who dont live in big towns but planning to take out contracts on dongles/data services. They can now quickly check which operator to go for.

These 3G coverage maps by mobile operator were prepared in January 2009. They represent the area where we have assessed the mobile operators met a minimum coverage threshold set by Ofcom (see technical notes below). The shaded areas on the maps indicate areas where customers have the possibility of making and receiving a call outside over a 3G network (but with no guarantee of being able to do so). They do not indicate areas where customers are able to access higher data rate services.

All operators produce their own coverage indicators on their websites which are likely to provide more reliable guidance to network availability in any given area. The accuracy and detail of the maps are not to the same level as the mobile operators publish. These maps show UK-wide general coverage and are not suitable for zooming in to see specific locations i.e. a particular house or street. Also they are not suitable for assessing the quality or depth of coverage within the indicated areas (e.g. different operators may be able to offer better or worse data rate services or support a smaller or greater number of users).

You can see the PDF of the coverage maps here.

Wireless Cellular Security

Arvind, an old colleague recently spoke in ACM, Bangalore on the topic of Security. Here is his presentation:







There are lots of interesting Questions and Answers. One interesting one is:

Does number portability mean that data within an AuC is compromised?

Not really. Number portability does not mean sensitive data from old AuC are transferred to the new AuC. The new operator will issue a new USIM which will have a new IMSI. Number portability only means that MSISDN is kept the same for others to call the mobile. The translation between MSISDN and IMSI is done at a national level register. Such a translation will identify the Home PLMN and the HLR that’s needs to be contacted for an incoming call.
That’s the theory and that’s how it should be done. It will be interesting to know how operators in India do this.

You can read all Q&A's here.

I wrote a tutorial on UMTS security many years back. Its available here.

Friday 15 May 2009

Testing UMTS protocols




Testing UMTS by Dan Fox, Anritsu

Its nearly three years since I wrote an FAQ on UMTS Testing. So when I got my hands on this book the other day, I so wanted to read it. It would be a while before I manage to go through the book in detail but my initial impression is that this book looks quite good.

Since the book deals with Protocol Testing, the testing has been grouped into three categories:

  1. Integration Testing
  2. Conformance Testing
  3. Interoperability Testing

There is a chapter explaining each of these. The Conformance testing is of interest to me as I have been involved directly and indirectly with this for quite some years now. The book explains the process, standards required and submission of tests to GCF/PTCRB.

For those whom testing does not hold much charm, they can gain greater understanding of the concepts by reading Part II of the book. One thing I really liked in this book is that the diagrams explain the concepts very well. Rather than copying them straight from the 3GPP specifications, they have been improved and re-done by the author. Basic things like 'Dynamic TFCI selection' and 'Layer 2 transport channel processing flow for the 12.2 kbps RMC' are explained clearly using the diagrams.

There is just the right amount of detail in the chapters for Physical Layer, Layer 2 (MAC, RLC, PDCP) and Layer 3 (RRC, NAS). Further chapters show message flow sequence charts explaining things like 'setting up of speech call' and 'location updating procedure'. I have some basic sequence diagrams for message flow in the Tutorial section but the ones in the book are comparatively more detailed.

The book mainly covers UMTS, with an introduction to HSPA. It would be worthwhile to have the next edition covering LTE in detail. The main reason being that there are lots of changes in the case of LTE. The Air Interface has changed, the channels are different. The NAS messages and entities are different. UMTS (and HSPA) use TTCN-2 for testing but LTE uses TTCN-3. UMTS does not use MIMO (MIMO available for HSPA from Release 7 onwards) but LTE would generally always use MIMO.

Overall, this seems to be a useful book and I am looking forward to reading it in detail.

Sunday 5 April 2009

Orthogonality and non orthogonality


Multiple access (MA) is a basic function in wireless cellular systems. Generally speaking, MA techniques can be classified into orthogonal and non-orthogonal approaches. In orthogonal approaches, signals from different users are orthogonal to each other, i.e., their cross correlation is zero, which can be achieved by time division multiple-access (TDMA), frequency-division multiple-access (FDMA) and orthogonal-frequency division multiple-access (OFDMA). Non-orthogonal schemes allow non-zero cross correlation among the signals from different users, such as in random waveform code-division multiple-access (CDMA), trellis-coded multiple-access (TCMA) and interleave-division multiple-access (IDMA).

First and second generation cellular systems are dominated by orthogonal MA approaches. The main advantage of these approaches is the avoidance of intra-cell interference. However, careful cell planning is necessary in these systems to curtail cross-cell interference. In particular, sufficient distance must exist between re-used channels, resulting in reduced cellular spectral efficiency.

Non-orthogonal CDMA techniques have been adopted in second and third generation cellular systems (e.g. CDMA2000 and uplink WCDMA). Compared with its orthogonal counterparts, CDMA is more robust against fading and cross-cell interference, but is prone to intracell interference. Due to its spread-spectrum nature, CDMA is inconvenient for data services (e.g., wireless local area networks (WLANs) and 3GPP high speed uplink/downlink packet access (HSUPA/HSDPA) standard) that require high single-user rates.

Communication services can be classified into delay sensitive and insensitive ones. A typical example of a delay-insensitive service is email. Typical examples of delay-sensitive services include speech and video applications. For delay insensitive services, rate constraints are relatively relaxed for individual users and maximizing the throughput by orthogonal methods is a common strategy. The maximum throughput can be achieved by a one-user transmission policy, where only the user with the largest channel gain is allowed to transmit. This implies time domain orthogonality as adopted in many WLANs. For delay-sensitive services, on the other hand, each user must transmit a certain amount of information within a certain period and maximizing the throughput is no longer an appropriate strategy. Rate constraints must be considered in this case.

CDMA is the most well known non-orthogonal technique. The main advantages of CDMA are its robustness against fading and cross-cell interference, and its flexibility in asynchronous transmission environments.
An uplink data transfer mechanism in the HSUPA is provided by physical HSUPA channels, such as an Enhanced Dedicated Physical Data Channel (E-DPDCH), implemented on top of Wideband Code Division Multiple Access (WCDMA) uplink physical data channels such as a Dedicated Physical Control Channel (DPCCH) and a Dedicated Physical Data Channel (DPDCH), thus sharing radio resources, such as power resources, with the WCDMA uplink physical data channels. The sharing of the radio resources results in inflexibility in radio resource allocation to the physical HSUPA channels and the WCDMA physical data channels. In CDMA, which is a non-orthogonal multiple access scheme, the signals from different users within the same cell interfere with one another. This type of interference is known as the intra-cell interference. In addition, the base station also receives the interference from the users transmitting in neighbouring cells. This is known as the inter-cell interference.

Uplink power control is typically intended to control the received signal power from the active user equipments (UEs) to the base as well as the rise-over-thermal (RoT), which is a measure of the total interference (intra- and inter-cell) relative to the thermal noise. In systems such as HSUPA, fast power control is required due to the fast fluctuation in multi-user (intra-cell) interference. This fast fluctuation will otherwise result in the well-known near-far problem. Moreover, as uplink transmission in an HSUPA system is not orthogonal, the signal from each transmitting UE is subject to interference from another transmitting UE. If the signal strength of UEs varies substantially, a stronger UE (for example, a UE in favourable channel conditions experiencing a power boost due to constructive short term channel fading such as Rayleigh fading) may completely overwhelm the signal of a weaker UE (with signal experiencing attenuation due to short term fading). To mitigate this problem, fast power control has been considered previously in the art where fast power control commands are transmitted from a base station to each UE to set the power of uplink transmission.

When an orthogonal multiple access scheme such as Single-Carrier Frequency Division Multiple Access (SC-FDMA), which includes interleaved and localized Frequency Division Multiple Access (FDMA) or Orthogonal Frequency Division Multiple Access (OFDMA), is used, multi-user interference is not present for low mobility and small for moderate mobility. This is the case for the next generation UMTS i.e. LTE system. LTE system employs SC-FDMA in uplink and OFDMA in downlink. As a result in the case of LTE, the fluctuation in the total interference only comes from inter-cell interference and thermal noise which tends to be slower. While fast power control can be utilized, it can be argued that its advantage is minimal. Hence, only slow power control is needed for orthogonal multiple access schemes.