Monday 13 October 2008

Femtocells and the stealing of Spectrum

When Femtocells are finally rolled out, it would be possible for anyone to create their own little mobile cell anywhere to enhance their coverage. At least that is what the Femtocells are supposed to help with. This would also mean that the spectrum would be open to abuse by someone who wants to abuse it.

Let's take a scenario in which someone buys a Femtocell from an operator in UK. The Femtocells will be operator specific since they will contain lots of parameters and addresses that would be terminating in the operator network. Then that person can take the Femtocell away to another country (say India) and connect the Femtocell to an Ethernet port in India. The IP packets would be routed via IP to the operator and the user is now connected via Femtocell to the UK operator even though he in in India. He would get the same treatment as in case he was in UK.

Let me point out that this would be illegal because the Spectrum in India would belong to an operator in India or this spectrum may be used for something completely different.

The operators and the device manufacturers are aware of this potential abuse. As a result they are going to use a two step approach. The first is that they would allow Femtocell to register from a registered telephone line via an IP address. They may have access to ISP data or would be aware of the range of IP address being used by the ISP. The Femtocell user will hence have to register their Telephone line and ISP with the network operator and if they change them then this would need to be informed to the operator. The second is that they would check the location of the device via GPS. This can have two problems. The first is the cost of the Femtocell will increase and the second is that unless the Femtocell is near a window or an open area, there would be no GPS signals received and the GPS approach may not work. One of the obvious use of Femtocell in London city for example is in the basements where there is absolutely no coverage due to their location.

Note that from the above you can see that even if the Femtocells are advertised as PnP or Zero Touch, etc., there would still be some overhead that will always be required.

Even if we assume that both the above approaches are being used, it may stop mass market fraud but may not be able to deter individuals who are smart enough to work around them. For example the user in India (example in the start) may use VPN to tunnel the IP packets to their home or registered address in UK and from there the packets will go to the operator network. Similarly it is not too difficult to fool the GPS receiver into believing its location.

The operators are aware and working on something better then the above strategy. I have not come across any papers yet suggesting work around these problems.

This also highlights an important problem regarding emergency calls. Should the emergency calls go via Femtocell or should they be re-directed to Macro cell. Again a clever algorithm would be needed for this. There could be a configurable parameter in the Femtocell which can check during the startup if Macrocell is present or not. If Macrocell is present then emergency calls should be re-directed and if not present then the user should be able to initiate it via Femtocell.

There are probably many more problems that would be highlighted once Femtocells are rolled out.


Anonymous said...

As far as I understood the whole thing, there is another additional approach from Femtocell manufacturer to stop you from using them in a different country.
During bootup they do scan the surrounding network. There are a few good reasons todo so, but I guess the two most important are, that first of all they check which frequencies are used in the neighboring cells to keep the interference as little as possible and secondly for exactly the thing you have mentioned above. They will also check if there are known cells of their home network in their near range to make sure they have not been brought abroad. I guess if you somehow manage to get around these checks, this is the way to get really cheap longdistance calls from your mobile phone. :)
I have also heard about adding GPS support to the boxes eventhough I would much more expect this to be used for some kind of synchronization mechanism to the core network. However I cannot really think of a nice solution with GPS. This would very much restrict you in where to place the femtocell in your home, or at least you would have to have a cable attached to it with an antenna near the window or something like this. For my part I do not really would like to have another box with cables flying around in my living room. :)

Anonymous said...

I have been thinking about this, and I also thought about the VPN. I think that the moment you walk out the phone would switch to roaming on an operator in the country you are staying, so they would find out immediately and terminate the cell authentication.

Easier to do, get a VOIP phone number and a WI FI enabled phone with a SIP voip client, and get it to work.