Showing posts with label 5G. Show all posts
Showing posts with label 5G. Show all posts

Thursday, April 9, 2026

3GPP Release 19 Description and Summary of Work Items

As the journey towards 3GPP Release 20 and 6G (3GPP Rel-21) continues to gather pace, the recently concluded Release 19 comes with a clearer view of what the next phase of 5G evolution, often referred to as 5G-Advanced, will look like in practice. One of the most useful artefacts in this process is the recently published technical report 3GPP TR 21.919, which offers a consolidated snapshot of the features and work items currently shaping this release.

Rather than focusing on detailed specifications, this report takes a step back and provides accessible summaries of the agreed work items. Each summary is intended to answer two simple but important questions: what problem is being addressed, and what impact the feature will have on the overall system. This makes the document particularly valuable not only for specialists deeply involved in standardisation work, but also for a broader audience trying to keep track of where the industry is heading.

It is worth noting that this is still very much a work in progress (50% complete). At the time of publication, just over 60 summaries have been included, with many more expected in future updates. Even so, the current version already highlights the sheer breadth of activity in Release 19, spanning everything from energy efficiency and non-terrestrial networks to AI, immersive services, and advanced radio capabilities.

In this post, I will not attempt to reinterpret or condense the summaries themselves. Instead, I am sharing the full list of topics covered in the report below, which provides a useful index into the areas that 3GPP worked on as part of Release 19.

It should be noted that the technical report (TR) presents the "initial state" of the Features introduced in Release 19, i.e. as they are by the time of publication of this document. Each Feature is subject to be later modified or enhanced, over several years, by the means of Change Requests (CRs). To further outline a feature at a given time, it is recommended to retrieve all the CRs which relate to the given Feature, as explained in its Reference section. 

Below is the list of all topics covered in this report. Some of the topics may be missing a summary, which will be added later in the later updates.  

5 Rel-19 Energy Efficiency, Energy Saving
5.1   Enhancements of Network energy savings for NR
5.2   Low-power wake-up signal and receiver for NR (LP-WUS/WUR)
5.3   Energy Efficiency as Service Criteria

6   Rel-19 Satellite (5GSAT), NTN, UAS, Aerial
6.1   Satellite access Phase 3
6.1.1   Security Aspects of 5G Satellite Access Phase 3
6.1.2   Charging aspects of satellite access Phase 3
6.2   Non-Terrestrial Networks (NTN) for NR Phase 3
6.3   Enhancements for Air-to-ground network for NR
6.4   Inter-RAT mode mobility support from E-UTRAN TN to NR NTN
6.5   Non-Terrestrial Networks (NTN) for Internet of Things (IoT) Phase 3 (for LTE)
6.6   Introduction of IoT-NTN TDD mode
6.7   Enhanced requirements and test methodology for NR NTN and IoT NTN
6.8   On-demand broadcast of GNSS assistance data
6.9   Uncrewed Aerial System Phase 3
6.10   Support for PWS in Satellite E-UTRAN and Satellite NG-RAN
6.11   Introduction of BDS (BeiDou Navigation Satellite System) B2b Signal in A-GNSS for LTE and NR
6.12   Introduction of A-GNSS support for NavIC (Navigation with Indian Constellation) L1 SPS (Standard Positioning Service) in NR & LTE
6.13   Management Aspects of Rel-18's NTN Phase 2
6.14   Lower Selection-priority for PLMN Selection
6.15   New LTE band for 5G broadcast for region 3 utilizing a geosynchronous satellite
6.16   Satellite band-related items
6.16.1   Introduction of Ku bands for NR NTN
6.16.2   Introduction of additional operating NR bands for HAPS (High Altitude Platform Station)
6.16.3   Introduction of another NR NTN S-band (MSS band 2000-2020 MHz UL and 2180-2200 MHz DL)
6.16.4   New NR NTN bands to support Extended L-band and combined MSS L-band and Extended L-band ranges
6.16.5   Introduction of another IoT-NTN S-band (MSS band 2000-2020 MHz UL and 2180-2200 MHz DL)

7   Rel-19 Internet of Things (IoT) and Reduced Capability (RedCap) UE
7.1   NR power class 2 RedCap (Reduced Capability) UE in FR1
7.2   NAS layer overhead reduction for data transfer using CP CIoT
7.3   Management Aspects of RedCap features

8   Ambient power-enabled Internet of Things (IoT)
8.1   Ambient power-enabled Internet of Things (IoT) (SA and CT)
8.1.1   Charging for Ambient power-enabled Internet of Things
8.1.2   Security Aspects of Ambient IoT Services in 5G for Isolated Private Networks
8.2   Solutions for Ambient IoT (Internet of Things) in NR

9   Rel-19 Artificial Intelligence (AI)/Machine Learning (ML)
9.1   AI/ML Model Transfer Phase 2
9.2   Core Network Enhanced Support for Artificial Intelligence (AI)/Machine Learning (ML)
9.3   Application enablement for AI/ML services
9.4   Artificial Intelligence (AI)/Machine Learning (ML) for NR air interface
9.5   Artificial Intelligence (AI)/Machine Learning (ML) for NR air interface
9.6   Enhancements for Artificial Intelligence (AI)/Machine Learning (ML) for NG-RAN
9.7   AI/ML Management Phase 2
9.8   Protocol for AI Data Collection from UPF

10   Rel-19 Verticals and Non Public Network
10.1   Rel-19 Enhancements of 3GPP Northbound and Application Layer Interfaces and APIs
10.2   SEAL DD (Data Delivery) Phase 2
10.3   Common Application Programming Interface (API) Framework (CAPIF) Phase 3
10.4   Enhanced OAM for management service exposure to external consumers through CAPIF
10.5   Non-Public Network (NPN) security considerations
10.6   Security for PLMN hosting a NPN
10.7   Interconnect of SNPN
10.8   ProSe support in NPN

11   Rel-19 communications services
11.1   Media Messaging Enhancements
11.2   Terminal Audio quality performance and Test methods for Immersive Audio Services, Phase 2
11.3   EVS Codec Extension for Immersive Voice and Audio Services, Phase 2
11.4   5GMSG Service phase 3
11.5   Video Operating Points - Harmonization and Stereo MV-HEVC
11.6   Advanced Media Delivery
11.7   5G Real-time Transport Protocol Configurations, Phase 2
11.8   Next Generation Real time Communication services Phase 2
11.8.1   System architecture for Next Generation Real time Communication services Phase 2
11.8.2   Security support for the Next Generation Real Time Communication services Phase 2
11.8.3   Application enablement aspects for MMTel

12   Rel-19 XR (eXtended Reality), Augmented Reality (AR), Metaverse, Edge Computing
12.1   Localized Mobile Metaverse Services
12.2   Extended Reality and Media
12.3   XR (eXtended Reality) for NR Phase 3
12.4   Avatar Communications in AR Calls
12.5   Split rendering over IMS
12.6   Enhancement of support for Edge Computing in 5G Core network - Phase 3
12.7   Edge Computing for Industrial Scenarios
12.8   Edge Computing Considering the Operational Needs of Service Hosting Environment
12.9   Architecture for enabling Edge Applications Phase 3

13   Rel-19 High Power UEs (HPUE)
13.1   Rel-19 High power UE (power class 1.5 or 2) for NR intra-band CA or NR inter-band CA/DC band combinations with/without NR Supplementary Uplink (UL)
13.2   Rel-19 High power UE (power class 1.5 and 2) for NR FR1 TDD/FDD single band for handheld/FWA UEs, and high power UE operation (power class 1) for FWVM (fixed-wireless/vehicle-mounted) use cases in a single NR band
13.3   Introduction of Power Class 2 and UE 40MHz Channel Bandwidth in NR band n28
13.4   Rel-19 High power UE (power class 1.5 or 2) for DC combinations of LTE band(s) and NR band(s)
13.5   Rel-19 High power UE (power class 2) and high power operation (power class 1) for fixed-wireless/vehicle-mounted use cases in a single LTE band

14   Rel-19 RAN topology
14.1   5G NR Femto
14.2   Additional topological enhancements for NR
14.3   Vehicle Mounted Relays Phase 2

15   Rel-19 Sidelink, Proximity
15.1   NR sidelink multi-hop relay
15.2   UE-to-UE multi-hop relay
15.3   NR Sidelink: Intra-band Carrier Aggregation in ITS band
15.4   Charging Aspects of Ranging and Sidelink Positioning
15.5   Multi-path relay
15.6   Proximity-based Services in 5GS Phase 3

16   NR and LTE Dual Connectivity (DC)
16.1   UE RF enhancements for NR FR1/FR2 and EN-DC, Phase 4
16.2   Support of intra-band non-collocated EN-DC/NR-CA deployment Phase2: new receiver type(s)
16.3   Rel-19 downlink interruption for NR and EN-DC band combinations at dynamic Tx Switching in Uplink
16.4   Rel-19 DC of x LTE band(s), y NR band(s) (1<=x<6, 1<=y<6, x+y<=6) and single or two NR Supplementary Uplink (SUL) bands
16.5   Simultaneous Rx/Tx band combinations for NR CA/DC, NR SUL and LTE/NR DC in Rel-19
16.6   UE Conformance - Rel-19 NR CA and DC; and NR and LTE DC Configurations

17   Rel-19 Other NR and LTE Radio
17.1   Adding channel bandwidth(s) support to existing NR bands and CA/ENDC combinations in REL-19
17.2   Data collection for SON (Self-Organising Networks)/MDT (Minimization of Drive Tests) in NR standalone and MR-DC (Multi-Radio Dual Connectivity) Phase 4

18   Rel-19 NR Radio
18.1   NR mobility enhancements Phase 4
18.2   Evolution of NR duplex operation: Sub-band full duplex (SBFD)
18.3   NR Radio Resource Management (RRM) Phase 5
18.4   Multi-carrier enhancements for NR Phase 3
18.5   NR demodulation performance Phase 5
18.6   NR MIMO Phase 5
18.7   FR1 TRP, TRS and MIMO OTA testing enhancement Phase 3
18.8   Rel-19 NR CA/DC for x bands DL with y bands UL (x<7, y<3) and SUL/CA band combinations with a single SUL or two SUL cells
18.9   Low band carrier aggregation via switching
18.10  NR channel BW less than 5MHz for FR1 Phase 2
18.11  mmWave in NR: UE spurious emissions and EESS (Earth Exploration Satellite Service) protection
18.12  NR base station (BS) RF requirement evolution for FR1/FR2 and testing
18.13  UE Conformance - New Rel-19 NR licensed bands and extension of existing NR bands
18.14  Other band-related items
18.14.1   7MHz Channel Bandwidth for n26 and n5
18.14.2   Introduction of the NR FDD 1.4 GHz band
18.14.3   Introduction of NR bands n87 and n88
18.14.4   Introduction of NR band n68
18.14.5   Additional NR bands for NR features in Rel-19
18.15  Study on spatial channel model for demodulation performance requirements for NR

19   Rel-19 LTE Radio
19.1   LTE-based 5G Broadcast Phase 2
19.2   Rel-19 LTE-Advanced Carrier Aggregation for x bands (1<=x<= 6) DL with y bands (y=1, 2) UL
19.3   Band-related items
19.3.1   New bands for LTE based 5G terrestrial broadcast for early deployments
19.3.2   Introduction of LTE FDD band in 1800–1830 MHz for Canada

20   Rel-19 Mission Critical, eCall, Emergency
20.1   Enhanced Mission Critical Architecture
20.2   Enhanced Mission Critical Location Management
20.3   Alignment of eCall over IMS with CEN
20.4   UE Conformance - Alignment of eCall over IMS with CEN
20.5   Multiple Location Procedure for Emergency LCS Routing
20.6   Multimedia Priority Service (MPS) for Messaging services
20.7   Mission Critical (MC) services for generic support on Isolated Operation for Public Safety (IOPS) mode of operation
20.8   Sharing of administrative configuration between interconnected MC service systems
20.9   Future Railway Mobile Communication System (FRMCS) Phase 5
20.10   Mission critical security enhancements for release 19
20.11   Protocol enhancements for Mission Critical Services

21   Rel-19 Network Slicing
21.1   Network Controlled Network Slice Selection

22   Rel-19 Service-Based Architecture (SBA)
22.1   UPF enhancement for Exposure And SBA Phase 2
22.2   Automatic Certificate Management Environment (ACME) for the Service Based Architecture (SBA)
22.3   Reducing Information Exposure over SBI
22.4   Service Based Interface Protocol Improvements Release 19

23   Rel-19 QoS and Policy
23.1   Rel-19 Enhancements of UE Policy
23.2   Rel-19 Enhancements of Session Management (SM) Policy
23.3   Minimize the Number of Policy Associations
23.4   Spending Limits for UE Policies in Roaming scenario
23.5   Enhancing Parameter Provisioning with static UE IP address and UP security policy
23.6   Providing per-subscriber VLAN instructions from UDM and DN-AAA
23.7   QoS monitoring enhancement

24   Rel-19 multi-access
24.1   Upper layer traffic steering and switching over dual 3GPP access
24.2   Multi-Access (ATSSS_Ph4)
24.3   ATSSS Rule Provisioning via 3GPP access connected to EPC
24.4   Local traffic routing for multi-access UE

25   Other topics
25.1   Deferred 5GC-MT-LR Procedure for Periodic Location Events based NRPPa Periodic Measurement Reports
25.2   Subscription control for reference time distribution in EPS
25.3   Rel-19 IMS:
25.3.1   PS Data Off for IMS Data Channel Service
25.3.2   IMS Disaster Prevention and Restoration Enhancement
25.3.3   IMS Stage-3 IETF Protocol Alignment
25.4   Identifying non-3GPP Devices Connecting behind a UE or 5G-RG
25.5   Integrated Sensing and Communication
25.6   Rel-19 Application Data Analytics Enablement Service
25.7   Interworking of Non-3GPP Digital Terrestrial Broadcast Networks with 5GS Multicast Broadcast Services
25.8   Minimization of Service Interruption During Core Network Failure Phase 2
25.9   Measurement Data Collection
25.10  Enhanced application layer support for location services
25.11  NF discovery and selection by target PLMN
25.12  MSISDN verification operation support to Nnef_UEId Service
25.13  Rel-19 Enhancements of Network Automation Enablers
25.14  Enhancement of controlling RAT utilization
25.15  CT Aspects for IP Domain usage
25.16  Indirect Network Sharing
25.17  Management of Network Sharing Phase 3
25.18  Roaming Value-Added Services
25.19  Monitoring of signalling traffic in 5G
25.20  Roaming traffic offloading via session breakout in HPLMN
25.21  Stage-3 5GS NAS protocol development 18
25.22  Stage-3 SAE Protocol Development
25.23  Harmonization of test case definitions for cross-RAT usability
25.24  Data management regarding subscriptions and reporting
25.25  PRU Usage Extension supported by Core Network

26   Rel-19 miscellaneous Security
26.1   Security Assurance Specification for maintenance of 5G features
26.2   5G Security Assurance Specification (SCAS) for the Unified Data Repository (UDR)
26.3   5G Security Assurance Specification (SCAS) for the Short Message Service Function (SMSF)
26.4   Addition of 256-bit security Algorithms
26.5   Addition of Milenage-256 algorithm
26.6   Roaming and interconnect authorization aspects in indirect communication
26.7   Public key distribution and Issuer claim verification of the Access Token
26.8   3GPP profiles for cryptographic algorithms and security protocols
26.9   Mobility over non-3GPP access to avoid full primary authentication
26.10  LI Handling of Protected Services
26.11  Lawful Interception Rel-19
26.12  Lawful Interception Guidance Rel-19
26.13  Specification of example algorithm for alternative f5* (f5**) function

27   Rel-19 miscellaneous OAM&charging
27.1   Charging aspects for Multi-Operator Core Network (MOCN) Network Sharing
27.2   Service Based Management Architecture enhancement phase 3
27.3   Management Data Analytics phase 3
27.4   Intent driven management services for mobile network phase 3
27.5   Management of planned configurations
27.6   Management aspects of Network Digital Twins
27.7   Closed Control Loop Management
27.8   Data management phase 2
27.9   5G performance measurements and KPIs phase 4
27.10  5G Advanced NRM features phase 3
27.11  Subscriber and Equipment Trace and QoE collection management
27.12  Management of IAB nodes
27.13  Enhancement of Management Aspects Related of NWDAF Phase 2
27.14  CHF Segmentation
27.15  Subscriber Data Migration

You can download the latest version of the specs from here.

Related Post

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , ,

Tuesday, January 20, 2026

Telecom Security Realities from 2025 and Lessons for 2026

Telecom security rarely stands still. Each year brings new technologies, new attack paths, and new operational realities. Yet 2025 was not defined by dramatic new exploits or spectacular network failures. Instead, it became a year that highlighted how persistent, patient and methodical modern telecom attackers have become.

The recent SecurityGen Year-End Telecom Security Webinar offered a detailed look back at what the industry experienced during 2025. The session pulled together research findings, real world incidents and practical lessons from across multiple domains, including legacy signalling, eSIM ecosystems, VoLTE vulnerabilities and the emerging world of satellite-based mobile connectivity.

For anyone working in mobile networks, the message was clear. The threats are evolving, but many of the core problems remain stubbornly familiar.

A Year of Stealth Rather Than Spectacle

One of the most important themes from the webinar was that 2025 did not bring a wave of highly visible disruptive telecom attacks. Instead, it was characterised by quiet, low profile intrusions that often went undetected for long periods.

Operators around the world reported that attackers increasingly favoured living-off-the-land techniques. Rather than deploying noisy malware, intruders looked for ways to gain legitimate access to core systems and remain hidden. Lawful interception platforms, subscriber databases such as HLR and HSS, and internal management platforms were all targeted.

The primary objective in many cases was intelligence collection. Attackers were interested in call data, subscriber information and network topology rather than immediate disruption. This shift in motivation makes detection far more difficult, as there are often few obvious signs of compromise.

At the same time, automation has become a defining feature on both sides of the security battle. Operators are investing heavily in AI and machine learning to identify abnormal behaviour. Attackers are doing exactly the same, using automation to scale phishing campaigns and to accelerate exploit development.

Despite all this technology, basic security discipline continues to be a major challenge. A significant proportion of incidents still originate from human error, poor operational practices or simple failure to apply patches. The industry continues to invest billions in cybersecurity, but much of that effort is consumed by reporting and compliance activities rather than direct threat mitigation.

eSIM Security Comes into Sharp Focus

The transition from physical SIM cards to eSIM and remote provisioning is one of the most significant structural changes in the mobile industry. It offers clear benefits in terms of flexibility and user experience. However, the webinar highlighted that it also introduces entirely new security concerns.

Traditional SIM security models relied heavily on physical control. Fraudsters needed access to large numbers of real SIM cards to operate at scale. With eSIM, many of those physical constraints disappear. Remote provisioning expands the number of parties involved in the connectivity chain, including resellers and intermediaries who may not always operate under strict regulatory oversight.

During 2025 several major SIM farm operations were dismantled by law enforcement. These infrastructures contained tens of thousands of active SIM cards and were used for large scale fraud, smishing campaigns and automated account creation. While such operations existed long before eSIM, the technology has the potential to make them even easier to deploy and manage.

Research discussed in the session pointed to additional concerns. Analysis of travel eSIM services revealed issues such as cross-border routing of management traffic, excessive levels of control granted to resellers, and lifecycle management weaknesses that could potentially be abused by attackers. In some cases, resellers were found to have capabilities similar to full mobile operators, but without equivalent governance or transparency.

The conclusion was not that eSIM is inherently insecure. The technology itself uses strong encryption and robust mechanisms. The problem lies in the wider ecosystem of trust boundaries, partners and processes that surround it. Securing eSIM therefore requires cooperation between operators, vendors, regulators and service providers.

SS7 Remains a Persistent Weak Point

Few topics in telecom security generate as much ongoing concern as SS7. Despite being a technology from a previous era, it remains deeply embedded in global mobile infrastructure. The webinar dedicated significant attention to why SS7 continues to be exploited in 2025 and why it is likely to remain a problem for many years to come.

Throughout the year, media reports and research papers continued to demonstrate practical abuses of SS7 signalling. Attackers probed networks, attempted to bypass signalling firewalls and looked for new ways to manipulate protocol behaviour. Techniques such as parameter manipulation and protocol parsing tricks were highlighted as methods that can sometimes evade existing protections.

One particularly interesting demonstration showed how SS7 messages could be used as a covert channel for data exfiltration. By embedding information inside otherwise legitimate signalling transactions, attackers can potentially move data across networks without triggering traditional security alarms.

Perhaps the most striking point raised was how little progress has been made in eliminating SS7 dependencies. Analysis of global network deployments showed that only a handful of countries operate mobile networks entirely without SS7. Everywhere else, the protocol remains a foundational element of roaming and interconnect.

As a result, even operators that have invested heavily in 4G and 5G security can still be undermined by weaknesses in this legacy layer. The uncomfortable reality is that SS7 vulnerabilities will continue to be exploited well into 2026 and beyond.

VoLTE and Modern Core Network Risks

While legacy protocols remain a problem, modern technologies are not immune. VoLTE infrastructure in particular was identified as an increasingly attractive target.

VoLTE relies on complex interactions between signalling systems, IP multimedia subsystems and subscriber databases. Weaknesses in configuration or interconnection can open the door to call interception, fraud or denial of service. Several real world incidents during 2025 demonstrated that attackers are actively exploring these paths.

The move toward fully virtualised and cloud-native mobile cores also introduces new operational challenges. Telecom networks now resemble large IT environments, complete with the same risks around misconfiguration, insecure APIs and exposed management interfaces.

The Emerging Security Challenge of 5G Satellites

One of the most forward-looking parts of the webinar focused on non-terrestrial networks and direct-to-device satellite connectivity. What was once a concept for the distant future is rapidly becoming a commercial reality.

Satellite integration promises to extend 5G coverage to remote areas, oceans and disaster zones. However, it also changes the security model in fundamental ways. Satellites can act either as simple relay systems or as active components of the mobile radio access network. In both cases, new threat vectors emerge.

Potential issues discussed included the risk of denial of service against shared satellite resources, difficulties in applying traditional radio security controls in space-based equipment, and the possibility of more precise user tracking due to the way satellite systems handle location information.

Experts from the space cybersecurity community explained how vulnerabilities in mission control software and ground segment infrastructure could be exploited. Much of this software was originally designed for isolated environments and is only now being connected to wider networks and the internet.

As telecom networks expand beyond the boundaries of the Earth, security responsibilities extend with them. Operators will need to think not only about terrestrial threats but also about risks originating from space-based components.

The Human Factor and the Skills Gap

Technology was only part of the story. Another recurring theme was the global shortage of skilled telecom cybersecurity professionals.

Studies referenced in the session suggested that millions of additional specialists are needed worldwide, yet only a fraction of that demand can currently be filled. Many security teams are overwhelmed by the sheer volume of alerts and data they must process.

This shortage has real consequences. When teams are stretched thin, patching is delayed, anomalies are missed and complex investigations become difficult to sustain. The panel emphasised that throwing more tools at the problem is not enough. Organisations must focus on training, automation and smarter operational processes.

Automation and AI-driven analysis were presented as essential enablers. Given the scale of modern mobile networks, it is simply not feasible for human analysts to monitor every signalling protocol, every core interface and every emerging technology manually.

Preparing for 2026

Looking ahead, the experts agreed on several broad trends. Attacks on legacy systems such as SS7 will continue. Fraudsters will increasingly target eSIM provisioning processes. VoLTE and 5G core components will face growing scrutiny. Satellite-based connectivity will introduce new and unfamiliar security questions.

Perhaps most importantly, the line between traditional telecom security and general cybersecurity will continue to blur. Mobile networks are now large, distributed IT platforms, and they inherit all the complexities that come with that transformation.

Operators, regulators and vendors must therefore adopt a holistic view. Investment must go beyond compliance reporting and focus on practical defences, real time monitoring and collaborative intelligence sharing.

Final Reflections

The SecurityGen webinar provided a valuable snapshot of an industry at a crossroads. Telecom networks are becoming more advanced and more capable, but also more complex and interconnected than ever before.

2025 demonstrated that attackers do not always need new vulnerabilities. Often they succeed simply by exploiting old weaknesses in smarter ways. The challenge for 2026 is to close those gaps while also preparing for the technologies that are only just beginning to emerge.

For those involved in telecom security, the full discussion is well worth watching. The complete webinar recording can be viewed below:

Related Posts:

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , , , , , , , , ,

Thursday, December 18, 2025

Transport Networks Holding Modern Mobile Architectures Together

When people talk about mobile networks, the conversation almost always starts with the air interface. Spectrum, waveforms, MIMO, antennas and radios dominate conference agendas, white papers and training courses. After that comes the RAN, then the core, and occasionally backhaul is given a brief mention. What sits quietly in the middle of all this, often taken for granted, is the transport network. Yet without a well designed transport layer, even the most advanced radio and core architecture struggles to deliver on its promises.

Transport networks are the connective tissue of mobile communications. They carry traffic between radio sites, aggregation layers, edge and regional data centres, and the core network. As highlighted in the accompanying Mpirical video, transport is not a single homogeneous network but an end to end topology made up of multiple architectural domains, each with different performance, scale and resilience requirements.

At the core of the network, transport is typically built using highly resilient designs such as full mesh or spine and leaf architectures. These environments are already operating at hundreds of gigabits per second per link, with clear evolution paths towards terabit scale throughput. This part of the network rarely gets attention from mobile engineers, yet it underpins everything that follows. If the core transport layer cannot scale, the rest of the mobile network inevitably hits a ceiling.

Moving closer to the cell site, the transport network transitions into metro and aggregation domains. Here, spine and leaf or ring based topologies are commonly used, supporting large numbers of high capacity connections while also providing access to edge and regional data centres. This is where transport starts to intersect directly with mobile architecture decisions. The placement of edge computing platforms, local breakout, and centralised RAN functions all depend on the capabilities of this aggregation layer.

Closer still to the access network, transport designs often shift again. Ring, star or chain topologies are frequently used to connect clusters of cell sites, with capacities that reflect both traffic demand and economic constraints. Although fibre is the dominant medium, especially for 5G, it is rarely the only one. Microwave, integrated access and backhaul, and even non terrestrial technologies play an increasingly important role in extending coverage and improving resilience where fibre is impractical or unavailable.

The importance of transport becomes even clearer when viewed through the lens of disaggregated RAN and cloud based architectures. With gNodeB functions split into remote radio units, distributed units and centralised units, transport is no longer just backhaul. It becomes fronthaul and midhaul as well, each with distinct latency, synchronisation and bandwidth requirements. Centralised units may sit deep in the network, served by high capacity backhaul, while distributed units are connected via midhaul rings and radios are attached using star or ring topologies at the very edge.

This architectural shift exposes a common blind spot. Many performance issues blamed on the RAN are in fact rooted in transport limitations. Synchronisation accuracy, latency variation and resilience all depend heavily on transport design and operation. Packet based transport, while flexible and cost effective, places strict demands on timing and quality that cannot be treated as an afterthought.

As networks move towards 5G standalone, private networks and early 6G concepts, transport will become even more tightly coupled with service delivery. Network slicing, deterministic performance and edge driven applications all rely on a transport layer that can offer predictable behaviour rather than best effort connectivity. This pushes transport out of the shadows and into the critical path of mobile network design.

The 5G Transport Network Topology video as follows:

For mobile engineers, the message is clear. Understanding the air interface will always be essential, but it is no longer enough. Transport networks shape where functions can be placed, how services perform, and how networks scale over time. The video embedded alongside this post provides a useful visual reminder that mobile networks are not just radios and cores connected by invisible links. Transport is a network in its own right, and it deserves far more attention than it usually gets.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , ,

Tuesday, November 25, 2025

IET Lecture by Prof. Andy Sutton: Point to Point Microwave Radio Systems

Point to point microwave radio systems have been with us for more than eighty years, yet they rarely attract much attention in an era where fibre dominates network planning and satellite systems continue to develop at pace. At a recent IET Anglian Coastal Local Network event, Prof. Andy Sutton delivered an excellent lecture that brought these fixed radio links back into the spotlight. His talk explored the history, engineering and future of microwave and millimetre wave links, reminding us why they remain essential for transmission networks in the UK and around the world.

The story begins with the national microwave radio network of the 1970s, with the BT Tower at its centre. These early deployments supported long links across the country and laid the foundation for many of the design principles still used today. While the landscape has changed significantly, the fundamentals of fixed radio communication continue to be shaped by spectrum availability, propagation characteristics and careful engineering.

Microwave links depend on a wide range of bands, from the lower 6 GHz region through to 80 GHz E-band. The choice of frequency affects everything from link length to susceptibility to atmospheric absorption. As Andy explained, a link designer must consider not just free space path loss, but also Fresnel zone clearance, rainfall intensity and antenna characteristics. The slides included a worked example that showed the impact of frequency and distance on the radius of the Fresnel zone and highlighted the need for adequate clearance to maintain availability over time.

The talk moved on to modern access radio systems, where compact rooftop nodes and all-outdoor radios have become common. These systems rely on careful use of vertical and horizontal polarisations, often enabled through XPIC technology. XPIC allows separate data streams to coexist on the same frequency using orthogonal polarisations, effectively doubling link capacity when conditions allow. This is paired with adaptive coding and modulation, which enables the radio to shift modulation schemes according to link quality. The result is a more resilient and efficient link compared to older fixed-modulation systems.

Capacity planning is a balancing act that involves radio channel bandwidth, modulation choice and the number of aggregated carriers. Wider channels and higher order modulation support multi-gigabit throughput, although this introduces penalties in transmit power and receiver sensitivity. The trade-offs are central to radio design and determine the type of equipment used, whether through a separate indoor and outdoor unit or an integrated all-outdoor system.

Andy also covered the practical elements of radio link planning, such as antenna selection, path profiling, waveguide losses and typical link budget calculations. A link planning example using a 32 GHz radio demonstrated the relationship between transmit power, antenna gain, free space loss and fade margin for a target availability of 99.99 percent. The discussion tied together the theoretical foundations with real-world engineering and illustrated how access radios are designed for street-level backhaul scenarios.

The lecture then moved to millimetre wave systems, particularly E-band radios that operate around 70 and 80 GHz. These links offer enormous capacity over shorter distances and are increasingly used for dense urban backhaul and enterprise connectivity. The slides included examples of network topologies showing how microwave and fibre can be combined to meet different deployment objectives.

A substantial part of the presentation focused on trunk or core microwave radio systems. These high-capacity, high-availability links support long distances and historically formed the backbone of national networks. Although demand for trunk links has reduced as fibre has spread, they still exist in challenging environments. In the UK, many trunk links remain operational in Scotland and island regions where terrain and geography limit fibre deployment. The lecture covered branching networks, duplexers, waveguide installations and space diversity techniques, all of which contribute to the reliability of long-haul links.

Looking ahead, research continues into new frequency bands, wider channels, higher modulation schemes and improved radio hardware. These advances will support even greater capacities, with millimetre wave links expected to reach 100 Gbps over short distances. Microwave radio may no longer be the headline technology it once was, but the field continues to push boundaries and remains an essential part of modern communication networks.

Andy’s lecture was a comprehensive tour of the past, present and future of point to point microwave systems. For anyone working in transmission, mobile networks or wireless engineering, it served as a valuable reminder of the depth of innovation in this area and its continued relevance in the broader ecosystem.

If you would like to explore the material in more detail, the slides from the event are available here and the video can be seen here. Both are well worth a look.

Related Posts:

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , , ,

Thursday, October 16, 2025

Evolving Communication Security Towards 6G at the ETSI Security Conference 2025

The annual ETSI Security Conference returned to the French Riviera from 6 to 9 October, once again bringing together the global cybersecurity community in the beautiful surroundings of ETSI headquarters. Over 250 participants from industry, government agencies, academia, global standards bodies, and open-source communities attended, making it one of the most engaging editions to date. The four-day event featured keynotes, panel discussions, technical sessions, poster presentations and live demonstrations, offering a holistic view of today’s security challenges and tomorrow’s opportunities.

The opening day provided a broad overview of the global cybersecurity landscape, setting the tone for the week ahead. Discussions highlighted emerging trends such as the growing influence of artificial intelligence and the rapid evolution of regulatory frameworks, including the European Commission’s Cyber Resilience Act. The sessions underscored the importance of collaboration between policymakers, researchers, and standards organisations. The afternoon focused on the cyber skills gap, a recurring theme across many sectors, stressing the need for education and training to build a security-aware workforce capable of safeguarding future digital systems. Standards were identified as key enablers in bridging policy and implementation, helping to transform regulatory intent into operational resilience.

The second day examined the paradox between AI as both a risk and a defence mechanism in cybersecurity. Experts discussed how AI-driven systems can expose new vulnerabilities if developed without strong security foundations, while also offering powerful tools for detection and response. Another session addressed fraud reduction and the convergence of security strategies to protect both networks and end users. A major highlight was the discussion on the global uptake of ETSI’s consumer IoT security standard, ETSI EN 303 645. Representatives from Germany, the UK, Singapore and Japan shared national experiences implementing consumer labelling schemes based on this standard, confirming its status as a globally recognised baseline for IoT security.

The third day was dedicated to the evolution of communication technologies and the emerging security landscape as the world moves towards 6G. Chaired by Dario Sabella from xFlow Research, the morning session explored how the journey from 5G Advanced to 6G requires a fresh approach to network security. The day began with an update from Alain Sultan of ETSI on the ongoing work within 3GPP SA3, focusing on strengthening frameworks for new architectures and deployment models. Bengt Salin from Ericsson outlined what should be considered in shaping security for 6G, emphasising that the next generation must be secure by design, not by adaptation. Nauman Khan from STC analysed the threat landscape surrounding 5G MEC and private networks, noting that as edge computing becomes more widespread, it introduces new vulnerabilities but also provides insights that can guide 6G security frameworks. Leyi Zhang from ZTE then presented on Secure Space-Air-Ground Integrated Networks, a concept uniting terrestrial, aerial, and satellite systems to provide ubiquitous connectivity. Ensuring trust, authentication, and data protection across such a heterogeneous environment presents one of the greatest challenges for 6G.

A panel discussion moderated by Dario Sabella brought together the morning’s speakers to reflect on security priorities toward 6G. The consensus was clear: while 6G is still in the early stages of standardisation, security must not be an afterthought. Lessons from 5G—particularly regarding openness, complexity, and trust—must inform the architecture and design principles of 6G from the outset. The afternoon sessions continued with broader discussions about digital sovereignty, fragmentation, and whether the internet is moving toward a “splinternet”. The day concluded with a deep dive into post-quantum cryptography, where real-world implementations provided valuable lessons for securing the next era of communication systems.

The final day of the conference shifted attention to geopolitics, cyber resilience, and the role of standards in shaping strategic responses to global challenges. Speakers explored how critical infrastructure security is increasingly influenced by geopolitical dynamics and how coordinated international standards can help mitigate risks. The Cyber Resilience Act remained a focal point, with experts emphasising the urgency of developing the 19 associated ETSI standards to support implementation. Harmonising global labelling schemes based on ETSI EN 303 645 was identified as an immediate priority, while in the longer term, education—both for future generations and C-level executives—was seen as essential to strengthen awareness of how standards underpin sovereignty, innovation, and competitiveness.

The 2025 edition of the ETSI Security Conference reaffirmed ETSI’s position as a central hub for cybersecurity dialogue and collaboration. From 5G and IoT to post-quantum cryptography and 6G, it showcased how security is now integral to every layer of the digital ecosystem. As the journey toward IMT-2030 continues, the message from Sophia Antipolis was clear: proactive, standards-based collaboration is the foundation of a secure connected future.

You can see the detailed agenda here. The presentations from the conference are all available here.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , ,

Thursday, October 9, 2025

Seamless UE Context Recovery (SUECR) in 3GPP Release 18

3GPP Release 18 introduces a wide range of enhancements across the 5G system, from energy efficiency and XR optimisation to AI-powered features. Among these developments is a practical but important addition known as Seamless User Equipment Context Recovery (SUECR), designed to handle situations where a device temporarily goes offline.

When a device such as a smartphone or IoT unit undergoes an operating system upgrade, a modem reset or a software update, it may become unavailable for a period of time. If this happens without informing the network, the operator’s core functions and connected application servers may continue to treat the device as available. This can result in wasted signalling, unnecessary retries and disruptions to critical operations that depend on the device’s availability.

SUECR provides a solution by allowing the device to notify the network of an unavailability period, which is a defined window of time during which it cannot communicate. Both the device and the core network retain important session and mobility information so that once the device returns, service can continue smoothly without unnecessary procedures.

The feature works in two ways depending on the device’s ability to store context information. If the device can preserve its mobility and session management contexts in non-volatile memory or on the SIM, it executes a registration procedure before going offline. The unavailability period is included in this request, and the Access and Mobility Management Function (AMF) records the duration and recognises the device as unreachable until it re-registers. If an application function has subscribed to receive updates on device availability, the AMF also forwards this information so that application servers can adapt accordingly. If the device cannot save its context, it instead executes a deregistration procedure to notify the AMF of its unavailability, with similar treatment by the network until the device performs its next registration.

Once the update or reset is complete, the device re-registers with the network and resumes normal service. If the planned downtime is delayed, cancelled or extended, the device repeats the procedure to keep the network and applications accurately informed. This ensures that network functions and application servers no longer waste resources attempting to reach devices that are temporarily offline.

By introducing SUECR, Release 18 strengthens service reliability and efficiency. It prevents unnecessary signalling and enables critical applications to maintain accurate awareness of device availability. The figure above, from NTT Docomo’s Technical Journal, illustrates how the unavailability period is managed depending on whether the registration or deregistration procedure is used.

Seamless User Equipment Context Recovery may appear as a small enhancement in the context of all the new Rel-18 features, but it addresses an important gap in 5G operations. As networks continue to evolve towards automation and support for mission-critical services, this function will play a key role in making device management more predictable and dependable.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , ,

Tuesday, September 23, 2025

5G+ and 5GA Icon (Pictogram) in New Smartphones

As 5G matures, new icons are appearing on smartphones to distinguish faster or more advanced connections. Some of the latest 5G smartphones around the world have started showing new icons such as 5G+ and 5GA. Interestingly, in Japan these are referred to as pictograms.

A long time ago, we looked at how Swisscom described its 5G rollout as 5G-wide and 5G-fast. Today, Swisscom uses the 5G+ icon to represent what it previously called 5G-fast. In its annual report, Swisscom explained:

5G (and 5G+) is the latest generation of mobile technology. Compared to 3G and 4G, it provides even more capacity, very short response times, and higher bandwidths. 5G technology plays a major role in supporting the digitalisation of the Swiss economy and industry. Swisscom differentiates between 5G-fast (narrower coverage up to 2 Gbit/s and more) and 5G-wide (Switzerland-wide 5G coverage with up to 1 Gbit/s). 5G-fast is also known as 5G+. Both variants are more efficient than their predecessor technologies with respect to energy consumption and use of electromagnetic fields.

Japan has only recently transitioned to using 5G+. A Google-translated page from NTT Docomo explains it as follows:

In areas where 5G communication is possible, the RAT display on standby will be "5G." On the other hand, during communication, the RAT display will be "5G+" for 5G communication using wideband 5G frequencies (3.7 GHz, 4.5 GHz, 28 GHz), "5G" for 5G communication using 4G frequencies, and "4G+" for LTE communication.

There are also footnotes clarifying that the display depends on the device, the bands supported, and the area of use.

From this, my understanding is that in newer devices the 5G+ icon is primarily used to indicate speed and capability, regardless of whether the connection is Standalone (SA) or Non-Standalone (NSA) 5G. KDDI is following the same approach, as explained on its own support pages.

Last year we looked at what iPhone icons meant. In iOS 18, 5G+ indicated that the phone was connected to mmWave. In iOS 19 this hasn’t really changed, although I have been told that it depends on the operator whether they choose to display 5G+ when the device is camped on higher-speed mid-band 5G.

Samsung Galaxy smartphones display two or three types of icons, as shown in the picture at the top. While the meanings are not entirely clear, Samsung’s user guide for Android 15 explains them as:

  • Filled square: “5G network connected”, which I interpret as being connected to a 5G Standalone network.
  • Transparent or outlined square: “LTE network connected in LTE network that includes the 5G network.”, which I interpret as 5G NSA.  
  • I did not find a reference to the unboxed 5G icon in this manual.

Finally, the OnePlus 13 in India has started displaying the 5GA icon. Since Jio only operates a 5G Standalone network, it is possible they have upgraded the network and device to use the Release 18 ASN with some new features. This allows them to market it as 5G-Advanced, thereby justifying the 5GA icon.

If you have noticed something different in your country or region, or have another interpretation, I would love to hear more.

Related Posts:

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , ,

Thursday, August 21, 2025

Understanding L1/L2 Triggered Mobility (LTM) Procedure in 3GPP Release 18

In an earlier post we looked at the 3GPP Release 18 Description and Summary of Work Items. One of the key areas was Further NR mobility enhancements, where a new feature called L1/L2-triggered mobility (LTM) has been introduced. This procedure aims to reduce mobility latency and improve handover performance in 5G-Advanced.

Mobility has always been one of the most important areas in cellular networks. The ability of a user equipment (UE) to move between cells without losing service is essential for reliability and performance. Traditional handover procedures in 4G and 5G rely on Layer 3 (L3) signalling, which is robust but can result in high signalling overhead and connection interruption times of 50 to 90 milliseconds. While most consumer services can tolerate this, advanced use cases with strict latency demands cannot.

3GPP Release 18 takes a significant step forward by introducing the L1/L2 Triggered Mobility (LTM) procedure. Instead of relying only on L3 signalling, LTM shifts much of the handover process down to Layer 1 (physical) and Layer 2 (MAC), making it both faster and more efficient. The goal is to reduce interruption to around 20 to 30 milliseconds, a level that can better support applications in ultra-reliable low latency communication, extended reality and mobility automation.

The principle behind LTM is straightforward. The UE is preconfigured with candidate target cells by the network. These configurations can be provided in two ways: either as a common reference with small delta updates for each candidate or as complete configurations. Keeping the configuration of multiple candidates allows the UE to switch more quickly without requiring another round of reconfiguration after each move.

Measurements are then performed at lower layers. The UE reports reference signal measurements and time and phase information to the network. Medium Access Control (MAC) control elements are used to activate or deactivate target cell states, including transmission configuration indicator (TCI) states. This ensures the UE is already aware of beam directions and reference signals in the target cells before the actual switch.

A particularly important innovation in LTM is the concept of pre-synchronisation. Both downlink and uplink pre-synchronisation can take place while the UE is still connected to the serving cell. For downlink, the network instructs the UE to align with a candidate cell’s beams. For uplink, the UE can transmit a random-access preamble towards a target cell, and the network calculates a timing advance (TA) value. This TA is stored and delivered only at the moment of execution, allowing the UE to avoid a new random access procedure. In cases where TA is already known or equal to the serving cell, the handover becomes RACH-less, eliminating a significant source of delay.

The final step is the LTM cell switch command. This MAC control element carries the chosen target configuration, TA value and TCI state indication. Since synchronisation has already been achieved, the UE can break the old connection and resume data transfer almost immediately in the new cell.

Compared to earlier attempts such as Dual Active Protocol Stack (DAPS) handover, which required maintaining two simultaneous connections and faced practical limitations, LTM offers a more scalable solution. It can be applied across frequency ranges, including higher bands above 7 GHz where beamforming is critical, and it works for both intra-DU and inter-DU mobility within a gNB.

The Release 18 specification restricts LTM to intra-gNB mobility, but work has already begun in Release 19 to expand it further. Future enhancements are expected to cover inter-gNB mobility and to refine measurement reporting for even greater efficiency.

Looking beyond 5G Advanced, new concepts are being explored for 6G. At the Brooklyn 6G Summit 2024, MediaTek introduced the idea of L1/L2 Triggered Predictive Mobility (LTPM), where predictive intelligence could play a role in mobility decisions. While this is still at an early research stage, it points to how mobility management will continue to evolve.

For now, the introduction of LTM marks a practical and important milestone. By reducing handover latency significantly, it brings the network closer to meeting the demanding requirements of next generation services while maintaining efficiency in signalling and resource use.

Related Posts

Posted by Zahid Ghadialy at 7:35 AM Leave a comment...0 comments so far
Labels: , , , , , , , ,
Subscribe to: Comments (Atom)