5G and IoT Security Update from ETSI Security Week 2018

ETSI Security Week 2018 (link) was held at ETSI's Headquarters in Sophia Antipolis, South of France last week. It covered wide variety of topics including 5G, IoT, Cybersecurity, Middlebox, Distributed Ledger Technology (DLT), etc. As 5G and IoT is of interest to the readers of this blog, I am providing links to the presentations so anyone interested can check them out at leisure.

Before we look at the presentations, what exactly was the point of looking at 5G Security? Here is an explanation from ETSI:

5G phase 1 specifications are now done, and the world is preparing for the arrival of 5G networks. A major design goal of 5G is a high degree of flexibility to better cater for specific needs of actors from outside the telecom sector (e.g. automotive industry, mission-critical organisations). During this workshop, we will review how well 5G networks can provide security for different trust models, security policies, and deployment scenarios – not least for ongoing threats in the IoT world. 5G provides higher flexibility than legacy networks by network slicing and virtualization of functions. The workshop aims to discuss how network slicing could help in fulfilling needs for different users of 5G networks.

5G will allow the use of different authentication methods. This raises many interesting questions. How are these authentication methods supported in devices via the new secure element defined in ETSI SCP, or vendor-specific concepts? How can mission-critical and low-cost IoT use cases coexist side-by-side on the same network?

The 5G promise of higher flexibility is also delivered via its Service-Based Architecture (SBA). SBA provides open 3rd party interfaces to support new business models which allow direct impact on network functions. Another consequence of SBA is a paradigm shift for inter-operator networks: modern APIs will replace legacy signaling protocols between networks. What are the relevant security measures to protect the SBA and all parties involved? What is the role of international carrier networks like IPX in 5G?

Event Objectives
The workshop intends to:

• Gather different actors involved in the development of 5G, not only telecom, and discuss together how all their views have shaped phase 1 of 5G, to understand how security requirements were met, and what challenges remain;
• Discuss slicing as a means to implement separate security policies and compartments for independent tenants on the same infrastructure;
• Give an update of what is happening in 3GPP 5G security;
• Explain to IoT players what 5G security can (and cannot) do for them, including risks and opportunities related to alternative access credentials;
• Understand stakeholders' (PMNs, carriers, GSMA, vendors) needs to make SBA both secure and successful. How can SBA tackle existing issues in interconnect networks like fraud, tracking, privacy breaches;
• Allow vendors to present interesting proposals for open security questions in 5G: secure credential store, firewalling SBA's RESTful APIs;
• Debate about hot topics such as: IoT security, Slicing security, Privacy, Secure storage and processing and Security of the interconnection network.

So here are the relevant presentations:

Session 1: Input to 5G: Views from Different Stakeholders
Session Chair: Bengt Sahlin, Ericsson

Hardening a Mission Critical Service Using 5G, Peter Haigh, NCSC

Security in the Automotive Electronics Area, Alexios Lekidis, SecurityMatters

Integrating the SIM (iUICC), Adrian Escott, QUALCOMM

Smart Secure Platform, Klaus Vedder, Giesecke & Devrient, ETSI SCP Chairman

Network Slicing, Anne-Marie Praden, Gemalto

Don't build on Sand: Validating the Security Requirements of NFV Infrastructure to Confidently Run Slices, Nicolas Thomas, Fortinet

5G Enhancements to Non-3GPP Access Security, Andreas Kunz, Lenovo

Security and Privacy of IoT in 5G, Marcus Wong, Huawei Technologies

ITU-T activities and Action Plan on 5G Security, Yang Xiaoya, ITU-T SG17

Wrap up: 5G Overview from 3GPP SA3 Perspective and What is There to Be Done for Phase 2, Sander Kievit, TNO


Session 2: Security in 5G Inter-Network Signalling
Session Chair: Stefan Schroeder, T-Systems

Presentation on SBA: Introduction of the Topic and Current Status in SA3, Stefan Schroeder, T-Systems

5G Inter-PLMN Security: The Trade-off Between Security and the Existing IPX Business Model, Ewout Pronk, KPN on behalf of GSMA Diameter End to End Security Subgroup

Secure Interworking Between Networks in 5G Service Based Architecture, Silke Holtmanns, Nokia Bell Labs

Security Best Practises using RESTful APIs, Sven Walther, CA Technologies

Identifying and Managing the Issues around 5G Interconnect Security, Stephen Buck, Evolved Intelligence

Zero Trust Security Posture in 5G Architecture, Galina Pildush, Palo Alto Networks (Missing)


Session 1 & 2 Workshop Wrap up: 5G Phase 1 Conclusions and Outlook Towards Phase 2 - Stefan Schroeder, T-Systems and Bengt Sahlin, Ericsson


Session 5: Benefits and Challenges of 5G and IoT From a Security Perspective
Session Chair: Arthur van der Wees, Arthur's Legal

Setting the Scene, Franck Boissière, European Commission

ENISA's View on Security Implications of IoT and 5G, Apostolos Malatras, ENISA

Smart City Aspects, Bram Reinders, Institute for Future of Living

The Network Operators Perspective on IoT Security, Ian Smith, GSMA


Related Links:

• Detecting false base stations in mobile networks - Ericsson Research Blog
• 5G Security Updates - March 2018 - 3G4G Blog
• Introduction to 3GPP Security in Mobile Cellular Networks - 3G4G Blog

Summary and Analysis of Ericsson Mobility Report 2018

Ericsson Mobility reports always make a fantastic reading. Its been a while since I wrote anything on this topic so I thought lets summarize it and also provide my personal analysis. Please feel free to disagree as this is just a blog post.

Before we start, the official site for the report is here. You can jump directly to the PDF here. Ericsson will also be holding a webinar on this topic on 19 June, you can register here.

A short summary of some of the highlights are in the table above but lets look at more in detail.

Mobile subscriptions 

• The total number of mobile subscriptions was around 7.9 billion in Q1 2018.
• There are now 5.5 billion mobile broadband subscriptions.
• Global subscription penetration in Q1 2018 was 104 percent.
• The number of LTE subscriptions increased by 210 million during the quarter to reach a total of 2.9 billion.
• Over the same period, GSM/EDGE-only subscriptions declined by 90 million. Other technologies declined by around 32 million.
• Subscriptions associated with smartphones now account for around 60 percent of all mobile phone subscriptions.

Many things to note above. There is still a big part of the world which is unconnected and most of the connectivity being talked about is population based coverage. While GSM/EDGE-only subscriptions are declining, many smartphone users are still camped on to GSM/EDGE for significant time.

While smartphones are growing, feature phones are not far behind. Surprisingly, Reliance Jio has become a leader of 4G feature phones.

My analysis from the developing world shows that many users are getting a GSM feature phone as a backup for when smartphone runs out of power.


Mobile subscriptions worldwide outlook

• 1 billion 5G subscriptions for enhanced mobile broadband by the end of 2023, accounting for 12 percent of all mobile subscriptions.
• LTE subscriptions continues to grow strongly and is forecast to reach 5.5 billion by the end of 2023
• In 2023, there will be 8.9 billion mobile subscriptions, 8.3 billion mobile broadband subscriptions and 6.1 billion unique mobile subscribers.
• The number of smartphone subscriptions is forecast to reach 7.2 billion in 2023.

The report describes "A 5G subscription is counted as such when associated with a device that supports NR as specified in 3GPP Release 15, connected to a 5G-enabled network." which is a good approach but does not talk about 5G availability. My old question (tweet below) on "How many 5G sites does an operator have to deploy so that they can say they have 5G?" is still waiting for an answer.

Question: How many 5G sites does an operator have to deploy so that they can say they have 5G?

— Zahid Ghadialy (@zahidtg) October 18, 2017

5G device outlook

• First 5G data-only devices are expected from the second half of 2018.
• The first 3GPP smartphones supporting 5G are expected in early 2019.
• From 2020, when third-generation chipsets will be introduced, large numbers of 5G devices are forecast.
• By 2023, 1 billion 5G devices for enhanced mobile broadband are expected to be connected worldwide.

Qualcomm has made a good progress (video) on this front and there are already test modems available for 5G. I wont be surprised with the launch. It would remain to be seen what will be the price point and demand for these 5G data-only devices. The Register put it quite bluntly about guinea pigs here. I am also worried about the misleading 5G claims (see here).


Voice over LTE (VoLTE) outlook

• At the end of 2017, VoLTE subscriptions exceeded 610 million.
• The number of VoLTE subscriptions is projected to reach 5.4 billion by the end of 2023.
• VoLTE technology will be the foundation for enabling 5G voice calls.
• New use cases in a 5G context are being explored, such as augmented reality (AR) and virtual reality (VR).

Back in 2011, I suggested the following (tweet below)

Soon = before 2015. Ideally, if its working then never, until forced - RT @Gabeuk: I suspect VoLTE adoption will pick-up briskly in 2013.

— Zahid Ghadialy (@zahidtg) July 13, 2011

Looks like things haven't changed significantly. There are still many low end devices that do not support VoLTE and many operators dont support VoLTE on BYOD. VoLTE has been much harder than everyone imagined it to be.


Mobile subscriptions worldwide by region

• Globally, mobile broadband subscriptions now make up 68 percent of all mobile subscriptions.
• 5G subscriptions will be available in all regions in 2023.
• In 2023, 48 percent of subscriptions in North America and 34 percent in North East Asia are expected to be for 5G.

I think that for some regions these predictions may be a bit optimistic. Many operators are struggling with finance and revenue, especially as the pricing going down due to intense competition. It would be interesting to see how these numbers hold up next year.

While China has been added to North-East Asia, it may be a useful exercise to separate it. Similarly Middle East should be separated from Africa as the speed of change is going to be significantly different.


Mobile data Traffic Growth and Outlook

• In Q1 2018, mobile data traffic grew around 54 percent year-on-year.
• The quarter-on-quarter growth was around 11 percent.
• In 2023, 20 percent of mobile data traffic will be carried by 5G networks.
• North America has the highest monthly usage of mobile data per smartphone at 7.2 gigabytes (GB), anticipated to increase to 49GB in 2023.
• Total mobile data traffic is expected to increase by nearly eight times by the end of 2023.
• In 2023, 95 percent of total mobile data traffic is expected to be generated by smartphones, increasing from 85 percent today.
• North East Asia has the largest share of mobile data traffic – set to reach 25EB per month in 2023.

This is one of the toughest areas of prediction as there are a large number of factors affecting this from pricing to devices and applications.

Quiz question: Do you remember which year did data traffic overtake voice traffic? Answer here (external link to avoid spoilers)


Mobile traffic by application category

• In 2023, video will account for around 73 percent of mobile data traffic.
• Traffic from social networking is also expected to rise – increasing by 31 percent annually over the next 6 years.
• The relative share of social networking traffic will decline over the same period, due to the stronger growth of video.
• Streaming videos in different resolutions can impact data traffic consumption to a high degree. Watching HD video (720p) rather than standard resolution video (480p) typically doubles the data traffic volume, while moving to full HD (1080p) doubles it yet again.
• Increased streaming of immersive video formats would also impact data traffic consumption.

It would have been interesting if games were a separate category. Not sure if it has been lumped with Video/Audio or in Other segments.


IoT connections outlook

• The number of cellular IoT connections is expected to reach 3.5 billion in 2023. This is almost double our last forecast, due to ongoing large-scale deployments in China.
• Of the 3.5 billion cellular IoT connections forecast for 2023, North East Asia is anticipated to account for 2.2 billion.
• New massive cellular IoT technologies, such as NB-IoT and Cat-M1, are taking off and driving growth in the number of cellular IoT connections.
• Mobile operators have commercially launched more than 60 cellular IoT networks worldwide using Cat-M1 and NB-IoT.

It is important to look at the following 2 definitions though.

Short-range IoT: Segment that largely consists of devices connected by unlicensed radio technologies, with a typical range of up to 100 meters, such as Wi-Fi, Bluetooth and Zigbee. This category also includes devices connected over fixed-line local area networks and powerline technologies

Wide-area IoT: Segment consisting of devices using cellular connections, as well as unlicensed low-power technologies, such as Sigfox and LoRa

The Wide-area IoT in the table above includes cellular IoT. If you are a regular reader of this blog, you will know that I think LoRa has a bright future and my belief is that this report ignores some of the reasons behind the popularity of LoRa and its growth story. 


Network coverage

• In 2023, more than 20 percent of the world’s population will be covered by 5G.
• 5G is expected to be deployed first in dense urban areas to support enhanced mobile broadband.
• Another early use case for 5G will be fixed wireless access.
• Today, 3GPP cellular networks cover around 95 percent of the world’s population.

A lot of work needs to be done in this area to improve coverage in rural and remote locations.

I will leave this post at this point. The report also contains details on Network Evolution, Network Performance, Smart Manufacturing, etc. You can read it from the report.

Quick summary of Mobile World Congress 2018 (#MWC18)

This year at MWC, I took the time out to go and see as many companies as I can. My main focus was looking at connectivity solutions, infrastructure, devices, gadgets and anything else cool. I have to say that I wasn't too impressed. I found some of the things later on Twitter or YouTube but as it happens, one cannot see everything.

I have to be honest, haven't seen a WOW demo yet at #MWC18. While there are lots of interesting stuff, it's all the same, old and tired stuff.

— Zahid Ghadialy (@zahidtg) February 26, 2018

I will be writing a blog on Small Cells, Infrastructure, etc. later on but here are some cool videos that I have found. As its a playlist, if I find any more, it will be added to the same playlist below.



The big vendors did not open up their stands for everyone (even I couldn't get in 😉) but the good news is that most of their demos is available online. Below are the name of the companies that had official MWC 2018 websites. Will add more when I find them.

Operators

• NTT Group
• Telefonica
• Orange
• Verizon
• Deutsche Telekom

Network Equipment Vendors

• Huawei 
• Nokia
• Ericsson
• ZTE
• Samsung

Handset Manufacturers

• LG
• Huawei (see above)
• Samsung

Chipset Manufacturers

• Qualcomm
• Intel
• MediaTek

Did I miss anyone? Feel free to suggest links in comments.


MWC Summary from other Analysts:

• Mobile World Congress 2018 Event Report - ThinkSmallCell
• Mobile World Congress 2018: trends, news, announcements - Radio Electronics
• Observations from MWC 2018 - Frank Rayal
• Mobile World Congress: State of the Industry 2018 - Xona Partners
• Mobile World Congress 2018 Report: Day 1, Day 2, Day 3, Day 4 - CCS Insight
• MWC 2018 Roundup - Counterpoint Research

3GPP-VRIF workshop on Virtual Reality Ecosystem & Standards in 5G

Its been a year since I last posted about Augmented / Virtual Reality Requirements for 5G. The topic of Virtual Reality has since made good progress for 5G. There are 2 technical reports that is looking at VR specifically. They are:

• 3GPP TR 26.918: Virtual Reality (VR) media services over 3GPP
• 3GPP TR 26.929: QoE parameters and metrics relevant to the Virtual Reality user experience

The second one is work in progress though. 

Anyway, back in Dec. 3GPP and Virtual Reality Industry Forum (VRIF) held a workshop on VR Ecosystem & Standards. All the materials, including agenda is available here. The final report is not there yet but I assume that there will be a press release when the report is published.

While there are some interesting presentations, here is what I found interesting:

From presentation by Gordon Castle, Head of Strategy Development, Ericsson

From presentation by Martin Renschler, Senior Director Technology, Qualcomm

For anyone wanting to learn more about 6 degrees of freedom (6- DoF), see this Wikipedia entry. According to the Nokia presentation, Facebook’s marketing people call this “6DOF;” the engineers at MPEG call it “3DOF+.”

XR is 'cross reality', which is any hardware that combines aspects of AR, MR and VR; such as Google Tango.

From presentation by Devon Copley, Former Head of Product, Nokia Ozo VR Platform

Some good stuff in the pres.

From presentation by Youngkwon Lim, Samsung Research America; the presentation provided a link to a recent YouTube video on this presentation. I really liked it so I am embedding that here:



Finally, from presentation by Gilles Teniou, SA4 Vice chairman - Video SWG chairman, 3GPP

You can check and download all the presentations here.

Further Reading:

• 3GPP 5G Specifications

5G Patents Progress

More than 23,500 patents have been declared essential to the GSM & 3G as shown in the picture above. I am assuming this includes 4G as well. Anyway, its been a while I looked into this subject. The last time I was looking, 4G patent pools were beginning to form.

For LTE, indeed there is no one-stop shop for licensing. The only company that has tried is VIA Licensing, with their patent pool, but they don’t have licenses for the big players like Ericsson, Qualcomm, Huawei, ZTE, Samsung, etc. The same will probably apply for 5G.

This old picture and article from Telecom TV (link) is an interesting read on this topic.

This official WIPO list shows ZTE, Huawei, and Qualcomm at the top of the list for international patent filers worldwide in 2016 [PDF].

Back in 2015, NGMN alliance was also looking for creation of some kind of patent pool but it probably didn't go anywhere (link)

(Can't recall the source for this one) In March, Ericsson announced plans to license 5G for $5 per device and possibly as low as $2.50 in emerging markets. In November, Qualcomm announced plans to license 5G IP at the same rates established by the NDRC for 4G/LTE phones sold into China: 2.275% for single mode essential patents / 4.0% for the entire portfolio or 3.25% for multimode essential patents / 5.0% for the entire portfolio. All rates are based on the wholesale price of the phone.

Qualcomm also announced that the previously undisclosed $500 price cap will apply to all phones. Qualcomm also announce a rate of less than $5 for 5G for automotive applications and $0.50 for NB-IoT based IoT applications.

Ericsson has filed patent application for its end-to- end 5G technology. Ericsson has incorporated its numerous 5G and related inventions into a complete architecture for the 5G network standard. The patent application filed by the leading telecom vendor combines the work of 130 Ericsson inventors.

Dr. Stefan Parkvall, Principal Researcher at Ericsson, said, “The patent application contains Ericsson’s complementary suite of 5G inventions.” Stefan added, “It contains everything you need to build a complete 5G network. From devices, the overall network architecture, the nodes in the network, methods and algorithms, but also shows how to connect all this together into one fully functioning network. The inventions in this application will have a huge impact on industry and society: they will provide low latency with high performance and capacity.

This will enable new use cases like the Internet of Things, connected factories and self-driving cars.” Ericsson is involved with leading mobile operators across the world for 5G and Pre-5G research and trials. The patent application is likely to further strengthen its position in the 5G race.

More details on E/// 5G patents on their official website here.

Mobile world live has some good details on Qualcomm 5G NR royalty terms.

Smartphone vendors will have to pay as much as $16.25 per device to use Qualcomm’s 5G New Radio (NR) technology under new royalty guidelines released by the company.

Qualcomm said it will implement a royalty rate of 2.275 per cent of the selling price for single-mode 5G handsets and a higher rate of 3.25 per cent for multi-mode smartphones with 3G, 4G and 5G capabilities.

So for a $200 multi-mode device, for instance, Qualcomm noted a vendor would have to pay $6.50 in royalties per device. Royalties are capped at a $500 device value, meaning the maximum amount a smartphone vendor would have to pay would be $16.25 per handset.

The company added it will also offer access to its portfolio of both cellular standard essential patents and non-essential patents at a rate of 4 per cent of the selling price for single-mode devices and 5 per cent for multi-mode devices.

Qualcomm’s rates are notably higher than those announced by Ericsson in March. The Swedish company said it would charge a flat royalty fee of $5 per 5G NR multimode handset, but noted its fee could go as low as $2.50 per device for handsets with low average selling prices.

The official Qualcomm 5G royalty terms [PDF] are available here.

Further reading:

• Ericsson Tries to Avoid Patent War by Publishing Rates for 5G - Bloomberg
• Qualcomm to charge up to $16.25 in royalties for every 5G phone, more than Ericsson’s $5/phone - Fierce Wireless

Thanks to Mike Saji for providing inputs on 4G patent landscape. Thanks to Keith Dyer for interesting tweets on this topic.

5G NR Radio Protocols and Tight Inter-working with LTE

Osman Yilmaz, Team Leader & Senior Researcher at Ericsson Research in Finland gave a good summary of 5G NR at URLLC 2017 Conference (see summary here). His presentation is embedded below:

5G NR radio protocols to support URLLC from 3G4G

Osman, along with Oumer Teyeb, Senior Researcher at Ericsson Research & member of the Ericsson 5G standardization delegation has also published a blog post LTE-NR tight-interworking on Ericsson Research blog.

The post talks about how how signalling and data will work in LTE & New Radio (NR) dual connected devices. In control plane it looks at RRC signalling applicable for this DC devices whereas in user plane it looks at direct and split DRB options.

Further details here.

5G Research Presentation on URLLC

Dr.Mehdi Bennis from Centre for Wireless Communications, University of Oulu, Finland recently did a keynote at The International Conference on Wireless Networks and Mobile Communications (WINCOM'17), November 01-04, 2017, Rabat, Morocco. He has shared his presentation with us. Its embedded below and available to download from Slideshare.

Picture Source: Ericsson

For those who may not be aware, there are 3 main use cases defined for 5G. As shown in the picture above, they are enhanced Mobile BroadBand (eMBB), Ultra-Reliable Low Latency Communications (URLLC) and massive Machine Type Communications (mMTC). You can read the requirements here.

Building the foundations of Ultra-RELIABLE and Low-LATENCY Wireless Communication from 3G4G

Further Reading:

• Couple of quick interviews from URLLC 2017 Conference
• Ultra Reliable Low Latency Communications (URLLC) 2017 Conference summary
• 5G on 3G4G Blog

Bluetooth 5 for IoT

Bluetooth 5 (not 5.0 - to simplify marketing messages and communication) was released last year. The main features being 2x Faster, 4x Range (Bluetooth 4 - 50m outdoors, 10m Indoors; Bluetooth 5 - 200m outdoors, 40m indoors) & 8x Data.

I like this above slide by Robin Heydon, Qualcomm from a presentation he gave in CW (Cambridge Wireless) earlier this year. What is highlights is that Bluetooth 5 is Low Energy (LE) like its predecessor 4.0.For anyone interested, a good comparison of 5 vs 4.2 is available here.

In addition, Mesh support is now available for Bluetooth. I assume that this will work with Bluetooth 4.0 onwards but it would probably only make sense from Bluetooth 5 due to support for reasonable range.

The Bluetooth blog has a few posts on Mesh (see here, here and here). I like this simple introductory video below.


This recent article by Geoff Varral on RTT says the following (picture from another source):

Long distance Bluetooth can also be extended with the newly supported mesh protocol.

This brings Bluetooth into direct competition with a number of other radio systems including 802.15,4 based protocols such as Zigbee, LoRa, Wireless-M (for meter reading), Thread and 6 LowPAN (IPV6 over local area networks. 802.11 also has a mesh protocol and long distance ambitions including 802.11ah Wi-Fi in the 900 MHz ISM band. It also moves Bluetooth into the application space targeted by LTE NB IOT and LTE M though with range limitations.

There are some interesting design challenges implied by 5.0. The BLE specification is inherently less resilient to interference than Classic or EDR Bluetooth. This is because the legacy seventy eight X 1 MHz channels within the 20 MHz 2.4 GHz pass band are replaced with thirty nine two MHz channels with three fixed non hopping advertising channels in the middle and edge of the pass band.

These have to withstand high power 20 MHz LTE TDD in Band 40 (below the 2.4 GHz pass band) and high power 20 MHz LTE TDD in band 41 above the pass band (and Band 7 LTE FDD). This includes 26 dBm high power user equipment.

The coexistence of Bluetooth, Wi-Fi and LTE has been intensively studied and worked on for over ten years and is now managed with surprising effectiveness within a smart phone through a combination of optimised analogue and digital filtering (SAW and FBAR filters) and time domain interference mitigation based on a set of  industry standard wireless coexistence protocols.

The introduction of high power Bluetooth however implies that this is no longer just a colocation issue but potentially a close location issue. Even managing Bluetooth to Bluetooth coexistence becomes a non-trivial task when you consider that +20 dBm transmissions will be closely proximate to -20 dBm or whisper mode -30 dBm transmissions and RX sensitivity of -93 dBm, potentially a dynamic range of 120dB. Though Bluetooth is a TDD system this isolation requirement will be challenging and vulnerable to ISI distortion. 

More broadly there is a need to consider how ‘5G Bluetooth’ couples technically and commercially with 5G including 5G IOT

Ericsson has a whitepaper on Bluetooth Mesh Networking. The conclusion of that agrees that Bluetooth may become a relevant player in IoT:

Bluetooth mesh is a scalable, short-range IoT technology that provides flexible and robust performance. The Bluetooth Mesh Profile is an essential addition to the Bluetooth ecosystem that enhances the applicability of Bluetooth technology to a wide range of new IoT use cases. Considering the large Bluetooth footprint, it has the potential to be quickly adopted by the market. 

With proper deployment and configuration of relevant parameters of the protocol stack, Bluetooth mesh is able to support the operation of dense networks with thousands of devices. The building automation use case presented in this white paper shows that Bluetooth mesh can live up to high expectations and provide the necessary robustness and service ratio. Furthermore, the network design of Bluetooth mesh is flexible enough to handle the introduction of managed operations on top of flooding, to further optimize behavior and automate the relay selection process.

Moreover, another Ericsson article says that "smartphones with built-in Bluetooth support can be part of the mesh, may be used to configure devices and act as capillary gateways."

A capillary network is a LAN that uses short-range radio-access technologies to provide groups of devices with wide area connectivity. Capillary networks therefore extend the range of the wide area mobile networks to constraint devices. Figure above illustrates the Bluetooth capillary gateway concept.

Once there are enough smartphones and Bluetooth devices with Bluetooth 5 and Mesh support, It would be interesting to see how developers use it. Would also be interesting to see if it will start encroaching LoRa and Sigfox markets as well.

Enhanced 5G Security via IMSI Encryption

Source: North Star Post

IMSI Catchers can be a real threat. It doesn't generally affect anyone unless someone is out to get them. Nevertheless its a security flaw that is even present in LTE. This presentation here is a good starting point on learning about IMSI Catcher and the one here about privacy and availability attacks.

This article by Ericsson is a good starting point on how 5G will enhance security by IMSI encryption. From the article:

The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface. By using probabilistic asymmetric encryption scheme – one that uses randomness – the same IMSI encrypted multiple times results in different values of encrypted IMSIs. This makes it infeasible for an active or passive attacker over the air-interface to identify the subscriber. Above is a simplified illustration of how a mobile device encrypts its IMSI. 

Each mobile operator (called the ‘home network’ here) has a public/private pair of asymmetric keys. The home network’s private asymmetric key is kept secret by the home network, while the home network’s public asymmetric key is pre-provisioned in mobile devices along with subscriber-specific IMSIs (Step 0). Note that the home network’s public asymmetric key is not subscriber-specific. 

For every encryption, the mobile device generates a fresh pair of its own public/private asymmetric keys (Step 1). This key pair is used only once, hence called ephemeral, and therefore provide probabilistic property to the encryption scheme. As shown in the figure, the mobile device then generates a new key (Step 2), e.g., using Diffie–Hellman key exchange. This new key is also ephemeral and is used only once to encrypt the mobile device’s IMSI (Step 3) using symmetric algorithm like AES. The use of asymmetric and symmetric crypto primitives as described above is commonly known as integrated/hybrid encryption scheme. The Elliptic Curve Integrated Encryption Scheme (ECIES) is a popular scheme of such kind and is very suitable to the use case of IMSI encryption because of low impact on radio bandwidth and mobile device’s battery. 

The nicest thing about the described concept is that no public key infrastructure is necessary, which significantly reduces deployment complexity, meaning that mobile operators can start deploying IMSI encryption for their subscribers without having to rely on any external party or other mobile operators.

'3GPP TR 33.899: Study on the security aspects of the next generation system' lists one such approach.

The Key steps are as follows:

1. UE is configured with 5G (e)UICC with ‘K’ key, the Home Network ID, and its associated public key.
2. SEAF send Identity Request message to NG-UE. NG-UE considers this as an indication to initiate Initial Authentication.
3. NG-UE performs the following:
1. Request the (e)UICC application to generate required security material for initial authentication, RANDUE, , COUNTER, KIARenc, and KIARInt.
2. NG-UE builds IAR as per MASA. In this step NG-UE includes NG-UE Security Capabilities inside the IAR message. It also may include its IMEI. 
3. NG-UE encrypts the whole IAR including the MAC with the home network public key.
4. NG-UE sends IAR to SEAF.
4. Optionally, gNB-CP node adds its Security Capabilities to the transposrt message between the gNB-CP and the SEAF (e.g., inside S1AP message as per 4G).
5. gNB-CP sends the respective S1AP message that carries the NG-UE IAR message to the SEAF.
6. SEAF acquirs the gNB-CP security capabilities as per the listed options in clause 5.2.4.12.4.3and save them as part of the temporary context for the NG-UE.
7. SEAF follows MASA and forward the Authentication and Data Request message to the AUSF/ARPF.
8. When AUSF/ARPF receives the Authentication and Data Request message, authenticates the NG-UE as per MASA and generates the IAS respective keys. AUSF/ARPF may recover the NG-UE IMSI and validate the NG-UE security capabilities.
9. AUSF/ARPF sends Authentication and Data Response to the SEAF as per MASA with NG-UE Security Capabilities included.
10. SEAF recovers the Subscriber IMSI, UE security Capabilities, IAS keys, RANDHN, COUNTER and does the following:
1. Examine the UE Security Capabilities and decides on the Security parameters.
2. SEAF may acquire the UP-GW security capabilities at this point after receiving the UP-GW identity from AUSF/ARPF or allocate it dynamically through provisioning and load balancing.
11. SEAF builds IAS and send to the NG-UE following MASA. In addition, SEAF include the gNB-CP protocol agreed upon security parameters in the S1AP message being sent to the gNB-CP node.
12. gNB-CP recovers gNB-CP protocol agreed upon security parameters and save it as part of the NG-UE current context.
13. gNB-CP forwards the IAS message to the NG-UE.
14. NG-UE validates the authenticity of the IAS and authenticates the network as per MASA. In addition, the UE saves all protocols agreed upon security parameters as part of its context. NG-UE sends the Security and Authentication Complete message to the SEAF.
15. SEAF communicates the agreed upon UP-GW security parameters to the UP-GW during the NG-UE bearer setup.

ARPF - Authentication Credential Repository and Processing Function 
AUSF - Authentication Server Function 
SCMF - Security Context Management Function
SEAF - Security Anchor Function
NG-UE - NG UE
UP - User Plane 
CP - Control Plane
IAR - Initial Authentication Request 
IAS - Initial Authentication Response
gNB - Next Generation NodeB

You may also want to refer to the 5G Network Architecture presentation by Andy Sutton for details.

See also:

• 5G Security Updates - July 2017
• 5G: Architecture, QoS, gNB, Specifications - April 2017 Update
• 5G – Beyond the Hype
• 5G Network Architecture and Design Update - Jan 2017

Variety of 3GPP IoT technologies and Market Status - May 2017

I have seen many people wondering if so many different types of IoT technologies are needed, 3GPP or otherwise. The story behind that is that for many years 3GPP did not focus too much on creating an IoT variant of the standards. Their hope was that users will make use of LTE Cat 1 for IoT and then later on they created LTE Cat 0 (see here and here).

The problem with this approach was that the market was ripe for a solution to a different types of IoT technologies that 3GPP could not satisfy. The table below is just an indication of the different types of technologies, but there are many others not listed in here.

The most popular IoT (or M2M) technology to date is the humble 2G GSM/GPRS. Couple of weeks back Vodafone announced that it has reached a milestone of 50 million IoT connections worldwide. They are also adding roughly 1 million new connections every month. The majority of these are GSM/GPRS.

Different operators have been assessing their strategy for IoT devices. Some operators have either switched off or are planning to switch off they 2G networks. Others have a long term plan for 2G networks and would rather switch off their 3G networks to refarm the spectrum to more efficient 4G. A small chunk of 2G on the other hand would be a good option for voice & existing IoT devices with small amount of data transfer.

In fact this is one of the reasons that in Release-13 GSM is being enhanced for IoT. This new version is known as Extended Coverage – GSM – Internet of Things (EC-GSM-IoT ). According to GSMA, "It is based on eGPRS and designed as a high capacity, long range, low energy and low complexity cellular system for IoT communications. The optimisations made in EC-GSM-IoT that need to be made to existing GSM networks can be made as a software upgrade, ensuring coverage and accelerated time to-market. Battery life of up to 10 years can be supported for a wide range use cases."

The most popular of the non-3GPP IoT technologies are Sigfox and LoRa. Both these technologies have gained significant ground and many backers in the market. This, along with the gap in the market and the need for low power IoT technologies that transfer just a little amount of data and has a long battery life motivated 3GPP to create new IoT technologies that were standardised as part of Rel-13 and are being further enhanced in Rel-14. A summary of these technologies can be seen below

If you look at the first picture on the top (modified from Qualcomm's original here), you will see that these different IoT technologies, 3GPP or otherwise address different needs. No wonder many operators are using the unlicensed LPWA IoT technologies as a starting point, hoping to complement them by 3GPP technologies when ready.

Finally, looks like there is a difference in understanding of standards between Ericsson and Huawei and as a result their implementation is incompatible. Hopefully this will be sorted out soon.


Market Status:

Telefonica has publicly said that Sigfox is the best way forward for the time being. No news about any 3GPP IoT technologies.

Orange has rolled out LoRa network but has said that when NB-IoT is ready, they will switch the customers on to that.

KPN deployed LoRa throughout the Netherlands thereby making it the first country across the world with complete coverage. Haven't ruled out NB-IoT when available.

SK Telecom completed nationwide LoRa IoT network deployment in South Korea last year. It sees LTE-M and LoRa as Its 'Two Main IoT Pillars'.

Deutsche Telekom has rolled out NarrowBand-IoT (NB-IoT) Network across eight countries in Europe (Germany, the Netherlands, Greece, Poland, Hungary, Austria, Slovakia, Croatia)

Vodafone is fully committed to NB-IoT. Their network is already operational in Spain and will be launching in Ireland and Netherlands later on this year.

Telecom Italia is in process of launching NB-IoT. Water meters in Turin are already sending their readings using NB-IoT.

China Telecom, in conjunction with Shenzhen Water and Huawei launched 'World's First' Commercial NB-IoT-based Smart Water Project on World Water Day.

SoftBank is deploying LTE-M (Cat-M1) and NB-IoT networks nationwide, powered by Ericsson.

Orange Belgium plans to roll-out nationwide NB-IoT & LTE-M IoT Networks in 2017

China Mobile is committed to 3GPP based IoT technologies. It has conducted outdoor trials of NB-IoT with Huawei and ZTE and is also trialing LTE-M with Ericsson and Qualcomm.

Verizon has launched Industry’s first LTE-M Nationwide IoT Network.

AT&T will be launching LTE-M network later on this year in US as well as Mexico.

Sprint said it plans to deploy LTE Cat 1 technology in support of the Internet of Things (IoT) across its network by the end of July.

Further reading:

• An Introduction to IoT: Connectivity & Case Studies
• GSMA: Extended Coverage – GSM – Internet of Things (EC-GSM-IoT )
• 3GPP Rel-14 IoT Enhancements
• 5G Americas: LTE and 5G Technologies Enabling the Internet of Things [PDF]
• Samsung: Internet of Things - Introducing innumerable opportunities [PDF]
• The Korean Institute of Communications Information Sciences: A survey on LPWA technology: LoRa and NB-IoT
• Nokia: LTE evolution for IoT connectivity
• Carriers aim to crush LoRa, Sigfox and others

Gigabit LTE?

Last year Qualcomm announced the X16 LTE modem that was capable of up to 1Gbps, category 16 in DL and Cat 13 (150 Mbps) in UL. See my last post on UE categories here.

Early January, it announced Snapdragon 835 at CES that looks impressive. Android central says "On the connectivity side of things, there's the Snapdragon X16 LTE modem, which enables Category 16 LTE download speeds that go up to one gigabit per second. For uploads, there's a Category 13 modem that lets you upload at 150MB/sec. For Wi-Fi, Qualcomm is offering an integrated 2x2 802.11ac Wave-2 solution along with an 802.11ad multi-gigabit Wi-Fi module that tops out at 4.6Gb/sec. The 835 will consume up to 60% less power while on Wi-Fi."

Technology purists would know that LTE, which is widely referred to as 4G, was in fact pre-4G or as some preferred to call it, 3.9G. New UE categories were introduced in Rel-10 to make LTE into LTE-Advanced with top speeds of 3Gbps. This way, the ITU requirements for a technology to be considered 4G (IMT-Advanced) was satisfied.

LTE-A was already Gigabit capable in theory but in practice we had been seeing peak speeds of up to 600Mbps until recently. With this off my chest, lets look at what announcements are being made. Before that, you may want to revisit what 4.5G or LTE-Advanced Pro is here.

• Qualcomm, Telstra, Ericsson and NETGEAR Announce World’s First Gigabit Class LTE Mobile Device and Gigabit-Ready Network. Gigabit Class LTE download speeds are achieved through a combination of 3x carrier aggregation, 4x4 MIMO on two aggregated carriers plus 2x2 MIMO on the third carrier, and 256-QAM higher order modulation. 
• TIM in Italy is the first in Europe to launch 4.5G up to 500 Mbps in Rome, Palermo and Sanremo
• Telenet in partnership with ZTE have achieved a download speed of 1.3 Gbps during a demonstration of the ZTE 4.5G new technology. That's four times faster than 4G's maximum download speed. Telenet is the first in Europe to reach this speed in real-life circumstances. 4.5G ZTE technology uses 4x4 MIMO beaming, 3-carrier aggregation, and a QAM 256 modulation.
• AT&T said, "The continued deployment of our 4G LTE-Advanced network remains essential to laying the foundation for our evolution to 5G. In fact, we expect to begin reaching peak theoretical speeds of up to 1 Gbps at some cell sites in 2017. We will continue to densify our wireless network this year through the deployment of small cells and the use of technologies like carrier aggregation, which increases peak data speeds. We’re currently deploying three-way carrier aggregation in select areas, and plan to introduce four-way carrier aggregation as well as LTE-License Assisted Access (LAA) this year."
• T-Mobile USA nearly reached a Gigabit and here is what they say, "we reached nearly 1 Gbps (979 Mbps) on our LTE network in our lab thanks to a combination of three carrier aggregation, 4x4 MIMO and 256 QAM (and an un-released handset)."
• The other US operator Sprint expects to unveil some of its work with 256-QAM and massive MIMO on Sprint’s licensed spectrum that pushes the 1 gbps speed boundary. It’s unclear whether this will include an actual deployment of the technology

So we are going to see a lot of higher speed LTE this year and yes we can call it Gigabit LTE but lets not forget that the criteria for a technology to be real '4G' was that it should be able to do 1Gbps in both DL and UL. Sadly, the UL part is still not going Gigabit anytime soon.