Presentations from ETSI Security Week 2019 (#ETSISecurityWeek)

ETSI held their annual Security Week Seminar 17-21 June at their HQ in Sophia Antipolis, France. All the presentations are available here. Here are some I think the audience of this blog will like:

• ETSI Explainer: Overview of Quantum-Safe VPN Techniques
• ETSI Explainer: OneM2M security and Access Control (Rel.3)
• Toward a Safe Quantum Future - Michele Mosca, University of Waterloo
• Cybersecurity Challenges to Europe: Research, Policy and Standardization Effort - Fabio Di Franco, ETSI Cyber Security Landscape
• GSMA: Mobile Telecommunications Security Threat Landscape
• Hacked by Crypto - Bret Jordan, Symantec (Some good details regarding TLS, DNS, ESNI, QUIC, etc.)
• The Automotive Cyber-Threat: What the Future Will Bring Us? - Alain Baritault, iotaBEAM
• What is the Cyber Territory of a Country? - Silke Holtmanns, Nokia Bell Labs
• EU Cybersecurity Act - Martin Schaffer, SGS
• The Impact of ePrivacy Regulation to Cyber-Intelligence: Options to Consider - Ilias Chantzos, Symantec
• Applying AI to Protect 5G Control Traffic - Antonio Pastor, Telefonica I+D
• Applying AI to Detect and Hunt Advanced Attackers - Matt Walmsley, Vectra
• “Real World Adoption of AI in the Field” - Patrick Donegan, HardenStance
• 5G Providing the Secure Platform for Digitalization of Enterprises and Society - Mats Nilsson, Ericsson
• 3GPP 5G Security Vendor’s View - Marcus Wong, Futurewei Technologies (Huawei)
• 5G Security Challenges for Verticals - a Standards View - Ali Rezaki & Anja Jerichow, Nokia Bell Labs
• 5G and other stories: evolving security in an evolving world
• Challenges in Securing the IoT in a Post-Quantum World - Louis Parks, SecureRF
• SIMs, eSIMs and Secure Elements - Remy Cricco, SIMalliance
• Integrated SIMs: The next after Embedded SIM - Dr. Stephan Spitz, IAR Systems
• Deception for Continued Technical Assurance, Alex Tarter, Thales 

New abbreviation for private 5G networks - Non-Public Network (NPN) and security benefits to connected industries and automation cc @3g4gUK #EtsiSecurityWeek pic.twitter.com/Zias9e4XQ6

— Ravishankar Borgaonk (@raviborgaonkar) June 20, 2019

Looks like all presentations were not shared but the ones shared have lots of useful information.


Related Posts:

• Non-public networks (NPN) - Private Networks by another name
• 5G and IoT Security Update from ETSI Security Week 2018
• 5G Security Updates - July 2017
• Telcos: Security Is Not In Your DNA - Patrick Donegan, Principal Analyst, HardenStance

MAMS (Multi Access Management Services) at MEC integrating LTE and Wi-Fi networks

Came across Multi Access Management Services (MAMS) a few times recently so here is a quick short post on the topic. At present MAMS is under review in IETF and is being supported by Nokia, Intel, Broadcom, Huawei, AT&T, KT.

I heard about MAMS for the first time at a Small Cell Forum event in Mumbai, slides are here for this particular presentation from Nokia.

As you can see from the slide above, MAMS can optimise inter-working of different access domains, particularly at the Edge. A recent presentation from Nokia (here) on this topic provides much more detailed insight.

From the presentation:

•        MAMS (Multi Access Management Services) is a framework for

-            Integrating different access network domains based on user plane (e.g. IP layer) interworking,

-            with ability to select access and core network paths independently

-            and user plane treatment based on traffic types

-            that can dynamically adapt to changing network conditions

-            based on negotiation between client and network

•        The technical content is available as the following drafts*

-            Multi Access Management Services (MAMS) Framework – https://datatracker.ietf.org/doc/draft-kanugovi-intarea-mams-framework/

-            MAMS JSON definitions of Control Plane Messages: https://www.ietf.org/id/draft-agarwal-intarea-mams-protocol-json-00.txt

-            MAMS User Plane Specification: https://tools.ietf.org/html/draft-zhu-intarea-mams-user-protocol-02

*Currently under review, Co-authors: Nokia, Intel, Broadcom, Huawei, AT&T, KT,

The slides provide much more details, including the different use cases (pic below) for integrating LTE and Wi-Fi at the Edge.

Here are the references for anyone wishing to look at this in more detail:

• Multi Access Management Services (MAMS) Framework – https://datatracker.ietf.org/doc/draft-kanugovi-intarea-mams-framework/
• MAMS JSON definitions of Control Plane Messages: https://tools.ietf.org/html/draft-agarwal-intarea-mams-protocol-json-00
• MAMS User Plane Specification: https://tools.ietf.org/html/draft-zhu-intarea-mams-user-protocol-02

QUIC - Possibly in 5G, 3GPP Release-16

Over the last year or so, I have heard quite a few discussions and read many articles around why QUIC is so good and why we will replace TCP with QUIC (Quick UDP Internet Connection). One such article talking about QUIC benefits says:

QUIC was initially developed by Google as an alternative transport protocol to shorten the time it takes to set up a connection. Google wanted to take benefits of the work done with SPDY, another protocol developed by Google that became the basis for the HTTP/2 standard, into a transport protocol with faster connection setup time and built-in security. HTTP/2 over TCP multiplexes and pipelines requests over one connection but a single packet loss and retransmission packet causes Head-of-Line Blocking (HOLB) for the resources that were being downloaded in parallel. QUIC overcomes the shortcomings of multiplexed streams by removing HOLB. QUIC was created with HTTP/2 as the primary application protocol and optimizes HTTP/2 semantics.

What makes QUIC interesting is that it is built on top of UDP rather than TCP. As such, the time to get a secure connection running is shorter using QUIC because packet loss in a particular stream does not affect the other streams on the connection. This results in successfully retrieving multiple objects in parallel, even when some packets are lost on a different stream. Since QUIC is implemented in the userspace compared to TCP, which is implemented in the kernel, QUIC allows developers the flexibility of improving congestion control over time, since it can be optimized and better replaced compared to kernel upgrades (for example, apps and browsers update more often than OS updates).

Georg Mayer mentioned about QUIC in a recent discussion with Telecom TV. His interview is embedded below. Jump to 5:25 for QUIC part only

Georg Mayer, 3GPP CT work on 5G from 3GPPlive on Vimeo.

Below are some good references about QUIC in case you want to study further.

• IETF QUIC Charter
• Youtube: QUIC Next generation multiplexed transport over UDP - Google
• Understanding QUIC wire protocol - Anuradha Niroshan
• HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 era
• Measuring QUIC vs TCP on mobile and desktop

Does 5G need 'Next Generation' of Internet Protocols?

I have often heard Martin Geddes mention that the Internet is broken, the protocols (TCP/IP) are wrong and if we want to continue the way our data usage is going, we need to define new protocols (see here for example). It was good to find out last week at 5G Huddle that ETSI is already working on this.

The TCP/IP protocol suite has undoubtedly enabled the evolution of connected computing and many other developments since its invention during the 1970’s. Thanks to the development and ubiquity of this protocol stack, we have managed to build an Internet on which we are dependent as a communications tool, an information storage and distribution tool, a marketing channel and a sales and distribution platform, for consumers and for businesses large and small.

However, the industry has reached a point where forward leaps in the technology of the local access networks will not deliver their full potential unless, in parallel, the underlying protocol stacks used in core and access networks evolve. The development of future 5G systems presents a unique opportunity to address this issue, as a sub-optimal protocol architecture can negate the huge performance and capacity improvements planned for the radio access network.

ETSI has created an Industry Specification Group to work on Next Generation Protocols (NGP ISG), looking at evolving communications and networking protocols to provide the scale, security, mobility and ease of deployment required for the connected society of the 21st century.

The NGP ISG will identify the requirements for next generation protocols and network architectures, from all interested user and industry groups. Topics include:

• Addressing
• Security, Identity, Location, Authorization, Accounting/Auditing and Authentication
• Mobility
• Requirements from Internet of Things
• Requirements from video and content distribution
• Requirements from ultra‐low latency use cases from different sectors (i.e. automotive)
• Requirements from network operators (e.g. challenges with E2E encrypted content)
• Requirements from eCommerce
• Requirements for increased energy efficiency within the global ICT sector.

This ISG is seen as a transitional group i.e. a vehicle for the 5G community (and others of interest) to first gather their thoughts and prepare the case for the Internet community’s engagement in a complementary and synchronised modernisation effort.

The ISG provides a forum for interested parties to contribute by sharing research and results from trials and developments in such a way that a wider audience can be informed. Other standards bodies will be involved so that parallel and concerted standardization action can take place as a further step in the most appropriate standards groups.

Andy Sutton, chair of the NGP recently gave the following presentation in 5G Huddle:

Please feel free to add your opinions in the comments.

Further reading:

• Nokia, ARM, twisting Intel bid to reinvent the TCP/IP stack for a 5G era
• Network architecture research: TCP/IP vs RINA
• ETSI to explore next generation protocols
• ∆Q Reading List

**** Added 05/06/2016:20.00 ****
A whitepaper published by ETSI on this topic is available here and embedded below:

Static/Dynamic IP Address Allocation in LTE

I recently came across a discussion on how static and dynamic IP address are allocated in LTE for a UE. Luckily, there is a recent document from Netmanias that discussed this topic. The document is embedded below.

If you enjoyed reading the document (part 1) above, then there is a part 2 here. While in part 1, we saw that IP addresses can be either dynamic or static depending on their allocators, part 2 presents a specific case of IP address allocation – allocation in geographically-separated locations within an LTE network. In case of dynamic allocation, no matter where a user accesses, a dynamically selected P-GW dynamically allocates an IP address to the user for PDN connection. In case of static allocation, however, there is always one specific P-GW and one IP address for a user - the designated P-GW allocates a static IP address for the user’s PDN connection. A case study shows an LTE network that serves two cities as an example to describe different ways and procedures of IP address allocation, and see how they are different from each other.

Securing the backhaul with the help of LTE Security Gateway

An excellent presentation from the LTE World Summit last year, that is embedded below. The slide(s) that caught my attention was the overhead involved when using the different protocols. As can be seen in the picture above, the Ethernet MTU is 1500 bytes but after removing all the overheads, 1320 bytes are left for data. In case you were wondering, MTU stands for 'maximum transmission unit' and is the largest size packet or frame, specified in octets (8-bit bytes), that can be sent in a packet or frame based network such as the Internet.

Anyway, the presentation is embedded below:

Securing the backhaul from 3G4G Blogs

Wi-Fi & Packet Core (EPC) Integration

Yesterday I wrote a blog post on whether Wi-Fi is the third RAN in the Metrocells blog. Today I am posting this excellent presentation that details how this Wi-Fi integration with EPC will be done.

Wi-Fi & packet core integration from Zahid Ghadialy

IPv6 in Mobile Environments

An interesting presentation from Alcatel-Lucent

IPv6 IN MOBILE ENVIRONMENTS from Zahid Ghadialy

Related Post

• LTE and IPv6

Traffic Flow Template (TFT), GBR and QoS

LTE and IPv6

A discussion on Linkedin prompted me to add some relevant documents relating to LTE and IPv6. Interesting presentation below by Cisco:

Designing LTE with IPv6

View more presentations from Zahid Ghadialy. Available to download from slideshare here.

There are some other interesting presentations on slideshare you may want to look at:

• Embracing IPv6 - part of the Joint GSMA/NGMN Conference Stream “Technology Evolution”
• Advances in IPv6 Mobile Access - John Loughney,Nokia
• IEEE Globecom 2010: Mobile Communication and IPv6 - John Loughney,Nokia
• T-Mobile USA IPv6 Deployment

MAPCON - Multi Access PDN Connectivity

On Monday, I read Bernard Herscovich, CEO, BelAir Networks saying the following in RCR Wireless:

Wi-Fi is obviously a way to offload data to alleviate congestion, but it also contributes to overall network profitability by delivering data at a lower cost per megabit that traditional macrocells. ABI Research estimates that carrier Wi-Fi can deliver data at 5% the cost of adding cellular capacity. Perhaps the most important driver, though, is the fact that, properly designed and architected, a carrier Wi-Fi network will deliver a consistently great user experience. The implications of that on attracting and retaining subscribers are obvious.

We've also seen cable operators taking advantage of their broadband HFC infrastructure to mount Wi-Fi APs throughout their coverage areas, offering free Wi-Fi as a sticky service to attract and retain home broadband subscribers.

At the GSMA Mobile Asia Congress, back in mid-November, 2010, KDDI's president and chairman explained that while they would be migrating to LTE, which would double their network capacity, data demand in Japan was forecast to increase by 15 times over the next five years. So LTE alone, he admitted, would not be enough. A few weeks before that, European operators, including Deutsche Telekom and Telefonica, were making similar statements at the Broadband World Forum in Paris.

It is clear that LTE alone will not be sufficient to meet ongoing mobile data demand. Technical innovation has resulted in huge capacity gains, but we're now at a point where additional bandwidth is more of a by-product of incremental spectrum. And, we all realize the finite nature of that resource. So, based on this new spectrum, LTE macrocells could deliver a 2 – 4X capacity increase. Meanwhile, ABI estimates that data capacity requirements are increasing 150% per year.

So, it's pretty clear that carriers are going to need more than just an LTE swap out to keep delivering a great user experience. They need to, as many already realize, augment their licensed spectrum with Wi-Fi. KT, the second largest mobile carrier in South Korea, claims to be offloading 67% of their mobile data traffic onto Wi-Fi. There may also be additional unlicensed spectrum made available, at least in the U.S. and the U.K., through the release of so-called white space spectrum, freed up through the switch from analog to digital TV.

It is obvious from the technology point of view that Multiple PDN connections would need to be supported when the UE is using LTE for part of data connection and Wi-Fi for other part. In fact these two (or multiple) connections should be under the control of the same EPC core that can help support seamless mobility once you move out of the WiFi hotspot.

One of the items in 3GPP Release-10 is to do with supporting of multiple Packet Data Networks (PDN) connections for a device. A Release-9 network and the UE can only support 3GPP access based connection via EPC. In Release-10 support for upto 1 non-3GPP access has been added.

FMC100044 specifies the following requirements:

• The Evolved Packet System supports the following scenarios: a single Operator offering both fixed and mobile access; different Operators collaborating to deliver services across both networks.
• The Evolved Packet System shall support the access of services from mobile network through fixed access network via interworking.
• The Evolved Packet System shall be able to support functions for connectivity, subscriber authentication, accounting, Policy Control and quality of service for interworking between the fixed broadband access and Evolved Packet Core.
• The Evolved Packet System shall optimize QoS and Policy management meaning that it shall offer minimal signalling overhead, while interworking between the fixed broadband access and Evolved Packet Core.
• The Evolved Packet System shall be able to provide an equivalent experience to users consuming services via different accesses.

The Rel-10 work item extends Rel-9 EPC to allow a UE equipped with multiple network interfaces to establish multiple PDN connections to different APNs via different access systems. The enhancements enable:

• Establishment of PDN connections to different APNs over multiple accesses. A UE opens a new PDN connection on an access that was previously unused or on one of the accesses it is already simultaneously connected to.
• Selective transfer of PDN connections between accesses. Upon inter-system handover a UE transfers only a subset of the active PDN connections from the source to the target access, with the restriction that multiple PDN connections to the same APN shall be kept in one access.
• Transfer of all PDN connections out of a certain access system. A UE that is simultaneously connected to multiple access systems moves all the active PDN connections from the source to target access, e.g. in case the UE goes out of the coverage of the source access.

This work also provides mechanisms enabling operator's control on routing of active PDN connections across available accesses.

The scope of the work is restricted to scenarios where the UE is simultaneously connected to one 3GPP access and one, and only one, non-3GPP access. The non-3GPP access can be either trusted or untrusted.

The design of the required extensions to Rel-9 EPC is based on TR 23.861 Annex A, that provides an overview of the changes that are expected in TS 23.401 and TS 23.402 for the UE to simultaneously connect to different PDNs via different access systems.

See Also:

3GPP TR 23.861: Multi access PDN connectivity and IP flow mobility

3GPP TS 22.278: Service requirements for the Evolved Packet System (EPS)

Old Blog post on Multiple PDN Connectivity

Packet Flow in 2.5G, 3G, 3.5G and 4G

The 'LTE Signaling' is a very interesting book just being released that is a must have for people who are involved in design, development and testing. A book that explains the basic concepts from beginning till advanced concepts and explains how different components and interfaces fit together.

Though I havent yet read this book, I have read the earlier one titled UMTS Signaling, from the same authors that is an excellent reference for understanding Signalling in UMTS. I have no doubt that this book will be the same high quality.

The Excerpt on Wiley's website provides complete chapter 1 which is quite detailed and the Packet flow pictures and details below is extracted from this book.

The first stage of the General Packet Radio Service (GPRS), that is often referred to as the 2.5G network, was deployed in live networks starting after the year 2000. It was basically a system that offered a model of how radio resources (in this case, GSM time slots) that had not been used by Circuit Switched (CS) voice calls could be used for data transmission and, hence, profitability of the network could be enhanced. At the beginning there was no pre-emption for PS (Packet Switched) services, which meant that the packet data needed to wait to be transmitted until CS calls had been finished.

In contrast to the GSM CS calls that had a Dedicated Traffic Channel (DTCH) assigned on the radio interface, the PS data had no access to dedicated radio resources and PS signaling, and the payload was transmitted in unidirectional Temporary Block Flows (TBFs) as shown in Figure 1.2.

In Release 99, when a PDP (Packet Data Protocol) context is activated the UE is ordered by the RNC (Radio Network Controller) to enter the Radio Resource Control (RRC) CELL_DCH state. Dedicated resources are assigned by the Serving Radio Network Controller (SRNC): these are the dedicated physical channels established on the radio interface. Those channels are used for transmission of both IP payload and RRC signaling – see Figure 1.7. RRC signaling includes the exchange of Non-Access Stratum (NAS) messages between the UE and SGSN.

The spreading factor of the radio bearer (as the combination of several physical transport resources on the Air and Iub interfaces is called) depends on the expected UL/DL IP throughput. The expected data transfer rate can be found in the RANAP (Radio Access Network Application Part) part of the Radio Access Bearer (RAB) assignment request message that is used to establish the Iu bearer, a GPRS Tunneling Protocol (GTP) tunnel for transmission of a IP payload on the IuPS interface between SRNC and SGSN. While the spreading factor controls the bandwidth of the radio connection, a sophisticated power control algorithm guarantees the necessary quality of the radio transmission. For instance, this power control ensures that the number of retransmitted frames does not exceed a certain critical threshold.

Activation of PDP context results also in the establishment of another GTP tunnel on the Gn interface between SGSN and GGSN. In contrast to IuPS, where tunnel management is a task of RANAP, on the Gn interface – as in (E)GPRS – the GPRS Tunneling Protocol – Control (GTP-C) is responsible for context (or tunnel) activation, modification, and deletion.

However, in Release 99 the maximum possible bit rate is still limited to 384 kbps for a single connection and, more dramatically, the number of users per cell that can be served by this highest possible bit rate is very limited (only four simultaneous 384 kbps connections per cell are possible on the DL due to the shortness of DL spreading codes).

To increase the maximum possible bit rate per cell as well as for the individual user, HSPA was defined in Releases 5 and 6 of 3GPP.

In High-Speed Downlink Packet Access (HSDPA) the High-Speed Downlink Shared Channel (HSDSCH) which bundles several High-Speed Physical Downlink Shared Channels (HS-PDSCHs) is used by several UEs simultaneously – that is why it is called a shared channel.

A single UE using HSDPA works in the RRC CELL_DCH state. For DL payload transport the HSDSCH is used, that is, mapped onto the HS-PDSCH. The UL IP payload is still transferred using a dedicated physical data channel (and appropriate Iub transport bearer); in addition, the RRC signaling is exchanged between the UE and RNC using the dedicated channels – see Figure 1.8.

All these channels have to be set up and (re)configured during the call. In all these cases both parties of the radio connection, cell and UE, have to be informed about the required changes. While communication between NodeB (cell) and CRNC (Controlling Radio NetworkController) uses NBAP (Node B Application Part), the connection between the UE and SRNC (physically the same RNC unit, but different protocol entity) uses the RRC protocol.

The big advantage of using a shared channel is higher efficiency in the usage of available radio resources. There is no limitation due to the availability of codes and the individual data rate assigned to a UE can be adjusted quicker to the real needs. The only limitation is the availability of processing resources (represented by channel card elements) and buffer memory in the base station.

From the user plane QoS perspective the two major targets of LTE are:

• a further increase in the available bandwidth and maximum data rate per cell as well as for the individual subscriber;

• reducing the delays and interruptions in user data transfer to a minimum.

These are the reasons why LTE has an always-on concept in which the radio bearer is set up immediately when a subscriber is attached to the network. And all radio resources provided to subscribers by the E-UTRAN are shared resources, as shown in Figure 1.9. Here it is illustrated that the IP payload as well as RRC and NAS signaling are transmitted on the radio interfaces using unidirectional shared channels, the UL-SCH and the Downlink Shared Channel (DL-SCH). The payload part of this radio connection is called the radio bearer. The radio bearer is the bidirectional point-to-point connection for the user plane between the UE and eNodeB (eNB). The RAB is the user plane connection between the UE and the Serving Gateway (S-GW) and the S5 bearer is the user plane connection between the S-GW and public data network gateway (PDN-GW).

The end-to-end connection between the UE and PDN-GW, that is, the gateway to the IP world outside the operator’s network, is called a PDN connection in the E-UTRAN standard documents and a session in the core network standards. Regardless, the main characteristic of this PDN connection is that the IP payload is transparently tunneled through the core and the radio access network.

To control the tunnels and radio resources a set of control plane connections runs in parallel with the payload transport. On the radio interface RRC and NAS signaling messages are transmitted using the same shared channels and the same RLC transport layer that is used to transport the IP payload.

RRC signaling terminates in the eNB (different from 3G UTRAN where RRC was transparently routed by NodeB to the RNC). The NAS signaling information is – as in 3G UTRAN – simply forwarded to the Mobility Management Entity (MME) and/or UE by the eNB.

You can read in detail about all these things and much more from the Wiley's website here.

LIPA, SIPTO and IFOM Comparison

Enhancing macro radio access network capacity by offloading mobile video traffic will be essential for mobile communications industry to reduce its units costs to match its customer expectations. Two primary paths to achieve this are the use of femtocells and WiFi offloading. Deployment of large scale femtocells for coverage enhancement has been a limited success so far. Using them for capacity enhancements is a new proposition for mobile operators. They need to assess the necessity of using them as well as decide how to deploy them selectively for their heavy users.

Three alternative architectures that are being standardized by 3GPP have various advantages and shortcomings. They are quite distinct in terms of their dependencies and feasibility. Following table is a summary of comparison among these three approaches for traffic offloading.

Looking at the relative strengths of the existing traffic offload proposals, it is difficult to pick an outright winner. SIPTO macro-network option is the most straight-forward and most likely to be implemented rather quickly. However, it doesn't solve the fundamental capacity crunch in the radio access network. Therefore its value is limited to being an optimization of the packet core/transport network. Some other tangible benefits would be reduction in latency to increase effective throughput for customers as well as easier capacity planning since transport facilities don't need to be dimensioned for large number of radio access network elements anymore.

LIPA provides a limited benefit of allowing access to local premises networks without having to traverse through the mobile operator core. Considering it is dependent on the implementation of femtocell, this benefit looks rather small and has no impact on the macro radio network capacity. If LIPA is extended to access to Internet and Intranet, then the additional offload benefit would be on the mobile operator core network similar to the SIPTO macro-network proposal. Femtocell solves the macro radio network capacity crunch. However, the pace of femtocell deployments so far doesn't show a significant momentum. LIPA's market success will be limited until cost of femtocell ownership issues are resolved and mobile operators decide why (coverage or capacity) to deploy femtocells.

IFOM is based upon a newer generation of Mobile IP that has been around as a mobile VPN technology for more than 10 years. Unfortunately success record of mobile IP so far has been limited to enterprise applications. It hasn't become a true consumer-grade technology. Introduction of LTE may change this since many operators spearheading LTE deployments are planning to use IPv6 in handsets and adopt a dual-stack approach of having both IPv4 and IPv6 capability. Since many WiFi access networks will stay as IPv4, DSMIPv6 will be the best tunneling mechanism to hide IPv6 from the access network. Having dual-stack capability will allow native access to both legacy IPv4 content and native IPv6 content from major companies such as Google, Facebook, Yahoo, etc. without the hindrance of Network Address Translation (NAT). Considering the popularity of smartphones such as iPhone, Blackberry and various Android phones, they will be the proving ground for the feasibility of DSMIPv6.

Source of the above content: Whitepaper - Analysis of Traffic Offload : WiFi to Rescue

IP Flow Mobility and Seamless Offload (IFOM)

Unlike LIPA or SIPTO that are dependent on upstream network nodes to provide the optimization of routing different types of traffic, IFOM relies on the handset to achieve this functionality. It explicitly calls for the use of simultaneous connections to both macro network, e.g., LTE, UMTS and WiFi. Therefore, IFOM, unlike LIPA and SIPTO, is truly a release 10-onward only technology and it is not applicable for user terminals pre-Release 10. IFOM is being specified via 3GPP TS 23.261 [1]. Following diagram shows the interconnectivity model for IFOM capable UE.

IFOM uses an Internet Engineering Task Force (IETF) Request For Comments (RFC), Dual Stack Mobile IPv6 (DSMIPv6) (RFC-5555) [2].

Since IFOM is based on DSMIPv6, it is independent of the macro network flavor. It can be used for a green-field LTE deployment as well as a legacy GPRS packet core.

Earlier on we looked at the mobile network industry attempts of integration between packet core and WLAN networks. Common characteristic of those efforts was the limitation of the UE, its ability to use one radio interface at a time. Therefore, in earlier interworking scenarios UE was forced to use/select one radio network and make a selection to move to an alternative radio for all its traffic. Today many smartphones, data cards with connection managers already have this capability, i.e., when the UE detects the presence of an alternative access network such as a home WiFi AP, it terminates the radio bearers on the macro network and initiates a WiFi connection. Since WiFi access network and packet core integration is not commonly implemented, user typically loses her active data session and re-establishes another one.

Similarly access to some operator provided services may not be achieved over WiFi. Considering this limitation both iPhone IOS and Android enabled smartphones to have simultaneous radio access but limited this functionality to sending MMS over the macro network while being connected to WiFi only.

IFOM provides simultaneous attachment to two alternate access networks. This allows fine granularity of IP Flow mobility between access networks. Using IFOM, it will be possible to select particular flows per UE and bind them to one of two different tunnels between the UE and the DSMIPv6 Home Agent (HA) that can be implemented within a P-GW or GGSN. DSMIPv6 requires a dual-stack (IPv4 or IPv6) capable UE. It is independent of the access network that can be IPv4 or IPv6.

[1] 3GPP TS 23.261: IP flow mobility and seamless Wireless Local Area Network (WLAN) offload; Stage 2

[2] RFC-5555: Mobile IPv6 Support for Dual Stack Hosts and Routers

[3] 3GPP TS 23.327: Mobility between 3GPP-Wireless Local Area Network (WLAN) interworking and 3GPP systems

Content Source: Analysis of Traffic Offload : WiFi to Rescue

Selected IP Traffic Offload (SIPTO)

The industry is developing a new standard called Selected IP Traffic Offload (SIPTO). SIPTO allows internet traffic to flow from the femtocell directly to the internet, bypassing the operator’s core network, as shown in Figure 8 below.

More information on LIPA and SIPTO can be obtained from:

1. 3GPP TR 23.829: Local IP Access and Selected IP Traffic Offload (http://www.3gpp1.eu/ftp/Specs/archive/23_series/23.829/)

2. Femtocells – Natural Solution for Offload (http://www.3gamericas.org/documents/016+Femtocells+Natural+Solution+for+Offload%5B1%5D.pdf)

Local IP Access (LIPA) for Femtocells

I blogged about data offload earlier, for Femtocells. This traffic offload can be done via a feature called Local IP Access (LIPA). If you have LIPA support in your Home NodeB (HNB) or Home eNodeB (HeNB) then once you have camped on your Femtocell then you can access your local network as well as the network's IP network.

This would mean that you can directly print from your mobile to the local printer or access other PC's on your LAN. Note that I am also referring to access via Dongle as Mobile access though in practice I dont see much point of people just using dongles when they are in their Home Zone. Every laptop/notebook/netbook is now Wifi enabled so this situation doesnt benefit much for the dongle access.

I am sure there are quite a few unresolved issues with regards to the Security of the data, the IP address allocation, QoS, etc.

Continuous computing have a white paper on LIPA available that can be obtained by registering here. Anyway, enough information is available even without getting the PDF.

There is also a small presentation here that gives a bit of idea on LIPA.

As usual any comments, insights and references welcome.

IPv6 Consideration in LTE

IPv6 Consideration in LTE

View more presentations from Zahid Ghadialy

More Information on similar topic is available at:

• 6deploy
• Tutorials
• 6DISS
• Workshops
• Tutorials

'Internet Kill' switch and IPv9

Slightly off topic today as I was going through the pile of information and I caught attention of this news article that for some reason has not been reported by major newspapers. The article says that the president of USA will have the 'Kill' switch to kill off internet (temporarily i guess) in case of a major emergency like war, etc. Joseph Liberman who proposed this idea has since then backed away saying that he meant that parts of Internet can be disconnected like they do in China.

This brought into attention the other article I was going through about IPv9. Yes thats correct, I did write IPv9. I first heard about IPv9 back in 2004-5 but then it was dismissed as nothing serious. Apparently Chinese government backed Ministry of Information Industry (MII) has been promoting this IPv9. According to an old TelecomAsia.net article:

Back in July 2004, reports of a Chinese IPv9 prompted a bewildered reaction from internet godfather Vint Cerf. 'What could this possibly be about‾ As far as I know, IANA [Internet Assigned Numbers Authority] has not allocated the IPv9 designation to anyone. IPv9 is not an Internet standard. Could you please explain what is intended here‾" he wrote in an email to China's internet leaders.

The idea was dismissed as a "rogue" project with no official backing. But it is back on the table led, now as then by Xie Jianping, the head of the Shanghai Universal Institute of Chemical Technology and more recently in charge of the decimal network standards team in the MII's science and technology department.

The project returned to prominence at a press conference at the unusual location of the Party Central School in Beijing two weeks ago, where Xie announced that the networking technology had been successfully tested by China Netcom and the Ministry of Commerce.

He asserted that the project is all about China wresting control of its own IP networks away from US dominance for which, he claimed, China was paying 500 billion yuan a year.

The system reportedly uses numerical addressing to make China "the only country able to unify domain names, IP addresses and MAC addresses" into a single, metric system, according to Xinhua. Without any explanation, Xinhua said it also made China the only country outside the US "to have root servers and IP address hardware connectivity servers and its own domain name, IP address and MAC address resources".

In an interview with a skeptical Sina reporter, Xie and denied the project was another Hanxin - a reference to a fraudulent state-backed chip project.

"Our IPv9 has gone through testing and assessment," he said adding that he could not give any more detail but would "make public some material at the necessary time."

But the system, or what little is known of it, has plenty of doubters at home. Sina said critics of the system complain that turning domain names and brand names into numerals is a "backwards step" for the net.

The fact that the decimal network appears to asset control over root servers is bound to alarm internet governance bodies around the world.

And whatever else might be said about it, the project is clearly backed by the MII. "IPv9" raises more questions than answers.

So it looks like the Chinese government may have been expecting some 'Kill Switch' in the future by the US government and is probably creating a backup based on a new approach so that the users within China remain connected to their Internet.

Any thoughts and opinions are more than welcome...

MBMS, Digital TV and IP Triple Play in China

Apparently according to this report by Xuefei (Michael) Peng, MBMS is alive and kicking in China with around 200,000 users already. I cant find more info so if anybody who can fill more info is more than welcome.

The government of mainland China has formulated a general plan to launch triple-play services, integrating telecom networks, broadcast and TV networks, and Internet together.

From 2010 to 2012, China will focus on the trial integration of broadcast and TV services and telecom services (including Internet services), dealing with any related policies. From 2013 to 2015, based on the trial experience, China will promote the integration nationwide.

In the coming five years, various sectors will prepare in different ways to meet the goals stated in the general plan. Telecom operators such as China Mobile, China Unicom, and China Telecom will invest more to promote IPTV services and accelerate FTTX deployment. Meanwhile, broadcast and TV operators will accelerate cable-TV network integration and interactive TV services development and will more actively develop value-added Internet services.

Broadcast and TV operators are currently strong in video content and wireless broadcast, while telecom operators own two-way fixed-line networks, mobile networks, and Internet services.

The differences between broadcast and TV operators across different regions and the uneven distribution of telecom fixed-line networks and mobile networks can offer cooperation opportunities.

Notably, almost all provinces of China already have launched IPTV services. The total number of IPTV service users in China has exceeded 5 million. However, problems with IPTV content must be solved, and the price for IPTV services also needs to be lowered to attract more users and compete with digital TV.

Meanwhile, the transformation of cable-TV networks from one way to two way has been sped up. Two-way cable-TV networks now cover over 24 million users. In the coming three years, broadcast and TV operators will invest over US$5 billion to continue to change 100 million one-way cable-TV links into two-way cable TV.

Eventually, through cable-TV networks, broadcast and TV operators hope to run Internet access services. This has been in trial use in some provinces. In order to run Internet access services, however, broadcast and TV operators need to rent bandwidth from telecom operators, greatly increasing the potential cost of service.

Another aspect of the triple play involves the conversion of mobile services to triple play. Mobile-phone TV is an emerging service in China. Up to now, mobile-phone TV services based on the China Multimedia Mobile Broadcasting (CMMB) standard have reached 1.5 million users. However, the current CMMB standard only supports one-way communication. So the users can only receive broadcast-TV programs via mobile.

On the other hand, mobile services based on the broadcast multicast Multimedia Broadcast Multicast Service (MBMS) standard serve about 200,000 users. The growing 3G user base will convert to the MBMS standard. Additionally, the government policy will affect the mobile-phone TV market too. So it is not clear yet which mobile-phone TV standard will dominate the industry in the future.

Quick preview of 3GPP Release-11 Features and Study items

Release 11 Features

Advanced IP Interconnection of Services

The objective is to specify the technical requirements for carrier grade inter-operator IP Interconnection of Services for the support of Multimedia services provided by IMS and for legacy voice PTSN/PLMN services transported over IP infrastructure (e.g. VoIP). These technical requirements should cover the new interconnect models developed by GSMA (i.e. the IPX interconnect model) and take into account interconnect models between national operators (including transit functionality) and peering based business trunking. Any new requirements identified should not overlap with requirements already defined by other bodies (e.g. GSMA, ETSI TISPAN). Specifically the work will cover:

• Service level aspects for direct IP inter-connection between Operators, service level aspects for national transit IP interconnect and service level aspects for next generation corporate network IP interconnect (peer-to-peer business trunking).

• Service layer aspects for interconnection of voice services (e.g. toll-free, premium rate and emergency calls).

• Service level aspects for IP Interconnection (service control and user plane aspects) between Operators and 3rd party Application Providers.

To ensure that requirements are identified for the Stage 2 & 3 work to identify relevant existing specifications, initiate enhancements and the development of the new specifications as necessary.


Release 11 Studies

Study on IMS based Peer-to-Peer Content Distribution Services

The objectives are to study IMS based content distribution services with the following aspects:

- Identifying the user cases to describe how users, operators and service providers will benefit by using/deploying IMS based content distribution services. such as with the improvement of Peer-to-Peer technology. The following shall be considered:

- Mobile access only (e.g. UTRAN, E-UTRAN, I-WLAN);

- Fixed access only (e.g. xDSL, LAN);- Fixed and mobile convergence scenarios;

- Identifying service aspects where IMS network improvements are needed to cater for content distributed services for above accesses;

- Evaluating possible impacts and improvements on network when IMS based content distribution services are deployed;

- Identifying QoS, mobility, charging and security related requirements in the case of content distribution services on IMS;

- Identifying potential copyright issues;

Study on Non Voice Emergency Services

The Non Voice Emergency Services could support the following examples of non-verbal communications to an emergency services network:

1. Text messages from citizen to emergency services

2. Session based and session-less instant messaging type sessions with emergency services

3. Multi-media (e.g., pictures, video clips) transfer to emergency services either during or after other communications with emergency services.

4. Real-time video session with emergency services

In addition to support the general public, this capability would facilitate emergency communications to emergency services by individuals with special needs (e.g., hearing impaired citizens).

The objectives of this study include the following questions for Non Voice Emergency Services with media other than or in addition to voice:

1. What are the requirements for Non Voice Emergency Services?

2. What are the security, reliability, and priority handling requirements for Non Voice Emergency Services?

3. How is the appropriate recipient emergency services system (e.g., PSAP) determined?

4. Are there any implications due to roaming?

5. Are there any implications to hand-over between access networks

6. Are there any implications due to the subscriber crossing a PSAP boundary during Non Voice Emergency Services communications (e.g., subsequent text messages should go to the same PSAP)?

7. Do multiple communication streams (e.g., voice, text, video emergency services) need to be associated together?

8. What types of “call-back” capabilities are required?9. Investigate the load impact of Non Voice Emergency Services in the case of a large scale emergency event or malicious use.

Non Voice Emergency Services will be applicable to GPRS (GERAN, UTRAN) and to EPS (GERAN, UTRAN, E-UTRAN and non-3GPP).

Study on UICC/USIM enhancements

The intent of this study item is to identify use cases and requirements enabling Mobile Network Operators to distribute new services based on the USIM, to improve the customer experience and ease the portability and customisation of operator-owned and customer-owned settings from one device to another (such as APN and other 3G Notebook settings, graphical user interface, MNO brand, Connection Manager settings,…), and help in reducing operation costs and radio resources usage.

Objectives of this study item are:

-To identify use cases and requirements for new USIM

-based services taking into account the GSMA Smart SIM deliverables;

- To identify use cases and requirements for the USIM used inside terminals with specialised functionalities (e.g. radio modems, 3G Notebook terminals) taking into account the GSMA 3GNBK deliverables;

- To identify use cases and requirements to drive the evolution from the traditional USAT to a multimedia USIM toolkit support, with a particular aim to the Smart Card Web Server;

Study on Alternatives to E.164 for Machine-Type Communications

M2M demand is forecast to grow from 50M connections to over 200M by 2013. A large number of these services are today deployed over circuit-switched GSM architectures and require E.164 MSISDNs although such services do not require "dialable" numbers, and generally do not communicate with each other by human interaction.

Without technical alternative to using public numbering resources as addresses, and considering the current forecasts and pending applications for numbers made to numbering plan administration agencies, there is a significant risk that some national numbering/dialling plans will run out of numbers in the near future, which would impact not only these M2M services but also the GSM/UMTS service providers in general.

The Objective is to determine an alternative to identify individual devices and route messages between those devices. Requirements for this alternative include:

- Effectively identify addressing method to be used for end point devices

- Effectively route messaging between those devices

- Support multiple methods for delivering messages, as defined by 22.368

- Support land-based and wireless connectivity

- Make use of IP-based network architectures

- Addressing/identifiers must support mobility and roaming- support on high speed packet

-switched networks when available and on circuit-switched networks

- Consider if there are security issues associated with any alternatives