Saturday, 25 January 2014

Security and other development on the Embedded SIM


Its no surprise that GSMA has started working on Embedded SIM specifications. With M2M getting more popular every day, it would make sense to have the SIM (or UICC) embedded in them during the manufacturing process. The GSMA website states:

The GSMA’s Embedded SIM delivers a technical specification to enable the remote provisioning and management of Embedded SIMs to allow the “over the air” provisioning of an initial operator subscription and the subsequent change of subscription from one operator to another.
The Embedded SIM is a vital enabler for Machine to Machine (M2M) connections including the simple and seamless mobile connection of all types of connected vehicles. In the M2M market the SIM may not easily be changed via physical access to the device or may be used in an environment that requires a soldered connection, thus there is a need for ‘over the air’ provisioning of the SIM with the same level of security as achieved today with traditional “pluggable” SIM. It is not the intention for the Embedded SIM to replace the removable SIM currently used as the removable SIM still offers many benefits to users and operators in a number of different ways – for example, the familiarity of the form factor, easy of portability, an established ecosystem and proven security model.
















The last time I talked about embedded SIM was couple of years back, after the ETSI security workshop here. Well, there was another of these workshops recently and an update to these information.


The ETSI presentation is not embedded here but is available on Slideshare here. As the slide says:

An embedded UICC is a “UICC which is not easily accessible or replaceable, is not intended to be removed or replaced in the terminal, and enables the secure changing of subscriptions” (ETSI TS 103 383)


Finally, Embedded SIM should not be confused with Soft-SIM. My last post on Soft-SIM, some couple of years back here, has over 15K views which shows how much interest is there in the soft SIM. As the slide says:

Soft or Virtual SIM is a completely different concept that does not use existing SIM hardware form factors and it raises a number of strong security issues:

  • Soft SIM would store the Operator secret credentials in software within the Mobile device operating system - the same system that is often attacked to modify the handset IMEI, perform SIM-Lock hacking and ‘jail-break’ mobile OS’s
  • Operators are very concerned about the reduction in security of their credentials through the use of Soft SIM. Any SIM approach not based on a certified hardware secure element will be subject to continual attack by the hacking community and if compromised result in a serious loss of customer confidence in the security of Operator systems
  • Multiple Soft SIM platforms carrying credentials in differing physical platforms, all requiring security certification and accreditation would become an unmanageable overhead – both in terms of resource, and proving their security in a non-standardised virtual environment

The complete GSMA presentation is as follows:



You may also like my old paper:

Monday, 20 January 2014

Different flavours of SRVCC (Single Radio Voice Call Continuity)



Single Radio Voice Call Continuity (SRVCC) has been quietly evolving with the different 3GPP releases. Here is a quick summary of these different flavors

In its simplest form, SRVCC comes into picture when an IMS based VoLTE call is handed over to the existing 2G/3G network as a normal CS call. SRVCC is particularly important when LTE is rolled out in small islands and the operator decided to provide VoLTE based call when in LTE. An alternative (used widely in practice) is to use CS Fallback (CSFB) as the voice option until LTE is rolled out in a wider area. The main problem with CSFB is that the data rates would drop to the 2G/3G rates when the UE falls back to the 2G/3G network during the voice call.



The book "LTE-Advanced: A Practical Systems Approach to Understanding 3GPP LTE Releases 10 and 11 Radio Access Technologies" by Sassan Ahmadi has some detailed information on SRVCC, the following is an edited version from the book:

SRVCC is built on the IMS centralized services (ICS) framework for delivering voice and messaging services to the users regardless of the type of network to which they are attached, and for maintaining service continuity for moving terminals.

To support GSM and UMTS, some modifications in the MSC server are required. When the E-UTRAN selects a target cell for SRVCC handover, it needs to indicate to the MME that this handover procedure requires SRVCC. Upon receiving the handover request, the MME triggers the SRVCC procedure with the MSC server. The MSC then initiates the session transfer procedure to IMS and coordinates it with the circuit-switched handover procedure to the target cell.

Handling of any non-voice packet-switched bearer is by the packet-switched bearer splitting function in the MME. The handover of non-voice packet-switched bearers, if performed, is according to a regular inter-RAT packet-switched handover procedure.

When SRVCC is enacted, the downlink flow of voice packets is switched toward the target circuit-switched network. The call is moved from the packet-switched to the circuit-switched domain, and the UE switches from VoIP to circuit-switched voice.

3GPP Rel-10 architecture has been recommended by GSMA for SRVCC because it reduces both voice interruption time during handover and the dropped call rate compared to earlier configurations. The network controls and moves the UE from E-UTRAN to UTRAN/GERAN as the user moves out of the LTE network coverage area. The SRVCC handover mechanism is entirely network-controlled and calls remain under the control of the IMS core network, which maintains access to subscribed services implemented in the IMS service engine throughout the handover process. 3GPP Rel-10 configuration includes all components needed to manage the time-critical signaling between the user’s device and the network, and between network elements within the serving network, including visited networks during roaming. As a result, signaling follows the shortest possible path and is as robust as possible, minimizing voice interruption time caused by switching from the packet-switched core network to the circuit-switched core network, whether the UE is in its home network or roaming. With the industry aligned around the 3GPP standard and GSMA recommendations, SRVCC-enabled user devices and networks will be interoperable, ensuring that solutions work in many scenarios of interest.

Along with the introduction of the LTE radio access network, 3GPP also standardized SRVCC in Rel-8 specifications to provide seamless service continuity when a UE performs a handover from the E-UTRAN to UTRAN/GERAN. With SRVCC, calls are anchored in the IMS network while the UE is capable of transmitting/ receiving on only one of those access networks at a given time, where a call anchored in the IMS core can continue in UMTS/GSM networks and outside of the LTE coverage area. Since its introduction in Rel-8, the SRVCC has evolved with each new release, a brief summary of SRVCC capability and enhancements are noted below

3GPP Rel-8: Introduces SRVCC for voice calls that are anchored in the IMS core network from E-UTRAN to CDMA2000 and from E-UTRAN/UTRAN (HSPA) to UTRAN/GERAN circuit-switched. To support this functionality, 3GPP introduced new protocol interface and procedures between MME and MSC for SRVCC from E-UTRAN to UTRAN/GERAN, between SGSN and MSC for SRVCC from UTRAN (HSPA) to UTRAN/GERAN, and between the MME and a 3GPP2-defined interworking function for SRVCC from E-UTRAN to CDMA 2000.

3GPP Rel-9: Introduces the SRVCC support for emergency calls that are anchored in the IMS core network. IMS emergency calls, placed via LTE access, need to continue when SRVCC handover occurs from the LTE network to GSM/UMTS/CDMA2000 networks. This evolution resolves a key regulatory exception. This enhancement supports IMS emergency call continuity from E-UTRAN to CDMA2000 and from E-UTRAN/UTRAN (HSPA) to UTRAN/ GERAN circuit-switched network. Functional and interface evolution of EPS entities were needed to support IMS emergency calls with SRVCC.

3GPP Rel-10: Introduces procedures of enhanced SRVCC including support of mid-call feature during SRVCC handover (eSRVCC); support of SRVCC packet-switched to circuit-switched transfer of a call in alerting phase (aSRVCC); MSC server-assisted mid-call feature enables packet-switched/ circuit-switched access transfer for the UEs not using IMS centralized service capabilities, while preserving the provision of mid-call services (inactive sessions or sessions using the conference service). The SRVCC in alerting phase feature adds the ability to perform access transfer of media of an instant message session in packet-switched to circuit-switched direction in alerting phase for access transfers.

3GPP Rel-11: Introduces two new capabilities: single radio video call continuity for 3G-circuit-switched network (vSRVCC); and SRVCC from UTRAN/GERAN to E-UTRAN/HSPA (rSRVCC). The vSRVCC feature provides support of video call handover from E-UTRAN to UTRAN-circuitswitched network for service continuity when the video call is anchored in IMS and the UE is capable of transmitting/receiving on only one of those access networks at a given time. Service continuity from UTRAN/GERAN circuitswitched access to E-UTRAN/HSPA was not specified in 3GPP Rel-8/9/10. To overcome this drawback, 3GPP Rel-11 provided support of voice call continuity from UTRAN/GERAN to E-UTRAN/HSPA. To enable video call transfer from E-UTRAN to UTRAN-circuit-switched network, IMS/EPC is evolved to pass relevant information to the EPC side and S5/S11/Sv/Gx/Gxx interfaces are enhanced for video bearer-related information transfer. To support SRVCC from GERAN to E-UTRAN/HSPA, GERAN specifications are evolved to enable a mobile station and base station sub-system to support seamless service continuity when a mobile station hands over from GERAN circuit-switched access to EUTRAN/ HSPA for a voice call. To support SRVCC from UTRAN to EUTRAN/ HSPA, UTRAN specifications are evolved to enable the RNC to perform rSRVCC handover and to provide relative UE capability information to the RNC.

NTT Docomo has a presentation on SRVCC and eSRVCC which is embedded below:



Thursday, 16 January 2014

3GPP Rel-12 and Future Security Work


Here is the 3GPP presentation from the 9th ETSI Security workshop. Quite a few bits on IMS and IMS Services and also good to see new Authentication algorithm TUAK as an alternative to the widely used Milenage algorithm.



Monday, 13 January 2014

My observations on Mobiles and OTT Apps in India

What a change 2 years can make. The last time I was in India, people were reluctant to use data, smartphones were far and few and even those smartphones were just status symbols rather than for actual 'smart' use.


This time a lot of things were very different. I found that there was a Phablet craze going on. No sooner were people starting to get used to these big screen devices they realised how many things they could do. The well to do were buying Samsung devices and the people who did not want to spend big bucks were content with the little known brands.


The Domo phablet on the left in the picture above costs around 8000 (£80/$130) and the Maxx on the right is roughly ₹5500 (£55/$90). Both these come with 1 year warranty.


There were also quite a few ads using celebrities promoting Phablets. Its good to see people spending on these devices. Unlike UK where most of these devices are subsidised on a contract, people in India prefer pre-paid option and buying the phone outright.


I have to admit that even though I am a fan of these big screen devices, I find the Samsung Galaxy Tab just a bit too big for the use as a phone (see pic above).

It was also good to see that people have embraced the 3G data usage as well. I got a 6GB package for roughly 1000 (£10/$16). I found that people complained about the speeds and were prepared to pay more for 4G (faster data rates). I also noticed that a few people were not aware of Wi-Fi and the fixed broadband. I was told that the fixed broadband was capped, offered similar prices and could be quite unreliable. I guess Wireless is helping in India where the fixed Infrastructure may still be an issue in many places.

I have to mention here that I did not meet anyone who was using an iPhone. This could be due to iPhone being ridiculously expensive and people may be thinking why pay a high price for such a small screen. A comparison of iPhone prices worldwide showed that the price of iPhone 5S as % of GDP per capita (PPP) is the highest in India. See here.


Another area of observation was SMS and OTT apps. I remember spending a lot of time trying to convince people to use OTT apps for messaging as it would be cheaper for International messages. Well, now it seems everyone has adopted it whole heartedly. One of the problems with SMS in India is that you get too much Spam SMS and sometimes the operators are the culprits. There is no way to send a stop for these SMS messages. With OTT Apps, you know who is sending you messages and you can block the offenders.

There are many OTT Apps which are popular like Hike, Line, WeChat, WhatsApp, etc. The winner though is undoubtedly WhatsApp. I met an acquaintance whose has stopped using emails for business and now relies completely on WhatsApp. Then there were others who loved it because of Group chat facility.

There were many reasons why WhatsApp is a winner. Along with a simple interface and Group chat facility, one of the other reasons pointed out was that the facility to see when the person was last online was very useful. Recently WhatsApp introduced facility to send Voice messages. This helped it acquire some of the WeChat users.

It was good to see the beginnings of the mobile revolution in India. Wonder what my next trip will show me.

Please note that this article is based on what I observed in Mumbai among friends and family. In no way should this be treated as  detailed research.

Wednesday, 8 January 2014

LTE-Broadcast (eMBMS) may fail again

I recently wrote a blog post for the Cisco SP Mobility blog on why the Cellular Broadcast may fail again (complete article embedded below). My main point is that small screen devices are not really suitable for mobile TV kind of applications. The larger devices like tablets are but since they do not contain the (U)SIM card, its not possible for them to receive cellular broadcast signals.

Anyway, I came across this picture below from the recent Ericsson Mobility report:

This highlights my point that more people are now preferring to watch videos over the tablets as compared to the smaller smartphone screens. Even though the other diagrams in the article does show a significant amount of users using their smartphones for viewing movies and long clips, my belief is that this will reduce over the time as the tablet share increases



A recent Business Insider article says that "One In Every 5 People In The World Own A Smartphone, One In Every 17 Own A Tablet". Once the users move to using bigger screens, their preferences on how they watch videos will definitely change.

A real interesting chart would be to show users viewing habits based on the screen size. Phablets are generally classified as smartphones but can be substitutes for tablets in many scenarios. They could definitely help the Mobile TV viewing habits on the smartphones.

Anyway, here is the complete article:



Friday, 3 January 2014

2014 Mobile Internet Prediction Survey



Interesting presentation by Chetan Sharma listing what we can expect in 2014. Slide 9 as shown in the picture above highlights the breakthrough categories. Good to see that LTE-B ('B' for broadcast) has not made it into this list. My guess is that connected cars and wearable computing will be in the news constantly throughout the year.

The complete presentation as follows:


Friday, 13 December 2013

Advancements in Congestion control technology for M2M


NTT Docomo recently published a new article (embedded below) on congestion control approaches for M2M. In their own words:

Since 3GPP Release 10 (Rel. 10) in 2010, there has been active study of technical specifications to develop M2M communications further, and NTT DOCOMO has been contributing proactively to creating these technical specifications. In this article, we describe two of the most significant functions standardized between 3GPP Rel. 10 and Rel. 11: the M2M Core network communications infrastructure, which enables M2M service operators to introduce solutions more easily, and congestion handling technologies, which improve reliability on networks accommodating a large number of terminals.

Complete article as follows:



Other related posts:

Monday, 9 December 2013

Rise of the "Thing"

Light Reading carried an interesting cartoon on how M2M works. I wouldnt be surprised if some of the M2M applications at present do work like this. Jokes apart, last week the UK operator EE did a very interesting presentation on Scaling the network for the Rise of the Thing.

A question often asked is "What is the difference between the 'Internet of Things' (IoT) and 'Machine to Machine' (M2M)?". This can generate big discussions and can be a lecture on its own. Quora has a discussion on the same topic here. The picture above from the EE presentation is a good way of showing that M2M is a subset of IoT. 

Its also interesting to note how these 'things' will affect the signalling. I often come across people who tell me that since most M2M devices just use small amounts of data transfer, why is there a need to move from GPRS to LTE. The 2G and 3G networks were designed primarily for Voice with Data secondary function. These networks may work well now but what happens when the predicted 50 Billion connected devices are here by 2020 (or 500 Billion by 2030). The current networks would drown in the control signalling that would often result in congested networks. Congestion control is just one of the things 3GPP is working on for M2M type devices as blogged earlier here. In fact the Qualcomm presentation blogged about before does a decent job of comparing various technologies for IoT, see here.

The EE presentation is embedded as follows:



Another good example website I was recently made aware of is http://postscapes.com/internet-of-things-examples/ - worth checking how IoT would help us in the future.