Saturday, 14 April 2012

Evolution of 3GPP Security

A look at how an iPad is made

I found this interesting, how everything is nearly automated in making of these phones and tablets

Source Credit - American Public Media's 'Marketplace'.
Reporter Credit - Rob Schmitz, Shanghai Bureau Chief

It may just be a matter of time till some of the functionality that people are doing would be replaced by arm robots, like the ones in the video below that show Toyota Camry being made mostly by robots

Thursday, 12 April 2012

Whitespaces Standards

Continuing on the same topic of whitespaces from yesterday, we try and see who is working on the standardisation of whitespaces

IETF Protocol to Access White Space database (PAWS)

The charter for this WG was established 14 June 2011. Generally, the IETF strives to utilise established protocols rather than develop new ones. The objecives of this WG are:
  • Standardise a mechanism for discovering a white space database
  • Standardise a mechanism for accessing a white space database
  • Standardise query and response formats to be carried over the database access method
  • Ensure that the discovery mechanism, database access method and query response formats have appropriate security levels in place.
The WG goals are:
  • April 2012 Submit ‘Use-cases and Requirements for Accessing a Radio White Space Database’ to the IESG for publication as Informational. The current draft of this document is here:
  • December 2012, Submit ‘Accessing a Radio White Space Database’ to the IESG for publication as a Proposed Standard.

ETSI Reconfigurable Radio Systems (RRS)

The ETSI Technical Committee (TC) on Reconfigurable Radio Systems (RRS) has the responsibility for standardization activities related to Reconfigurable Radio Systems encompassing system solutions related to Software Defined Radio (SDR) and Cognitive Radio (CR), to collect and define the related Reconfigurable Radio Systems requirements from relevant stakeholders and to identify gaps, where existing ETSI standards do not fulfil the requirements, and suggest further standardization activities to fill those gaps.

IEEE Dynamic Spectrum Access Networks Standards Committee (DySPAN-SC)

The scope of the IEEE Dynamic Spectrum Access Networks Standards Committee (DySPAN-SC), which was formerly IEEE SCC41 until 2010, includes the following [1]:
  • dynamic spectrum access radio systems and networks with the focus on improved use of spectrum,
  • new techniques and methods of dynamic spectrum access including the management of radio transmission interference, and
  • coordination of wireless technologies including network management and information sharing amongst networks deploying different wireless technologies.
In December 2010 the IEEE SCC41 was re-organized as IEEE DySPAN-SC and its sponsor was changed from the IEEE Standards Coordinating Committee (SCC) to the IEEE Communications Society Standards Development Board (CSDB).
Included in the IEEE DySPAN SC are following working groups[1]:
  • 1900.1 Working Group on Definitions and Concepts for Dynamic Spectrum Access: Terminology Relating to Emerging Wireless Networks, System Functionality, and Spectrum Management
  • 1900.2 Working Group on Recommended Practice for Interference and Coexistence Analysis of In-Band and Adjacent Band Interference and Coexistence Between Radio Systems
  • 1900.4 Working Group on Architectural Building Blocks Enabling Network-Device Distributed Decision Making for Optimized Radio Resource Usage in Heterogeneous Wireless Access Networks
  • 1900.5 Working Group on Policy Language and Policy Architectures for Managing Cognitive Radio for Dynamic Spectrum Access Applications
  • 1900.6 Working Group on Spectrum Sensing Interfaces and Data Structures for Dynamic Spectrum Access and other Advanced Radio Communication Systems
  •  P1900.7 White Space Radio Working Group: Radio Interface for White Space Dynamic Spectrum Access Radio Systems Supporting Fixed and Mobile Operation
  • Ad hoc group on Dynamic Spectrum Access in Vehicular Environments (DSA-VE)
DySPAN SC is currently one of the most active standardization bodies for dynamic spectrum access radio systems and networks. 

CEPT/ECC WG Spectrum Engineering (SE), project team SE43

The ECC WGSE (Spectrum Engineering) has set up a special project dealing with cognitive radio matters. The SE43 was set up in May 2009 and finished its work in January 2011 by completing the ECC Report “Technical and Operational Requirements for the Possible Operation of Cognitive Radio Systems in the ‘White Spaces’ of the Frequency Band 470-790 MHz”The WG SE adopted the ECC Report 159 on white space devices for publication, in January 2011. This report can be downloaded from the undefinedCEPT/ECC website.

The main focus of the report is, as the title suggest, on coexistence with incumbent or primary systems. It contains definitions of “White Space”, cognitive radio and introduces the term “White Space Device” – WSD. The latter being the term used for the cognitive radio unit. The definition of “White Space” is taken from CEPT Report 24 “Technical considerations regarding harmonisation options for the Digital Dividend “ The report defines different scenarios for CR operation in terms of WSD types (personal/portable, home/office and public access points) and also discusses the three well known types of cognitive techniques: spectrum sensing, geo-location and beacons.
The report is focussed on protection of four possible incumbent systems: broadcast systems (BS), Program making and special events (PMSE), radio astronomy (RAS) and aeronautical radio navigation systems (ARNS). Comprehensive data on possible sensing and separation distances are given, and ends in operational and technical characteristics for white spaces devices to operate in the band. An estimate of available white space is also included.


Weightless operates in an 8MHz-wide channel, to fit into the slots used for broadcast TV (and will thus have to squeeze into 6MHz if used across the pond where TV is smaller). Weightless is a Time Division Duplex (TDD) protocol, so access point and clients take turns to transmit.

When the hub device checks with the national database, it supplies a location and receives a list of 8MHz slots which aren't being used to transmit TV in that location. Weightless will hop between available slots every second or so, skipping any which turn out to be too cluttered (though periodically checking back in case they've cleared).

Showing its M2M roots, a Weightless access point only pages connected devices every 15 minutes, so those devices only need power up the radio four times an hour. Neul reckons that running the radio for two seconds at such intervals results in power consumption roughly equal to the decay rate of an idle battery, so being connected (and idle) has no perceivable impact on battery life.

That means a single Weightless hub can run connections to hundreds devices, across a network spanning 10km or so. Those devices could easily have a battery life measured in years, and be capable of responding with megabytes of data within 15 minutes.

A device which wants to connect to the network won't want to wait that long, and neither will one with something to report. In such circumstances the client can pick up a transmitted frame, which comes every second or two, and register an interest in sending some data upstream.

The security side of Weightless has yet to be worked out, with mutual authentication being considered more important than encrypting the content. Having someone listening in to a meter reading isn't that important, having someone faking a reading is, and content can always be encrypted at a higher level (Weightless will happily carry IPv4 and IPv6 packets).

Once on the network, a device has to wait for the hub to say when it can talk, though it has the chance to request communication slots. The speed of transmission is dependent on the quality of the signal. Each frame is addressed in a basically encoded header; all other devices can switch off their radios once they know the frame isn't addressed to them, and if the receiving device is nearby (as established by the signal strength) then the rest of the frame can be tightly encoded in the knowledge that little will be lost en route.

That means a Weightless hub can speak to hundreds of devices on the same network, with the speed of connection varying between devices. A receiver near the hub might therefore get 10Mb/sec or better, but one operating on the same network, from the same hub, could be running at a few hundred Kb in the same timeframe.

Wednesday, 11 April 2012

Whitespace Spectrum Management Issues

BT has been conducting a "White Space" trial in Isle of Bute, UK. Initial report suggests that the results are not very impressive. The following is from ISP Review:

Early feedback from BT’s trial of ‘White Space‘ (IEEE 802.22) wireless broadband technology on the Isle of Bute suggests that the service, which delivers internet access by making use of the unused radio spectrum that exists between Digital TV channels, still has a lot of problems to overcome, not least in terms of its sporadic performance.

In theory the 802.22 specification suggests that download speeds of up to 22Mbps per channel (Megabits per second) could be possible and some UK trials claim to have reached around 16Mbps, which is incidentally a long way off the UK’s chosen definition for superfast broadband (24Mbps+).
But separate reports from both PC Pro and the BBC today found that the service, which is complicated to deliver due to the ever changing spectrum and the risk of causing interference to DTV services, could struggle to deliver its top speeds.

At present BT’s implementation claims to be offering speeds of up to 10Mbps per channel, which will soon be upgraded to 15Mbps, but this reduces down to a maximum of just 4Mbps when 6km away from the transmitter. New tests at various points on the Isle of Bute showed speeds varying between just 1.5Mbps and 6Mbps (the latter was recorded within sight of BT’s mast).
In fairness White Space solutions are designed to target the last 10% of the UK where the government has so far only committed to a minimum download speed of just 2Mbps for all (Universal Service Commitment), which is a very low target. In addition White Space tech appears to deliver strong upload speed that is, in some cases, symmetrical. That makes it good for video conferencing and other upload dependent tasks.

As Fierce Broadband Wireless suggests, the low speeds could also be due to pre-standard gear that will just improve as time goes on.

The main reason for using this shared whitespace spectrum is due to the fact that the total amount of spectrum is limited and we want to make use of every available free spectrum to increase capacity of the overloaded networks.

Michael Fitch from BT recently spoke in our Cambridge Wireless Small Cells SIG event. The slide from his presentations neatly lays out the vision for shared spectrum.

In theory, even though this looks simple, in practice managing the database is a challenge by itself. The embedded slides below (Page 17 onwards) show the problems and the complexity associated with the database.
Time will tell how efficient and practical using whitespaces is.

Tuesday, 10 April 2012

Mobile Energy Efficiency (MEE) Optimisation project

Recently read that Telefonica, Germany has identified that it can save €1.8 million per year with the help of GSMA's MEE Optimisation service. Here is a detailed case study from GSMA:

Also, found a presentation that explains a bit more about what MEE (Mobile Energy Efficiency) is:
Maybe a good idea for other operators to start looking into how they can be saving with this initiative as well.

More details on MEE here.

Monday, 9 April 2012

Radio relay technologies in LTE-Advanced

The following is from NTT Docomo Technical journal

Three types of radio relay technologies and their respective advantages and disadvantages are shown in Figure 1. 
A layer 1 relay consists of relay technology called a booster or repeater. This is an Amplifier and Forward (AF) type of relay  technology by which Radio Frequency (RF) signals received on the downlink from the base station are amplified and transmitted to the mobile station. In a similar manner, RF signals received on the uplink from the mobile station are amplified and transmitted to the base station. The equipment functions of a layer 1 relay are relatively simple, which makes for low-cost implementation and short processing delays associated with relaying. With these  features, the layer 1 relay has already found widespread use in 2G and 3G mobile communication systems. It is being deployed with the aim of improving coverage in mountainous regions, sparsely populated areas and urban areas as well as in indoor environments.

The RF performance specifications for repeaters have already been specified in LTE, and deployment of these repeaters for the same purpose is expected. The layer 1 relay, however, amplifies intercell interference and noise together with desired signal components thereby deteriorating the received Signal to Interference plus Noise power Ratio (SINR) and reducing the throughput enhancement gain.

The layer 2 relay, meanwhile, is a Decode and Forward (DF) type of relay technology by which RF signals received on the downlink from the base station are demodulated and decoded and then encoded and modulated again before being sent on to the mobile station. This demodulation and decoding processing performed at the radio relay station overcomes the drawback in layer 1 relays of deteriorated received SINR caused by amplification of intercell interference and noise. A better throughput-enhancement effect can therefore be expected compared with the layer 1 relay. At the same time, the layer 2 relay causes a delay associated with modulation/demodulation and encoding/decoding processing. In this type of relay, moreover, radio functions other than modulation/demodulation and encoding/decoding (such as mobility control, retransmission control by Automatic Repeat request (ARQ), and user-data concatenation/segmentation/reassembly) are performed between the base station and mobile station transparently with respect to the radio relay, which means that new radio-control functions for supporting this relay technology are needed. 

The layer 3 relay also performs demodulation and decoding of RF signals received on the downlink from the base station, but then goes on to perform processing (such as ciphering and user-data concatenation/segmentation/reassembly) for retransmitting user data on a radio interface and finally performs encoding/modulation and transmission to the mobile station. Similar to the layer 2 relay, the layer 3 relay can improve throughput by eliminating inter-cell interference and noise, and additionally, by incorporating the same functions as a base station, it can have small impact on the standard specifications for radio relay technology and on implementation. Its drawback, however, is the delay caused by user-data processing in addition to the delay caused by modulation/demodulation and encoding/decoding processing.

In 3GPP, it has been agreed to standardize specifications for layer 3 relay technology in LTE Rel. 10 because of the above features of improved received SINR due to noise elimination, ease of coordinating standard specifications, and ease of implementing the technology. Standardization of this technology is now moving forward.

Layer 3 radio relay technology is shown in Figure 2. In addition to performing user-data regeneration processing and modulation/demodulation and encoding/ decoding processing as described above, the layer 3 relay station also features a unique Physical Cell ID (PCI) on the physical layer different than that of the base station. In this way, a mobile station can recognize that a cell provided by a relay station differs from a cell provided by a base station.

In addition, as physical layer control signals such as Channel Quality Indicator (CQI) and Hybrid ARQ (HARQ) can terminate at a relay station, a relay station is recognized as a base station from the viewpoint of a mobile station. It is therefore possible for a mobile station having only LTE functions (for example, a mobile station conforming to LTE Rel. 8 specifications) to connect to a relay station. Here, the wireless backhaul link (Un) between the base station and relay station and the radio access link (Uu) between the relay station and mobile station may operate on different frequencies or on the same frequency. In the latter case, if transmit and receive processing are performed simultaneously at the relay station, transmit signals will cause interference with the relay station’s receiver by coupling as long as sufficient isolation is not provided between the transmit and receive circuits. Thus, when operating on the same frequency, the wireless backhaul-link and radio-access-link radio resources should be subjected to Time Division Multiplexing (TDM) so that transmission and reception in the relay station are not performed simultaneously.

Scenarios in which the introduction of relay technology is potentially useful have been discussed in 3GPP. Deployment scenarios are shown in Table 1. Extending the coverage area to mountainous and sparsely populated regions (rural area and wireless backhaul scenarios) is an important scenario to operators. It is expected that relay technology can be used to economically extend coverage to such areas as opposed to deploying fixed-line backhaul links. Relay technology should also be effective for providing temporary coverage when earthquakes or other disasters strike or when major events are being held (emergency or temporary coverage scenario), i.e., for situations in which the deployment of dedicated fixed-line backhaul links is difficult. In addition, while pico base stations and femtocells can be used for urban hot spot, dead spot, and indoor hot spot scenarios, the installation of utility poles, laying of cables inside buildings, etc. can be difficult in some countries and regions, which means that the application of relay technology can also be effective for urban scenarios. Finally, the group mobility scenario in which relay stations are installed on vehicles like trains and buses to reduce the volume of control signals from moving mobile stations is also being proposed.

In 3GPP, it has been agreed to standardize the relay technology deployed for coverage extension in LTE Rel. 10. These specifications will, in particular, support one-hop relay technology in which the position of the relay station is fixed and the radio access link between the base station and mobile station is relayed by one relay station.

[1] 3GPP TS36.912 V9.1.0: “Feasibility study for Further Advancement for E-UTRA (LTE-Advanced),” 2010.
[2] 3GPP TS36.323 V9.0.0: “Evolved Universal Terrestrial Radio Access (E-UTRA); Packet Data Convergence Protocol (PDCP) specification,” 2009
[3] 3GPP TS36.322 V9.1.0: “Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Link Control (RLC) protocol specification,” 2010.
[4] 3GPP TS36.321 V9.2.0: “Evolved Universal Terrestrial Radio Access (E-UTRA); Medium Access Control (MAC) protocol specification,” 2010.
[5] 3GPP TS36.331 V9.2.0: “Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification,” 2010.
[6] 3GPP TS36.413 V9.2.1: “Evolved Universal Terrestrial Radio Access (E-UTRA); S1 Application Protocol (S1AP),” 2010.
[7] 3GPP TR36.806 V9.0.0: “Evolved Universal Terrestrial Radio Access (E-UTRA); Relay architectures for E-UTRA (LTEAdvanced),” 2010.
[8] IETF RFC4960: “Stream Control Transmission Protocol,” 2007.
[9] 3GPP TS29.281 V9.2.0: “General Packet Radio System (GPRS) Tunnelling Protocol User Plane (GTPv1-U),” 2010.

Sunday, 8 April 2012

Security issues in new technologies

I have attended a lot of events/talks in the last month where people talked about Augmented Reality, Proximity Marketing, QR codes, etc. but nobody seems to talk about security. Its being taken for granted. For example MAC's have been said to be Virus proof and they probably are but other Apps may be infectable and in this case its the Java that has allowed a MAC botnet about 0.6 Million strong.

Some years back proximity marketing via Bluetooth was a big thing and we were lucky to be involved with couple of projects making it possible but then the Bluetooth virus came to light and people stopped leaving their Bluetooth on in public places. Doesnt look like Bluetooth based proximity marketing has gone very far since those days.

QR codes is a simple way to for advertisers redirect the end users to their websites but then recently I read that a rogue QR code can be used to redirect the end users to a site that can be used to hack their phones. The main thing pointed out is that 99% of the time QR codes are read by mobile phones and 99% of these phones are either iPhones or Android's, which can help narrow down the exploits.

There is a good chance that when there is mass adoption of these new technologies, Security is going to be a big issue. Not sure if enough is being done. If there are any pointers on security issues please feel free to comment.

Wednesday, 4 April 2012

Project Glass: One day... By Google

I seem to like the Corning ones more that I blogged here.

** New Edits 05/04/12 09:40 **
From CNET:

Google's augmented reality glasses are real! Dubbed Project Glass, the long-rumoured lenses that show you heads-up information about the world around you have been confirmed by the company.
At the moment, Google's announcement is limited to a Google+ page
Here is a parody on above video from Tom Scott:

Monday, 2 April 2012

What is nano-SIM card

BBC reported that there is some dispute between Apple and Nokia/Rim for the next generation of SIM cards, 'nano-SIM'. You can read more about that here.

While looking for how the nano-SIM is different from other SIM cards I came across an interesting presentation from G&D. The above picture summarises the different types of SIM cards in use. The following is an extract from their whitepaper:

When the GSM network first appeared, mobile devices resembled bricks or even briefcases, and SIM cards were the size of credit cards. The subsequent miniaturization of the phones led to the standardization of smaller SIMs, the Plug-in SIM, and later the Mini-UICC also known as 3rd form factor (3FF). With the introduction of Apple’s iPad, the 3FF, or the Micro-SIM as it was then called, established itself widely in the market.

Nevertheless, the trend towards miniaturization of the SIM card is still not over. The latest form factor which is currently in discussion at ETSI (European Telecommunications Standards Institute) is the 4th form factor (4FF) or Nano-SIM. Measuring 12.3 x 8.8 mm, the Nano-SIM is about 30 percent smaller than the Micro-SIM. Even the thickness (0.7 mm) of the card has been reduced by about 15 percent – a tremendous technical challenge.

The Nano-SIM offers device manufacturers the crucial advantage of freeing up extra space for other mobile phone Nano-SIM The smallest SIM form factor on the market components such as additional memory or larger batteries. Popular smart phones in particular have to strike a balance between the need for components that are more powerful but bulkier and a slim design. The reduced volume of the 4FF gives manufacturers the opportunity to produce devices that are thinner and more appealing.

In case you were wandering the differences that are causing the disagreements, here are the differences between the formats: