Wednesday 20 September 2017

A quick starter on 4G voice (for beginners)


I recently did a 4G voice presentation for beginners after realizing that even though so many years have passed after VoLTE was launched, people are still unsure how it works or how its different from CS Fallback.

There are many other posts that discuss these topics in detail on this blog (follow the label) or on 3G4G website. Anyway, here is the video:


The slides are available on 3G4G Slideshare account here. More similar training videos are available here.

Thursday 14 September 2017

NB-IoT based smart bicycle lock


Huawei (see here and here) has partnered with China Telecom and Bike sharing company called Ofo.

ofo developed an IoT smart lock based on NB-IoT technology that lowers power consumption, enables wide coverage, and slashes system resource delays at low cost. NB-IoT lets ofo ensure it has bikes located at key locations when commuter demand is highest. Meanwhile, bikes can be unlocked in less than a second. Both improvements have greatly boosted user satisfaction.

ofo and its partners added key technologies to ofo’s own platform. These included the commercial network provided by China Telecom, and Huawei’s intelligent chip-based NB-IoT solution. When launching its NB-IoT solution earlier this year, ofo founder and CEO Dai Wei said that the cooperation between ofo, Huawei, and China Telecom is a “mutually beneficial joint force of three global leading enterprises.”

At the core is Huawei’s IoT solution, which includes smart chips, networking, and an IoT platform. The solution provides strong coverage in poor-signal areas and a network capacity that’s more than one hundred times stronger than standard terminals. The payment process has dropped from 25 seconds to less than 5, while battery life has been lengthened from 1 or 2 months to more than 2 years, saving costs and reducing the need for frequent maintenance.

ofo’s cooperation with Huawei on NB-IoT smart locks bodes well for improving the industry as whole. Huawei’s technology optimizes lifecycle management for locks, while the sensors on the locks collect information such as equipment status, user data, and operating data. They connect the front- and back-end industrial chains to achieve intelligent business management, enable the bikes to be located in hot spots, facilitate rapid maintenance, and boost marketing and value-added services.

This video gives an idea of how this works:



As per Mobile World Live:

Ofo co-founder Xue Ding said during a presentation the high power efficiency and huge capacity of NB-IoT make the technology ideal to deliver its smart locks, which are really the brains of its operations.

The company offers what is termed station free pushbike hire, meaning bikes can be collected and deposited from any legal parking spot. Users can locate bikes using their smartphone, and unlock it by scanning a barcode.

However, the process can be interrupted by mobile network congestion or if signals are weak – for example in remote areas: “Using NB-IoT, users will not be stuck because of inadequate capacity,” Xue said.
...
Xiang Huangmei, a VP at China Telecom’s Beijing branch, said the low power consumption of the NB-IoT chip in the lock means the battery will last eight years to ten years, so it will never need to be replaced during the standard lifecycle of an Ofo bike.

The NB-IoT network, deployed on the 800MHz band, offers good indoor and outdoor coverage, the VP said citing car parks as an example. One base station can support 100,000 devices over an area of 2.5 square-km.

Finally, to know which operator is supporting which IoT technology, see the IoT tracker here.

Sunday 10 September 2017

Smartphone Batteries Round-up: Technology, Charging & Recycling

Back in 2013, I spoke about Smart Batteries. Still waiting for someone to deliver on that. In the meantime I noticed that you can use an Android phone to charge another phone, via cable though. See the pic below:


You are probably all aware of the Samsung Galaxy Note 7 catching fires. In case you are interested in knowing the reasons, Guardian has a good summary here. You can also see the pic below that summarises the issue.


Lithium-ion batteries have always been criticized for its abilities to catch fire (see here and here) but researchers have been working on ways to reduce the risk of fire. There are some promising developments.


The electrochemical masterminds at Stanford University have created a lithium-ion battery with built-in flame suppression. When the battery reaches a critical temperature (160 degrees Celsius in this case), an integrated flame retardant is released, extinguishing any flames within 0.4 seconds. Importantly, the addition of an integrated flame retardant doesn't reduce the performance of the battery.

Researchers at the University of Maryland and the US Army Research Laboratory have developed a safe lithium-ion battery that uses a water-salt solution as its electrolyte. Lithium-ion batteries used in smartphones and other devices are typically non-aqueous, as they can reach higher energy levels. Aqueous lithium-ion batteries are safer as the water-based electrolytes are inflammable compared to the highly flammable organic solvents used in their non-aqueous counterparts. The scientists have created a special gel, which keeps water from reacting with graphite or lithium metal and setting off a dangerous chain reaction.


Bloomberg has a good report as to why we’re going to need more Lithium.

Starting about two years ago, fears of a lithium shortage almost tripled prices for the metal, to more than $20,000 a ton, in just 10 months. The cause was a spike in the market for electric vehicles, which were suddenly competing with laptops and smartphones for lithium ion batteries. Demand for the metal won’t slacken anytime soon—on the contrary, electric car production is expected to increase more than thirtyfold by 2030, according to Bloomberg New Energy Finance.

Even if the price of lithium soars 300 percent, battery pack costs would rise only by about 2 percent.

University of Washington researchers recently demonstrated the world's first battery-free cellphone, created with funding from the U.S. National Science Foundation (NSF) and a Google Faculty Research Award for mobile research.

The battery-free technology harvests energy from the signal received from the cellular base station (for reception) and the voice of the user (for transmission) using a technique called backscattering. Backscattering for battery-free operation is best known for its use in radio frequency identification (RFID) tags, typically utilized for applications such as locating products in a warehouse and keeping track of high-value equipment. An RFID base station (called a reader) "pings" the tag with an RF pulse, which allows the tag to harvest microwatts of energy from it—enough to return a backscattered RF signal modulated with the identity of the item.



Unfortunately, harvesting generates very little energy; so little, that you really need a new standard. For instance, Wi-Fi signals transmit continuously, but harvesting that energy constantly will only enable transmissions of about 10 feet today. Range will be the big challenge for making this technology successful.

So we wont be seeing them anytime soon unfortunately.

Recycling of materials is always a concern, especially now that the use of Lithium-ion is increasing. Financial Times (FT) recently did a good summary of all the companies trying to recycle Lithium, Cobalt, etc.

Mr Kochhar estimates over 11m tonnes of spent lithium-ion batteries will be discarded by 2030. The company is looking to process 5,000 tonnes a year to start with and eventually 250,000 tonnes — a similar amount to a processing plant for mined lithium, he said.

The battery industry currently uses 42 percent of global cobalt production, a critical metal for Lithium-ion cells. The remaining 58 percent is used in diverse industrial and military applications (super alloys, catalysts, magnets, pigments…) that rely exclusively on the material.

According to Wikipedia, The purpose of the Cobalt (Co) within the LIBs is to act as a sort of bridge for the lithium ions to travel on between the cathode (positive end of the battery) and the anode (the negative end). During the charging of the battery, the cobalt is oxidized from Coᶾ⁺ to Co⁴⁺. This means that the transition metal, cobalt, has lost an electron. During the discharge of the battery the cobalt is reduced from Co⁴⁺ to Coᶾ⁺. Reduction is the opposite of oxidation. It is the gaining of an electron and decreases the overall oxidation state of the compound. Oxidation and reduction reactions are usually coupled together in a series of reactions known as red-ox (reduction-oxidation) reactions. This chemistry was utilized by Sony in 1990 to produce lithium ion cells.

From Treehugger: An excellent investigative piece by the Washington Post called “The cobalt pipeline: From dangerous tunnels in Congo to consumers’ mobile tech” explores the source of this valuable mineral that everyone relies on, yet knows little about.
“Lithium-ion batteries were supposed to be different from the dirty, toxic technologies of the past. Lighter and packing more energy than conventional lead-acid batteries, these cobalt-rich batteries are seen as ‘green.’ They are essential to plans for one day moving beyond smog-belching gasoline engines. Already these batteries have defined the world’s tech devices.
“Smartphones would not fit in pockets without them. Laptops would not fit on laps. Electric vehicles would be impractical. In many ways, the current Silicon Valley gold rush — from mobile devices to driverless cars — is built on the power of lithium-ion batteries.”
What The Post found is an industry that’s heavily reliant on ‘artisanal miners’ or creuseurs, as they’re called in French. These men do not work for industrial mining firms, but rather dig independently, anywhere they may find minerals, under roads and railways, in backyards, sometimes under their own homes. It is dangerous work that often results in injury, collapsed tunnels, and fires. The miners earn between $2 and $3 per day by selling their haul at a local minerals market.

There is a big potential for reducing waste and improving lives, hopefully we will see some developments on this front soon.

Friday 8 September 2017

Debugging Problem: Same Phones With Different Signal Levels?

I have discussed this problem in past, based on questions asked on various fora (example). Here is a video I made some weeks back. Will be interested to know what other reasons people can come up with 😊.


Sunday 3 September 2017

5G Core Network, System Architecture & Registration Procedure

The 5G System architecture (based on 3GPP TS 23.501: System Architecture for the 5G System; Stage 2) consists of the following network functions (NF). The functional description of these network functions is specified in clause 6.
- Authentication Server Function (AUSF)
- Core Access and Mobility Management Function (AMF)
- Data network (DN), e.g. operator services, Internet access or 3rd party services
- Structured Data Storage network function (SDSF)
- Unstructured Data Storage network function (UDSF)
- Network Exposure Function (NEF)
- NF Repository Function (NRF)
- Network Slice Selection Function (NSSF)
- Policy Control function (PCF)
- Session Management Function (SMF)
- Unified Data Management (UDM)
- Unified Data Repository (UDR)
- User plane Function (UPF)
- Application Function (AF)
- User Equipment (UE)
- (Radio) Access Network ((R)AN)

As you can see, this is slightly more complex than the 2G/3G/4G Core Network Architecture.

Alan Carlton, Vice President, InterDigital and Head of InterDigital International Labs Organization spanning Europe and Asia provided a concise summary of the changes in 5G core network in ComputerWorld:

Session management is all about the establishment, maintenance and tear down of data connections. In 2G and 3G this manifested as the standalone General Packet Radio Service (GPRS). 4G introduced a fully integrated data only system optimized for mobile broadband inside which basic telephony is supported as just one profile.

Mobility management as the name suggests deals with everything that needs doing to support the movement of users in a mobile network. This encompasses such functions as system registration, location tracking and handover. The principles of these functions have changed relatively little through the generations beyond optimizations to reduce the heavy signaling load they impose on the system.

The 4G core network’s main function today is to deliver an efficient data pipe. The existence of the service management function as a dedicated entity has been largely surrendered to the “applications” new world order. Session management and mobility management are now the two main functions that provide the raison d’etre for the core network.

Session management in 4G is all about enabling data connectivity and opening up a tunnel to the world of applications in the internet as quickly as possible. This is enabled by two core network functions, the Serving Gateway (SGW) and Packet Data Gateway (PGW). Mobility management ensures that these data sessions can be maintained as the user moves about the network. Mobility management functions are centralized within a network node referred to as Mobility Management Entity (MME). Services, including voice, are provided as an “app” running on top of this 4G data pipe. The keyword in this mix, however, is “function”. It is useful to highlight that the distinctive nature of the session and mobility management functions enables modularization of these software functions in a manner that they can be easily deployed on any Commercial-Off-The-Shelf (COTS) hardware.

The biggest change in 5G is perhaps that services will actually be making a bit of a return...the plan is now to deliver the whole Network as a Service. The approach to this being taken in 3GPP is to re-architect the whole core based on a service-oriented architecture approach. This entails breaking everything down into even more detailed functions and sub-functions. The MME is gone but not forgotten. Its former functionality has been redistributed into precise families of mobility and session management network functions. As such, registration, reachability, mobility management and connection management are all now new services offered by a new general network function dubbed Access and Mobility Management Function (AMF). Session establishment and session management, also formerly part of the MME, will now be new services offered by a new network function called the Session Management Function (SMF). Furthermore, packet routing and forwarding functions, currently performed by the SGW and PGW in 4G, will now be realized as services rendered through a new network function called the User Plane Function (UPF).

The whole point of this new architectural approach is to enable a flexible Network as a Service solution. By standardizing a modularized set of services, this enables deployment on the fly in centralized, distributed or mixed configurations to enable target network configurations for different users. This very act of dynamically chaining together different services is what lies at the very heart of creating the magical network slices that will be so important in 5G to satisfy the diverse user demands expected. The bottom line in all this is that the emphasis is now entirely on software. The physical boxes where these software services are instantiated could be in the cloud or on any targeted COTS hardware in the system. It is this intangibility of physicality that is behind the notion that the core network might disappear in 5G.


3GPP TS 23.502: Procedures for the 5G System; Stage 2, provides examples of signalling for different scenarios. The MSC above shows the example of registration procedure. If you want a quick refresher of LTE registration procedure, see here.

I dont plan to expand on this procedure here. Checkout section "4.2.2 Registration Management procedures" in 23.502 for details. There are still a lot of FFS (For further studies 😉) in the specs that will get updated in the coming months.


Further Reading:

Friday 1 September 2017

Nokia Bell Labs - Future Impossible Series Videos

Picture Source: Cnet

Bell Labs, which has played a significant role in telecoms history and has a very glorious list of achievements created a collection of short films highlighting the brilliant minds who created the invisible nervous system of our society. Some of you may be aware that Bell Labs is now a part of Nokia but was previously part of Alcatel-Lucent, Lucent and AT&T before that.

The playlist with 5 videos is embedded below and short details of the videos follows that.


Video 1: Introduction

Introducing 'Future Impossible', a collection of short films highlighting the brilliant minds who created the invisible nervous system of our society, a fantastic intelligent network of wires and cables undergirding and infiltrating every aspect of modern life.


Video 2: The Shannon Limit

In 1948, father of communications theory Claude Shannon developed the law that dictated just how much information could ever be communicated down any path, anywhere, using any technology. The maximum rate of this transmission would come to be known as the Shannon Limit.  Researchers have spent the following decades trying to achieve this limit and to try to go beyond it.


Video 3: The Many Lives of Copper

In the rush to find the next generation of optical communications, much of our attention has moved away from that old standby, copper cabling. But we already have miles and miles of the stuff under our feet and over our heads. What if instead of laying down new optical fiber cable everywhere, we could figure out a way to breathe new life into copper and drive the digital future that way?


Video 4: The Network of You

In the future, every human will be connected to every other human on the planet by a wireless network. But that’s just the beginning. 

Soon the stuff of modern life will all be part of the network, and it will unlock infinite opportunities for new ways of talking, making and being. The network will be our sixth sense, connecting us to our digital lives. In this film, we ponder that existence and how it is enabled by inventions and technologies developed over the past 30 years, and the innovations that still lie ahead of us.


Video 5: Story of Light

When Alexander Graham Bell discovered that sound could be carried by light, he never could have imagined the millions of written text and audio and video communications that would one day be transmitted around the world every second on a single strand of fiber with the dimensions of a human hair.

Follow the journey of a single text message zipping around the globe at the speed of light, then meet the researchers that have taken up Bell’s charge.


For anyone interested, Wikipedia has a good detailed info on Bell Labs history here.

Sunday 27 August 2017

Bluetooth 5 for IoT


Bluetooth 5 (not 5.0 - to simplify marketing messages and communication) was released last year. The main features being 2x Faster, 4x Range (Bluetooth 4 - 50m outdoors, 10m Indoors; Bluetooth 5 - 200m outdoors, 40m indoors) & 8x Data.
I like this above slide by Robin Heydon, Qualcomm from a presentation he gave in CW (Cambridge Wireless) earlier this year. What is highlights is that Bluetooth 5 is Low Energy (LE) like its predecessor 4.0.For anyone interested, a good comparison of 5 vs 4.2 is available here.

In addition, Mesh support is now available for Bluetooth. I assume that this will work with Bluetooth 4.0 onwards but it would probably only make sense from Bluetooth 5 due to support for reasonable range.

The Bluetooth blog has a few posts on Mesh (see here, here and here). I like this simple introductory video below.


This recent article by Geoff Varral on RTT says the following (picture from another source):

Long distance Bluetooth can also be extended with the newly supported mesh protocol.

This brings Bluetooth into direct competition with a number of other radio systems including 802.15,4 based protocols such as Zigbee, LoRa, Wireless-M (for meter reading), Thread and 6 LowPAN (IPV6 over local area networks. 802.11 also has a mesh protocol and long distance ambitions including 802.11ah Wi-Fi in the 900 MHz ISM band. It also moves Bluetooth into the application space targeted by LTE NB IOT and LTE M though with range limitations.

There are some interesting design challenges implied by 5.0. The BLE specification is inherently less resilient to interference than Classic or EDR Bluetooth. This is because the legacy seventy eight X 1 MHz channels within the 20 MHz 2.4 GHz pass band are replaced with thirty nine two MHz channels with three fixed non hopping advertising channels in the middle and edge of the pass band.

These have to withstand high power 20 MHz LTE TDD in Band 40 (below the 2.4 GHz pass band) and high power 20 MHz LTE TDD in band 41 above the pass band (and Band 7 LTE FDD). This includes 26 dBm high power user equipment.

The coexistence of Bluetooth, Wi-Fi and LTE has been intensively studied and worked on for over ten years and is now managed with surprising effectiveness within a smart phone through a combination of optimised analogue and digital filtering (SAW and FBAR filters) and time domain interference mitigation based on a set of  industry standard wireless coexistence protocols.

The introduction of high power Bluetooth however implies that this is no longer just a colocation issue but potentially a close location issue. Even managing Bluetooth to Bluetooth coexistence becomes a non-trivial task when you consider that +20 dBm transmissions will be closely proximate to -20 dBm or whisper mode -30 dBm transmissions and RX sensitivity of -93 dBm, potentially a dynamic range of 120dB. Though Bluetooth is a TDD system this isolation requirement will be challenging and vulnerable to ISI distortion. 

More broadly there is a need to consider how ‘5G Bluetooth’ couples technically and commercially with 5G including 5G IOT

Ericsson has a whitepaper on Bluetooth Mesh Networking. The conclusion of that agrees that Bluetooth may become a relevant player in IoT:

Bluetooth mesh is a scalable, short-range IoT technology that provides flexible and robust performance. The Bluetooth Mesh Profile is an essential addition to the Bluetooth ecosystem that enhances the applicability of Bluetooth technology to a wide range of new IoT use cases. Considering the large Bluetooth footprint, it has the potential to be quickly adopted by the market. 

With proper deployment and configuration of relevant parameters of the protocol stack, Bluetooth mesh is able to support the operation of dense networks with thousands of devices. The building automation use case presented in this white paper shows that Bluetooth mesh can live up to high expectations and provide the necessary robustness and service ratio. Furthermore, the network design of Bluetooth mesh is flexible enough to handle the introduction of managed operations on top of flooding, to further optimize behavior and automate the relay selection process.


Moreover, another Ericsson article says that "smartphones with built-in Bluetooth support can be part of the mesh, may be used to configure devices and act as capillary gateways."

A capillary network is a LAN that uses short-range radio-access technologies to provide groups of devices with wide area connectivity. Capillary networks therefore extend the range of the wide area mobile networks to constraint devices. Figure above illustrates the Bluetooth capillary gateway concept.

Once there are enough smartphones and Bluetooth devices with Bluetooth 5 and Mesh support, It would be interesting to see how developers use it. Would also be interesting to see if it will start encroaching LoRa and Sigfox markets as well.

Sunday 20 August 2017

Enhanced 5G Security via IMSI Encryption


IMSI Catchers can be a real threat. It doesn't generally affect anyone unless someone is out to get them. Nevertheless its a security flaw that is even present in LTE. This presentation here is a good starting point on learning about IMSI Catcher and the one here about privacy and availability attacks.


This article by Ericsson is a good starting point on how 5G will enhance security by IMSI encryption. From the article:
The concept we propose builds on an old idea that the mobile device encrypts its IMSI using home network’s asymmetric key before it is transmitted over the air-interface. By using probabilistic asymmetric encryption scheme – one that uses randomness – the same IMSI encrypted multiple times results in different values of encrypted IMSIs. This makes it infeasible for an active or passive attacker over the air-interface to identify the subscriber. Above is a simplified illustration of how a mobile device encrypts its IMSI. 
Each mobile operator (called the ‘home network’ here) has a public/private pair of asymmetric keys. The home network’s private asymmetric key is kept secret by the home network, while the home network’s public asymmetric key is pre-provisioned in mobile devices along with subscriber-specific IMSIs (Step 0). Note that the home network’s public asymmetric key is not subscriber-specific. 
For every encryption, the mobile device generates a fresh pair of its own public/private asymmetric keys (Step 1). This key pair is used only once, hence called ephemeral, and therefore provide probabilistic property to the encryption scheme. As shown in the figure, the mobile device then generates a new key (Step 2), e.g., using Diffie–Hellman key exchange. This new key is also ephemeral and is used only once to encrypt the mobile device’s IMSI (Step 3) using symmetric algorithm like AES. The use of asymmetric and symmetric crypto primitives as described above is commonly known as integrated/hybrid encryption scheme. The Elliptic Curve Integrated Encryption Scheme (ECIES) is a popular scheme of such kind and is very suitable to the use case of IMSI encryption because of low impact on radio bandwidth and mobile device’s battery. 
The nicest thing about the described concept is that no public key infrastructure is necessary, which significantly reduces deployment complexity, meaning that mobile operators can start deploying IMSI encryption for their subscribers without having to rely on any external party or other mobile operators.

'3GPP TR 33.899: Study on the security aspects of the next generation system' lists one such approach.


The Key steps are as follows:

  1. UE is configured with 5G (e)UICC with ‘K’ key, the Home Network ID, and its associated public key.
  2. SEAF send Identity Request message to NG-UE. NG-UE considers this as an indication to initiate Initial Authentication.
  3. NG-UE performs the following:
    1. Request the (e)UICC application to generate required security material for initial authentication, RANDUE, , COUNTER, KIARenc, and KIARInt.
    2. NG-UE builds IAR as per MASA. In this step NG-UE includes NG-UE Security Capabilities inside the IAR message. It also may include its IMEI. 
    3. NG-UE encrypts the whole IAR including the MAC with the home network public key.
    4. NG-UE sends IAR to SEAF.
  4. Optionally, gNB-CP node adds its Security Capabilities to the transposrt message between the gNB-CP and the SEAF (e.g., inside S1AP message as per 4G).
  5. gNB-CP sends the respective S1AP message that carries the NG-UE IAR message to the SEAF.
  6. SEAF acquirs the gNB-CP security capabilities as per the listed options in clause 5.2.4.12.4.3and save them as part of the temporary context for the NG-UE.
  7. SEAF follows MASA and forward the Authentication and Data Request message to the AUSF/ARPF.
  8. When AUSF/ARPF receives the Authentication and Data Request message, authenticates the NG-UE as per MASA and generates the IAS respective keys. AUSF/ARPF may recover the NG-UE IMSI and validate the NG-UE security capabilities.
  9. AUSF/ARPF sends Authentication and Data Response to the SEAF as per MASA with NG-UE Security Capabilities included.
  10. SEAF recovers the Subscriber IMSI, UE security Capabilities, IAS keys, RANDHN, COUNTER and does the following:
    1. Examine the UE Security Capabilities and decides on the Security parameters.
    2. SEAF may acquire the UP-GW security capabilities at this point after receiving the UP-GW identity from AUSF/ARPF or allocate it dynamically through provisioning and load balancing.
  11. SEAF builds IAS and send to the NG-UE following MASA. In addition, SEAF include the gNB-CP protocol agreed upon security parameters in the S1AP message being sent to the gNB-CP node.
  12. gNB-CP recovers gNB-CP protocol agreed upon security parameters and save it as part of the NG-UE current context.
  13. gNB-CP forwards the IAS message to the NG-UE.
  14. NG-UE validates the authenticity of the IAS and authenticates the network as per MASA. In addition, the UE saves all protocols agreed upon security parameters as part of its context. NG-UE sends the Security and Authentication Complete message to the SEAF.
  15. SEAF communicates the agreed upon UP-GW security parameters to the UP-GW during the NG-UE bearer setup.

ARPF - Authentication Credential Repository and Processing Function 
AUSF - Authentication Server Function 
SCMF - Security Context Management Function
SEAF - Security Anchor Function
NG-UE - NG UE
UP - User Plane 
CP - Control Plane
IAR - Initial Authentication Request 
IAS - Initial Authentication Response
gNB - Next Generation NodeB

You may also want to refer to the 5G Network Architecture presentation by Andy Sutton for details.

See also:

Tuesday 15 August 2017

AT&T Blog: "Providing Connectivity from Inside a Cactus"


A recent AT&T blog post looks at how the fake cactus antennas are manufactured. I also took a closeup of a fake cactus antenna when I went to a Cambridge Wireless Heritage SIG event as can be seen in tweet below.

The blog says:
To make a stealth site look as real as possible, our teams use several layers of putty and paint. Our goal is to get the texture and color just right, but also ensure it can withstand natural elements – from snowy Colorado to blistering Arizona. 
Tower production takes 6-8 weeks and starts with constructing a particular mold. The molds quickly become 30-foot tall saguaro cacti or 80-foot tall redwood trees.But these aren’t just steel giants. 
The materials that cover the stealth antennas, like paint or faux-leaves, must be radio frequency-friendly. Stealth antennas designed to look like church steeples or water towers are mostly made of fiberglass. This lets the signal from the antennas penetrate through the casing. 
These stealth deployments are just one of the many unique ways we provide coverage to our customers. So take a look outside, your connection may be closer than you think—hidden in plain sight!
This videos gives a good idea


If this is a topic of interest, then have a look at this collection of around 100 antennas:



See also: