Increasing the security of VoLTE with YateUCN

The emergence of VoLTE-capable devices is raising new security concerns for mobile network operators, as existing IMS deployments expose vulnerabilities in VoLTE handsets to other devices in the network. YateUCN unified core network brings a solution to these concerns by isolating SIP and RTP call legs between handsets.

b2bua_vs_sip_proxy_2015-10-13_image1

LTE uses an IMS network to deliver VoLTE (voice services), and does so via Session Initiation Protocols (SIPs). This makes the IMS network act as a SIP proxy, performing routing, session control, and registering the UE to VoLTE. Voice is delivered through RTP from one UE to the other. Therefore, in case of a security attack, it is theoretically possible for a third party to send additional information through a forged SIP message via the IMS, to the target UE.

b2bua_vs_sip_proxy_2015-10-13_image2

Voice communication in 4G LTE can also be subject to malicious acts at various layers of the channel, including at the IP packets level, the UDP, RTP, or even the codec level.

What’s more, SIP is also implemented directly in the baseband processor of the latest generation smartphones to allow subscribers to use VoLTE, making it easy to for a potential smartphone takeover to occur.

b2bua_vs_sip_proxy_2015-10-13_image3

For SIP signaling, YateUCN acts as a Back-to-Back User Agent server, ensuring a secure transmission of data. B2BUA allows SIP communication from the originating party (or User Agent) to be terminated at the one side of the network, where the message is verified. Any harmful information included in the received SIP message is eliminated and the message is recomposed to include only the information needed for the SIP to reach the end party.

The risk of attacks decreases since malicious data is not automatically allowed to pass from one UE to the other, and the split SIP messages are negotiated independently on the originating and terminating sides.

Unlike current IMS deployments, YateUCN allows the same message decoding, verification, and re-encoding of RTP by acting as a proxy. This also simplifies the deployment of Voice over LTE, since handsets only need to connect to YateUCN server.

SS7ware @ITU Telecom World 2015

This week we’re at ITU Telecom World, the United Nations Specialized Agency for Information and Communication Technologies conference in Budapest! Let’s meet!

October 12 through 15, SS7ware Inc. team is exhibiting at stand P13, in Pavilion F. Here are the highlights for the week:

David Burgess will be representing the SME community as a panelist in this Business-to-Government dialogue.

  • Live SatSite demonstration: Wednesday, October 14, 11:00 – 12:00, stand SS7ware P13

A live demo session followed by Q&A will be organized at our stand.

The SatSite lightweight, low-power base station is simply plugged in to allow calls between GSM handsets.

  • Exhibition: Monday, October 12 – Thursday, October 15. Stop by stand P13 anytime during the exhibition:

Monday 12 October: 10:30-18:00

Tuesday 13 & Wednesday 14 October: 10:00-18:00

Thursday 15 October: 10:00-16:00

Follow the news on Twitter (@yate_voip), Facebook, connect to us on LinkedIn or drop us a message if you wish to meet.

GSM and LTE, 2 technologies in 1 base station

LTE for bandwidth and GSM for voice are a match made in heaven for subscribers. The roll-out however, not so much. Running them both from the same radio equipment (BTS) can be the answer. SatSite can run both YateBTS (GSM) and YateENB (LTE) at the same time, in the same spectrum, using the same radio hardware.

Software-defined BTS

This is made possible by replacing commonly used FPGA and DSP boards with one Intel Atom chipset. Both the GSM YateBTS and the LTE YateENB are modules implemented in software, allowing the base station to be reprogrammed or reconfigured to support new protocols. A base station can run GSM at first, and can be later software-upgradeable to LTE, running multiple air interface protocols using the same radio, at the same time.

Mixed 2G/4G spectrum allocation

From a spectrum point of view, as seen in the image below, the mixed GSM/LTE technology enables a base station to be software-configurable for up to 4-TRX/ARFCN. A base station can use the 850, 900, 1800, and 1900 MhZ bands for both GSM and LTE, meaning that it will allocate two ARFCN to GSM and will use the remaining spectrum for LTE.

ss_mix_spectr_2015-10-6_pic1_version1.1Based on the subscribers’ activity (data vs. voice), operators can assign in software the spectrum priority for either LTE or GSM, so LTE gets a higher priority if there is a lower use of voice services. This optimizes the resources allocation in the network and supplies better access to users.

YateBTS and YateENB – Yate modules

Yate is an underlying part of the software architecture of our mixed 2G/4G RAN. It has a highly expandable architecture that provides unified management and monitoring. Both YateBTS and YateENB are software modules based on Yate. Yate’s SDR architecture enables the LTE and the GSM modules to use the same radio hardware. You can find out more about Yate’s multiple modules here.

ss_mix_spectr_2015-10-6_pic2_version1.1Yate’s SDR architecture also enabled us to replace the conventional, special purpose equipment combination of a baseband unit (BBU) + a remote radio unit (RRU), with a single unit. With this technology we implemented all the functions of both a conventional base station and a base station controller, eliminating the costly Abis interface for traffic and signaling, as well as partial functions of an Mobile Switching Center (MSC), in terms of mobility, power and frequency management and handover.

The mixed 2G/4G RAN technology is embodied in our SatSite base station. SatSite acts more like a conventional eNodeB, even when running on GSM, because it uses IP backhaul for both 2G and 4G. It also contains the IP list of all neighboring SatSite units.

Using off-the-shelf hardware and a generic operating system, SatSite embraces everything SDR stands for, and is the solution for an easy adoption of new standards or technologies, even 5G in the future.

A forecast on the evolution of radio access networks

This month we participated at an active antenna workshop in Warsaw. The event was well attended by many RAN managers, strategists and planners from various mobile operators around the world. There were also a large number of radio head and eNodeB, antenna, semiconductors and materials and test equipment vendors.

Crowded towers

There was a lot of talk about crowded towers. The majority of towers are already very crowded and at their mechanical limits. Because new equipment cannot be added, often times the only solution is that of replacing existing equipment with new antennas and radios. Since everyone in the industry wants ‘cleaner’, less crowded towers, the experts found that radio equipment capable of running on both GSM and LTE would help reduce the overall load on cell site towers.

active_anntenna_workshop

3G sunset

Within this workshop quite a few of our beliefs regarding the future of the UMTS have been confirmed:

  • In a number of markets UMTS 3G will be discontinued, while 2G will continue to stay, allowing for 2G/4G mixed networks to flourish.
  • While 2G spectrum allocation will diminish in time, GSM will still be alive and well for a while.
  • In many markets, UMTS 3G spectrum is already re-farmed for 4G LTE.

Massive MIMO?

As the workshop’s theme was the evolution of active antennas, a lot of the conversation revolved around MIMO technology and MIMO antennas. The 2×2 MIMO configuration is becoming a standard for mobile networks, and 4×2 MIMO is expected to become the standard in two to three years. There is little prospect in the industry for LTE devices to support more than 2 MIMO channels, meaning that the most practical MIMO configuration is the Nx2 variety. One of the most important current issues is that many LTE devices still don’t support MIMO.

Vertical sectorization

In terms of vertical sectorization, the consensus is that it can be useful only when combined with fast-responding self-organizing networks (SON). Vertical sectorization is only efficient when used throughout the whole network, and no just in a few cell sites. However, vertical sectorization will be obsolete once most LTE devices will support MIMO.

VoLTE perspectives from the RAN side

RAN experts present at the workshop discussed VoLTE’s slow adoption. One reason for this is that for any given cell site, the service range for VoLTE is typically smaller than that for UMTS’ or GSM’s circuit-switched service. It’s range is also limited by the overall uplink performance. However, MIMO antennas are expected to improve VoLTE’s uplink performance.

Summary

It was a pleasure to meet with so many representatives from both operators and vendors and hear their insights. To answer to the current needs of the industry, we developed combined 2G/4G software-defined radio systems. Our SatSite macro base station will support GSM and LTE independently, as well as at the same time, using a common radio access. This event was a confirmation that we are on the right track, as mixed 2G/4G networks are the future of mobile networks.

SDN and beyond

Software-defined networking (SDN) and network function virtualization (NFV) are new approaches to designing and operating mobile networks, granting operators better management possibilities and better use of the network capabilities.

NFV represents the virtualization of network nodes roles, which culminates in separate software implementations performing the functions typically executed by hardware components. At the other end, SDN uses the virtualisation technology to split the control plane (where you need flexibility) from the data plane (where you need speed/performance). However, the price for this is complexity which translates into high operation costs.

Operators benefit from such frameworks because they increase the network capacity and performance, and allow for better manageability.

The YateUCN approach recognizes the usefulness of separating the user plane and the data plane, but it implements both of them in software. The control plane is implemented in the user space for flexibility while the user plane in the kernel space for speed.

As a result, operators who deploy YateUCN networks will gain from considerably scaling down equipment, and will have better control over the network scalability and performance requirements. The image below shows the YateUCN implementation and a common SDN deployment using an OpenFlow switch.

Unified Core Network vs. Common SDN deployment

Common NFV/SDN implementations rely on virtualizing the EPC, so that the functions of the MME (Mobility Management Entity), the SGW (Serving Gateway), and the PGW (Packet Data Network Gateway) are each implemented in software and run on the same hardware. Drawbacks of this approach include:

  • the separation between the control and user plane is achieved by means of a switch, usually hardware-based and external to the network. This is a limitation of software-defined network functions;
  • the switch is designed to replace the PGW and obtain the IP connection which it sends to the eNodeB over the user plane. This means that it must support both GTP protocol for the user plane and IP which determines the high costs for such equipment.
  • the complexity of NFV requires additional effort from the network to accommodate it, which increases the overall cost of the solution.

The implementation of YateUCN differs significantly from the above.

First, it uses commodity hardware, so no special-purpose equipment needs is needed. Simply put, YateUCN is a COTS server, which completely diminishes investment, staff, space, and power requirements.

Secondly, YateUCN differs from virtualized EPC because it implements a unique software, based on Yate, that performs all functions of the MME, SGW, and PGW. All-software implementation also means that multiple protocols (Diameter, SS7) are equally implemented in YateUCN, and no additional implementations are required for the core to connect to the Home Subscriber Server or IMS. This helps operators cut down on highly specialized staff needs and facilitates inter-working with legacy networks.

Thirdly, instead of using a hardware switch, YateUCN implements it in the Yate kernel. Because the Unified Core Network is based on Yate, an expandable Linux-based telephony engine, it was possible to integrate a software switch in the core software, allowing for much faster data processing and eliminating the need to work with multiple vendors.

YateUCN core network solution removes the barriers of entering the market due to simplicity, scalability and low cost. YateUCN specifications features and specifications list can be accessed here.

Definition: MIMO

LTE brought forth a variety of equipment and technologies. One of these new technologies is Multiple Input Multiple Output, also known as MIMO. It allows the use of use of multiple antennas in wireless communications is one of the main reasons why LTE has such high bandwidth rates.

It all started with the V-BLAST (Vertical-Bell Laboratories Layered Space-Time) project, in 1996, which is, in fact, at the basis of MIMO systems. V-BLAST was a detection algorithm of multiple signals whose main purpose was to reconstruct the multiple received signals into a single, faster stream of transmitted data. This, of course, is precisely why MIMO does.

The principal application of this technology is embodied in MIMO antennas, particularly used in LTE mobile networks. As opposed to SISO (Single Input and Single Output) – an antenna system with one transmitter and one receiver – two 2×2 MIMO antenna systems will use 2 transmitters and 2 receivers to generate 4 paths for transmitting and receiving different data at the same time. The two transmitters send different parts of the same data stream simultaneously, while the receivers have to piece them back together. MIMO increases overall performance and range and is able to send more data without additional power or added bandwidth requirements.

mimo_antenna_2015-9-3_version1.2Typically, radio signals traveling through the air are prone to being affected by various phenomena such as: fading, interference, path loss and more. What’s special about MIMO is that it does wonders in multipath environments, increasing the data throughput and lowering the bit error rate. MIMO is able to identify one signal from another at the receiver side because they have been altered differently by multipath. The receivers can spot the ‘clues’ that multipath left behind to correctly decode the received signals into a single faster data stream. As opposed to MIMO, SISO systems perform poorly in multipath conditions. Considering that LTE has gained such momentum in urban ares, the home ground of multipath, it’s easy to understand why 4G uses MIMO antennas.

As mentioned above, a 2×2 MIMO antenna will send each data stream through two independent channels to overcome fading. This is a concept called ‘diversity’ and it ensures that at least one data stream will be less affected by fading, increasing the chances of the receiver to decode more data correctly. ‘Polarization diversity’ is a ‘diversity flavor and is also used in MIMO systems. To give a simple example, polarization diversity would translate in using antenna pairs polarized orthogonally, either in a vertical/horizontal position or slanted at ± 45º. 

To sum up, the MIMO technology used in LTE antenna systems increases overall data throughput, reduces co-channel interference and multipath propagation effects, improves the signal to noise ratio and reduces the bit error rate.

2G networks, to sunset or not to sunset

In recent years, network operators have faced an impressive rise in smartphone numbers, which, in turn, lead to a higher demand of packet-data. A 2015 Cisco report indicated that in 2014 alone mobile data traffic increased with 69% from the previous year. Many mobile carriers have already devised what they call ‘sunset plans’. While things might be a bit easier for subscribers, the situation is more urgent and concerning for M2M and IoT devices. The same Cisco report showed that in 2014 62% of all these intelligent devices were connected to 2G networks.

This is precisely the circumstance in which, in 2012, AT&T announced its decision to discontinue its 2G network to reuse the 850 MHz and 1900MHz spectrum for its 3G and 4G deployments.

However, AT&T is not the only operator in this situation. In Singapore, for example, all the nation’s operators (M1, SingTel  and StarHub)  will no longer provide 2G services by the end of 2016. From the 15 of September 2015 mobile dealers will stop registering 2G-only mobile devices. Similarly, the 2G spectrum will be reused for 3G and 4G services.

Telstra, the Australian carrier, has the same 2G decommissioning deadline as the operators mentioned above, since sales on 2G devices have dropped dramatically and 2G data traffic represents less than 1% of the network’s whole traffic.

It’s easy to see why some operators chose to discontinue their 2G deployments, yet these are still the best networks to provide for low-power IoT devices. To them it is old, very few subscribers are based solely in these networks and current data traffic rates demand for spectrum reuse. However, 2G is far from being obsolete. Telematics applications, smart meters, sensors, credit card transaction processors and the IoT lot demand low-bandwidth connectivity.  IoT needs an inexpensive, ubiquitous and consistent network and 2G is still the most suited technology for it.

2g_iotTherefore, the accelerated growth of intelligent connected devices will bring all the more revenues to mobile operators in the future. Early adopters of M2M and IoT technologies represent the group who will be affect the most by a potential sunset of 2G networks. Migrating their devices to 3G or 4G will be costly and time consuming. What’s more, the IoT business operating in rural areas will scramble to find viable connectivity solutions because 2G is still the most reliable technology in isolated and remote areas.

Furthermore, there are still mobile operators in the Western countries who can’t seem to get enough of their 2G networks. Take operators like EE, Vodafone, O2 and 3 in the UK; these carries are set to keep their 2G deployments up and running as long as there are still plenty of isolated areas which are solely covered by the reliable second generation technology. Ensuring an almost total coverage in the British Isles is only possible with 2G networks. Not to mention the cases in urban areas in which subscribers performing voice calls are moved to 2G when 3G data traffic is more demanding.

An Ovum 2015 report states that in some markets 3G networks are in fact more likely to shut down before 2G ones. Nicole McCormick, a senior analyst at Ovum concluded that: “2G is still an important source of revenue. LTE provides a better mobile broadband experience than 3G, and with VoLTE, LTE can handle the voice responsibilities of 3G. This points to the possibility that operators opt to close their 3G networks before they close 2G.” A relevant example pointing to this line of reasoning is Telenor Norway who decided to safeguard its 2G network for their M2M market and who will discontinue its 3G network by 2020.

It’s safe to assume 2G is here to stay because the world still needs it. From communities in developing countries to the whole IoT and M2M market, there isn’t quite any other communications technology like it.