29-08-2014, 02:02 PM
4GWairless system
Wairless system.DOC (Size: 379 KB / Downloads: 10)
1 Introduction
Consumers demand more from their technology. Whether it be a television, cellular phone, or refrigerator, the latest technology purchase must have new features. With the advent of the Internet, the most-wanted feature is better, faster access to information. Cellular subscribers pay extra on top of their basic bills for such features as instant messaging, stock quotes, and even Internet access right on their phones. But that is far from the limit of features; manufacturers entice customers to buy new phones with photo and even video capability. It is no longer a quantum leap to envision a time when access to all necessary information — the power of a personal computer — sits in the palm of one’s hand. To support such a powerful system, we need pervasive, high-speed wireless connectivity.
A number of technologies currently exist to provide users with high-speed digital wireless connectivity; Bluetooth and 802.11 are examples. These two standards provide very high speed network connections over short distances, typically in the tens of meters. Meanwhile, cellular providers seek to increase speed on their long-range wireless networks. The goal is the same: long-range, high-speed wireless, which for the purposes of this report will be called 4G, for fourth-generation wireless system. Such a system does not yet exist, nor will it exist in today’s market without
standardization. Fourth-generation wireless needs to be standardized throughout the United States due to its enticing advantages to both users and providers.
Economic Impacts
Advantages of 4G
In a fourth-generation wireless system, cellular providers have the opportunity to offer data access to a wide variety of devices. The cellular network would become a data network on which cellular phones could operate — as well as any other data device. Sending data over the cell phone network is a lucrative business. In the information age, access to data is the “killer app” that drives the market. The most telling example is growth of the Internet over the last 10 years. Wireless networks provide a unique twist to this product: mobility. This concept is already beginning a revolution in wireless networking, with instant access to the Internet from anywhere.
Problems with the Current System
One may then wonder why ubiquitous, high-speed wireless is not already available. After all, wireless providers are already moving in the direction of expanding the bandwidth of their cellular networks. Almost all of the major cell phone networks already provide data services beyond that offered in standard cell phones, as illustrated in Table 1
Unfortunately, the current cellular network does not have the available bandwidth necessary to handle data services well. Not only is data transfer slow — at the speed of analog modems — but the bandwidth that is available is not allocated efficiently for data. Data transfer tends to come in bursts rather than in the constant stream of voice data. Cellular providers are continuing to upgrade their networks in order to meet this higher demand by switching to different protocols that allow for faster access speeds and more efficient transfers. These are collectively referred to as third generation, or 3G, services. However, the way in which the companies are developing their networks is problematic — all are currently proceeding in different directions with their technology improvements. Figure 1 illustrates the different technologies that are currently in use, and which technologies the providers plan to use.
Although most technologies are similar, they are not all using the same protocol. In addition, 3G systems still have inherent flaws. They are not well-designed for data; they are improvements on a protocol that was originally designed for voice. Thus, they are inefficient with their use of the available spectrum bandwidth. A data-centered protocol is needed. If one were to create two identical marketplaces in which cellular providers used 3G and 4G respectively, the improvements in 4G would be easy to see.
Speaking on the topic of 3G, one of the worlds leading authorities on mobile communications, William C.Y. Lee, states that 3G would be “a patched up system that could be inefficient”, and it would be best if the industry would leapfrog over 3G wireless technology, and prepare for 4G.
Barriers to Progress
This begs the question: Why are cellular providers not moving to 4G instead of 3G? A marketplace like the cellular industry can be modelled as a game, as seen in Table 2
Nobody makes the conversion to 4G All end up upgrading to 2.5G and 3G services. The upgrades are incremental, and don’t require a complete reworking of the system, so they are fairly cheap — the equipment required is already developed and in mass production in other places in the world.
Everyone makes the conversion to 4G The equipment and technology needed for 4G will be cheap, because of all of the cellular manufacturers investing in it. Cellular providers will market additional services to its customers.
Some of the players make the conversion to 4G Because not all of the players have chosen 4G, the equipment will be more expensive than the second scenario. Even though converters will be able to sell more services to their customers, it will not be enough to cover the higher costs of converting to 4G.
Therefore, if a player chooses the 4G strategy, but nobody else follows suit, that player will be at a significant disadvantage. No cellular provider has incentive to move to 4G unless all providers move to 4G. An outside agent — the national government — must standardize on 4G as the wireless standard for the United States.
Of course, legitimate concerns can be posed to the idea of implementing 4G nationwide. A common concern is the similarity of this proposal to the forced introduction of HDTV in the US, which has (thus far) failed miserably. There are two key differences, however, between 4G and HDTV. The first is the nature of the service providers. There are many small television broadcasters in rural areas whose cost of conversion would be as much as 15 years of revenue. The cellular industry, however, does not have this problem. The players are multi-billion dollar companies, who already have enough capital; continual network upgrades are part of their business plan. Our proposal is simply choosing a direction for their growth.
An often overlooked area of financial liability for cellular providers is in the area of information security. Providers could lose money through fraudulent use of the cellular system or unauthorized disclosure of user information over the airwaves. Both of these cases could be caused by an insecure wireless system. This lesson was learned during the use of the first generation of cellular phones in the United States: If a standard is to be set nationwide, it must be secure.
Wireless Securities
History
The original cellular phone network in the United States was called the Analog Mobile Phone System (AMPS). It was developed by AT&T and launched in 1983. AMPS operated in the 800 MHz range, from 824-849 MHz and 869-894 MHz. The lower band was used for transmissions from the phone to the base station, and the upper band was for the reverse direction. This allows full duplex conversation, which is desirable for voice communications. The bands were divided into 832 sub channels, and each connection required a pair: one each for sending and receiving data. Each sub channel was 30 KHz wide, which yielded voice quality comparable to wired telephones. The sub channels were set up so that every sub channel pair was exactly 45 MHz apart. Several of the channels were reserved exclusively for connection setup and teardown. The base station in a particular cell kept a record of which voice sub channel pairs were in use.
Though usable, this system included a number of security flaws. Because each phone transmitted (like any radio transmitter) in the clear on its own frequency, the phones in this system “were almost comically vulnerable to security attacks”. The crime of service theft plagued cellular service providers, as individuals with radio scanners could “sniff” the cellular frequencies and obtain the phone identification numbers necessary to “clone” a phone. The abuser could then use this cloned phone to make free telephone calls that would be charged to the legitimate user’s account. In an attempt to stem these attacks, service providers worked with Congress to punish such abuse. Congress passed a law in 1998 to make owning a cellular scanner with intent to defraud a federal crime. Unfortunately, punitive legislation was not enough to solve the problem; a new standard was needed. To create a new standard, engineers needed to start anew, examining each part of the current system.
Stakeholders in Wireless Security
In attempting to avoid security problems like those that plagued the first-generation cellular systems, engineers must design security into any new technology it cannot be added as an afterthought. Unfortunately, this is no easy task. Implementing good security requires that security be designed into every aspect of the system; otherwise, a security leak exists. Thus, the following entities must cooperate to create the secure wireless system:
• Government regulator
• Network infrastructure provider
• Wireless service provider
• Wireless equipment provider
Information Security Model
Before seeking to design and implement wireless security, however, one first needs to understand what this elusive concept of security really means. In this case, wireless security is really a combination of wireless channel security (security of the radio transmission) and network security (security of the wired network through which the data flows). These collectively can be referred to as “wireless network security”. But this still does not explain the security aspect. In a digital realm, security almost always means “information security.” Therefore, we can use the information security model proposed by the National Security Telecommunications and Information Systems Security Committee (NSTISSC), as seen in Figure 2: Along the top edge of the cube are the three states information can be in, while the rows on the left side of the cube are the information characteristics that the security policy should provide. The columns on the right side of the cube detail the three broad categories of security measures that can be pursued to protect the information. The cube is thus split into 27 smaller cubes, each of which must be examined for risks and solutions in any extensive security audit. This document, on the other hand, is not meant to contain such an audit, but rather to present the major issues of wireless security, the objectives of future wireless technology, and the security measures needed to reach those goals.
3.4 Wireless Security Issues
Wireless systems face a number of security challenges, one of which comes from interference. As more wireless devices begin to use the same section of electromagnetic spectrum, the possibility of interference increases. This can result in a loss of signal for users. Moreover, an abuser can intentionally mount a denial-of-service attack (lowering availability) by jamming the frequencies used. Iowa State University professor Steve Russell comments that “an RF engineer using $50 worth of readily-available components can build a simple short-range jammer for any of the common microwave frequencies”.
Physical security can pose problems as well. Cellular phones and other handheld devices were designed to be small and mobile, but this also means that they are more likely than other pieces of technology to get lost or stolen, and thieves can easily conceal them. Because of their size, these devices often have extremely limited computing power. This could manifest itself in lower levels in the encryption that protects the information. As encryption is improved in the same device, speed is consequently lowered, as is available bandwidth.
Other software issues can open security holes as well. For example, many handheld wireless devices include the ability to download and run programs, some of which may not be trustworthy. Even the core operating system software may not be secure; engineers may have rushed to release it in order to offer new features in the competitive handheld device market. Perhaps most damaging, the users typically lack awareness that any of these security issues may be present in their wireless handheld device.
These security issues serve as a reminder that designing for security is never a finished process. Every new technology must be analyzed for security issues before it is fully implemented. Even then, one must keep a careful eye on any new issues that may develop.
Security Analysis
Objectives
The first step in analyzing cellular wireless security is to identify the security objectives. These are the goals that the security policy and corresponding technology should achieve. Howard, Walker, and Wright, of the British company Vodafone, created objectives for 3G wireless that are applicable to 4G as well:
• To ensure that information generated by or relating to a user is adequately protected against misuse or misappropriation.
• To ensure that the resources and services provided to users are adequately protected against misuse or misappropriation.
• To ensure that the security features are compatible with world-wide availability...
• To ensure that the security features are adequately standardized to ensure world-wide interoperability and roaming between different providers.
• To ensure that the level of protection afforded to users and providers of services is considered to be better than that provided in contemporary fixed and mobile networks...
• To ensure that the implementation of security features and mechanisms can be extended and enhanced as required by new threats and services.
• To ensure that security features enable new ‘e-commerce’ services and other advanced applications.
These goals will help to direct security efforts, especially when the system is faced with specific threats.
Threats
Because instances of 4G wireless systems currently only exist in a few laboratories, it is difficult to know exactly what security threats may be present in the future. However, one can still extrapolate based on past experience in wired network technology and wireless transmission. For instance, as mobile handheld devices become more complex, new layers of technological abstraction will be added. Thus, while lower layers may be fairly secure, software at a higher layer may introduce vulnerabilities, or vice-versa. Future cellular wireless devices will be known for their software applications, which will provide innovative new features to the user.
Unfortunately, these applications will likely introduce new security holes, leading to more attacks on the application level. Just as attacks over the Internet may currently take advantage of flaws in applications like Internet Explorer, so too may attacks in the future take advantage of popular applications on cellular phones.
In addition, the aforementioned radio jammers may be adapted to use IP technology to masquerade as legitimate network devices. However, this would be an extremely complex endeavor. The greatest risk comes from the application layer, either from faulty applications themselves or viruses downloaded from the network.
Security Architecture
The above topics merely comprise a brief overview of some of the issues involved in wireless handheld device security. They by no means define a complete security solution for 4G wireless security. Rather, these topics serve as examples of some of the more prominent security problems that currently exist or may exist in future wireless systems. A more thorough security analysis is needed before a 4G wireless system can be implemented. This should lead to a 4G security architecture that is:
Complete The architecture should address all threats to the security objectives. Unfortunately, it may be difficult to avoid missing some features when there are so many independent parts of the 4G system.
Efficient Security functionality duplication should be kept to a minimum. Again, this may be difficult given the number of independent functions.
Effective Security features should achieve their purpose. However, some security features may open up new security holes.
Extensible Security should be upgradeable in a systematic way.
User-friendly End users should have to learn as little about security as possible. Security should be transparent to the user; when interaction must be involved; it should be easy to understand.
These objectives were taken into account when the current generation of cellular technology was designed. This generation, referred to as 2G, has worked well; though it is showing its age, it is still in use.
Current Technologies
Most modern cellular phones are based on one of two transmission technologies: time-division multiple access (TDMA) or code-division multiple access (CDMA). These two technologies are collectively referred to as second-generation or 2G. Both systems make eavesdropping more difficult by digitally encoding the voice data and compressing it, then splitting up the resulting data into chunks upon transmission.
TDMA
TDMA, or Time Division Multiple Access, is a technique for dividing the time domain up into sub channels for use by multiple devices. Each device gets a single time slot in a procession of devices on the network, as seen in Figure 3. During that particular time slot, one device is allowed to utilize the entire bandwidth of the spectrum, and every other device is in the quiescent state.
The time is divided into frames in which each device on the network gets one timeslot. There are n timeslots in each frame, one each for n devices on the network. In practice, every device gets a timeslot in every frame. This makes the frame setup simpler and more efficient because there is no time wasted on setting up the order of transmission. This has the negative side effect of wasting bandwidth and capacity on devices that have nothing to send.
One optimization that makes TDMA much more efficient is the addition of a registration period at the beginning of the frame. During this period, each device indicates how much data it has to send. Through this registration period, devices with nothing to send waste no time by having a timeslot allocated to them, and devices with lots of pending data can have extra time with which to send it. This is called ETDMA (Extended TDMA) and can increase the efficiency of TDMA to ten times the capacity of the original analog cellular phone network.
CDMA
CDMA, or Code Division Multiple Access, allows every device in a cell to transmit over the entire bandwidth at all times. Each mobile device has a unique and orthogonal code that is used to encode and recover the signal. The mobile phone digitizes the voice data as it is received, and encodes the data with the unique code for that phone. This is accomplished by taking each bit of the signal and multiplying it by all bits in the unique code for the phone. Thus, one data bit is transformed into a sequence of bits of the same length as the code for the mobile phone. This makes it possible to combine with other signals on the same frequency range and still recover the original signal from an arbitrary mobile phone as long as the code for that phone is known. Once encoded, the data is modulated for transmission over the bandwidth
CONCLUSION
Consumers demand that software and hardware be user-friendly and perform well. Indeed, it seems part of our culture that customers expect the highest quality and the greatest features from what they buy. The cellular telephone industry, which now includes a myriad of wireless devices, is no exception.
Meanwhile, competition in the industry is heating up. Providers are slashing prices while scrambling for the needed infrastructure to provide the latest features as incentives, often turning to various 3G solutions. Unfortunately, this will only serve to bewilder customers in an already confusing market.
Customers want the features delivered to them, simple and straightforward. Wireless providers want to make money in a cutthroat industry. If the U.S. government wants to help, the best way to help all parties is to enforce 4G as the next wireless standard. The software that consumers desire is already in wide use. The transmission hardware to take it wireless is ready to go. And we have the security practices to make sure it all works safely. The government need only push in the right direction; the FCC need only standardize 4G in order to make the transition economically viable for all involved.
This is a need that demands a solution. Today’s wired society is going wireless, and it has a problem. 4G is the answer.