Documente Academic
Documente Profesional
Documente Cultură
Chapter Six
A cellular network or mobile network is a communication network where the last link is
wireless. A cellular network is a radio network distributed over land through cells where each
cell includes a fixed location transceiver known as base station. These cells together provide
radio coverage over larger geographical areas. User equipment (UE), such as mobile phones, is
therefore able to communicate even if the equipment is moving through cells during
transmission.
Cellular networks give subscribers advanced features over alternative solutions, including
increased capacity, small battery power usage, a larger geographical coverage area and reduced
interference from other signals. Popular cellular technologies include the Global System for
Mobile Communication, general packet radio service, 3GSM and code division multiple access.
Cells in a Network
What’s interesting about mobile phone networks is their cellular design. (Hence the terms
“cellular network” and “cellular phone.”) It means that a mobile phone network is divided into
thousands of overlapping geographic areas, known as cells. A typical cellular network can be
envisioned as a mesh of hexagonal cells, as shown in Figure 6.1, each with its own base station
at the center. The cells slightly overlap at the edges to ensure that users always remain within
range of a base station. (You don’t want a dropped call when you’re driving between base
stations.)
Page 1 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
The cells in a cellular network vary in size, depending on how many calls are conducted within
that geographic area. The smallest cells, which might cover only a few city blocks, are those
where there’s the heaviest population density, and thus the largest demand for service. The
largest cells are most often in rural areas with a smaller population per square mile.
The different types of cells are given different names according to their size and function:
Macro cells: Macro cells are large cells that are usually used for remote or sparsely
populated areas. These may be 10 km or possibly more in diameter.
Micro cells: Micro cells are those that are normally found in densely populated areas
which may have a diameter of around 1 km.
Pico cells: Pico cells are generally used for covering very small areas such as particular
areas of buildings, or possibly tunnels where coverage from a larger cell in the cellular
system is not possible. Obviously for the small cells, the power levels used by the base
stations are much lower and the antennas are not position to cover wide areas. In this way
the coverage is minimized and the interference to adjacent cells is reduced.
Selective cells: Sometimes cells termed selective cells may be used where full 360
degree coverage is not required. They may be used to fill in a hole in the coverage in the
cellular system, or to address a problem such as the entrance to a tunnel etc.
Umbrella cells: Another type of cells known as an umbrella cell is sometimes used in
instances such as those where a heavily used road crosses an area where there are
microcells. Under normal circumstances this would result in a large number of handovers
as people driving along the road would quickly cross the microcells. An umbrella cell
would take in the coverage of the microcells (but use different channels to those allocated
to the microcells). However it would enable those people moving along the road to be
handled by the umbrella cell and experience fewer handovers than if they had to pass
from one microcell to the next.
The base station at the center of each group of cells functions as the hub for those cells—not of
the entire network, but of that individual piece of the network. RF signals are transmitted by an
individual phone and received by the base station, where they are then re-transmitted from the
base station to another mobile phone. Transmitting and receiving are done over two slightly
different frequencies.
Base stations are connected to one another via central switching centers which track calls and
transfer them from one base station to another as callers move between cells; the handoff is
(ideally) seamless and unnoticeable. Each base station is also connected to the main telephone
network, and can thus relay mobile calls to landline phones.
Page 2 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Frequency reuse
The key characteristic of a cellular network is the ability to re-use frequencies to increase both
coverage and capacity. As shown above, adjacent cells must use different frequencies; however
there is no problem with two cells sufficiently far apart operating on the same frequency. The
elements that determine frequency reuse are the reuse distance and the reuse factor.
The reuse distance, D is calculated as:
Where R is the cell radius and N is the number of cells per cluster. Cells may vary in radius from
1 to 30 kilometers. The boundaries of the cells can also overlap between adjacent cells and large
cells can be divided into smaller cells.
The frequency reuse factor is the rate at which the same frequency can be used in the network. It
is 1/K (or K according to some books) where K is the number of cells which cannot use the same
frequencies for transmission. Common values for the frequency reuse factor are 1/3, 1/4, 1/7, 1/9
and 1/12 (or 3, 4, 7, 9 and 12 depending on notation).
Page 3 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
There are two different sizes available, a credit card size and a small size that is of the
size of the chip that is on most credit cards. Nearly all phones use the small version.
The use of a SIM can be guarded with a PIN code from 4 to 8 digits. If 4 times the wrong PIN
code is typed, the SIM will be blocked. To unblock the SIM the PUK (PIN Unblocking Key) is
needed. This is an 8 digit code that is known by the authorized user and given by the service
provider.
Page 4 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Roaming
Roaming is the ability for a customer of mobile communications to automatically make and
receive telephone calls, send and receive data, or access other services while travelling outside
the geographical coverage area of the home network, by means of using a network of another
operator.
Roaming can be either national roaming or international roaming. National roaming means that
mobile subscribers make use of another network in geographical areas where their own operator
does not have coverage. This is e.g. used by operators who do not have complete coverage in a
country. International roaming is used when mobile subscribers travel abroad and make use of
the network of an operator in the foreign country
Page 5 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Forward Voice Channel (FVC): This channel is used for the voice transmission from the BS
to the MS.
Reverse Voice Channel (RVC): This is used for the voice transmission from the MS to the
BS.
Forward Control Channel (FCC): Control channels are generally used for controlling the
activity of the call, i.e., they are used for setting up calls and to divert the call to unused voice
channels. Hence these are also called setup channels. These channels transmit and receive call
initiation and service request messages. The FCC is used for control signaling purpose from the BS
to MS.
Reverse Control Channel (RCC): This is used for the call control purpose from the MS to the
BS. Control channels are usually monitored by mobiles.
Making a Call
When a mobile is idle, i.e., it is not experiencing the process of a call, then it searches all the
FCCs to determine the one with the highest signal strength. The mobile then monitors this
particular FCC. However, when the signal strength falls below a particular threshold
that is insufficient for a call to take place, the mobile again searches all the FCCs for the
one with the highest signal strength. For a particular country or continent, the control
channels will be the same. So all mobiles in that country or continent will search among
the same set of control channels. However, when a mobile moves to a different country or
continent, then the control channels for that particular location will be different and
hence the mobile will not work.
Each mobile has a mobile identification number ( MIN). When a user wants to make a call,
the user sends a call request to the MSC on the reverse control channel. The user also
sends the MIN of the person to whom the call has to be made. The MSC then sends this
MIN to all the base stations. The base station transmits this MIN and all the mobiles within
the coverage area of that base station receive the MIN and match it with their own. If the
MIN matches with a particular MS, that mobile sends an acknowledgment to the BS. The
BS then informs the MSC that the mobile is within its coverage area. The MSC then
instructs the base station to access specific unused voice channel pair. The base station then
sends a message to the mobile to move to the particular channels and it also sends a signal
to the mobile for ringing.
Page 6 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
In order to maintain the quality of the call, the MSC adjusts the transmitted power of
the mobile which is usually expressed in dB or dBm. When a mobile moves from the
coverage area of one base station to the coverage area of another base station i.e., from
one cell to another cell, then the signal strength of the initial base station may not be
sufficient to continue the call in progress. So the call has to be transferred to the other base
station. This is called handoff. In such cases, in order to maintain the call, the MSC
transfers the call to one of the unused voice channels of the new base station or it
transfers the control of the current voice channels to the new base station.
Authentication
Authentication is the process of proving that people and organizations are who or what they
claim to be. For wireless networks, this is often done at two layers: the network layer and the
application layer. The network requires the user to be authenticated before that person is granted
Page 7 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
access. This can be done implicitly, based on the device or modem being used, or explicitly,
using a variety of mechanisms. At the application layer, authentication is important at two levels:
the client and the enterprise server. To gain access to enterprise data, the client has to prove to
the server that it is what it says it is. At the same time, before a client allows an outside server to
connect to it—for example, to push some content—the server has to authenticate itself to the
client application. The simplest, and probably least secure, method of authentication is a
username/password combination. More advanced methods include digital certificates or digital
signatures.
Data Integrity
Data integrity is assurance that the data in question has not been altered or corrupted in any way
during the transmission from the sender to the receiver. This can be accomplished by using data
encryption in combination with a cryptographic checksum or Message Authentication Code
(MAC). This information is encoded into the message itself by applying an algorithm to the
message. When recipients receive the message, they compute the MAC and compare it with the
MAC encoded in the message to see if the codes are the same. If they are, recipients can be
confident that the message has not been tampered with. If the codes are different, recipients can
discard the data as inaccurate.
Confidentiality
Confidentiality is one of the most important aspects of security, and certainly the most talked
about. Confidentiality is about maintaining data privacy, making sure it cannot be viewed by
unwanted parties. Most often, when people are worried about the security of a system, they are
concerned that sensitive information, such as a credit card number or health records, can be
viewed by parties with malicious intent. The most common way of preventing this intrusion is by
encrypting the data.
Authorization
Authorization is the process of determining the user's level of access—whether a user has the
right to perform certain actions. Authorization is often closely tied to authentication. Once a user
is authenticated, the system can determine what that party is permitted to do. Access control lists
(ACLs) are often used to help determine this. For example, all users may have read-only access
to a set of data, while the administrator, or another trusted source, may also have write access to
the data.
Page 8 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Non repudiation
Non repudiation is about making parties accountable for transactions in which they have
participated. It involves identifying the parties in such a way that they cannot at a later time deny
their involvement in the transaction. In essence, it means that both the sender and the recipient of
a message can prove to a third party that the sender did indeed send the message and the
recipient received the identical message. To accomplish this, each transaction has to be signed
with a digital signature that can be verified and time-stamped by a trusted third party.
Note To simplify terminology, any access to data or systems through a security hole will be
considered unauthorized access.
Spoofing
Spoofing is the attempt by a party to gain unauthorized access to an application or system by
pretending to be someone he or she is not. If the spoofer gains access, he or she can then create
fake responses to messages in an attempt to gain further knowledge and access to other parts of
the system. Spoofing is a major problem for Internet security, hence, wireless Internet security
because a spoofer can make application users believe that they are communicating with a trusted
source, such as their bank, when in reality they are communicating with an attacker machine.
Unknowingly, users often provide additional information that is useful to the attacker to gain
access to other parts and other users of the system.
The process of sniffing, described next, is often used in conjunction with spoofing to get enough
information to access the system in the first place. For this reason, implementing both
authentication and encryption is required to combat spoofing.
Sniffing
Sniffing is a technique used to monitor data flow on a network. While sniffing can be used for
proper purposes, it is more commonly associated with the unauthorized copying of network data.
In this sense, sniffing is essentially electronic eavesdropping. By "listening" to network data,
unauthorized parties are able to obtain sensitive information that will allow them to do further
Page 9 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
damage to the application users, the enterprise systems, or both. Sniffing is dangerous because it
is both simple to do and difficult to detect. Moreover, sniffing tools are easy to obtain and
configure.
Tampering
Data tampering, also called an integrity threat, involves the malicious modification of data from
its original form. Very often this involves intercepting a data transmission, although it also can
happen to data stored on a server or client device. The modified data is then passed off as the
original. Employing data encryption, authentication, and authorization are ways to combat data
tampering.
Theft
Device theft is a problem inherent in mobile computing. Not only do you lose the device itself
but also any confidential data that may reside on this device. This can be a serious threat for
smart client applications, as they contain persistent data, often confidential in nature. For this
reason, you should follow these rules when it comes to securing mobile devices:
Lock down devices with a username/password combination to prevent easy access.
Require authentication to access any applications residing on the device.
Do not store passwords on the device.
Encrypt any persistent data storage facilities.
Enforce corporate security policies for mobile users.
Authentication and encryption, along with a security policy, are required to help prevent
malicious data access from a lost or stolen device. Fortunately, this is not as serious a problem
for wireless Internet applications, as they rarely store data outside of the browser's cache.
Cryptography
The basic objective of cryptography is to allow two parties to communicate over an insecure
channel without a third party being able to understand what is being transmitted. This capability
is one of the core requirements of a secure environment, as it deals with all aspects of secure data
Page 10 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
transfer, including authentication, digital signatures, and encryption. On the face of it,
cryptography is a simple concept, but it is actually quite complex, especially for large-scale
mobile implementations.
Finally, on top of the protocol are the applications. Once again, a strong protocol does not
guarantee strong security, as the application itself may lead to further problems. Thus, in order to
create a secure solution, a strong protocol is required, as well as a good, robust application
implementation.
Data Encryption
The core of any cryptographic system is encryption, the process of taking a regular set of data,
called plaintext, and converting it into an unreadable form, called ciphertext. Encryption allows
you to maintain the privacy of sensitive data, even when accessed by unauthorized users. The
only way the data can be read is by transforming it back to its original form using a process
called decryption. The method of encryption and decryption is called an algorithm or cipher.
Figure 6.3.3.1 demonstrates the concept of encryption. As the message is transported over an
insecure public channel, it is encrypted, preventing anyone eavesdropping on the line from being
able to understand the data being sent.
Page 11 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Digital Certificates
Digital certificates provide a way to guarantee that a public key belongs to the party it represents.
For this to be successful, the certificate itself also has to be verified to ensure that it represents
the claimed entity (a person or organization). This is accomplished using a trusted third party
called a certificate authority (CA). Digital certificates typically contain the following:
The name of the holder, as well as other information that uniquely identifies the holder. Additional
information can include the URL of a Web server using the certificate or an email address.
The holder's public key.
The name of the CA that issued the certificate.
The lifetime that the certificate if valid for (usually a start and end date).
A digital signature from the CA to make it easy to detect if the transmission has been tampered with.
Certified users also have the option of self-signing a digital certificate, thereby becoming a CA
themselves. This additional party can be considered trustworthy if he or she was signed by
another trusted key. In this way, you can continue to navigate to the root CA, thereby
determining who provided the initial certificate. If the root CA is not recognized or trusted, then
each certificate in the chain is considered invalid.
Digital Signatures
Digital signatures are used to verify that a message really came from the claimed sender. It is
based upon the notion that only the creator of the signature has the private key and that it can be
verified using a corresponding public key.
Page 12 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
Leading Protocols
The following are some leading protocols that are used for secure data transmission.
Secure Sockets Layer (SSL): SSL is the dominant security protocol being used on the Internet today. It
was developed by Netscape to provide secure and private Internet sessions, typically on top of HTTP,
although it can also be used over FTP and other relevant protocols.
Transport Layer Security (TLS): Transport Layer Security (TLS) is the next generation of SSL. The
overall goals of TLS include cryptographic security, interoperability, and extensibility.
Wireless Transport Layer Security (WTLS): WTLS is the security layer defined in the WAP specification.
It operates above the Transport Protocol Layer, making it suitable for a variety of underlying wireless
protocols.
IP Security (IPSec): IPSec is different from the other protocols in that it does not operate on the
application layer. Whereas SSL, TLS, and WTLS are aimed at providing secure communications over an
inherently insecure network, IPSec is aimed at making the Internet itself secure. It does this by providing
authentication, integrity, and privacy services at the IP datagram layer. While it is mainly targeted at laptop
clients in the mobile space, IPSec-based virtual private network (VPN) products are starting to emerge for
PDAs as well (see the upcoming section for more on VPNs). IPSec will become a more prominent solution
when mobile devices start to support IP6, which includes IPSec as part of the standard. It is important to
know that IPSec supports TCP/IP, not WAP.
Firewalls
Firewalls are the most common form of security implemented within organizations. They
establish a network perimeter between what is public and what is private. A firewall is a set of
software programs, usually located on a separate gateway server that restricts access to the
private network resources from users on other networks. As soon as an enterprise installs Internet
access to its site, a firewall is required to protect its own resources and, sometimes, to control
outside resources to which its own users have access.
At a lower level, a firewall will examine each packet of network data to determine whether it
should be forwarded to its destination. Where outside access is permitted as in the case of a Web
server, the firewall will allow outside traffic through the firewall on a specified port, for
communication with a specified application. In this case, it would permit access from all outside
users. At times, however, access from outside the firewall will be restricted to only known users,
usually based on their IP addresses. This is used when a finite number of known users require
access to a system.
Page 13 of 14 DMU IT
Wireless Networking & Mobile Computing(ITec3041) Chapter Six Mobile Network
VPN technology is currently being used to help overcome the wireless LAN security problems
by providing a direct link through a WLAN past the corporate firewall. The drawbacks of this
configuration are cost and the inability to roam between WLAN access points. Mobile VPNs for
devices on public networks are still in the early phases of adoption.
Two-Factor Authentication
For some purposes, usually dealing with financial transactions, strong authentication is required.
This involves using a two-factor approach, where users have to apply two factors to authenticate
themselves. One factor is usually something the user knows, such as a PIN number; the other is
something the user has, such a token card to generate a one-time password. This combination
makes it much more difficult for unauthorized users to gain to access the system.
Smart client applications inherently provide a form of two-factor authentication: First you must
have the device to access the application; second, you must authenticate yourself to gain access
to the application, as well as to any back-end system to which it connects.
Biometrics
Biometrics provides a wide range of techniques for authenticating an individual based on his or
her unique physical characteristics. Such techniques include fingerprint identification, face
recognition, voice recognition, or iris and retina scanning. Using biometric techniques, you can
ensure that the identification token is indeed unique. While this use of biometrics does improve
security, this type of authentication does have some drawbacks. Many of these systems are
somewhat intrusive and therefore not widely accepted by users. Also, the reliability of these
technologies varies and so can lead to what's called "false refusal." That said, biometric systems
are growing in popularity due to increased security concerns among all users.
Security Policy
The final, and often most important, security measure is the adoption of a corporate security
policy. Such a policy will outline all aspects of a corporation's security measures, including both
technology and the use and disclosure of confidential information within the enterprise. Even if a
corporation has implemented a very strong technical security solution, the overall system will
still be insecure if its users do not follow corporate security guidelines.
Page 14 of 14 DMU IT