Sponsored Links
-->

Wednesday, January 24, 2018

Femtocells: The $250 device that lets hackers take over your phone ...
src: s3.amazonaws.com

In telecommunications, a femtocell is a small, low-power cellular base station, typically designed for use in a home or small business. A broader term which is more widespread in the industry is small cell, with femtocell as a subset. It is also called femto AccessPoint (AP). It connects to the service provider's network via broadband (such as DSL or cable); current designs typically support four to eight simultaneously active mobile phones in a residential setting depending on version number and femtocell hardware, and eight to sixteen mobile phones in enterprise settings. A femtocell allows service providers to extend service coverage indoors or at the cell edge, especially where access would otherwise be limited or unavailable. Although much attention is focused on WCDMA, the concept is applicable to all standards, including GSM, CDMA2000, TD-SCDMA, WiMAX and LTE solutions.

Use of femtocells benefits both the mobile operator and the consumer. For a mobile operator, the attractions of a femtocell are improvements to both coverage, especially indoors, and capacity. Coverage is improved because femtocells can fill in the gaps and eliminate loss of signal through buildings. Capacity is improved by a reduction in the number of phones attempting to use the main network cells and by the off-load of traffic through the user's network (via the internet) to the operator's infrastructure. Instead of using the operator's private network (microwave links, etc.), the internet is used. Because 3G networks breathe, offloading to femtocells extends a networks physical coverage distance from each tower.

Consumers and small businesses benefit from greatly improved coverage and signal strength since they have a de facto base station inside their premises. As a result of being relatively close to the femtocell, the mobile phone (user equipment) expends significantly less power for communication with it, thus increasing battery life. They may also get better voice quality via (HD voice) depending on a number of factors such as operator/network support, customer contract/price plan, phone and operating system support. Some carriers may also offer more attractive tariffs, for example discounted calls from home.

Femtocells are an alternative way to deliver the benefits of fixed-mobile convergence (FMC). The distinction is that most FMC architectures require a new dual-mode handset which works with existing unlicensed spectrum home/enterprise wireless access points, while a femtocell-based deployment will work with existing handsets but requires the installation of a new access point that uses licensed spectrum.

Many operators worldwide offer a femtocell service, mainly targeted at businesses but also offered to individual customers (often for a one-off fee) when they complain to the operator regarding a poor or non-existent signal at their location. Operators who have launched a femtocell service include SFR, AT&T, Sprint Nextel, Verizon, Zain, Mobile TeleSystems, T-Mobile US, Orange, Vodafone, EE, O2, Three, and others.

In 3GPP terminology, a Home NodeB (HNB) is a 3G femtocell. A Home eNodeB (HeNB) is an LTE 4G femtocell.

Theoretically the range of a standard base station may be up to 35 kilometres (22 mi), and in practice could be 5-10km (3-6 mi), a microcell is less than two kilometers wide, a picocell is 200 meters or less, and a femtocell is in the order of 10 meters, although AT&T calls its product, with a range of 40 feet (12 m), a "microcell". AT&T uses "AT&T 3G MicroCell" as a trade mark and not necessarily the "microcell" technology, however.


Video Femtocell



Overview and benefits

Operating mode

Femtocells are sold or loaned by a mobile network operator (MNO) to its residential or enterprise customers. A femtocell is typically the size of a residential gateway or smaller, and connects to the user's broadband line. Integrated femtocells (which include both a DSL router and femtocell) also exist. Once plugged in, the femtocell connects to the MNO's mobile network, and provides extra coverage. From a user's perspective, it is plug and play, there is no specific installation or technical knowledge required--anyone can install a femtocell at home.

In most cases, the user must then declare which mobile phone numbers are allowed to connect to his femtocell, usually via a web interface provided by the MNO. This needs to be done only once. When these mobile phones arrive under coverage of the femtocell, they switch over from the macrocell (outdoor) to the femtocell automatically. Most MNOs provide a way for the user to know this has happened, for example by having a different network name appear on the mobile phone. All communications will then automatically go through the femtocell. When the user leaves the femtocell coverage (whether in a call or not) area, his phone hands over seamlessly to the macro network. Femtocells require specific hardware, so existing WiFi or DSL routers cannot be upgraded to a femtocell.

Once installed in a specific location, most femtocells have protection mechanisms so that a location change will be reported to the MNO. Whether the MNO allows femtocells to operate in a different location depends on the MNO's policy. International location change of a femtocell is not permitted because the femtocell transmits licensed frequencies which belong to different network operators in different countries.

Benefits for users

The main benefits for an end user are the following:

  • "5 bar" coverage when there is no existing signal or poor coverage
  • Higher mobile data capacity, which is important if the end-user makes use of mobile data on his or her mobile phone (may not be relevant to a large number of subscribers who instead use WiFi where femtocell is located)
  • Depending on the pricing policy of the MNO, special tariffs at home can be applied for calls placed under femtocell coverage
  • For enterprise users, having femtos instead of DECT ("cordless" home) phones enables them to have a single phone, so a single contact list, etc.
  • Improved battery life for mobile devices due to reduced transmitter-receiver distance
  • The battery draining issue of mobile operators can be eliminated by means of energy efficiency of the networks resulting in prolongation of the battery life of handsets

Femtocells can be used to give coverage in rural areas.


Maps Femtocell



Standardised architectures

i

The standards bodies have published formal specifications for femtocells for the most popular technologies, namely WCDMA, CDMA2000, LTE and WiMAX. These all broadly conform to an architecture with three major elements:

  1. The femtocell access points themselves, which embody greater network functionality than found in macrocell basestations, such as the radio resource control functions. This allows much greater autonomy within the femtocell, enabling self-configuration and self-optimisation. Femtocells are connected using broadband IP, such as DSL or cable modems, to the network operator's core switching centres.
  2. The femtocell gateway, comprising a security gateway that terminates large numbers of encrypted IP data connections from hundreds of thousands of femtocells, and a signalling gateway which aggregates and validates the signalling traffic, authenticates each femtocell and interfaces with the mobile network core switches using standard protocols, such as Luh.
  3. The management and operational system which allows software updates and diagnostic checks to be administered. These typically use the same TR-069 management protocol published by the Broadband Forum and also used for administration of residential modems.

The key interface in these architectures is that between the femtocell access points and the femtocell gateway. Standardisation enables a wider choice of femtocell products to be used with any gateway, increasing competitive pressure and driving costs down. For the common WCDMA femtocells, this is defined as the Luh interface. In the Luh architecture, the femtocell gateway sits between the femtocell and the core network and performs the necessary translations to ensure the femtocells appear as a radio network controller to existing mobile switching centres (MSCs). Each femtocell talks to the femtocell gateway and femtocell gateways talk to the Core Network Elements (CNE) (MSC for circuit-switched calls, SGSN for packet-switched calls). This model was proposed by 3GPP and the Femto Forum. New protocols (HNBAP [Home Node B Application Part] and RUA [RANAP User Adaptation]) have been derived; HNBAP is used for the control signaling between the HNB and HNB-GW while RUA is a lightweight mechanism to replace the SCCP and M3UA protocols in the RNC; its primary function is transparent transfer of RANAP messages.

In March 2010, the Femto Forum and ETSI conducted the first Plugfest to promote interoperability of the Luh standard.

The CDMA2000 standard released in March 2010 differs slightly by adopting the Session Initiation Protocol (SIP) to set up a connection between the femtocell and a femtocell convergence server (FCS). Voice calls are routed through the FCS which emulates an MSC. SIP is not required or used by the mobile device itself. In the SIP architecture, the femtocell connects to a core network of the mobile operator that is based on the SIP/IMS architecture. This is achieved by having the femtocells behave toward the SIP/IMS network like a SIP/IMS client by converting the circuit-switched 3G signaling to SIP/IMS signaling, and by transporting the voice traffic over RTP as defined in the IETF standards.


The 3G4G Blog: Femtocell configuration via TR-069
src: 1.bp.blogspot.com


Air interfaces

Although much of the commercial focus seems to have been on the Universal Mobile Telecommunications System (UMTS), the concept is equally applicable to all air-interfaces. Indeed, the first commercial deployment was the cdma2000 Airave in 2007 by Sprint.

Femtocells are also under development or commercially available for GSM, TD-SCDMA, WiMAX and LTE.

The H(e)NB functionality and interfaces are basically the same as for regular High Speed Packet Access (HSPA) or LTE base stations except few additional functions. The differences are mostly to support differences in access control to support closed access for residential deployment or open access for enterprise deployment, as well as handover functionality for active subscribers and cell selection procedures for idle subscribers. For LTE additional functionality was added in 3GPP Release 9 which is summarized in.


Femtocells รข€
src: www.profheath.org


Issues

Interference

The placement of a femtocell has a critical effect on the performance of the wider network, and this is the key issue to be addressed for successful deployment. Because femtocells can use the same frequency bands as the conventional cellular network, there has been the worry that rather than improving the situation they could potentially cause problems.

Femtocells incorporate interference mitigation techniques--detecting macrocells, adjusting power and scrambling codes accordingly. Ralph de la Vega, AT&T President, reported in June 2011 they recommended against using femtocells where signal strength was middle or strong because of interference problems they discovered after widescale deployment. This differs from previous opinions expressed by AT&T and others.

A good example is the comments made by Gordon Mansfield, Executive Director of RAN Delivery, AT&T, speaking at the Femtozone at CTIA March 2010:

"We have deployed femtocells co-carrier with both the hopping channels for GSM macrocells and with UMTS macrocells. Interference isn't a problem. We have tested femtocells extensively in real customer deployments of many thousands of femtocells, and we find that the mitigation techniques implemented successfully minimise and avoid interference. The more femtocells you deploy, the more uplink interference is reduced."

The Femto Forum has some extensive reports on this subject, which have been produced together with 3GPP and 3GPP2.

To quote from the Summary Paper -- Summary of Findings:

The simulations performed in the Femto Forum WG2 and 3GPP RAN4 encompass a wide spectrum of possible deployment scenarios including shared channel and dedicated channel deployments. In addition, the studies looked at the impact in different morphologies, as well as in closed versus open access. The following are broad conclusions from the studies:

1. When femtocells are used in areas of poor or no coverage, macro/femto interference is unlikely to be a problem.
2. If the femto network is sharing the channel (co-channel) with the macro network, interference can occur. However, if the interference management techniques advocated by the Femto Forum are adopted, the resulting interference can be mitigated in most cases.
3. A femtocell network deployed on an adjacent dedicated channel is unlikely to create interference to a macro network. Additionally, the impact of a macro network on the performance of a femtocell on an adjacent channel is limited to isolated cases. If the interference mitigation techniques advocated by the Femto Forum are used, the impact is further marginalised.
4. Closed access represents the worst-case scenario for creation of interference. Open access reduces the chances of User Equipment (mobile phone handsets, 3G data dongles, etc.) on the macro network interfering with a proximate femtocell.
5. The same conclusions were reached for both the 850 MHz (3GPP Band 17) and 2100 MHz (3GPP Band 1) deployments that were studied.

The conclusions are common to the 850 MHz and 2100 MHz bands that were simulated in the studies, and can be extrapolated to other mobile bands. With interference mitigation techniques successfully implemented, simulations show that femtocell deployments can enable very high capacity networks by providing between a 10 and 100 times increase in capacity with minimal deadzone impact and acceptable noise rise.

Femtocells can also create a much better user experience by enabling substantially higher data rates than can be obtained with a macro network and net throughputs that will be ultimately limited by backhaul in most cases (over 20 Mbps in 5 MHz).

Lawful interception

Access point base stations, in common with all other public communications systems, are, in most countries, required to comply with lawful interception requirements.

Equipment location

Other regulatory issues relate to the requirement in most countries for the operator of a network to be able to show exactly where each base-station is located, and for E911 requirements to provide the registered location of the equipment to the emergency services. There are issues in this regard for access point base stations sold to consumers for home installation, for example. Further, a consumer might try to carry his base station with him to a country where it is not licensed. Some manufacturers are using GPS within the equipment to lock the femtocell when it is moved to a different country; this approach is disputed, as GPS is often unable to obtain position indoors because of weak signal.

Emergency calls

Access Point Base Stations are also required, since carrying voice calls, to provide a 911 (or 999, 112, etc.) emergency service, as is the case for VoIP phone providers in some jurisdictions. This service must meet the same requirements for availability as current wired telephone systems. Simply the phones must work if the AC mains grid is blacked out. There are several ways to achieve this, such as alternative power sources or fall-back to existing telephone infrastructure.

Quality of service

When using an Ethernet or ADSL home backhaul connection, an Access Point Base Station must either share the backhaul bandwidth with other services, such as Internet browsing, gaming consoles, set-top boxes and triple-play equipment in general, or alternatively directly replace these functions within an integrated unit. In shared-bandwidth approaches, which are the majority of designs currently being developed, the effect on quality of service may be an issue.

The uptake of femtocell services will depend on the reliability and quality of both the cellular operator's network and the third-party broadband connection, and the broadband connection's subscriber understanding the concept of bandwidth utilization by different applications a subscriber may use. When things go wrong, subscribers will turn to cellular operators for support even if the root cause of the problem lies with the broadband connection to the home or workplace. Hence, the effects of any third-party ISP broadband network issues or traffic management policies need to be very closely monitored and the ramifications quickly communicated to subscribers.

A key issue recently identified is active traffic shaping by many ISPs on the underlying transport protocol IPSec.

Spectrum accuracy

To meet Federal Communications Commission (FCC) / Ofcom spectrum mask requirements, femtocells must generate the radio frequency signal with a high degree of precision. To do this over a long period of time is a major technical challenge. The solution to this problem is to use an external, accurate signal to constantly calibrate the oscillator to ensure it maintains its accuracy. This is not simple (broadband backhaul introduces issues of network jitter/wander and recovered clock accuracy), but technologies such as the IEEE 1588 time synchronisation standard may address the issue. Also, Network Time Protocol (NTP) is being pursued by some developers as a possible solution to provide frequency stability. Conventional (macrocell) base stations often use GPS timing for synchronization and this could be used, although there are concerns on cost and the difficulty of ensuring good GPS coverage.

Standards bodies have recognized the challenge of this and the implications on device cost. For example, 3GPP has relaxed the 50ppb parts per billion precision to 100ppb for indoor base stations in Release 6 and a further loosening to 250ppb for Home Node B in Release 8.

Security

At the 2013 Black Hat hacker conference in Las Vegas, NV, a pair of security researchers detailed their ability to use a Verizon femtocell to secretly intercept the voice calls, data, and SMS text messages of any handset that connects to the device.

During a demonstration of their exploit, they showed how they could begin recording audio from a cell phone even before the call began. The recording included both sides of the conversation. They also demonstrated how it could trick Apple's iMessage - which encrypts texts sent over its network using SSL, rendering them unreadable to snoopers, to SMS, allowing the femtocell to intercept the messages.

They also demonstrated it was possible to "clone" a cell phone that runs on a CDMA network by remotely collecting its device ID number through the femtocell, in spite of added security measures to prevent against cloning of CDMA phones.


hackers from iSEC hear, see smartphone content
src: 3c1703fe8d.site.internapcdn.net


Controversy on consumer proposition

The impact of a femtocell is most often to improve cellular coverage, without the cellular carrier needing to improve their infrastructure (cell towers, etc.). This is net gain for the cellular carrier. However, the user must provide and pay for an internet connection to route the femtocell traffic, and then (usually) pay an additional one-off or monthly fee to the cellular carrier. Some have objected to the idea that consumers are being asked to pay to help relieve network shortcomings. On the other hand, residential femtocells normally provide a 'personal cell' which provides benefits only to the owner's family and friends.

The difference is also that while mobile coverage is provided through subscriptions from an operator with one business model, a fixed fibre or cable may work with a completely different business model. For example, mobile operators may imply restrictions on services which an operator on a fixed may not. Also, WiFi connects to a local network such as home servers and media players. This network should possibly not be within reach of the mobile operator.


Downlink interference minimization in cooperative cognitive LTE ...
src: media.springernature.com


Deployment

According to market research firm Informa and the Femto Forum, as of December 2010 18 operators have launched commercial femtocell services, with a total of 30 committed to deployment.

At the end of 2011, femtocell shipments had reached roughly 2 million units deployed annually, and the market is expected to grow rapidly with distinct segments for consumer, enterprise, and carrier-grade femtocell deployments. Femtocell shipments are estimated to have reached almost 2 million at the end of 2010. Research firm Berg Insight estimates that the shipments will grow to 12 million units worldwide in 2014.

Within the United States, the most significant deployments up to December 2010 were by Sprint Nextel, Verizon Wireless and AT&T Wireless. Sprint started in the third quarter of 2007 as a limited rollout (Denver and Indianapolis) of a home-based femtocell built by Samsung Electronics called the Sprint Airave that works with any Sprint handset. From 17 August 2008, the Airave was rolled out on a nationwide basis. Other operators in the United States have followed suit. In January 2009, Verizon rolled out its Wireless Network Extender, based on the same design as the Sprint/Samsung system. In late March 2010, AT&T announced nationwide roll-out of its 3G MicroCell, which commenced in April. The equipment is made by Cisco Systems and ip.access, and was the first 3G femtocell in US, supporting both voice and data HSPA. Both Sprint and Verizon upgraded to 3G CDMA femtocells during 2010, with capacity for more concurrent calls and much higher data rates. In November 2015, T-Mobile US began deployment of 4G LTE femtocells manufactured by Alcatel Lucent.

In Asia, several service providers have rolled out femtocell networks. In Japan, SoftBank launched its residential 3G femtocell service in January 2009 with devices provided by Ubiquisys. In the same year, the operator launched a project to deploy femtocells to deliver outdoor services in rural environments where existing coverage is limited. In May 2010, SoftBank Mobile launched the first free femtocell offer, providing open access femtocells free of charge to its residential and business customers. In Singapore, Starhub rolled out its first nationwide commercial 3G femtocell services with devices provided by Huawei Technologies, though the uptake is low, while Singtel's offering is targeted at small medium enterprises. In 2009, China Unicom announced its own femtocell network. NTT DoCoMo in Japan launched their own femtocell service on 10 November 2009.

In July 2009, Vodafone released the first femtocell network in Europe, the Vodafone Access Gateway provided by Alcatel-Lucent. This was rebranded as SureSignal in January 2010, after which Vodafone also launched service in Spain, Greece, New Zealand, Italy, Ireland, Hungary and The Netherlands. Other operators in Europe have followed since then.


The 3G4G Blog: Femtocell Backhaul Options
src: 1.bp.blogspot.com


See also

  • 5G
  • Cellular repeater

Infonetics: Enterprise Femtocell Adoption Growing; Cisco Takes ...
src: mms.businesswire.com


References

Source of article : Wikipedia