The blog YTD2525 contains a collection of clippings news and on telecom network technology.
Cyber threats have dramatically developed throughout the years. From simple worms to viruses, and finally to advanced Trojan horses and malware. But the forms of these threats are not the only things that have evolved. Attacks are targeting a wider range of platforms. They have moved from the PC to the Mobile world, and are beginning to target IoT connected devices and cars. The news has been filled recently with attacks on critical infrastructure, causing the blackout in Ukraine, and the manipulation of “Kemuri Water treatment Company“ water flow.
This threat can no longer be ignored. Critical infrastructure organizations such as power utility and water are critical, and ought to be protected accordingly. Certain governments are starting to realize that cyberattacks can, in fact, affect critical infrastructure. As a result, they have recently issued regulations to enhance their standard defenses.
The cyber threat world is big and extensive—to fully understand the scope of threats to nationwide critical infrastructures, here are a few insights and perspectives based on our vast and longstanding experience in the cyber world.
Top three critical infrastructure threat vectors
Industrial Control Systems (ICS) are vulnerable in three main areas:
- IT network.
- Insider threat (intentional or unintentional).
- Equipment and software.
Attacking through the IT network
ICS usually operate on a separate network, called OT (Operational Technology). OT networks normally require a connection to the organization’s corporate network (IT) for operation and management. Attackers gain access to ICS networks by first infiltrating the organization’s IT systems (as seen in the Ukraine case), and use that “foot in the door” as a way into the OT network. The initial infection of the IT system is not different than any other cyberattack we witness on a daily basis. This can be achieved using a wide array of methods, such as spear phishing, malicious URLs, drive-by attacks and many more.
Once an attacker has successfully set foot in the IT network, they will turn their focus on lateral movement. Their main objective is to find a bridge that can provide access to the OT network and “hop” onto it. These bridges may not be properly secured in some networks, which can compromise the critical infrastructures they are connected to.
The threat within
Traditional insider threats exist in IT networks as well as in OT networks. Organizations have begun protecting themselves against such threats, especially after high profile attacks such as the Target hack or Home Depot (and the list is continuously growing). In OT however, the threat is increased. Similar to IT networks, insiders can intentionally breach OT networks with graver consequences. In addition to this “regular” threat, there is the unintentional insider threat. Unlike IT networks, OT networks are usually flat with little or no segmentation, and SCADA systems have outdated software versions that go unpatched regularly.
Unwitting users often inadvertently create security breaches, either to simplify technical procedures or by unknowingly changing crucial settings that disable security. The bottom line remains the same either way: the network that controls the critical infrastructure is left exposed to attacks. This is proven time and again as one can easily encounter networks that were connected to the internet by accident.
Meddling with critical components
The last avenue that endangers ICS is tampering with either the equipment or its software. There are several ways to execute such an operation:
- Intervening with the equipment’s production. An attacker can insert malicious code into the PLC (Programmable Logic Controller) or HMI (Human Machine Interface) which are the last logical links before the machine itself.
- Intercepting the equipment during its shipment and injecting malicious code into it.
- Tampering with the software updates of the equipment by initiating a Man in The Middle attack, for example.
So, how can we protect our Critical Infrastructure?
To fully protect any critical infrastructure, whether it is an oil refinery, nuclear reactor or an electric power plant, all three attack vectors must be addressed. It is not enough to secure the organization’s IT to ensure the security of the production floor. A multi-layered security strategy is needed to protect critical infrastructures against evolving threats and advanced attacks. Check Point offers not only a full worldview of the problems critical infrastructures are facing, but also a comprehensive solution to protect them.
It’s safe to assume that the majority of all Internet of Things (IoT) devices operate near large populations of people. Of course, right? This is where the action happens – smart devices, smart cars, smart infrastructure, smart cities, etc. Plus, the cost of getting “internet-connected” in these areas is relatively low – public access to Wi-Fi is becoming widely available, cellular coverage is blanketed over cities, etc.
But what about the devices out in the middle of nowhere? The industrial technology that integrates and communicates with heavy machinery that isn’t always “IP connected,” operating in locations not only hard to reach, but often exposed harsh weather. The fact remains, this is where IoT connectivity is potentially most challenging to enable, but also perhaps the most important to have. Why? Because these numerous assets help deliver the lifeblood for our critical infrastructures – electricity, water, energy, etc. Without these legacy and geographically dispersed machines, a smart world may never exist.
But let’s back up for a second and squash any misconceptions about the “industrial” connectivity picture we’re painting above. Take this excerpt from Varun Nagaraj in a past O’Reilly Radar article:
“… unlike most consumer IoT scenarios, which involve digital devices that already have IP support built in or that can be IP enabled easily, typical IIoT scenarios involve pre-IP legacy devices. And unfortunately, IP enablement isn’t free. Industrial device owners need a direct economic benefit to justify IP enabling their non-IP devices. Alternatively, they need a way to gain the benefits of IP without giving up their investments in their existing industrial devices – that is, without stranding these valuable industrial assets.
Rather than seeing industrial device owners as barriers to progress, we should be looking for ways to help industrial devices become as connected as appropriate – for example, for improved peer-to-peer operation and to contribute their important small data to the larger big-data picture of the IoT.”
It sounds like the opportunity ahead for the industrial IoT is to provide industrial devices and machines with an easy migration path to internet connectivity by creatively addressing its constraints (outdated protocols, legacy equipment, the need for both wired and wireless connections, etc.) and enabling new abilities for the organization.
Let’s look at an example of how this industrial IoT transformation is happening.
Voice, Video, Data & Sensors
Imagine you are a technician from a power plant in an developing part of the world with lots of desert terrain. The company you work for provides power to an entire region of people, which is difficult considering the power plant location is in an extremely remote location facing constant sand blasts and extreme temperatures. The reliance your company places on the industrial devices being used to monitor and control all facets of the power plant itself is paramount. If they fail, the plant fails and your customers are without power. This is where reliable, outdoor IoT connectivity is a must:
- With a plethora of machinery and personnel onsite, you need a self-healing Wi-Fi mesh network over the entire power plant so that internet connections aren’t lost mid-operation.
- Because the traditional phone-line system doesn’t extend to the remote location of the power plant, and cell coverage is weak, the company requires Voice over IP (VoIP) communications. Also, because there’s no physical hardware involved, personnel never needs to worry about maintenance, repairs or upgrades.
- The company wants to ensure no malfeasance takes place onsite, especially due to the mission-critical nature of the power plant. Therefore, security camera control and video transport is required back to a central monitoring center.
- Power plants require cooling applications to ensure the integrity and safety of the power generation taking place. The company requires Supervisory Control and Data Acquisition (SCADA) networking for monitoring the quality of the inbound water being used to cool the equipment.
- The company wants to provide visibility to its customers in how much energy they are consuming. This requires Advanced Metering Infrastructure (AMI) backhaul networking to help manage the energy consumption taking place within the smart grid.
- Since the power plant is in a remote location, there is only one tiny village nearby being used by the families and workers at the power plant. The company wants to provide a Wi-Fi hotspot for the residents.
From the outline above, it sounds like a lot of different IoT networking devices will need to be used to address all of these applications at the power plant. If the opportunity ahead for the industrial IoT is to provide industrial devices and machines with an easy migration path to IP connectivity, what solutions are available to make this a reality for the power plant situation above? Not just that, but a solution with proven reliability in extreme environmental conditions? We might know one…
Is harvesting your data and turning it into a new revenue stream the only sustainable business model for Internet of Things device makers?
Where is IoT going in the long run?… To cash in on the treasure trove of “everything it knows about you,” data collected over the long term, at least it is according to a post on Medium about the “dirty little secret” of the Internet of Things.
A company can only sell so many devices, but still needs to make money, so the article suggests the “sinister” reason why companies “want to internet-connect your entire house” is to collect every little bit of data about you and turn it into profit. Although the post was likely inspired in part by the continued fallout of Nest’s decision to brick Revolv hubs, there could a IoT company eventually looking for a way to monetize on “if you listen to music while having sex.”
The post is by the same guy running the “Internet of Sh*t” Twitter account; he works as a developer for a software company in Europe. You’ve surely seen IoT gadgets that seem like a joke, that make you wonder why in the world anyone thought it was a good enough idea to make it. While not every product tweeted by Internet of Sh*t is a real thing, the tweets are funny and have the scary potential to be real. Here are a couple of my favorites:
A smart device which alerts you to water your plants could also be considered to now give your plants an attack vector. Another would be an IoT gadget in your “smart home” that could lead to in-app purchase blackmail such as the tweeted joke about paying to delete footage of something an app “saw.”
On Medium, “Internet of Sh*t” explained that there are indeed plenty of IoT devices that you would use over the very long term such as “household appliances you won’t replace for a decade. We’re talking about a thermostat, fridge, washing machine, kettle, TV or light — long term, there’s just no other way to be sustainable for the creators of these devices.” Those devices present “delicious” opportunities “for bloated internet companies.”
“The problem with the Internet of Things is that the hardware is only one aspect,” he pointed out. “The makers need to keep servers running to support them, keep APIs up to date, keep security up to date and, well, pay employees.” Over time, those costs will be more than what you paid for the device so the “sustainable” model is to keep collecting every little piece of data about you and then finding a way to profit from it.
For example, he quoted Nest CEO Tony Fadell who previously said, “We’ll get more and more services revenue because the hardware sits on the wall for a decade.”
If Nest wanted to increase profits it could sell your home’s environment data to advertisers. Too cold? Amazon ads for blankets. Too hot? A banner ad for an air conditioner. Too humid? Dehumidifiers up in your Facebook.
Nest may not be doing that right now, but “the future of your most intimate data being sold to the highest bidder isn’t dystopian. It’s happening now.” One example included Bud Light’s “Bud-E Fridge” as the makers called real-time data about how much beer is stocked “a wealth of knowledge” that will pay off in a couple years even if the fridge doesn’t make a ton of money. Brands are going to look at the data collected by their IoT devices as a new source of revenue stream.
If you think it is unlikely that your IoT devices will start cashing in on data it collects about you, then you might also believe it is a conspiracy theory that apps which request permission to access your microphone are “listening in” to serve up relevant ads. In some cases, it might be a coincidence if you suddenly start seeing ads about a topic that you recently discussed, but not always.
For example, your phone can be “listening” for what you watch on TV. Last month the FTC sent a warning letter (pdf) to unnamed app developers using Silverpush code that “can monitor a device’s microphone to listen for audio signals that are embedded in television advertisements.” Basically the apps can secretly listen to everything that happens in the background; Forbes explained how Silverpush uses a unique inaudible sound in TV commercials that you might not notice, but an app on your phone could. Once it hears that sound, the app knows what you are watching.
It’s important to note that Silverpush claims ads in the USA are currently not using audio beacons, but the FTC still said app developers need to notify users why their apps ask to use a phone’s mic. The FTC’s letter adds that “nowhere do the apps in question provide notice that the app could monitor television-viewing habits, even if the app is not in use.”
For the curious, here’s a list of Android apps which use SilverPush.
While some privacy advocates may care, sadly there are a plethora of people who don’t know or care what their apps or IoT devices are monitoring and collecting. How else do you explain the success of major TV brand makers even after smart TVs were labeled the ‘perfect target’ for spying on you? Since then, smart TVs were caught “eavesdropping,” tracking viewing habits, or snarfing up personal files such as those connected via a USB.
The post on Medium advises you to ponder what data you are giving away, where does it go, and if you even own the IoT device at all before you buy smart devices. A differentpost on Medium by Stephanie Rieger advises you to consider similar topics before you rent a house or apartment that comes equipped with “smart” features.
“Rarely does this process currently involve discussions about hardware versions, operating systems, apps, firmware, connection ports (barring cable/TV/phone) and who has the right or indeed responsibility and sufficient access privileges to install updates, pay monthly or annual subscriptions, or introduce new software into the system,” Rieger wrote. Since some of those smart devices can be collecting your data, be vulnerable to attack, or end up costing you a subscription to a service you don’t even want, then those are important answers you should demand.
We should demand answers about our collected data from the makers of our IoT devices as well, but as Internet of Sh*t pointed out, “Nobody really knows the answer because they don’t want to tell you.” The manufacturers probably believe “it’s better if you don’t know.”
The main advantage of blockchain is to enable people to trust them without the intervention of a “trusted third party”.
Blockchain can be defined as the decentralized and comprehensive history of all transactions since its inception and which are recorded in a large ledger.
The transaction security is ensured by a network of computers that validate and certify the transaction before entering it permanently in a block. Once registered, it is tamper-proof and easily verifiable. So this is a distributed network in which the transactions are in peer to peer (P2P).
The main advantage of blockchain is that people can trust them without the intervention of a “trusted third party” (lawyers, bank, State, platform types like Uber, AirBnB, etc.). This intermediary function is ensured by a network of computers. In other words, the blockchain is an Internet transaction certification infrastructure.
The technology can be used for transactions that go beyond a mere payment or registration and contain even more complex instructions (conditional and programmed instructions), then we talk about contracts. These contracts are published on a blockchain that they run automatically under certain conditions, which is why we use the term ‘Smart Contracts “.
The stakes are enormous. All players involved in intermediation; banks, insurers, notaries, lawyers, etc. are concerned. It is a market of several trillion dollars that we must re-invent!
The success of the IoT (Internet of Things) goes into effect by the blockchain and its algorithmic trust system with a distributed infrastructure. Remember that with blockchain, the fact that a transaction is accepted or rejected is the result of a distributed consensus and not a centralized institution. In other words, theconsensus-as-a-service (consensus on demand) or TAAS (Trust as a Service) is the heart of the economic model of blockchain.
With the Internet of Things, the blockchain protocol will find one of its broader applications, given the huge problems of trust that are sure to arise. Trust, the question of identity, respect for privacy and confidentiality of personal data will be at the heart of market development of the Internet of Things.
In other words, the blockchain technology will become the infrastructure of a globally interconnected digital world and massively including the Wearable Computing, IoT, sensors, smart phones, laptops, and cameras, the Smart Home, the Smart Car and even SmartCity.
Will tomorrow’s world blockchain or not?
Disruption. You can’t have a discussion today about business or technology without the term entering the conversation. I think it’s become an unwritten rule. It’s almost as if no one will take you seriously unless you’re talking about business disruption. Or how disruptive technologies can be used to advance business and provide a competitive edge.
Take Big Data and the Internet of Things (IoT). Both rank highly on the list of disruptive technologies. And as with most technologies, there are areas of great synergy that ultimately provide a yellow brick road to real business value. (See my recent blog Big Data, the Internet of Things, and Russian Nesting Dolls.)
Blockchain enters the disruptive dialogue
But recently, a new topic has enlivened the disruption discussions: Blockchain technology. And with it, the requisite stream of questions. What exactly is it? How does it help (or does it help) provide business value? How will it affect my current initiatives? And are there synergies to be had—or do I have to worry about it blowing everything up?
What is blockchain—and how is it associated with Bitcoin?
If you do a Google search on blockchain, you’ll find several results that inevitably pair the terms “blockchain” and “Bitcoin.” That’s because blockchain technology enables digital currencies like Bitcoin to work. As you may be aware, Bitcoin has no physical form, is not controlled by a single entity, nor is it backed by any government or agency.
(I’m not going to attempt to discuss the pros and cons of Bitcoin here. Those conversations can be almost as emotional as political discussions—and voluminous enough to fill books.)
A permanent digital transaction database…
In simple terms, blockchain is a digital ledger of transactions that you might think of as a spreadsheet. Yet it comprises a constantly growing list of transactions called “blocks”—all of which are sequentially connected. Each block has a link to the previous one in the list. Once a block is in the chain it can’t be removed, so it becomes part of a permanent database containing all the transactions that have occurred since its inception.
…is also the ultimate distributed database
But perhaps the most interesting thing about blockchain is that there’s no central authority or single source of the database. Which means it exists on every system that’s associated with it. Yes, every system has its own complete copy of the blockchain. As new blocks are added, they’re also received by every system—for the ultimate distributed database. So if you lose your copy, no problem. By rejoining the blockchain network you get a fresh new copy of the entire blockchain.
But how do you ensure transactional security?
By now you’re probably wondering, “How can this possibly result in a secure method for conducting digital transactions?” The short answer is through some very complex cryptography, math puzzles, and crowdsourcing consensus. There’s a great video that explains it in some detail on YouTube. It’s a little over 20 minutes long, but is the best explanation I’ve seen of a very complex solution.
The net result is called a “trustless system.” Which is not to say the system can’t be trusted. It simply means that two parties don’t need a trusted third party (such as a bank or credit card company) to maintain a ledger and valid transactions. Because every transaction can always be verified against the distributed ledger, a copy of which resides with all parties.
Note: One thing that’s important to understand is that while you can’t have Bitcoin without blockchain, you can use blockchain without involving Bitcoin—and that’s when things can become very interesting.
Blockchain and Big Data
When you talk about blockchain in the context of Bitcoin, the connection to Big Data seems a little tenuous. What if, instead of Bitcoin, the blockchain was a ledger for other financial transactions? Or business contracts? Or stock trades?
The financial services industry is starting to take a serious look at block chain technology. Citi, Nasdaq, and Visa recently made significant , a Bitcoin blockchain service provider. And Oliver Bussmann, CIO of UBS says that blockchain technology could “pare transaction processing time from days to minutes.”
The business imperative in financial services for blockchain is powerful. Imagine blockchains of that magnitude. Huge data lakes of blocks that contain the full history of every financial transaction, all available for analysis. Blockchain provides for the integrity of the ledger, but not for the analysis. That’s where Big Data and accompanying analysis tools will come into play.
Blockchain and the Internet of Things
There’s no doubt that IoT is a tremendous growth industry. Gartner predicts that the number of “things” will exceed 25 billion (with a B) devices within the next four years. These things can be anything from a small sensor to a large appliance—and everything in between. Two key challenges are securing those devices, and the privacy of the data they exchange.
Traditional centralized authority and message brokering could help address these issues, but will not scale with the number of devices predicted and the 100’s of billions of transactions the devices will generate.
Several major industry leaders put forth blockchain technology is as a possible solution to these challenges. The vision is a decentralized IoT, where the blockchain can act as the framework for facilitating transaction processing and coordination among interacting devices. Each device would manage its own roles and behavior and rules for interaction.
Follow the Yellow Brick Road
The blockchain builds itself a block at a time, always growing and moving forward, but also maintaining the trail of where it’s been. While the blockchain’s original purpose was in support of Bitcoin digital currency, like most disruptive technologies its value is growing in unexpected ways and directions.
As a technologist, I find the technology fascinating. That being said, technology is just a tool. It’s our responsibility to ensure the tools can be leveraged to provide true business value. Whethers its reduction of transaction processing time, analysis of transaction trends, or providing a mechanism to securely scale the Internet of Things messaging, the synergies with Big Data and IoT are one way we can follow that yellow block road to true business value.
The range and number of “things” connected to the internet is truly astounding, including security cameras, ovens, alarm systems, baby monitors and cars. They’re are all going online, so they can be remotely monitored and controlled over the internet.
Internet of Things (IoT) devices typically incorporate sensors, switches and logging capabilities that collect and transmit data across the internet.
Some devices may be used for monitoring, using the internet to provide real-time status updates. Devices like air conditioners or door locks allow you to interact and control them remotely.
Most people have a limited understanding of the security and privacy implications of IoT devices. Manufacturers who are first-to-market are rewarded for developing cheap devices and new features with little regard for security or privacy.
At the heart of all IoT devices is the embedded firmware. This is the operating system that provides the controls and functions to the device.
Our previous research on internet device firmware demonstrated that even the largest manufacturers of broadband routers frequently used insecure and vulnerable firmware components.
IoT risks are compounded by their highly connected and accessible nature. So, in addition to suffering from similar concerns as broadband routers, IoT devices need to be protected against a wider range of active and passive threats.
Active IoT threats
Poorly secured smart devices are a serious threat to the security of your network, whether that’s at home or at work. Because IoT devices are often connected to your network, they are situated where they can access and monitor other network equipment.
This connectivity could allow attackers to use a compromised IoT device to bypass your network security settings and launch attacks against other network equipment as if it was “from the inside”.
Many network-connected devices employ default passwords and have limited security controls, so anyone who can find an insecure device online can access it. Recently, security researchers even managed to hack a car, which relied on readily accessible (and predictable) Vehicle Identification Numbers (VINs) as its only security.
Hackers have exploited insecure default configurations for decades. Ten years ago, when internet-connected (IP) security cameras became common, attackers used Google to scan for keywords contained in the camera’s management interface.
Sadly, device security hasn’t improved much in ten years. There are search engines that can allow people to easily locate (and possibly exploit) a wide range of internet-connected devices.
In contrast to active threats, passive threats emerge from manufacturers collecting and storing private user data. Because IoT devices are merely glorified network sensors, they rely on manufacturer servers to do processing and analysis.
So end users may freely share everything from credit information to intimate personal details. Your IoT devices may end up knowing more about your personal life than you do.
Devices like the Fitbit may even collect data to be used to assess insurance claims.
With manufacturers collecting so much data, we all need to understand the long-term risks and threats. Indefinite data storage by third parties is a significant concern. The extent of the issues associated with data collection is only just coming to light.
Concentrated private user data on network servers also presents an attractive target for cyber criminals. By compromising just a single manufacturer’s devices, a hacker could gain access to millions of people’s details in one attack.
What can you do?
Sadly, we are at the mercy of manufacturers. History shows that their interests are not always aligned with ours. Their task is to get new and exciting equipment to market as cheaply and quickly as possible.
IoT devices often lack transparency. Most devices can be used only with the manufacturer’s own software. However, little information is provided about what data is collected or how it is stored and secured.
But, if you must have the latest gadgets with new and shiny features, here’s some homework to do first:
- Ask yourself whether the benefits outweigh the privacy and security risks.
- Find out who makes the device. Are they well known and do they provide good support?
- Do they have an easy-to-understand privacy statement? And how do they use or protect your data?
- Where possible, look for a device with an open platform, which doesn’t lock you in to only one service. Being able to upload data to a server of your choice gives you flexibility.
- If you’ve already bought an IoT device, search Google for “is [your device name] secure?” to find out what security researchers and users have already experienced.
All of us need to understand the nature of the data we are sharing. While IoT devices promise benefits, they introduce risks with respect to our privacy and security.
This paper focuses on downlink packet scheduling for streaming video in Long Term Evolution (LTE). As a hard handover is adopted in LTE and has the period of breaking connection, it may cause a low user-perceived video quality. Therefore, we propose a handover prediction mechanism and a pre-scheduling mechanism to dynamically adjust the data rates of transmissions for providing a high quality of service (QoS) for streaming video before new connection establishment. Advantages of our method in comparison to the exponential/proportional fair (EXP/PF) scheme are shown through simulation experiments.
2. Pre-Scheduling Mechanism
2.1. Handover Prediction
where Pˆi is the predictive value of RSRP at time ti, and a and b are coefficients of the linear regression equation. Then, we use the least squares (LS) method to deduce a and b. The method of LS is a standard solution to estimate the coefficient in linear regression analysis.
where Pi is the measured value of RSRP at time ti. The least squares method is to try to find the minimum of S, and then the minimum of S is determined by calculating the partial derivatives.
where T¯¯¯= ∑ni=1tin and P¯¯¯= ∑ni=1Pin. If there are several neighbor eNodes, we select the eNodeB with the maximum variation of RSRP (maximum slope) as target eNodeB. In Figure 2a, we can see that while RSRPSeNB=RSRPTeNB, the handover procedure is triggered. We have trigger time tt=a1−a2b2−b1.
2.2. Pre-Scheduling Mechanism
where tr is the time interval from scheduling to starting handover (pre-scheduling time for handover). The starting time of scheduling is adjustable, and we will evaluate it in our simulation later. tho is the time during handover procedure. tn is the delay time before new transmission (preparation time of scheduling with new eNodeB). Ks is the required number of video frames per second and m is the number of BL that is needed in each video frame. In Figure 2b, according to transmission data rate of the serving eNodeB, we construct a linear regression line dx(t). Then, the amount of BL’s data (transmitted from serving eNodeB and stored in the buffer of users) before handover has to be no less than NBL.
where thandover is the TTT for handover. In the above inequality, the left part is the amount of data that the serving eNodeB can transmit before handover. According to the serving eNodeB capacity of transmission, we can dynamically adjust the transmission rate between BL and ELs. In Equation (6), while the inequality does not hold, it means the serving eNodeB cannot provide enough data for BL for maintaining high QoS for video streaming. Accordingly, the serving eNodeB merely transmits data for BL. On the contrary, while the inequality holds, the serving eNodeB can provide the data of BL and ELs simultaneously for desired quality of video service. In the following, we describe our mechanism of data rate adjustment between BL and ELs. The transmission rates of the BL and ELs are decreasing because the RSRP is degrading between the previous serving eNodeB and user. Hence, by the regression line dx(t), we can define the total descent rate s(slope) of transmissions as
where dBL,i and dEL,i are the transmitted number of BL and ELs during time interval ti, respectively. In Equation (9), the total transmitted number for streaming video (left part) is necessarily less than or equal to the total number of data the serving eNodeB can provide (right part). Thus, the total descent rate of transmission per tunit can be calculated as s⋅tunit. In this paper, for high QoS for video streaming, BL data has high priority for transmission. Furthermore, to achieve dynamically adjusting the transmission rate between BL and EL, we define the descent rate as
3. Performance Evaluation
3.1. The Effect of the Prediction Mechanism
3.2. Base Layer Adjustment
Conflicts of Interest
Long Term Evolution
3rd Generation Partnership Project
Maximum-Largest Weighted Delay First
scalable video coding
Reference Signal Receiving Power
physical resource blocks
Download PDF [4478 KB, uploaded 21 March 2016]
- Chang, M.J.; Abichar, Z.; Hsu, C.Y. WiMAX or LTE: Who will lead the broadband mobile Internet? IT Prof. Mag. 2010,12. [Google Scholar] [CrossRef]
- Dahlman, E.; Parkvall, S.; Skold, J.; Beming, P. 3G Evolution: HSPA and LTE for Mobile Broadband; Academic press: Burlington, MA, USA, 2010. [Google Scholar]
- Kwan, R.; Leung, C.; Zhang, J. Downlink Resource Scheduling in an LTE System; INTECH Open Access Publisher: Rijeka, Croatia, 2010. [Google Scholar]
- Proebster, M.; Mueller, C.M.; Bakker, H. Adaptive Fairness Control for a Proportional Fair LTE Scheduler. In Proceedings of the IEEE 21st International Symposium on Personal Indoor and Mobile Radio Communications (PIMRC), Instanbul, Turkey, 26–30 September 2010; pp. 1504–1509.
- Andrews, M.; Kumaran, K.; Ramanan, K.; Stolyar, A.; Whiting, P.; Vijayakumar, R. Providing quality of service over a shared wireless link. IEEE Commun. Mag. 2001, 39, 150–154. [Google Scholar] [CrossRef]
- Rhee, J.H.; Holtzman, J.M.; Kim, D.K. Scheduling of Real/Non-Real Time Services: Adaptive EXP/PF Algorithm. In Proceedings of the 57th IEEE Semiannual on Vehicular Technology Conference, Jeju, Korea, 22–25 April 2003; pp. 462–466.
- Ramli, H.A.M.; Basukala, R.; Sandrasegaran, K.; Patachaianand, R. Performance of Well Known Packet Scheduling Algorithms in the Downlink 3GPP LTE System. In Proceedings of the IEEE Malaysia International Conference on Communications (MICC), Kuala Lumpur, Malaysia, 15–17 December 2009; pp. 815–820.
- Afrin, N.; Brown, J.; Khan, J.Y. An Adaptive Buffer Based Semi-persistent Scheduling Scheme for Machine-to-Machine Communications over LTE. In Proceedings of the IEEE Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), Oxford, UK, 10–12 September 2014; pp. 260–265.
- Patra, A.; Pauli, V.; Lang, Y. Packet Scheduling for Real-Time Communication over LTE Systems. In Proceedings of the IEEE Wireless Days (WD), Valencia, Spain, 13–15 November 2013; pp. 1–6.
- Piro, G.; Grieco, L.A.; Boggia, G.; Fortuna, R.; Camarda, P. Two-level downlink scheduling for real-time multimedia services in LTE networks. IEEE Trans. Multimed. 2011, 13, 1052–1065. [Google Scholar] [CrossRef]
- Xenakis, D.; Passas, N.; Merakos, L.; Verikoukis, C. ARCHON: An ANDSF-Assisted Energy-Efficient Vertical Handover Decision Algorithm for the Heterogeneous IEEE 802.11/LTE-Advanced Network. In Proceedings of the IEEE International Conference on Communications (ICC), Sydney, Australia, 10–14 June 2014; pp. 3166–3171.
- Xenakis, D.; Passas, N.; Verikoukis, C. A Novel Handover Decision Policy for Reducing Power Transmissions in the Two-Tier LTE Network. In Proceedings of the IEEE International Conference on the Communications (ICC), Ottawa, ON, Canada, 10–15 June 2012; pp. 1352–1356.
- Xenakis, D.; Passas, N.; Merakos, L.; Verikoukis, C. Mobility management for femtocells in LTE-advanced: Key aspects and survey of handover decision algorithms. IEEE Commun. Surv. Tutor. 2014, 16, 64–91. [Google Scholar] [CrossRef]
- Xenakis, D.; Passas, N.; Gregorio, L.D.; Verikoukis, C. A Context-Aware Vertical Handover Framework towards Energy-Efficiency. In Proceedings of the IEEE 73rd Vehicular Technology Conference (VTC Spring), Yokohama, Japan, 15–18 May 2011; pp. 1–5.
- Xenakis, D.; Passas, N.; Merakos, L.; Verikoukis, C. Energy-Efficient and Interference-Aware Handover Decision for the LTE-Advanced Femtocell Network. In Proceedings of the IEEE International Conference on Communications (ICC), Budapest, Hungary, 9–13 June 2013; pp. 2464–2468.
- Mesodiakaki, A.; Adelantado, F.; Alonso, L.; Verikoukis, C. Energy-efficient user association in cognitive heterogeneous networks. IEEE Commun. Mag. 2014, 52, 22–29. [Google Scholar] [CrossRef]
- LTE Simulator. Available online: http://telematics.poliba.it/LTE-Sim (accessed on 12 January 2015).
- Video Trace Library. Available online: http://trace.eas.asu.edu/ (accessed on 15 February 2015).
© 2016 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons by Attribution (CC-BY) license (http://creativecommons.org/licenses/by/4.0/).
* Femtocell and HeNB are interchangeable, and so are Femtocell Gateway and HeNB Gateway in this document.
The mobile operator can benefit from the femtocell as it allows LTE traffic to be distributed between macro eNB and femtocells at home and also at indoor and outdoor hotspots in crowded places like coffee shops, restaurants, bus stop, malls, schools, and so on. This helps the operator to effectively reduce loads at macro cells and in the backhaul, and provide its users with better QoE.
The beauty of LTE femtocell is that, as all it takes is simply connecting existing broadband Internet to an ultra-small base station, it gives the advantage of quick deployment. It also minimizes additional costs and burdens that may be imposed in case of building macro cells, in relation to installation site acquisition, site rental, power supply, construction of backhaul network, etc. Such benefits make it one of the most cost-effective ways to expand coverage and capacity in an LTE network.
Figure 1-1. Key values provided by femtocell in 4G era
Years ago, mobile operators started building macro LTE networks, and have always been in the quest for solutions to shadowing areas and high costs of operating multiple networks (2G, 3G and 4G) since then. Recently, operators are pursuing a strategy to i) provide uninterrupted voice coverage without relying on legacy networks like 2G or 3G by introducing small cells in shadowing areas and supporting seamless handover between them and macro cells, and ii) ultimately migrate into an all LTE network through gradual replacement of legacy networks.
That is, many operators are pushing forward with this strategy to minimize the total OPEX of the entire network by operating only one LTE network instead of multiple mobile networks. Femtocells are considered the most likely candidate to serve this purpose.
Meanwhile, operators without 2G or 3G, but with LTE macro network, are also active in introducing LTE femtocells in their networks as a cost-effective solution to enhance LTE coverage and capacity.
Here, what concerns the operators most is “uncertainty that can be caused while these femtocells (HeNB). Unlike existing macro cells, if deployed in a large scale – in tens or hundreds of thousands, these cells can cause unpredictable, operational risk while interworking with legacy LTE systems (EPC, eNB, etc.).”
SMEC’s Femto GW (HeNB-GW), designed to work as a sponge to absorb such uncertainty and risk, helps to operate the femto network just as stably as macro networks.
Chapter 2 will look into the benefits and issues of HeNB-GW, and chapter 3 will introduce HeNB-GW solution of SMEC, specifically X2 broker feature in details. Chapter 4 will summarize the benefits of the SMEC solution.
2. HeNB-GW: Benefit and Issues
Table 2-1 summarizes issues in connecting HeNBs directly to MME, without HeNB-GW, as compared to the benefits of deploying HeNB-GW.
Table 2-1. Benefits of deploying HeNB-GW
2.2 Issues – X2 Handover Support
Mobile operators prefer X2 handover that uses just X2 interface between eNBs to more complicated S1 handover that increases loads at MME. As seen in Figure 2-1(a), the more HeNBs are deployed, the more hand-in and hand-out activities are performed between macro eNBs and HeNBs (particularly outdoors).
This means even more loads are caused at MME and S-GW by S1 handover, affecting the reliability of the LTE network. For more reliable, secured operation of the LTE core network, X2 handover without MME’s intervention is essential in a femto network (Figure 2-1(b)).
Figure 2-1. Handover options between macro eNB and HeNBs: S1 vs. X2
Figure 2-2. Issues: scalability and uncertainty
But in reality, supporting X2 handover in a femtocell environment is not easy because of possible scalability and instability issues. If existing macro eNBs establish X2 connections directly with a large number of HeNBs, scalability can be compromised due to the limit in the number of X2 connections that can be managed (Figure 2-2(a)).
For X2 handover, existing MME and eNB must interact directly with HeNBs (S1-MME, X2), and this process can bring about instability between the two (Figure 2-2(b)). Also, configuring X2 GW requires upgrade of eNBs and HeNBs all to R-12, consequently aggravating the complexity of the network even further.
These issues have been an obstacle standing in the way of applying X2 handover between macro eNB and HeNB in the commercial network. The HeNB-GW solution by SMEC is designed to address these issues. We will learn how in chapter 3.
3. SMEC HeNB-GW Solution
3.1 SMEC HeNB-GW
The Figure 3-1 describes a high level view of LTE network with femtocell and SMEC HeNB-GW. SMEC HeNB-GW can provide:
- Virtual eNB (eNB ID based HeNB grouping)
- X2 service broker (X2 proxy between eNB and HeNB)
- S1 and X2 handover between eNB and HeNB
- S1 signaling and bearer aggregation with SeGW functionality
Figure 3-1. SMEC HeNB-GW architecture
SMEC HeNB-GW, technologically based on virtual eNB concept, can group a number of HeNBs for management by group. Each virtual eNB, capable of aggregating 256 HeNBs, functions as a logical HeNB GW, providing S1 interface to EPC and HeNBs, and X2 interface to macro eNB and HeNB. From a S1 interface point of view, MME and S-GW see virtual eNB as ‘one macro eNB’, and HeNB sees it as ‘MME and S-GW’. Virtual eNB provides the following functionalities in respect of S1 interfaces:
- Relaying UE-associated S1AP messages between MME and HeNB
- Terminating non-UE associated S1AP procedures towards HeNB and towards MME
- Terminating S1-U interfaces with HeNB and with S-GW
Virtual eNB, as a logical macro eNB, provides X2 interfaces. From X2 interface point of view, the macro eNB sees virtual eNB as an eNB with 256 cells that offers following functionalities:
- Providing X2 interfaces between macro eNB and HeNBs
- Terminating non-UE associated X2AP messages between eNB and HeNB
- Converting UE-X2AP-ID between eNB and HeNB
- Routing UE-associated X2AP messages between eNB and HeNB
3.2 X2 Service Broker
SMEC HeNB-GW features X2 service broker for complexity and stability issues as seen in Figure 2-2. As shown in Figure 3-2(b), each HeNB establishes X2 connection with virtual eNB (acting as a ‘X2 service broker’) at SMEC HeNB-GW, and macro eNB establishes only one X2 connection with the virtual eNB.
This X2 aggregation function provided by X2 broker drastically reduces the number of X2 connections needed between macro eNB and HeNBs (256 X2 connections to only one X2 connection). SMEC HeNB-GW makes existing macro eNBs recognize it as another regular macro eNB, by hiding all the HeNBs behind its back.
Existing MME and eNB must interact directly with HeNBs (S1-MME, X2) for X2 handover, etc., and this can bring about instability between the two. X2 broker, upon receiving S1 and X2 messages from HeNB, modifies the messages as if it is eNB itself, and sends them to MME and eNB. This ensures the stability of the LTE core network and eNB remains unaffected.
As a result, network complexity and unstability anticipated by deployment of HeNB can be significantly decreased, and kept as low as in existing macro eNB network. LG U+, a South Korean LTE network operator, has already deployed SMEC’s HeNB-GW, applying X2 handover between macro eNB and HeNBs in its commercial network. The company has been able to keep the load level at MME at a minimum and provide uninterrupted VoLTE service across femto hotspots in macro cells.
Figure 3-2. Benefits of X2 broker: scalability and stability
3.3 X2 Service Broker Operation
In order for X2 service broker to work, HeMS allocates HeNB IDs to HeNBs as seen in Figure 3-3. An HeNB ID is 28 bits long, and consists of i) an eNB ID (20 bits long), identical for all HeNBs (up to 256) that belong to the same virtual eNB, and ii) a cell ID (8 bits long), unique for all the HeNBs (up to 256). This HeNB ID plaNning scheme lets a macro eNB recognize a virtual eNB as just another macro eNB, and all the HeNBs belonging to it as its cells.
Figure 3-3. SMEC X2 service broker: HeNB ID planning
Detailed call flow for X2 broker operation is as follows:
❶ HeNB1 initiates TNL address discovery procedure towards an MeNB: HeNB1 detects a new cell (cell A of macro eNB) and decides to setup X2 towards Macro eNB (MeNB). It initiates an TNL address discovery procedure by sending eNB Configuration Transfer message indicating its own HeNB ID (HeNB1, 28 bits long) and MeNB ID (20 bits long) as neighbor information to virtual eNB through S1 interface.
The virtual eNB does not have any information on the MeNB’s X2 IP address, and it must forward the message to MME to find the X2 IP address of MeNB. Before forwarding the message, virtual eNB (X2 broker) replaces the 28-bit HeNB ID with its own ID (virtual eNB, 20 bit long) in the message and forwards it to MME. MME knows the MeNB and so sends an MME Configuration Transfer message to it (note that virtual eNB does not disclose 28-bit-long HeNB ID to MME and MeNB).
Figure 3-4. SMEC X2 service broker: HeNB1 initiates TNL address discovery procedure towards an MeNB
MeNB returns its X2 IP address, and MME sends it to virtual eNB (now, virtual eNB obtains MeNB’s X2 IP address). Virtual eNB replaces the MeNB’s X2 IP address in SeNB Information with its own IP address, and sends MME Configuration Transfer message to HeNB1. Then, this leads HeNB1 to recognize the virtual eNB IP address as MeNB’s X2 IP address.
❷ X2 setup between HeNB1 and MeNB: HeNB1 starts X2 setup towards MeNB, indicating its HeNB ID (virtual eNB (20b) + cell 1 (8b)) and MeNB as neighbor information. Since HeNB1 knows virtual eNB’s IP address as MeNB’s X2 IP address, this message is actually forwarded to virtual eNB. Virtual eNB starts another X2 setup procedure to continue the setup of X2-connectivity towards MeNB, indicating its own eNB ID (virtual eNB) and cell information (cell 1) and MeNB ID as neighbor information. When MeNB and virtual eNB responds, a single X2 connection is set up between HeNB1 and virtual eNB, and also between virtual eNB and MeNB.
This process lets MeNB add the cell information of HeNB1 (virtual eNB/cell1) to its X2 neighbor list and also lets HeNB1 add the cell information of MeNB (MeNB/cell A) to its X2 neighbor list.
Figure 3-5. SMEC X2 service broker: X2 setup between HeNB1 and MeNB
❸ Subsequent X2 connection setups: As X2 connection between virtual eNB and MeNB has already been setup, any further X2-address request from other HeNBs for X2-connectivity towards MeNB will be responded by the virtual eNB without forwarding the request via the MME towards the MeNB. Virtual eNB sends its own IP address in response to other HeNB’s X2-address request to the MeNB.
For any further X2 setup request to the MeNB, virtual eNB, through the already-established X2 connection, sends an X2 message (eNB Configuration Update) containing HeNB2 cell information to inform MeNB of the updated cell information.
Virtual eNB sends X2 Setup Response to HeNB2 if the X2 Configuration Update between the virtual eNB and MeNB is performed successfully.
Figure 3-6. SMEC X2 service broker: Subsequent X2 connection setups
Once the above process is completed, an X2 connection is set up between each HeNB and virtual eNB (HeNB-GW), and also between virtual eNB and macro eNB. Logically, existing macro eNB recognizes HeNB-GW as a new macro eNB, and all HeNBs belonging to it as cells in the macro eNB as shown in Figure 3-7.
Figure 3-7. SMEC X2 service broker: Logical configuration
This means, the legacy LTE network (eNB and EPC) will see even a large-scale deployment of HeNBs as a small-scale deployment of additional macro eNBs. This completely eliminates any chance of uncertainty, complexity, or risk factors that would otherwise be caused by a large-scale deployment of HeNB in the legacy LTE network. For example, because the 28-bit HeNB IDs are not exposed to MME or eNB, there is no potential issue in interworking between HeNBs and MME/eNBs, which makes the network architecture even more stable and reliable.
As the X2 service broker feature by SMEC is implemented using S1 interface (eNB n MME) and X2 interface (eNB n eNB) defined in Rel. 8, no change or modification is needed in the EPC core or eNBs already deployed in the legacy LTE network. This makes the feature readily applicable to any LTE commercial network where Rel. 8 or higher is implemented (i.e., in any LTE network).
4. Benefits of SMEC HeNB-GW
SMEC’s HeNB-GW helps to keep the impact of introducing LTE femtocell – even when massively deployed – in the legacy LTE network low, as low as that of small scale addition of macro eNB. This ensures the stability of the LTE core network remains unaffected and the additional investment costs resulting from such deployment are kept to a minimum.
- SMEC’s HeNB-GW delivers both SeGW feature and aggregation feature (for control plane, S1-MME and user plane, S1-U) at a single point, proactively preventing overload at existing MME and S-GW, and also easing potential uncertainty in the legacy LTE network to be caused by tens of thousands of newly deployed femtocells. Also, it helps to bring down the costs for additional installation of MME resulting from the large scale deployment of femtocells (e.g. purchasing additional equipment and license).
- SMEC’s HeNB-GW supports S1 and X2 handover between macro eNB and femtocell, which ensures uninterrupted, reliable call quality, even during switches between the two cells – all just through 4G network (i.e. just through VoLTE) without 2G or 3G.
- SMEC’s HeNB-GW offers X2 service broker feature that provides X2 handover between macro eNB and HeNB without having to modify X2 interface used between the macro eNBs.
- Traditional HeNB-GW can only support S1 handover, and thus heavy overloads are inevitably passed on to MME during handover. SMEC HeNB GW, however, supports X2 handover where no MME involvement during handover process is needed, drastically reducing overload at MME.
- It significantly reduces the number of X2 interfaces needed through aggregation of X2 interfaces between macro eNB and femtocells, thereby decreasing network complexity to be caused by X2 interface used in small cell environment.
- The X2 service broker feature by SMEC, implementable through S1 and X2 interfaces defined in 3GPP Rel. 8., is readily deployable in any LTE system regardless of its release version. Without additional installation of X2 GW nodes defined in R-12 or upgrade of R-12 X2 GW feature license of MME, eNB and HeNB, or of LTE network, X2 handover between macro eNB and HeNB can be readily supported.
|3GPP||3rd Generation Partnership Project|
|eNB||Evolved Node B|
|EPC||Evolved Packet Core|
|GTP||GPRS Tunneling Protocol|
|HeMS||HeNB Management System|
|HeNB||Home eNodeB (Femtocell)|
|HeNB-GW||Home eNodeB Gateway (Femto Gateway)|
|IMS||IP Multimedia Subsystem|
|ISP||Internet Service Provider|
|LTE||Long Term Evolution|
|MME||Mobility Management Entity|
|PGW||Packet Data Network Gateway|
|QoE||Quality of Experience|
|RAN||Radio Access Network|
|SCTP||Stream Control Transmission Protocol|
|SOHO||Small Office Home Office|
|TNL||Transport Network Layer|
|VoLTE||Voice over LTE|
|X2 AP||X2 Application Protocol|
|X2 GW||X2 Gateway|
The availability of speedier Internet connections will likely transform a variety of products and services for businesses and consumers, according to research from Deloitte Global.
Deloitte Touche Tohmatsu Limited (Deloitte Global) predicts that the number of gigabit-per-second (gbit/s) Internet connections, which offer significantly faster service than average broadband speeds, will surge to 10 million by the end of the year, a tenfold increase. As average data connections get faster and the number of providers offering gigabit services grows, we expect businesses and consumers will steadily use more bandwidth, and a range of new data-intensive services and devices will come to market.
The expansion of gigabit connections will increasingly enable users to take advantage of high-speed data. For instance, the quality of both video streaming and video calling has already ticked up steadily along with data connection speeds over the past 10 years, and both services are now supported by billions of smartphones, tablets, and PCs. In the enterprise, significantly faster Internet speeds could enhance the ability of remote teams to work together: Large video screens could remain on throughout the work day, linking dispersed team members and enabling them to collaborate “side by side” even when they are thousands of miles apart.
Moreover, as available bandwidth increases, we expect many aspects of communication will be affected. Instant messages, for example, have already evolved from being predominantly text-based to incorporating photos and videos in ever-higher resolution and frame rates. Social networks, too, are hosting growing volumes of video views: As of November, there were 8 billion daily video views on Facebook, double the quantity from just seven months prior.¹
The expansion of gigabit services could reinvent the public sector and social services as well. A range of processes, from crowd monitoring to caring for the elderly, could be significantly enhanced through the availability of high-quality video surveillance. Crowd-control systems could use video feeds to accurately measure a sudden swarm of people to an area, while panic buttons used in the event an elderly person falls could be replaced by high-definition cameras.
Gigabit connections may also change home security solutions. Historically, connected home security relied on a call center making a telephone call to the residence, and many home video camera solutions currently record onto hard drives. As network connection speeds increase, however, cameras are likely to stream video, back up online, and offer better resolution and higher frame rates.² As video resolution increases and cameras proliferate, network demand will likely grow, too.
Additionally, some homes have already accumulated a dozen connected devices and will likely accrue more, with bandwidth demand for each device expected to rise steadily over time. There will also likely be a growing volume of background data usage, as an increased number of devices added to a network, from smartphones to smart lighting hubs, would require online updates for apps or for operating systems.
The Internet speed race is not likely to conclude with gigabit service. Deloitte Global expects Internet speeds to continue rising in the long term: 10 gigabits per second has already been announced, and 50 gigabit-per-second connections are being contemplated for the future.³ CIOs should maintain teams that can monitor the progress of bandwidth speeds—and not only those serving businesses and homes, but emerging gigabit options available via cellular networks and Wi-Fi hotspots as well.