When a cell phone connects to a tower, how does the tower identify the device, ensure that it is actually the device that it claims to be, and secure the communication?
Is it different for CDMA networks and devices?
Is the process different when a device is roaming?
I know it's asking a lot, but a detailed explanation would be great.
When a cell phone connects to a tower, how does the tower identify the device, ensure that it is actually the device that it claims to be, and secure the communication?
It will be different for different types of wireless networks but for GSM, the phone sends an IMSI (unique identifier for the SIM) to the tower which in turns sends it to the MSC (Mobile Switch) and this then sends it to the HLR (Home location register - basically a big database mapping IMSI's to information about the subscriber including their location). The HLR sends the IMSI to the AuC (Authentication Centre) requesting a set of triplets to authenticate the devices. These are sent back to the MSC which uses them to authenticate the IMSI is actually who it says it is. More detail on the authentication is available at: http://www.decodesystems.com/mt/98oct/
Is it different for CDMA networks and devices?
As far as I am aware CDMA uses a different but similar system - CAVE: https://en.wikipedia.org/wiki/CAVE-based_authentication
Is the process different when a device is roaming?
The process is essentially the same, except that the visited network has to communicate back to the HLR in the home network to get the authentication triplets.
Related
I have to control a modem Cinterion ELS61 with a host application. Can anyone tell me in simple words which is the real difference among at+creg?, at+cgreg? and at+cereg? commands?
I know that cgreg is related to 2G and 3G radio access technology and cereg with 4G/LTE one, but the actual differences are not so clear and neither the relation with the creg command results.
It follows an example from a real case:
AT+CREG?
+CREG: 2,5,"38AD","02531900",7
OK
AT+CGREG?
+CGREG: 2,4
OK
AT+CEREG?
+CEREG: 2,5,"2AF2","02531900",7
OK
What is the difference among the answers to +creg and +cereg? Aren't they quite the same? And by the way, what does it mean that the same cell (02531900) has 2 difference location area codes (i.e. 38AD and 2AF2)?
Thanks for the attention
All the +C*REG commands, as you probably know, query the status of the registration to some network.
The first step is the following categorization:
+CREG, that queries the registration to the circuit switched network.
It is basically the GSM "classic" network, on which voice/data calls and SMSs are based
+C*REG commands, that query the registration to the packet networks.
They are the networks on which the packed data traffic is based. The network allowing the access to internet, to be clear.
+C*REG commands are technology specific commands:
+CGREG queries the registration to GPRS network
+CEREG queries the registration to LTE data packet network, and in some cases is mandatory also to perform tasks that were usually based on GSM: voice calls (if VoLTE, Voice Over LTE, is supported) or to sent SMSs (IMS protocol).
LTE technology, basically, moves almost everithing on packet traffic
The reason why different commands are available (even in the same cellular module) is that different registration processes are required for each sub-network.
When a new SIM (never used) is inserted in a new smartphone (never used), smartphone seems to set a right APN without any manual settings.
Is there a global table (inside smartphone) with associations APN <-> network operator?
Note: Querying new SIM cards with AT commands seems they have preferred network operators, but no APN saved in memory.
I can comment on the SIM side and confirm that APN settings are not held within the SIM. And yes in terms of network operators there is a file called EF_PLMN which holds the Mobile Country Code (MCC) and Mobile Network Code (MNC) to allow a device to connect to the correct network faster.
On the point of APN, it is my understanding that devices have internal (memory) APN listings for major operators in that territory. When an operator orders a device they ensure that "their" APN is correct. Yes a big issue is incorrect APNs for operators within the device and that is the reason network operators need to send APN settings when they detect a SIM in a new Device.
I do not have information on how to query this internal APN listing as it may be part of the Firmware.
Having been through the approval's procedure for a big USA mobile network operator (MNO), part of the approval's process involved automatically selecting the correct default APN when the modem connects to the network. This can be overridden for special cases, for example if the user needs to use an MNO supplied VPN which requires a special APN.
While I do not know if this is the same for every case, all phones go through an approval process, and if it is a phone approved by the MNO then it is quite likely the MNO will insist that at least a default APN is loaded if none has been supplied by the user. The network that the SIM allows the phone to connect to can be read from the modem without an APN being supplied, so it is quite easy to use this to look up a default APN from list. As phone companies really do not want to change their software for each MNO, maintaining a list makes it easier for the phone manufacturer, the MNO and the end user.
For Android, the mobile devices pull the The MCC (Mobile Country One) and the MNC (Mobile Network code) from the SIM card, and maybe other values.
Then, it configures the APN based on an internal SQlite database created by Android based on XML files that contain APN settings in the following format:
<apn carrier="CarrierXYZ"
mcc="123"
mnc="123"
apn="carrierxyz"
type="default,supl,mms,ims,cbs"
mmsc="http://mms.carrierxyz.com"
mmsproxy="0.0.0.0"
mmsport="80"
bearer_bitmask="4|5|6|7|8|12"
/>
https://android.googlesource.com/device/sample/+/master/etc/apns-full-conf.xml
https://source.android.com/devices/tech/config/update
I just spoke with a phone company in Denmark, that offer "Free 3G/4G", on the phone, but they have a limitation if you create a hotspot and share the connection, this limitation is on 50GB.
How do they detect if your mobile device is sharing the connection? Do they intercept some special headers that the computer/other phones send over the connection?
MAC addresses are used at a lower layer than IP and relate to each hop or leg of an end to end communication so they don't really help with this issue.
Detecting tethered devices is quite a complicated task and there are special solutions to do exactly this. They tend to look at multiple things to try to determine if other devices are using the mobiles connection, even if the devices are spoofing or manipulating headers etc.
Examples of things a solution will look at:
number of simultaneous sessions
HTTP user-agent headers
device type
device screen size
TCP Timestamp
TCP Source Port
TCP Sequence Number
Application-based correlation to TCP flows
Node-pair correlation to TCP flows
See here for an example solution and more details of the above (this is just one example solution):
https://www.sandvine.com/downloads/general/sandvine-technology-showcases/policy-control-for-connected-and-tethered-devices.pdf
We put the question to Three, which not too surprisingly declined to
answer. However, if you think about it logically, it should be fairly
simple to detect tethering. Every device with a network connection
(including Wi-Fi) has a unique hardware identifier called a MAC
address. Assuming that the operator can trace the final destination of
the data packets, it should be able to determine that the final MAC
doesn't match your phone's.
source
Although the post is about UK operators, it should apply in Denmark.
Our application must know the following properties of the SIM Card:
a. Retrieve the SIM number (MSISDN)
b. Does it support 2G?
c. Can receive and send SMS?
d. Can send and receive data?
e. Can send and receive voice calls?
Most of the issues we are facing is becouse we cannot pro-actively query these parameters. It will be great to be able to do so thru our application (Android and iOS)
Application is distributed worldwide and should be agnostic of carriers.
Thanks so much for your input!
Yaakov
The SIM card does not store a subscribers MSISDN. Yes, according to the SIM standards their is provision for an "EF_MSISDN" file on the SIM however 90% of the operators do not populate this file. So how does the network know my MSISDN? Your phone uses the IMSI (International Mobile Subscriber Identity) stored on the SIM in file (EF_IMSI). The network maintains a "mapping" of IMSI to MSISDN within its HLR (Home Location Register).
A SIM card does not send/receive SMSs it uses the capabilities of the device it is in.
The same goes for sending and receiving data.
All of the parameters you are asking for would be device capabilities. This question should maybe be tagged under the android/ios development sections. The capability is there to query the device for its current/supported network connections, its ability to send/receive data and SMSs and possibly even the subscribers MSISDN.
Basically you will not get the information you want from the SIM card, as the information is not there.
I would like to create a wireless network from a laptop. If laptops come within range, I would like it to send them a welcome message and send them a goodbye message when they leave the wifi range. Is it possible to do this in C?
Please help me out with this.
It is possible, but it is a very complex task and I don't think that programming language choice is the first thing to look into.
As a start, you can read up on Wikipedia on Wireless ad-hoc networks.
How should your messages be received and displayed on the remote side? If you want to use some existing protocol over TCP/IP, or create your own (deploying custom applications on the remote machines), you will need to mess with networks and this is not always possible as one machine can be a part of only one network. So the machines need to be not connected to anything and somehow allow you to connect to them, it involves changing network settings on all that machines (for example, setting them to join the ad-hoc network with predefined name).
If all machines automatically join the existing network, this question has nothing to do with wireless (physical layer) but with Avahi, Netbios or whatever other services allowing you to get notifications and/or enumerate devices in the network.