ANALYSIS OF CELLULAR DATA COMMUNICATION FOR NEIGHBORHOOD AREA NETWORK FOR SMART GRID Harish Maiya B.E., Visveswaraiah Technological University, Karnataka, India, 2006

elbowshelmetΔίκτυα και Επικοινωνίες

30 Οκτ 2013 (πριν από 4 χρόνια και 10 μέρες)

813 εμφανίσεις





ANALYSIS OF CELLULAR DATA COMMUNICATION FOR NEIGHBORHOOD
AREA NETWORK FOR SMART GRID




Harish Maiya


B.E., Visveswaraiah Technological University, Karnataka, India, 2006






PROJECT


Submitted in partial satisfaction of

the requirements for the degree of





MASTER OF
SCIENCE


in


COMPUTER ENGINEERING


at


CALIFORNIA STATE UNIVERSITY, SACRAMENTO



SPRING

2011






ii


ANALYSIS OF CELLULAR DATA
COMMUNICATION FOR NEIGHBORHOOD
AREA NETWORK FOR SMART GRID





A Project



by



Harish Maiya












Approved by:




__________________________________, Committee Chair

Isaac Ghansah, Ph
.
D
.




__________________________________, Second Reader

Fethi
Belkhouche
, Ph
.
D
.




____________________________

Date







iii


Student:
Harish Maiya



I certify that this student has met the requirements for format contained in the University
format manual, and that this project is suitable for shelving in the Library and

credit is to
be awarded for the Project.





__________________________, Graduate Coordinator ________________

Suresh Vadhv
a, Ph
.D.







Date


Department of Computer Engineering


















iv




Abstract


of


ANALYSIS OF CELLULAR DATA COMMUNICATION

FOR NEIGHBORHOOD
AREA NETWORK FOR SMART GRID



by


Harish Maiya


Infrastructure
of

Smart Grid system relies

on communication between electricity
producer and
c
onsumer domain.
Consumer
domain consists of Neighborhood Area
Network
which
connect
s

smart meters installed at homes

or businesses

of consumers,
Home Area Network which connects all appliances at home to Utility AMI Network (on
producer side). Few candidates or protocols considered for implementing Neighborhood
Area Network (NAN) are Cell
ular communication, IEEE 802.11, 802.16, 802.15.4,
Optical fiber network, Power line network.


P
roject aims to provide an analysis on Cellular data communication protocol considering
its
different
standards, implementation details, advantages, disadvantages, security issues,
reliability, time critical communication, maintenance, power, and cost factors.
Studies
are

conducted on standards in Cellular communication such as CDMA, GSM, (2G) UMTS,
WCDMA
(3G) and 4G protocols and gauge factors of bandwidth, coverage, and resource
usage and identify

effective and efficient way to
implement NAN.

Analysis
on
Short
Message Service (SMS) which is
preferred
mode
for communication in NAN

is
carried


v


out
.
Project
intends to identify potential issues which affect the confidentiality, integrity,
and availability of information flow through cellular communication channel when it is
implemented in the Smart Grid.

Investigations
are carried out
on

application of
informa
tion security best practice(s) to
NAN in Smart grid and to what extent they are applied.
C
omparisons
are done on
different
candidate
protocols
for NAN
and make

few recommendations, identify few
research areas and open issues if any.





















___
____________________, Committee Chair

Isaac Ghansah
Ph
.
D
.




_______________________

Date



vi


DEDICATION















To my parents,

teachers and
friends



























vii


ACKNOWLEDGEMENT


I am
grateful

to all the people who have helped and guided me
in successful

completi
on

of
my Masters


Project.

My sincere thanks to
the
project supervisor
Dr. Isaac Ghansah, for
providing

me the
opportunity to work
on Smart Grid
and guiding me throughout the project. My heartfelt
thanks to Dr.

Kwai
-
Ting Lan

for
being

second reader and providing me with invaluable
inputs on revising my report.

I am thankful

to Dr. Suresh Vadhva for his invaluable
support throughout my graduate program.

S
pecial thanks to my friends
Arti Arora

and
Adithya

Shreyas

for helping me with thei
r
ideas and by reviewing my project report. I would like to thank my
seniors

and all my
friends who have been there for me throughout this graduate program.

I would take this
opportunity to acknowledge and appreciate the efforts of California State Univer
sity,
Sacramento for
providing
the

facilities and environment
conducive
for students to
nurture

their
career
.

Most importantly

I would like to thank my parents
Suryanarayana, Radha
, my sister
Sowmya
,

and bro
-
in
-
law

Vinay

for their
true

love and moral support.












viii




TABLE OF CONTENTS









Page

D
edication

................................
................................
................................
...........................

vi

A
cknowledgement

................................
................................
................................
.............

vii

List of Tables

................................
................................
................................
.......................
x

List of Figures

………………………………
……………………………………………xi


Chapter

1.
INTRODUCTION

................................
................................
................................
..........

1

1.1.

T
raditional Grid

................................
................................
................................
....

1

1.2.

N
eed for Smart Grid

................................
................................
.............................

3

1.
3.

S
mart Grid

................................
................................
................................
............

5

1.4.

N
eighborhood Area Network

................................
................................
...............

8

1.5.

S
cope of the
P
roject
................................
................................
............................

11

2.
REQUIREMENTS FOR NEIGHBORHOOD AREA NETWORK

.............................

12

3.
CELLULAR COMMUNICATION

................................
................................
..............

19

3.1

Features and
S
tandards

................................
................................
.......................

19

3.
2

Candidates for
I
mplementing NAN

................................
................................
...

22


3.2.1


Global System for Mobile Communications (GSM)

................................
.....

22


3.2.2


GSM Core
N
etwork

................................
................................
.......................

26


3.2.3


CDMA One or IS
-
95
................................
................................
......................

40


3.2.4


3G Systems and UMTS (Universal Mobile Telecommunications System)

..

42


3.2.5


W
-
CDMA

................................
................................
................................
......

46


3.2.6


4G
-
LTE Advanced

................................
................................
.........................

47

4.
SHORT MESSAGE SERVICE (SMS) IN CELLULAR COMMUNICATION

.........

50

4.1

Implementation
D
etails

................................
................................
......................

50

4.2

Vulnerability and
E
xample
A
ttacks

................................
................................
...

54

4.3

Counter
M
easures,
S
olutions
................................
................................
..............

56

5.
GENERATION IN CELLULAR WIRELESS STANDARDS

................................
....

59



ix


5.1

1G,2G,3G,4G

................................
................................
................................
.....

59


5.1.1


Overview of
S
tandards

................................
................................
.................

60

5.2

Evaluation of
P
arameters of Cellular
S
tandards

................................
................

61

5.3

Security
I
ssues and
M
echanisms in Cellular
S
tandards

................................
.....

63

5.4

Wireless Application Protocol (WAP)

................................
...............................

72

6.
COMPARISON OF CANDIDATE NETWORK PROTOCOLS FOR NAN

..............

7
7

6.1

Introduction

................................
................................
................................
........

77

6.2

IEEE 802.11

................................
................................
................................
.......

78

6.3

IEEE 802.16

................................
................................
................................
.......

83

6.4

IEEE 802.15.4

................................
................................
................................
....

87

6.5

P
ower
L
ine Communication
................................
................................
...............

90

6.6

O
ptical
F
iber

C
ommunication

................................
................................
............

92

6.7

W
ireless Mesh Networks

................................
................................
...................

93

6.8

C
ellular
N
etwork
O
ver
O
ther
C
andidates

................................
..........................

95

7.
CONCLUSION

................................
................................
................................
...........

102

7.1

Project
R
esults

................................
................................
................................
..

102

7.2

Challenges and
O
utstanding
W
orks

................................
................................
.

104

7.3

Future
W
orks and
P
otential
R
esearch
T
opics

................................
..................

104

A
ppendi
x Glossary
................................
................................
................................
.......

105

R
eferences

................................
................................
................................
.......................

109


















x


LIST OF TABLES














Page


Table 1: Network Types, Coverage and Bandwidth

................................
.....................

16

Table 2: IEEE
802.11 Standards and its Variations
................................
......................

79

Table 3: Summary of Technologies for NAN
................................
.............................

101





































xi




LIST OF FIGURES














Page


Figure 1: Traditional Grid

................................
................................
...............................

2

Figure 2: Smart Grid

................................
................................
................................
.......

5

Figure 3: Smart Grid

................................
................................
................................
.......

7

Figure 4: Customer Domain: NAN, gateway and HAN

................................
...............

13

Figure 5: Smart Gr
id Building Blocks

................................
................................
..........

14

Figure 6: Hierarchical Organization of Communication Networks
..............................

17

Figure 7: Operation of Cells in Network. Frequency (F) reuses factor or pattern 1/4
..

21

Figure 8
: Structure of GSM network [9]
................................
................................
.......

23

Figure 9: GSM Core Network Architecture
................................
................................
..

27

Figure 10: Authentication and Key agreement

................................
.............................

33

Figure
11: Radio Link Encryption

................................
................................
................

36

Figure 12: Temporary ID management
................................
................................
.........

38

Figure 13: Structure of UMTS network

................................
................................
........

44

Figure 14: High Level desc
ription of SMS delivery in an SS7 network

......................

51

Figure 15: Overview of SMS delivery on the wireless interface.

................................
.

52

Figure 16: Signaling Data Integrity Mechanism
................................
...........................

70

Figure 17: Air Interface Confidentiality Mechanism
................................
....................

71

Figure 18: KASUMI Block Cipher

................................
................................
...............

72

Figure 19: WAP1, WAP 2 Protocol Stack

................................
................................
....

73

Figure 20: Generic Data Frame
................................
................................
.....................

80

Figure 21: Frame Control field

................................
................................
.....................

81

Figure 22: IP based WiMAX Network Architecture

................................
....................

85

Figure 23: Wireless Mesh Network [28]

................................
................................
......

94

1


Chapter 1

INTRODUCTION


1.1.
T
raditional

G
rid

The traditional power grid
which was
designed

several decades ago has performed
satisfactorily to cater electricity to
the
nation until
only recent
past.
However,
the

system

appears

ill equipped on several fronts to meet the requirements of the
present
and
future

needs
.
Reliability factor of the grid has declined over last few years. A
large number of outages have affected numerous consumers causing inconvenience
and l
oss in revenue

[3]
.

M
odernization of the current electric grid is imperative to
national efforts to increase energy efficiency, transition to renewable sources of
energy, reduce
greenhouse

gas emissions and build a sustainable economy that
ensures prosperi
ty for current and future generations.


The
Figure
1

[2]

sho
ws the traditional power grid
which has

unidirectional flow of
energy from the electricity generation and transmission units to the end user.

The grid
consists of the
transmission syst
em
which

includes power generation plants, step up
transformers, high voltage power lines and substations. The distribution system
consists of substations; step down transformers, pole
-
top transformers, and medium
voltage power lines. The power plants generate ele
ctricity and step up the voltage for
long distance transmissions using step
-
up transformers. Further, electricity is
transmitted across the high power transmission lines over long distances to
substations where the voltage is stepped down before transmitti
ng over the medium
2




voltage power lines to the customer premises. The pole
-
top transformers further step
down the voltage to suit the residential and commercial specifications.




The existing power g
rid infrastructure is largely analog and electromechanical

and

it is
built on producer controlled model where power flows in one direction
. With
significant

advancements in computer systems, electronic devices, internet and communications
there
exist
s

vast

disparity

between traditional grid infrastructure and these advanced
technologies. Electricity
supply for present generation relies

on
infrastructure

which is
aged out.
Whether or not there is a need for the power supply to a region
,

or consumer
,
the

uti
lity supplies scheduled amount of power to regions under its
coverage
. This lack of
Figure
1
: Traditional Grid

3




communication
to
inform the utilities,
about
the demand for power and the utilities
to
appropriately
respond back to the consumer is the missing component in
the

current grid
.
As the demand for power is

on

increas
e
, it
is

very important that there be an effective
communication
between

the consumer
s

and

the utilities
for power supply based on
customer needs
.

1.2.

N
eed for Smart Grid


Smart Grid is an infrastructure
whi
ch

intends to provide

electricity
supply
to consumers
based on
their
demand
, there is two way communication between producer or utilities and
consumers
.
Utilizing latest technical advancements in the areas of computer systems,
internet, communication and e
lectronics devices, Smart Grid envisages
providing

efficient, reliable and secure electricity supply to
the
consumer
s
.
Below are the benefits
of implementing
the
Smart Grid
.


RELIABILITY

Present

electricity grid
architecture l
acks the outage management system
which
is
directly affecting the reliability of the grid.
T
he utilities are informed of the blackouts or
outages, if and only if, a customer rings them up notifying an outage.

These blackouts
results in billions of dollar
losses to household and businesses

[3]
. An intelligent grid
,
like Smart Grid

with effective communications infrastructure detects an outage
immediately and notifies a utility office about the outage; also they could be avoided
4




when power is redirected to t
he place where the outage is predicted.
To achieve an
improved reliability, a smarter grid is the need of the hour.


RENEWABLE ENERGY

U
s
e of

renewable energy sources
is gaining momentum at present days, reasons are
to
reduce the carbon emissions, dependenc
y on oil and lower the cost of electricity over the
longer run. Power from renewable energy sources like solar, wind, geothermal and tidal
are low power and intermittent when compared to the traditional power generation. These
intermittent sources need a
distributed generation to harness the power

and sell it to the
utility offices close by
. To handle both the distributed and intermittent power sources, we
need a smarter grid.


SECURITY

One of the
aspects of S
ecurity
in
the
systems
is
A
vailability.
The cur
rent centralized grid
is vulnerable

in the sense that

in case of attacks there
c
ould be a
significant

outage and
reconstruction of such huge electricity infrastructure in a short time would
take
too

long
time
.

In case of attacks, a significant area is aff
ected with lack of power supply. Having
the power generation distributed would help us
reduce the devastating effect of
terror
attacks or any natural disasters.

[5]



5




1.3.

S
mart Grid


Figure 2[2] shows the infrastructure of Smart grid, we can see there is an
integration of
Information technology, communication

and electronic devices
with Power grid
to
deliver

two way flow of information
into the system
.



Smart Grid is an electricity infrastructure
which
consist
s

of devices installed at homes
and businesses throughout the electricity distribution grid for the purpose of energy
monitoring
;

the system
utilizes computer, networking and communications technologies
all the way from the generation, transmission and distribution of electricity to consumer
Figure
2
:
Smart

Grid

6




appliances and equipments. This set up provides consumers the ability to monitor and
control energy cons
umption comprehensively in real time across the
smart
communication network
. The consumers that generate energy from sources such as:
solar, wind or other systems, can also carry out business with the utilities by outsourcing
the surplus energy that they g
enerate.


As seen i
n the
Figure 3 [4]
, the sensors detect the variations and fluctuations in the
electricity and send information signals to the demand management systems. At the
demand management system, decision signals are generated, so as to increase o
r decrease
the electricity generation and these signals are sent out to the processors. The processors,
without any need for human intervention, would execute these instructions and take
appropriate actions instantaneously.

7









Smart grid
as an
intelligent

system

is
capable of sensing the system overload and
rerouting power to prevent outages and give resolution to conditions faster than
a

user
could respond. It is efficient as it meets the user’s increasing demand without adding
infrastructure. It is accommodating as the user can do business with the utilities by
pumping energy back to the utilities with renewable sources like wind, solar
and other
sources. The consumer has the ease to choose the energy consumption profile and
Figure
3
:

Smart

Grid

8




customize it according to his/her preferences.
For this reason along with the real
-
time
communication between the customer and the utilities makes it motivating

for u
se of
Smart Grid
.

It is capable of delivering power, free of spikes, disturbances and interrupts
which is the main requirement for the data centers and could be termed as quality
-
focused

power supply infrastructure
. Since, the Smart Grid’s deploymen
t would be made
distributed and not centralized; it becomes secure and provides resistance to natural and
terror attacks. All these features make Smart Grid intelligent, efficient, accommodating,
motivating, opportunistic, quality
-
focused, and resilient a
nd lastly “green” as the carbon
emissions are lowered with increased efficiency.
[5]


1.4.

N
eighborhood

A
rea

N
etwork

The efficiency of Smart Grid greatly
depends

on communication

networks
.
Communication
on the customer domain consists

of Neighborhood Area Network which
connects the utility to the smart meters installed in the homes of the consumers, the
gateway and finally
to

H
ome
A
rea
N
etwork which connects all the appliances at
consumers’
home
.
In Smart Grid, NAN has a role to play i
n the HOME
-
to
-
HOME or
HOME
-
to
-
GRID communication.

Neighborhood Area Networks [NAN] are a type of
packet switched mobile data networks whose geographical coverage area could be
anywhere from the coverage of a LAN

(Local Area Networks)

which is about few
met
ers
, to MAN

(Metropolitan Area Networks)
, to WAN

(Wide Area Networks)

which
are up to several miles
.

9




Communication in NAN
can be broadly classified into two types:


DATA COMMUNICATION

The utility offices collect the electricity usage information from
consumers on a timely
basis to build a future demand statistics. Example
:

a smart device
which is
part of a
room
heater

sending the usage or power consumption information every minute to the smart
meter in kilo watt hour [kWh] units and the smart meters in

turn send the information
back to the utility office.


CONTROL COMMUNICATIO
N

R
eal time signals to control the devices at the consumer or business premises

are part of
control communication.
Example for this could be turning off the
room heater
s

for a
cert
ain period of time, on request from the consumer during the peak hours when the
price per unit usage is high.

To explain this

better,
we
consider an example of IEEE 802.15.4 standard where the
communication could between three main entities, reduced functi
onal devices, fully
functional devices and the utility offices. Reduced functional devices are those devices
that carriers limited functionality to lower cost and complexity. Fully functional devices
support all IEEE 802.15.4 functions and features specifi
ed by the standard.
Further, the
data communication could be between the reduced functional devices [RFD] (smart
devices installed in homes like heater, refrigerators, air conditioners etc.) and the fully
10




functional devices [FFD] (
say
smart meters), and, b
etween the FFD’s to the utility office.
Similarly, the control communication would be from the utility office to the FFD’s and
from FFD’s to the RFD’s.


The communication between the RFD’s and the FFD’s installed at home and business
premises is part of Ho
me Area Network [HAN] and the communication between the
FFD’s and the utility offices is part of Neighborhood Area Network. A set of FFD’s (say
smart meters from a group of houses) would communicate with a device on a pole and
this device would in turn com
municate with the utility offices over the neighborhood area
network. And each such device on the pole is interconnected thereby forming a mesh like
network constituting a neighborhood area network.

Neighborhood Area Networks [NAN] are a type of packet swi
tched mobile data
networks. NANs are flexible packet switched networks whose geographical coverage
area could be anywhere from the coverage of a LAN, to MAN, to WAN. The order of the
day in networking is to provide complete ubiquity, i.e., every device loc
ation is
connected to millions of locations and across ten thousands of square miles. The solution
for complete ubiquity is wireless neighborhood area network [WNAN]
[5].
The
ubiquitous network requirements for Smart Grid are identified as: reliable, secure
, power
efficient, low latency, low cost, diverse path, scalable technology, ability to support
bursty, asynchronous upstream traffic to name a few.

11




In this report, we mainly focus on the com
munication sector of Smart Grid, where
analysis of communication

protocols for neighborhood area network
of

Smart Grid in
particular

is

carried out
.


1.5.
S
cope

of the
P
roject


A
im of this project is to provide
an

insight on
cellular
communication protocol
,

which is
leading
c
andidate for implementing the

neighborhood area network for Smart Grid.
Study
on various standards
, modes of communication
in particular
SMS, security concerns, and
different generations of protocols and
finally
comparisons with other candidate networks
are

carried out
. Chapter 2
acqu
aints
us
on neighborhood area network, its requirements
for Smart Grid and its significance in Smart Grid. Chapter 3
emphasizes

various
standards of cellular communication such as GSM, CDMA, UMTS, WCDMA, LTE
advanced
. Chapter 4 discusses

Short Message Serv
ice (SMS) operations and its issues
.
Following this would be the discussion on
different generation of Cellular wireless
standard

as part of Chapter 5.
In Chapter 6 there is comparison and overview of other
candidates for implementing
neighborhood area ne
twork
; Chapter 7 would identify such
research areas in neighborhood area network as part of the customer domain for Smart
Grid.
Finally we arrive at conclusion of this project in Chapter 8.




12




Chapter 2

REQUIREMENTS FOR NEIGHBORHOOD AREA NETWORK


Building blocks of
Smart Grid
include

automated
distribution

and control

system
, power
quality monitoring and substation automation,
and
a communication infrastructure
which
implements

utilities interact
ion

with devices on
the customer domain

and distribut
ed
power generation and storage facilities
[
7
].

As in
Figure
4
[8]

C
ustomer domain consists
of a Neighborhood Area network
which
connect
s

the utility to the smart meter installed in
the homes of the consumer, the gateway and then home area network which connects all
the appliances at home
.


13





Figure
4
: Customer Domain: NAN, gateway and HAN



Smart grid

utilities sho
uld
be capable

to support multiple communication networks
such
as

Home Area Network [HAN], Neighborhood Area Network [NAN] and Wide Area
Network [WAN] for various applications like consumer energy efficiency, advanced
metering and distribution automation [
See
Figure
5
] [4].

14






Figure
5
: Smart Grid Building Blocks


B
uilding blocks of Smart Grid

is as shown in
Figure
5
[4]
,
it

comprises

Power System
Layer, Control Layer, Communications Layer, Security Layer, IT Infrastructure Layer
and the Application Layer. Th
e Communications Layer is further divided into three sub
divisions. They are:

P
art of the customer
domain

is
Home Area Network [HAN]
;

it

involves the
communication between the devices installed at the residential or commercial premises to
their respective Smart Meters.

15




Neighborhood Area Network [NAN] is the communication network that
bring

the
communications between the utilities and the
Smart Meters installed at the customer
stations
.

Wide Area Network [WAN] is the communication network responsible for the backhaul
communications.

The Smart Grid communication requirements at high level,
is

described below [
9
]:

SECURE

Privacy
, Integrity

a
nd Confidentiality are the
three

main focus areas in communication
across the network. Hence, an end
-
to
-
end security must be
provided

to protect user
information and protect the network from unauthorized access.


RELIABLE

The network has to provide maximum availability by incorporating fault tolerance
mechanisms and self
-
healing failover at each tier of the network. It must provide an
“always
-
on” communication as part of the electric grid.


FLEXIBLE

The coverage has to be
consistent over smaller rural regions to larger urban areas. The
communication network has to have the flexibility to cover the same disparate territories
as the grid itself.


16




SCALABLE

The network needs to be scalable to meet the current and future requir
ements. It should
be capable of supporting the changing requirements over time to accommodate the
current simple meter reading to the future multi
-
application that span from demand
-
side
management to distribution automation. Also, it should be upgradeable
and interoperable
to ensure future
-
proof solution.


COST
-
EFFECTIVE

The capital and operational expenses of a communication network needs to be within the
potential savings.


The typical
characteristics of

different communication network layers could be
s
ummarized as shown below in
Table
1
.


Scale of Coverage

Bandwidth
Required

Example for
Communication
Technologies

Home Area
Network

1000 of Sq. Feet

1
-
10 Kbps

ZigBee

Neighborhoo
d Area
Network

1


㄰⁓焮⁍iles


-
㄰〠N扰b

㤰〠9ez

aistri扵bio港
ti摥 Area
ketw潲k

㄰〰N⁓焮⁍iles

㔰〠R扰b


㄰N
M扰b

㍇L㠰㈮ㄱUtiMAu

C潲e


㄰N


㄰〠N扰b

ci扥r

qa扬e
N
W

Network Types, Coverage and
Bandwidth


17




R
epresentation of above table of information is shown in the
Figure
6
[
4
]
.


Figure
6
: Hierarchical Organization o
f Communication Networks

S
cope of
our
discussion
lies on the

Neighborhood Area Network [NAN]
, which

requires
higher bandwidths ranging anywhere from 10 Kbps to 100Kbps to suffice the meter
reading, demand response, remote disconnect and
coverage area of
1
-
10 sq miles
.
Further
focus is made on implementation on
Neighborhood Area Network
, choosing technology
which meets all requirements of NAN and satisfying aspects of security, scalability,
reliability and cost.
Cellular data communication

which is very su
ccessful in bringing
voice, data communication to millions of consumers, businesses worldwide, being cost
effective,
reachable, scalable, there also happen to be more research, innovations and up
gradations happening every year in the field of cellular com
munication.
Cellular
communication as implementation technology for
Neighborhood Area Network

in Smart
grid
is considered and evaluated for various parameters, issues.

18




Further chapters focus extensively
on Cellular communication,

its
operation details,
var
ious standards

involved, modes for communication, various generations of protocols,
performance, security issues.














19




Chapter 3


CELLULAR COMMUNICATION

3.1

Features and
S
tandards


Intr
o
duction
:

Cellular network and technology
has been
highly successful in providing
voice, data
communication
for millions of users worldwide. It is
ubiquitous
, convenient to use,
easy
to install and incurs low maintenance cost

for its services. Cellular c
overage is excellent
because it
directly
corresponds
to the population concentration and
proportio
nal to
number of users of power and

its distribution
. Cellular communication is already
established and has 95% coverage extended to consumers and hence no additional efforts
for installations are required.
Cont
inuous a
dvances
and researches

in

cellular technology

(2G, 3G, to recent 4G standards and bandwidths)

and competitive pricing among carriers
create an ideal environment for the
implementing
Neighborhood Area Network

of Smart
grid.


Features:

C
ellular net
work is a radio network distributed over land areas called cells, each served
by at least one fixed
-
location transceiver known as a cell site or base station. When joined
together these cells provide radio coverage over a wide geographic area. This enables

a
large number of portable transceivers (e.g., mobile phones, pagers, etc.) to communicate
20




with each other and with fixed transceivers and telephones anywhere in the network, via
base stations, even if some of the transceivers are moving through more than

one cell
during transmission.


As seen in Figure
9

[9]
In a cellular radio system, a land area to be supplied with radio
service is divided into regular shaped cells, which can be hexagonal, square, circular or
some other irregular shapes, although hexago
nal cells are conventional. Each of these
cells is assigned multiple frequencies (f1
-

f6) which have corresponding radio base
stations. The group of frequencies can be reused in other cells, provided that the same
frequencies are not reused in adjacent ne
ighboring cells as that would cause co
-
channel
interference.

The increased capacity in a cellular network, compared with a network with a single
transmitter, comes from the fact that the same radio frequency can be reused in a different
area for a
completely different transmission. If there is a single plain transmitter, only one
transmission can be used on any given frequency. Unfortunately, there is inevitably some
level of interference from the signal from the other cells which use the same frequ
ency.
This means that, in a standard FDMA system, there must be at least a one cell gap
between cells which reuse the same frequency.


21






Figure
7
: Operation of Cells in Network.
Frequency (F) reuses

factor or pattern 1/4


Cell
signal encoding
:

To distinguish signals from several different transmitters, frequency division multiple
access (FDMA) and code division multiple access (CDMA)
are

developed.

With FDMA, the transmitting and receiving frequencies used in each cell are diffe
rent
from the frequencies used in each neighboring cell.

In next sections we discuss
about major Cellular communication standards such GSM,
CDMA
-
One, from 2
nd

Generation (2G) and UMTS, WCDMA from 3
rd

Generation (3G).



22




3.2

Candidates for
I
mplementing NAN


3.2.1

Global System for Mobile Communications

(GSM)


GSM

is the world's most popular standard for mobile telephone
,

in which

both signaling
and speech channels are digital,
and falls under

second generation (2G) mobile phone
system.




In
GSM cellular network,

mobile phones connect to
base stations

by searching for cells in
the immediate vicinity.

Cell horizontal radius varies depending on antenna height,
antenna gain and propagation conditions from a couple of hundred meters to several tens
of
miles
.


GSM
networks operate in a number of different carrier frequency ranges (separated into
GSM frequency ranges for 2G and UMTS frequency bands for 3G), with most 2G GSM
networks operating in the 850

MHz or 19800

MHz bands. (In Canada and United States).

Carriers
in US using GSM are
AT&T and T
-
Mobile
. Enhanced Data GSM Environment
(EDGE)

which is faster GSM service can deliver data rates up to 384kbps on a
broadband.


The GSM network
as seen in Figure
10

[9]
is structured into a number of discrete
sections:



The
Base Station Subsystem (the base stations and their controllers).

23






Network and Switching Subsystem (the part of the network most similar to a
fixed network). This is sometimes also just called the core network.



The GPRS Core Network (optional part which all
ows packet based Internet
connections).



The Operations support system (OSS) for maintenance of the network.



Figure
8
: Structure of GSM network

[9]






24




Subscriber Identity Module (SIM)
:

One of the key features of GSM is the Subs
criber Identity Module, commonly known as a
SIM card. The SIM is a detachable smart card containing the user's subscription
information and phone book. This allows the user to retain his or her information after
switching handsets. Alternatively, the user
can also change operators while retaining the
handset simply by changing the SIM. Some operators will block this by allowing the
phone to use only a single SIM, or only a SIM issued by them; this practice is known as
SIM locking.

When GSM is chosen to impl
ement NAN systems in Smart Grid
, SIM cards co
uld be
inserted in smart meters and
devices which would transmit meter data
from home to
utilities offices, producer sites
over
the
built
-
in wireless network.

Carrier for a particular
locality can be chosen base
d on
signal
coverage
, cost and bandwidth of data transmitted.


GSM service security
:

GSM was designed with a moderate level of service security. The system authenticate
s

the subscriber using a pre
-
shared key and challenge
-
response. Communications between
the subscriber and the base station can be encrypted. GSM only authenticates the user to
the network and not vice versa. The security model therefore offers confidentiali
ty and
authentication, but limited authorization capabilities, and no non
-
repudiation.

GSM Security Features:

25






Secure access
:
Operator can authenticate user identity for billing

and preventing
fraudulent calls by masqueraders




Control and data signal confi
dentiality
:
Protect voice, data, and control (e.g.,
dialed

telephone numbers) from eavesdropping



Anonymity
:
Protect attackers from using known info (e.g., IMSI)

from tracking
user's location or identifying user's calls

SUBSCRIBER IDENTITY
CONFIDENTIALITY
:
Temporary Mobile Subscriber
Identity [TMSI] is used to ensure subscriber identity confidentiality. TMSI is a pseudo
random number generated and issued by the Visitor Location Register [VLR] and TMSI
is valid only in the area it was issued.

GSM uses several

cryptographic algorithms for security. The A5/1 and A5/2 stream
ciphers are used for ensuring over
-
the
-
air voice privacy. A5/1 was developed first and is
a stronger algorithm used with
in Europe and the United States.
Serious weaknesses have
been found in
both algorithms: it is possible to break A5/2 in real
-
time with a ciphertext
-
only attack, and in February 2008, Pico Computing, Inc revealed its ability and plans to
commercialize FPGAs that allow A5/1 to be broken with a rainbow table attack.

[1
0
] The
sys
tem supports multiple algorithms so operators may replace that cipher with a stronger
one.

In 2010,
there was report stating, a

group of cryptographers ha
d

developed a
n

attack that
broke Kasumi, the encryption algorithm used to secure traffic on 3G GSM wir
eless
26




networks. The technique enable
d

attackers

to recover a full key by using a tactic known
as a Related
-
key attack.

[1
1
]



3.2.2

GSM Core
N
etwork


GSM core network is the component of a GSM system that carries out call switching and
mobility management
functions for mobile phones roaming on the network of base
stations. It is owned and deployed by mobile phone operators and allows mobile devices
to communicate with each other and telephones in the wider Public Switched Telephone
Network or (PSTN). The ar
chitecture contains specific features and functions which are
needed because the phones are not fixed in one location.

Figure 9 [1
2
] shows
schematic
of
GSM Core Network Architecture.


27





Figure
9
:
GSM Core Network
Architecture

MS
:
Mobile Station
;
SIM
:

Subscriber Identity Module
;
MSC
: Mobile Switching Centre

VLR
:

Visitor Location Register
; HLR: Home Location Register;
AuC
:

Authentication
Centre


Mobile switching center (MSC):

The mobile switching center (MSC) is the primary service
delivery node for
GSM/CDMA, responsible for routing voice calls and SMS as well as other services (such
as conference calls, FAX and circuit switched data).

28




The MSC sets up and releases the end
-
to
-
end connection, handles mobility and hand
-
over
requirements

during the call and takes care of charging and real time pre
-
paid account
monitoring.

In the GSM mobile phone system, in contrast with earlier analogue services, fax and data
information is sent directly digitally encoded to the MSC. Only at the MSC is th
is re
-
coded into an "analogue" signal (although actually this will almost certainly mean sound
encoded digitally as PCM signal in a 64
-
kbit/s timeslot, known as a DS0 in America).


The gateway MSC (G
-
MSC) is the MSC that determines which visited MSC the
su
bscriber who is being called is currently located. It also interfaces with the PSTN. All
mobile to mobile calls and PSTN to mobile calls are routed through a G
-
MSC. The term
is only valid in the context of one call since any MSC may provide both the gatewa
y
function and the Visited MSC
function;

however, some manufacturers design dedicated
high capacity MSCs which do not have any BSSs connected to them. These MSCs will
then be the Gateway MSC for many of the calls they handle.

The visited MSC (V
-
MSC) is the

MSC where a customer is currently located. The VLR
associated with this MSC will have the subscriber's data in it.

The anchor MSC is the MSC from which a handover has been initiated. The target MSC
is the MSC toward which a Handover should take place.



29




M
obile switching centre server (MSCS):

The mobile switching centre server is a soft
-
switch variant of the mobile switching
centre, which provides circuit
-
switched calling, mobility management, and GSM services
to the mobile phones roaming within the area th
at it serves. MSS functionality enables
split between control (
signaling
) and user plane (bearer in network element called as
media gateway/MG), which guarantees better placement of network elements within the
network.

MSS and MGW media gateway makes it po
ssible to cross
-
connect circuit switched calls
switched by using IP, ATM AAL2 as well as TDM.

Other GSM core network elements connected to the MSC
:



The home location register (HLR) for obtaining data about the SIM and mobile
services ISDN number (MSISDN;
i.e., the telephone number).



The base station subsystem which handles the radio communication with 2G and
2.5G mobile phones.



The UMTS terrestrial radio access network (UTRAN) which handles the radio
communication with 3G mobile phones.



The visitor locatio
n register (VLR) for determining where other mobile
subscribers are located.



Other MSCs for procedures such as handover.

Procedures implemented

Tasks of the MSC include:

30






Delivering calls to subscribers as they arrive based on information from the VLR.



Connecting outgoing calls to other mobile subscribers or the PSTN.



Delivering SMSs from subscribers to the short message service centre (SMSC)
and vice versa.



Arranging handovers from BSC to BSC.



Carrying out handovers from this MSC to another.



Supporting
supplementary services such as conference calls or call hold.



Generating billing information.

Home
locations register

(HLR)
:

The home location register (HLR) is a central database that contains details of each
mobile phone subscriber that is authorized to
use the GSM core network. There can be
several logical, and physical, HLRs per public land mobile network (PLMN), though one
international mobile subscriber identity (IMSI)/MSISDN pair can be associated with only
one logical HLR (which can span several phy
sical nodes) at a time.

The HLRs store details of every SIM card issued by the mobile phone operator. Each
SIM has a unique identifier called an IMSI which is the primary key to each HLR record.

The next important items of data associated with the SIM are
the MSISDNs, which are
the telephone numbers used by mobile phones to make and receive calls. The primary
MSISDN is the number used for making and receiving voice calls and SMS, but it is
possible for a SIM to have other secondary MSISDNs associated with i
t for fax and data
31




calls. Each MSISDN is also a primary key to the HLR record. The HLR data is stored for
as long as a subscriber remains with the mobile phone operator.

[14]

Examples of other data stored in the HLR against an IMSI record are
:



GSM services

that the subscriber has requested or been given.



GPRS settings to allow the subscriber to access packet services.



Current location of subscriber (VLR and serving GPRS support node/SGSN).



Call diverts

settings applicable for each associated MSISDN.

The HLR

is a system which directly receives and processes MAP transactions and
messages from elements in the GSM network, for example, the location update messages
received as mobile phones roam around.

Other GSM core network elements connected to the HLR



The HLR

connects to the following elements:



The G
-
MSC for handling incoming calls



The VLR for handling requests from mobile phones to attach to the network



The SMSC for handling incoming SMs



The voice mail system for delivering notifications to the mobile phone
that a
message is waiting



The AUC for authentication and ciphering and exchange of data (triplets)

Procedures implemented

The main function of the HLR is to manage the fact that SIMs and phones move around a
lot. The following procedures are implemented to

deal with this:

32




Manage the mobility of subscribers by means of updating their position in administrative
areas called 'location areas', which are identified with a LAC. The action of a user of
moving from one LA to another is followed by the HLR with a Lo
cation area update
procedure.

Send the subscriber data to a VLR or SGSN when a subscriber first roams there.

Broker between the G
-
MSC or SMSC and the subscriber's current VLR in order to allow
incoming calls or text messages to be delivered.

Remove subscri
ber data from the previous VLR when a subscriber has roamed away
from it.

Authentication centre (AUC)
:

Figure 10 [12] shows schematic of Authentication and Key agreement


33





Figure
10
:

Authentication and Key agreement


Description

The authentication centre (AUC) is a function to authenticate each SIM card that attempts
to connect to the GSM core network (typically when the phone is powered on). Once the
authentication is successful, the HLR is allowed to manage the SIM and services
described above. An encryption key is also generated that is subsequently used to encrypt
all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM
core network.

If the authentication fails, then no services are possible from that

particular combination
of SIM card and mobile phone operator attempted. There is an additional form of
34




identification check performed on the serial number of the mobile phone described in the
EIR section below, but this is not relevant to the AUC processi
ng.

Proper implementation of security in and around the AUC is a key part of an operator's
strategy to avoid SIM cloning.

The AUC does not engage directly in the authentication process, but instead generates
data known as triplets for the MSC to use during

the procedure. The security of the
process depends upon a shared secret between the AUC and the SIM called the Ki. The
Ki is securely burned into the SIM during manufacture and is also securely replicated
onto the AUC. This Ki is never transmitted between

the AUC and SIM, but is combined
with the IMSI to produce a challenge/response for identification purposes and an
encryption key called Kc for use in over the air communications.

Other GSM core network elements connected to the AUC

The AUC connects to the

following elements:

the MSC which requests a new batch of triplet data for an IMSI after the previous data
have been used. This ensures that same keys and challenge responses are not used twice
for a particular mobile.





Procedures implemented
:

The AUC
stores the following data for each IMSI:



the Ki

35






Algorithm id. (
The

standard algorithms are called A3 or A8, but an operator may
choose a proprietary one).

When the MSC asks the AUC for a new set of triplets for a particular IMSI, the AUC
first generates a
random number known as RAND. This RAND is then combined with
the Ki to produce two numbers as follows:



The Ki and RAND are fed into the A3 algorithm and the signed response (SRES)
is calculated.



The Ki and RAND are fed into the A8 algorithm and a session k
ey called Kc is
calculated.

The numbers (RAND, SRES, Kc) form the triplet sent back to the MSC. When a
particular IMSI requests access to the GSM core network, the MSC sends the RAND part
of the triplet to the SIM. The SIM then feeds this number and the Ki

(which is burned
onto the SIM) into the A3 algorithm as appropriate and an SRES is calculated and sent
back to the MSC. If this SRES matches with the SRES in the triplet (which it should if it
is a valid SIM), then the mobile is allowed to attach and proc
eed with GSM services.

After successful authentication, the MSC sends the encryption key Kc to the base station
controller (BSC) so that all communications can be encrypted and decrypted. Of course,
the mobile phone can generate the Kc itself by feeding th
e same RAND supplied during
authentication and the Ki into the A8 algorithm.

36




The AUC is usually collocated with the HLR, although this is not necessary. Whilst the
procedure is secure for most everyday use, it is by no means crack proof. Therefore a new
se
t of security methods was designed for 3G phones.

[16]

Figure

11 [14] shows schematic of encryption using A5 algorithm.




Figure
11
: Radio Link Encryption


Visitor
locations register

(VLR)
:

Description

The visitor location register is a database of the subscribers who have roamed into the
jurisdiction of the MSC (Mobile Switching Center) which it serves. Each base station in
37




the network is served by exactly one
VLR;

hence a subscriber cannot be present i
n more
than one VLR at a time.

The data stored in the VLR has either been received from the HLR, or collected from the
MS (Mobile station). In practice, for performance reasons, most vendors integrate the
VLR directly to the V
-
MSC and, where this is not do
ne, the VLR is very tightly linked
with the MSC via a proprietary interface. Whenever an MSC detects a new MS in its
network, in addition to creating a new record in the VLR, it also updates the HLR of the
mobile subscriber, apprising it of the new locatio
n of that MS. If VLR data is corrupted it
can lead to serious issues with text messaging and call services.

Figure 12 [14] shows schematic of Temporary ID management using VLR


38






Figure
12
:

Temporary ID management


Data stored
include:



IMSI (the subscriber's identity number).



Authentication data.



MSISDN (the subscriber's phone number).



GSM services that the subscriber is allowed to access.



access point (GPRS) subscribed.



The HLR address of the subscriber.

39




Other GSM core network
elements connected to the VLR



The VLR connects to the following elements:



The V
-
MSC to pass required data for its procedures; e.g., authentication or call
setup.



The HLR to request data for mobile phones attached to its serving area.



Other VLRs to transfer

temporary data concerning the mobile when they roam
into new VLR areas. For example, the temporal mobile subscriber identity
(TMSI).

Procedures implemented

The primary functions of the VLR are:



To inform the HLR that a subscriber has arrived in the partic
ular area covered by
the VLR.



To track where the subscriber is within the VLR area (location area) when no call
is ongoing.



To allow or disallow which services the subscriber may use.



To allocate roaming numbers during the processing of incoming calls.



To
purge the subscriber record if a subscriber becomes inactive whilst in the area
of a VLR. The VLR deletes the subscriber's data after a fixed time period of
inactivity and informs the HLR (e.g., when the phone has been switched off and
left off or when the

subscriber has moved to an area with no coverage for a long
time).

40






To delete the subscriber record when a subscriber explicitly moves to another, as
instructed by the HLR.

Equipment
identities register

(EIR)
:

The equipment identity register is often integ
rated to the HLR. The EIR keeps a list of
mobile phones (identified by their IMEI) which are to be banned from the network or
monitored. This is designed to allow tracking of stolen mobile phones. In theory all data
about all stolen mobile phones should be

distributed to all EIRs in the world through a
Central EIR. It is clear, however, that there are some countries where this is not in
operation. The EIR data does not have to change in real time, which means that this
function can be less distributed than
the function of the HLR. The EIR is a database that
contains information about the identity of the mobile equipment that prevents calls from
stolen, unauthorized or defective mobile stations. Some EIR also have the capability to
log Handset attempts and st
ore it in a log file.



3.2.3

CDMA One

or
IS
-
95


CDMA One
is a
second generation

m
obile
t
elecommunications
s
tandard that uses
CDMA,
which is
a multiple access scheme for digital radio, to send voice, data and
signaling data between mobile telephones and cell
sites.

CDMA,
"code division multiple access"
uses a digital modulation called spread spectrum
which spreads the voice data over a very wide channel in pseudorandom fashion using a
user or cell specific pseudorandom code. The receiver undoes the randomizati
on to
41




collect the bits together and produce the original data. As the codes are pseudorandom
and selected in such a way as to cause minimal interference to one another, multiple users
can talk at the same time and multiple cells can share the same frequenc
y. This causes an
added signal noise forcing all users to use more power, which in exchange decreases cell
range and battery life.

When CDMAone technology is chosen to implement in Neighborhood Area Networks of
Smart Grid; Smart devices and Smart meters of

NAN will be using CDMA locks, IC
chips and linked to particular cellular carriers.

In
USA
service providers of CDMA include
Verizon, Sprint
operating in f
requency band
below 3000MHz
.

CDMA can provide up to 0.384
Mbit/s

of Uplink and downlink
capacity.




Below are advantages of

using

CDMAOne
/IS
-
95

1)

Capacity is IS
-
95's biggest asset; it can accommodate more users per MHz of
bandwidth than any other technology.

2)

Has no built
-
in limit to the number of concurrent users.

3)

Uses precise clocks that do not limit
the distance a tower can cover
.


4)

Consumes less power and covers large areas so cell size in IS
-
95 is larger.

5)

Able to produce a reasonable call with lower signal (cell phone reception) levels.

42




6)

CDMAOne u
ses soft handoff, reducing the likelihood of dropped ca
lls.

7)

IS
-
95's variable rate voice coders reduce the rate being transmitted when speaker
is not talking, which allows the channel to be packed more efficiently.

8)

Has a well
-
defined path to higher data rates.


Below are disadvantages of using CDMAOne/IS
-
95

1)

Mos
t technologies are patented and must be licensed from Qualcomm.

2)

Breathing of base stations, where coverage area shrinks under load. As the
number of subscribers using a particular site goes up, the range of that site goes
down.

3)

Because IS
-
95 towers interfe
re with each other, they are normally installed on
much shorter towers. Because of this, IS
-
95 may not perform well in hilly terrain.

4)

Even barring subsidy locks, CDMA phones are linked by ESN to a specific
network, thus phones are typically not portable ac
ross providers.


3.2.4

3G Systems and
UMTS

(
Universal Mobile Telecommunications System)


3G Systems were developed to provide global mobility with wide range of services
which includes telephony, paging, messaging, Internet and broadband data.
International
Telecommunication Union

(ITU) is the organization which defined the standard for third
generation systems, referred to as International Mobile Telecommunications 2000 (IMT
-
43




2000).
Third Generation Partnership Project

(3GPP) which
was formed
performs

technic
al specification work and technical development of 3G technology.

Universal Mobile Telecommunications System (UMTS) is one of the third
-
generation
(3G) mobile telecommunications technologies

which
is specified by 3GPP and is part of
the global ITU IMT
-
2000

standard.

UMTS, using 3GPP,
can
support maximum data transfer rates of
up to
45 Mbit/s (with
HSPA+),[
12
] although at the moment users in deployed networks can expect a transfer
rate of up to 384 kbit/s for R99 handsets, and 7.2 Mbit/s for HSDPA handsets in the
downlink connection. This is still much greater than the 9.6 kbit/s of a single GSM error
-
correcte
d circuit switched data channel
and

14.4 kbit/s for CDMAOne
.


UMTS Architecture

A UMTS network consist
s

of three interacting domains; Core Network (CN), UMTS
Terrestrial Radio Access Network (UTRAN) and User Equipment (UE). The main
function of the core ne
twork is to provide switching, routing and transit for user traffic.
Core network also contains the databases and network management functions.


The basic Core Network architecture for UMTS
as seen in Figure 13 [18]
is based on
GSM network with GPRS. All e
quipment has to be modified for UMTS operation and
services. The UTRAN provides the air interface access method for User Equipment. Base
Station is referred as Node
-
B and control equipment for Node
-
B's is called Radio
44




Network Controller (RNC).



Figure
13
: Structure of
UMTS
network



UMTS provides several different terrestrial air interfaces, called UMTS Terrestrial Radio
Access (UTRA)
.

[
14
] All air interface options are part of ITU's IMT
-
2000. In the
currently most popular varia
nt for cellular mobile telephones, W
-
CDMA (IMT Direct
Spread) is used.


UMTS has enhanced security features compared to 2G protocols
such as
GSM, CDMA.

Below
are security

features implemented in UMTS,

Entity authentication
:

45




UMTS provides mutual authentica
tion between the UMTS subscriber, represented by a
smart card application known as the USIM (Universal Subscriber Identity Module), and
the network in the following sense
,

'Subscriber authentication': the serving network
corroborates the identity of the su
bscriber and 'Network authentication': the subscriber
corroborates that he is connected to a serving network that is
authorized
, by the
subscribers home network, to provide him with services.

Signaling

data integrity and origin authentication
:

Integrity
algorithm agreement: the mobile station and the serving network can securely
negotiate the integrity algorithm that they use.

Integrity key agreement: the mobile and the network agree on an integrity key that they
may use subsequently; this provides entity

authentication.

User traffic confidentiality
:

Ciphering algorithm agreement: the mobile and the station can securely negotiate
ciphering algorithm that they use.

Cipher key agreement: the mobile and the station agree on a cipher key that they may
use.

Con
fidentiality of user and
signaling

data: neither user data nor sensitive
signaling

data
can be overheard on the radio access interface.

Network domain security
:

The term ‘network domain security’ in the 3G covers security of the communication
between network elements. In particular, the mobile station is not affected by network
46




domain security. The two communicating network elements may both be in the same
network

administrated by a mobile operator or they may belong to two different
networks.

[13]

3.2.5

W
-
CDMA


W
-
CDMA (Wideband Code Division Multiple Access) is an air interface in 3G mobile
telecommunications

networks, the most
-
commonly used member of the
UMTS

family.
W
-
CDMA uses the DS
-
CDMA channel access method with a pair of 5

MHz wide
channels.

It utilizes the DS
-
CDMA channel access method and the FDD duplexing method to
achieve higher speeds and support more users compared to most time division multiple
access (TDMA
) schemes used.

DS
-
CDMA
:
direct
-
sequence spread spectrum (DSSS)
CDMA

DSSS phase
-
modulates a sine wave pseudo randomly with a continuous string of pseudo
noise (PN) code symbols

called ‘chips’
, each of which has a much shorter duration than
an information b
it. That is, each information bit is modulated by a sequence of much
faster chips. Therefore, the chip rate is much higher than the information signal bit rate.

Key technical features

of W
-
CDMA are as below
:



Radio channels are 5

MHz wide.



Chip rate of 3.84

MHz



Supported mode of duplex: frequency division (FDD), Time Division (TDD)

47






Employs coherent detection on both the uplink and downlink based on the use of
pilot symbols and
channels [
1
4
].



Supports inter
-
cell asynchronous operation.



Variable mission on a 1
0 ms frame basis.

3.2.6

4G
-
LTE Advanced


4G cellular
standards

is a successor to the 3G and 2G families of standards.
T
he ITU
-
R
organization specified the IMT
-
Advanced (International Mobile Telecommunications
Advanced) requirements for 4G standards, setting peak

speed requirements for 4G
service at 100

Megabits per second for high mobility communication (such as from trains
and cars) and 1

Gbps for low mobility communication

(stationary users).

A 4G system is expected to provide a comprehensive and secure all
-
IP
based mobile
broadband solution to laptop computer wireless modems, smart phones, and other mobile
devices. Facilities such as ultra
-
broadband Internet access, IP telephony, gaming services,
and streamed multimedia may be provided to users.

LTE:

The LTE sp
ecification provides downlink peak rates of at least 100

Mbps, an uplink of at
least 50

Mbps and RAN round
-
trip times of less than 10

ms. LTE supports scalable
carrier bandwidths, from 1.4

MHz to 20

MHz and supports both frequency division
duplexing (FDD)
and time division duplexing (TDD).

Part of the LTE standard is the System Architecture Evolution, a flat IP
-
based network
architecture designed to replace the GPRS Core Network and ensure support for, and
48




mobility between, some legacy or non
-
3GPP systems,
for example GPRS and WiMax
respectively.[
15
]

The main advantages with LTE are high throughput, low latency, plug and play, FDD
and TDD in the same platform, an improved end
-
user experience and a simple
architecture resulting in low operating costs. LTE wil
l also support seamless passing to
cell towers with older network technology such as GSM,
C
dmaOne, UMTS, and
CDMA2000.
[9]















49




LTE Advanced
:

I
s essentially an enhancement to LTE. It is not a new technology but rather an
improvement on the existin
g LTE network. This upgrade path makes it more cost
effective for vendors to offer LTE and then upgrade to LTE Advanced which is similar to
the upgrade from WCDMA to HSPA. LTE and LTE Advanced will also make use of
additional spectrum and multiplexing to a
llow it to achieve higher data speeds.
Coordinated Multi
-
point Transmission will also allow more system capacity to help
handle the enhanced data speeds. Release 10 of LTE is expected to achieve the LTE
Advanced speeds. Release 8 currently supports up to 3
00 Mbit/s download speeds which
is still short of the IMT
-
Advanced standards.[15]


Data speeds of LTE Advanced


LTE Advanced

Peak Download

1 Gbit/s

Peak Upload

500 Mbit/s









50

















Chapter 4

SHORT MESSAGE SERVICE (SMS) IN CELLULAR
COMMUNICATION


4.1

Implementation
D
etails


Short Message Service (
SMS
)

is considered
a
s a

suitable mode of data transfer
when
cellular network is
chosen to implement

Neighborhood Area Network of

Smart Grid.
C
ommunication
between Smart devices, Smart meters
in
Neighborhood Area Network
51




(NAN),
and utility offices
can happen through
exchange
of

SMSes

containing
data and
control information
.

Below explains a high level view of text delivery mechanism in Cellular communication

network.

Figs. 1
4

and
1
5

[16]

illustrate th
e

process

of SMS communication in Cellular network
.


Figure
14
:

High Level description of SMS delivery in an SS7 network


52





Figure
15
: Overview of SMS delivery
on the wireless interface.






1) Message Insertion:

Messages may be submitted into the

system from cell phones operating within the system
or from

external sources.

An Internet
-
originated SMS message can be generated by any

one of a number of External
Short Messaging Entities (ESMEs).

ESMEs include devices and interfaces ranging from email and

web
-
based messaging
portals to service provider websites and

voicemail, services and can be attached to
telecommunications

networks either by dedicated connection

or the Internet. When a

message is injected into
the network, it is delivered to the Short

Messaging Service Center (SMSC). These servers
are responsible

for the execution of a “store
-
and
-
forward” protocol that

eventually
delivers text messages to their i
ntended destination.

The contents and destination
information from the message

are examined by the SMSC and are then copied into a
53




properly

formatted packet. At this point, messages originating in the

Internet and those
created in the network itself become

indistinguishable.

Formatted text messages are then
placed in an egress

queue in the SMSC and await service.


2) Message Routing:

Before an SMSC can forward a text

message to a targeted mobile device, it must first
determine the

location of that device.
To accomplish this, the SMSC queries

a database
known as the Home Location Register (HLR). The

HLR is responsible for storing
subscriber data including availability,

billing information, available services and current
location.

With the help of other eleme
nts in the network, the HLR

determines the routing
information for the targeted device. If

the desired phone is not
available;

the SMSC stores the message

until a later time for
subsequent retransmission. Otherwise,

the SMSC receives the address of the Mob
ile
Switching

Center (MSC) currently providing service to the target device.

The MSC
delivers the text message over the wireless interface

through attached Base Stations (BS).

3) Wireless Delivery:

An area of coverage in a wireless network is called a cel
l. Each cell is typically
partitioned into multiple

(usually three)
sectors. We

characterize the system on a per
sector basis throughout the paper.

The air interface, or radio portion of the network, is
traditionally

divided into two classes of logical cha
nnels

the Control

Channels (CCHs)
and Traffic Channels (TCH). TCHs carry

54




voice traffic after call setup has occurred. CCHs, which transport

information about the
network and assist in call setup/SMS

delivery, are
sub classified

further. In order to alert
a

targeted device

that a call or text message is available, a message is broadcast

on the Paging Channel
(PCH). Note that multiple base stations

broadcast this page in an attempt to quickly
determine the

sector in which the targeted recipient is located. Up
on hearing

its temporary identifier on
the PCH, available devices inform

the network of their readiness to accept incoming
communications

using the slotted ALOHA
-
based Random Access Channel

(RACH)
uplink. A device is then assigned a Standalone Dedicated

Co
ntrol Channel (SDCCH) by
listening to the Access

Grant Channel (AGCH). If a text message is available, the base

station authenticates the device, enables encryption, and then

delivers the contents of the
message over the assigned SDCCH.

If instead a call i
s incoming for the device, the
SDCCH is used

to authenticate the device and negotiate a TCH for voice
communications.



4.
2

Vulnerability and
E
xample
A
ttacks


The vulnerability in GSM cellular networks that allows for

targeted text message attacks
to occur

is the result of bandwidth

allocation on the air interface. Under normal
conditions,

the small ratio of bandwidth allocated to
the
control versus
the
traffic

data is
sufficient to deliver all messages with a low probability

of blocking. However, because
55




t
ext messages use the same control

channels as voice calls (SDCCHs), contention for
resources

occur when SMS traffic is elevated. Given a sufficient number

of SMS
messages, each of which require on average four seconds

for
delivery,

arriving voice
calls wil
l be blocked for

lack of available resources.


Sending text messages to every possible phone number is not an effective means of
attacking a network. The haphazard submission of messages is in fact likely to
overwhelm gateways between the Internet and cell
ular networks than to disrupt cellular
service. An adversary must efficiently blanket only the targeted area with messages so as
to reduce the probability of less effective collateral damage. The information to achieve
such a goal, however, is readily avai
lable. Using tools including NPA
-
NXX Area Code
Databases, search engines and even feedback from provider websites, an attacker can
construct a “hit
-
list” of potential

targets. Given this information, an adversary can then begin exploiting the bandwidth
vul
nerability.

The exploit itself involves saturating sectors to their SDCCH capacity for some period of
time. In so doing, the majority of attempts to establish voice calls are blocked. For all of
Manhattan,

which would typically be provisioned with 12 SDCC
Hs per sector, a perfectly executed
attack would require the injection of only 165 messages per second, or approximately 3
messages/

sector/second.

56




4.3

Counter
M
easures,
S
olutions


Cellular providers have introduced a number of mitigation solutions into
phone networks
to combat the SMS
-
based DoS attacks. These solutions focus on limiting the source of
the messages and are ineffective against all but the least sophisticated adversary. To
illustrate, the primary countermeasure discovered was a per
-
source

vo
lume restriction at
the SMS gateway
.

Such restrictions would, for example, allow only 50 messages from a
single IP address. The ability to spoof IP addresses and the existence of

zombie networks
render this solution impotent.

Another popular

deployed solu