Exploiting Opportunistic Scheduling in Cellular Data Networks

Similar documents

Cellular Network Planning and Optimization Part XI: HSDPA. Jyri Hämäläinen, Communications and Networking Department, TKK, 25.1.

CS263: Wireless Communications and Sensor Networks

3GPP Wireless Standard

GSM and Similar Architectures Lesson 07 GSM Radio Interface, Data bursts and Interleaving

A Framework for supporting VoIP Services over the Downlink of an OFDMA Network

Downlink resource allocation algorithm: Quality of Service

Deployment Aspects for VoIP Services over HSPA Networks

ADHOC RELAY NETWORK PLANNING FOR IMPROVING CELLULAR DATA COVERAGE

Chapter 6 Bandwidth Utilization: Multiplexing and Spreading 6.1

Figure 1: cellular system architecture

VoIP over Wireless Opportunities and Challenges

Predictive Scheduling in Multi-Carrier Wireless Networks with Link Adaptation

Circuit-Switched Voice Services over HSPA

The Evolution of 3G CDMA Wireless Networks. David W. Paranchych IEEE CVT Luncheon January 21, 2003

Wireless Technologies for the 450 MHz band

An Interference Avoiding Wireless Network Architecture for Coexistence of CDMA x EVDO and LTE Systems

Joint Radio Resource Management and QoS Implications of Software Downloading for SDR Terminals

Wireless Cellular Networks: 3G

Handoff in GSM/GPRS Cellular Systems. Avi Freedman Hexagon System Engineering

How To Make A Multi-User Communication Efficient

TABLE OF CONTENTS. Dedication. Table of Contents. Preface. Overview of Wireless Networks. vii xvii

NeoConnect Home Suite

Cellular Network Organization. Cellular Wireless Networks. Approaches to Cope with Increasing Capacity. Frequency Reuse

White paper. Mobile broadband with HSPA and LTE capacity and cost aspects

TCOM 370 NOTES LOCAL AREA NETWORKS AND THE ALOHA PROTOCOL

Nokia Networks. Voice over LTE (VoLTE) Optimization

Scheduling for VoIP Service in cdma2000 1x EV-DO

LTE OPTIMIZATION AND MOBILE NETWORK

HSDPA Throughput Performances Using an Experimental HSDPA Transmission System

Radio Resource Allocation in GSM/GPRS Networks

LTE Evolution for Cellular IoT Ericsson & NSN

VoIP-Kapazität im Relay erweiterten IEEE System

NSN White paper February Nokia Solutions and Networks Smart Scheduler

Channel assignment for GSM half-rate and full-rate traffic

PERFORMANCE AND EFFICIENCY EVALUATION OF CHANNEL ALLOCATION SCHEMES FOR HSCSD IN GSM

CS Cellular and Mobile Network Security: GSM - In Detail

Technical and economical assessment of selected LTE-A schemes.

Smart Grid Security: A Look to the Future

CDMA Network Planning

Attenuation (amplitude of the wave loses strength thereby the signal power) Refraction Reflection Shadowing Scattering Diffraction

An enhanced TCP mechanism Fast-TCP in IP networks with wireless links

Capacity of VoIP over HSDPA with Frame Bundling

A Systemfor Scanning Traffic Detection in 3G WCDMA Network

Exercise 2 Common Fundamentals: Multiple Access

Prediction of DDoS Attack Scheme

How To Understand The Gsm And Mts Mobile Network Evolution

Low-rate TCP-targeted Denial of Service Attack Defense

Bandwidth Allocation DBA (BA-DBA) Algorithm for xpon Networks

About Me" List of Lectures" In This Course" Mobile and Sensor Systems. Lecture 1: Introduction to Wireless Systems" " Dr. Cecilia Mascolo" "

Improved Channel Allocation and RLC block scheduling for Downlink traffic in GPRS

DYNAMIC RADIO RESOURCE MANAGEMENT IN GSM/GPRS USING SCALABLE RESOURCE ALLOCATION TECHNIQUE

Priority-Coupling A Semi-Persistent MAC Scheduling Scheme for VoIP Traffic on 3G LTE

On the Traffic Capacity of Cellular Data Networks. 1 Introduction. T. Bonald 1,2, A. Proutière 1,2

RESOURCE ALLOCATION FOR INTERACTIVE TRAFFIC CLASS OVER GPRS

Monitoring for Handover from TDD to GSM

Solution for cell edge performance improvement and dynamic load balancing. Qualcomm Technologies, Inc.

LTE VoIP Capacity with Soft Frequency Reuse. Dipl.-Ing. Maciej Mühleisen ComNets TUHH FFV Workshop

Packet Queueing Delay in Wireless Networks with Multiple Base Stations and Cellular Frequency Reuse

Dynamic Reconfiguration & Efficient Resource Allocation for Indoor Broadband Wireless Networks

Chapter 15. Cognitive Radio Network Security

Cellular Networks: Background and Classical Vulnerabilities

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Fachgebiet für Kommunikationstechnik. Prof. Dr.-Ing. Klaus David. HSDPA for UMTS. Stephan Sigg

Chapter 3 ATM and Multimedia Traffic

EPL 657 Wireless Networks

Mobile VoIP over 1xEV-DO A Technical Whitepaper

Clearing the Way for VoIP

Lecture overview. History of cellular systems (1G) GSM introduction. Basic architecture of GSM system. Basic radio transmission parameters of GSM

UTRA-UTRAN Long Term Evolution (LTE) and 3GPP System Architecture Evolution (SAE)

Implementation of Mobile Measurement-based Frequency Planning in GSM

2G/3G Mobile Communication Systems

Admission Control for VoIP Traffic in IEEE Networks

IAB CONCERNS ABOUT CONGESTION CONTROL. Iffat Hasnian

EECC694 - Shaaban. Transmission Channel

Efficient resource utilization improves the customer experience

ALL-IP CELLULAR NETWORK ARCHITECTURE FOR EFFICIENT RESOURCE MANAGEMENT

PROVIDING STATISTICAL QOS GUARANTEE FOR VOICE OVER IP IN THE IEEE WIRELESS LANS

CHAPTER 1 INTRODUCTION

Packet Synchronization in Cellular Backhaul Networks By Patrick Diamond, PhD, Semtech Corporation

Introduction VOIP in an Network VOIP 3

Performance Evaluation of VoIP Services using Different CODECs over a UMTS Network

Introduction to Clean-Slate Cellular IoT radio access solution. Robert Young (Neul) David Zhang (Huawei)

Packetized Telephony Networks

Planning of UMTS Cellular Networks for Data Services Based on HSDPA

Choosing the Right Audio Codecs for VoIP over cdma2000 Networks:

This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination.

Transcription:

Exploiting Opportunistic Scheduling in Cellular Data Networks Radmilo Racic, Denys Ma Hao Chen, Xin Liu University of California, Davis 1

3G Cellular Networks Provide high speed downlink data access Examples HSDPA (High Speed Downlink Packet Access) EVDO (Evolution-Data Optimized) Approach: exploring multi-user diversity Time-varying channel condition Location-dependent channel condition Opportunistic scheduling Embracing multi-user diversity 2

TDM (Time Division Multiplexing) Base station use TDM to divide channels into time slots TTI (Transmission Time Interval) HSDPA: 2 ms EVDO: 1.67 ms 3

Opportunistic Scheduling Assumptions Phones channel conditions fluctuate independently But some varying set of phones may have strong channel conditions at any moment Opportunistic scheduling Phones measure and report their CQIs (Channel Quality Indicators) to base station periodically Base station schedules a phone with good channel condition 4

Proportional Fair (PF) Scheduler Motivation: strike a balance between throughput and fairness in a single cell Goal: maximize the product of the throughput of all users 5

PF Algorithm Base station schedules argmax i CQI i (t ) R i (t ) CQI i ( t) : Instantaneous channel condition of user i R i ( t) : Average throughput of user i, often calculated using a sliding window R i (t) = αcqi (t) + (1 α)r i i (t 1) if i is scheduled (1 α)r i (t 1) otherwise 6

PF Vulnerabilities Base station does not verify phone s CQI reports Attack: malicious phones may fabricate CQI PF guarantees fairness only within a cell Attack: malicious phones may exploit hand offs Design flaw: cellular networks trust cell phones for network management 7

Attacks Goal: malicious phones hoard time slots Two-tier attacks Intra-cell attack: exploit unverified CQI reports Inter-cell attack: exploit hand off procedure We studied attack impact via simulation 8

Threat Model Assumptions Attackers control a few phones admitted into the network, e.g.: Via malware on cell phones Via pre-paid cellular data cards Attackers have modified phones to report arbitrary CQI and to initiate hand off We do not assume that attacker hacks into the network 9

Intra cell Attack Assumption: attacker knows CQI of every phone (we will relax this assumption later) Approach: at each time slot, attackers Calculate CQI i (t) required to obtain max Report CQI i (t) to base station CQIi ( t) R ( t) i 10

Results from Intra cell Attack 11

Inter cell Attack 12

Results from Inter cell Attack 13 Timeslots Occupied

Attack without Knowing CQIs Problem Attack needs to calculate max CQIi ( t) R ( t) But attacker may not know the every phone s i i CQIi ( t) R ( t) i Solution: estimate c(t +1) = c(t)/(1 ε) c(t)/(1+ σ(c(t) 1)) CQI c(t) = max i (t ) i R i (t ) if attacker is scheduled otherwise 14

Results from Unknown CQI Attack 15 Timeslots Occupied

CQI Prediction Accuracy 16

Attack Impact on Throughput Before attack 40-55 kbps After attack (1 attacker, 49 victim users) Attacker: 1.5M bps Each victim user: 10-15 kbps 17

Attack Impact on Average Delay Before attack 0.01s between two consecutive transmissions After attack (in a cell of 50 users) One attacker causes 0.81s delay Five attackers cause 1.80s delay Impact: disrupt delay-sensitive data traffic E.g.: VoIP useless if delay > 0.4s 18

Attack Detection Detect anomalies in Average throughput Frequency of handoffs Limitations Difficult to determine appropriate parameters False positives 19

Attack Prevetion Goal: extend PF to enforce global fairness during hand-off Approach: estimate the initial average throughput in the new cell Estimate average throughput as: R = E(CQI) G(N) E(CQI) : G(N) : N : N expection of CQI opportunistic scheduling gain number of users 20

Attack Prevention (cont.) E(CQI B ) G(N B ) G(N B ) R B R A = N B E(CQI A ) G(N A ) N B G(N A ) N A N A 21

Related Work Attacks on scheduling in cellular networks Using bursty traffic [Bali 07] Other attacks on cellular networks Using SMS [Enck 05] [Traynor 06] Attacking connection establishment [Traynor 07] Attacking battery power [Racic 06] 22

Conclusion Cellular networks grant unwarranted trust in mobile phones We discovered vulnerabilities in PF scheduler Malicious phone may fabricate CQI reports Malicious phone may request arbitrary hand offs Attack can severely reduce bandwidth and disrupt delay-sensitive applications Propose to enforce global fairness in PF to prevent attack 23