Cellular Network for Mobile Devices and Applications: Infrastructure Limitations and Solutions

In this dissertation, we study how to improve the 3G/4G network infrastructure to better support mobile devices and applications. Specifically, we focus on two topics: one is how to reduce the operational cost by improving energy efficiency of cellular network infrastructure, and the other is to reexamine the architecture and policy practice on data accounting in 3G/4G infrastructures from both robustness and security perspectives.;The first topic seeks to design a green network infrastructure for 3G networks within the 3G standards framework. Our work is motivated by the fact that the 3G cellular infrastructure, particularly the base station (BS) networks, consumes about 80% of overall energy in today's operational networks. Such base station networks incur large energy waste in that their energy consumption is not in proportion to their carried traffic loads. Our study further shows two root causes. On one hand, the traffic volume is not constant over time; In fact, it exhibits high fluctuations both in time and over space. On the other hand, each base station consumes a large portion of energy even at zero traffic, due to its supporting system (e.g., cooling) and idle communication overhead.;In the second topic, we examine the data accounting architecture and practice, which has migrated its design from the circuit-switched voice service to the packet-switched data. Our work is driven by the fact that, data-plan subscribers are charged based on the used traffic volume in 3G/4G cellular networks. Though this usage-based charging system seems to receive general success in operation, no effort has been used to investigate it from the user perspective. Therefore, we conduct experiments to critically assess both this usage-based accounting architecture and application-specific charging policies by operators. Our evaluation compares the network-recorded volume with the delivered traffic at the end device. We have found that, both generally work in common scenarios but may go wrong in the extreme cases: We are charged for what we never get, and we can get what we want for free. In one extreme case, we are charged for at least three hours and 450MB or more data despite receiving no single bit. In another extreme case, we are able to transfer 200MB or any amount we specify for free. The direct root causes lie in lack of both coordination between the charging system and the end device, and prudent policy enforcement by certain operators. The more fundamental problem is that, solutions (e.g., data accounting) that work for circuit-switched, telecom networks may not be directly applicable to the packet-switched IP-based networks. The open-loop data accounting fails to record consistent data volume along the packet-switched path, thus it suffers from various problems in certain worst-case scenarios. We propose remedies that mitigate the negative impacts.;We further study the data accounting problem from the security perspective. We have identified loopholes in both the metered accounting architecture and application-specific charging policies, and discovered two effective attacks exploiting the loopholes. The “toll-free-data-access-attack” enables the attacker to access any data service for free. The “stealth-spam-attack” incurs any large traffic volume to the victim, while the victim may not be even aware of such spam traffic. We also show that, current security mechanisms in cellular networks, such as hardware-based authentication and authorization, and firewalls, cannot defend from such attacks. Our experiments mainly on two operational 3G networks have confirmed the feasibility and simplicity of such attacks. We further propose defense remedies. The main learned lessons are (1) the telecom-based solutions may be inappropriate for mobile data since the virtual circuit does not exist any more. Core network operations should adapt to the underlying PS technology; (2) IP data forwarding uses a push model, causing the data delivery to the mobile victim without its prior consent; Current cellular networks are unable to verify the authenticity of the malicious sender at the network layer. (Abstract shortened by UMI.).