Let us not dwell only with all the negative aspects. Mandating buildt-in copy-prevention in all electronic devices will also have a lot of practical applications.
If for instance you could build a radar-beacon for your car that broad-cast such a copy-protection signal. The A/D converter in the trafic control radar would recognize the copy-protection signal and dutyfully shut down;-).
When enemy radar is locking on your plane, no problem - you just send them a request to shut down and all the missiles will fall out of the sky.
Go to a televised ball-game and bring a poster with a no-copy watermark. All the TV-cameras would stop working while they panned over your part of the benches.
That the recording industry can suggest to mandate such functionality can only be a proof that they have no technical insight. General purpose computers can by default do signal processing. If you make them in a way so they cannot do signal processing - they are no longer general purpose computers.
In order to sell any kind of content to a customer you have to eventually present it to the customer in a form that can be perceived by her. If something can be picked up by a human being it can also be picked up by a machine. Live with it.
A smart card will host a micro-processor and some memory. This is not a big problem for a contact-card since you get your power from current drawn through the terminals.
An RFID tag do not have its own power source but relies on axtracting power from an RF field transmitted by the reader. You cannot power a microprocessor from this, at least not reliably. RFID tags are memory based devices that will transmit a few hundred previously stored bits when triggered. This is the equivalent of the information stored on the magnetic stribe on most credit cards.
If the Americans find two systems to be an un-necessary redundancy I guess they would be free to dismantle their GPS constallation when Gallileo is operational.:-)
Somehow I just dont see that happening. If the US are un-willing to give up the control of such important infrastructure I dont see why people are surprized the EU dont like relying on a foreign country in such matters any more than the US would.
Continental drift have to be meassured some way. Using Gallileo would be handy for that purpose.
If I were a geologist in California, Iceland, Japan etc. it might be nice to be able to monitor how fast and how far my survey points were moving since it might tell me something about odds for new earth-quakes.
1 liter of water will have the mass of 1kg assuming it is at the right temperature and preassure. Using water you would need a pressure/temparature reference rather than a mass reference. I think the french guys were right that a slab of metal is easier to maintain than some meassure of pressure without having a mass reference.
Mass is a proporty of matter independant of gravity. Gravity affects matter with mass but an object will have the same mass also in micro-gravity. It is kind of equivalent of the charge of an electron. The charge is independant of any surrounding electric field.
Un-encrypted wireless is inherently insecure. There is no reason why you would not encrypt the traffic. If I were service provider I might actually insist on the traffic being encypted since I would like to serve only my paying customers and not every other spoofer with a pringles can.
there's a simple reason why only charging the caller in north america won't work: cell phones use the same area codes as land lines. thus, there would be no way for the caller to tell whether he's making a free call to a land line or a paid call to a cell phone. to get around this problem, all cell phones would have to be issued new area codes. and that would be pretty chaotic.
Why would that be chaotic? I would assume that even in the US the telephone back-bone is digital these days.;-)
Also with the mobility of many americans it would be quite practical to be able to keep your phone number when you move. This would be possible nation-wide for mobile phones if they got separate number series like in Europe.
There are many more advantages to SMS than the low cost. A phonecall is intrusive and unpractical in many situations. When I am in a meeting I will not accept a phone-call but I might read an SMS. Especially from one of the other meeting participants. It is very practical to be able to communicate without talking.
I would also normally prefer to arrange meetings etc. pr SMS rather than by voice since you have no transcript of a voice communication. Getting phone numbers etc. by voice is totally silly.
If you are calling from Canada you might get a cheaper rate by calling a european mobile phone than calling one of the landline monopolies, but OK Its your money to spend as you like.
Do you for a second beleive that China Unicom would have started to build an IS-95 network in parallel with its existing GSM network if the US government had not applied massive preassure during the trade talks that led to Chinas membership of the WTO? And would the Chinese have accepted if Qualcomm had not given massive discounts?
If CDMA is so great why have they only been able to sign up 10M subscribers in China?
True, most WCDMA phones are going to be dual mode since WCDMA is buildt on top of GSM. These handsets don't come cheap though.
The network in India is not made for WCDMA but for IS95/CDMA2K, so a dual mode handset is more difficult to make since the network infrastructure is not compatible. This also means that services like SMS, MMS etc will not fly seamlessly between CDMA2K and GSM/WCDMA. If CDMA gets the 20% market share in India the company predicts the subscribers will be locked on their little island and will only be able to send messages to other CDMA2K phones.
Even WCDMA/GSM multimodes are tricky to make. If I remember correctly, the phone you mention do not have a GPRS stack for instance so you will only have packet data in WCDMA mode which is a pain outside city centers.
Not impossible but not economical either. It would be a little bit like making a car that will run on diesel as well as gasoline.
Or a CPU that will be both RISC and CISC to site another popular holy war of years past.
A CDMA rf is almost by definition more expensive to build since it is operating in full duplex (Meaning the receiver and the transmitter is active at the same time). If you want to add a TDMA RF in parallel the cost would increase even more. Not was is called for in a cost consious market.
Will it help IBM if they have shown somebody AIX?
on
Do You Know UNIX Secrets?
·
· Score: 2, Insightful
Will it help IBM if someone comes forward and claim they have gotten access to AIX source-code without an NDA in place? I can understand that if SCO have been sloppy with NDA's that that can help the case but if IBM, SUN or any of the other licensees have leaked trade secrets/source would that not rather help SCO?
I'd like to expand upon this comment. TDMA systems have frequency reuse by dividing the small piece of bandwidth they get by allocating small chunks of time on the same channel to the phones on a specific channel. As the number of callers increase, less slots are free for a new caller. At low frequencies, the number of channels are more limited, and therefore the number of slots in total per tower.
In CDMA based systems handsets share the same frequency by transmitting a narrow-band signal that have been spread using a pseudo-random code shared between the handset and the base-station. For each frequency a certain number of codes can co-exist on the same frequency. (I think it is 64 codes for IS-95 in a 1.2 MHz wide channel but please dont shoot me if I am wrong, I have not been working with IS-95 the last few years) As such one can view CDMA as a form of analog frequency hopping. When you get close to the maximum number of users on a frequency, the signal to noise ratio at the receiver will approach the limit where the coding gain can no longer re-generate the signal.
Conceptually there is no difference between TDMA and CDMA in that respect.
The notion that there are fewer channels at lower frequencies is correct insofar as you have 2*25 MHz allocated in the cellular band and 2*60 MHz allocated in the PCS band. An operator will still only have a licence for say 10 MHz in either band so in that respect there are not more channels at higher frequencies.
EGPRS is only being rolled out now. It was one of the reasons why AT&T abandoned their US-TDMA (IS-136) network for a GSM-based system (Apart from GSM infrastructure being a fraction of the cost of IS-136 due to economy of scale and competition).
In EGPRS (or EDGE) you use 8-psk modulation rather than gmsk. In GMSK you gave two points in your constallation diagram where you have eight in 8-psk. Using two points you can transmit one bit pr symbol, with eight you can transmit three. It is very much the equivalent of the analog modems from years past. By adding more constallation points in the modulation diagram you went from 1200 b/s to 56k while still sending only 1200 symbols/s.
8-PSK is the first step in this direction in GSM. 8-PSK have very much the same spectral mask as GMSK and can consequently co-exist in the network. The handset reports to the network which coding classes it supports and the network can then order the handset to use the most appropriate bandwidth depending on the quality of the channel.
Technologically the big step in GSM was going from HSCSD (High Speed Circuit Switched Data) to GPRS since GPRS requires a totally different protocol stack that includes the concept of changing coding classes depending on the S/N ratio of the current channel. GPRS uses four different coding classes (Levels of feed-forward error correction added to the data payload) that spans from 9600 b/s pr slot to 21kb/s pr slot. If you use multiple slots you increase your data-rate. In EGPRS you add five additional coding classes using 8-psk modulation and you can then go from 9600 b/s pr slot to 63 kb/s pr slot. Again using multiple slots will linearily increase your bandwidth up to 384 kb/s which is what will fit in six ISDN channels.
The operators might not be pushing EGPRS that hard right now but is that not more connected to the fact that most traffic in the US is still voice only? The operators dont really need higher datacapacity before SMS, MMS, online gaming, video clips etc starts to take off in the US.
The handset manufacturers have also very little incentive to sell EGPRS handsets before the applications start to take off. This years killer app seems to be color displays. Why should the handset manufacturers put in not-requested features now that can drive next years replacement sales? Making the perfect product will make you loose all the replacement sales in the future;-)
I must admit I dont know that much about the theoretical max coverage of IS-95. Doing a back-of-the-envelope calculation based on the power control loop of IS-95 gives a theoretical limit below 100 km which is not that bad but there might be other things that limits the coverage furter.
(The power control loop requires the handset to adjust its output power in 0.2 dB steps 1600 times pr second in order for the basestation to receive all handsets with equal strength. 1/1600 = 625 us corresponding to 188km. Since a loop require the signal to propagate from the base-station to the handset and for the changed output power to propagata back to the base-station we get a maximum distance of 94km. This would require the base-station to be able to meassure the received power in 0 us which could be tough so my guestimate for a maximum distance would be in the ball-park of 50 km.)
120 km would only make sense in deserts etc., I mean *sparsely* populated areas, I agree. There are such places though and it is a good thing to be able to economically cover such areas if nothing else then for emergency calls when your camel blows a tire.
Again much of the perception in the US that you need more basestations is the confusion between the cellular band and the PCS band. (Cellular: Tx 824-849 and Rx 869-894 and PCS: Tx 1850-1910 Rx 1930-1990) For the past years it have been so that GSM carriers in the US have only had PCS licenses while CDMA have beend deployed in both bands. The cellular frequencies have much better propagation properties so you have less attenaution and scattering from trees, buildings, hills etc. Only in the past year have operators started to roll out GSM in the Cellular band as well so now you should see wast coverage improvements in the US for GSM outside city centers.
The speed of light is indeed a factor in any TDMA based system, also GSM. In GSM you have eight slots on the same frequency and you will receive in one slot, eg slot 0, and then transmit in slot 4. You have a guard-band between slots of 33 us or roughly 9.9 km. This is why in GSM the handset will use timing advance TA and initiate its transmission earlier, dependant on the distance to the basestation, in order for the slots from different handsets to reach the basestation equidistant. The basestation will report back to the handset when the timeslot was received and the handset must then adjust its timing advance as the user moves around in the cell or between cells.
When you deploy GSM in deserts, at sea, in the mountains where the trick is getting coverage and not spectral efficiency, the basestation is configured to use only every second slot. This is to avoid an of-by-one error in the calculation of timing advance when the user first time turn on her handset.
The same mechanism can be used in GSM to implement E911. (E911 is US legislation that mandates that the network operator must be able to locate the origin of an emergency call within (i think 50m)). The handset uses triangulation between neighbouring basestation, this is called E-OTD. In CDMA you have had to add a GPS receiver to the handset to acheive the same effect. While it is cool to have a build-in GPS receiver it adds cost to the handset and limits the flexibility in product concept selection because you need to find space for a GPS antenna. Also GPS do not work in-doors, in parking garages, tunnels or outside in forests or urban jungles since you need line-of sight to at least three sattelites.
In GSM you use seperate channels for broadcasts of a request to send data (both from the handset and from the basestation) so you would not knock handsets involved in communication off the tower. You might get a collision if two handsets broad-cast a request to send (They are dialing a number or sending an SMS,MMS,E-mail etc) simultaniously. This is very similar to Ethernet. In that case the handsets will try again with a pseudo-random delay until the request is granted. When the request is granted, the base-station takes control and will mandate what slots a handset can use for transmission so there is no longer possibility of collission.
I admit GSM is a very complex system but it is also solving a range of very complex problems.
Building a communication system on CDMA or TDMA is a design choise. As our friend Shannon tells us there is no fundamental difference if the two systems are equally well designed. GSM is very well designed. I am not that familiar with the IS-95 family but it seems to be very much a proprietary system owned by one company and I fear that that can limit the scope of that standard.
Using either is a design choice and you can make good or bad systems with both. In both methods you are bound by the limits Shannon discovered, but any well-designed system can be made to have the same data capacity in a given channel independantly of the access method.
Qualcomm made some wild claims about their superior technology and since mobile phone operators are not among the worlds brightest people (Remember the 3G spectrum auctions in Europe) a lot of US operators bought it. They are now locked in with a proprietary standard bogged down by bogus QCOM IP claims. (Remember QCOM owns the protocol, every time they make a protocol extension thay patent it for its application in their system no matter how trivial).
I still find the idea of overlaying digital CDMA channels over AMPS channels and hide the digital traffic in the analog noisefloor quite cute. That such an implementation only makes sence in the rather fragmented US mobile phone eco-system is an other matter.
I forgot to add that you want to build your receiver with receiever diversity. While your victim will report received signal strength back to the basestation which in turn will adjust its transmitted power as low as possible, you will not get the same benefit. The wavelength is 15-30 cm so you will often end up in a fading hole. While the frequency hopping should help with fast fading it will not be a big help in slow fading.
You will also need to keep wery close to your victim since frequencies will be re-used without mercy. While your victim will be able to decode a burst received with a 10dB S/N, you could be in trouble if you hear a neighbouring transmitter that is closer to you than it is to the victim.
In CDMA this is not a big issue since a disturbing signal will use a different code. This will not help you in GSM.
> Also, remember the crypto is used for more than just call privacy...
?? Like what? Billing, authentication, exchange of session keys etc is done using IMSI and Ki and a protocol of your operators choise. Some operators are still using comp128 which I admit is a little silly but it is not something you can break over the air. Remember the comp128 equivalent is a hash function and not a block cipher so guessing one session key will not get you the secret. Even using the *Broken* comp128 you will need something like 100000 chosen plain-texts to get Ki.
Even if you did get the Ki, it was not like you would have free POTS forever. Operators have a sad habit of harassing you big time if they see your IMSI/Ki being used by multiple handsets.
> I'd use AES (as CDMA does) or possibly Serpent (since the main developer was my old supervisor). I wouldn't try either variant of A5, that's for sure;-)
Are you sure CDMA is using AES? Rijndael is a fairly new algorithm and CDMA have been around for a while. (It might be that CDMA2K is using it but IS95, I doubt it)
The GSM protocol is very modular. I dont se any reason not to improve the session encryption if that becomes relevant. You allready have multiple speach-codecs, multiple modulation schemes whatever being introduced in new versions of the GSM specification. Normally 3GPP releases a new spec with up-dated requirements once a year. This will then contain added features and added type approval requirements. Business as usual.
> IMO, that's a pretty trivial attack - a normal PC and a single fairly large IDE hard drive?
Hmm., I would still find it easier to wiretab the landline phone the guy is talking to. Sampling two minutes worth of communication without knowing the key is no simple task (Not that I would claim it cannot be done though).
I assume you want the attack to go something like walking up next to a guy, seeing him pick up his phone and wanting to hear what the guy at the other end is telling him.
The handset will use one of the session keys it have been sent from the local network at start encrypted with the Ki of the SIM-card. I assume it is this session key you want to get at in order to be able to eavesdrop on the rest of the conversation.
First challenge is to figure out what channel your subject is receiving on. The system is using frequency hopping, one burst of 4xx us before hopping to the next. What list of frequencies the handset is using depends on the RSSI measurements the handset continuesly sends the basestation. The basestation will also move the call to a neighbouring basestation for better capacity allocation if one cell gets crowded or if the handset is reporting more fawourable reception from one of the neighbouring cells. This happens all the time in an urban environment, especially since people are moving around. One way around this is of course to sample everything and then later figure out which bursts were the ones you were interested in. In Europe there is 110 MHz allocated to GSM, 110 RX and 110 TX. Each frequency is 200 KHz wide and each channel will typically need sampling with a 14 bit A/D converter 13/12 million times a second. (This is assuming your receiver have individual AGC control on each channel and that you can somehow guess the power level the basestation will transmit every burst with). Catching both RX and TX will yield 16.7 Gb/s in raw data. Then you have to demodulate the data with all the trickery of equalization, correlation/timing adjustment, viterbi decoding etc etc. before you get to the encrypted data being sent on the individual channels. Then you have to figure out which bursts are from your victim before you can do the pre-processing that makes 2 minutes worth of data into 200GB data for the attack.
While I would not claim that security by obscurity is that great, I will at least claim that this is pretty obscure;-). Whoever can affort such a receiver (read a government agency) will anyway have a tab on the network side of the infra-structure.
2^45 tries as reported by Adi is a little steep to listen in on your kid sisters talk with her boy-friend. If you really need to sample two minutes conversation and pre-process it to 200 GB of data before starting the attack - Well in comparison with the cellular networks prevalent in the US I dont think that is that bad. How is CDMA2K voice data encrypted??
The encryption algorithm dates back to the bad old days with an iron curtain dividing Europe. The French did not want Poles, Hungarians etc. to use a system that was un-breakable and in that sence I would still say that it is slightly above ROT13. The CDMA2K systems being sold to China, what encryption do they use??
I would still say that if I was interested in eavesdropping on somebody using GSM I would much rather go for tapping into the infrastructure than go for the encrypted data being transmitted over the air.
If you have some reason to want greater safety then what can be acheived by the over-the-air GSM speach encryption I would suggest you make a circuit switched data call instead, use any old VoIP solution and tripple-DES the whole lot.
BTW., The TDMA derivative being discussed in the article is EDGE which is a GSM air interface using 8-PSK modulation rather than GMSK for signalling and thus acheiving 3 times the bit-rate using approximately the same spectral mask. With EDGE you get 384 kb/s also in TU50 and similar fading profiles. Try that with CDMA:-)
I am afraid you are misinformed. How GSM is performing in your neighborhood have a lot to do with the way your local operator have chosen to implement it. If you go to countries like South Africa, Australia, Norway etc., (Not all known for their population density) you will find that GSM nets in the country-side is set up so the cell-tower skips every second time-slot. That way you can use handsets up to 120 km from the base-station. Try that with IS-95 or CDMA2K:-).
The situation in Iraq is very different from the old GSM-1900 nets in the States. At 1900 MHz, the cell-size is a lot smaller for both CDMA and GSM. The CDMA handsets were made to shift to the 800 MHz AMPS band when loosing coverage (Going analog). GSM have only recently been allowed in the analog band so with the new nets being build by AT&T and friends, the phones will get much better coverage also in rural areas due to the better propagation of lower frequency signals (And they will stay digital).
If you follow 3GPP standardisation you will notice GSM 450. At 450 MHz your coverage in rural areas will be fantastic. Try building a WCDMA network with only 7 MHz of bandwidth though;-).
With EGPRS you can get bitrates of up to 384 kb/s in a moving vehicle. Try that with CDMA.:-)
Until now I would have thought that that was only possible if it was mentioned in the fathers last will and testament and not in the biological sence, if you pardon the pun:-)
My understanding was that the sperm cell is haploid without any mithocondrial DNA. For a transfer of mithocondrial dna it should somehow hitch a ride, enter the egg cell and dispose of the mothers contribution somehow.
The conclusions from the Italian project is a little strange though. The study was based on mithocondrial DNA that is passed asexually from mother to child. (The mothers mithocondrial DNA is present in the egg cell and is replicated to all the cells as they divide) Mutations of the mithocondrial DNA will occur at a rate that allows researchers to estimate the number of generations since two specimens shared a female ancestor.
All living humans Homo (Homo) Sapiens seems to share a copy that is believed to stem from a woman who is believed to have lived a few million years ago presumably in Africa.
That Neanderthal mithocondrial dna have not been found in any modern humans can only show that there have not been found a direct lineage only consisting of females.?
They buried their dead and they did indeed wear jewelry. ( Vanity is recognized as a very human characteristic:-)
I can recommend a book by Martin Kuckenburg: "Als der Mensch zum Schoepfer wurde". It covers human cultural evolution over the past six million years and includes a fine chapter about Neanderthals.
Slashdot Mirror
Let us not dwell only with all the negative aspects. Mandating buildt-in copy-prevention in all electronic devices will also have a lot of practical applications.
If for instance you could build a radar-beacon for your car that broad-cast such a copy-protection signal. The A/D converter in the trafic control radar would recognize the copy-protection signal and dutyfully shut down ;-).
When enemy radar is locking on your plane, no problem - you just send them a request to shut down and all the missiles will fall out of the sky.
Go to a televised ball-game and bring a poster with a no-copy watermark. All the TV-cameras would stop working while they panned over your part of the benches.
That the recording industry can suggest to mandate such functionality can only be a proof that they have no technical insight. General purpose computers can by default do signal processing. If you make them in a way so they cannot do signal processing - they are no longer general purpose computers.
In order to sell any kind of content to a customer you have to eventually present it to the customer in a form that can be perceived by her. If something can be picked up by a human being it can also be picked up by a machine. Live with it.
A smart card will host a micro-processor and some memory. This is not a big problem for a contact-card since you get your power from current drawn through the terminals.
An RFID tag do not have its own power source but relies on axtracting power from an RF field transmitted by the reader. You cannot power a microprocessor from this, at least not reliably. RFID tags are memory based devices that will transmit a few hundred previously stored bits when triggered. This is the equivalent of the information stored on the magnetic stribe on most credit cards.
If the Americans find two systems to be an un-necessary redundancy I guess they would be free to dismantle their GPS constallation when Gallileo is operational. :-)
Somehow I just dont see that happening. If the US are un-willing to give up the control of such important infrastructure I dont see why people are surprized the EU dont like relying on a foreign country in such matters any more than the US would.
Continental drift have to be meassured some way. Using Gallileo would be handy for that purpose.
If I were a geologist in California, Iceland, Japan etc. it might be nice to be able to monitor how fast and how far my survey points were moving since it might tell me something about odds for new earth-quakes.
1 liter of water will have the mass of 1kg assuming it is at the right temperature and preassure. Using water you would need a pressure/temparature reference rather than a mass reference. I think the french guys were right that a slab of metal is easier to maintain than some meassure of pressure without having a mass reference.
Mass is a proporty of matter independant of gravity. Gravity affects matter with mass but an object will have the same mass also in micro-gravity. It is kind of equivalent of the charge of an electron. The charge is independant of any surrounding electric field.
Un-encrypted wireless is inherently insecure. There is no reason why you would not encrypt the traffic. If I were service provider I might actually insist on the traffic being encypted since I would like to serve only my paying customers and not every other spoofer with a pringles can.
Why would that be chaotic? I would assume that even in the US the telephone back-bone is digital these days. ;-)
Also with the mobility of many americans it would be quite practical to be able to keep your phone number when you move. This would be possible nation-wide for mobile phones if they got separate number series like in Europe.
There are many more advantages to SMS than the low cost. A phonecall is intrusive and unpractical in many situations. When I am in a meeting I will not accept a phone-call but I might read an SMS. Especially from one of the other meeting participants. It is very practical to be able to communicate without talking.
I would also normally prefer to arrange meetings etc. pr SMS rather than by voice since you have no transcript of a voice communication. Getting phone numbers etc. by voice is totally silly.
If you are calling from Canada you might get a cheaper rate by calling a european mobile phone than calling one of the landline monopolies, but OK Its your money to spend as you like.
Do you for a second beleive that China Unicom would have started to build an IS-95 network in parallel with its existing GSM network if the US government had not applied massive preassure during the trade talks that led to Chinas membership of the WTO? And would the Chinese have accepted if Qualcomm had not given massive discounts?
If CDMA is so great why have they only been able to sign up 10M subscribers in China?
True, most WCDMA phones are going to be dual mode since WCDMA is buildt on top of GSM. These handsets don't come cheap though.
The network in India is not made for WCDMA but for IS95/CDMA2K, so a dual mode handset is more difficult to make since the network infrastructure is not compatible. This also means that services like SMS, MMS etc will not fly seamlessly between CDMA2K and GSM/WCDMA. If CDMA gets the 20% market share in India the company predicts the subscribers will be locked on their little island and will only be able to send messages to other CDMA2K phones.
Even WCDMA/GSM multimodes are tricky to make. If I remember correctly, the phone you mention do not have a GPRS stack for instance so you will only have packet data in WCDMA mode which is a pain outside city centers.
Not impossible but not economical either. It would be a little bit like making a car that will run on diesel as well as gasoline.
Or a CPU that will be both RISC and CISC to site another popular holy war of years past.
A CDMA rf is almost by definition more expensive to build since it is operating in full duplex (Meaning the receiver and the transmitter is active at the same time). If you want to add a TDMA RF in parallel the cost would increase even more. Not was is called for in a cost consious market.
Will it help IBM if someone comes forward and claim they have gotten access to AIX source-code without an NDA in place? I can understand that if SCO have been sloppy with NDA's that that can help the case but if IBM, SUN or any of the other licensees have leaked trade secrets/source would that not rather help SCO?
In CDMA based systems handsets share the same frequency by transmitting a narrow-band signal that have been spread using a pseudo-random code shared between the handset and the base-station. For each frequency a certain number of codes can co-exist on the same frequency. (I think it is 64 codes for IS-95 in a 1.2 MHz wide channel but please dont shoot me if I am wrong, I have not been working with IS-95 the last few years) As such one can view CDMA as a form of analog frequency hopping. When you get close to the maximum number of users on a frequency, the signal to noise ratio at the receiver will approach the limit where the coding gain can no longer re-generate the signal.
Conceptually there is no difference between TDMA and CDMA in that respect.
The notion that there are fewer channels at lower frequencies is correct insofar as you have 2*25 MHz allocated in the cellular band and 2*60 MHz allocated in the PCS band. An operator will still only have a licence for say 10 MHz in either band so in that respect there are not more channels at higher frequencies.
EGPRS is only being rolled out now. It was one of the reasons why AT&T abandoned their US-TDMA (IS-136) network for a GSM-based system (Apart from GSM infrastructure being a fraction of the cost of IS-136 due to economy of scale and competition).
;-)
In EGPRS (or EDGE) you use 8-psk modulation rather than gmsk. In GMSK you gave two points in your constallation diagram where you have eight in 8-psk. Using two points you can transmit one bit pr symbol, with eight you can transmit three. It is very much the equivalent of the analog modems from years past. By adding more constallation points in the modulation diagram you went from 1200 b/s to 56k while still sending only 1200 symbols/s.
8-PSK is the first step in this direction in GSM. 8-PSK have very much the same spectral mask as GMSK and can consequently co-exist in the network. The handset reports to the network which coding classes it supports and the network can then order the handset to use the most appropriate bandwidth depending on the quality of the channel.
Technologically the big step in GSM was going from HSCSD (High Speed Circuit Switched Data) to GPRS since GPRS requires a totally different protocol stack that includes the concept of changing coding classes depending on the S/N ratio of the current channel. GPRS uses four different coding classes (Levels of feed-forward error correction added to the data payload) that spans from 9600 b/s pr slot to 21kb/s pr slot. If you use multiple slots you increase your data-rate. In EGPRS you add five additional coding classes using 8-psk modulation and you can then go from 9600 b/s pr slot to 63 kb/s pr slot. Again using multiple slots will linearily increase your bandwidth up to 384 kb/s which is what will fit in six ISDN channels.
The operators might not be pushing EGPRS that hard right now but is that not more connected to the fact that most traffic in the US is still voice only? The operators dont really need higher datacapacity before SMS, MMS, online gaming, video clips etc starts to take off in the US.
The handset manufacturers have also very little incentive to sell EGPRS handsets before the applications start to take off. This years killer app seems to be color displays. Why should the handset manufacturers put in not-requested features now that can drive next years replacement sales? Making the perfect product will make you loose all the replacement sales in the future
I must admit I dont know that much about the theoretical max coverage of IS-95. Doing a back-of-the-envelope calculation based on the power control loop of IS-95 gives a theoretical limit below 100 km which is not that bad but there might be other things that limits the coverage furter.
(The power control loop requires the handset to adjust its output power in 0.2 dB steps 1600 times pr second in order for the basestation to receive all handsets with equal strength. 1/1600 = 625 us corresponding to 188km. Since a loop require the signal to propagate from the base-station to the handset and for the changed output power to propagata back to the base-station we get a maximum distance of 94km. This would require the base-station to be able to meassure the received power in 0 us which could be tough so my guestimate for a maximum distance would be in the ball-park of 50 km.)
120 km would only make sense in deserts etc., I mean *sparsely* populated areas, I agree. There are such places though and it is a good thing to be able to economically cover such areas if nothing else then for emergency calls when your camel blows a tire.
Again much of the perception in the US that you need more basestations is the confusion between the cellular band and the PCS band. (Cellular: Tx 824-849 and Rx 869-894 and PCS: Tx 1850-1910 Rx 1930-1990) For the past years it have been so that GSM carriers in the US have only had PCS licenses while CDMA have beend deployed in both bands. The cellular frequencies have much better propagation properties so you have less attenaution and scattering from trees, buildings, hills etc. Only in the past year have operators started to roll out GSM in the Cellular band as well so now you should see wast coverage improvements in the US for GSM outside city centers.
The speed of light is indeed a factor in any TDMA based system, also GSM. In GSM you have eight slots on the same frequency and you will receive in one slot, eg slot 0, and then transmit in slot 4. You have a guard-band between slots of 33 us or roughly 9.9 km. This is why in GSM the handset will use timing advance TA and initiate its transmission earlier, dependant on the distance to the basestation, in order for the slots from different handsets to reach the basestation equidistant. The basestation will report back to the handset when the timeslot was received and the handset must then adjust its timing advance as the user moves around in the cell or between cells.
When you deploy GSM in deserts, at sea, in the mountains where the trick is getting coverage and not spectral efficiency, the basestation is configured to use only every second slot. This is to avoid an of-by-one error in the calculation of timing advance when the user first time turn on her handset.
The same mechanism can be used in GSM to implement E911. (E911 is US legislation that mandates that the network operator must be able to locate the origin of an emergency call within (i think 50m)). The handset uses triangulation between neighbouring basestation, this is called E-OTD. In CDMA you have had to add a GPS receiver to the handset to acheive the same effect. While it is cool to have a build-in GPS receiver it adds cost to the handset and limits the flexibility in product concept selection because you need to find space for a GPS antenna.
Also GPS do not work in-doors, in parking garages, tunnels or outside in forests or urban jungles since you need line-of sight to at least three sattelites.
In GSM you use seperate channels for broadcasts of a request to send data (both from the handset and from the basestation) so you would not knock handsets involved in communication off the tower. You might get a collision if two handsets broad-cast a request to send (They are dialing a number or sending an SMS,MMS,E-mail etc) simultaniously. This is very similar to Ethernet. In that case the handsets will try again with a pseudo-random delay until the request is granted.
When the request is granted, the base-station takes control and will mandate what slots a handset can use for transmission so there is no longer possibility of collission.
I admit GSM is a very complex system but it is also solving a range of very complex problems.
Building a communication system on CDMA or TDMA is a design choise. As our friend Shannon tells us there is no fundamental difference if the two systems are equally well designed. GSM is very well designed. I am not that familiar with the IS-95 family but it seems to be very much a proprietary system owned by one company and I fear that that can limit the scope of that standard.
CDMA vs TDMA holy wars are a lot of hot air.
Using either is a design choice and you can make good or bad systems with both. In both methods you are bound by the limits Shannon discovered, but any well-designed system can be made to have the same data capacity in a given channel independantly of the access method.
Qualcomm made some wild claims about their superior technology and since mobile phone operators are not among the worlds brightest people (Remember the 3G spectrum auctions in Europe) a lot of US operators bought it. They are now locked in with a proprietary standard bogged down by bogus QCOM IP claims. (Remember QCOM owns the protocol, every time they make a protocol extension thay patent it for its application in their system no matter how trivial).
I still find the idea of overlaying digital CDMA channels over AMPS channels and hide the digital traffic in the analog noisefloor quite cute. That such an implementation only makes sence in the rather fragmented US mobile phone eco-system is an other matter.
I forgot to add that you want to build your receiver with receiever diversity. While your victim will report received signal strength back to the basestation which in turn will adjust its transmitted power as low as possible, you will not get the same benefit. The wavelength is 15-30 cm so you will often end up in a fading hole. While the frequency hopping should help with fast fading it will not be a big help in slow fading.
You will also need to keep wery close to your victim since frequencies will be re-used without mercy. While your victim will be able to decode a burst received with a 10dB S/N, you could be in trouble if you hear a neighbouring transmitter that is closer to you than it is to the victim.
In CDMA this is not a big issue since a disturbing signal will use a different code. This will not help you in GSM.
> Also, remember the crypto is used for more than just call privacy...
;-)
;-). Whoever can affort such a receiver (read a government agency) will anyway have a tab on the network side of the infra-structure.
?? Like what? Billing, authentication, exchange of session keys etc is done using IMSI and Ki and a protocol of your operators choise. Some operators are still using comp128 which I admit is a little silly but it is not something you can break over the air. Remember the comp128 equivalent is a hash function and not a block cipher so guessing one session key will not get you the secret. Even using the *Broken* comp128 you will need something like 100000 chosen plain-texts to get Ki.
Even if you did get the Ki, it was not like you would have free POTS forever. Operators have a sad habit of harassing you big time if they see your IMSI/Ki being used by multiple handsets.
> I'd use AES (as CDMA does) or possibly Serpent (since the main developer was my old supervisor). I wouldn't try either variant of A5, that's for sure
Are you sure CDMA is using AES? Rijndael is a fairly new algorithm and CDMA have been around for a while. (It might be that CDMA2K is using it but IS95, I doubt it)
The GSM protocol is very modular. I dont se any reason not to improve the session encryption if that becomes relevant. You allready have multiple speach-codecs, multiple modulation schemes whatever being introduced in new versions of the GSM specification. Normally 3GPP releases a new spec with up-dated requirements once a year. This will then contain added features and added type approval requirements. Business as usual.
> IMO, that's a pretty trivial attack - a normal PC and a single fairly large IDE hard drive?
Hmm., I would still find it easier to wiretab the landline phone the guy is talking to. Sampling two minutes worth of communication without knowing the key is no simple task (Not that I would claim it cannot be done though).
I assume you want the attack to go something like walking up next to a guy, seeing him pick up his phone and wanting to hear what the guy at the other end is telling him.
The handset will use one of the session keys it have been sent from the local network at start encrypted with the Ki of the SIM-card. I assume it is this session key you want to get at in order to be able to eavesdrop on the rest of the conversation.
First challenge is to figure out what channel your subject is receiving on. The system is using frequency hopping, one burst of 4xx us before hopping to the next. What list of frequencies the handset is using depends on the RSSI measurements the handset continuesly sends the basestation. The basestation will also move the call to a neighbouring basestation for better capacity allocation if one cell gets crowded or if the handset is reporting more fawourable reception from one of the neighbouring cells. This happens all the time in an urban environment, especially since people are moving around. One way around this is of course to sample everything and then later figure out which bursts were the ones you were interested in. In Europe there is 110 MHz allocated to GSM, 110 RX and 110 TX. Each frequency is 200 KHz wide and each channel will typically need sampling with a 14 bit A/D converter 13/12 million times a second. (This is assuming your receiver have individual AGC control on each channel and that you can somehow guess the power level the basestation will transmit every burst with). Catching both RX and TX will yield 16.7 Gb/s in raw data.
Then you have to demodulate the data with all the trickery of equalization, correlation/timing adjustment, viterbi decoding etc etc. before you get to the encrypted data being sent on the individual channels. Then you have to figure out which bursts are from your victim before you can do the pre-processing that makes 2 minutes worth of data into 200GB data for the attack.
While I would not claim that security by obscurity is that great, I will at least claim that this is pretty obscure
Hmm.,
:-)
2^45 tries as reported by Adi is a little steep to listen in on your kid sisters talk with her boy-friend. If you really need to sample two minutes conversation and pre-process it to 200 GB of data before starting the attack - Well in comparison with the cellular networks prevalent in the US I dont think that is that bad. How is CDMA2K voice data encrypted??
The encryption algorithm dates back to the bad old days with an iron curtain dividing Europe. The French did not want Poles, Hungarians etc. to use a system that was un-breakable and in that sence I would still say that it is slightly above ROT13. The CDMA2K systems being sold to China, what encryption do they use??
I would still say that if I was interested in eavesdropping on somebody using GSM I would much rather go for tapping into the infrastructure than go for the encrypted data being transmitted over the air.
If you have some reason to want greater safety then what can be acheived by the over-the-air GSM speach encryption I would suggest you make a circuit switched data call instead, use any old VoIP solution and tripple-DES the whole lot.
BTW., The TDMA derivative being discussed in the article is EDGE which is a GSM air interface using 8-PSK modulation rather than GMSK for signalling and thus acheiving 3 times the bit-rate using approximately the same spectral mask. With EDGE you get 384 kb/s also in TU50 and similar fading profiles. Try that with CDMA
I am afraid you are misinformed. How GSM is performing in your neighborhood have a lot to do with the way your local operator have chosen to implement it. If you go to countries like South Africa, Australia, Norway etc., (Not all known for their population density) you will find that GSM nets in the country-side is set up so the cell-tower skips every second time-slot. That way you can use handsets up to 120 km from the base-station. Try that with IS-95 or CDMA2K :-).
;-).
:-)
The situation in Iraq is very different from the old GSM-1900 nets in the States. At 1900 MHz, the cell-size is a lot smaller for both CDMA and GSM. The CDMA handsets were made to shift to the 800 MHz AMPS band when loosing coverage (Going analog). GSM have only recently been allowed in the analog band so with the new nets being build by AT&T and friends, the phones will get much better coverage also in rural areas due to the better propagation of lower frequency signals (And they will stay digital).
If you follow 3GPP standardisation you will notice GSM 450. At 450 MHz your coverage in rural areas will be fantastic. Try building a WCDMA network with only 7 MHz of bandwidth though
With EGPRS you can get bitrates of up to 384 kb/s in a moving vehicle. Try that with CDMA.
Hmm.,
:-)
Until now I would have thought that that was only possible if it was mentioned in the fathers last will and testament and not in the biological sence, if you pardon the pun
My understanding was that the sperm cell is haploid without any mithocondrial DNA. For a transfer of mithocondrial dna it should somehow hitch a ride, enter the egg cell and dispose of the mothers contribution somehow.
Do you have a pointer to any papers on this?
Sigurd
The conclusions from the Italian project is a little strange though. The study was based on mithocondrial DNA that is passed asexually from mother to child. (The mothers mithocondrial DNA is present in the egg cell and is replicated to all the cells as they divide) Mutations of the mithocondrial DNA will occur at a rate that allows researchers to estimate the number of generations since two specimens shared a female ancestor.
All living humans Homo (Homo) Sapiens seems to share a copy that is believed to stem from a woman who is believed to have lived a few million years ago presumably in Africa.
That Neanderthal mithocondrial dna have not been found in any modern humans can only show that there have not been found a direct lineage only consisting of females.?
Sigurd
They buried their dead and they did indeed wear jewelry. ( Vanity is recognized as a very human characteristic :-)
I can recommend a book by Martin Kuckenburg: "Als der Mensch zum Schoepfer wurde". It covers human cultural evolution over the past six million years and includes a fine chapter about Neanderthals.
Sigurd