Rethinking Mobile Telephony with the IMP
Total Page:16
File Type:pdf, Size:1020Kb
Rethinking Mobile Telephony with the IMP M. DeYoung, N. Henke, G.Wai and J. M. Smith University of Pennsylvania Abstract : The recent widespread deployment of 3GPP and 3GPP2 phones resemble Internet terminals, wireless LAN technology raises the question of how but use a managed guaranteed bandwidth network. a mobile telephony system might instead be architected to use wireless LAN access points and Device Mobile Access Bearer the Internet to achieve similar services. In this Type Infrastructure Service paper, we examine an end-to-end architecture for Infrastructure mobile telephony, with a strong focus on endpoint Cellular Wireless Circuit- issues. Telephone Circuit- Switched We have designed, implemented, and have Switched (VOIP core?) experience using devices we call Internet Mobile Internet Wireless IP packet Phones or IMPs. The IMP system provides Mobile Phone Packet-Switched switched encrypted wireless voice communication over (IMP) IP 802.11B LANs. IMPs run Linux on a lightweight Table I: Switching and Roles in Voice Services single-board computer running customized voice over IP software; data is encrypted with 128-bit One timely question is whether the growing Internet Blowfish. infrastructure is well-suited to providing a mobile The paper reports on our design decisions and the telephony service, now that wireless access through resulting implementation of the IMPs, with 802.11b LANS is increasingly common, and often sufficient detail to reproduce the devices. We report publicly accessible. our experiences with using them for several months While a widespread IP telephony infrastructure in a laboratory environment, and close with is now being developed and deployed with various proposals for future experiments to investigate scale Voice Over IP (VOIP) protocols, reproducing various and extensibility. features of handheld wireless voice devices intended to behave as mobile telephones presented an interesting 1. Introduction design exercise. In addition, since features are added at the endpoints in the IP architecture, design choices The increasing ubiquity of Internet communication existed for privacy protections unavailable to the and wireless access points has made universal Internet traditional cellular telephone user. These protections access increasingly convenient. There are clearly are particularly attractive in the context of wireless barriers to this vision of accessing a device by its VOIP services. address such as NAT boxes, firewalls and for-pay services, but social factors and technologies such as 1.1. Experimental Goals IPv6 favor its long-term growth. A potentially important consequence of this infrastructure is the Our hypothesis was that a handheld mobile 802.11 ability to utilize the Internet for new applications, some device using IP as a bearer service would provide of which are enabled simply by the availability of new indications that an alternative architecture for mobile edge devices [6] and the addition of some software telephony was possible if not today, then in the very “glue” to achieve interoperability with the existing near future. Our experimental methodology was the Internet infrastructure. implementation of a system, largely centered around The cellular telephone system provides widespread the design of the endpoint (as the end-to-end argument wireless voice service, and is integrated with the [21] would suggest is the appropriate design objective) traditional telephony system. This enjoys excellent we call the Internet Mobile Phone, or IMP. An “network externalities”, as the first deployed cellular operational IMP which emulates circuit-based telephone is part of a network with extensive telephony over wireless access to IP presents an connectivity. Cellular telephones are now evolving objective demonstration of the strength of a purely-IP towards computers, but the basic bearer architecture based mobile telephony approach. has remained one of telephony. Table I illustrates the Our high level design goals for the IMP were as design choices for infrastructures for mobile telephony, follows: with access and bearer architectures on one axis and 1. Design and implement a user device which would some common devices on the other. The traditional serve as a portable personal 802.11b client. mobile phone system uses circuit-switched access and a 2. Implement a fully capable IP host on the device, circuit-switched bearer architecture. While provision of that given an IP address would be able to interact VOIP bearer services is underway in the telephony with any other, including another such device industry, and portions of it such as SS7 or SCTP 3. Provide a simple Voice Over IP (VOIP) service signaling are packet-switched, deployed mobile telephony access infrastructure is circuit-switched. 4. Provide as much of the ad-hoc, unregulated “feel” Internet, typically via DHCP. IP transport can be used of a walkie-talkie as possible, while providing a for both the control and data planes of the system. reasonable mobile telephony service Security criteria can be modeled as CIA – 5. Provide a secure channel establishment protocol Confidentiality, Integrity and Availability. Any and encryption of the data on the VOIP channel broadcast network can be disrupted by transmission- for privacy protection. based attacks (such as jamming or flooding) which would inhibit availability. Thus we did not make 1.2. Outline of this paper availability a security goal, but did set confidentiality and integrity as major goals. The use of cryptography This paper is not about the number of such devices seemed obvious; the question is at where in the design that can be supported by an 802.11b access point, nor it would be employed. In brief, we chose an end-to-end is it about the quality of service required [1] or voice strategy and encrypted voice before transporting it via quality achievable. It is not about audio for desktop use conventional IP. Some privacy goals (such as on a LAN [23,24,25]. Instead, we sought to prototype knowledge of who is talking to whom) are sacrificed in a working secure IP mobile telephony system that met the service of sensible layering, although use of an IP- our high level goals, and was realizable at a reasonable based service allows one to employ very sophisticated cost in both time and money. We believe we have schemes (such as those based on IPsec tunnels [28] or achieved that, as we used the devices to communicate onion routing) if so required. at what, by virtue of our many conversations we judge The IMP establishes logically peer-to-peer to be reasonable voice quality, at least as good as the connections to transmit voice data. Since dynamic IP commercial cellular telephones we use. As an aside, addressing is used, and IP communication between since some of the conversations were about the system, peers requires at a minimum reciprocal knowledge of it might be argued that it helped bootstrap itself into addresses, we maintain a list of the IP addresses of all existence. connected users. When a user logs on to the system the The next section, Section 2, provides a more authentication system will store the IP address assigned detailed discussion of the design goals for an IMP. to the user and allow the user to retrieve IP address of Section 3 describes the hardware realization of our other connected users. This has the flavor of a “buddy handset, including a parts list for those interested in list” or simply an on-line directory. A variety of other reproducing our experiment (one of our long-term schemes are possible under various assumptions about research goals is to build a user community to test how addresses are managed, such as per-device static scalability issues – see Section 8). Section 4 discusses IP addresses; beaconing with ring search for IP address the software environment, which required substantial discovery using fast broadcast [7]; or the “home engineering of device support software and integration address” concepts used in Mobile IP [11]. These issues of encryption and VOIP. Section 5 describes the are not central to the architectural question and while implementation and evaluation of the security features technically fascinating are beyond the scope of this of our system. Section 6 describes our experience paper. using the system. Section 7 concludes the paper with There are a variety of Voice Over IP (VOIP) our assessments of the contributions of this work and platforms. One such platform, the Nautilus [4] open desirable directions for follow-on work. source system includes encryption, provides a good basis for securing a peer-to-peer voice channel, using Diffie-Hellman [3] key exchange for each 2. Detailed Design Goals conversational session. We note in passing that Diffie- Hellman key exchange requires no external method of An Internet Mobile Phone is a mobile voice key management. communication device that uses the increasingly Easy implementation of the prototype suggested a prevalent wireless LAN access to IP. An IMP general purpose computing platform with a familiar experimental prototype must address the following programming environment, especially as much of the design issues: work required in integrating the components of the • IP based wireless networking system would be done in software. The wide range of devices supported by Linux, the availability of the • Security Architecture and Authentication Nautilus system, and a variety of embedded versions • Voice Communication System appropriate for single-board computer (SBC) • Device Operating Environment implementation motivated our choice. Among other • Hardware and packaging tasks to be detailed in Section 4, the software manages the bootstrap, authentication/contact lists, user IP based networking is a central design goal as it interface, call setup and teardown, networking, the allows us to address the larger hypothesis of the paper, voice codec and encryption. that wireless LAN technology provides a natural Our hardware design goals were first to use as many transition from circuit-centric to IP-centric mobile off-the-shelf components as possible, and to compose telephony.