Mobility Development Group Newsletter

February 2016

Live Webinar! - Multi-Mode System Selection (MMSS) for LTE Deployment

Multi-Mode System Selection (MMSS) for LTE Deployment

**This webinar will be presented in both English and Chinese.** 

English Version:

Date: February 16, 2016
Time: 9am (pacific), 11am (central), 12pm (eastern)

Chinese Version:
Date: February 17, 2016
Time: 10am (Beijing)

Presented by: Yuming Hu, Senior Staff Engineer, Qualcomm Technologies, Inc.

Mobile Cellular Network Operators around the world are deploying 4G LTE to complement their existing 3G networks (EV-DO, HSPA). The new multi-mode system selection (MMSS) procedure is critical for devices to operate on and roam to mixed 3G/4G networks.

This webinar briefly introduces the new features and MMSS required data files that have been included in the 3GPP/3GPP2 standards to support such multi-mode capable devices.

Featured Article

Identifier Politics
By David Crowe, Numbering Administrator, IFAST

Telecommunications systems need identifiers. When your only way to communicate is by changes in an invisible electronic or radio signal, unique numbers or names are the only way to distinguish one transmitter from another, whether that is a smart phone, tablet, base station or internet router. And it’s not just people inside the phone system, these identifiers end up everywhere from customer bills to court orders.

Identifiers are sometimes called numbers or addresses, but they all amount to the same thing. The most efficient representation of an identifier is as a hexadecimal number, but sometimes the use of a wide range of characters, especially letters, is important, such as in a domain name, even though it means that the vast majority of potential identifiers will never be used.

Addresses are identifiers that imply some routing capabilities although, confusingly, MAC Addresses, used to identify a physical internet connection, are not addresses, because they contain no routing information (unlike IP addresses). Phone numbers and MIN (Mobile Identification Numbers), on the other hand, are clearly addresses even though they are called numbers. And IMSI (International Mobile Subscription Identifier) is also an address, not just an identifier while the confusingly similarly named IMEI (International Mobile Equipment Identifier) is just an identifier (and a number), with no routing information.

One important concept to understand about an identifier (I’ll stick to that term) is what it identifies, and the nature of the association – permanent, long term or ephemeral. Sometimes there are multiple identifiers for one object that vary in the nature of the association. For example, a MAC address permanently identifies a physical internet interface (and the number is lost forever when the card or device goes out of service), while an IP address identifies an active interface, sometimes for the long term (e.g. a server) or sometimes ephemerally (e.g. a mobile device connected to a WiFi network for a few minutes or hours). An IP address is never permanent (even servers are subject to network reorganization).

Cellular phones are also physically and permanently identified, in this case by an ESN, IMEI or MEID. On the other hand, the wireless subscription, which is arguably more important, is identified by a MIN or IMSI and usually a phone number, and those numbers can easily be moved from one device to another, e.g. by moving the smart card. When a subscription is terminated, the association is broken, and the MIN or IMSI may later be used to identify another subscription. On the other hand, when a mobile device goes to device heaven (or the other place if it wasn’t good) the ESN, IMEI or MEID is lost forever.

Identifiers are usually, but not always, hierarchical, identifying multiple things. Serial numbers, for example, apart from identifying a specific device, usually also identify its manufacturer, something that is true for the MAC address (internet interface manufacturer), MEID (CDMA phone manufacturer), IMEI (GSM phone manufacturer), ICCID (smart card manufacturer) and the old ESN (AMPS, TDMA and CDMA phone manufacturers). Wireless subscription identifiers, both MIN and IMSI, not only identify an individual subscription, but also the home network.

Reflecting this hierarchy, identifiers are usually segmented into at least two parts, each identifying a part of the hierarchy. For example, the IMSI is divided into three – the MCC (Mobile Country Code, identifying a country), MNC (Mobile Network Code, identifying an operator within a country) and individual mobile identifier. This structure enables each country to administer its own numbers, without a central global authority, except when new countries, or pseudo-countries (eg. Mobile satellite operators) are added. Similarly, the IMEI and MEID are broken into an administrator code (first two digits), a manufacturer code (next 6 digits) and then an individual device serial number (6 digits).

Some identifiers are not segmented at all. An example of this is the SID (System Identifier) and BID (Billing Identifier) that identifies geographical clusters of CDMA cells, and also geographical areas within GSM and LTE system for billing purposes. Each SID or BID is a completely independent number, and conveys no information without going to a database of the full list of codes.

Administration of codes reflects the structure of the codes. Hierarchical codes are generally assigned by a hierarchy of organizations. If the hierarchy is more than 2 levels, as is the case with IMSI and IMEI, a global administrator will be needed to allocate the first part (e.g. ITU-T for the MCC portion of IMSI, GSMA for the first two digits of IMEI – the Reporting Body Identifier) and regional administrators for the second part (MNC for IMSI and Model Identifier for IMEI).

Hierarchical codes allow some information to be extracted from the codes without access to the full database of codes. For example, from the first few digits of IMSI or MIN you can determine the cellular operator, from IMEI, MAC or MEID you can determine the manufacturer. This requires a database, but a database with only a few hundred or thousand entries, whereas a database of all subscriptions or all devices would require a database with billions of entries.

An important question about identifiers concerns trust. If an electronic or radio device identifies itself by transmitting a number or other supposedly unique string, why couldn’t a device transmit a false identity to allow it to obtain service billed to someone else, or to obscure the real identity of the device?

The answer is that without some method of authentication, there is no reason why not (except moral qualms). During the 1990s hackers determined that transmitting the MIN of another AMPS phone allowed you to get free service. Without a method of authentication available the operators put in negative lists of bad ESNs, but this was easy to circumvent by simply using any random ESN not in the database. When the networks started checking that the MIN and ESN matched a valid subscription, hackers simply monitored the airwaves, picked up valid pairs of identifiers, and transmitted those. Eventually proper challenge/response authentication was standardized for all major cellular air interfaces, and the problem finally diminished.

Authentication protects cellular subscriptions, but there are still many identifiers that are not protected in this way, such as most hardware identifiers. Although there are some other types of protection for the IMEI and MEID, they basically rely on security-by-obscurity, and aren’t the ultimate shield provided by authentication.

But authentication is easier said than done. If authentication of hardware serial numbers like IMEI and MEID was implemented, the database of secret keys would need to be generated by the manufacturers who have no incentive to continue to support devices that have long ago been manufactured and sold. This would mean transmitting the secret keys to another entity. If it was the phone operators, it would have to include all phone operators that could possibly serve this model of phone, which could be a long list. Which would also mean that the secret keys were widely exposed, and likely to be compromised. Since this would be dangerous, the keys could be provided to a central service, or perhaps a handful of such services, presumably funded jointly by the operators. Clearly this would be an expensive and complicated venture, and the need has not yet risen to the point where the cost is justifiable (or has been imposed by governments).

A perennial problem with identifiers is exhaustion, which usually occurs long before all the numbers theoretically available have been exhausted because of a problem with the hierarchical structure of the identifier. For example, although the old ESN could identify 4 billion devices in theory, it was structured to identify only 255 manufacturers. Each manufacturer got 17 million numbers, far more than most manufacturers ever produced. This eventually forced the transition to the MEID, which will outlast CDMA by several centuries as it can identify 27 quadrillion devices.

Even the IMEI, which is a much bigger identifier than ESN, theoretically identifying 100 trillion devices, was badly structured at first, leading to fear of exhaustion. Luckily the problem was caught in time, the structure of the identifier was simplified, so more of it could be used, and the problem of exhaustion receded to future centuries.

The all-important IMSI continues to be a worry, because it was structured in GSM and CDMA to only allow 2 digit Mobile Network Codes, i.e. 100 per country. This led to several countries having to be assigned multiple Mobile Country Codes (the USA has 7, for example). Eventually the world could run out of country codes with only a tiny fraction of the theoretical identifier space in use.

Another famous example of exhaustion is the IPv4 address, which theoretically identifies 4 billion active internet interfaces. But there is a conundrum, because right this minute there are probably well be more than that in use. The resolution of the apparent conundrum is that people learned how to effectively extend the IPv4 address from 32 bits to 48 bits through private IP addresses and Network Address Translation that uses the 16 bit port number as an extension to the address. IPv6 has long been promoted as the solution for exhaustion, but it is so disruptive that most internet engineers have preferred to work with kludges that keep IPv4 alive.

Identifiers will always be critical to telecommunications and the inherent problems of exhaustion, security and adaptation to new identifiers will always be there. To design the perfect identifier is easy if you can see far into the future. But nobody can, so even new identifiers may have problems. But it is certainly true that those who don’t study identifier history are doomed to experience an identity crisis.

About the Author:

David-BDPDavid Crowe
Numbering Administrator, IFAST

David Crowe has been in the wireless industry since leading the software design for an early wireless switch in the 1980s. Since 1992 he has been a consultant in wireless technology, software design, core network and smart card standards, and identifier systems. He has written for numerous industry publications and published his own newsletter from 1992 through 2004. He can be reached at or +1-403-289-6609.

Webinars Now Available on Demand!

Service Provider WiFi: Deploying Unlicensed Access for 4G Mobile Networks

By: Dave Dukinfield, Senior Systems Engineer, Cisco

This webinar discusses how integration of non-licensed WiFi into your EPC for off load or VoIP has been both standardized and deployed in many operator networks.

Intro to M2M Technologies: What Wireless or Wired Option is Right For Your Company or Products

By Syed Zaeem Hosain, ‘Z’, CTO, Aeris Communications, Inc.

This webinar reviews the reasons for deploying an M2M and IoT application, the connectivity and technology options available and their characteristics, the future of cellular IoT, and the future challenges for these implementations.