behavior analysis of smartphone - huawei...ran attacker ms ip pool sgsn ggsn mobile network 7...
TRANSCRIPT
Behavior Analysis of Smartphone
version 1.1
Behavior Analysis of Smartphone
1 Background ...................................................................................................................1
2 Always-on-line application .............................................................................................2
3 Always-on-line PDP context ...........................................................................................4
4 Fast Dormancy ................................................................................................................7
5 Summary .....................................................................................................................9
1
Background
Years ago, when smartphones were introduced to the market, they were
promoted as devices to help the busy, on-the-go, business professional. It was
a tool primarily made available to access one’s email, calendar and contacts
when away from the office or travelling. Today, that is far from the case –
they are integrated into the daily lives of all types of people.
According to the statistics of Gartner, Smartphone sales to end users totaled
61.6 million units in the second quarter of 2010, a 50.5 percent increase from
the same period in 2009.
But unfortunately, with the widespread introduction of smartphones, mobile
network operators are confronted with new challenges: congested network
resources, worsening network KPIs and increasing complaints from end
users. Smartphone has changed the mobile network greatly the same way
it did to the world. How does Smartphone behave? How does it affect the
mobile network? The answer falls back on the basic three characteristics of
smartphones:
Always-on-line applications ●Always-on-line PDP context ●Fast dormancy ●
Open operating system, which distinguishes the smartphones from feature
phones, enables the mobile phone software developer to design various
programs similar to the ones running on desktops. Business, games, news,
instant messaging, entertainments and even the latest social networking
service, almost every application has its mobile-oriented version on
Smartphone. Experience expectation from end users for real-time service
demands the applications to be always-on-line, so does the lower layer
bearer, the PDP context. Compared with the steady power supply of
desktops, however, Smartphone is equipped with small, limited battery, which
will impact the application and OS behavior.
2
Always-on-line application
Portable and smart as it is, smartphones allow people to access the Internet
anytime anywhere for any kind of service. Users expect to get up-to-date
information from the network timely with the help of smartphones.
For real-time web services, a logical always-on-line connection between the
client and the server is required. Frequent or periodical heartbeat packets,
the most possible mobile signaling triggers, work as the keep-alive packets
to maintain the C/S connection, but they are more than keep-alive packets.
Three interaction technologies are mainly used for smartphone applications
with different heartbeat characteristics:
Pull/Polling
Pull or polling technology is a style of network communication where the
initial request for data originates from the client, and then is immediately
responded to by the server. Every polling procedure corresponds to a
heartbeat.
For pull technology, Iu signaling may be triggered by uplink polling request.
Long-polling
Long polling is a variation of the traditional polling technique and allows
emulation of an information push from a server to a client. With long polling,
the client makes a request for information to the server, which is kept open
until the server has new data available or after a suitable timeout.
Iu signaling may be triggered by uplink polling requests and the downlink
responses.
Push
With push technology, the server pushes the new content or notification
directly to the client, whenever new information is available or certain event
happens. Periodic keep-alive packets are sent by the client just to inform the
server of its activity.
Iu signaling may be triggered by uplink periodical keep-alive packets,
downlink notifications and uplink data synchronization requests.
3
For iPhones, the most popular applications are based on pull technology,
except the APNS.
While for HTC android smarthones, the IM and social networking client
applications are basically implemented on polling technology.
App on iPhone Pull(Polling) Long-polling Push
Twitter 50s/205s
eBuddy 5 or 6s
Facebook 5 to 60s
APNS 10~15min
App on HTC Android
Pull (Polling) Long-polling Push
Twitter 5min
Facebook30m/1H/2H/4H/Never
MSN 40 to 60min
Google Talk 30min
As for smartphones of symbian system, the proprietary Nokia messaging
application is based on long-polling with adjustable heartbeat interval.
As can be seen, for most applications on mobile devices, polling technology
is used widely, and the same application can be implemented with different
technology on different platforms and represent different heartbeat
characteristics, such as the Facebook application.
Besides, self-adaptive heartbeat is usually adopted by applications to adjust
with the network constraint from session TTL of firewall or other NAT devices.
App on Nokia symbian
Pull (Polling) Long-polling Push
Nimbuzz 2min 39s
Nokia Messaging
5m to 30m
4
Always-on-line PDP context
Always-on-line application requires a permanent IP connection, thus gives rise
to the Always-on-line PDP context.
Source: HUAWEI Smart Lab
As can be seen, smartphones on android OS generally attach to GPRS
network and activate a PDP context at once with the mobile phone power
on. A mobile network dominated with android smartphones may expect high
GPRS penetration rate and PDP activation rate.
In contrast, iPhone 3.0 only get attached with power-on, the PDP context
is activated by applications launch. In case that push notification function is
enabled, the PDP context can be activated by default when the push task is
started to run background.
As for smartphones based on window mobile OS, the access to GPRS
network is completely triggered by applications, for instance, when the user
opens a web browser or sends an MMS.
PDP context deactivation may happen when the upper layer application quit,
or most typically, when the mobile phone is powered off. It can also occur
due to user inactivity when no data is transmitted on the PDP for a certain
period of time, or due to screen auto lock for battery saving of smartphones.
GPRS Attach PDP Context Activation
Type/OS Power OnTriggered by application
Power OnTriggered by application
iPhone 3.0 Y Y
iPhone 4.0 Y Y
Nexus One(Android)
Y Y
HTC HD2(WM) Y Y
5
Source: HUAWEI Smart Lab
Source: HUAWEI Smart Lab
If the PDP deactivation is initiated by core network in case of network failure
or other cases, the smartphones respond diversely. HTC HD2 accepts the
deactivation request normally while iPhone 3.0 and Nexus one on android
OS re-activate PDP context instantly after the deactivation, which may
be attributed to some inherent always-on-line applications such as Push
Notification on iPhone.
Always-on-line PDP feature changes the traffic model of mobile phones
greatly. Longer PDP context duration means less PDP activation attempt in the
busy hour but possible more Iu signaling procedures such as paging, service
request and Iu release.
At the same time, always-on-line PDP context consumes the static resources
of network equipment, which is ultimately limited by the physical memory
size of the equipment. Besides, as an IP address may be occupied for a
long period of time, more IP addresses are needed for the concurrent PDP
contexts.
PDP Deactivation by MS
Type/OS Application quit Screen Lock Power off
iPhone 3.0 Y Y
iPhone 4.0 Y Y Y
Nexus One(Android)
Y
HTC HD2(WM) Y
PDP Deactivation by Core Network
Type/OSDeactivation Accept
Deactivation Ignore
Re-Activate PDP After Deactivation
iPhone 3.0 Y
iPhone 4.0 Y
Nexus One(Android)
Y
HTC HD2(WM) Y
6
Furthermore, always-on-line PDP context also leaves the Smartphone a
permanent IP reachable endpoint in the IP network and subject to malicious
programs, such as virus attacks. Compared with the wired Internet, the
attacks destined to mobile Internet devices not only threaten the smartphones
but also endanger the mobile network. For example, an intensive IP address
scan/sweep attack on MS can evoke a paging storm, and consequently,
a connection setup storm, which would overload the mobile network
equipment such as the RNCs and the SGSNs.
RAN
Attacker
MS IP POOL
SGSN GGSN
Mobile Network
7
Smartphone Type
UE Software UE Sending SCRI or Not
Time for UE to Send SCRI After Data Transmission
Samsung360 NO NO
SonyEricsson X10 R2BA013 YES around 5 to 10s
Black berry Storm YES around 3 to 10s
Black berry Bold YES around 3s
iphone Pre-comercial iPhone
YES around 10s
iphone 3.1.2 YES around 10s
Nokia5800 NO NO
HTC g6 2.1 YES around 5s
Fast Dormancy
Most Smartphones adopt fast dormancy, a feature formally defined in 3GPP
R8, to enhance UE battery performance. Release-8 fast dormancy feature
extends SCRI message with a cause IE indicating to the network that the UE
no longer requires currently assigned radio resources due to PS session end.
On receiving SCRI with this cause, the RNC may initiate a state transition to
an efficient battery consumption RRC state such as IDLE, CELL_PCH, URA_
PCH or CELL_FACH state.
But for most smartphones, the pre-R8 fast dormancy implementation is a
little different from the standard Release-8 version. Smartphones send SCRI
messages without cause IEs, which is originally defined for UEs in abnormal
cases to indicate to the UTRAN that one of its signalling connections has been
released. In such cases, the RNC may release the RRC connection as well as Iu
connection, change the UE to IDLE mode. Thus any subsequent packet data
transfer requires the connection to be set up again at first.
According to the SCRI test result, smartphones such as iPhone, HTC G6 and
Black berry send SCRI shortly after the data transmission to save battery, in
less than 3 to 10s. It is obvious that for a mobile network dominated by these
kinds of smartphones, to transfer to IDLE state for fast dormancy would give
rise to frequent mobile signaling interaction.
Source: HUAWEI Smart Lab
8
In order to avoid frequent connection setup and tear down, most RNC
vendors prefer to change the UE into PCH state rather than IDLE state on
receiving SCRI message. At the cost of a slight more battery consumption,
transmission to PCH state can keep Iu connection and RAB unreleased. But
problems still remain. Being a proprietary feature, pre-R8 fast dormancy
implementation may vary with Smartphone models, hardware, operating
system and software version. Some smartphones change to IDLE state
directly after sending SCRI regardless of the indications from RNCs. Some
smartphones may send SCRI again even in PCH state. Some may fail to
transfer from PCH back to FACH or other state for data transmission with the
result of returning to IDLE state again. Due to mobile phone compatibility
problems, pre-R8 fast dormancy feature remains an uncontrollable feature for
legacy network to some extent.
For UEs that never send SCRIs such as Nokia5800 and Samsung360, the state
transfer is controlled by RAN. RNCs can choose to change the UEs to IDLE or
PCH state when certain implementation dependent timers expire.
9
Summary
Smartphones impact the mobile network greatly due to its three
characteristics. Always-on PDP context calls for more resources such as SAU,
PDP storage, IP address for concurrent PDP contexts. Fast dormancy for
longer battery life tends to release connection immediately after each data
transmission. Heartbeats of always-on-line applications together with other
service packets result in frequent data transmission on smartphones. As a
result, repeated connection setup and release accompanied by vast mobile
signaling would overload the mobile network.
Signaling congestion can be solved partially by solution of Cell/URA PCH.
But due to the uncertainty of smartphone implementation for pre-R8 fast
dormancy feature, frequent connection setup and release is inevitable in
certain scenarios. Hence, capacity expansion would be an effective and simple
solution which meets the requirement for static resources consumption and
signaling processing capability as well.
What’s more, smartphone service results in frequent paging, which brings
extra high paging’s load to PS CN and BSS. Huawei provides “Smart Paging”
solution to reduce the paging messages between the SGSN and PCU/RNC.
Huawei also provides “Smart Direct Tunnel” solution to reduce the signaling
impact to the GGSN. SGSN identify the specific smartphone and disable Direct
Tunnel for the specific smartphone. These solutions can be candidates for the
deployments to optimize the smartphone’s impacts.
Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
NO WARRANTY
THE CONTENTS OF THIS MANUAL ARE PROVIDED “AS IS”. EXCEPT AS REQUIRED BY APPLICABLE LAWS,
NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN
RELATION TO THE ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI
TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL
DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS
ARISING OUT OF OR IN CONNECTION WITH THE USE OF THIS MANUAL.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-016070299-20101102-C-2.0
www.huawei.com