Update: Synopsys Expands Security Solutions with Acquisition of Elliptic Technologies (June 29, 2015)
By Elliptic - Al Hawtin, VP Marketing and Business Development
AT&T customers in Charlotte, North Carolina have the good fortune of being the latest subscribers that are can now able to sign-up for a femtocell which offers consumers reliable, high-bandwidth mobile services at home. A femtocell is a miniaturized version of a cell site that a customer installs at home and connects to a DSL or cable modem. For the carrier, it offers substantial benefits as it can extend the service coverage to the difficult to reach residence while at the same time offloading the mobile network macrocells from some of the heaviest use by piggybacking on top of an ISP’s network. For consumers, a femtocell offers a reliable, high-speed service and supports roaming through transparent handoff from the femtocell onto the mobile service provider’s network for continuity of service for calls originating in the home and transferred to the mobile network, and vice-versa. User reaction in the trial sites markets has so far been very positive.
The market forecasts for femtocell deployment suggest that the service providers will overcome these deployment challenges and achieve significant shipment of femtocell based services in the coming five years are all quite bullish. In-Stat for example projects that the femtocell market will achieve 46% compound annual growth rate from 2008 to 2013 and pass $1B in sales by 2013. Berg Insight forecasts that femtocell shipments will grow from 0.2 million units in 2009 at a compound annual growth rate of 127 percent to 12 million units worldwide in 2014. It also projects that the number of users that connect to a femtocell on a regular basis will surpass 70 million. With trials underway by Vodaphone in the U.K., AT&T, Sprint and Verizon in the United States and Softbank in Japan, it appears that the deployment is getting off to a very healthy start.
This article offers background on how femtocell networks are constructed, offers a snapshot on standardization and interoperability efforts and then digs in to the important security requirements that are vital to successful deployment of femtocells.
Femtocell Networks
Several years ago, mobile handset manufacturers rolled out dual-mode devices which supported both traditional mobile networking (such as GSM, CDMA, etc.) capabilities along with a Wi-Fi mode which offered the ability to use a WLAN access point for voice and data services when an access point is available. This class of handset met with some success but mobile operators tended to steer away from them fearing that the WLAN mode would reduce ARPU (Average Revenue Per User). There was also the big problem for users that there was no way for a call to be handed over from WLAN mode to the mobile network which was a big problem for users. But the idea was viewed as having merit but only if handover was included, and therefore the concept of a femtocell was created. A femtocell offers a local mobile cell site to customers that enhances the capabilities of the mobile network where the service demand is highest - in the customer’s home, and supports the same RF standards as the macrocell enabling transparent handover. The network topology for a femtocell is shown in Figure 1.
Figure 1 Femtocell network topology
There are three major concerns that network designers are dealing with in the deployment of femtocell based networks:
- Existing mobile networks were not designed to handle large numbers of cell sites but rather a small number of macrocells connected over a dedicated backhaul network;
- Cell site engineering has become very sophisticated to optimize service coverage while managing potential interference problems among users and sites. The potential for a large number of femtocells distributed randomly across a service area was is a big unknown for the operations teams; and
- Backhaul over an ISP network is also a concern with issues relating to quality of service and security that might affect customers’ experience with femtocell based services.
The femtocell industry has worked closely with the 3GPP and defined a new mobile network element known as a Home Node-B Gateway or HNG. In essence it acts as a proxy for a macrocell and supports thousands of femtocells (which are defined by 3GPP as Home Node-B network elements). This will make the addition of the femtocell into existing mobile networks relatively transparent to existing equipment, solving the first deployment issue.
The question about RF interference is trickier to manage. On the one hand, femtocells are generally installed indoors and therefore the RF signal will be greatly attenuated outside the home, thereby significantly reducing interference. On the other hand, network operators must deal with customers wherever they are in the service area so they lose control of site selection. This will make interference management challenging and network operators appear to be testing and learning to understand what issues may arise. Many femtocells are equipped with GPS capabilities which allow the network operator to restrict where the femtocell is used. This will prevent a customer from removing the femtocell from home and taking to work or to the cottage minimizing one possible concern for the operators. The interference issue does however remain an ongoing challenge that network operators are working there way through.
The last issue that has to be dealt with is using the ISP network for backhaul. There are two elements to this discussion. Will the ISP network offer the quality of service and present a sustainable user experience for the customer? This is a major, unanswered question as the traffic mix being considered is quite challenging - combining low latency voice traffic with email, video and texting services. And this traffic must traverse a network the mobile service provider has no control over. This should represent an interesting challenge to the service provider and suggests that successful, widespread deployment will require close interaction between the mobile service provider and ISP networks operators used for backhaul.
On the security front, the FemtoForum has collaborated with ETSI to build a sophisticated security model for femtocell based networks that is robust but easy to administer. This will be explored in more detail in the next section of the article along with a discussion on the optimum hardware solution required for SoCs targeted at femtocell applications.
Security in Femtocells
Security for femtocell networks spans several distinct requirements. The service provider must authenticate users as they arrive on the network. The RF link between the handset and the femtocell must be secured for both user and control plane traffic. And lastly, the mobile network traffic must be placed into a virtual private network as it traverses the wired ISP network to ensure that the traffic is protected while transiting this public network and only authorized users can forward traffic to the mobile operator's network. The first two elements of the security equation are specified by the existing mobile network standard (i.e. GSM, CDMA, etc.) as the handset will interact with the femtocell as if it where a macrocell. The use model for the VPN established between the femtocell and the carrier network has been defined by ETSI and is based upon the well known IPsec standard. Lastly, there is also the requirement to support voice-over-IP or SIP security which is governed by the IETF standard known as SRTP (Secure Real-time Transport Protocol). Therefore, the solution set required for a femtocell is a complex amalgam of well known security standards knitted into a comprehensive solution.
There is however one very important element of femtocell security which makes the implementation significantly more complex. This relates to latency, which must be carefully managed especially for applications such as VoIP/SIP. Compounding this challenge is the unknown nature of the latency across the ISP network, which has resulted in service providers requiring latency in the femtocell to be minimized. As a result of this stringent requirement, SoC designers are adopting sophisticated traffic management features in the femtocell SoC and software to meet the latency requirements.
The bandwidth required to implement femtocell security is in the 30-50 Mbps range. A typical design would accommodate the following requirement (which has room for growth in the number of subscribers to 8 users (for SOHO and SME applications for example) and for the higher bandwidth forecasted as LTE networks begin commercial deployment in 2011.
Channel | Bandwidth | # channels | Total Bandwidth | Crypto Bandwidth |
Voice | 64 kbps | 16 | 1 Mbps | 2 Mbps |
Data | 2 Mbps | 16 | 32 Mbps | 64 Mbps |
Control | 10 kbps | 9 | 90 kbps | 0.2 Mbps |
Overall total | 33.1 Mbps | 66.2 Mbps |
Table 1 Bandwidth Requirements for Femtocells
The cryptographic bandwidth is calculated by taking the total traffic bandwidth in the femtocell and multiplying it by two to reflect the fact that both the downlink and uplink channels must be encrypted and that in the worst case situation all traffic may have to be both encrypted as well as authenticated using an algorithm such as SHA-1, SNOW 3G or KASUMI. This therefore represents the maximum expected capacity crypto bandwidth required and is achievable today with a cost effective hardware offload engine. The core selected could also support Wi-Fi connections as well if required for dual-mode handsets with 802.11n capabilities, and WiMAX as an option for the ISP network, as these are both based on the AES-CCM cipher modes which can be used for both IPsec and Wi-Fi and WiMAX.
For femtocell SoC applications, Elliptic recommends using the CLP-46 SPAcc (Security Protocol Accelerator). This core is highly configurable which allows customers to tailor the design to meet their specific requirements - both in terms of the algorithms supported and the bandwidth of the cores used in the configuration. The core also has DMA master, interrupt coalescence and traffic management capabilities which are very important to ensure that both the bandwidth and latency requirements can be met with low demand for processor cycles. The block diagram of the SPAcc is shown in Figure 2.
Figure 2 CLP-46 SPAcc block diagram
The CLP-46 in this case would be configured to support a number of different cipher and hash algorithms that would be required for mobile networks around the world. The following table outlines a one possible configuration:
Algorithm | Description | Application | Comment |
SNOW 3G | Encryption and Message Authentication | LTE | For LTE Release 7/8 and LTE Advanced |
KASUMI | Encryption and Message Authentication | UMTS | For 3G GSM networks |
AES-CCM | Encryption and Message Authentication | WLAN/WiMAX | For Wi-Fi – dual mode handsets; For WiMAX ISP networks |
AES-CBC | Encryption | IPsec | For backhaul over ISP networks |
3DES | Encryption | IPsec | For backhaul over ISP networks |
SHA-1/-2 | Authentication | IPsec and SRTP | For backhaul over ISP networks |
AES-f8 | Encryption | SRTP | For encrypted VoIP/SIP applications |
Table 2 Sample SPAcc configuration for femtocell applications There are many important features of the CLP-46 SPAcc which combine to offer a solution that is well optimized for femtocell applications. The engine’s powerful packet processing capabilities provide almost complete offload of crypto processing from the SoC embedded processor. Figure 3 illustrates how the packet processing processes packets or packet fragments by parsing pointer lists passed to the engine from by the embedded processor.
Figure 3 Data Descriptor ConceptThe diagram illustrates the concept of the pointer table (known as a Data Descriptor Table or DDT for short) which is created to instruct the CLP-46 SPAcc how it must process packets or packet fragments. The DDT consists of a list of addresses of a packet or packet fragment in memory and the length of each packet or fragment. The CLP-46 SPAcc will process the DDT list until it encounters a Null, Null pointer. It will DMA the packet or packet fragment into the engine, do the specified operation (i.e. encrypt, decrypt, message authentication generation or message authentication checking) then place the processed packet back in SoC memory when finished. The entire process is accomplished without intervention of the processor.
The CLP-46 SPAcc configuration suggested for femtocell applications has the QoS feature enabled. A femtocell must manage traffic of very different characteristics all the way from very small (<64 bytes), latency critical packets for voice all the way up to jumbo packets and datagrams (9-64 kB) for email, photos and video applications. This brings into play the head of line blocking challenge where, for example, a jumbo packet may be processed to completion while a voice packet is waiting for the engine. With the QoS feature in the SPAcc, latency sensitive traffic is assigned to the high-priority command queue while other traffic is assigned to a lower priority queue. The CLP-46 SPAcc monitors the queues and if a high priority command appears while a lower priority packet is being processed, the CLP-46 SPAcc can stop the low priority packet processing, preserve the state of the processing then switch to process the latency sensitive traffic. This feature is essential to meet the strict latency requirement found in femtocell applications.
Another very important capability in the CLP-46 is interrupt coalescence. Elliptic has extensive system level understanding of embedded systems as the company has both hardware and software developers. As such, Elliptic works closely with customers in the creation of the total solution. It was very evident to Elliptic designers that even a well designed real-time operating system (RTOS) can suffer significant degradation when processing a large number of interrupts. It is therefore extremely important to build a hardware offload solution which can manage interrupts to ensure that the processor is interrupted only after a certain number of hardware cryptographic operations are complete. This reduces the number of context switches that the RTOS must manage for interrupt processing and significantly improves the overall system performance. Figure 4 illustrates this performance improvement.
Figure 4 Interrupt CoalescenceThese combined features offer SoC designers a high-performance, low latency hardware solution perfectly suited for demanding femtocell applications.
The CLP-46 SPAcc is available from Elliptic for immediate licensing and is offered in combination with Ellipsys software to provide a comprehensive solution from the embedded security professionals at Elliptic. Elliptic also offers a variety of other solutions for other mobile applications with a complete suite of LTE and LTE Advanced hardware cores ranging from cores suited to low power consumption handset applications and very high throughput engines targeted at multi-sector, multi-protocol eNodeB base stations.