Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cellphones Communications Networking

Open Source GSM Network At Dutch Hacker Convention 141

solevita writes "Harald Welte, who's been interviewed previously by Slashdot, has written on his blog about operating an Open Source GSM network at the recent HAR2009 conference. Photographs and a description of the setup, run under license of the Dutch regulatory authority, are provided; essentially the setup consisted of a pair of BTS' (Base Transceiver Stations) running at 100mW transmit power each and tied to a tree. In turn these provided access to the Base Station Controller (BSC), in this case a Linux server in a tent running OpenBSC. The system authenticated users with a token sent via SMS; in total 391 users subscribed to the service and were able to use their phones as if they were on any other network. Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future."
This discussion has been archived. No new comments can be posted.

Open Source GSM Network At Dutch Hacker Convention

Comments Filter:
  • What are the costs? (Score:5, Interesting)

    by bogaboga ( 793279 ) on Sunday August 16, 2009 @07:18PM (#29087267)

    Can someone put a figure on the cost of equipment involved? This would be very useful for folks on large farms where radio (read Walkie-talkies) do not cut it.

    • by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Sunday August 16, 2009 @07:24PM (#29087299) Homepage

      I'm not surprised that little walkie-talkies might not work over long distances. FRS radios (which may not be legal for commercial purposes) are limited to 1/2 watt.

      Amateur Radio would certainly work, with handhelds easily available that do 5W (such as the Yaesu VX-7R) or you could get models designed for cars that do much more.

      The only problem with ham radio is you aren't allowed to use it for business purposes, so for anything other than chatting between farm hands you couldn't use it.

      The only real problem I've seen with little radios like the VX-7R tend to be that the interfaces are horrible. They come from the "here is 20 buttons and 3 function keys, plus holding means something" school of interface design. I don't know if there are any with better interfaces.

      Ooh! I know what you need. GMRS [wikipedia.org] radios can be up to 50 watts and used for commercial purposes (I'm pretty sure). You need a license, but there is no test, just a fee (according to Wikipedia).

      • by DarthBart ( 640519 ) on Sunday August 16, 2009 @08:05PM (#29087533)

        Yes, my father and I ran a GMRS radio system with a phone patch many many years ago. The primary customer was my uncle with his well drilling & service company, along with a few realtors.

        There was a 50 watt repeater on the top of a hill, running on the 450Mhz band.

        • Re: (Score:2, Informative)

          by Anonymous Coward

          GMRS cannot be licensed for businesses in the US. There are some business users who were grandfathered in when the rules changed. GMRS is licensed to individuals for their and their immediate family's use. This could include business activity though. Also you're not licensed a set frequency, rather a collection of frequencies which make up the GMRS service.

          http://wireless.fcc.gov/services/index.htm?job=service_home&id=general_mobile [fcc.gov]

          However, you can acquire a license for your business and depending on yo

      • I'm not surprised that little walkie-talkies might not work over long distances. FRS radios (which may not be legal for commercial purposes) are limited to 1/2 watt.

        That's why you can buy commercial radios, which output up to about 5W, or more for vehicle installations. Of course, you need a licence for those (at least in the UK, and I don't see why it would be different anywhere else). Typically what you'd do is program them to work split (ie. transmit 6.5MHz above the receive frequency) and mount a bas

    • by TheRaven64 ( 641858 ) on Sunday August 16, 2009 @07:25PM (#29087301) Journal
      And the legal issues. I was under the impression that the GSM frequencies were licensed and could only be used with permission of whoever bought that slice of the frequency. Are there any special exemptions for very low power transmitters?
      • by Cyberax ( 705495 )

        Depends on country. For example, in Russia it's legal to use licensed frequencies for low-power transmissions for indoor use. It's illegal to interfere with licensed devices, though.

        • Re: (Score:1, Funny)

          by Anonymous Coward

          Really? I thought in Soviet Russia, frequency licenses you!

      • by multisync ( 218450 ) on Sunday August 16, 2009 @07:37PM (#29087393) Journal

        I was under the impression that the GSM frequencies were licensed and could only be used with permission of whoever bought that slice of the frequency

        Isn't that what the summary was referring to when it stated: "run under license of the Dutch regulatory authority"?

      • by EelcoV ( 891840 )
        If there is spectrum available, and if licensed spectrum users are not harmed in their rights, and if there is a bona fide reason for running an experiment, then an experimental license can be granted, with limitations on transmission power and duration. The fee will be cost based, unlike the commercial GSM licenses, which were auctioned.
        • Re: (Score:3, Interesting)

          by Lennie ( 16154 )

          What is also interresting, a lot of commercial licences will run out in a few years and as everything seems to be moving to newer sutff like 3G (and a lot of people seem to get a new phone every few years), their might be a slight chance the operaters don't want to extended the existing licences. This will mean existing channels might start to free-up. And it might be a lot cheaper to get such a license ? But we'll have to see if that will really happen.

          • There are still new phones being sold though that are GSM* only. Hell even the expensive iphone only got 3G in it's second iteration.

            And while heavy/rich users may change thier phones every couple of years lighter users often don't.

            Given these factors I don't see GSM going away any time soon.

            *In GSM I include GSM packet data extentions like GRPS and EDGE.

    • by bushing ( 20804 ) on Sunday August 16, 2009 @07:42PM (#29087419) Homepage

      Can someone put a figure on the cost of equipment involved? This would be very useful for folks on large farms where radio (read Walkie-talkies) do not cut it.

      The setup seems to be:

      • two BTS with two TRX each - Each BTS is a surplus Siemens BS-11, which they are selling for 300 Euro [gnumonks.org]. (I almost bought one at 25C3, until I realized they were almost 46 Kg each)
      • two antennas -- included in the purchase price of the BS11
      • E1-to-PCI interface card - 350 EUR

      So, I'd call that about 1000 EUR, not including the Linux PC driving the whole setup.

    • by socsoc ( 1116769 )
      How large are the farms, did CB not work out? Have you tried radios that aren't consumer branded, but require permits? I've seen the latter work very well in mountainous areas over quite a distance.
    • by obi ( 118631 )
      Another option might be a DECT cordless phone network - I vaguely remember it being used in Italian city centres as an alternative to cell phones.
      • by rvw ( 755107 )

        Another option might be a DECT cordless phone network - I vaguely remember it being used in Italian city centres as an alternative to cell phones.

        In Italy you can use the Washing Line [gettyimages.com] communication protocol. Just have a big mamma on each side holding the line, and some tin can from the pasta sauce ready and there you go! This is ideal for passing news around. It spread like you've never seen. The Internet is nothing compared to this.

      • by mcvos ( 645701 )

        Another option might be a DECT cordless phone network - I vaguely remember it being used in Italian city centres as an alternative to cell phones.

        DECT phones are also popular on HAR2009 and similar events. This time we had two alternative phone networks to choose from.

    • by suntac ( 252438 )

      Some information is given on the costs during the talk, you can find links to the video archive of the talks at https://wiki.har2009.org/page/Media [har2009.org]

      some of the pages are currently down I think because the event network is down however servers should be on the move back to the datacenter. Some of the links are currenlty working so you can already have a peak.

      Regards,
      Johan Louwers.

  • by Whuffo ( 1043790 ) on Sunday August 16, 2009 @07:20PM (#29087281) Homepage Journal
    My home telephone is a SIP phone and I don't have to play the AT&T game anymore. So how long until cell phone service is dirt cheap?
  • OpenBTS? (Score:1, Interesting)

    by Anonymous Coward

    Why not use this?

    http://openbts.sourceforge.net/

    • Re:OpenBTS? (Score:4, Interesting)

      by zeromorph ( 1009305 ) on Monday August 17, 2009 @02:24AM (#29089107)

      Because they are running Siemens base stations and for that Harald started OpenBSC. Both projects are under GPL and are in close contact as far as I know.

      Harald had a talk at 25C3 [chaosradio.ccc.de] about their project, and were running a small setup there in the basement. AFAIK, because all frequencies are sold in Germany - there should be at least one for independent testing, but they sold all to the telcos - maybe that's why they are running the larger test in the Netherlands now.

  • what it means (Score:5, Interesting)

    by phantomfive ( 622387 ) on Sunday August 16, 2009 @07:43PM (#29087423) Journal

    Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future

    What this means by 'surprises' is people hacking the network and getting free phone calls. It's a whole new generation of phone phreaking, except it's not as cool because phone calls around the world are super cheap now anyway (or free using skype), and we can do conference calls with as many people as we want easily. So now it's probably not worth the effort. If you can rerout numbers, that might still be cool.

    I know for a fact that there are vulnerabilities in the CDMA network, and I don't know as much about GSM, but I have no reason to believe there wouldn't be vulnerabilities in those networks.

    Or maybe someone else can think of a use for this, that isn't covered by CB radio already? Besides being cool, I mean.

    • Re: (Score:3, Insightful)

      by bhtooefr ( 649901 )

      CB is rather bandwidth inefficient, though, and can't handle multiple users well. Then again, allowing average Joe to throw up a cell tower isn't the greatest of ideas for spectrum utilization, either.

      • by socsoc ( 1116769 )

        can't handle multiple users well

        It can handle it just as well as any other multiparty radio system

        • Very true, but my point was more that the GSM protocol is specifically designed to handle quite a lot of users on one tower, and to keep them from stomping on each other or on other towers by keeping power down, whereas CB users usually blast full power (or even illegally high power.)

          A modified GSM (or CDMA, or even AMPS) system would be interesting to see in amateur radio, where one should only use the minimum amount of power necessary to make the contact. Modified because you'd want to remove all billing,

      • Re: (Score:2, Insightful)

        by maxume ( 22995 )

        Is there anywhere on the planet where spectrum utilization is demonstrably worse than it is in the United States?

        I don't think the FCC does a terrible job, or even a bad job, but people are, in general terms, pragmatic and lazy, so I wonder just how tragic this particular commons would be in the long term.

    • I know for a fact that there are vulnerabilities in the CDMA network, and I don't know as much about GSM, but I have no reason to believe there wouldn't be vulnerabilities in those networks.

      Vulnerabilities? You make it sound like there is some level of security. There is none.

      First of all, you have no idea what software is on your phone. Somebody from the phone company could remotely access your phone and you would have no idea. A third party could potentially access your phone as well.

      Second,
      • That's all pretty much the same as with regular phone calls over copper. When I said security issues, the only additional thing I was thinking about was now it won't be long before people start making free phone calls.
      • Re: (Score:1, Informative)

        by Anonymous Coward

        Fifth, cellphones are required to broadcast your physical location (E911). You can't turn it off, you can't access the data,

        How? Unless it has GPS, your cellphone doesn't know anything about your physical location. It can be determined by the relative signal strengths received by each tower as your phone stays on the network, but whining about that is like saying "your computer is broadcasting an IP address!!!!!!!"

        and you actually pay for it on your bill.

        I'm in Europe and have a prepaid SIM, which is rene

        • Re: (Score:3, Informative)

          by SaDan ( 81097 )

          You are in Europe, which may explain why you don't know this bit about all cell phones sold in the US: All phones are required to have GPS or have the capability for triangulation for E911 purposes as of a few years ago. http://en.wikipedia.org/wiki/Enhanced_911 [wikipedia.org]

          • by amorsen ( 7485 )

            In Europe we simply let the network do the triangulation. Any phone will work. The Wiki page doesn't seem to specify whether the US system is handset-based or network-based.

            • Re:what it means (Score:4, Informative)

              by Otto ( 17870 ) on Monday August 17, 2009 @08:40AM (#29090871) Homepage Journal

              It varies depending on the phone, the carrier, etc.

              Most carriers have the ability to use the time difference of arrival on multiple towers to determine a general position, and this data is sent along to the call centers when a 911 call is made. This works with any phone. Problem is that it's pretty inaccurate. You can only narrow it down to a block or two, at best. Advanced methods of this can be more precise, but it's not something easy to automate for E911 purposes.

              If the phone itself has GPS capabilities (or more commonly, Assisted GPS so that it'll work indoors too), then the phone itself sends the location data along with the 911 call. All phones with GPS systems do this.

              To the emergency call handler, this is all more or less transparent; they get the callers name, number, and general location (or specific location for outdoors GPS signals).

      • Re:what it means (Score:5, Informative)

        by rwwyatt ( 963545 ) on Sunday August 16, 2009 @08:57PM (#29087779)

        I am going to speak in regards to GSM and UMTS networks as I know the protocol

        There are security messages in Wireless Networks. There is Authentication and Ciphering in GSM/GPRS/EDGE/WCDMA/HSPA/HSPA+. In addition, there is integrity protection of signalling messages in WCDMA/HSPA,HSPA+ networks. There are a few messages which can not be ciphered/integrity protected for obvious reasons such as the initial Location Update Request/Attach Request. Yes, certain authentication algorithms have been compromised GSM A5/2. It has been superceeded by A5/3.

        It is true that malware has made it onto cellular devices (Blackberry in UAE and Symbian come to mind). It is almost impossible for someone to remotely access the phone without such software existing on the device for voice frames.

        Yes, the redirecting of packets/frames is a legal requirement in many jurisdictions. It usually has to be accompanied with a warrant from a relevant law enforcement agency otherwise the specific phone company employee faces criminal charges. The usual redirection is done in the MSC or SGSN and I have never seen a case where it was done at the basestation.

        • Re:what it means (Score:5, Interesting)

          by Rich0 ( 548339 ) on Sunday August 16, 2009 @09:41PM (#29087977) Homepage

          You seem to know what you're talking about, and I have to confess that I don't know much about GSM/CDMA in general, although I can theorize some attacks. How does the network defend against the following attacks:

          1. Passive listener intercepts the credentials necessary to make calls as a phone transmitting nearby. (I assume they're encrypted, but is it strong, is everything encrypted, and is it secure against replay attacks?). This is easily defeated using encryption if done right.

          2. Active transmitter broadcasts GSM service (as a base station), allows a phone to connect, and then when that phone places a call the fake base station records its credentials. Optionally then impersonate the phone to a real base station and perform a MITM. Possible defenses against this include having phones only talk to stations that present a trusted certificate and pass a challenge/response, or by having the phone pass a challenge/response rather than simply transmitting a static identifier.

          3. Cell phone company employee or maybe even a shopper copies down the numbers on the outside of a phone's box and uses that to clone the phone. I'm not sure if those numbers are sufficient to impersonate the phone, or if it has some private key of some kind hidden inside.

          Basically, to be secure the system has to use some kind of challenge/response system (RSA/etc) and not simply broadcast passwords/etc. The old analog phones worked in this way and cloning was a big problem with them. The question is whether they truly fixed these vulnerabilities or if they simply relied on the fact that the cost of intercepting a spread-spectrum transmission is so high that most thieves would be halted (kind of like the way that CDs were effectively protected back in the 80s by the high cost of writers).

          • Re: (Score:2, Interesting)

            by burkmat ( 1016684 )
            Disclaimer: I could be totally wrong ;D

            All your attacks depends on being able to steal credentials and be able to impersonate the phone at a later stage, but the way I've been told it works is that after the initial Location Update, the phone never talks to the network as itself. That is, after the initial connection, the phone is handed a set of temporary IDs (one time pad-style), so each subsequent page is to a different number that only the phone and the network is supposed to know. Once the phone is
          • by MrZilla ( 682337 )
            My GSM/CDMA knowledge is a bit rusty, but i think it's something like this:

            1. The encryption is based on the phones IMSI number, which is never transmitted in the open. The BSC/RNC will issue a temporary IMSI (TMSI) which is used for all unsafe communication (and I think even all encrypted communication). The TMSI is used in combination with some public key crypto system to guard against replay attacks.

            2. I think this could work if you manage to pull it off (getting your fake BST/RBS to overpower the re
          • Re: (Score:3, Informative)

            by WillKemp ( 1338605 )

            3. Cell phone company employee or maybe even a shopper copies down the numbers on the outside of a phone's box and uses that to clone the phone. I'm not sure if those numbers are sufficient to impersonate the phone, or if it has some private key of some kind hidden inside.

            If the "numbers" you're talking about are the IMEI (International Mobile Eqipment Identifier), then yes, that's all you need to impersonate a phone. I'm not sure about anywhere else, but in Australia it's illegal to change a phone's IMEI

            • Re: (Score:3, Informative)

              by Blazarov ( 894987 )
              True, but the IMEI only identifies the phone (the handset), not the user itself. The user is identified by the IMSI (International Mobile Subscriber Identity), which, after the initial login to the network, is replaced by the temporary valid TMSI. The IMSI itself is stored in the SIM card, along with the symmetric encryption key. In order to participate on any network, you need to provide both valid IMEI and IMSI. The GSM operators should maintain records of the IMEIs used in the network. There are also so
              • Re: (Score:2, Informative)

                by stupid_is ( 716292 )
                In the UK this is done centrally [police.uk], not by the operators individually. Consequently, most nicked handsets get shipped abroad...
          • Re:what it means (Score:4, Informative)

            by rwwyatt ( 963545 ) on Monday August 17, 2009 @08:27AM (#29090713)

            1. In GSM/UMTS, The encryption keys are stored on the SIM/USIM and never transmitted over the air. There are two parameters passed to the MS/UE which calculates and returns a value to the network. If the two values don't match, the authentication process fails.

            2.) Again, There is the issue of knowing the keys. The IMSI/TMSI/PTMSI is not enough information to successfully intercept a call. I can setup an entirely fake network for Mobile to Mobile calls, and if both mobiles are on my network, I can turn off authentication and ciphering and have complete access to the call.

            3.) Private Keys are stored on the SIM/USIM

            Don't get me wrong, A number of security issues still remain with Wireless Networks, but they do have a few security measures.

    • Re:what it means (Score:5, Interesting)

      by Jared555 ( 874152 ) on Sunday August 16, 2009 @09:00PM (#29087791)

      The possibility of setting up 'free/cheap cell phone access points' so people can bypass att, verizon, etc.?

      • by tlhIngan ( 30335 )

        The possibility of setting up 'free/cheap cell phone access points' so people can bypass att, verizon, etc.?

        Not necessarily bypass, but femtocells are poised to be the next mobile revolution. These are tiny little "cell towers" that backhaul over your broadband. Depending on the femtocell, you can have an air interface of special wifi, wimax, or even regular cell signalling. The latter designed so the carrier can reserve those channels as low-power cell tower sites.

        The benefit for you, the owner, is free ai

        • by grrrl ( 110084 )

          don't Verizon or someone have a box that has a small GSM network that routes your mobile calls over the internet when you're at home? (I only recall hearing about it, not living in the US I didn't pay that much attention)...

        • While the idea is good, I'm not sure why you'd want to use GSM for this. When I am in my house, my mobile phone connects to my WiFi access point and uses SIP for outgoing calls (and would for incoming calls if I told anyone my SIP number).
      • The possibility of setting up 'free/cheap cell phone access points' so people can bypass att, verizon, etc.?

        Wouldn't one then be kind of worried about impostor access points? You could set up one of these and do whatever you wished with the data going through it, complete with MITM attacks on any encryption going on. It'd be fairly hard to detect if done well, even for people who know the GSM system pretty well. For the rest of us who don't know anything beyond signal strength and the tower's broadcast name, it'd be well-nigh undetectable.

        • by Sloppy ( 14984 )

          Wouldn't one then be kind of worried about impostor access points?

          Yes. So: worry. A little bit.

          Fortunately, something could be done about it (and from a technical perspective, it's ridiculously easy). Most of the people I talk to on my phone, I have met in real life (and keep meeting, frequently). We should be using OTPs end-to-end. For the ones I see seldomly, we should be using securely-exchanged PKs. For everyone else, PK through the WoT.

          Phone networks are just becoming like anything else on the inte

      • Re:what it means (Score:4, Interesting)

        by vlad valis ( 1614661 ) on Monday August 17, 2009 @02:24AM (#29089101)
        It's inevitable. Years from now when cheap community GSM towers are commonplace, this software project will be seen as a milestone in telecommunications. There are plenty of rural areas all over the world that could some day take advantage of this. And by the way, when we've got ubiquitous cheap GSM, what would we need 802.11 for? Great idea, awesome project! Someone give those guys money!
    • Re:what it means (Score:4, Insightful)

      by marcansoft ( 727665 ) <hector@marcansoft.UMLAUTcom minus punct> on Sunday August 16, 2009 @09:36PM (#29087955) Homepage

      I'd be more worried about 'surprises' involving A5/1 cracking and the privacy implications. As they put it in the HAR talk, TCP/IP services have been analyzed all the way and back because anyone can get an Ethernet card, put it in promiscuous mode, and start sniffing/injecting packets. This hasn't been the case for GSM until recently. Nevermind that GSM is designed such that mobile equipment (cellphones) are authenticated, but networks aren't - you can set up a rogue network and any cell will happily connect to it automatically!

      A5/1 has been shown to be vulnerable many years ago. There is now an A5/1 cracking project [reflextor.com]. If you have the resources (Nvidia CUDA graphics card) you should help them build rainbow tables, or just mirror the site and SVN in case bad things happen again like they have in the past (there's more than one government that would like to shut down such a project). A public demonstration of A5/1 cracking would do a lot towards debunking the myth of GSM security.

      Free phone calls? I doubt people are *that* interested in them, nevermind that any issues people find are probably easily fixable at the operator's side anyway However, another issue that might arise is DoS attacks against cell networks. Apparently a lot of GSM expects the terminals to "play nice". Deliberately doing things outside the spec can cause an entire cell to deny service to all the other users.

      Basically, GSM is a very large part security through obscurity these days, and its end security-wise is looming closer. Let's hope the newer standards (3G) have done things better.

      • Re: (Score:1, Interesting)

        by Anonymous Coward
        That's all very interesting what you say,

        I just want to make one point where you say that you think people aren't that interested in free phone calls, and I disagree. Free phone calls don't just take you from what would be a cheap call to being a no-cost call, they also mean you don't have to pay, which means you don't have to prove who you are, which means you have greater anonymity, and this is the true value in "free" calls. So there will be people who are *very* interested.

        Carry on, fascinating in

      • by sjames ( 1099 )

        I'm not so sure about the free phone calls. Go to any forum discussing hacking DirecTV and Dish network and you'll see a great many people happily spending double what the service costs in order to get it for "free". It's not a one time cost since they keep spending at about the same rate to keep ahead of the new security measures. They seem oblivious to how much they could save by just signing up.

        I have no doubt people will happily spend a dollar per minute to get the warm fuzzy feeling of sticking it to t

        • There's a big difference between broadcast networks and GSM. With GSM, networks can no doubt fix any loopholes soon after they are discovered.

          Sure, of course people are interested in free phone calls, but what I mean is that I don't think it will be easy enough with GSM to make it worth their while.

    • gsm is crackable but only with lots of data (multi-terabytes) and an array of FPGA see CCC 2007 discussion, their may have been a follow up at HAR BTW this is not about phreaking. its about OPEN GSM. It was licensed !!! Not only was there a GSM network, dectphone ran their DECT network backbone based on GAP (posted from a tent, field E, Har 2009 @ 4.30am We still need Volunteers!!!!
    • by hey! ( 33014 )

      What this means by 'surprises' is people hacking the network and getting free phone calls.

      You say that like it's a bad thing ...

      Seriously though, being attractive to hackers, black and white hat, really is a good thing, because it means a system is open and flexible. Naturally, you want the black hats' efforts to be thwarted, but a system that isn't attractive to a hacker probably isn't going to be attractive to a user.

      I remember being excited when GSM was first put forward, but the US government decided that competition between *standards* would result in a better network. That's going to be a

  • GSM? Future? WTF? (Score:2, Insightful)

    by Anonymous Coward

    Independent researchers are increasingly examining GSM networks and equipment, Welte's work proves that GSM is in the realm of the hackers now and that this realm of mobile networking could be set for a few surprises in the future.

    Interesting. And here I thought that at least where I live, operators would love nothing more than to get rid of the old GSM networks in favor of newer technologies.

    They can't do that quite yet but constantly larger part of data transfers utilize 3rd generation technologies... GSM will probably be around 5 years from now, I doubt it will be 10 years from now.

    GSM and future just don't mix. Hackers should have looked at it a decade ago.

    • by imroy ( 755 ) <imroykun@gmail.com> on Sunday August 16, 2009 @09:40PM (#29087975) Homepage Journal

      Oh dear, someone clearly has a new 3G phone and thinks everyone should dump that old stuff. Because it's old. Nobody likes old technology! It has to be new and flash!

      I suggest you educate yourself before criticising a technology that has served the world [coveragemaps.com] (as well as the U.S.) for a good several decades. Apart from video calls and high-speed internet access, GSM does everything that 3G does. For many people, voice calls and text messaging is still what they use a mobile phone for. Mobile phone use is taking off in poorer parts of the world because it's cheaper and simpler to set up towers that can serve hundreds (thousands?) of people across a large area than run telephone lines to every single house ("leapfrogging [wikipedia.org]"). This software (OpenBSC) could certainly be of use in these parts of the world.

      UMTS [wikipedia.org], a 3G technology, uses GSM's Mobile Access Part (MAP) and voice codecs. It's basically GSM with a new air interface. Handsets using UMTS can also use 'old' GSM when there's no 3G coverage.

      So this development effort will not be for naught in the 3G world. They'll just have to find some new hardware that does UMTS and will continue working.

      • Re:GSM? Future? WTF? (Score:4, Informative)

        by Grieviant ( 1598761 ) on Sunday August 16, 2009 @10:57PM (#29088345)

        I suggest you educate yourself before criticising a technology that has served the world [coveragemaps.com] (as well as the U.S.) for a good several decades.

        UMTS, a 3G technology, uses GSM's Mobile Access Part (MAP) and voice codecs. It's basically GSM with a new air interface. Handsets using UMTS can also use 'old' GSM when there's no 3G coverage.

        Actually, you should educate yourself beyond skimming Wiki articles.

        GSM has been around only since the early 90s (less than 2 decades).

        Saying UMTS is "basically GMTS with a new air interface" is completely misleading. GSM is an FDMA / TDMA hybrid, meaning the channels are allocated across frequency but each channel can support multiple time-multiplexed voice streams. UMTS is most commonly CDMA direct sequence spread spectrym, which is an entirely different multiple access method than FDMA / TDMA. All users communicate over the entire spectrum simultaneously, where a unique spreading code provides interference mitigation (processing gain) at the receiver. In addition to different access methods, GSM and UMTS also use different modulation methods (GSM is a spectrally efficient MSK, UMTS is QPSK I believe.

        In short, they are entirely different from a telecom standpoint. Multi-mode phones can support both standards only because the RF frequencies are sufficiently close and they have completely separate processing algorithms for each built-in, not because there's a wealth of technical similarities between the two standards. Adoption of the same voice codec is a trivial similarity.

        • Re: (Score:3, Informative)

          by imroy ( 755 )

          GSM has been around only since the early 90s (less than 2 decades).

          OK, I stand corrected.

          Saying UMTS is "basically GMTS with a new air interface" is completely misleading. GSM is an FDMA / TDMA hybrid... UMTS is most commonly CDMA...

          Uh, that's what I meant when I said "air interface". Yes, the modulation/multiplexing techniques are completely different. But the protocol(s) used between the tower and phone, and between towers, are (from what I understand) essentially the same. And that's what this OpenBSC project is handling.

          Multi-mode phones can support both standards only because the RF frequencies are sufficiently close and they have completely separate processing algorithms for each built-in, not because there's a wealth of technical similarities between the two standards.

          No, they support both standards (with two modems) because they both use the same underlying protocols. To put it in Internet terms, you're arguing that my desktop using wired Ethernet is using

        • Re: (Score:2, Informative)

          by stupid_is ( 716292 )

          Mildly pedantic here, but GSM started in 1982 [gsmworld.com], even if it took 9 years to actually get to a point where a call was made on a network :-)

          But, imroy is reasonably correct. UMTS is ostensibly an "upgrade" of LTE in that the network protocols are augmented to allow UMTS calls over the newer radio layer (which has its own adjusted control protocols). You can even interject GPRS & EDGE as intermediate steps between GSM and UMTS. Similarly, LTE is an "enhancement" of UMTS (HSPA has an even closer relationship

      • Apart from video calls and high-speed internet access, GSM does everything that 3G does

        ...and uses more spectrum doing it. The networks want to drop GSM and run everything over UMTS/HSPA/LTE because each of these lets you transmit more data for the same frequency allocation, which means more users per cell (if they're doing constant-bandwidth things like making voice / video calls) or more data per user if they're using other services. GSM is a really old protocol - it's almost three decades since it was first proposed - and a vast number of improvements in multiplexing technology have occu

        • 3G shiny and new? Try the US. As far as AT&T is concerned, most of Maine still operates only on EDGE. We had no 3G at all in the state a year ago. I think Metro Boston's roll-out is pretty recent too.
    • They should also work on the stability of their software: "OpenBSC has proven to work quite stable. We have the occasional segfault every 3-4 hours, but I'm at it, debugging. " Yes! Stable!
    • Funny, Inmarsat just pumped a metric assload of money into GSM technology. Their entire BGAN satellite terminal network is based on GSM, just tweaked a bit for the extra latency and a few other satellite specific things, and then transported over geosynchronous satellite instead of terrestrial cellular sites.

    • Re:GSM? Future? WTF? (Score:5, Interesting)

      by stupid_is ( 716292 ) on Monday August 17, 2009 @05:05AM (#29089593) Homepage

      Interesting. And here I thought that at least where I live, operators would love nothing more than to get rid of the old GSM networks in favor of newer technologies.

      They can't do that quite yet but constantly larger part of data transfers utilize 3rd generation technologies... GSM will probably be around 5 years from now, I doubt it will be 10 years from now.

      GSM and future just don't mix. Hackers should have looked at it a decade ago.

      Laughable.

      So you think that half the population of the planet are going to buy a new phone to get the latest whizzy l33t LTE/HSPA/UMTS gadgets? That idea is part of what provoked the inflation of the 3G auction prices back in 2000 - everybody thought UMTS was the Next Big Thing, but no-one thought to examine the true cost of installing it. Each one of those boxes at the bottom of the masts costs between $5K and $20K (depending on size & time at which you bought it - early kit was knocking on around the $20K/box mark) and a national network has thousands of them (except the one in Andorra, which I think has around 50!). So, mucho dinero to just buy the kit. Then you've got to install it (also lots of $$) and connect it into a decent backbone (UMTS promised data rates of up to 2Mbps (haha - most folks don't see more than 384kbps on vanilla 3G)), so you need a chunk of data bandwidth to the site (which in some countries is either/both of exorbitant and flaky). The upgrade to HSPA and its' enhancements promises 3-14Mbps, so even more bandwidth required. So all these companies who thought they'd make a bundle on a mobile data offering with no killer application lost out.

      Now we're starting off the whole shebang again with LTE - marketing promises 100Mbps (reality maxes out at around 70, though, and no individual subscriber is likely to see that). Do we see droves of folks ditching their trusty GSM phone to get the latest mobile data gadget? Nope - not in the slightest. The GSM market is still growing - although the hardware vendors are being encouraged to make their kit as upgrade-to-UMTS/LTE-friendly as possible. There are over 3 billion GSM phones out there - they will still mostly be out there in ten years time. UMTS is only just kicking off due to the recent uptake in data dongles that you can stick into a USB port on your netbook. Nobody (or at least only the iPhone fanbois) is buying 3G phones to make video calls as nobody wants that. A phone call is still just a phone call, and GSM is very good at delivering that so no-one wants to change from GSM.

      At best, you're going to see a data-friendly tech (UMTS/HSPA/LTE) overlay on top of GSM for most of the world for a long time.

      • You said nobody wants to make video phone calls, I'm not so sure about that.
        Plenty of people are making video calls with Skype just not paying extra for the service.

        My own setup is a bit obscure but i use a pay as you go sim card in a USB Hspda modem my ubuntu server forwards to a router running Tomato firmware. (ethernet card to wan port) and thats distributed to the rest of us theres a 2nd identical router linked wirelessly to increase the range.

        It's not perfect by any means mobile isn't anywhere near as

        • Re: (Score:2, Interesting)

          by stupid_is ( 716292 )

          Video calls on Skype are all very well sitting in front of a computer at a desk, stick it on a handset and it's a whole different thing - the form-factor of holding a phone shaped object up to your ear is hard to beat, and video doesn't sit well with that. In particular, do you really want to be staring at a tiny screen to see the video feed for a call while moving about? Normally folks like to look where they're going, so a video call would interfere with that, hence video calls on a mobile device doesn't

      • So all these companies who thought they'd make a bundle on a mobile data offering with no killer application lost out.
        IMO the real problem was they priced themselves out of the market with tarrifs that made even simple stuff like web browsing and staying connected to IM networks prohibitively expensive.

        Finally in the last few years we have started to see mobile data that is actually affordable though often still with extremely high overage rates.

  • by fuzzyfuzzyfungus ( 1223518 ) on Sunday August 16, 2009 @08:12PM (#29087561) Journal
    It's a pretty cool setup; but the notion of depending on decade old EOLed RF hardware, because it is all you can get for a reasonable price, makes one a touch nervous.

    I wonder how difficult it would be to get a GNU Radio unit, or other software defined radio hardware, to stand in place of the BTS?
    • by Anonymous Coward

      already done.

      http://openbts.sourceforge.net/

    • if you can think of it, gnu radio can do it, with enough cpu power to accurately model the waveforms of course.

      biggest thing with gnu radio is it's cost of entry, the good hardware is expensive

      • by Rich0 ( 548339 )

        Can frequency-hopping technologies like GSM/CDMA be effectively handled by GNU Radio? How much of the hopping needs to be implemented in the hardware vs being able to just have the hardware capture a broad range of frequencies and have the software figure out what the do with it?

        I've been following the project a little over the years and it certainly looks interesting (but expensive as you point out). Once upon a time I did study up to get an amateur license, but never followed through with it (never real

        • software captures the broad range of frequencies, and a little googling shows it has been done before, with a 1ghz p3 laptop decoding it in real time.
  • For NSA... (Score:3, Funny)

    by cbraescu1 ( 180267 ) on Sunday August 16, 2009 @09:12PM (#29087843) Homepage

    Trust me, for NSA all our GSM is already Open Source ;-)

  • The Dutch! (Score:1, Flamebait)

    by denmarkw00t ( 892627 )

    Oh, go stick your cellphone in a dike!

  • Perhaps this is a dumb question, but does anybody know what the connection is between the Linux machine and the telephone network (so that external lines can be accessed) ? And what the cost of this connection might be ?
    • Just re-read and saw the reference to E1 link. I'm still interested it what it costs to run though.
      • The E1 link is between the BTSes and the Linux box, not between the Linux box and the rest of the PSTN (there is no such link).

    • Re: (Score:3, Informative)

      by marcansoft ( 727665 )

      It doesn't. The network at HAR is isolated and only allowed internal calls (this is a requirement per the development license that was issued to them). However, I imagine you could do it through a VoIP provider given the right amount of code.

      • speakup the dutch telco was supplying dial in and out to eventphone, so it should have been possible. I wonder if it would have broken the development licence if their had been a GSM to DECT bridge/router? It certainly would have aided comms
        • I believe their license specified that the test network may not be connected to any public network (without regard for the method used, I assume).

      • by mcvos ( 645701 )

        Exactly, and that's why I didn't use it, despite the utterly useless T-Mobile reception of my iPhone.

        Quite often I had no reception whatsoever. How the hell can my reception be that bad when I'm in Netherland on a big camping ground right next to an (inhabited) village? It's not like I'm in the middle of a desert or out at sea or anything. I'm completely disgusted by the crappy service from T-Mobile. I hear a new HTC Android phone uses KPN, which has far better coverage, so that's what I'm switching to as s

    • by green1 ( 322787 )

      allowing outgoing connections would be a snap, all you need is a few phone lines.
      Incoming connections are the problem, and I bet that unless you get the government and a large team of lawyers involved, that connection is simply not available.

    • As soon as you become a formal carrier, a whole lot of extra rules kick in, such as the requirement to provide legal intercept (if you search long enough you'll find that in any telco license, globally).

      I don't think they're quite ready to set up a full telco..

  • Being to busy being a Herald, I didn't notice the network till late in the day! I assume work on this will continue. Will their be a bridge/router into eventphone.de DECT network (the camp phone network)? With speakup providing In and out connections onto the landline backbone, this will be very interesting. Having said that GSM is power hungry, most of us have been running our GAP compatible DECT units for the whole camp without worrying about recharging Posted from the green tent, On the TOOL/lockpicker
  • Personal 3G Hotspot (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Sunday August 16, 2009 @11:30PM (#29088487) Homepage Journal

    I don't get cell reception in my neighborhood near NYC. I need a "3G hotspot" that will let my GSM phone work on my 1 acre property, but is connected to a Asterisk phone server in my home office wired to the PSTN. Where do I get the 3G hotspot?

    • You don't. The best you can do is get a femtocell that will plug into your IP pipe and let you transport your phone calls across the internet to your carrier's switch.

      AT&T has one, I think T-Mobile has one.

      • Will a single femtocell like that installed at my house make not just my own phone, but my neighbors phones also work? How do I get them to pay me for my service to them? Can I selectively lock out phones that don't please me?

    • Why bother? 1 acre outside is well within the range of a single WiFi base station, and may be inside if you don't have too many walls. Just get a phone that supports WiFi and SIP and use that for calls.
  • by Opportunist ( 166417 ) on Monday August 17, 2009 @01:45AM (#29088967)

    Let's see what we got here...

    1) Companies with a lot of money and a lot of influence in Washington.
    2) Companies that invested little if anything into securing their systems, deeming it inherently secure because nobody could break into it anyway.
    3) Companies whose very business model relies on an oligopol, if not monopol in certain areas, on the service they provide.

    I smell terrorist laws concerning "private" GSM networks any time soon.

  • Is it, even just theoretically, possible for a direct (cell) phone2phone voice connections without a base station in between?

    Another neat thing would be SMS transmitted directly...Fido-net style. Basically the message just moves itself to another phone within reach until it reaches the recipient (maybe never :-)).

  • by Aadaam ( 740192 ) on Monday August 17, 2009 @05:33AM (#29089711) Homepage
    I'm wondering if I'd set up such a network at home, possibly with a normal GSM modem which would act as my "phone" to the outside carrier... So, for example,
    - I'm at Vodafone outside the street,
    - I go home -> my phone swithces to MyOwnNetwork
    - If I call anyone around the house (neighbours, family, etc), it's free
    - If I call a landline -> goes through cheap SIP
    - If I call a cellphone -> the system would "roaming" me, but for cheap - it would make vodafone believe it's my phone!

    How does this smell?:)
    • Sounds like the setup I have at home, except my phone uses WiFi when I'm at home so I didn't need to pay a huge amount to license the GSM spectrum. It's a relatively old Nokia model, and will automatically route calls through WiFi/SIP when I'm within range of the base station so my calls are cheaper.

You know you've landed gear-up when it takes full power to taxi.

Working...