Autor: Alexander Eichhorn

Mobile Networking

Mobile cellular networks are deployed on almost every country.

They provide city-wide to national coverage and operate over a licensed radio frequency spectrum. 

Like with every wireless technology, only a single sender is permitted to transmit data per channel at a time. Cooperation is enforced by the link layer protocols and orchestrated by a cell's base station. Cellular networks share available bandwith by allocating time slots to users (time multiplex) and by allocating different frequencies in the spectrum to channels (frequency multiplex).

The more mobile subscribers are in a cell the less time-slots and channels are available to each. Above a limit (think of crowded sport stadiums and city centers) new subscribers are rejected from participating. In such situations network operators would increase cell density by adding more smaller cells, down to pico cells that cover only a few meters in diameter.

Earlier generations of cellular networks (2G, 3G) were mostly voice centric. The most recent 4th generation (4G) networks are purely packet based, which means voice service is implemented as VoIP. Performance generally depends on the number of parallel subscribers per cell and on signal quality which degrades with distance from cell towers, and when signals get blocked by walls, glass facades and trees.

Due to the centralised nature of cellular networks, it is possible to allocate and aggregate multiple channels for commercial applications, which increases throughput and guarantees a desired quality of service.


WiMAX or IEEE 802.16 is a family of microwave based wireless networking standards for mobile Internet access across metropolitan areas. WiMAX can operate in different licensed spectrums, depending on the country and the operator. WiMAX establishes a direct communication link between a base station and subscriber station, requiring both to be in a line-of-sight. Quality of service is supported by allocating parts of the spectrum to a connection and links may be encrypted using AES. WiMAX is useful for portable broadband connectivity, for businesses that lack other means of Internet access and as a business continuity option in case regular service fails. Under optimal conditions WiMAX can achieve a throughput of 376 Mbit/s per channel and up to 1Gbit/s when aggregating channels over short distances. At the maximum range of 50km data rates can drop as low as 1-4 Mbit/s.


Log-term evolution (LTE) is a cellular networking standard for mobile phones defined by 3GPP and ITU-R. LTE operates in a licensed spectrum and devices are required to register with the infrastructure based on their unique device identifier (IMEI) and a unique subscriber identifier (SIM). Central cell towers manage the available spectrum and allocate sending and recieving slots to devices when authorization completes.

LTE supports regular voice communication, international device roaming, and Internet access with data rates of up to 300 Mbit/s downstream and 75 Mbit/s upstream per channel. The successor technology, LTE Advanced, is expected to achieve peak rates of 1 Gbit/s for fixed receivers and 100 Mbit/s for mobile users.

Mobile Network Security

Cellular networks suffer from two main conceptual security weaknesses: a lack of cell tower authentication and missing end-to-end encryption. Since authentication is only one way between devices and base stations, a device cannot know if a base station is trustworthy or not. In fact there are spoofing devices, so called IMSI catchers, which pretend to be a legit base station. Originally available exclusively to law enforcement they have found their way to cyber criminals. Over-the-air data is usually encrypted in LTE networks, but only up to the next base station. An attacker using an IMSI catcher can access all communication of a single device in clear text.

Even without IMSI catchers it is possible to attack such networks. Since all backbone connections between cell-towers and a provider's core infrastructure are not encrypted and attacker with access to the provider's core network can exfiltrate sensitive phone calls and data streams or inject malicious content into any connection with any device.

It is therefore reasonable to assume a lack of security in general. Authentication as well as data encryption are better performed by an end-to-end protocol such as TLS.

Author: Alexander Eichhorn

Related Articles: