Month: September 2014

Regulatory/Legal Considerations and CALEA with WebRTC development

This post is deals with some less known real world implication of developing and integrating WebRTC with telecom service providers network and bring the solution in action . The  regulatory and legal constrains are bought to light after the product is in action and are mostly result of short sightedness .  The following is a list of factors that must be kept in mind while webRTC solution is in development stages

  • WebRTC services from telecom provider depend on the access technology, which may differ if the user accessing the network through a third party Wi-Fi hotspot.
  • User/network type may also dictate if decryption of the media is possible/required.
  • For Peer-to-Peer paths, media could be extracted through the use of network probes or other methodology

Then there are Other Considerations such as specific services, for example if WebRTC is used to create softphones software permitting users to receive or originate calls to the PSTN, the current view is to treat this as a fully interconnected VoIP service subject to all the rules that apply to the PSTN – regardless of technologies employed.

CALEA

Communications Assistance for Law Enforcement Act (CALEA) , a  United States wiretapping law passed in 1994, during the presidency of Bill Clinton.

  • CALEA requirement for an LTE user may be very different than the CALEA requirements for a user accessing the network through a third party Wi-Fi hotspot.
  • For media going through the SBC, CALEA may use a design similar to existing CALEA designs.
calea intercept infrstructure
calea intercept infrastructure

Read more on WebRTC Security here which discusses SOP (single origin policy ) , CORs ( cross origin requests) , JSONP , ICE , location sharing , scerensharing , Long term access to camera and microphone , SRTP DTLS as well as best practises for secure communication

VoIP and WebRTC platform security largely depend on the underlying protocols such as SIP . SIP is an robuts and time tested VoIP proctol to facilitate VoIP calls . To learn more about SIP security against atacks like

  • Registration Hijacking
  • Impersonating a Server
  • Temparing Message bodies
  • mid-session threats like tearing down session
  • Denial of Service and Amplification

Also security mechnisms like

  • Full encryption vs hop by hop encrption
  • Transport and Network Layer Security
  • SIP over TLS
  • SRTP

Read more about Certificates , compliances and Security in VoIP which summarized

  • HIPAA (Health Insurance Portability and Accountability Act) ,
  • SOX( Sarbanes Oxley Act of 2002) ,
  • Privacy Related Compliance certificates like COPPA (Children’s Online Privacy Protection Act ) of 1998  ,
  • CPNI (Customer Proprietary Network Information) 2007 ,
  • GDPR (General Data Protection Regulation)  in European Union 2018,
  • California Consumer Privacy Act (CCPA) 2019 ,
  • Personal Data Protection Bill (PDP) – India 2018 and
  • also specificatiosn against Robocalls and SPIT ( SPAM over Internet Telephony) among others

Read about General Data Protection Regulation (GDPR) in VoIP

STIR/SHAKEN – Secure Telephony Identity Revisited / Signature-based Handling of Asserted information using toKENs

SIP Presence

We have already learned about Sip user agent and sip network server. SIP clients initiates a call and SIP server routes the call . Registrar is responsible for name resolution and user location. Sip proxy receives calls and send it to its destination or next hop.

Presence is user’s reachability and willingness to communicate its current status information . User subscribe to an event and receive notification . The components in presence are :

Presence user agentpresence components
Presence agent
Presence server
Watcher

Image source  : http://msdn.microsoft.com/en-us/library/bb896003.aspx

Sip was initially introduced as a signaling protocol but there were Lack of method to emulate constant communication and update status between entity
Three more method was introduced namely – Publish , Subscribe and Notify

Subscribe request should be send by watchers to presence server
Presence agent should authenticate and send acknowledgement
State changes should be notified to subscriber
Agents should be able to allow or terminate subscription

presence flow

Image source http://download.oracle.com/docs/cd/B32110_01/ocms.1013/b31497/about_sdp.htm#BABDHHCJ

Traces of various SIP requetss and response in presence are are follows :

subscribe request

SUBSCRIBE sip:presentity@example.com SIP/2.0
      Via: SIP/2.0/UDP host.example.com;branch=z9hG4bKnashds7
      To: <sip:presentity@example.com>
      From: <sip:watcher@example.com>;tag=12341234
      Call-ID: 12345678@host.example.com
      CSeq: 1 SUBSCRIBE
      Max-Forwards: 70
      Expires: 3600
      Event: presence
      Contact: sip:user@host.example.com
      Content-Length: 0
 

200 OK to subscribe request

SIP/2.0 200 OK
      Via: SIP/2.0/UDP host.example.com;branch=z9hG4bKnashds7
       ;received=192.0.2.1
      To: <sip:presentity@example.com>;tag=abcd1234
      From: <sip:watcher@example.com>;tag=12341234
      Call-ID: 12345678@host.example.com
      CSeq: 1 SUBSCRIBE
      Contact: sip:pa.example.com
      Expires: 3600
      Content-Length: 0
 

Notify Request

NOTIFY sip:user@host.example.com SIP/2.0
      Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK8sdf2
      To: <sip:watcher@example.com>;tag=12341234
      From: <sip:presentity@example.com>;tag=abcd1234
      Call-ID: 12345678@host.example.com
      CSeq: 1 NOTIFY
      Max-Forwards: 70
      Event: presence
      Subscription-State: active; expires=3599
      Contact: sip:pa.example.com
      Content-Type: application/pidf+xml
      Content-Length: …
 

200 OK success response to notify

SIP/2.0 200 OK
      Via: SIP/2.0/UDP pa.example.com;branch=z9hG4bK8sdf2
       ;received=192.0.2.2
      To: <sip:watcher@example.com>;tag=12341234
      From: <sip:presentity@example.com>;tag=abcd1234
      Call-ID: 12345678@host.example.com
      CSeq: 1 NOTIFY
 

PUBLISH Request

PUBLISH sip:presentity@example.com SIP/2.0
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK652hsge
To: <sip:presentity@example.com>
From: <sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
Max-Forwards: 70
Expires: 3600
Event: presence
Content-Type: application/pidf+xml
Content-Length: …

200 OK success response to PUBLISH

SIP/2.0 200 OK
Via: SIP/2.0/UDP pua.example.com;branch=z9hG4bK652hsge
;received=192.0.2.3
To: <sip:presentity@example.com>;tag=1a2b3c4d
From: <sip:presentity@example.com>;tag=1234wxyz
Call-ID: 81818181@pua.example.com
CSeq: 1 PUBLISH
SIP-ETag: dx200xyz
Expires: 1800

A call flow depicting presence in action is as given below :

presence subscribe notify

Image source http://www.cisco.com/en/US/i/100001-200000/190001-200000/190001-191000/190463.jpg

security considerations for Presence service include:

  • Access control.
  • Notifier privacy mechanism.
  • Denial of service attacks.
  • Replay Attacks.
  • Man-in-the-middle attacks.
  • Confidentiality.

some solutions for security implementation are

  • Sip registration
    TLS
    Digest Authentication
    S/MIME

References :

Rfc 3856 http://www.ietf.org/rfc/rfc3856.txt
Rfc 3265 http://www.ietf.org/rfc/rfc3265.txt
Rfc 2778 http://www.ietf.org/rfc/rfc2778.txt
Rfc 3261 http://www.ietf.org/rfc/rfc3261.txt
Rfc 3903 http://www.ietf.org/rfc/rfc3903.txt
http://en.wikipedia.org/wiki/Session_Initiation_Protocol

Summary :

Presence is a way to have sustained stateful communication. The SIP User agents can use presence service to know about others user’s online status . Presnece deployment must confirm to security standards .

Legacy Telecom Networks

I use the term legacy telecom system many a times , but have not really described what a legacy system actually is . In my conferences too I am asked to just exactly define a legacy system . Often my clients are surprised to hear what they have in current operation is actually fitted in our own version of definition of ” Legacy system “. This write up is an attempt to describe the legacy landscape . It also describes its characteristics, elements and transformation .

Characteristics of Legacy Systems

1. Analog Signals

1G , introduced in 1980s , used analog signals as compared to digital in 2G onward. In 1G voice was modulated to higher frequency and then converted to digital while communication with radio towers .

2.Legacy system have ATM / Frame Relay transmission .

This is basically Hardware Specific and results in High Expenses.

3. Legacy systems have POTS / PSTN / ISDN as their access layer technology .

Access layer is the first layer of telecom architecture which is responsible for interacting directly with the end use / subscriber . Legacy system technologies are again Hardware  Specific , bear High Expenses and offer Low stability.

Physical transmission media include :

  • Twisted wire (modems)
  • Coaxial cable
  • Fiber optics and optical networks – Dense wavelength division multiplexing (DWDM)

4. Legacy system use Traditional Switches / ISDN in their Core Layer

Core layer is the main control hub of the entire telecom architecture . Using old fashioned switches render high CAPEX ( capital Expenditure ) and OPEX ( Operational Expenses ) .

5. In the service delivery front legacy system employ Traditional IN switches

These are very Hardware Centric.

Services part of Legacy Telecom Networks

a) Virtual Private Network (VPN)

An Intelligent Network (IN) service, which offers the functions of a private telephone network. The basic idea behind this service is that business customers are offered the benefits of a (physical) private network, but spared from owning and maintaining it

b) Access Screening(ASC)

 An IN service, which gives the operators the possibility to screen (allow/barring) the incoming traffic and decide the call routing, especially when the subscribers choose an alternate route/carrier/access network (also called Equal Access) for long distance calls on a call by call basis or pre-selected.

c) Number Portability(NP)

An IN service allows subscribers to retain their subscriber number while changing their service provider, location, equipment or type of subscribed telephony service. Both geographic numbers and non-geographic numbers are supported by the NP service.

Also Read

Transformation towards IMS (Total IP)

The telecommunications industry has been going through a significant transformation over the past few years. At the outset incumbent operators used to focus on mainly basic voice services and still remained profitable due to the limited number of players in the space and requirement of huge amounts as initial investment.

However, with the advent of competitive vendors, rise in consumer base, and introduction of cost effective IP based technologies a major revolution has come about. This has enabled operators to come out of their traditional business models to maintain and enhance subscriber base by providing better and cheaper voice, multimedia and data services in order to grab the biggest possible share in this multi- billion dollar industry.

The evolution in Telecom industry has been accelerating all the time. The Next-Generation Operators wants to keep pace with the rapidly changing technology by, adapting to market needs and looking at the system and business process from multiple perspectives concurrently. Communication Service Providers (CSPs) need to consider several factors in mind before proposing any solution. They need to deploy solutions which are highly automated, highly flexible, caters to customer needs coupled with ultra low operating costs.

By hosting new services on the new platform and combining new and old services CSP‟s aim to provide service bundles that would generate new revenue streams. This process is largely dependant on IMS ( IP Multimedia Subsystem ) architecture .

Transformation towards IMS (Total IP)
Transformation towards IMS (Total IP)

Optimization in operator landscape evolve as result of synergistic technologies that come together to address the innovation and cost optimization needs of operator for better user experience. In following sections different technological evolutions that are affecting overall operator ecosystems have been discussed with focus towards Service Layer.

Legacy to IP transformation

This section broadly covered the aspects of migration from legacy IN solution to new age JAINSLEE framework based one. Applies to Legacy IN hosting voice based services mostly  such as VPN, Access Screening ,Number Portability, SIP-Trunking ,Call Gapping.

Most operator environments have seen a rise in the number of service delivery platforms. Also complexity of telecom networks have increased manifold hence CSPs are facing multiple challenges. Increased efforts and costs are required for maintaining all the SDP platforms. These platforms are generally of different vendors and cater to different technologies thereby greatly increase chances of limiting the scalability and flexibility of the operator landscape. More effort required for sustaining the life cycle of the platform and challenges in integrating non compatible SDPs due to proprietary design have been stumbling blocks in the progress of CSPs across the world.

To overcome these challenges there is trend in the market to move towards SDP consolidation wherein instead of maintaining several SDPs with their proprietary design CSPs prefer maintaining a single or less number of SDPs having standardized interfaces.

SDP consolidation SDP consolidation (1) SDP consolidation (2)

As illustrated in the above figure there is a transition that is taking place in the industry towards consolidation of service delivery session control. This would provide a cost effective sustenance of existing applications and the rapid creation and deployment of new services leading to increased revenue recognition by CSPs.

  • Agile Development
  • Innovative services
  • open SOA based architectures
  • IN/NGN Platform and Services
  • Reuse of existing investments in legacy service platforms
  • low cost of new service development
  • faster time to market
  • Monetize investment in Network Infrastructure uplift – SIP trunking, VoLTE etc.

Services that should be covered  in the Scope of Migration from fixed line to IP telephony are:

  • Virtual Private Network (VPN) : An Intelligent Network (IN) service, which offers the functions of a private telephone network. The basic idea behind this service is that business customers are offered the benefits of a (physical) private network, but spared from owning and maintaining it.
  • Access Screening(ASC): An IN service, which gives the operators the possibility to screen (allow/barring) the incoming traffic and decide the call routing, especially when the subscribers choose an alternate route/carrier/access network (also called Equal Access) for long distance calls on a call by call basis or pre-selected.
  • Number Portability(NP) : An IN service allows subscribers to retain their subscriber number while changing their service provider, location, equipment or type of subscribed telephony service. Both geographic numbers and non-geographic numbers are supported by the NP service.

WebRTC based Unified Communication platform

Using WebRTC Solution for Delivering In Context Voice which provides new monetizing benefits to the Enterprise customers of Service Providers. This includes following components:

  • WebRTC Gateway for implementation for inter-connect with SIP Legacy
  • Enhancement of WebRTC Client with new features like Cloud Address Book, Conferencing & Social Networking hooks.
  • Cloud based solutions

INtoJAISNLEE

Challenges in Migration to IMS  (Total IP )

Since long I have been advocating the benefits of migration to IMS  from a current fixed line / legacy/ proprietary VOIP / SS7 based system . However I decided to write this post on the challenges in migration to IMS system from a telecom provider’s view.  Though I could think of many , I have jot down the major 4 . they are as follows :

Data Migration challenges

  • Establishing a common data model definition
  • Data migration seamlessly
  • Configuration management
  • Extracting data from multiple sources and vendors , that includes legacy systems
  • Extracting data due to its large scale and volume

Training

  • Creating an effective knowledge share and transfer for live operations
  • Training in fallback plans, standards and policies .

Customer impact

  • Minimized customer outage
  • Enhance customer experience by delivering quality services on schedule
  • Ensuring security of customer’s confidential data
  • Transfer of customer services without any impact.

Testing in replicated environment

  • Physical pre-transfer test
  • Reducing cycle time
  • Verification and validation at every change in data environment
  • Detect production issues early in the test -lifecycle

Fallback plans

  • Pilot program and real network simulation for ensuring preparedness
  • Tracking changes in new network

Evolution of voice Communication

From ARPANET(Advanced Reseracha nd Prjects Agency Network) in 1973 by US dept of defence , invention of HTTP in 19196 and finally evoluation of SIP in 2000 and availiability of broadband ethernet services, the telecom landscape has evolved.

As far as infrastructure, services, and contents are concerned, the VoIP industry is witnessing a  migration from POTS / PSTN/  Legacy integrations to  NGN (Next Generation  Network).

NGN is  being implemented globally as a means to change the cost base, agility and service capabilities of telecoms providers. The evolved architecture for the transition is one that provides flexibility to service providers by enabling them to deploy new services on IP based technologies, while leveraging existing services and infrastructure as long as it makes sense.

This post describes the evolution of voice communication in access , transport and  session layers respectively.

1G2G3G4G5G
Year of dev1970-19841980-19991990-20022002-20102010-2015
Launch year1987 by Telstra Australia 1991 in Finland by Elisa1998 pre-commercial launched by NTT DoCoMo in Japan , branded as FOMA.2009 in Stockholm (Ericsson and Nokia Siemens Networks systems) 2019, in South Korea,
TechologyAMPS, NMT , TACSGSMWCDMALTE, WiMAXMIMO , mm Waves
Frequency30 Khz1.8 Ghz1.6 – 2 Ghz2- 8 Ghz3 – 30 Ghz
bandwidth2.4 Kbps14.4 – 50 Kbps ( GPRS)
64 Kbps – 1 Mbps ( EDGE)		144 Kbps – 2 Mbps100 Mbps – 1 Gbps> 1Gbps
upto 35.46 Gbps
Access LayerFDMATDMA/CDMACDMACDMAOFDM/BDMA
Core LayerPSTNPSTNpacketinternetinternet
Compiled by @altanai

Access Layer

We see that the speed enhances considerably with every generation- 1G offerd 2.4 kbps, 2G offered 64 Kbps based on GSM, 3G offered 144 kbps – 2 mbps whereas 4G offers 100 Mbps – 1 Gbps with LTE technology .

It is to be noted that  one of requirements set by IMT-2000 was that speed should be at least 200Kbps to call it as 3G service and 384kbps ( wth stationary speeds of 2Mbps) for a “true” 3G.

ip transformation in access layer
IP transformation in access layer

Note that voice calls in GSM , UMTS and CDMA2000 were circuit switched but with newer technology voice calls became packet switched too and a lot of rereginerring was required.

LTE (Long Term Evolution) is a series of upgrades to existing UMTS technology involving OFDM and MIMO and newer upgrade were called LTE advanced also. Upcoming 5G offers speeds upto 35.46 Gbps.

Transport Layer

ip transformation in transport layer
IP transformation in transport layer

Session Layer

While 2G introduced services like SMS , MMS , internal roaming , conference calls, call hold and billing based on services e.g. charges based on long distance calls and real time billing which were unheard of in 1G , there were challenges in terms of page load speed for interactive websites .

As 3G came into picture, usecases also enhanced with multimedia features siuch as fast web browsing, maps navigation, email, video downloading, picture sharing and other Smartphone technology

ip transformation in session layer
ip transformation in session layer

Read more about IMS ( Ip multimedia System ) IP Multimedia Subsystem ( IMS )

IMS at work from visiting to home location
Access network agnostic

It is noteworthy that SKYPE provided VoIP services ( since 2003) much before mobile phone had 2G/3G ( 2010). In current times with many fantastic options to choose from( whatapp , FB messenger , insta cht , Viber , Hangouts ..) given the high bandwidth with 4G/5G and mych advanced media / signal processing tech , the glocal voip scene is touching 400 mililion subscribers and looks very attractive with 1.5$ billion market .

Enterprise communication systems

On premise private branch exchanges ( PBX ) were the first kind of business telephone systems to which the analog PSTN systems of the company were conneced. These analog circuits were then replaced by digital PBX which provided enhanced features liek screening , voicemails , shared lines.

In the current landscape , the digital PBX of the company is connected to the external telco privider via a SBC or SIP trunking service .

An ompremise LAN based voIP system can be accessed from outside via a VPN on SSL/ IPsec. Although it incures greater CAPEX but ensufe maximum control and ownership of the data . Many time the local laws mandate the server to be hosted with a partuclat geographical area too where an on premise setup and data centre is used.

Enterprise communication shifts from on-premise to SaaS (cloud)

As for remote worksforce and employees working from home (such as during lockdown , pandemics ) it is even more crticial for enterprises to maange inter communication between teams and keep the communication private ie not using piblic messaging platforms , hence the role of cloud based PBX integrated with secure and end to end encrypted telco providers is of prime importance .

To read how a SME can setup their own flexible and scable enterprise comunication system read –

VoIP/ OTT / Telecom Solution startup’s strategy for Building a scalable flexible SIP platform https://telecom.altanai.com/2013/11/21/what-should-a-telecom-solution-startup-do/

With the advent of other disruptive technologies such as free and opensource codecs in browser with WebRTC and well defined framework and standards , voIP definetly looks detsined to expand by leaps and bounds.

Service Broker Architecture for IN and IMS

We know that Service broker is a service abstraction layer between the network and application layer in  telecom environment.SB( Service Broker ) enables us to make use of existing applications and services from Intelligent Network’s SCP ( Service control Point ) , IMS’s Application Server as well as other sources  in a harmonized manner .

service broker

The service provider can  combine the services from various sources written in various languages in numerous permutations and combinations .  This saves the time , energy and rework required to launch a new services.

I have written couple of posts before on Service Broker .Post on What is Service Broker . It definitions and application can be found here  : https://altanaitelecom.wordpress.com/2013/03/19/service-broker/. This also defines service orchestration and harmonization .

Another post on Service Borker’s role and function can be found here : https://altanaitelecom.wordpress.com/2013/08/07/service-broker-2/. This mentions the service brokering role in network environment. But ofcourse it was a mere introduction  . The following post clarifies the concept in greater light . 

I believe and it truly is a wonderful thing to make use of Service Broker while network migration from IN to IMS .The following architecture model depict the placement of Service Broker component in IN and IMS integrated environment .

sb1

The figure above portrays how a  service provider acts as a central Node for Services invocation and services composition. SB is responsible for Services Orchestration / Interaction , service development, third party integration and acts like a protocol gateway .

Let us discuss service broker in a full fleshed network’s structure . It includes the access network components and detailed core network components with the name of interfaces between all nodes.

sb2

The Applications as described by the above figure could be majorly of 4 types :

1. applications developed on a SIP application Server and invoked via SIP/ ISC

2. Applications developed over SIP servlets or JAINSLEE platform such as mobicents , Opencloud Rhino etc

3. Application developed on a SCP ( Service Control Point ) of a IN ( Intelligent Network ) . This is invoked via INAP CS1/CS1+ or CAP

4. Application developed on a J2EE server Invocated via http REST API like GSMA OneAPI such as

  • Call Control API for voice.
    Messaging API for SMS, MMS.
    localisation API.

Provisioning via fixed/mobile brands & « service profile» in SB

Provisioning via fixed/mobile brands & « service profile» in Service Broker
Provisioning via fixed/mobile brands & « service profile» in Service Broker

BDD « Services » in SB

BDD « Services » in ServiceBroker
BDD « Services » in Service Broker

Architecture of SDP / Service Broker

Architecture of SDP / Service Broker
Architecture of SDP / Service Broker