 So, hello everyone and good morning, afternoon or evening depending on where you're watching this talk from. I'm Sudeesh and I'm here to speak about some of the work my colleagues and I have been doing at the University of Washington to improve global internet access. And this work is in collaboration with Esther Jang, Nick Durin, Matt Johnson, Sachin Nayak, Spencil Sevilla and Kurt Asimov. So I'm open to taking questions anytime through the talk so please feel free to put them in in the Q&A section of the chat or ask them on the chat and I can get to them towards the end of the talk. I have it planned for maybe around 25 minutes so I can get to the questions right after that and hopefully that should work. Thank you. So to introduce myself, I am a PhD student in the Information Communication Technology for Development Lab or the ICTD Lab at the University of Washington in Seattle and I'm advised by Professors Curtis Heimel and Richard Anderson. I'm here to present some of the work that we've been doing in decentralizing LTE and 5G authentication and enabling roaming in telecom networks, specifically community cellular networks and private network course. So let's kind of dive in. There are approximately a billion people today who live outside mobile broadband coverage and there is a large digital divide between the urban and rural population in terms of internet and cellular connectivity. The economics of it make it extremely difficult for national scale operators to increase cellular coverage in rural areas, leaving more than a billion people worldwide without access to the internet. 2G, 3G network operators have actually rolled out their networks as far as they're really commercially viable and that's indicated by the GSMA report in the state of mobile internet connectivity. But despite that, there are 400 million people who live outside any mobile coverage. So there is this need for improving rural connectivity in networks and make networks which are like self-sufficient, which can be managed by the community. But this problem is not particular to rural areas. Let's take a look at Seattle itself, right? So 15% of Seattle's residents do not have access to the internet and this number is higher in immigrant or refugee families and low and middle income communities who are living in the city of Seattle. So cellular networks have traditionally been operated exclusively by a few national scale network operators like Verizon and AT&T or T-Mobile in the United States and they all use a wide area license spectrum. These operators kind of deploy very expensive network edge elements like base stations, their own towers or they use leased towers in addition to making a running specialized closed source software and making their architecture very, very centralized. So this makes it possible for these large providers to actually establish some kind of direct peering or interconnects between the operators and other businesses so that they can allow subscribers from one network to actually roam on some other network operators infrastructure. This can be done for various and eventually this can be done for billing purposes or actually giving people enhanced network coverage. But the centralized network core that these operators run means that wherever the network operators do not have service or some partner with whom they provide service, there is actually no network capability. So to address this kind of challenge, smaller organizations really have been turning to something called community cellular networks or private networks and these are used for providing like low cost connectivity in a lot of local areas. But unlike a traditional cellular network, community cellular networks are small, they're independent from cellular networks and they usually consist of a single base station like the tower that you see here in the figure that is there and they take what is usually available in the data centers and move them to the edge, which is the edge of this community where most of the data processing needs to happen. So over the last few years, our lab has actually been working with field partners to deploy some of these community cellular networks. And these type of networks are actually optimized for local needs, they can be run cooperatively and they're sustainable in rural areas, providing all the users in those areas with internet access. But community cellular networks have some challenges, they're severely constrained, they have by like backhaul satellite connectivity because that's how they get their internet access and they also have power supply issues in these regions. And the intermittentness of the power supply actually affects the service that can be provided. So why are we doing this? Why can't telecom operators actually set up infrastructure that is necessary to improve connectivity in rural areas and to provide them with internet access? What happens when these community members actually move out of the network zone that they are in to a different network zone? And traditional LTE networks do not do this because it is not economically viable for them for large corporations to actually do this. And in a community setting, it becomes more like the case of roaming and roaming between networks is a challenging problem because network operators enter into business agreements and replicating a similar result in a community cellular case is a problem of exponential complexity. Every single telecom operator has to have a roaming agreement with some other smaller operator and each of these communities need to work with each other. So and also many countries don't allow national roaming. So this business operation complexity can only be handled really by large telecom operators and it's very cumbersome for smaller community scale operators to actually do this. So that brought us to this important question that we had which is can we provide affordable and sustainable cellular data access in remote and rural areas where there is no cellular network coverage and can we enable these users in smaller community cellular networks to geographically roam between communities without disruptions to their cellular services? But before we go into how we try to answer that question, let me take you through a quick introduction of LTE and LTE is an end-to-end all IP network which consists of two parts. The first part is the radio access network which is this base station that you see here and the second part is the enhanced packet core or the EPC in LTE and the 5G core in 5G both of which behave very similarly and these are these are the networks to which radio access networks are actually connected and these are typically data centers to which radio infrastructure is linked. The LTE network is network architecture specifically is a large complex beast and the interoperability of these two networks is due to standardization of protocols by GSMA and 3GPP which are organizations actively involved in standardizing LTE and wireless protocols. But the first part of the ecosystem is really the users right the user equipment or like the handsets that I get these are standard off-the-shelf mobile handsets which are LTE capable and can support connectivity in different LTE bands and in any innovation that we make we would like to ensure that there is no need to really modify these devices other than their hardware compatibility for a band for example. The second one is the E node B or the G node B in the 5G networks and it's a radio base station which provides radio link interfaces between the between the handsets and the core network and the third part is a mobility entity which is a part of the core network and is in traditional cellular networks it's actually present in data centers and this is the segment that this is like a microservice or a segment that actually handles the various state functionalities of your device so depending it decides when to signal your device when to allow your device to move from one tower to another tower called handovers it helps perform bits and pieces of authentication maintaining the state of it and it performs a very crucial service. The serving gateway is a system that routes and it forwards all the user data packets and allows any traffic management to actually take place and the packet data gateway is a gateway service that actually provides internet connectivity to the users and is capable of performing any policy enforcement or performing lawful interception on the user's data. The home subscriber service is like a database server which contains user related security related information like SIM cards any data limits or any policies that the user has to adhere to when they're using the network but there are a lot of other pieces to the entire LTE architecture but what we can do is we can really strip them down into these series of little microservices and just have these pieces put together to create a minimum functioning LTE network and in the community cellular networks this essentially moves any traditional data center networking operations from the cloud to the edge and in our deployments these run on low power Zotac boxes with a reasonable amount of memory like 4 to 8 GB of memory they're very inexpensive and actively support hundreds of users in a deployment site that we have in Bokundini in Indonesia but what we do is all actively contribute to the development of Open5GS which is the stack that we run on it it's a C implementation of the LTE and 5G protocols but well private LTE and 5G and community cellular networks are promising ways to improve internet connectivity and access they come with a bunch of challenges and as the number of these private players increase in urban areas it opens up this need where you need to enable cooperation for fair spectrum usage especially because most of these smaller organizations cannot afford to buy wide area spectrum license they rely on the unlicensed spectrum and organizations in these areas need to collaborate and coordinate their spectrum so that they avoid any radio resource contention or any radio resource issues but as the density of these operators increase it becomes difficult to establish any such agreements and to monitor spectrum to monitor the usage of different operators on the spectrum so there is this need to build a spectrum coordination mechanism and but you want to maintain them in such a way that the individual network course which are run by different communities or organizations can continue to be independent but still enable coordination and it also enables us options like good opportunities to actually provide the same mobility experiences that centralized telecom operators provide while maintaining the security of these providers so our solution was to address these challenges using using a blockchain layer and allowing all these individual operators to cooperate without losing their independence of their operations and the blockchain could also be used for spectrum coordination it can be used for making decisions about the spectrum and recording these decisions about the spectrum for transparency reasons so the goal of the community of network operators as a whole is to maximize the throughput of the available network resources that they have and the blockchain layer with some changes to the protocols which I will get into actually continue to be backward compatible to cell phone devices where a user can go and attach themselves to a centralized telecom provider and also makes them work in decentralized telecom provider settings without compromising any of the security so what actually really makes roaming complex is that is the need to authenticate a user right who does not belong to the network and it is to grant them access to the network resources so typically this is done by whenever a phone tries to connect to a roaming network it is done by tunneling all the requests from the roaming network to the home network so there is some trusted relationship between the home network and the roaming network but all the requests from the roaming network are actually tunneled home and this affects latencies and results in slightly degraded network experiences but another way would be for the home network to just share the keys of of you of your SIM card to the roaming network based on their trust model but this has some serious security concerns but additionally what happens is all the network cores need to be fully available and connected so when a user tries to connect to a roaming network the authentication is done by the home network of the subscriber but how does this actually happen the LTE and 5G authentication procedures are like a is a protocol that allows bi-directional authentication which means that the users can authenticate to the network and the network also authenticates themselves to the users and this is generally done by using a pre-burned symmetric key in the SIM card provided by the telecom operator and over here we are really constrained to not change any of the authentication mechanisms since these are protocols that the hardware manufacturers have built into phones and these are what standard cellular devices are actually optimized for so we need to make some interesting changes to the core network and the SIM cards follow a specification and are manufactured by a lot of third-party manufacturers like over here we printed our own SIM cards for example and we got them manufactured so it is it is for and all these SIM cards come with use an authentication algorithm called Milanage and it relies on a symmetric key crypto with 128 bit encryption so every SIM card that is provisioned it contains a symmetric key which is stored in the SIM and the same key is also available in the telecom operator's database and along with any additional identifiable fields like the phone number or a unique mobile subscriber identity number as we call them but inside the SIM card the SIM card is broken into like a matrix with a sequence of numbers and these are particularly interesting to us because they are one-time use values which are organized into a matrix and the mobile device what it can do is it uses a sequence of these numbers in a specific row every time it needs to authenticate and join the network so once a vector is actually used or if it is skipped it invalidates the vector and it moves on it moves on and this is typically necessary when there is synchronization issues and where the telecom operator asks the phone to actually re-synchronize and re-establish their authenticity for example if a phone joins or attaches with the sequence value of zero which is the first value here and it then follows it up with the value of 64 the value of 32 is invalidated and it actually cannot be used and the one-time usage property that it provides at a hardware level is what gives us the ability to actually make interesting changes to this but also the LTE specification provides multiple functions called f1 and f2345 which is a collection of four separate functions which are used to randomly generate a value like the message authentication code, the expected response corresponding anonymity key or an integrity key or a cipher key for encrypting the message traffic at the radio layer and so on and these are actually issued by the home subscriber service database that we looked at to the mobility manager which is the state maintainer and it is then further signaled down to the mobile device. So we have a standard telecom authentication mechanism here which we want to continue to keep and we want to emulate this while allowing roaming but to do this the first step would be to connect these networks while allowing each network operator to maintain their independence and since establishing these agreements between many networks in an urban environment is actually extremely difficult we want each of these communities to be able to coordinate despite not being fully connected so to do this we actually connect these network cores over a permissioned consortium blockchain layer we use sawtooth for our experiments and in the measurements of our implementation we see that there are some interesting properties with respect to performance and also the consortium model gives like an interesting trust guarantee of who different communities trust and how different communities want to bring in different core operators into their network so we're partnering with an organization called the local connectivity lab and we're using the blockchain to interconnect independent community cellular network deployments across the city of Seattle and to provide access to Seattle's residents who do not have access to the internet. So to do this we actually modify the authentication procedure a little bit and implement our own protocol called D-Auth which is a decentralized authentication mechanism and in D-Auth what happens is each of the home networks publishes a set of and publishes a signed and a pre-computed authentication vector which are used as one-time tokens and issued to the entire network all the other peers on the network actually take this information and whenever the phone goes to a new network they can automatically consume this information and report the consumption with a proof of success or a proof of failure which can be verified and the issued tokens that are here can also be revoked and they can be reissued so these tokens can be directly used by the mobility manager which means that in a disconnected rural setting if we're looking at it we don't need the roaming network core and the home network core to actually be available at all times to speak to each other so it can work in slightly offline settings and but when a user moves between these networks the biggest problem is that the D-Auth protocol actually results in a disconnect and a reconnect mechanism something similar to how your phone does the disconnect when you enable airplane mode and reconnects to a network when you disable the airplane mode and it actually scans for all the available networks and decides which network it can join but this isn't just a pipe dream we implemented this we connected multiple community cellular network cores as peers over SARTOOTH and each home network actually computes and publishes a fixed set of these vectors for regarding their subscribers or their users to the network and and these values are all issued as transactions which are sent by by the home network core to the peers so the peers actually regularly compute these blocks of transactions and they achieve a common state the current benchmarks that we have are very naive and and in like very disconnected very low throughput settings and we can see that we roughly can achieve four transactions per second but but the transaction item itself is very bulky so we can package a lot of maybe like up to a hundred users worth of information into a specific transaction and send it out so we can achieve four transactions per second what we've been doing since then is try and use batching based optimizations that are already available in SARTOOTH to see if we can achieve closer to the hundreds of transactions per second on unthrottled completely available networks so there's still ongoing experiments for this but what we do see is as the density of these networks actually increase it provides an opportunity to improve the user mobility experiences so typically what mobile large telecom operators do is use techniques called handover where as you're traveling in a car or as you're walking from one location to another your cell phone or your mobile device moves its connection from one tower to another tower and this specific technique is called the handover technique so in a decentralized network performing such handover techniques is extremely difficult because it needs you to share the security state that is available at each of the mobility manager cores that exist in this network so for example if you look at this figure the phone first has is connected to a base station and it's connected to the first network as the phone moves from one cell to another network cell it performs a traditional handover using the XN protocol and this is the same handover protocol that works in today's national scale cellular networks but as the user moves out of one network zone to a network that is operated by a different community we use the DXN which is a decentralized XN protocol by sharing the network state between the between the two network cores and this includes sharing some security context and selectively revealing some information through cryptographic means but it is possible to do that but in in case this fails we use an older protocol or a backward compatible protocol called the S1 protocol but in the decentralized settings to do the exact same exact same thing but as the user moves from this green zone into a zone where there is no network connectivity which is the red zone and moves into a new network the user can go back and use the standard decentralized authentication protocol that that that exists and for the user this needs no changes to their to their actual handsets but it needs changes at each of the individual network cores so the experience is going to be exactly the same and there's going to be no no explicit need to change what's happening but there are some significant challenges and problems that exist here all these handovers are actually time critical operations especially the DXN process and over the blockchain and with with strong cryptographic techniques it becomes it becomes quite slow and most of these handovers result into failure so we're still trying to figure out an interesting way to achieve security properties while maintaining these speed guarantees that exist so in addition to all of this information about mobility and authentication there is a need for coordination of the spectrum so as the unlicensed spectrum as more people start using the unlicensed spectrum there is going to be heavy contention so what we would want to continue doing is take the existing blockchain layer and use a bunch use the fleet of users to perform measurements so the base stations can actually request each of the phones to perform a measurement for all the active base stations and the and their power that exists nearby and report these measurements and the usage of the and the usage of the spectrum to to the base stations all of this information is recorded on the blockchain and it can be used for any machine learning based algorithms to to actually perform decision making and all these decisions are recorded transparently so that you can improve future resource allocation decisions and also the independent network operators know how how these how this information is being used so over this year what we are hoping to do is actually we are running a bunch of parallel efforts at decentralizing all of these protocols and trying to move away from centralized cellular protocols in an effort to see if we can achieve the same properties or the same performance properties that we see in centralized telecom operators in a decentralized set of networks that we have across of Seattle and we are trying to also measure how the user experiences might look like and we are doing these as with continuous experimental rollouts with a bunch of the partners from local connectivity lab and the Seattle community networks and Tacoma cooperative networks and so on who are trying to run these efforts but some of the things that we we did notice in the lab when we were trying to run these experiments is that the blockchain consensus protocols are extremely chatty and they consume lots of bandwidth which is actually a scarce resource for community cellular networks so there there is a need to kind of be able to tune these network parameters to minimize their chattyness and over the next few months we are trying to roll out some of the optimization updates into this real-world deployments that that we have across Seattle so thank you and I'm open to questions and I'll also be available on Twitter or or email if you would like to reach out and ask any more questions I'm trying to find if there are any active questions I do not see them but I'll probably wait for a while to see if there are any questions coming in thank you Brian I see I see a question sorry I missed that how did the FCC give you clearance to experiment and sell networks I think I think that's a great question we we actually use the LTE unlicensed or the 5g unlicensed spectrum and there is but but this is still at this point currently a very centralized process if you look at it you need you need someone who is like a spectrum allocation service or an approved spectrum allocation service we use Google for Google SAS which is the spectrum allocation service and we query Google and we lease out some some of the spectrum that we would like to use so this is the active map of Seattle and a list of available spectrum like how many channels are available in in different regions across across Seattle and across Tacoma for example so it's not we're not buying any spectrum per se but the eventual goal that we would want to go to is actually decentralize the need for having Google SAS or the requirements like the Google SAS and see if these decisions can actually be made over the blockchain in a way such that it is it is tamper proof it's it's recorded and it can be further audited by by someone currently I think it's like a regulatory reason why FCC wants a few SAS operators to actually run this because I think these operators are are audited and you can query them for and you can explicitly ask them why they have been given clearances and so on thank you that that that's a great question I don't know if that answered your question okay I see a question from Benedict thank you can you go into detail on the high bandwidth consumption of the blockchain consensus you mentioned yeah absolutely so all the deployments that we have currently use PBFT and we would we would probably want to lighten that load by going to by going to a more by by going to a different different like consensus algorithm maybe I think poet was one one of the algorithms that we were trying to consider but it needs like specialized hardware like sdx to actually run this but there have been work that that is published at osdi like blockchain and some other consensus protocols like like the stellar consensus protocol and so on which might also be interesting interesting options for us to consider but of course the problem there is the minimum number of players that is necessary to perform this consensus is much larger it's in the order of hundreds to thousands than in the order of ends that we're trying to play with in in this in this ecosystem thank you James I think I think we're actually out of time so I would I would leave this here but please feel free to reach out to me over Twitter or or over over an email and I would be very very happy to have have additional conversations with you thank you