can we pay for what we get in 3g data access? acm mobicom 2012 istanbul, turkey chunyi peng,...
TRANSCRIPT
Can We Pay for What We Get in 3G Data Access?
ACM MOBICOM 2012
Istanbul, Turkey
Chunyi Peng, Guan-Hua Tu, Chi-Yu Li, Songwu LuUniversity of California, Los Angeles
Mobile Data Access is Popular
Internet
62% US broadband users with wireless data plans;1.2 billion global users for mobile web.
C PENG (UCLA) @ MOBICOM'12
2
Mobile Data Accounting
InternetCellular Network
$$$
Usage-based charging based on data volume
e.g., $15 for 200MB for AT&T iPhone
Accounting: How much data is actually used?
C PENG (UCLA) @ MOBICOM'12
3
Accounting in 3G Networks
Internet
3G Cellular Network
BS
RNC SGSN GGSN
UE
VOP_RAW
VOP
Alice
Policy
C PENG (UCLA) @ MOBICOM'12
4
• Accounting done at SGSN/GGSN • Accounting policy defined by carriers
InternetBS
RNC SGSN GGSN
UE
VOP_RAW
Alice
Policy
2 Issues in 3G Accounting
Question: VUE = VOP?
1. VUE ≠ VOP_RAW?(accounting architecture)
VUE
2. VOP_RAW ≠ VOP?
(policy practice)
VOP
C PENG (UCLA) @ MOBICOM'12
5
Contributions
First work to assess mobile data accounting Largely successful, but pathological cases do exist Study accounting discrepancy between the operator’s log
and the user’s record Identify 2 extreme cases
WE PAY FOR WHAT WE DO NOT GET WE GET WHAT WE DO NOT PAY FOR
Explore root causes limitation in accounting architecture Loopholes in policy practice
Suggest remedies
C PENG (UCLA) @ MOBICOM'12
6
Methodology
Conduct experiments over 2 US carriers Partial validation with 3rd US carrier and 2 operators
in China and Taiwan Both extreme and common cases
Use Android phones for mobile data access in various test scenarios
Accessing accounting records VOP from operators #1: Dial-in for the remaining monthly data usage #2: Online itemized data usage
BillAudit: logging usage VUE @smartphones
C PENG (UCLA) @ MOBICOM'12
7
The Rest of Talk
“Overcharging” Extreme cases Average cases Root cause: limitation in 3G accounting architecture
“Undercharging” Root cause: Loopholes in policy enforcement
“Gray” areas Discussion and summary
C PENG (UCLA) @ MOBICOM'12
8
WE PAY FOR WHAT WE DO NOT GET9
Extreme Case: No Signal
DL-NS experiment over UDP
(1) Issue a UDP-based service
(2) Move to a blind zone ✗✗(3) UDP traffic for t mins (rate: s)
VUE VOPVSR
Server3G Network
VOP_RAWVUE
✗
Result:s = 50Kbps, t = 10 mins VOP ≈ VSR= 50K x10 x 60/8 = 3.75MB VUE ≈ 0 UEs PAY FOR WHAT THEY DO NOT GET.
C PENG (UCLA) @ MOBICOM'12
10
S = 50 Kbps
Time (hours)
How Bad the Gap Can Be?
Gap = VOP – VUE ≈ S × T UDP source S: 50Kbps ~ 8Mbps Duration T: 1min ~ 6 hours
lasts at least three hours!
Observed gap reaches 450MB (t = 1h, s = 1Mbps)! Operator-I, t = 1min
Source Rate (Mbps)
C PENG (UCLA) @ MOBICOM'12
11
Root Cause12
RNC SGSN GGSN
VUE ---
✗
✗
VOP
3G accounting decision takes local view at SGSN/GGSN, w/o using feedback from end-host.
C PENG (UCLA) @ MOBICOM'12
12
Still-Bad Case: Even With Signals
DL-NS experiments with different signal strength
(1) Issue a UDP-based service
(2) Move to a blind zone✗
(3) UDP traffic for t mins (rate: s)
VUEVOP VSR
(2) Stay in different zones✗
Server3G Network
RSSI (dBm)
-113
-105
-90Strong-Signal (SS-zone)
Weak-Signal (W-zone)
Weaker-Signal (WR-zone)No-Signal (NS-zone)
C PENG (UCLA) @ MOBICOM'12
13
Gap Exists Even With Signals!
S , GapRSSI , Gap Cause: Packet drops over radio link.
Source Rate (Kbps)UEs PAY FOR WHAT THEY DO NOT GET,
though wireless link exists!
(Kbps)
C PENG (UCLA) @ MOBICOM'12
14
Still-Bad Case: Intermittent Signals
When users lose signals for a while but recover them shortly
The gap exists with transient lost links Buffering and retransmission over radio links may
reduce the gap (see the paper) UEs PAY FOR WHAT THEY DO NOT GET, when
they temporarily (10+ seconds) lose wireless links!
C PENG (UCLA) @ MOBICOM'12
15
So Terrible In Reality?
Good news: Probably not!
TCP/App control will teardown it (adjust its incoming rate)
✗
Gap for DL-NS over TCP: 2.9 ~ 50KB
✗
VOP--
16
RNC SGSN GGSN
VUE ---
✗
✗
VOP
✗
C PENG (UCLA) @ MOBICOM'12
16
Application Behaviors
DL-NS tests with 5 applications: Web, Skype, YouTube, PPS streaming, VLC streaming
over VPN
Web Skype YouTube PPS VLC
Med (MB) -0.03 0.88 0.23 3.30 2.97
Min (MB) 0.00 0.40 0.20 0.72 1.45
Max (MB) -0.04 0.99 0.34 4.3 29.9
Mobile accounting is largely successful in practice.Users may occasionally be overcharged
It depends on when and how app control works.
C PENG (UCLA) @ MOBICOM'12
17
Real User Performance
Two-week usage for 7 users
Operator-I Operator-II
User 1 2 3 4 5 6 7 (1day)
Apps. Map StockGame
Skype, PPS etc.
YouTube, PPS
Ebook - YouTube, PPS
VUE 194.2 270.3 124.6 900.2 121.7 47.1 72.4
VOP 192.6 270.0 129.4 948.4 120.9 47.3 77.6
Gap -1.8 -0.3 4.8 48.2 -0.8 0.2 5.2
-0.9% -0.1% 3.9% 5.3% -0.6% 0.4% 7.2%
YouTube on the train to NYC.
C PENG (UCLA) @ MOBICOM'12
18
3 Views on “Overcharging”
Optimistic view: not too bad in reality, no fix Built-in TCP/application control is sufficient
Alternative (Operator’s) view: not to intend to account the data volume to end-hosts, but the one traversing the core network, no need to fix Security: What if that the data is not what users want? Audit: How to guarantee that inside accounting is correct?
Conservative view: need to fix it Users should pay for what they get 3G accounting architecture should not depend on external
control
C PENG (UCLA) @ MOBICOM'12
19
Proposals
Exploit feedback from devices in accounting decision E.g., using info already collected by cellular networks
VRNC_unsent VOPVOP - VRNC_unsent20
RNC SGSN GGSN
C PENG (UCLA) @ MOBICOM'12
20
WE GET WHAT WE DO NOT PAY FOR21
Loopholes in Accounting Policy Practice
BS
RNC SGSN GGSN
VOP_RAW
VOP
Policy Policy: Free DNS Service
VOP (DNS) = 0
Loophole: • A DNS flow should be identified by five tuples (src_addr, dest_addr, src_port, dest_port, protocol ID)• But only dest_port (+ protocol ID) is used in practice
Policy + Loophole
any fake DNS message, or any real data packet using DNS port (53), can be free of charge!
VOP (ANY-over-DNS) = 0
C PENG (UCLA) @ MOBICOM'12
22
Our Findings
Free DNS policy enforcement Operator-I: Packets via port 53 are free Operator-II: Packets via UDP+Port 53 are free
Exploit “DNS tunneling” for free data access Proxy server (outside 3G network) relays packets
to/from UE via Port-53 Observed: Free data access > 200MB, VOP = 0 No sign to limit “free” data volume
C PENG (UCLA) @ MOBICOM'12
23
More on Operator Policy
Other carriers 3rd US carrier: free DNS by June 2012, no free after July China/Taiwan carriers: no free DNS service at all Accounting policy is operator specific
Other free or differential-pricing policies Free Internet access to a given website
Hack: web redirection for free Internet access Free access via a specific Access Point Name (APN)
Hack: use this APN, not the default APN Unlimited plans/discounts for Facebook access
Similar to web redirection if we can evade Facebook (probably not)
C PENG (UCLA) @ MOBICOM'12
24
Discussion and Proposals
Operators have freedom to define their own policy Flexibility to compete in the market
Gap between policy and policy enforcement Should be conflict free Otherwise, policy may open loopholes unanticipated
Simplest fix: stop free DNS service Negligible DNS traffic volume in normal cases Other options:
DNS server authentication Quota Message integrity check
Policy
C PENG (UCLA) @ MOBICOM'12
25
“GRAY” ACCOUNTING AREAS26
Effect of Middle-boxes
Middle-boxes lead to inconsistent accounting views at the core network and the end host Pay for the uplink to a non-existing host due to
FTP/HTTP proxy
Invalid link
VOP > 0
RNC SGSN GGSN Middle-boxMiddle-box
✗
✗✔
C PENG (UCLA) @ MOBICOM'12
27
Packet Drops over the Internet
Misbehaviors over the Internet can incur extra mobile data charging Packet drops over the internet increases volume within
cellular networks
28
VOP TCP ReTX
RNC SGSN GGSN
C PENG (UCLA) @ MOBICOM'12
28
Overhead for Wanted Content
VOP covers protocol overhead and app. signaling HTTP redirection: #redirection , VOP Email: significant protocol overhead for sending a short
email Skype: significant protocol management overhead
VOP covers Ads, or whatever users may not expect Hidden cost for free-version applications with more Ads? Security issue?
Content-centric charging?
C PENG (UCLA) @ MOBICOM'12
29
Beyond Accounting
Revisit charging/accounting design principles Cooperate with Internet?
Segmented charging for one data service? Who should pay?
Receiver-based, sender-based, or both (current practice)?
For what?
Volume? Content? Part of content? What if using different pricing schemes?
C PENG (UCLA) @ MOBICOM'12
30
Discussion and Future Work
Revisit accounting architecture What failures and losses should be handled? What mechanisms are indispensable for given failures? When and how does the end host report delivery
losses? How to ensure that the feedback information is secure
and trustworthy? How many mechanisms should be placed into the
future cellular network standards? Policy and policy enforcement
C PENG (UCLA) @ MOBICOM'12
31
Summary
First assessment of mobile data accounting system over operational 3G networks Largely successful, but also exceptions
Accounting discrepancy between the operator’s log and the user’s record Identify two extreme cases:
WE PAY FOR WHAT WE DO NOT GET WE GET WHAT WE DO NOT PAY FOR
Explore root cause in accounting architecture & policy Propose remedy suggestions
Many research issues ahead e.g., security, auditing, pricing, …
C PENG (UCLA) @ MOBICOM'12
32