Skip to main content

Prof. Dr.-Ing. Andreas Steill's group's OpenBTS setup at Fachhochschule Kaiserslautern

Traditionally the development of GSM technology has been largely the reserve of GSM Association members and their partners, subcontractors and licensees. This was due in part to the complexity of GSM but perhaps also as a result of concerns over the legality of any entirely independent grassroots initiative. In addition it is quite likely that a fear of being perceived as a black hat hacker has played some part. However, the situation has started to change over the last few years and we are now seeing the opening up of GSM technology via a number of open source efforts.

Bringing the Simplicity of the VoIP Network to GSM

The first major undertaking to speak of is the OpenBTS project, which implements a massively simplified GSM infrastructure that provides a bridge between the air interface ('Um' in GSM parlance) and Voice-over-IP (VoIP). In effect this makes registered mobile handsets looks like VoIP devices, and of course with PSTN breakout they become part of the global telephone network. Since OpenBTS employs a software-defined radio (SDR) subsystem this makes the hardware requirements much simpler. The complex encoding, synchronisation and modulation etc schemes employed by GSM are dealt with in the software domain, and this software is made available under an open source licence. Not only that, but the reference hardware, the Universal Software Radio Peripheral (USRP), is an open source hardware design. What this all means is that for a few thousand pounds you can create a small scale GSM network. Handy if you wanted to, say, implement the first ever GSM network on the Pacific Island of Niue, or operate a cellular service for a festival taking place in Nevada's Black Rock Desert. Impressive? This is only the start as far as the OpenBTS potential is concerned.

 

Researching GSM Architecture

Where OpenBTS pays no attention to the complex hierarchy of the GSM system and instead strives for the simplest way of providing network service, OpenBSC seeks to conform to GSM architecture. Again this is an open source software project, however, it leaves the radio smarts to off-the-shelf 'micro' and 'nano' GSM Base Transceiver Station (BTS) hardware. Instead the software is concerned with implementing the GSM functions normally provided by network components such as a Base Station Controller (BSC), Mobile Switching Center (MSC) and Home Location Register (HLR) etc. This approach makes it possible to research and experiment with existing GSM architecture, and rather than competing with OpenBTS it may be seen as complementary. Furthermore, whilst the USRP hardware is relatively inexpensive it is possible to pick up surplus nanoBTS equipment for even less.

Opening up GSM Handset Baseband Software

A third project of note and no less impressive is OsmocomBB, which is working toward the goal that "on a compatible phone, you should eventually be able to make and receive phone calls, send and receive SMS, etc. based on Free Software only." This is a big deal. When people debate the openness of one mobile phone platform versus another they are talking about everything but GSM; applications such as diallers, address books and web browsers, middleware for encoding and decoding video and device drivers for WLAN chipsets and framebuffers etc. Even if the GSM baseband is running on the same processor as everything else, it will be proprietary code and it will be running in a protected partition, e.g. via a hypervisor. OsmocomBB is about opening up the GSM components in a handset's software bill of materials, such that one day it will be possible to operate a handset using a software stack that is open source from top to bottom.

Challenges

The driving forces behind the aforementioned projects have taken careful steps to ensure that they do not infringe the intellectual property rights of others and this may mean that certain GSM functions are not currently implemented.  Furthermore, it is likely that much of this technology has not been certified and this may preclude its use in certain jurisdictions, or in the case of handset baseband firmware with an existing network operator. There will also be those who, similar to early Linux detractors, claim that the technology is not 'industrial grade'. However, given sufficient motivation it is likely that, as with initial concerns over enterprise adoption of open source, any legal, regulatory and fitness for purpose concerns can be addressed

Motivation

OpenBTS is important because it hugely simplifies the infrastructure required to provide GSM service. As such it greatly reduces the costs associated with building a network and thus lowers the barrier to access. Not only is the technology made more affordable but it also becomes much easier to operate and, since it's software-defined, to upgrade. This is extremely good news for developing nations and it may also bring about new unforeseen use cases for GSM.

The architecturally correct OpenBSC will help to foster a more widespread understanding of GSM architecture. Through its use of certified GSM baseband (BTS) hardware it may be used to assist in the development of OpenBTS and OsmocomBB, in addition to providing an alternative to OpenBTS.

The security of the GSM architecture has been a growing concern and all three projects will help to bring some transparency to this, and OsmocomBB may offer a route to providing security fixes in the handset. Furthermore, combined with OpenBTS or OpenBSC it may be possible to entirely replace sub-optimal or patent encumbered technologies with improved or open alternatives.

The Future

An opportunity exists to create a turnkey OpenBTS solution in the form of an application-specific board with a simple RF front-end (pre-amp, PA and filters), digital converters, FPGA (for digital down-conversion etc) and a general purpose CPU with RAM and flash. Else simply a PCI board with all the aforementioned minus CPU and memory. It is quite likely that such a solution could retail for circa £1,000 or perhaps even less. Combine this with a modest source of renewable energy and a programme to recycle functional-but-out-of-fashion-handsets and you have an extremely interesting proposition for areas of the world that are currently without GSM coverage.

It is likely that the advent of OpenBSC and OsmocomBB will bring about a much more widespread understanding of GSM architecture and any shortcomings. It is hoped that this will drive increased transparency for such critical infrastructure technology and may result in more secure and generally robust implementations. Furthermore, OsmocomBB may enable stock handsets to be modified to work with a network operated via OpenBTS and without incurring licensing fees, where intellectual property rights have been secured for certain GSM technologies and may have otherwise precluded this.

At the time of writing recent developments included an outline plan to get GSM Layer 1 support into the Linux kernel , and a proposal to create a completely open handset research and prototyping platform via OsmocomBB combined with an OMAP4 based Pandaboard + Openmoko Freerunner hardware. Exciting times ahead!

-- Andrew Back

A group of people with a shared interest in Open Source Hardware, we hold regular meetings in and around London.
DesignSpark Electrical Logolinkedin