320 likes | 332 Views
This study examines the discrepancies in 3G data accounting and identifies both overcharging and undercharging cases. It explores the root causes of these discrepancies and suggests remedies to improve the accounting system.
E N D
Can We Pay for What We Get in 3G Data Access? ACM MOBICOM 2012 Istanbul, Turkey Chunyi Peng, Guan-Hua Tu, Chi-Yu Li, Songwu Lu University of California, Los Angeles
Mobile Data Access is Popular Core Cellular Network Internet 62% US broadband users with wireless data plans; 1.2 billion global users for mobile web.
Mobile Data Accounting Cellular Network Accounting: How much data is actually used? $$$ Usage-based chargingbased on data volume e.g., $15 for 200MB for AT&T iPhone Internet
Accounting in 3G Networks RNC SGSN GGSN 3G Cellular Network Internet BS UE Policy Alice VOP_RAW VOP • Accounting done at SGSN/GGSN • Accounting policy defined by carriers
2 Issues in 3G Accounting RNC SGSN GGSN Question: VUE = VOP? • VUE ≠ VOP_RAW?(accounting architecture) Internet BS UE 2. VOP_RAW ≠ VOP?(policy practice) VUE Policy Alice VOP_RAW VOP
Contributions • First work to assess mobile data accounting • Largely successful, but pathological cases do exist • Study accounting discrepancy between the operator’s log and the user’s record • Identify 2 extreme cases • WE PAY FOR WHAT WE DO NOT GET • WE GET WHAT WE DO NOT PAY FOR • Explore root causes • limitation in accounting architecture • Loopholes in policy practice • Suggest remedies
Methodology • Conduct experiments over 2 US carriers • Partial validation with 3rd US carrier and 2 operators in China and Taiwan • Both extreme and common cases • Use Android phones for mobile data access in various test scenarios • Accessing accounting records VOP from operators • #1: Dial-in for the remaining monthly data usage • #2: Online itemized data usage • BillAudit: logging usage VUE @smartphones
The Rest of Talk • “Overcharging” • Extreme cases • Average cases • Root cause: limitation in 3G accounting architecture • “Undercharging” • Root cause: Loopholes in policy enforcement • “Gray” areas • Discussion and summary
Extreme Case: No Signal ✗ • DL-NS experiment over UDP VUE VOP_RAW (1) Issue a UDP-based service ✗ 3G Network Server Result: s = 50Kbps, t = 10 mins VOP ≈ VSR= 50K x10 x 60/8 = 3.75MB VUE ≈ 0 UEs PAY FOR WHAT THEY DO NOT GET. (2) Move to a blind zone (3) UDP traffic for t mins (rate: s) ✗ VUE VSR VOP
How Bad the Gap Can Be? • Gap = VOP – VUE ≈ S × T • UDP source S: 50Kbps ~ 8Mbps • Duration T: 1min ~ 6 hours • lasts at least three hours! • Observed gap reaches 450MB (t = 1h, s = 1Mbps)! S = 50 Kbps Operator-I, t = 1min Time (hours) Source Rate (Mbps)
Root Cause RNC SGSN GGSN 12 ✗ ✗ VUE --- VOP 3G accounting decision takes local view at SGSN/GGSN, w/o using feedback from end-host.
Still-Bad Case: Even With Signals • DL-NS experiments with different signal strength RSSI (dBm) 3G Network Server Strong-Signal (SS-zone) -90 (1) Issue a UDP-based service ✗ Weak-Signal (W-zone) -105 (2) Stay in different zones ✗ Weaker-Signal (WR-zone) (2) Move to a blind zone -113 No-Signal (NS-zone) (3) UDP traffic for t mins (rate: s) VOP VSR VUE
Gap Exists Even With Signals! S , Gap RSSI , Gap Cause: Packet drops over radio link. (Kbps) Source Rate (Kbps) UEs PAY FOR WHAT THEY DO NOT GET, though wireless link exists!
Still-Bad Case: Intermittent Signals • When users lose signals for a while but recover them shortly • The gap exists with transient lost links • Buffering and retransmission over radio links may reduce the gap (see the paper) • UEs PAY FOR WHAT THEY DO NOT GET, when theytemporarily (10+ seconds) lose wireless links!
So Terrible In Reality? RNC SGSN GGSN 16 • Good news: Probably not! ✗ ✗ ✗ ✗ VOP-- ✗ TCP/App control will teardown it (adjust its incoming rate) Gap for DL-NS over TCP: 2.9 ~ 50KB VUE --- VOP
Application Behaviors • DL-NS tests with 5 applications: • Web, Skype, YouTube, PPS streaming, VLC streaming over VPN Mobile accounting is largely successful in practice. Users may occasionally be overcharged It depends on when and how app control works.
Real User Performance • Two-week usage for 7 users YouTube on the train to NYC.
3 Views on “Overcharging” • Optimistic view: not too bad in reality, no fix • Built-in TCP/application control is sufficient • Alternative (Operator’s) view: not to intend to account the data volume to end-hosts, but the one traversing the core network, no need to fix • Security: What if that the data is not what users want? • Audit: How to guarantee that inside accounting is correct? • Conservative view: need to fix it • Users should pay for what they get • 3G accounting architecture should not depend on external control
Proposals RNC SGSN GGSN 20 • Exploit feedback from devices in accounting decision • E.g., using info already collected by cellular networks VRNC_unsent VOPVOP - VRNC_unsent Packet drops
Loopholes in Accounting Policy Practice RNC SGSN GGSN BS • Loophole: • A DNS flow should be identified by five tuples (src_addr, dest_addr, src_port, dest_port, protocol ID) • But only dest_port (+ protocol ID) is used in practice Policy + Loophole any fake DNS message, or any real data packet using DNS port (53), can be free of charge! Policy VOP_RAW Policy: Free DNS Service VOP VOP (DNS) = 0 VOP (ANY-over-DNS) = 0
Our Findings • Free DNS policy enforcement • Operator-I: Packets via port 53 are free • Operator-II: Packets via UDP+Port 53 are free • Exploit “DNS tunneling” for free data access • Proxy server (outside 3G network) relays packets to/from UE via Port-53 • Observed: Free data access > 200MB, VOP = 0 • No sign to limit “free” data volume
More on Operator Policy • Other carriers • 3rd US carrier: free DNS by June 2012, no free after July • China/Taiwan carriers: no free DNS service at all • Accounting policy is operator specific • Other free or differential-pricing policies • Free Internet access to a given website • Hack: web redirection for free Internet access • Free access via a specific Access Point Name (APN) • Hack: use this APN, not the default APN • Unlimited plans/discounts for Facebook access • Similar to web redirection if we can evade Facebook (probably not)
Discussion and Proposals • Operators have freedom to define their own policy • Flexibility to compete in the market • Gap between policy and policy enforcement • Should be conflict free • Otherwise, policy may open loopholes unanticipated • Simplest fix: stop free DNS service • Negligible DNS traffic volume in normal cases • Other options: • DNS server authentication • Quota • Message integrity check Policy
Effect of Middle-boxes RNC SGSN GGSN • Middle-boxes lead to inconsistent accounting views at the core network and the end host • Pay for the uplink to a non-existing host due to FTP/HTTP proxy Middle-box Invalid link ✗ ✔ ✗ VOP > 0
Packet Drops over the Internet RNC SGSN GGSN 28 • Misbehaviors over the Internet can incur extra mobile data charging • Packet drops over the internet increases volume within cellular networks Packet drops TCP ReTX VOP
Overhead for Wanted Content • VOP covers protocol overhead and app. signaling • HTTP redirection: #redirection , VOP • Email: significant protocol overhead for sending a short email • Skype: significant protocol management overhead • VOP covers Ads, or whatever users may not expect • Hidden cost for free-version applications with more Ads? • Security issue? • Content-centric charging?
Beyond Accounting • Revisit charging/accounting design principles • Cooperate with Internet? Segmented charging for one data service? • Who should pay? Receiver-based, sender-based, or both (current practice)? • For what? Volume? Content? Part of content? • What if using different pricing schemes?
Discussion and Future Work • Revisit accounting architecture • What failures and losses should be handled? • What mechanisms are indispensable for given failures? • When and how does the end host report delivery losses? • How to ensure that the feedback information is secure and trustworthy? • How many mechanisms should be placed into the future cellular network standards? • Policy and policy enforcement
Summary • First assessment of mobile data accounting system over operational 3G networks • Largely successful, but also exceptions • Accounting discrepancy between the operator’s log and the user’s record • Identify two extreme cases: • WE PAY FOR WHAT WE DO NOT GET • WE GET WHAT WE DO NOT PAY FOR • Explore root cause in accounting architecture & policy • Propose remedy suggestions • Many research issues ahead • e.g., security, auditing, pricing, …