28 August 2009

We Loaded the Truck Today

We are ready to take open source, open access cellular to Burning Man. Some photos from the last few days...

Kitting out the parts at the beginning of what turned out to be a very long week:

Harvind leaving Sam's with steaks, cheese, wine, canned fruit and ... RV batteries:

(Yes, we plan to eat well.)

Acrylic sheets that cracked overnight:

Laying it out again on aluminum:

Starting from the upper left and going clockwise, that's the power amp, the USRP, the single-board computer, the uplink cavity filter, the duplexer, the pre-amp and the power buses.

Finally, we have the three main-site BTS units and some test equipment in the truck:

(Check out the classic Tektronix 7000 mainframe on the left. Nearly as old as me and tough enough for the Playa. There's a R&S CMD-57 in the box. Not quite tough enough for the Playa, so it will live in the box until needed.)

Time for bed. We have a long drive tomorrow.

27 August 2009

We Load the Truck Tomorrow

We are still building the hardware for the Burning Man GSM test network. We should have finished that by Monday, but:

  • We used acrylic sheets for mounting radio components the first assembly. Big mistake. The sheets cracked overnight from the strain of the screws. We rebuilt them with aluminum yesterday.
  • A soldering technician disappeared with our power amps and half of our USRPs. We'll deal with him when we get home. Or maybe have our lawyer deal with him next week. In the meantime, we have a system to build and are expecting replacements today.
  • Some of our cavity filters got damaged in shipment and had to be returned for service. We got them back yesterday. I want to thank Anatech Microwave for their excellent customer support on that emergency repair.
  • The USPS appears to have lost our wifi gear. Hopefully, a second shipment arrives tomorrow. Thanks to PCBAY.com for doing their best to clean that up.
The good news is that we've had some volunteers step forward to help, especially Alon Levy, John Gilmore and Donald Kirker, and their help is saving this project. We still plan to be on the Playa by Saturday afternoon and running the main site by Sunday afternoon. It has just meant a few long nights this week.

12 August 2009

GSM Security Workshop

On November 17 & 18, at the DeepSec conference in Vienna, Harald Welte and I will present a workshop on GSM security. Because I was under an injunction at the time the original workshop description was drafted, the material on the official schedule is very limited, which harms me and DeepSec by limiting advertising. Now that my speech rights have been restored, I'd like to use this blog for a shameless plug.

The DeepSec GSM security workshop will begin with an overview of the GSM air interface, Um, sufficient for those not yet familiar with cellular protocols to follow the subsequent material. We will then describe standard Um security mechanisms, their fundamental flaws, common operational mistakes and known techniques for exploiting these flaws and mistakes. We will describe the mechanisms, capabilities and limitations of passive interception, jamming, active attacks on Um and the use of other public networks for higher-layer attacks. More importantly, we will describe best security practices, means of identifying various attacks and the countermeasures available to carriers and to individual subscribers. Going beyond theory, we will demonstrate many of the attacks and countermeasures using a private GSM network built with commercially available components, software from the OpenBTS and OpenBSC projects, and additional software components not found in the public distributions of those projects. We will also take this opportunity to blow away a lot of the trade secret claims that typically surround this field by reviewing publicly available sources, including patents, academic papers and even the court records of intellectual property disputes, that describe these attacks and countermeasures in sufficient detail to allow their recreation by engineers of ordinary skill.

Of course, that's assuming we get at least three people to sign up for the workshop, which is the minimum number to justify the cost to the conference. For more information, see the conference registration page. Early bird registration ends September 7.

09 August 2009

The Man Burns in 27 Days

Plans to run a cellular system at Burning Man are well under way. We have an FCC license and spectrum coordination with Verizon in the GSM850 band. We have most of our equipment in hand and are starting final assembly this week. We have a store-and-forward SIP/SIMPLE server, thanks to John Gilmore. We have official camp placement and early access to the site. We have a block of 10,000 iNum phone numbers in country code +883, thanks to Voxbone. We have a 70' tower and an installation crew, thanks to Martin Pelayo. Things are on schedule and a lot of people have stepped forward to help us and we thank them all.

We heard a story that Larry Harvey was very concerned when he got wind of our plans, thinking we'd turn the Playa into some kind of chatfest. I'd like to assure Mr. Harvey and anyone else that we don't have the bandwidth to provide normal calling service to 50,000 people, nor do we have roaming and settlement agreements with cellular carriers. We couldn't light up BRC with normal speech service if we wanted to, and we don't want to. Want we can do is provide speech service for about 1,000 early subscribers, which we assume will mostly be early arrivals, BM staff, Rangers, DPW, perimeter patrols, etc. After that, we will have enough bandwidth left to run about 1,500 SMS transfers per minute, allowing us to provide text service to pretty much anyone who wants it. We are hoping participants will find this service useful, as a means of locating friends, meeting new people and getting information about Playa events.

We'll post more on the details of using the service soon, after we have made a few final decisions on network configuration and policies.