Friday, August 24, 2018

Military base model for communications v1.4

A. Introduction

There was a discussion for setting up communications for military when they deployed at a location with a single Radio Base Station (RSB) tower and a control box. It then evolved to setting ups similar communications at a military base. 
The proposal diagram or design probably isn’t flexible, but the requirement or setup supports deployment of a single (compact) RBS tower and its RBS control box or more RBS towers and RBS control boxes.

In case that military or search/rescue team required more features than a single RBS control box offered, they should add a central server, i.e. another small box.
Most of equipment is “public-used” equipment except the packet analyzer, military satellite, and dynamic encryption algorithms. The RBS is a regular RBS using a special frequency band allocated to military instead of 5G frequency used in public. By using most of equipment used in public, the cost of system development and equipment would be less expensive.



Figure 1. A model of equipment network at a military base

B. RBS and its control box

We can use a 5G’s RBS including internal RAN to support Internet or VoIP communications. With RBS such as an APY with internal RAN, the system would be compact for deployment in a battle or search/rescue zone. This RBS would be configured to use another frequency band allocated to military.
The RBS would have 2 output cables, one for regular voice and one for IP communication (output from RAN). There would be 2 special cards connecting those outputs to an RBS control box, which is like a computer server such as EMS server.

The control box could offer simple telephone communications to its mobile phones as well as text messaging. Basically it functions is limited as compared to a telecom switch. The control box would take care of dynamic encryption with its mobile phones connecting via the RBS. The control box could offer simple broadcasting a message by voice or texts to all mobile phones connecting to its RBS.
Mobile users could talk or communicate directly to staff at the RBS control box.

C. Mobile Phone
Mobile phones are also used special frequency band with limited functionality such as voice communication, voice over IP, web browsing, dynamic encryption, etc.

There should be 2 interfaces or dial pads on each mobile phone. The users would use a dial pad to make regular calls to internal users at the base or using the other dial pad to make outgoing (friend’s) calls using VoIP on the mobile phone.  By separating 2 dial pads the software development, system settings, and network managing tasks would be easier.
Friend’s VoIP and Internet browsing would be redirected to the Internet Gateway, where a simple packet analyzer implemented to provide better security.

D. Satellite modem and router (Gateway)
There are cases that a staff base wanted to call another staff stationed in another base. Calls or texts would be redirected to the satellite modem and router, where messages would be relayed by military satellite networks.

We assumed that military equipment is better in security than Internet.

The long distance calls from a base to another base could also be VoIP (VoLTE) calls routed to the Internet Gateway using Internet network instead of satellite gateway. It’s up to system providers and military to pick a solution. This VoLTE option instead of regular voice calls could save military from buying special boxes to convert RBS voice messages at the receptionist’s landline or VoIP phone. Security and performance of voice calls using either gateway could be the same. Those calls would be rung on receiving mobile phone using VoLTE to make system design simpler.
E. Central server for telecom

This central server is like a simple version of co-located MSC/HLR and SCP/IN. It offers coordination and managing of all RBS control boxes and its mobile users. The central server only offers essential features to mobile users, i.e. it’s not a full version of a collocated MSC-HLR or SCP/IN.
The central server also equipped with dynamic encryption to communicate with all RBS control boxes through a local area network. This didn’t imply that the local area network is unsecured, but it is a useful setting in case that the central server and RBS boxes are located far apart and communicate with each other via a wireless LAN or a satellite LAN.

Central control box could broadcast voices or messages to all mobile users, a group of mobile users, or several groups of mobile users connecting to different RBS. The settings must be pre-configured by an interface.
F. Miscellaneous features

1. Local call or call to another base
The central server has a database for all phone numbers of staff in their base as well as most (remote) dialed phone numbers of staff in other bases. If the list of (remote) phone numbers is very long, they could only specify the receptionist phone numbers at other bases, where calls would be redirected by an operator or PBX at remote locations. 

When a mobile user calls to another base, the RBS control box sends a usual message to the central server to enquire a routing path. The return message from the central server would be the IP of the satellite modem and router or a gateway indicator (described later) to specify the satellite router plus required information. The RBS control box would relay voice calls toward the satellite modem and router for communications.

The packet for satellite calls could in VoIP or regular voice calls. The satellite router would need to pack the packet in correct (satellite packet) format. Actually if it was a VoIP call, it could remove the IP header/footer and insert an indicator for the satellite receiver to add back the required IP header/footer before packet delivery.
2. Different gateways

There are 2 gateways in the diagram above. One gateway is for Internet communication, and another is for satellite communication. We don’t want a message passed or came out of the wrong gateway.

To ensure correct communication with a gateway, the network could specify a list of destination IP addresses in central server and at each gateway. However it would be easier for gateway to decide if a message was destined out by its gate, we could add a special byte or indicator in each packet.
For example, (calls another base) the central server, which was communicated by a RBS control box for a call, determined if a voice message was not for a local user, it could add an (satellite) indicator to inform the RBS control box in a return message. The RBS control box would insert that (satellite) indicator in each voice/data packet to send it over the LAN, e.g. indicator 1 for satellite and 2 for Internet Gateway. The correct (indicated satellite router) gateway would pick up the message unpack it, remove the indicator, and pack it again in correct format before sending out to the satellite in this case.

The RBS control box would direct (private) VoIP calls, private text messages, or browsing Internet activity to the Internet gateway. Therefore it would pack the Internet gateway indicator in each IP packet before sending it over the LAN. The Internet gateway would remove that indicator and repack the message. The RBS control box would be able to distinguish if a call from a mobile user was a VoIP or a regular voice call.

3. Local mobile calls

When a mobile phone placed an internal call, the RBS control box would also send a message to the central server to enquire the location of the called mobile phone. The central server would return a message with last known location of the called mobile user. The RBS control box would redirect voice calls to the destined RBS control box. Because a military base is using private frequency band, thus it could broadcast a mobile paging signal by all RBS if the last known location was not correct.
The delivery of text messages from an RBS to another RBS is similar as voice call delivery.

G. Incoming call from VoIP (Internet) gateway, landline phone server, or satellite router


By default incoming call from a gateway would be routed to the central server, which determined where that call should be destined, e.g. to an RBS or local land PBX. After receiving a message from the central server, the gateway would route that call to a correct destination source.
H. Some security measures

Mobile phones, RBS, RBS control box, central server for telecom, Internet gateway, and satellite router are equipped with a simple packet analyzer and dynamic encryption of packets to prevent fraudulent access to the network.

Mobile phone and RBS should only support communications by using the special frequency band allocated for military, i.e. military’s mobile phone doesn’t support frequency bands used in public such as other 5G phones. This limits exposure of military stuff in public telecom networks.

Mobile phones don’t support mobile router feature. This also limits connection of normal/civil laptop or tablets to a military phone.

Military should be allocated a unique set of encryption algorithms for all bases. However, each base could name each algorithm a different name as they like, because this would make guessing harder to hackers. Military doesn’t have any policy to allow free roaming by laptop/phone from a base to another base. A (military personnel) visitor should contact IT staff of a visiting base to get a temporary phone or specific settings in their phones for communications. It’d be easier to give visitor a temporary phone, i.e. visitor could forward their personal calls to this temporary phone while visiting the base for a few days.

As a base has limited number of staff or personnel and equipment, military IT could try to change name of encryption algorithms after a few months by updating all devices or equipment using a physical cable connecting to a server. Basically updating over the air should be avoided.

To offer comfort to visitors, a base could reserve a guest area that offers free Internet and landline (or VoIP) public phones to all visitors. The Internet network in this area would be separated from the internal network discussed above. This area also supports WiFi with shorter range, i.e. enough to cover the guest area, but didn’t reach outside residents or internal networks. This area is also equipped with a simple packet analyzer at the Internet gateway. After each use by visitors, the area’s networks should be scanned for all files being modified or created during its operation, i.e. detecting if any hacking tools had been installed. The guest area could be shut down if nobody used it. If it’s simple, IT could restore the system images of all equipment in the guest area to clean all possible hacking patches after each use.

A visitor could organize a presentation in the guest area. However it’s not as secure system as in the internal network. The presentation slides should be self-contained, i.e. doesn’t require Internet access. This would help to protect a guest’s laptop as it’s connected directly to a projector.

A visiting military officer wouldn’t have access or remote login back to his base by plugging his laptop into the internal network due to different encryption names. This is also to protect the remote network from unauthorized rlogin, and to avoid sending a visitor's userid and password over Internet or satellite network.

If you wanted to avoid hacking patches on a mobile phone or laptop, then don’t allow any installation of applications or games on a phone or laptop. Users could browse Internet to read news or play some web games. Any installation request from a laptop or mobile phone would require an approval by a system administrator. This could be done by software on a laptop/phone to notify a system server for any installation attempt. Unless it’s previously approved by a system admin, any installation attempts would fail.

J. An example of a  mixed setting of communication lines

Depending on location of military camps, there could be mixed settings of communication lines between an RBS control box and its central server. WLAN could also be used as communication method in one of those RBS control box.


Figure 2. Mixed setting of communication lines.

6 comments:

  1. There are 4 types of useful LAN in this model, i.e. private LAN, Wireless LAN, satellite LAN, and public Internet LAN.

    Sometime it's better to use public Internet line to connect a component to the system due to fewer possible hacking connection to the communications. For example, wireless LAN would make the hacking area around 50km square. So, using public Internet line to connect a RBS control box to private LAN may reduce possible hacking points.

    Costs of running a private cable from a remote RBS control box to private LAN may be high, too.

    If we looked at wiring connection of Internet backbone, we could say optical fiber is more secured than traditional cable for TV, i.e. a residential fiber router could not reach other fiber routers because there was a (underground) connection box in between.

    There could be a mixed setting for network connection, i.e. a mix of wireless LAN, public Internet LAN, satellite LAN, and private LAN for communications.

    ReplyDelete
  2. There are 2 features that could be useful, i.e. mobile router and multi-band mobile phones. However, each feature would open another gate into the mobile phone or internal network.

    Mobile phone acts as a wireless modem/router to allow laptop, tablet, or other devices to connect to an RBS or internal network. The mobile phone would authenticate those devices and approve connection manually. This would prevent unauthorized connection to the mobile phone. The mobile phone is then acted as a transfer station to allow those device communicate with the RBS and internal network, i.e. those devices must be able to handle encryptions used by the RBS and internal network.

    Multi-band mobile phone would allow military personnel to roam in public wireless network easily. How many military personnel would use this feature? This also exposes the mobile phone to public network.

    ReplyDelete
  3. The idea of using Internet or LAN protocol was to avoid running cables or digging holes every where. It's crazy enough to maintain pack of Ethernet cables in an office. It would be harder to run long cables connecting RBS Control boxes to Central Server and other gateways. So, it's not really IoT.

    It'd be easier to connect another box to the LAN and system later. Most of computer systems support Internet or IP protocol, btw.

    ReplyDelete
  4. Military used to have ear lope communication system, but this communication method is very confusing as similar voices over the air, i.e. we can't be sure of the identification of a talker. Each of us has unique ear lope's frequency for this kind of communications.

    In the current situation, fuckers have a list of frequencies of each military personnel as well as many of us, i.e. military officers and our self could be confused by those fuckers with ear lope communications.

    This led to the design of an commercial RBS (military frequency to make it independent with a local 5G telephony) with an RBS control box to provide local telephony communication to military personnel in a zone. The only critical piece is to design a "tight and secure" ear phone for communication with a phone handset. The ear phone must be designed for military movement in a battle field, i.e. not easy to fall out. The communication range between a handset and ear phone should be less than 2 meters for secured communication. With ear phone, military personnel could recognize voices of their commanders or friends easily.

    Later on, demands came in for a military base and city police. The settings of military camps spread out in many locations, i.e. requirement for a mixed communication settings for RBS to provide secure communications.

    ReplyDelete
  5. If you thought about issues that we've been through in the past 6 years, you would need technical/protocol specifications for our system in order to trouble shoot problems.

    Many legacy military systems have "deadly" bugs, but developers ran away. Other technical staff couldn't fix problems, because there was no technical specifications. It's like a huge black box.

    5G RBS with military frequency means military could use 5G technical specifications to trouble shoot.

    Fuckers use helmets and neural networks to peep (beep beep) our memory, thus we couldn't keep anything secret. Having a specification to understand our system is a better choice.

    It comes down to "packet analyzer" to defend our networks, and "dynamic encryption" to defend our communications. It would be better to design an encryption algorithm in a secret way, thus fuckers couldn't crack it.

    ReplyDelete
  6. WLAN in this post is wireless LAN, i.e. not wide LAN.

    ReplyDelete