OpenBTS (Open Base Transceiver Station) is a software-based
GSM access point, allowing standard GSM-compatible
mobile phone
A mobile phone, cellular phone, cell phone, cellphone, handphone, hand phone or pocket phone, sometimes shortened to simply mobile, cell, or just phone, is a portable telephone that can make and receive telephone call, calls over a radio freq ...
s to be used as
SIP endpoints in
Voice over IP
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Interne ...
(VoIP) networks. OpenBTS is open-source software developed and maintained by
Range Networks
Range Networks, Inc. is a U.S. company that provides open-source software products used to operate cellular networks. Founded in 2011, Range Networks is headquartered in San Francisco, CA, with satellite offices worldwide.
History
In 2007 David ...
. The public release of OpenBTS is notable for being the first
free-software implementation of the lower three layers of the industry-standard GSM
protocol stack
The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...
.
It is written in
C++ and released as free software under the terms of version 3 of the
GNU Affero General Public License
The GNU Affero General Public License (GNU AGPL) is a free, copyleft license published by the Free Software Foundation in November 2007, and based on the GNU General Public License, version 3 and the Affero General Public License.
The Free Sof ...
.
Open GSM infrastructure
OpenBTS replaces the conventional GSM operator
core network
A backbone or core network is a part of a computer network which interconnects networks, providing a path for the exchange of information between different LANs or subnetworks. A backbone can tie together diverse networks in the same building, ...
infrastructure from layer 3 upwards. Instead of relying on external
base station controllers for
radio resource management Radio resource management (RRM) is the system level management of co-channel interference, radio resources, and other radio transmission characteristics in wireless communication systems, for example cellular networks, wireless local area networks ...
, OpenBTS units perform this function internally. Instead of forwarding call traffic through to an operator's
mobile switching center
Network switching subsystem (NSS) (or GSM core network) is the component of a GSM system that carries out call out and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mob ...
, OpenBTS delivers calls via
SIP to a VOIP soft switch (such as
FreeSWITCH
FreeSWITCH is free and open-source server software for real-time communication applications, including WebRTC, video, and voice over Internet Protocol (VoIP). It runs on Linux, Windows, macOS, and FreeBSD. FreeSWITCH is used to build private br ...
or
yate
Yate is a town and civil parish in South Gloucestershire, England. It lies just to the southwest of the Cotswold Hills and is northeast of Bristol city centre and from the centre of Bath, with regular rail services to Bristol and Glouceste ...
) or
PBX (such as
Asterisk
The asterisk ( ), from Late Latin , from Ancient Greek , ''asteriskos'', "little star", is a typographical symbol. It is so called because it resembles a conventional image of a heraldic star.
Computer scientists and mathematicians often vo ...
). This VOIP switch or PBX software can be installed on the same computer used to run OpenBTS itself, forming a self-contained cellular network in a single computer system. Multiple OpenBTS units can also share a common VOIP switch or PBX to form larger networks
The OpenBTS
Um air interface uses a
software-defined radio
Software-defined radio (SDR) is a radio communication system where components that have been traditionally implemented in analog hardware (e.g. mixers, filters, amplifiers, modulators/ demodulators, detectors, etc.) are instead implemented b ...
transceiver
In radio communication, a transceiver is an electronic device which is a combination of a radio ''trans''mitter and a re''ceiver'', hence the name. It can both transmit and receive radio waves using an antenna, for communication purposes. The ...
with no specialized GSM hardware. The original implementation used a
Universal Software Radio Peripheral
Universal Software Radio Peripheral (USRP) is a range of software-defined radios designed and sold by Ettus Research and its parent company, National Instruments. Developed by a team led by Matt Ettus, the USRP product family is commonly used b ...
from Ettus Research, but has since been expanded to support several digital radios in implementations ranging from full-scale base stations to embedded
femtocell
In telecommunications, a femtocell is a small, low-power cellular base station, typically designed for use in a home or small business. A broader term which is more widespread in the industry is ''small cell'', with ''femtocell'' as a subset. It c ...
s.
History
The project was started by Harvind Samra and David A. Burgess with the aim of the project to drastically reduce the cost of GSM service provision in rural areas, the developing world, and hard to reach locations such as oil rigs. The project was initially conducted through Kestrel Signal Processing, the founders' consulting firm.
On September 14, 2010, at the Fall 2010
DEMO conference, the original authors launched
Range Networks
Range Networks, Inc. is a U.S. company that provides open-source software products used to operate cellular networks. Founded in 2011, Range Networks is headquartered in San Francisco, CA, with satellite offices worldwide.
History
In 2007 David ...
as a start up company to commercialize OpenBTS-based products.
In September 2013, Burgess left Range Networks and started a new venture called Legba and started a close collaboration with Null Team SRL, the developers of
Yate
Yate is a town and civil parish in South Gloucestershire, England. It lies just to the southwest of the Cotswold Hills and is northeast of Bristol city centre and from the centre of Bath, with regular rail services to Bristol and Glouceste ...
. In February 2014, Legba and Null announced the release of YateBTS, a fork of the OpenBTS project that uses Yate for its control layers and network interfaces.
Platforms
A large number of experimental installations have shown that OpenBTS can run on extremely low overhead platforms. These including some CDMA handsets - making a GSM gateway to a
CDMA
Code-division multiple access (CDMA) is a channel access method used by various radio communication technologies. CDMA is an example of multiple access, where several transmitters can send information simultaneously over a single communication ...
network. Computer security researcher Chris Paget reported that a handheld device, such as an
Android phone, could act as a gateway base station to which handsets can connect; the Android device then connects calls using an on-board
Asterisk
The asterisk ( ), from Late Latin , from Ancient Greek , ''asteriskos'', "little star", is a typographical symbol. It is so called because it resembles a conventional image of a heraldic star.
Computer scientists and mathematicians often vo ...
server and routes them to the
PSTN
The public switched telephone network (PSTN) provides infrastructure and services for public telecommunication
Telecommunication is the transmission of information by various types of technologies over wire, radio, optical, or other el ...
via
SIP over an existing
3G network.
Security
At the 2010
DEF CON
DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyer ...
conference, it was demonstrated with OpenBTS that GSM calls can be intercepted because in GSM the handset does not authenticate the base station prior to accessing the network.
OpenBTS has been used by the security research community to mount attacks on cellular phone baseband processors. Previously, investigating and conducting such attacks was considered impractical due of the high cost of traditional cellular base station equipment.
Field tests
Large scale live tests of OpenBTS have been conducted in the United States in Nevada and northern California using temporary radio licenses applied for through Kestrel Signal Processing and
Range Networks
Range Networks, Inc. is a U.S. company that provides open-source software products used to operate cellular networks. Founded in 2011, Range Networks is headquartered in San Francisco, CA, with satellite offices worldwide.
History
In 2007 David ...
, Inc.
Burning Man
During the
Burning Man festival in August 2008, a week-long live field test was run under
special temporary authorization license. Although this test had not been intended to be open to Burning Man attendees in general, a number of individuals in the vicinity succeeded in making out-going calls after a mis-configured Asterisk PBX installation allowed through test calls prefixed with an
international code. The test connected about 120 phone calls to 95 numbers in area codes over North America.
At the 2009 Burning Man festival, a larger test setup was run using a 3-sector system. For the 2010 festival, an even larger 2-sector 3-carrier system was tested.
At the 2011 festival, the OpenBTS project set up a 3-site network with
VSAT
A very-small-aperture terminal (VSAT) is a two-way satellite ground station with a dish antenna that is smaller than 3.8 meters. The majority of VSAT antennas range from 75 cm to 1.2 m. Bit rates, in most cases, range from 4 kbit/s up to 16 ...
gateway and worked in conjunction with the
Voice over IP
Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Interne ...
services company
Voxeo
Voxeo Corporation was a technology company that specialized in providing development platforms for unified customer experience (self-service) and unified communications (real time communications) applications. Voxeo was headquartered in Orlando, ...
to provide much of the off-site call routing.
"RELIEF" exercises
RELIEF is a series of disaster response exercises managed by the
Naval Postgraduate School
The Naval Postgraduate School (NPS) is a public graduate school operated by the United States Navy and located in Monterey, California.
It offers master’s and doctoral degrees in more than 70 fields of study to the U.S. Armed Forces, DOD ci ...
in
California
California is a state in the Western United States, located along the Pacific Coast. With nearly 39.2million residents across a total area of approximately , it is the most populous U.S. state and the 3rd largest by area. It is also the ...
, USA. Range Networks operated OpenBTS test networks at the RELIEF exercises in November 2011 and February 2012.
Niue
In 2010, an OpenBTS system was installed on the island of
Niue
Niue (, ; niu, Niuē) is an island country in the South Pacific Ocean, northeast of New Zealand. Niue's land area is about and its population, predominantly Polynesian, was about 1,600 in 2016. Niue is located in a triangle between Tong ...
and became the first installation to be connected and tested by a telecommunication company. Niue is a very small island country with a population of about 1,700 - too small to attract mobile telecommunications providers. The cost structure of OpenBTS suited Niue, which required a mobile phone service but did not have the volume of potential customers to justify buying and supporting a conventional GSM basestation system.
The success of this installation and the demonstrated demand for service helped bootstrap later commercial services. The OpenBTS installation was later decommissioned ~February 2011 by Niue Telecom, a commercial grade GSM 900 network with Edge support was instead launched few months later (3x sites in Kaimiti O2, Sekena S2/2/2 and Avatele S2/2/2) this provided full coverage around the island and around the reef, the installation included a pre-pay system, USSD, Int. SMS and new Int. Gateway.
Defcon 20
From July 26 to July 29, 2012, the Ninja Networks team set up a "
NinjaTel Van
The NinjaTel Van is a 2001 Ford Econoline E250 van, designed and converted by Bob "saberfire" Bristow and Colleen "Phar" Campbell into the base of operation for NinjaTel. From July 26 to July 29, 2012 the Ninja Networks team created and operate ...
" in the Vendor area of Defcon 20 (at the Rio Hotel/Casino in Las Vegas.) It used OpenBTS and served a small network of 650
GSM phones with custom SIM cards.
See also
*
Base station subsystem
The base station subsystem (BSS) is the section of a traditional cellular telephone network which is responsible for handling traffic and signaling between a mobile phone and the network switching subsystem. The BSS carries out transcoding of s ...
*
Um interface
*
USRP
*
GNU Radio
*
Osmocom
Osmocom (open source mobile communications) is an open-source software project that implements multiple mobile communication standards, including GSM, DECT, TETRA and others.
History and usage
In 2008 Harald Welte and Dieter Spaar experimen ...
References
External links
*
{{DEFAULTSORT:Openbts
Free software
Free software programmed in C++
GSM standard
Special Temporary Authorization GSM stations
Telecommunications for development
Software using the GNU AGPL license