OpenBTS

OpenBTS replaces the conventional GSM operator core network infrastructure from layer 3 upwards. Instead of relying on external base station controllers for radio resource management, OpenBTS units perform this function internally. Instead of forwarding call traffic through to an operator's mobile switching center, OpenBTS delivers calls via SIP to a VOIP soft switch (such as FreeSWITCH or yate) or PBX (such as Asterisk). This VOIP switch or PBX software can be installed on the same computer used to run OpenBTS itself, forming a self-contained cellular network in a single computer system. Multiple OpenBTS units can also share a common VOIP switch or PBX to form larger networks{{cite web|title=RELIEF 12-2 : Actual Event|url=http://wush.net/trac/rangepublic/wiki/RELIEF12-2#ActualEven|publisher=OpenBTS wiki|access-date=11 April 2012|archive-url=https://web.archive.org/web/20120712105135/http://wush.net/trac/rangepublic/wiki/RELIEF12-2#ActualEven|archive-date=12 July 2012|url-status=dead}}

The OpenBTS Um air interface uses a software-defined radio transceiver with no specialized GSM hardware. The original implementation used a Universal Software Radio Peripheral from Ettus Research, but has since been expanded to support several digital radios in implementations ranging from full-scale base stations to embedded femtocells.

The project was started by Harvind Samra and David A. BurgessBort, Julie. [http://www.networkworld.com/news/2010/083010-open-source-voip-cell-phones-at-burning-man.html Burning Man's open source cell phone system could help save the world] {{Webarchive|url=https://web.archive.org/web/20120111210320/http://www.networkworld.com/news/2010/083010-open-source-voip-cell-phones-at-burning-man.html |date=2012-01-11 }}, Network World, August 30, 2010. Retrieved December 6, 2011. with the aim of the project to drastically reduce the cost of GSM service provision in rural areas, the developing world, and hard to reach locations such as oil rigs.Naone, Erica. [http://www.technologyreview.com/communications/25107/?a=f Build Your Own Cellular Network], Technology World, May 2010. Retrieved on December 7, 2011. The project was initially conducted through Kestrel Signal Processing, the founders' consulting firm.

On September 14, 2010, at the Fall 2010 DEMO conference, the original authors launched Range Networks as a start up company to commercialize OpenBTS-based products.Takahash, Dean [https://venturebeat.com/2010/09/14/demo-range-networks-cheap-cell-phone-service/ DEMO: Range Networks rings in cell-phone service for $2 a month] VentureBeat, September 14, 2010. Retrieved December 6, 2011.

In September 2013, Burgess left Range Networks and started a new venture called LegbaFinley, Klint [https://www.wired.com/2014/06/openbts/ Out in the Open: This super-cheap cellphone network brings coverage almost anywhere] Wired, June 9, 2014. and started a close collaboration with Null Team SRL, the developers of Yate. In February 2014, Legba and Null announced the release of YateBTS, a fork of the OpenBTS project that uses Yate for its control layers and network interfaces.

A large number of experimental installations have shown that OpenBTS can run on extremely low overhead platforms. These including some CDMA handsets - making a GSM gateway to a CDMA network. Computer security researcher Chris Paget reported Paget, Chris. [http://www.tombom.co.uk/blog/?p=144 OpenBTS on Droid] {{Webarchive|url=https://web.archive.org/web/20110912160307/http://www.tombom.co.uk/blog/?p=144 |date=2011-09-12 }}, Chris Paget's Blog, February 19, 2010. Retrieved Dec. 6 2011. that a handheld device, such as an Android phone, could act as a gateway base station to which handsets can connect; the Android device then connects calls using an on-board Asterisk server and routes them to the PSTN via SIP over an existing 3G network.

At the 2010 DEF CON conference, it was demonstrated with OpenBTS that GSM calls can be intercepted because in GSM the handset does not authenticate the base station prior to accessing the network.Paget, Chris. [https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Paget Practical Cellphone Spying], DEF CON 18, July 30, 2010. Retrieved Dec. 6 2011.

OpenBTS has been used by the security research community to mount attacks on cellular phone baseband processors.{{Cite web|url=https://www.securitynewspaper.com/2018/02/19/intercept-mobile-communications-calls-messages-easily-without-hacking/|title=HOW TO INTERCEPT MOBILE COMMUNICATIONS (CALLS AND MESSAGES) EASILY WITHOUT HACKING|last=Stevens|first=Mike|date=Feb 19, 2018|website=Information Security Newspaper}}Claburn, Thomas. [http://www.informationweek.com/news/security/vulnerabilities/229201164 Google Bets $20,000 You Can't Hack Chrome], Information Week, February 04, 2011. Retrieved December 6, 2011. Previously, investigating and conducting such attacks was considered impractical due to the high cost of traditional cellular base station equipment.

Large scale live tests of OpenBTS have been conducted in the United States in Nevada and northern California using temporary radio licenses applied for through Kestrel Signal Processing and Range Networks, Inc.

During the Burning Man festival in August 2008, a week-long live field test was run under special temporary authorization license.Federal Communications Commission, [http://openbts.sourceforge.net/FieldTest/WD9XKN.pdf WD9XKN] Experimental Special Temporary Authorization, August 24, 2008. Retrieved December 6, 2011.Burgess, David. [https://lwn.net/Articles/297038/ The OpenBTS Project - an open-source GSM base station] LWN.net, September 4, 2008. Retrieved December 6, 2011. Although this test had not been intended to be open to Burning Man attendees in general, a number of individuals in the vicinity succeeded in making out-going calls after a mis-configured Asterisk PBX installation allowed through test calls prefixed with an international code.[http://openbts.sourceforge.net/FieldTest/ The Unofficial Non-Carrier of Burning Man 2008] OpenBTS website. Retrieved December 6, 2011. The test connected about 120 phone calls to 95 numbers in area codes over North America.

At the 2009 Burning Man festival, a larger test setup was run using a 3-sector system.Burgess, David. [http://openbts.sourceforge.net/FieldTest2/Astricon2009DBurgess.key.pdf OpenBTS Nevada Test Site] Astricon 2009, October 13, 2009. Retrieved December 7, 2011. For the 2010 festival, an even larger 2-sector 3-carrier system was tested.

At the 2011 festival, the OpenBTS project set up a 3-site network with VSAT gateway and worked in conjunction with the Voice over IP services company Voxeo to provide much of the off-site call routing.{{cite web|last=Burgess |first=David |url=http://papalegba2011.wikispaces.com/Network |title=Papa Legba 2011 - Network |archive-url=https://web.archive.org/web/20111202105602/http://papalegba2011.wikispaces.com/Network |archive-date=December 2, 2011}}Burgess, David. [http://openbts.blogspot.com/2011/09/burning-man-2011-yes-we-were-there.html Burning Man 2011 - Yes we were there] The OpenBTS Chronicles, September 6, 2011. Retrieved on December 7, 2011.

RELIEF is a series of disaster response exercises managed by the Naval Postgraduate School in California, USA.{{cite web|title=RELIEF|url=http://www.nps.edu/Academics/Schools/GSOIS/Departments/IS/Research/FX/RELIEF/relief.html|publisher=Naval Postgraduate School|access-date=11 April 2012}} Range Networks operated OpenBTS test networks at the RELIEF exercises in November 2011 {{cite web|title=RELIEF 12-1 Quicklook Report|url=http://www.nps.edu/Academics/Schools/GSOIS/Departments/IS/Research/FX/docs/RELIEF12-1_QLR.pdf|publisher=Naval Postgraduate School|access-date=11 April 2012}} and February 2012.{{cite web|title=RELIEF 12-2 Quicklook Report|url=http://www.nps.edu/Academics/Schools/GSOIS/Departments/IS/Research/FX/docs/RELIEF12-2_QLR.pdf|publisher=Naval Postgraduate School|access-date=11 April 2012}}

In 2010, an OpenBTS system was installed on the island of Niue and became the first installation to be connected and tested by a telecommunication company. Niue is a very small island country with a population of about 1,700 - too small to attract mobile telecommunications providers. The cost structure of OpenBTS suited Niue, which required a mobile phone service but did not have the volume of potential customers to justify buying and supporting a conventional GSM basestation system.Burgess, David. [http://openbts.blogspot.com/2010/03/fakalofa-lahi-atu.html FAKALOFA LAHI ATU], The OpenBTS Chronicles, March 7, 2010. Retrieved on December 7, 2011.

The success of this installation and the demonstrated demand for service helped bootstrap later commercial services. The OpenBTS installation was later decommissioned ~February 2011 by Niue Telecom, a commercial grade GSM 900 network with Edge support was instead launched few months later (3x sites in Kaimiti O2, Sekena S2/2/2 and Avatele S2/2/2) this provided full coverage around the island and around the reef, the installation included a pre-pay system, USSD, Int. SMS and new Int. Gateway.

From July 26 to July 29, 2012, the Ninja Networks team set up a "NinjaTel Van" in the Vendor{{cite web|work=Ars Technica|url=https://arstechnica.com/security/2012/07/ninja-tel-hacker-phone-network/|title=At Defcon, hackers get their own private cell network: Ninja Tel|date=2012-07-28|access-date=2012-08-02}} area of Defcon 20 (at the Rio Hotel/Casino in Las Vegas.) It used OpenBTS and served a small network of 650 GSM phones with custom SIM cards.{{cite web|work=Wall Street Journal|url=https://blogs.wsj.com/digits/2012/07/26/a-phone-network-just-for-hackers/|title=A Phone Network Just for Hackers|date=2012-07-26|access-date=2012-08-02}}

{{Portal|Free and open-source software}}

• Base station subsystem
• Um interface
• USRP
• GNU Radio
• Osmocom

{{Reflist}}

• {{Official website}}

{{Telecommunications}}

{{DEFAULTSORT:Openbts}}

Category:Free software programmed in C++

Category:GSM standard

Category:Telecommunications for development

Category:Software using the GNU Affero General Public License