Carriers may be handicapping cell phone networks

New research suggests that wireless operators may unwittingly be degrading performance on their networks as the technology they use to shuttle traffic around their networks gets more and more complex.

Researchers from the computer science department at University of Michigan along with experts from Microsoft Research discovered that "middleboxes"--or network hardware that performs tasks such as firewalling, deep packet inspection, and intrusion detection and prevention--may be slowing down network connections and even exposing wireless subscribers to security vulnerabilities.

According to the report published last month, "An Untold Story of Middleboxes in Cellular Networks," researchers observed a 50 percent performance hit on one of the four major U.S. carrier networks. Also, some of the policies used to manage the network have resulted in users' phone batteries draining much faster than is typical. Researchers also discovered security holes on some international carrier networks that could leave devices open to hackers.

Researchers say the cause of this issue is likely these "middleboxes" in the network that are buffering traffic and reassembling packets. For example, a device that slows packets to inspect them to ensure they are not transmitting a virus or causing problems on the network may in fact contribute to slower performance or other security issues, said Zhuoqing Morley Mao, professor of computer science at the University of Michigan, who worked on the study.

"The behavior and effects of middleboxes in wireless networks is not well understood," she said. "There can be unexpected interaction between devices in the network."

Researchers worked independently from wireless carriers to conduct their testing and gather data. They recruited almost 400 volunteers to download a free app called NetPiculet on their Google Android smartphones. The app ran a series of tests and the results were sent back to the engineers. The data was anonymous to protect the privacy of the wireless subscribers and to ensure that individual wireless operators were not identified.

One issue the researchers discovered was that at least one major U.S. wireless operator was buffering data traffic to slow down retransmission of data when the network was overly congested. This caused the sending device to wait a long time before trying to retransmit the data. The study suggests that for a one-megabyte download, this practice slowed transmission by as much as 50 percent. The researchers could not say for certain why the carrier was doing this, but they theorized the carrier was likely slowing the packets to do deep inspection, in order to look for possible malicious code.

Middleboxes seemed to cause security issues for some carriers outside of the U.S, according to the study. For example, some of these carriers allowed for "IP spoofing," which could allow an attacker to disguise his device to launch an attack on other devices and the network.

Another potential security vulnerability involved slowing down some functionality in the TCP protocol used on the Internet. Instead of closing Web sessions instantly when a browser is closed, which is typical of TCP, some carriers allowed sessions to stay open longer, which could result in hackers sending a flood of data that could drain subscribers' batteries.

Wireless operators may be leaving these TCP sessions open to allow e-mail and other push notifications to work, researchers said.

While the study highlighted instances of network degradation or security vulnerabilities on a handful of operators, Mao said it is likely that many more operators are actually experiencing similar issues. But she was quick to point out that wireless operators are not deliberately or even knowingly harming performance on their networks or exposing their customers to potential security risks. She said the problem is likely due to the fact that wireless networks have gotten much more complex in recent years with an increasing number of devices being deployed in the network to manage traffic and enforce network policies.

Carriers typically put new equipment through a rigorous testing regime before deploying them in their networks. But Mao said it's very difficult to isolate problems with specific devices, since some of the issues may be caused by the interaction among different elements in the network.

"We don't know if it's a single box or multiple boxes causing these issues," she said. "It's a challenging problem. None of the carriers intentionally set policies to degrade traffic on their networks. The networks are just more complex. And more complexity can lead to some unintended consequences."

So far wireless operators have not responded to the report. AT&T declined to comment on this particular research. Sprint and T-Mobile USA did not respond to requests for comment. And Verizon Wireless simply said that it is confident that its network is performing up to the highest standards.

"Our dedication to network reliability and superiority through careful advance testing of network technologies, systems and all devices we put in our customers' hands plus our redundant backup systems strategy ensure that Verizon Wireless stands apart from other carriers and provides our customers with an outstanding network experience," the company said in a statement.

Mao said she hopes that her team can work with carriers to get even better access to the network infrastructure to study the effects of these middleboxes.

"We are not trying to point fingers," she said. "In our work, we want to understand how the different policies and devices in the network affect end-to-end performance."

She also added that the issues uncovered in the recent report may be even more acute when carriers fully deploy their 4G LTE networks.

While a 4G LTE network is not inherently more complex than a 3G wireless network, the LTE technology pushes the IP capability closer to the end-user. Network elements on a 3G base station do not speak the IP protocol, but they do on 4G networks. And even though IP will improve network efficiencies and allow network data to be transmitted faster, it also means carrier networks will be disassembling and reassembling data packets closer to customers, which could mean even more of these middleboxes will be added to the network.

"It will be interesting to see how it evolves," she said.