Tethered Device Detection

7
Case Study Case Study: Sandvine Tethered Device Detection Solution and Service Revenue Enhancement This case study describes a customer solution to detect “tethering” of PC devices on the service provider’s mobile wireless network. The Sandvine solution provides detection of subscribers who are using their handsets to tether PC devices, as well as providing effective reporting to enable the service provider to make necessary business decisions on how to manage their subscribers’ behavior. The service provider managed unauthorized tethering by introducing a new tethered- device service and decreased revenue leakage by blocking tethering. The tethered device detection solution also provides usage monitoring of the devices, as well as acting on the unauthorized tethered devices’ service access, to reduce the high cost of unauthorized device tethering. The subscriber behavior could also have been managed by either sending a warning notification or redirecting to a tethered device service Web page for up- selling. This Sandvine tethered device detection solution enabled the service provider to increase their tethered device service revenue and reduce their network operation costs. This tethered device detection solution is one of many differentiating capabilities delivered with Sandvine consulting solution services. Sandvine has partnered with a multitude of service providers globally to deliver unprecedented value to these customers, hence enabling them to reduce their subscriber churn, and to increase their subscriber base and Average Revenue Per User (ARPU). Contents Sandvine Wireless Device Tethering Detection Solution Sandvine Wireless Device Tethering Detection Solution Implementation Conclusion Glossary Copyright Sandvine 1 2 5 6

Transcript of Tethered Device Detection

Page 1: Tethered Device Detection

Case Study

Case Study: Sandvine Tethered Device Detection Solution and Service Revenue Enhancement

This case study describes a customer solution to detect “tethering” of PC devices on the service provider’s mobile wireless network. The Sandvine solution provides detection of subscribers who are using their handsets to tether PC devices, as well as providing effective reporting to enable the service provider to make necessary business decisions on how to manage their subscribers’ behavior. The service provider managed unauthorized tethering by introducing a new tethered- device service and decreased revenue leakage by blocking tethering.

The tethered device detection solution also provides usage monitoring of the devices, as well as acting on the unauthorized tethered devices’ service access, to reduce the high cost of unauthorized device tethering. The subscriber behavior could also have been managed by either sending a warning notification or redirecting to a tethered device service Web page for up-selling. This Sandvine tethered device detection solution enabled the service provider to increase their tethered device service revenue and reduce their network operation costs.

This tethered device detection solution is one of many differentiating capabilities delivered with Sandvine consulting solution services. Sandvine has partnered with a multitude of service providers globally to deliver unprecedented value to these customers, hence enabling them to reduce their subscriber churn, and to increase their subscriber base and Average Revenue Per User (ARPU).

Contents Sandvine Wireless Device Tethering Detection Solution Sandvine Wireless Device Tethering Detection Solution Implementation Conclusion Glossary

Copyright Sandvine

1 25 6

Page 2: Tethered Device Detection

Copyright Sandvine

Page 1

Sandvine Wireless Tethered Device Detection Solution With the ever-increasing speeds available with wireless mobile networks, more subscribers are starting to use their handsets as PC modems to access the Internet. In some cases the wireless device has been designed solely to be used as a PC modem, such as with PC wireless broadband dongles. Service provider rate plans account for the much higher usage of PC access, and are priced accordingly. However, many handsets that are not wireless broadband dongles also allow connectivity to PCs, such as for syncing of the handset with the PC. This handset-to-PC connectivity can also be used for PC broadband access. Tethering is the use of a mobile device with Internet access such as 3G cellular service to act as an Internet gateway or access point for other devices. Other devices may connect to the gateway via Bluetooth, WiFi, or USB cabling.

Figure 1: Tethering of PCs to Mobile Devices

The Sandvine tethered device detection solution can detect and measure the tethered traffic used, serving as a powerful tool to support the business case in defining new tethered device service offerings or restraining its usage. If the service provider offers a tethered device service, the Sandvine tethered device detection solution can be used to both educate users and reduce revenue leakage and network cost. Many service providers specifically call out in their service agreements that tethering of PC devices is not permissible for the service plans that a subscriber has purchased, and that a PC device tethering service is available at a differentiated fee. Recently service providers like ATT in the US have been sending text messages to customers reminding them that tethering of devices requires a tethered device service plan.1

Accurate detection of tethered PC devices is a challenge. The current existing network technology nodes, GGSN for GSM/3G and PDSN for CDMA, don’t provide advanced inspection capabilities and can only inspect the HTTP user agent field. The HTTP user agent field is not sufficient in itself to allow detection of tethering for all tethered device data traffic flow cases. The HTTP user agent field can, in any case, be easily spoofed by the tethered devices to get around any gateway policy. The detection of PC device tethering is a non-trivial problem and a service provider called on the advanced inspection and business intelligence capabilities of Sandvine solutions, augmented with Sandvine consulting solutions services, to solve.

The solution for detection of PC-tethered devices involves a combination of signature and heuristic-based policy rules. The first mechanism was detection based on PC application

1“Sorry Jailbreakers: AT&T Cracks Down on Unofficial iPhone Tethering”, The New York Times Business Day Technology, March

18, 2011

Page 3: Tethered Device Detection

Copyright Sandvine

Page 2

signatures. The other detection method was a heuristic mechanism which used a combination of multiple correlated conditions aggregated over a configurable period of time that a subscriber device can trigger. The conditions that were agreed upon with the service provider customer for the heuristic mechanism included categories such as 1) number of simultaneous sessions, 2) HTTP user-agent headers, 3) protocols that were likely to originate from a PC, 4) device type, and 5), device screen size. When the correlated conditions threshold was reached, the device was detected as being tethered.

In order to filter out subscribers that have a tethered device service plan, or are otherwise excluded as per the service provider, an interface to the business support systems was also required. This interface ensured that only the subscribers that the service provider desired to monitor were targeted, detected and reported. If the service provider desired, all devices that were not PC broadband dongles could be monitored and reported for revenue and cost of tethered device service. Monitoring of PC broadband dongles data usage is a standard Sandvine Usage Management capability.

In addition to monitoring, detection and reporting on tethered devices, Usage Detail Records (UDRs) for the detected tethered devices were output as part of the Sandvine tethered device detection solution. The UDRs indicated which of the two mechanisms, signature or heuristic, were used in detecting device tethering. Heuristicly detected tethering usage could be used in subscriber bill warning messages that tethered data sessions require tethered-enabled service plans. The bill messaging provided the impetus to have the subscriber upgrade their service plans or add on the tethered device bolt-on service thus increasing revenue generation.

The building blocks for a tethered device detection solution need to include:

1. Subscriber IP mapping. A subscriber needed to be identified for the IP service flows that were traversing the mobile network so that the appropriate actions could be initiated. The actions were tethered detection, measurement and reporting, and UDR generation.

2. Detecting 3G dongles to exclude from tethered detection policy achieved through mapping of device identifier such as MEID or IMEI. A database which shows the range of device identifiers that corresponds to 3G dongles is obtained from the business support system (BSS) or other data source.

3. Unauthorized handset tethering detection. Detection using the mechanisms described above was required.

4. Tethered user reporting. Number of authorized and unauthorized tethered detections, conditions that triggered detection, tethered data usage for both aggregate and per subscriber were possible reports. The Sandvine solution is very flexible on what was measurable such as applications accessed or IP addresses.

5. UDR Generation. UDRs could be created or existing service provider Usage Detail Records could be augmented to include tethered related information, to record signature based tethering detection and associated usage as well as heuristic based tethering detection and usage. Other fields could be recorded based on the measurements mentioned in 4 above.

Sandvine Wireless Tethered Device Detection Solution Implementation Sandvine worked closely with a service provider customer to take the tethered device detection concept from the requirements elicitation, to solution design and development, network implementation, integration and testing and final acceptance testing that met the

Page 4: Tethered Device Detection

Copyright Sandvine

Page 3

provider’s expectations. Sandvine has a full range of professional services from design and testing support to project management to support any customer’s development needs.

Figure 2 outlines the network system diagram for the implementation of the tethered device detection solution that was implemented by Sandvine for the mobile service provider. The implemented solution is access-technology-agnostic as the solution acts on the content of the data, not the technology of the transport.

There were three main nodes in the design. The first was the Sandvine Policy Traffic Switch (PTS), which implemented the policy listed as component two as well as the measurements required for components three and four5 of the solutions described in the previous section. The Sandvine Subscriber Policy Broker (SPB) implemented the subscriber-to-IP mapping as well as measurement and reporting components one and three4 of the solution above. The Network Demographics Server (NDS) application, also residing on the SPB, generated the reports. Finally, the Sandvine Service Delivery Engine (SDE) provided the last component four of the solution for the Usage Detail Record. Later versions of the SDE could also have provided the subscriber to IP mapping functionality in place of the Subscriber Policy Broker. These not only support subscriber mapping, but also have a rich set of service functionality such as support for IPV6 with subscriber mapping.

When a subscriber starts a data session, the Radius/Diameter accounting start initiates the tethered device detection mechanism. Once the SPB receives the subscriber mapping information (RADIUS) it primes the PTS so every single packet to/from the subscriber is counted properly. The mechanisms described in the previous section are then used by the PTS policy engine to determine if the IP service flow for that subscriber is from a tethered device or not. The PTS then generates the appropriate events and sends them to the SDE for metric and Usage Detail Record (UDR) generation.

The UDRs that were generated are then sent to an Offline Charging System (OFCS) for processing. For a prepaid billing solution, the PTS has a 3GPP Gy interface to an Online Charging System (OCS).

Page 5: Tethered Device Detection

Copyright Sandvine

Page 4

Figure 2 Tethered Device Detection Network Implementation System Diagram

The Sandvine reporting generated by the tethered device detection solution included detected condition counts and subscriber volume usage for each triggered condition. The measurement intervals were configurable and were available per subscriber and aggregated for all subscribers (including subscribers that were allowed to tether). The detected condition counts and subscriber volume usage aggregated across the entire service provider network were also available.

The reports that were generated are:

1. Number of unauthorized and authorized tethered subscribers 2. Total unauthorized signature and heuristically detected tethered bidirectional data

usage 3. Total authorized tethering bidirectional data usage 4. Number of tethering detections per subscriber 5. Total Unauthorized signature detected and heuristically detected tethered

bidirectional data usage per subscriber 6. Total authorized tethering bidirectional data usage per subscriber 7. Auditing reports for heuristic tethering detection conditions

a. Number of events per tethering detection conditions b. Total tethering bidirectional data usage per tethering detection condition

Page 6: Tethered Device Detection

Copyright Sandvine

Page 5

Figure 3 below displays event details on the tethered detection mechanisms. This report allowed for auditing of subscribers that had been detected using device tethering in an unauthorized manner.

Figure 3– Sandvine Tethering Detection Event Details

As a policy engine, the Sandvine Policy Traffic Switch is also capable of implementing other actions described in the solution section above. The actions can be as varied as blocking of the tethered data access attempts, to sending a warning notification, or redirecting to a tethered device service Web page for up-selling. In any case, the service provider is either increasing their revenue by generating new service revenue, or reducing their traffic cost by blocking unauthorized tethered device data usage.

Conclusion The Sandvine implementation of the wireless tethered device detection solution enabled a Sandvine mobile service provider customer to increase revenues or reduce data traffic cost. In addition, the solution provided insight into tethered device data usage, authorized or not, to ensure that tethered device service plan revenue and tethered device data traffic costs were aligned with the expected profitability margins for increased wireless data usage.

Sandvine has a successful track record of working with service providers to create additional new services by providing network insight to subscriber behaviour and by reducing revenue leakage. For further information, Let's Talk.

Page 7: Tethered Device Detection

Copyright Sandvine

Page 6

Glossary AAA  Authorization, Authentication and Accounting

ARPU  Average Revenue Per User

CDMA  Code Division Multiple Access

GGSN  Gateway GPRS Support Node

GPRS  General Packet Radio Service

GSM  Global System for Mobile communications

NDS  Network Demographics Server

OFCS  OffLine Charging System 

PDSN  Packet Data Serving Node 

PTS  Policy Traffic Switch 

SDE  Service Delivery Engine 

SPB  Subscriber Policy Broker 

UDRs  Usage Detail Records