Democratizing Cellular Access with AnyCell



  • Why a new cellular architecture?

  • Cellbricks: overall approach

  • Prototype implementation

Growing the tent in cellular

  • Today's cellular ecosystem is dominated by a small number of mobile network operators (MNOs)

  • Our goal: lower the barrier to entry for new entrants

  • Key: ensure MNOs with a small/mid-scale footprint can play

    • City government, university campus --> equal participant

  • This is difficult with today's architecture!

Today's architecture relies heavily on trust and in-network coordination

  • Authentication / accounting built on trust between the user and its MNO

  • Seamless mobility built on coordination between towers (handovers)

  • Broad coverage built on coordination / trust between MNOs (roaming)

Pre-establishing trust doesn't scale!

Seamless mobility via in-network coordination does not scale

The same problems exist with MVNOs

  • User signs up for MVNOs

  • MVNO still needs to go out and have trust agreements with all MNOs

Cellbricks: a new cellular architecture

  • Goal: enable users to consume access on-demand from any available infrastructure operator without requiring pre-established trust or in-network coordination

  • Potential benefits:

    • Lower barrier to entry for new operators

    • More efficient use of infrastructure

    • Simpler infrastructure

  • Two main challenges

    • Secure attachment and billing (without mutual trust)

    • Seamless mobility (without in-network coordination)

Secure attachment

  • Today: share keys, cellbricks: public keys

    • How any online transaction works (use exactly the same authentication)

    • 3-way authentication

    • Evidence: serving a valid user that belongs to a particular broker, and that the MMO is actually the one the user wanted to connect to

  • Broker to pay the MNO accordingly

  • Broker and MNO: reputation system

Seamless mobility

  • Today, handovers require cooperation between towers

    • Allows a UE's IP address to stay unchanged (TCP connection stays unchanged, application sessions persist)

  • In CellBricks, handovers may involve different MNOs

    • Different to preserve a UE's IP address across admin boundaries

  • Solution: leverage modern transport protocols (MPTCP, QUIC)

    • L4 connection is maintained even if the UE's IP address changes

  • Moving mobility support out of the network and into the transport layer


  • USRPs

    • Provide ratio connectivity (no changes to RAM)

  • srsLTE

    • UE and eNodeB

  • Magma

    • AGW: extended to support secure attachment (3-way secure attachment)

    • Orc8r: added a Brokerd service

  • Performance

    • End-to-end latency of attachment protocol

    • UE, eNodeB, AGW in local machines

    • Vary locations for SubscriberDB (S6a) and brokered

Host-driven mobility is a promising direction to explore further


  • Technical pieces for a radically different cellular ecosystem

    • Public key based 3-way authentication

    • Secure counters in device hardware

    • Promote the adoption of MPTCP, QUIC

  • Status

    • Early prototype on Facebook's Magma

    • Real-world measurements of overheads (MPTCP, handovers)

Last updated