CDPD technology issues for the Tucson Police Department 
The most important issues concerning the use of CDPD technology for mobile computing applications by the Tucson Police Department are data security and availability. In any environment where the network is vulnerable to data interception by outsiders, it is important that sensitive information be encrypted. This is a special concern in the wireless arena because data is transmitted across a geographic area using radio waves. For this reason, CDPD uses an AirLink protocol with data encryption. Another area of concern is authentication of network users. It is important to know if a user on the network is authorized to be connected and to verify that the user is who he claims to be. Otherwise, sensitive information may also be compromised to a non-authorized user who manages to gain access to the network using the right equipment. It is for this reason, that it has been mandated that a CDPD modem used for Public Safety vehicle applications must not be integrated in the mobile computing device, but be stored separately in the trunk ot the vehicle. This way, if a mobile computing device is stolen from the passenger compartment of the vehicle, the CDPD modem, which allows network access, will not be obtained. 
The CDPD authentication/encryption scheme has been approved by Arizona Department of Public Safety for use with Arizona Criminal Justice Information System (ACJIS) network. Individual agencies, such as the Tucson Police Department must submit their plans for utilization of CDPD with their interfaces to the Access Integrity Unit and the Arizona Control Terminal Officer, Capt. Jeffery W. Resler for review and approval. 
Data availability is also a major concern of the TPD and other Public Safety agencies. When it comes to protecting citizens, the ability to access information on demand and quickly is critical. Originally, most cellular network providers offered CDPD service using shared radio channels with voice (cell phone) users. Voice calls were given priority to access the channels and data transmission could potentially be blocked in a high voice use cell area. Today, most cellular service providers offer a dedicated data channels for CDPD users. In the Tucson area, Cellular One provides one 30 kHz channel per cell area which is dedicated to CDPD data. The Federal Communications Commission (FCC) mandates that data channels can not be dedicated to a single subscriber because CDPD is a public network. If a data channel in a cell area is required by a number of users simultaneously, as in the case of a major emergency, the data throughput will be reduced, but data not blocked. 
The Tucson area is made up of approximately 12 cell areas. Depending on a mobile users location in the city, more than one CDPD basestation (cellular tower) may be reached. Typically, the CDPD modem selects the basestation that is received with the highest signal strength for network access, however if required, another basestation may be selected manually. 

CDPD Airlink Security 
CDPD security is implemented by authentication and encryption methods. The CDPD network authenticates a wireless data user to determine if the subscriber unit (CDPD modem) in use belongs to an authorized user. Each subscriber unit has two identifiers; the Network Entity Identifier (NEI) and the Equipment Identifier (EID). The NEI is the Internet Protocol (IP) network address assigned to mobile data terminal. It is software programmable and is analogous to a phone number. The EID is the permanent electronic serial number that is burned into each CDPD modem at the factory. 
The CDPD network also uses an authentication scheme based on numbers assigned to the subscriber unit each time the mobile data user signs on to the network. The Authentication Sequence Number (ASN) and Authentication Random Number (ARN) are sent by the network to the subscriber unit the last time it is registered. When a mobile data user attempts to register on the network the next time, it sends these numbers to the network where they are checked to assure that the ASN and ARN match with what was assigned previously. The network then increments the ASN by one, generates a new ARN, and sends these assigned numbers to the subscriber unit. The NEI and EID are also sent to the network each time the subscriber unit registers. Authentication succeeds if the NEI and the EID are valid, and the ASN and ARN sent by the subscriber unit match those stored in the network. This process is repeated each time the mobile data user registers with the CDPD network and assures that the subscriber unit is in fact an authorized device. 
The authentication process and data transmission are encrypted using an industry standard RC-4 encryption algorithm. An encrypted key exchange first occurs so that the network and the mobile data user are able to decipher the encrypted data. Encrypted data is transmitted using the CDPD Airlink protocol from the mobile data terminal to the CDPD basestation site and then over a 56 Kbps microwave link to the Tucson Mobile Telephone Switching Office (MTSO). From there, CDPD data as well as digitized voice, is pumped over a DS-3 link (45 Mbps) to the nearest cellular Mobile Data Intermediate System (MD-IS) located in Phoenix, AZ. When data packets are destined for a host computer on a wired network, the MD-IS is responsible for converting the AirLink protocol packets into unencrypted TCP/IP packets and routing them to the destination. These data packets will be unencrypted as they are routed from the MD-IS to the host computer and thus it is necessary to use application software to encrypt data from end-to-end as well. This can be accomplished using various products including Oracle Mobile Agents and IBM Advanced Radio Communications on Tour (ArTour) software. The Oracle Mobile Agents software optimizes and secures mobile computer access to Oracle databases over a wireless CDPD connection. The IBM ArTour software also encrypts data for security and optimizes Web-based data transmissions on a CDPD network. 

IBM ArTour Wireless Middleware 
A wireless data communication network like CDPD is very hostile environment when it comes to reliable data transmission. Typical characteristics of a wireless network are low bandwidth, high latency, poor security and high cost. The environment is especially difficult for data transmission because of interference, signal fading, and disconnects from obstructions in the signal path. For this reason, the Transmission Control Protocol (TCP) is valuable because it provides guaranteed data delivery. This is accomplished by requiring that transmitted packets be acknowledged by the destination computer, otherwise they are resent. Although a very good protocol for reliable wired network, TCP/IP suffers in a wireless environment because it introduces significant overhead to data packet transmissions. 
The IBM ArTour family of software makes the use of TCP/IP practical over a wireless environment like CDPD. It significantly reduces the amount of data and latency of wireless communications by performing protocol reduction, data compression, TCP/IP broadcast filtering, and intelligent caching, while providing authentication and encryption for secure communications. Typically data compression would result in a cost savings when paying based on the amount of data transmitted. This is not the case when flat-rate pricing is used as with the State of AZ contract for Police use, however, data compression will reduce the amount of data transmitted and reduce latency of information and images retrieval. 
The two applicable ArTour products for Web-based applications are the ArTour Web Express and the ArTour Gateway and Mobile Client. The ArTour Web Express will enable customers to run any Web browser to access any Web Server without imposing any changes to either. The client appears as a local Web proxy that is co-resident with the Web browser and communicates with it using a local TCP connection using the HTTP protocol. When the browser makes requests to access information on a web site, the Web Express Client and Server enable the optimized exchange of information (HTML, GIF and CGI responses) across the CDPD network using intelligent caching, protocol reduction, header reduction, and data compression. In addition, Web Express also supports foreground and background queuing of browser requests, and disconnected operations enable mobile users to make multiple requests to web sites while having outstanding requests. If a user is disconnected from the network, requests can still be made and queued locally until the user is within coverage of the wireless network 
The ARTour Web Express client component resides on the mobile device and the server component runs on a system at the customer location. Together they work to provide an impressive optimization of TCP/IP data transmission over CDPD. The software offers data reduction with compression and intelligent caching which reduces network latency by 40% to 97%. Data reduction with compression alone reduces data between 50%-70%, TCP/IP protocol header reduction eliminates 200 - 400 bytes per browser request, and data reduction from intelligent caching reduces data between 60% to 99%. Furthermore, a persistent TCP session for Hyper-Text Transport Protocol (HTTP) requests eliminates the establishment of multiple (unnecessary) TCP sessions over the wireless network, which in turns increase response times and reduces network time-outs. 
If a IP enabled wireless network such as CDPD is used, the ARTour Gateway and ARTour Mobile Client are not required, but do offer security benefits that ArTour Web Express does not provide. The ArTour Gateway is stationary and resides on the customer’s wired network while the Mobile Client is used on the mobile computer. ARTour supports authentication and encryption between the ARTour Gateway and Mobile Client. Authentication is used to assure the identity of the mobile unit and the corresponding stationary ArTour Gateway. For data security, ARTour supports encryption that is based on CDMF, the Commercial Data Masking Facility. Encryption is applied to all data between the mobile client and the ARTour Gateway. This includes the air link and all land lines involved in the communication, which include the land lines connections within a carrier's network and the connection from the customer's premise to the carrier. 

CDPD Demonstration Points of Contact: 
The following contacts were made to arrange the CDPD technology demonstration. They are willing to assist as required during the application development process. 

Cellular One, Data and Wireless Services 
2125 East Adams St. Phoenix, AZ 85034 
Randy See- phone: 602-818-0555, voice mail: 1-800-477-2373, email: randy@arizona.bam.com 
Jonathan Smith: General Manager 
Steven Kafka: System Engineer, phone: 602-302-9891, email: skafka@cell1.com 
International Business Machines (IBM) 
ArTour Wireless Middleware 
Jennifer Marbel Rich- phone: 1-800-317-0715 
Pam Andriole (Tucson)- phone: 520-663-3082, email: pandriole@vnet.ibm.com 

• Ruggedized Color Laptop PC
• Netscape or Internet Explorer browser software
• CDPD Wireless Modem (3 Watt)
• ArTour Web Express Client software
• ArTour Web Express Server software
• Web Server

Performance Issues 
The performance issues associated with Web-based retrieval of data over a CDPD network are network throughput and delay. The throughput is the amount of raw data that is transmitted per unit time. When retrieving information using the CDPD network, throughput of about 11 Kbps can usually be expected. Although the network supports a data transmission rate of 19.2 Kbps, actual data throughput is reduced due to protocol overhead, retransmission, and radio channel contention. Information from a Web server attached to a wired network will also experience various delays in being retrieved by the mobile computer. These delays are associated with router/switch processing, data packetization, and data propagation. In the case where a customer uses an Internet connection to connect its Web server to a CDPD service providers wired network, significant delays of information retrieval can be experienced due to multiple router hops and packet processing. Data packetization and propagation delays are negligible in this case because small packets are used and because the mobile client and server are located in a limited geographic area. 
The greatest demand on the CDPD network will occur when transmitting large image files. For the demonstration, mug shot images were obtained in uncompressed form and included on an HTML page. The time it takes for the browser on the mobile computer to retrieve the image from the Web server will be measured with and without the use of the ArTour Web Express middleware. An estimation of the expected image retrieval time can be calculated. 
The mug shot images were obtained and reduced to a 2 inch by 3 inch image using Adobe Photoshop software. The image was represented by 72 pixels per inch, resulting in a 144 x 216 pixel image. The color of each pixel is represented by 24 bits which can produce over 16 million colors. Thus, the uncompressed image size is 746,496 bits or 93,312 bytes (93.312 KB). The image was then compressed with Adobe Photoshop into JPEG format (high quality) resulting in an image size of approximately 19 KB; about a 5 to 1 compression ratio. With a typical CDPD data throughput of 11 Kbps, which corresponds to 1.375 KB/sec, the approximate data transmission time will be 19KB / 1.375 KB/sec = 13.8 seconds. We can expect a significant improvement in transmission time when using the data compression capability of the ArTour Web Express middleware. Assuming a nominal data compression of 50%, the image retrieval latency will be reduced by half to approximately 6.9 seconds. 

Final Implementation 
Should CDPD wireless technology prove to be a viable solution for the Tucson Police Department’s Web-based mobile computing applications, a final implementation will require the following issues to be examined. First, a Web server hosting TPD database information will be located on the department’s LAN. It is recommended that a point-to-point T1 (1.544 Mbps) circuit be leased for use between the Tucson MTSO and TPD LAN. The T1 circuit can be leased by US West Communication at a going rate of approximately $1000 per month. This solution will significantly reduce information retrieval latency by removing the multiple router hops associated with connecting the Web server on the TPD LAN to the Tucson CDPD MTSO, using an Internet connection. 
The Tucson Police Department is eligible for a flat-rate State of Arizona contracted CDPD service fee from Cellular One. TPD will not pay the typical per kilobyte charge for data transmission on the CDPD network, but instead be charged $60 per month per subscriber unit for unlimited data use. 
Finally, for increased security of sensitive Police information, it is recommended that end-to-end encryption be implemented using application software. Because the TPD information database will be Oracle based, Oracle Mobile Agents software will be the best solution, providing data encryption and improved database access over the wireless CDPD network. The Oracle Mobile Agents software may be used in conjunction with the ArTour Web Express middleware product for an optimal Web-based Oracle database access solution. Adhering to these recommendations should make the implementation of CDPD technology successful in support of the Tucson Police Department’s mobile computing requirements. 

Network Architecture Diagram (Final Implementation)