Design of Secure Mobile Network Router

Client

A European telecommunications equipment manufacturer.

Challenge

Our task was to create a small mobile router with extra security features to work with VPNs and Tor while blocking StingRay surveillance — without the possibility of identifying and tracing the device. After each restart, the router should automatically change its IMEI and connect to the internet through a VPN and Tor to provide network security. The device should not be identifiable as a router to avoid detection through the StingRay technology. Furthermore, the router must use a SIM card and be able to operate on battery power for at least 8 hours without a recharge.

Solution

1. Concept Development

Our engineers have developed the concept of the small mobile router with the following components:

• a central processor;
• an LTE modem;
• a WiFi module operating in dual-band 2.4GHz/5GHz;
• power supply and a battery control system;
• indication and controls;
• a rechargeable battery;
• an enclosure of the device.

2. Hardware Design

Our engineers have designed a hardware platform of the device with a CPU by MediaTek and a WiFi module by Realtek.

_{Image 1. Structural scheme of the small mobile router}

We have chosen the MediaTek MT7621 with dual-core MIPS1004Kc (880 MHz), USB3.0 / USB2.0, 3 x PCIe, and SD-XC.

MT7621DA as a powerful, portfolio-rich processor, is suitable for 802.11ac, LTE cat4/5, edge, hotspot, VPN, and AC (access control). It provides several special hardware engines for next-generation routers to accelerate NAT, QoS, and Samba. These accelerators free up the CPU resources for other top-level applications.

MT7621 also includes VPN accelerators, which speed up the process of data encryption when working through a VPN connection.

The router features an LTE modem based on the EC25 series, a high-performance module capable of providing up to 150 Mbps downlink and 50 Mbps uplink speeds over LTE Cat 4.

Additionally, we equipped the device with a Wi-Fi module based on the RTL8822CU chipset by Realtek, which supports IEEE802.11a/b/g/n/ac+BLE 5.0 wireless standards. The Wi-Fi module operates in the frequency range of 2.4–5.8 GHz; it supports 20/40 MHz at 2.4 GHz and 20/40/80 MHz at 5 GHz. The selected Wi-Fi module can deliver data rates of up to 867 Mbps, making it a perfect solution for high-speed wireless connectivity.

3. Software Development

Within this project, we developed drivers, firmware and user software for the router.

_{Image 2. Block diagram of the small mobile router}

We used the following technologies to develop software for the router:

• Protocols: OpenVPN, Wireguard, L2TP/PPTP, FRRouting
• GUI: Luci
• OS: OpenWrt
• Languages: LUA, Bash
• Utilities: BusyBox
• Driver: uQMI
• Inter-process communication mechanisms: uBus/DBus
• Core: Linux kernel, Buildroot

Also, we use additional third-party kernel modules for hardware cryptography and FPP acceleration.

Business Value

This secure router will strengthen our client's market position with a new product and service for secure connectivity for remote workers of international companies worldwide. Providing reliable and stable connectivity, such routers help businesses stay connected to critical data and systems, even in locations with limited network coverage.

Also, a mobile network router designed at Promwad can provide an added layer of security and protection against cyber threats with VPN, Tor, block of the StingRay surveillance, and IMEI сhanging. The router allows businesses to monitor network traffic, giving them greater visibility and control over network security.