Professional Documents
Culture Documents
Network Overview
From a customer perpective, there are really only 2 parts to
the GSM network, a cell phone and the "other end". The
GSM standard defines much more than that. The high level
description of the network is as follows, starting from your
end.
1. Mobile Station - Your phone. It's a wireless telephone
and a data terminal which can send and recieve
messages from the network.
2. Base Transceiver Station (BTS) - the stuff that
interfaces directly with your phone. This consists of
fixed location transmitters and recievers for the cell
which it is in charge of. Different radio types are used
for different things, such as subscriber-to-network and
network-to-subscriber, different data types, and
signaling. This is "the tower" in your backyard.
3. Base Station Controller (BSC) - handles 1 or more
BTS. Gateways to the network.
4. Mobile Switching Centers (MSC) connect the GSM
network to the public switched telephone networks.
Also provide a way to access the databases for who's
where and who can do what.
5. Home Locator Register (HLR) and Authentication
Center (AUC) - the databases. These things have stuff
for users on the network, guests/visitors on the
network, subscriber information - particularly profile.
Permananent user info is in the KLR, and the VLR
stores temporary info about a mobile phone.
6. PSTN/ISDN - The switched network backbones.
RF Specifics
Parameter Value
Downstream Frequencies 935-960MHz, 1805-1880MHz
Upstream Frequency 890-915MHz, 1710-1785MHz
Channel Spacing 200kHz
Duplex Spacing 45MHz
Radio Power 13-39dBm, 2dB steps
Data Rise/Fall Time 28 microseconds
Emissions < -36dBm
Phase Error 5 deg RMS
Freq Error 95Hz
Recv Sensitivity 104dBm
Co-channel Rejection 96dBm below signal
Intermodulation Rejection 100dBm below signal
Signal Blocking Level 100dBm
Packets and data
During a single time slot is your phone transmitting, and
the contents of the time slot is called a packet. Packets are
made of bits, and bits are made of magic.
A packet can be 4 different things:
• random access burst - shorter than the normal burst.
• synchronization burst - same length as the normal
burst but a different structure
• normal burst - carries speech or data information. lasts
approximately 0.577 ms and has a length of 156.25
bits
• frequency correction burst - same length as the normal
burst but a different structure
Each type has a different packet structure, and is visible here:
typedef struct
{
unsigned long rl,r2,r3;
}
a5 ctx;
static int threshold(rl, r2, r3)
unsigned int rl;
unsigned int r2.
unsigned int r
{
int total;
total = (((r1 >> 9) & 0x1) == 1) +
(((r2 >> 11) & 0x1) == 1) +
(((r3 >> 11) & 0x1) == 1);
if (total > 1)
return (0);
else
return (1):
}
unsigned long clock_r1(ctl, r1)
int ctl
unsigned lonq r1:
{
unsigned long feedback;
ctl ^= ((rl >> 9) & Oxl);
if (ctl)
{
feedback = (r1 >> 18) ^ (r1 >> 17)
^ (r1 >> 16) ^ (r1 >> 13);
r1 = (r1 << 1) & Ox7ffff;
if (feedback & 0x01)
r1 ^= 0x01:
}
return (r1);
}
unsigned long clock_r2(ctl, r2)
int ctl;
unsigned long r2;
{
unsigned long feedback;
ctl ^= ((r2 >> 11) & 0x1);
if (ctl)
{
feedback = (r2 >> 21) ^ (r2 >> 20)
^ (r2 >> 16) ^ (r2 >> 12);
r2 = (r2 << 1) & 0x3fffff;
if (feedback & 0x01)
r2 ^= 0x01;
}
return (r2):
}
unsigned long clock_r3(ctl, r3)
int ctl
unsigned long r3;
{
unsigned long feedback;
ctl ^= ((r3 >> 11) & 0x1,
if (ctl)
{
feedback = (r3 >> 22) ^ (r3 >> 21)
^ (r3 >> 18) ^ (r3 >> 17);
r3 = (r3 << 1) & 0x7fffff;
if (feedback & 0x01)
r3 ^= 0x01:
}
return (r3);
}
int keystream(key, frame, alice, bob)
unsigned char *key; /* 64 bit
session key */
unsigned long frame; /* 22 bit frame
sequence number */
unsigned char *alice; /* 114 bit
Alice to Bob key stream */
unsigned char *bob; /* 114 bit Bob
to Alice key stream */
{
unsigned long rl; /* 19 bit shift
register */
unsigned long r2; /* 22 bit shift
register */
unsigned long r3; /* 23 bit shift
register */
int i; /* counter for
loops */
int clock_ctl; /* xored with
clock enable on each shift register
unsigned char *ptr; /* current
position in keystream */
unsigned char byte; /* byte of
keystream being assembled */
unsigned int bits; /* number of bits
of keystream in byte */
unsigned int bit; /* bit output
from keystream generator */
/* Initialise shift registers from
session key */
r1 = (key[0] I (key[1] << 8) 1
(key[2] << 16) ) & 0x7ffff;
r2 = ((key[2] >> 3) 1 (key[3] << 5)
1 (key[4] << 13) 1 (key[5] << 21)) &
0x3fffff;
r3 = ((key[5] >> 1) 1 (key[6] << 7)
1 (key[7] << 15) ) & 0x7fffff;
/* Merge frame sequence number into
shift register state, by xor'ing it
* into the feedback path
*/
for (i=0;i<22;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock r1(clock_ctl, r1);
r2 = clock_r2(clock_ctl, r2);
r3 = clock_r3(clock_ctl, r3);
if (frame & 1)
{
r1 ^= 1;
r2 ^= 1;
r3 ^= 1;
frame = frame >> 1;
}
/* Run shift registers for 100
clock ticks to allow frame number to
* be diffused into all the bits of
the shift registers
*/
for (i=0;i<100;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock r1(clock_ctl, r1);
r2 = clock_r2(clock ctl, r2);
r3 = clock r3(clock_ctl, r3);
}
/* Produce 114 bits of Alice->Bob
key stream */
ptr = alice;
bits = 0;
byte = 0;
for (i=0;i<114;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock rl(clock_ctl, r1);
r2 = clock_r2(clock ctl, r2);
r3 = clock_r3(clock_ctl, r3);
bit = ((rl >> 18) ^ (r2 >> 21) ^
(r3 >> 22)) & 0x01;
byte = (byte << 1) | bit;
bits++;
if (bits == 8)
{
*ptr = byte;
ptr++;
bits = 0;
byte = 0;
}
}
if (bits)
*ptr = byte;
/* Run shift registers for another 100
bits to hide relationship between
* Alice->Bob key stream and Bob->Alice
key stream.
for (i=0;i<100;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock_r1(clock_ctl, r1);
r2 = clock r2(clock_ctl, r2);
r3 = clock r3(clock ctl, r3);
}
/* Produce 114 bits of Bob->Alice key
stream
ptr = bob;
bits = 0:
byte = 0;
for (i=U;i<114;i++)
{
clock_ctl = threshold(r1, r2, r2);
r1 = clock r1(clock_ctl, r1);
r2 = clock_r2(clock ctl, r2);
r3 = clock_r3(clock ctl, r3);
bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r3
>> 22)) & 0x01;
byte = (byte << 1) | bit;
bits++;
if (bits == 8)
{
*ptr = byte;
ptr++
bits = 0;
byte = 0;
}
}
if (bits)
*ptr = byte;
return (0);
}
void a5_key(a5_ctx *c, char *k)(
c->rl = k[0]<<11|k[1]<<3 |
k[2]>>5 ; /* 19 */
c->r2 = k[2]<<17|k[3]<<9 |
k[4]<<1 I k[5]>>7; /* 22 */
c->r3 = k[5]<<15|k[6]<<8 | k[7]
; /* 23 */
}
/* Step one bit in A5, return 0 or 1 as
output bit. */
int a5_step(a5 ctx *c){
int control;
control = threshold(c->r1,c-
>r2,c->r3);
c->r1 = clock_r1(control,c->r1);
c->r2 = clock_r2(control,c->r2);
c->r3 = clock_r3(control,c->r3);
return( (c->r1^c >r2^c->r3)&1);
}
/* Encrypts a buffer of len bytes. */
void a5_encrypt(a5_ctx *c, char *data,
int len)l
int i,j;
char t;
for(i=0:i<len i++)
for(j=0;j<8;j++) t =
t<<1 | a5_step(c)
data[i]^=t;
}
}
void a5_decrypt(a5_ctx *c, char *data,
int len){
a5_encrypt(c,data,len);
}
void main(void){
a5_ctx c;
char data[100];
char key[] = {1,2,3,4,5,6,7,8};
int i,flag;
for(i=0;i<100;i++) data[i] = i;
a5_key(&c,key);
a5_encrypt(&c,data,100);
a5_key(&c,key);
a5_decrypt(&c,data,1);
a5_decrypt(&c,data+1,99);
flag = 0;
for(i=0;i<100;i++)
if(data[i]!=i)flag = 1;
if(flag)printf("Decrypt
failed\n"); else printf("Decrypt
succeeded\n");
}
Technical details
CDMA is a spread spectrum multiple access technique. In
CDMA a locally generated code runs at a much higher rate
than the data to be transmitted. Data for transmission is
simply logically XOR (exclusive OR) added with the faster
code. The figure shows how spread spectrum signal is
generated. The data signal with pulse duration of Tb is XOR
added with the code signal with pulse duration of Tc. (Note:
bandwidth is proportional to 1 / T where T = bit time)
Therefore, the bandwidth of the data signal is 1 / Tb and the
bandwidth of the spread spectrum signal is 1 / Tc. Since Tc
is much smaller than Tb, the bandwidth of the spread
spectrum signal is much larger than the bandwidth of the
original signal.
channel property
o MIMO: To attain ultra high spectral efficiency
Basics
The multiple access methods used in GSM with GPRS are
based on frequency division duplex (FDD) and TDMA.
During a session, a user is assigned to one pair of up-link
and down-link frequency channels. This is combined with
time domain statistical multiplexing, i.e. packet mode
communication, which makes it possible for several users
to share the same frequency channel. The packets have
constant length, corresponding to a GSM time slot. The
down-link uses first-come first-served packet scheduling,
while the up-link uses a scheme very similar to reservation
ALOHA. This means that slotted Aloha (S-ALOHA) is
used for reservation inquiries during a contention phase,
and then the actual data is transferred using dynamic
TDMA with first-come first-served scheduling.
GPRS originally supported (in theory) Internet Protocol
(IP), Point-to-Point Protocol (PPP) and X.25 connections.
The last has been typically used for applications like
wireless payment terminals, although it has been removed
from the standard. X.25 can still be supported over PPP, or
even over IP, but doing this requires either a router to
perform encapsulation or intelligence built in to the end-
device/terminal e.g. UE(User Equipment). In practice, the
mobile built-in browser uses IPv4. In this mode PPP is
often not supported by the mobile phone operator, while
IPv6 is not yet popular. But if the mobile is used as a
modem to the connected computer, PPP is used to tunnel IP
to the phone. This allows DHCP to assign an IP Address
and then the use of IPv4 since IP addresses used by mobile
equipment tend to be dynamic.
Class A
Can be connected to GPRS service and GSM service
(voice, SMS), using both at the same time. Such
devices are known to be available today.
Class B
Can be connected to GPRS service and GSM service
(voice, SMS), but using only one or the other at a
given time. During GSM service (voice call or SMS),
GPRS service is suspended, and then resumed
automatically after the GSM service (voice call or
SMS) has concluded. Most GPRS mobile devices are
Class B.
Class C
Are connected to either GPRS service or GSM service
(voice, SMS). Must be switched manually between
one or the other service.
A true Class A device may be required to transmit on two
different frequencies at the same time, and thus will need
two radios. To get around this expensive requirement, a
GPRS mobile may implement the dual transfer mode
(DTM) feature. A DTM-capable mobile may use
simultaneous voice and packet data, with the network
coordinating to ensure that it is not required to transmit on
two different frequencies at the same time. Such mobiles
are considered pseudo-Class A, sometimes referred to as
"simple class A". Some networks are expected to support
DTM in 2007.
GPRS is new technology in which speed is a direct function
of the number of TDMA time slots assigned, which is the
lesser of (a) what the particular cell supports and (b) the
maximum capability of the mobile device expressed as a
GPRS Multislot Class
[edit] Coding scheme
Coding Speed
scheme (kbit/s)
CS-1 8.0
CS-2 12.0
CS-3 14.4
CS-4 20.0
Transfer speed depends also on the channel encoding used.
The least robust, but fastest, coding scheme (CS-4) is
available near a base transceiver station (BTS), while the
most robust coding scheme (CS-1) is used when the mobile
station (MS) is further away from a BTS.
Using the CS-4 it is possible to achieve a user speed of
20.0 kbit/s per time slot. However, using this scheme the
cell coverage is 25% of normal. CS-1 can achieve a user
speed of only 8.0 kbit/s per time slot, but has 98% of
normal coverage. Newer network equipment can adapt the
transfer speed automatically depending on the mobile
location.
Like CSD, HSCSD establishes a circuit and is usually
billed per minute. For an application such as downloading,
HSCSD may be preferred, since circuit-switched data are
usually given priority over packet-switched data on a
mobile network, and there are relatively few seconds when
no data are being transferred.
Download Upload
Technology Configuration
(kbit/s) (kbit/s)
CSD 9.6 9.6 1+1
HSCSD 28.8 14.4 2+1
HSCSD 43.2 14.4 3+1
20.0 (Class
GPRS 80.0 8 & 10 and 4+1
CS-4)
40.0 (Class
GPRS 60.0 10 and CS- 3+2
4)
59.2 (Class
EGPRS
236.8 8, 10 and 4+1
(EDGE)
MCS-9)
118.4
EGPRS (Class 10
177.6 3+2
(EDGE) and MCS-
9)
GPRS is packet based. When TCP/IP is used, each phone
can have one or more IP addresses allocated. GPRS will
store and forward the IP packets to the phone during cell
handover (when you move from one cell to another). A
radio noise induced pause can be interpreted by TCP as
packet loss, and cause a temporary throttling in
transmission speed.
Services and hardware
GPRS upgrades GSM data services providing:
• Multimedia Messaging Service (MMS)
• Push to talk over Cellular PoC / PTT
• Instant Messaging and Presence -- Wireless Village
• Internet Applications for Smart Devices through
Wireless Application Protocol (WAP)
• Point-to-point (PTP) service: internetworking with the
Internet (IP protocols)
• Short Message Service (SMS)
• Future enhancements: flexible to add new functions,
such as more capacity, more users, new accesses, new
protocols, new radio networks.
SMS
GPRS can be used as the bearer of SMS. If SMS over
GPRS is used, an SMS transmission speed of about 30
SMS messages per minute may be achieved. This is much
faster than using the ordinary SMS over GSM, whose SMS
transmission speed is about 6 to 10 SMS messages per
minute
Availability
In many areas, such as France, telephone operators have
priced GPRS relatively cheaply (compared to older GSM
data transfer, CSD and HSCSD). Some mobile phone
operators offer flat rate access to the Internet, while others
charge based on data transferred, usually rounded up to 100
kilobytes.
During the heyday of GPRS in the developed countries,
around 2005, typical prices varied from EUR €0,24 per
megabyte to over €20 per megabyte. In developing
countries, prices vary widely, and change. Some operators
gave free access while they decided pricing, for example in
Togocel.tg in Togo, West Africa, others were over-priced,
such as Tigo of Ghana at one US dollar per megabyte or
Indonesia at $3 per megabyte. AirTel of India charges
$0.025 per megabyte. As of 2008, data access in Canada is
still prohibitively expensive. For example, Fido charges
$0.05 per kilobyte, or roughly $50 per megabyte.[1]. In
Venezuela, Digitel charges about $20 per 100 Mb or $25
for unlimited access.
Pre-Paid SIM Cards allow travelers to buy short term
internet access. The maximum speed of a GPRS connection
offered in 2003 was similar to a modem connection in an
analog wire telephone network, about 32 to 40 kbit/s,
depending on the phone used. Latency is very high; a
round-trip ping is typically about 600 to 700 ms and often
reaches 1s. GPRS is typically prioritized lower than speech,
and thus the quality of connection varies greatly.
In order to set up a GPRS connection for a wireless
modem, a user must specify an access point name (APN),
optionally a user name and password, and very rarely an IP
address, all provided by the network operator.
Devices with latency/RTT improvements (via e.g. the
extended UL TBF mode feature) are generally available.
Also, network upgrades of features are available with
certain operators. With these enhancements the active
round-trip time can be reduced, resulting in significant
increase in application-level throughput speeds.
[edit] 2G technologies
2G technologies can be divided into TDMA-based and
CDMA-based standards depending on the type of
multiplexing used. The main 2G standards are:
• GSM (TDMA-based), originally from Europe but used
in almost all countries on all six inhabited continents
(Time Division Multiple Access). Today accounts for
over 80% of all subscribers around the world.
• IS-95 aka cdmaOne, (CDMA-based, commonly
referred as simply CDMA in the US), used in the
Americas and parts of Asia. Today accounts for about
17% of all subscribers globally. Over a dozen CDMA
operators have migrated to GSM including operators
in Mexico, India, Australia and South Korea.
• PDC (TDMA-based), used exclusively in Japan
• iDEN (TDMA-based), proprietary network used by
Nextel in the United States and Telus Mobility in
Canada
• IS-136 aka D-AMPS, (TDMA-based, commonly
referred as simply TDMA in the US), was once
prevalent in the Americas but most have migrated to
GSM.
2G services are frequently referred as Personal
Communications Service, or PCS, in the United States.
2.5G services enable high-speed data transfer over
upgraded existing 2G networks. Beyond 2G, there's 3G,
with higher data speeds, and even evolutions beyond 3G,
often called 3.5G. Sprint deployed the first 4G network in
USA in Baltimore.
[edit] Capacities, advantages, and disadvantages
[edit] Capacity
Using digital signals between the handsets and the towers
increases system capacity in two key ways:
• Digital voice data can be compressed and multiplexed
much more effectively than analog voice encodings
through the use of various codecs, allowing more calls
to be packed into the same amount of radio bandwidth.
• The digital systems were designed to emit less radio
power from the handsets. This meant that cells could
be smaller, so more cells could be placed in the same
amount of space. This was also made possible by cell
towers and related equipment getting less expensive.
[edit] Advantages
Digital systems were embraced by consumers for several
reasons.
• The lower powered radio signals require less battery
power, so phones last much longer between charges,
and batteries can be smaller.
• The digital voice encoding allowed digital error
checking which could increase sound quality by
reducing dynamic and lowering the noise floor.
• The lower power emissions helped address health
concerns.
• Going all-digital allowed for the introduction of digital
data services, such as SMS and email.
• Greatly reduced fraud. With analog systems it was
possible to have two or more "cloned" handsets that
had the same phone number.
• Enhanced privacy. A key digital advantage not often
mentioned is that digital cellular calls are much harder
to eavesdrop on by use of radio scanners. While the
security algorithms used have proved not to be as
secure as initially advertised, 2G phones are
immensely more private than 1G phones, which have
no protection against eavesdropping.
[edit] Disadvantages
The downsides of 2G systems, not often well publicized,
are:
• In less populous areas, the weaker digital signal may
not be sufficient to reach a cell tower. This tends to be
a particular problem on 2G systems deployed on
higher frequencies, but is mostly not a problem on 2G
systems deployed on lower frequencies. National
regulations differ greatly among countries which
dictate where 2G can be deployed.
• Analog has a smooth decay curve, digital a jagged
steppy one. This can be both an advantage and a
disadvantage. Under good conditions, digital will
sound better. Under slightly worse conditions, analog
will experience static, while digital has occasional
dropouts. As conditions worsen, though, digital will
start to completely fail, by dropping calls or being
unintelligible, while analog slowly gets worse,
generally holding a call longer and allowing at least a
few words to get through.
• While digital calls tend to be free of static and
background noise, the lossy compression used by the
codecs takes a toll; the range of sound that they
convey is reduced. You'll hear less of the tonality of
someone's voice talking on a digital cellphone, but you
will hear it more clearly.