GSM and Signaling Overview Presentation52

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
:
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Agenda
Telecommunication Network
Signaling
GSM Introduction
GSM Network Structure
GSM Numbering
GSM Security
Hand-Over
Location Update
Call Setup procedure
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Signaling
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Telecommunication network:
PSTN
PLMN
Postpaid
Prepaid
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
1876 :

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
1889 :

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM History
During the early 1980s
Analog cellular telephone systems were experiencing rapid growth in Europe (in
Scandinavia, UK, France and Germany)
In 1982
The conference of European posts and telegraphs (CEPT) formed a study group
called the group special mobile (GSM) to study and develop a pan-European public
land mobile system
Requirements
Good subjective speech quality
Low terminal and service cost
Support for international roaming
Ability to support handheld terminals
Support for range of new services and facilities
Spectral efficiency
ISDN compatibility
In 1989
European Telecommunications Standard Institute (ETSI) formed
GSM responsibility was transferred to the European Telecommunication
Standards Institute (ETSI)
In 1990
Phase I of the GSM specifications were published
In mid-1991
Commercial service was started
More than 747 million subscribers (more than 70% of all digital mobile phones
use GSM)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Signaling
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Basic Concepts in Tele. Net. :
Traffic
Signaling
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Network

Tone or Pulse
Voice Mailbox
Call-waiting Tone
Multi-party
SMS
:
:
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Call
Im busy!
Voice
Trunk
300-3400Hz

.

.
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

) (

Call Setup 15 20 3 5

(IN)
) (
Switch
A
Switch
A
User Traffic
User Traffic
Signaling Traffic
Signaling Traffic
User & Signaling Traffic
User & Signaling Traffic
Switch
B
Switch
B
Switch
A
Switch
A
Switch
B
Switch
B
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SS7
70
SS7 1975
SS7 ITU 1980
SS7 1984 (Red Book)
Update SS7 ITU
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SS7
Out-of-band

(ISDN)

SS7 Protocols (Q.700 series)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Set up and clear down a call
Provide Caller ID
Circuit continuity check
Notification to reset a faulty circuit
Indication of national, international or
other subscriber
Nature of circuit (satellite/terrestrial)
Call forwarding
Security access calls (CUG)
Call holding
Charging information
Indication that a called party line is free
Subscriber busy signal
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

1 - Service Switching Point
2 - Signaling Transfer Point
3 - Service Control Point
(SP)
(56Kbps or 64Kbps)
SCP
SCP
SCP
SCP
SSP
SSP
SSP
SSP
STP
STP STP
STP
SSP
STP
SCP
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

ISDN ...

TE

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
(STP)
(LE,TE)
STP

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

Network Identifier
Cluster Identifier
Cluster Member
SPC
SPC
STP
STP
STP
STP
STP
STP
STP
STP
Network=246
1 1
2
2
3 3
4
4
Cluster=1 Cluster=2
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
User Part (UP)

Message Transfer Part (MTP)
OSI

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MTP1
Physical Layer OSI

E-1(32*64Kbps)
DS-1(24*64Kbps)
V35(64Kbps)
DS-0(64Kbps)
DS-0A(56Kbps)

M
T
P
MTP1
MTP1
MTP2
MTP2
MTP3
MTP3
Digital Signal
Destination
DS0
DS1
DS1C
DS2
DS3
DS3
Bandwidth
64 kbps
1.544 mbps
3.152 mbps
6.312 mbps
44.736 mbps
274.176 mbps
Channels
(DS0s)
1 channel
24 channels
48 channels
96 channels
672 channels
4032 channels
Carrier
Designation
None
T-1
T-1c
T-2
T-3
T-4
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MTP2
(Data Link) OSI
) Signaling Unit (

(SU)
8 ) 01111110 (

.
(Flow Control)
(Sequence Validation)
M
T
P
MTP1
MTP1
MTP2
MTP2
MTP3
MTP3
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MTP

MTP2

FISU
75 LSSU MSU
FISU ACK
MSU LSSU

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MTP3
(Network) OSI

) MTP2 (

M
T
P
MTP1
MTP1
MTP2
MTP2
MTP3
MTP3
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

) DPC (

SIO MTP3

DPC
SLS

) Overload (

Distribution
Function
Distribution
Function
Discrimination
Function
Discrimination
Function
Routing
Function
Routing
Function
SCCP
ISUP
etc
MTP3 Users MTP3 MTP2
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
:
:
.
:
:

:
MTP :
:
:

) (

: STP STP
: STP STP STP
: STP STP
STP

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SCCP
MTP3

Connectionless
Connection-oriented
Global Title Translation (GTT)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Connectionless
:

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Connection-oriented
:

) Local Reference ( SCCP )
SCCP (

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SCCP Connection-oriented
Control
(SCOC)
SCCP Connection-oriented
Control
(SCOC)
SCCP Connectionless
Control
(SCLC)
SCCP Connectionless
Control
(SCLC)
SCCP management
(SCMC)
SCCP management
(SCMC)
SCCP
Routing
Control
(SCRC)
SCCP
Routing
Control
(SCRC)
MAP
OMAP
HLR
VLR
MSC
EIR
:
:
SCCP
SCCP Users
MTP3
SCCP
SCRC
SCCP MTP

SCOC
Connection-oriented
) Segmentation (
) Sequencing (
) Flow control (
SCLC
Connectionless
SCLC
SCCP :
SCCP

SCCP
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SSN
SSN SCCP
SCCP

SCCP
255 SSN
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SS7
MSC
VLR
EIR
HLR
AC
BSC BTS
MAP
TCAP
SCCP
MTP
BSSAP
Q931
SCCP
MTP
Q931
LAPD
A-Interface
Abis-Interface
Air-Interface
E1/T1 E1/T1
E1/T1
Air
Q921
LAPDm
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM protocol layers for signaling
CM
CM
MM
MM
RR
RR
MM
LAPD
m
LAPD
m
radio
radio
LAPD
m
radio
LAPD
PCM
RR BTSM
CM
LAPD
PCM
RR
BTSM
U
m
A
bis
A
SS7
PCM
SS7
PCM
MS
BTS BSC MSC
BSSAP
BSSAP
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
1 2 3
4 5 6
7 8 9
0 #
BTS
Radio interface
HLR
MSC
VLR
BSC
RR
MM + CM
SS
MS GSM
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Data (BSSAP)
Data (BSSAP)
Parameter A Parameter A Parameter A Parameter N-1 Parameter N
...
Message Type
Optional Parameters Mandatory Parameters
IEI Length Data
BSSMAP
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
DTAP
Data (BSSAP)
Data (BSSAP)
Parameter A Parameter A Parameter A Parameter N-1 Parameter N
...
Message Type
Optional Parameters Mandatory Parameters
IEI Length Data Optional Variable Length
IEI Data
Optional Fixed Length
Data
Mandatory Variable Length
Length Data
Mandatory Fixed Length
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
TCAP
Connectionless
SCCP (Applications)
TCAP (Queries)
(Responses) SSP SCP
TCAP MAP MSC
HLR Authentication, IMEI
Checking, Roaming
MTP
SCCP
TCAP
HLR EIR MSC VLR
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Signaling
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
What is GSM ?
Global System for Mobile (GSM)
is:
a second generation cellular
standard developed to cater voice
services and data delivery using
digital modulation
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
The GSM System
Access Method TDMA/FDMA
Freq. Band 900/1800
No. of Channel 124 radio carriers
Max no. of user channels 124 * 8 = 992 channels
Channel BW 200 KHz
Uplink Freq. BW 890 to 915MHz (MSBTS)
Downlink Freq. BW 935 to 960MHz (BTSMS)
No, of channel/carrier 8 channels/carrier
Modulation Digital GMSK (Gaussian Minimum Shift Keying
that is a type of phase modulation)
Speech Coding RPE-LTP (Regular pulse excited - long term
prediction)
Speech coding bit rate 13 kbps
Data coding bit rate 12 kbps
Service Voice and Data
No. of Sub. 500 M
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM_900
915
MHz
935
MHz
960
MHz
890
MHz
DOWN_LINK UP_LINK
GSM_1800
1785
MHz
1805
MHz
1880
MHz
1710
MHz
DOWN_LINK UP_LINK
45 MHz
BS Transmission Band :
935 960 MHZ
MS Transmission Band :
890 915 MHZ
F1 F2 F1' F2'
Frequency
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Cellular Concept
Limited number of frequencies =>
limited channels
limited number of users
Smaller cells =>
frequency reuse possible
more number of users
As demand increases (more channels are needed) =>
Number of base stations is increased
Transmitter power is decreased correspondingly to avoid
interference
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Cellular Concept
Cell size:
100 m in cities to 35 km on the country side (GSM)
even less for higher frequencies
Cell shape:
Hexagonal is useful for theoretical analysis
Practical footprint (radio coverage area) is amorphous
BS placement:
Center-excited cell: BS near center of cell
omni-directional antenna
Edge-excited cell: BSs on three of the six cell vertices
sectored directional antennas
One channel in each cell is set aside for signalling
information between BS and mobiles
Mobile-to-BS: location, call setup for outgoing, response to incoming
BS-to-Mobile: cell identity, call setup for incoming, location updating
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM
Advantages of cell structures:
higher capacity, higher number of users
less transmission power needed
more robust, decentralized
Disadvantages:
handover (changing from one cell to another) necessary
interference with other cells
reduced concentration while driving
electromagnetic radiation
abuse of private data possible
high complexity of the system
Important Issues:
Cell sizing
Frequency reuse planning
Channel allocation strategies
Cellular Concept
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Signaling
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
SIM card (Subscriber Identity Module)
Uniquely Associated To A User
Stores User And Location Addresses
IMSI - International Mobile Subscriber Identity
TMSI - Temporary Mobile Subscriber Identity
LAI - Location Area Identification
Supports Authentication And Encryption Mechanisms
PIN - Personal Identity Number
PUK - PIN Unblocking Key
Ki - subscriber secret authentication key
A3 - authentication algorithm
A8 - cipher key generation algorithm
Contains Personal Data
list of subscribed services
RAM for user directory, SMS
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Smart Card Anatomy
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Microprocessor Cards
Typical specification
8 bit CPU
16 K ROM
256 bytes RAM
4K EEPROM
Smart Card Technology
Based on ISO 7816 defining
Card size, contact layout, electrical
characteristics
I/O Protocols: byte/block based
File Structure
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
BSS Base Station Subsystem
MS (Mobile Station) ----Mobile terminal equipment
BSC (Base Station Controller) ----Management of several BTS and MS
BTS (Base Transceiver Station) ----Transmitter, receiver and antennas
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Mobile station power classes
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
BTS
provides GSM radio coverage within a cell
comprises radio transmitting and receiving
equipment (including antennas)
associated signal processing
implementation of radio related operations:
slow frequency hopping (SFH)
discontinuous transmission (DTX)
Ciphering
power control.
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
BSC
A small switch with enhanced processing capability.
Its responsibilities include:
co-ordination and control of a number of BTSs
traffic concentration
low level switching operations
network management interface to all radio elements
radio channel management
handover between BTSs within its domain
scheduling of paging request
passing system information e.g. LAI (Location Area Identity) to
BTSs for onward transmission
queuing
control of radio related operations: slow frequency hopping
(SFH); discontinuous transmission (DTX); ciphering and power
control
service transcoding, changing air interface rates to network
rates e.g. converting speech from 13 kbit/s to 64 kbit/s
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
X Handover management
X Location registry, location update
X Authentication
X Traffic measurement
X Uplink signal measurements
X X Paging
X X Encryption and decryption
X Rate adaptation
X Channel coding and decoding
X Mapping of terrestrial onto radio channels
X Management of terrestrial channels
X X Frequency hopping (FH)
X Management of radio channels
BTS BSC Functions
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
NSS - Network and Switching Subsystem
MSC (Mobile Switching Centre----- ) Management of all connections
HLR (Home Location Register) -----Associated to each PLMN
VLR (Visitor Location Register ----- ) Associated to each MSC
GMSC (Gateway MSC MSC ----- ) providing interconnection to other
networks
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MSC (mobile switching center)
switching functions
additional functions for mobility support
interworking functions via Gateway MSC (GMSC)
integration of several databases
Specific functions of a MSC
switching of 64 kbit/s channels
paging and call forwarding
termination of SS7 (signaling system no. 7)
mobility specific signaling
location registration and forwarding of location information
support of short message service (SMS)
generation and forwarding of accounting and billing
information
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Visitor Location Register (VLR)
local database
data about all users currently in the domain of the VLR
includes roamers and non-roamers
associated to each MSC
Responsibilities of the VLR include:
executing supplementary service programs (outgoing
calls barred)
initiating authentication and ciphering
initiating paging
mapping of various identities (MSISDN, IMSI, TMSI,
MSRN)
passing location information to HLR
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Connects mobile network to a fixed network, e.g.
Entry point to a PLMN
Request routing information from the HLR and
routes the connection to the local MSC
Gateway MSC (GMSC)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Home Location Register (HLR)
central master database
data from every user that has subscribed to the
operator, includes:
subscriber data
list of subscribed services with parameters and restrictions
location data
current MSC/VLR address
Responsibilities of the HLR include:
management of service profiles
mapping of subscriber identities (MISDN, IMSI)
supplementary service control and profile updates
execution of supplementary service logic e.g.
incoming calls barred.
passing subscription records to VLR
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
OSS (Operation Subsystem)
OMC (Operation and Management Centre ----- ) Control of the
radio and network subsystems
AuC (Authentication Centre) -----Security functions
EIR (Equipment Identity Register ----- ) Mobile station
registration
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Authentication Center (AuC)
associated to HLR
search key: IMSI
supports authentication and encryption mechanisms
Ki - subscriber secret authentication key
A3 - authentication algorithm
A8 - cipher key generation algorithm
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Equipment Identity Register (EIR)
stores mobile stations IMEI (International Mobile
Equipment Identity)
white list - mobile stations allowed to connect without
restrictions
black list - mobile stations locked (stolen or not type
approved)
gray list - mobile stations under observation for possible
problems
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Operation and Maintenance Center (OMC)
control capabilities for the radio and the network
subsystems
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Application Service Centers
Short Message Service Center (SMSC)
provide short message services
usually connect to MSC
Unstructured Supplementary Service Data Center (USSDC)
provide USSD service in the form of *ID*ID*info#
usually connect to HLR
GSM
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Signaling
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Network Areas...
Cell
Location Area
MSC / VLR Area
Public Land Mobile Network (PLMN)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MSISDN - Mobile subscriber International ISDN Number
International number for mobile subscriber that includes at most 15 digits
Mapping to Mobile Station Roaming Number (MSRN) by HLR
Country Code (CC) + National Destination Code (NDC) + Subscriber
Number (SN)
Example: 98912347658
International number that Uniquely Identifies the User (SIM Card) and
is stored in SIM Card, HLR and VLR
unique 15 digits assigned
Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile
Subscriber Identification Number (MSIN)
Example : 432111234567890
432(MCC)----11(MNC)----1234567890(MSIN)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
32-bit number assigned by VLR to uniquely identify a mobile station within a
VLRs area
32 Bits
Local Number Allocated By VLR
May Be Changed Periodically
Hides The IMSI Over The Air Interface (Transmitted Instead Of
IMSI)
MSRN - Mobile Station Roaming Number
Generated By VLR For All Visiting Users
Helps HLR To Determine Current Location Area Hides The IMSI
Inside The Network
Visitor Country Code (VCC) + Visitor National Destination Code (VNDC)
+ Current MSC Code + Temporary Subscriber Number
Example : 989110100 to 989110107 for one MSC
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
International Mobile Station Equipment Identity (IMEI)
Unique 15 digits assigned by equipment manufacturer
.1 (TYPE APPROVAL CODE) TAC
.2 (FINAL ASSEMBLY CODE) FAC
.3 (SERIAL NUNBER) SNR
.4 (SPARE) SP
IMEI=TAC+FAC+SNR+SP
357,087,008,609,717 (USSD= *#06#)
Cell Global Identity (CGI)
LA .
CI LAI .
.1 (LOCATION AREA IDENTITY) LAI
.2 (CELL IDENTITY) CI
CGI=MCC+MNC+LAC+CI
Base Station Identity Code (BSIC)
.
.1 (NATIONAL COUNTRY CODE) NCC
.2 (BASE STATION COUNTRY CODE) BCC
BSIC=NCC+BCC
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Personal Identity Number ( PIN)
PIN
SIM
,
, IMSI .
Location Area Identity( LAI)
.
Based on international ISDN numbering plan that is broadcast regularly
by the BTS on broadcast channel
.1 (MOBILE COUNTRY CODE) MCC
.2 (MOBILE NETWORK CODE) MNC
.3 (LOCATION AREA CODE) LAC
LAI=MCC+MNC+LAC
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
1. Ciphering
is used across the air interface to provide speech and signalingencryption.
When the authentication procedure has been completed successfully ,the
BTS and the mobile station are ready to start the ciphering procedure for
signaling and speech/data transmission
2. Authentication
is a procedure used in checking the validity and integrity of subscriber data.
With the help of authentication procedure the operator prevents the use of
false SIM modules in the network. The authentication procedure is based
on an identity key Ki ,that is issued to each subscriber when his data are
established in the HLR. The authentication procedure verifies that the Ki
is exactly the same on the subscriber side as on the network side. The
Authentication Center generates information that can be used for all the
security purpose during one transaction. This information is called an
Authentication Triplet.
GSM Security
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Security in GSM
access control/authentication
user SIM (Subscriber Identity Module): secret PIN (Personal
Identification Number)
SIM network: challenge - response method
confidentiality
voice and signaling encrypted on the wireless link (after
successful authentication)
anonymity
newly assigned at each new location update
encrypted transmission
3 algorithms specified in GSM
A3 for authentication (secret, open interface)
A5 for encryption (standardized)
A8 for encryption key generation
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Security in GSM
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
The authentication triplet consists of three number:
1. RAND
RAND is a Random number
2. SRES
SRES (Signed Response) is a result that the algorithm A3 produces on the basis of certain
source information
3. Kc
Kc is a ciphering key that A8 generates on the basis of certain source information.
GSM Security
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM - authentication
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM authentication
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM - key generation and encryption
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Handover
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Intra-cell Handover
BTS
BTS
BTS
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Inter-cell Intra-BSC Handover
BSC BSC
BTS BTS BTS BTS
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Inter-BSC Intra-MSC Handover
MSC
MSC
VLR
BSC BSC
B B
T T
S S
BSC BSC
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Inter-BSC Inter-MSC Handover
MSC1
MSC1
VLR
MSC2
MSC2
VLR
BSC BSC
B B
T T
S S
BSC BSC
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
B B
T T
S S
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Mobile-Assisted Handover (MAHO)
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
In practice, there are three types of location updates:
1. Location Registration (Power On)
2. Generic
3. Periodic
Location registration:
takes place when a mobile station is turned on.This is also known as IMSI Attach
because as soon as the mobile station is switched on, it informs the Visitor Location
Register(VLR)that it is now back in service and is able to receive calls.As a result of a
successful registration,the network sends the mobile station two numbers that are stored
in the SIM(Subscriber Identity Module)card of the mobile station.
Generic:
Every time the mobile receives data through the control channels,it reads the LAI and
compares it with the LAI stored in its SIM card. A Generic location update is performed
if they are different.The mobile starts a location Update process by accessing the
MSC/VLR that sent the location data.
Periodic:
Periodic Location Update is carried out when the network does not receive any location
update request from the mobile in a specified time.
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Location never update (no cost).
Need to page every cells (high
cost).
Location updates for every cell
crossing (high cost).
Need to page only one cell (low
cost).
Location
update
Partition the region
into different
location areas.
Location Updating
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Location Updating
LA-1
LA-2
Location update
No location
update
Location update is
performed when there
is a boundary crossing.
How to
determine
the size of
a LA?
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Location Update (LU) .. ..
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Introduction
GSM Numbering
GSM Security
Hand-Over
Location Update
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
MSC MSC
VLR VLR
HLR
(1)
(6)
(4)
(3)
(2)
(5)
Mobile
Switching
Center
Calling
MS
Called
MS
(7)
GSM Call Delivery Procedure
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Call Delivery Procedure
1. Calling MS sends a call initiation signal to MSC
through BS.
2. MSC sends a location request to HLR of the
called MS
3. HLR determines serving VLR of called MS and
sends a route request message to it.
4. MSC allocates a temporary ID to MS and sends
this ID to HLR
5. HLR forwards the ID to MSC of the calling MS
6. Calling MSC requests a call set up to the called
MSC
7. Paging messages are sent to cells within the LA.
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
GSM Mobile Terminated Call
1: calling a GSM subscriber
2: forwarding call to GMSC
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
7: forward call to
current MSC
8, 9: get current status of MS
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Exercise

SS7
MSRN
Call Waiting
LUP
Handover
Paging MSC/VLR

G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Review
UL GSM
.1 890MHz-915MMMHz
.2 870MHz-915MMMHz
.3 935MHz-960MMMHz
.4 915MHz-960MMMHz
MSC BSC
.1 AbisInterface
.2 Air Interface
.3 A Interface
.4 Um
Security
.1 Ki
.2 IMSI
.3 TMSI
.4 IMEI

.1 Ki
.2 IMSI
.3 MSRN
.4 TMSI
G
S
M

a
n
d

S
i
g
n
a
l
i
n
g
B
y

:

H
a
s
a
n
H
a
d
i
d
i
Any Questions & Comments ?

GSM and Signaling Overview Presentation52

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GSM and Signaling Overview Presentation52

Uploaded by

Copyright:

Available Formats

G

You might also like