Professional Documents
Culture Documents
GSM Mob MGMT
GSM Mob MGMT
GSM Mob MGMT
Location management
Handover management
Originals by: Rashmi Nigalye, Mouloud Rahmani, Aruna Vegesana, Garima Mittal, Fall 2001
Prof. M. Veeraraghavan, Polytechnic University, New York
GSM Network
(PLMN)
MSC region
MSC region
Location area
BSC
BTS
BTS
BSC
Location
area
MSC region
OMC
BSC
BTS
Abis
MSC
E
BSC
B,C
EIR
BTS
BTS
GMSC
Um
HLR
AUC
VLR
3
MCC
MNC
MSIN
NDC
SN
NDC
SN
10
MNC
LAC
11
Location management
Set of procedures to:
track a mobile user
find the mobile user to deliver it calls
12
2.
13
MS
ISD
N
MS
RN
MSISDN
MSRN
GMSC
SI
IM
RN
MS
MSC/VLR
14
ISDN
GMSC
LA 1
4
MSRN
2
3
BSC
MSISDN
MSRN
MSC
BTS
MSC
HLR
7
TMSI
5
MSRN
TMSI
LA 2
BSC
EIR
BTS
MS
TMSI
TMSI
BTS
6
TMSI
AUC
VLR
15
GMSC
HLR
VLR
3
6
Target
MSC
HLR
GMSC
Originating
1. ISUP IAM
Switch
2. MAP_SEND_ROUTING_INFO
VLR
Target
MSC
3. MAP_PROVIDE_ROAMING_NUMBER
4. MAP_PROVIDE_ROAMING_NUMBER_ack
5. MAP_SEND_ROUTING_INFO_ack
6. ISUP IAM
16
17
GSM security
Authentication
What signed response (SRES) are you able to
derive from the input challenge RAND by
applying the A3 algorithm with your personal
key Ki (Ki is per subscriber)?
Ki
RAND (128bit)
RAND
A3 algorithm
A3 algorithm
SRES
Ki
MS
network
SRES
equal?
18
GSM security
Encryption
Digital technology easy to encrypt voice data
A5 derives a ciphering sequence of 114 bits for each
burst independently
XOR 114 bits of a radio burst with 114 bits of a ciphering
sequence generated by A5
BTS
frame number
Kc
(22 bits)
A5 algorithm
A5 algorithm
S1(114)
deciphering
S2(114) ciphering
S1
ciphering
S2
deciphering
19
Key management
Ciphering key Kc is generated using algorithm A8 in the same
manner as SRES (from RAND and Ki)
Each time a mobile station is authenticated the MS and network
compute the ciphering key Kc by running algorithm A8 with the
same inputs RAND and Ki as for SRES
Ciphering with Kc applies only when the network knows the
identity of the subscriber it is talking to.
Bootstrap period during which network does not know who
the subscriber is
Up to and including the first message carrying the nonambiguous subscriber identity is carried in the clear
(unencrypted)
20
Location registration
MS has to register with the PLMN to get communication services
Registration is required for a change of PLMN
MS has to report to current PLMN with its IMSI and receive new
TMSI by executing Location Registration process.
The TMSI is stored in SIM, so that even after power on or off,
there is only normal Location Update.
If the MS recognizes by reading the LAI broadcast on BCCH that
it is in new LA, it performs Location Update to update the HLR
records.
Location update procedure could also be performed periodically,
independent of the MS movement.
The difference in Location Registration and Location Update is
that in location update the MS has already been assigned a TMSI.
21
MS
BSS/MSC
VLR
HLR
Location registration
IMSI Ki
Loc.Upd.Req
(IMSI,LAI)
Upd Loc.Area
Aut.Par.Req
(IMSI,LAI)
(IMSI)
Aut. Info.
(IMSI,Kc,
RAND,SRES)
Authenticate
Authentic. Req
(RAND)
(RAND)
Ki
Auth.Info.Req
(IMSI)
Auth.Info
(IMSI,Kc,
RAND,SRES)
RAND
SRES
A3 & A8
Kc
AUC
SRES
Auth.Resp.
(SRES)
Auth.Resp
(SRES)
=
Update
Location
(IMSI,MSRN)
Generate
TMSI
Contd...
22
MS
VLR
BSS/MSC
HLR
AUC
Generate
TMSI
Start Ciph.
(Kc)
Forw. New TMSI
(TMSI)
Ciph.Mod.Com.
Kc
Ins.Subsc.Data
(IMSI)
Subs.Dat.Ins.Ack
Loc.Upd.Accept
Loc.Upd.Accept
Message M
(IMSI)
A5
Kc(M)
Ciph.Mod.
Kc(M)
Kc(M)
Kc
A5
TMSI Realloc.Cmd.
Loc.Upd.Accept
TMSI Realloc.Ack
can be combined
TMSI.Ack
23
MS
BSS/MSC
VLR
HLR
Location update
AUC
IMSI, TMSI
Ki, Kc, LAI
Loc.Upd.Req
(TMSI,LAI)
Update Loc.Area
(TMSI,LAI)
Authentication
Update Location
(IMSI,MSRN)
Generate
TMSI
Start ciphering
(Kc)
Start ciphering.
(contd..)
24
MS
BSS/MSC
VLR
HLR
AUC
Start ciphering.
Forward new TMSI
(TMSI)
TMSI Ack
(IMSI,Kc, RAND,SRES)
Auth.Info.Req
(IMSI)
Auth.Info
(IMSI,Kc, RAND,SRES)
25
Types of handover
(same as handoff)
There are four different types of
handover in the GSM system. Handover
involves transferring a call between:
Hard handover
MAHO
Backward
COS selection scheme: static
Cross-over switch: anchor switch
27
Handover (MAHO)
Handovers are initiated by the BSS/MSC
(as a means of traffic load balancing).
During its idle time slots, the mobile scans
the Broadcast Control Channel of up to 16
neighboring cells, and forms a list of the
six best candidates for possible handover,
based on the received signal strength.
This information is passed to the BSC and
MSC, at least once per second, and is used
by the handover algorithm.
28
Connection route
9
MSC-A
MSC-B
MSC-C
1
6
BSC
4
BSC
BTS 1
BSC
BTS 2
2
BTS 3
5
BTS 3
7
29
MSC-A
Handover required
VLR-B
MSC-B
Perform Handover
MS/BSS 2
IAM
ACM
HA Indication
HB Indication
Send End Signal
HB Confirm
ANS
End of Call
REL
RLC
End Signal
Handover report
30
MSC-A
MSC-B
MS/BSS 2
HA Required
Perform subsequent
Handover
Subseq. Handover
HB Indication
Acknowledge
HB Confirm
HA Indication
VLR-B
End Signal
Handover report
End of Call
REL
RLC
31
MSC-A
MS
HA Request
Perform subsequent
Handover
MSC-C
Perform Handover
VLR-C
Allocate Handover
Number
IAM
ACM
HB Indication
(Contd)
32
MSC-B
MSC-A
MS
Perform subsequent
HA Indication
Acknowledge
MSC-C
HB Confirm
MSC-B
VLR-B
End Signal
Handoff Report
REL
RLC
33
Abbreviations
34
References
The GSM Sytem for Mobile
communications by Mouly & Pautet
Wireless and Mobile Network
Architectures by Yi-Bing Lin & Imrich
Chlamtac
Wireless Personal Communications Systems
by Dr. Goodman
GSM Switching, Services and Protocols by
Jorg Eberspacher and Hans-Jorg Vogel
35