This action might not be possible to undo. Are you sure you want to continue?
GSM (Most of the slides stolen from Prof. Sridhar Iyer·s lectures)
Prof. Anirudha Sahoo
Base stations (BS): implement space division multiplex
² Each BS covers a certain transmission area (cell) ² Each BS is allocated a portion of the total number of channels available ² Cluster: group of nearby BSs that together use all available channels
Mobile stations communicate only via the base station, using FDMA, TDMA, CDMA«
Prof. Anirudha Sahoo 3.2
GSM: System Architecture
Prof. Anirudha Sahoo
4 . Allows separation of user mobility from equipment mobility Prof. Also stores short messages. telephone book etc. Anirudha Sahoo 3. Stores International Mobile Subscriber Identity (IMSI) + ISDN Stores Personal Identification Number (PIN) & Authentication Keys. charging information.Mobile Station (MS) MS consists of following two components ± ± ± ± ± Mobile Equipment (ME) Mobile Subscriber Identity Module (SIM) Removable plastic card Stores Network Specific Data such as list of carrier frequencies and current Location Area ID (LAI).
Base Transceiver Station (BTS) One per cell Consists of high speed transmitter and receiver Function of BTS ² Provides two channels Signalling and Data Channel ² Performs error protection coding for the radio channel Prof. Anirudha Sahoo 3.5 .
Base Station Controller (BSC) Controls multiple BTS Functions of BSC ² Performs radio resource management ± ± ± Assigns and releases frequencies and time slots for all the MSs in its area Reallocation of frequencies among cells Hand off protocol is executed here ² Time and frequency synchronization signals to BTSs ² Time Delay Measurement and notification of an MS to BTS ² Power Management of BTS and MS Prof.6 . Anirudha Sahoo 3.
Anirudha Sahoo 3.Mobile Switching Center (MSC) Switching node of a PLMN (Public Land Mobile Network) Allocation of radio resource (RR) ² Handoff Mobility of subscribers ² Location registration of subscriber There can be several MSCs in a PLMN Prof.7 .
Gateway MSC (GMSC) Connects mobile network to a fixed network ² Entry point to a PLMN Usually one per PLMN Request routing information from the HLR and routes the connection to the local MSC Prof.8 . Anirudha Sahoo 3.
Visitor Location Register ² Contains temporary info about mobile subscribers that are currently located in the MSC service area but whose HLR are elsewhere ² Copies relevant information for new users (of this HLR or of foreign HLR) from the HLR ² VLR is responsible for a group of location areas. Anirudha Sahoo 3.Home Location Register ² ² ² ² Contains semi-permanent subscriber information For all users registered with the network. typically associated with an MSC Prof. HLR keeps user profile MSCs exchange information with HLR When MS registers with a new GMSC. the HLR sends the user profile to the new MSC VLR .9 .HLR/VLR HLR .
control. and administration center (ADC) work together to monitor. network management center (NMC). maintain.10 .AuC/EIR/OSS AuC: Authentication Center ² is accessed by HLR to authenticate a user for service ² Contains authentication and encryption keys for subscribers EIR: Equipment Identity Register ² allows stolen or fraudulent mobile stations to be identified Operation subsystem (OSS): ² Operations and maintenance center (OMC). 3. and manage the network Anirudha Sahoo Prof.
GSM identifiers International mobile subscriber identity (IMSI): ² unique 15 digits assigned by service provider = home country code + home GSM network code + mobile subscriber ID + national mobile subscriber ID International mobile station equipment identity (IMEI): ² unique 15 digits assigned by equipment manufacturer = type approval code + final assembly code + serial number + spare digit Temporary mobile subscriber identity (TMSI): ² 32-bit number assigned by VLR to uniquely identify a mobile station within a VLR·s area Prof.11 . Anirudha Sahoo 3.
12 . Anirudha Sahoo 3.LAI Location Area Identifier of an LA of a PLMN Based on international ISDN numering plan Country Code (CC): 3 decimal digits Mobile Network Code (MNC): 2 decimal digits Location Area Code (LAC) : maximum 5 decimal digits Is broadcast regularly by the BTS on broadcast channel Prof.
individual cells are uniquely identified with Cell Identifier (CI).Cell Identifier (CI) Within LA. LAI + CI = Global Cell Identity Prof. Anirudha Sahoo 3.13 .
960 MHz for Down link Combination of frequency division and time division multiplexing ² FDMA ± 124 channels of 200 kHz Burst ² TDMA ± Modulation used Gaussian Minimum Shift Keying (GMSK) Prof. Anirudha Sahoo 3.14 .Air Interface: MS to BTS Uplink/Downlink of 25MHz ² 890 -915 MHz for Up link ² 935 .
Anirudha Sahoo 3. of user channels = 125 * 8 = 1000 Considering guard bands = 124 * 8 = 992 channels Prof. of carriers = 25 MHz / 200 kHz = 125 Max no.Number of channels in GSM Freq.15 . Carrier: 200 kHz TDMA: 8 time slots per freq carrier No.
Prof.16 . Anirudha Sahoo 3.
Prof. Anirudha Sahoo
Air Interface: Logical Channel
Traffic Channel (TCH)
² Carries user voice traffic
² Broadcast Channel (BCH) (unidirectional) ² Common Control Channel (CCH) (unidirectional) ² Dedicated/Associated Control Channel (DCCH/ACCH) (bidirectional)
Prof. Anirudha Sahoo 3.18
Broadcast Control Channel (BCCH)q
² BTS to MS
send cell identities, organization info about common control channels, cell service available, etc
² Radio channel configuration
Current cell + Neighbouring cells Frequencies + frame numbering LA + Cell Identification (CI) + Base Station Identity Code (BSIC)
Prof. Anirudha Sahoo 3.19
² Synchronizing information
² Registration Identifiers
Anirudha Sahoo 3.FCCH & SCH Frequency Correction Channel ± send a frequency correction data burst containing all zeros to effect a constant frequency shift of RF carrier Mobile station knows which frequency to use ² Repeated broadcast of Frequency Bursts Synchronization Channel ± send TDMA frame number and base station identity code to synchronize MSs MS knows which timeslot to use ² Repeated broadcast of Synchronization Bursts Prof.20 .
AGCH & PCH Access Grant Channel (AGCH) ² BTS to MS ² Used to assign an SDCCH/TCH to MS Paging Channel (PCH) ² BTS to MS ² Page MS Prof. Anirudha Sahoo 3.21 .
22 . Independent of Traffic Channel ² Used before MS is assigned a TCH Prof.RACH & SDCCH Random Access Channel (RACH) ² MS => BTS ² Slotted Aloha ² Request for dedicated SDCCH Standalone Dedicated Control Channel (SDCCH) ² MS => BTS ² Standalone. Anirudha Sahoo 3.
eg. signal strength measurements ² FACCH (fast associated control channel): for preemptive signaling on a traffic channel. assignment to a traffic channel ² SACCH (slow associated control channel): for out-ofband signaling associated with a traffic channel.main signaling channels ² SDCCH (stand-alone dedicated control channel): for service request. Anirudha Sahoo 3. for handoff messages Uses timeslots which are otherwise used by the TCH Prof. subscriber authentication.23 . eg. equipment validation.DCCH DCCH (dedicated control channel): ² bidirectional point-to-point -.
Power On Scan Channels.24 . start decoding 3. monitor RF levels Select the channel with highest RF level among the control channels Scan the channel for the FCCH Select the channel with next highest Rf level from the control list. NO Is FCCH detected? YES Scan channel for SCH NO Is SCH detected? YES Read data from BCCH and determine is it BCCH? From the channel data update the control channel list NO Is the current BCCH channel included? YES FCCH ± Freq correction channel Camp SCH ± synchronization channel Anirudha Sahoo on BCCH and Prof.
25 . hence 63 steps 63 bit period = 233 micro seconds (148 bits occupy 546.Adaptive Frame Synchronization Timing Advance Advance in Tx time corresponding to propagation delay 6 bit number used.5 micro second) ² (round trip time) 35 Kms (taking speed of light) Prof. Anirudha Sahoo 3.
Anirudha Sahoo 3. TDMA is combined with frequency hopping to address problem of channel fading ² TDMA bursts are transmitted in a pre-calculated sequence of different frequencies (algorithm programmed in mobile station) ² If a TDMA burst happens to be in a deep fade.26 .GSM: Frequency Hopping Optionally. then next burst most probably will not be so ² Helps to make transmission quality more uniform among all subscribers Prof.
Anirudha Sahoo 3.Bursts Building unit of physical channel Types of bursts ² Normal: for transmitting messages in traffic and control channels ² Frequency Correction: sent by base station for frequency correction at mobile station ² Synchronization: sent by base station for synchronization ² Access: for call setup ² Dummy: to fill an empty timeslot in the absence of data Prof.27 .
25 guard bit ² Used for all except RACH. FSCH & SCH Prof.28 . Anirudha Sahoo 3.Normal Burst Normal Burst ² 2*(3 head bit + 57 data bits + 1 signaling bit) + 26 training sequence bit + 8.
29 . Anirudha Sahoo 3.Traffic Multiframe Prof.
30 . Anirudha Sahoo 3.4kbps Half Rate TCH ² Rate 11.Traffic Channel Transfer either encoded speech or user data Bidirectional Full Rate TCH ² Rate 22.2 kbps Prof.
Full Rate Speech Coding Speech Coding for 20ms segments ² 260 bits at the output . Anirudha Sahoo normal burst (save damages by error bursts) 3.31 . Effective data rate 13kbps Unequal error protection ² 182 bits are protected ² 78 bits unprotected Channel Encoding ² Codes 260 bits into (8 x 57 bit blocks) 456 bits Interleaving ² 2 blocks of different set interleaved on a Prof.
13 bits/sample Prof.32 .GSM Speech Coding Analog speech Low-pass filter 104 kbps 13 kbps RPE-LTP Channel speech A/D encoder encoder 8000 samples/s. Anirudha Sahoo 3.
GSM Speech Coding Bit interleaving: to spread effects of Rayleigh fading across data blocks channel coder blocks 57-bit segments 114-bit segments Normal burst 1 2 3 456 bits 4 5 6 7 8 1 2 3 456 bits 4 5 6 7 8 1 TB 2 Data 3 4 5 6 7 8 G 3. Anirudha Sahoo Data H TB .33 H Training Prof.
Anirudha Sahoo Above 148 bits corresponds to 546.Speech 20 ms Speech Coder 260 20 ms Speech Coder 260 Channel Encoding 456 bit Channel Encoding 456 bit Interleaving 1 2 3 4 5 6 7 8 NORMAL BURST 3 Out of first 20 ms 57 1 26 1 57 3 8.5 micro seconds Out of second 20ms .25 3.34 Prof.
35 .Traffic Channel Structure for Full Rate Coding Slots 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 Bursts for Users allocated in Slot 1 2 T T 3 T 4 T 5 T 6 T 7 8 T T 9T 10 11 12 13 14 15 16 17 T T T T S T T T T 26 I T = Traffic S = Signal( contains information about the signal strength in neighboring cells) Prof. Anirudha Sahoo 3.
36 26 S = Prof. Anirudha Sahoo .Traffic Channel Structure for Half Rate Coding Slots 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 1 2 Burst for one users 1 2 T 3 T 4 5 T 6 7 T 8 9 10 T T 11 12 13 14 15 16 17 T S T T 26 Bursts for another users allocated in alternate Slots 1 2 3 4 5 6 T 7 8 9 10 11 12 13 14 15 16 17 T T T T T T T T T 3.
SACCH & FACCH Slow Associated Control Channel (SACCH) ² MS BTS ² Always associated with either TCH or SDCCH ² Information ± Channel quality. as proof of existence of physical radio connection Fast Associated Control Channel (FACCH) ² MS BTS ± ± Handover Uses timeslots which are otherwise used by TCH (Pre-emptive multiplexing on a TCH.37 . Stealing Flag (SF)) Prof. Anirudha Sahoo 3. signal power level ² Should always be active.
TDMA frame. Control Channels Physical Channel ² Time Slot Number. Multi Frame. RF Channel Sequence Mapping in frequency ² 124 channels.GSM: Channel Summary Logical channels ² Traffic Channels. Super Frame. Channel Prof. 200KHz spacing Mapping in time ² TDMA Frame.38 . Anirudha Sahoo 3.
GSM: System Architecture Prof. Anirudha Sahoo 3.39 .
GSM Sub-Systems Radio Sub System (RSS) RSS = MS + BSS BSS = BTS+ BSC Network Sub System (NSS) NSS = MSC+ HLR + VLR + GMSC Operation Sub System OSS = EIR + AuC Prof. Anirudha Sahoo 3.40 .
Now voice path is established between MS and MSC ² MSC completes the PSTN side of the signaling. ² VLR/HLR sends Complete Call msg to the MSC ² MSC sends an Assignment message to the BSS and asks it to assign TCH for the MS ² BSS allocates a radio channel (TCH) and sends an Assignment message to MS over SDCCH ² MS tunes to the radio channel (TCH) and sends an Assignment Complete message to the BSS. ² BSS deallocates SDCCH.41 .Example: Outgoing call setup ² User keys in the number and presses send ² Mobile transmits Set Up message on uplink signaling channel (RACH) to the MSC ² MSC requests HLR/VLR to get subscriber parameters necessary for handling the call. Anirudha Sahoo 3. Prof.
Data Anirudha Sahoo (TCH) Prof.42 .Authentication Request (SDCCH) MS o BSS/MSC -----. 3.Paging Response (SDCCH) (This SDCCH is used until TCH is allocated) MS q BSS/MSC -----. MSC uses the LAI to determine which BSSs will page MS MS q BSS/MSC -----.Alert (SDCCH) MS o BSS/MSC -----.Connect Acknowledge (SDCCH) MS BSS/MSC -----.Paging request (PCH) (contains TMSI) MS o BSS/MSC -----.Authentication Response (SDCCH) MS q BSS/MSC -----.Example: Incoming Call Setup MSC sends ´Send Routing Informationµ msg to HLR HLR acks the ´Send Routing Informationµ to MSC which contains the LAI (Location Area Identity) and TMSI (International Mobile Subscriber Identity) of the MS.Setup (SDCCH) MS o BSS/MSC -----.Immediate Assignment (AGCH) (carries SDCCH info) MS o BSS/MSC -----.Call Confirmation (SDCCH) MS o BSS/MSC -----.Channel request (RACH) MS q BSS/MSC -----.Connect (SDCCH) MS q BSS/MSC -----.
Anirudha Sahoo 3.43 .GSM: Identification Identification of Mobile Subscriber International Mobile Subscriber Identity (IMSI) Temporary IMSI (TMSI) Mobile Subscriber ISDN number (MSISDN) Identification of Mobile Equipment International Mobile Station Equipment Identification (IMEI) Mobile Station Roaming Number (MSRN) Prof.
44 . not more than 15 digits 3 digits for Mobile Country Code (MCC) 3 digits for Mobile Network Code (MNC) » It uniquely identifies the home GSM PLMN of the mobile subscriber. Anirudha Sahoo 3. ± Not more than 10 digits for National Mobile Station Identity (MSIN) » The first 3 digits identify the logical HLR-ID of the mobile subscriber ± ± MNC+MSIN makes National Mobile Station Identity (NMSI) Prof.IMSI International Mobile Subscriber Identity Stored in SIM.
TMSI and LMSI Temporary Mobile Subscriber Identity Has only local and temporal significance Is assigned by VLR and stored there only Is used in place of IMSI for security reasons Local Mobile Subscriber Identity Is an additional searching key given by VLR It is also sent to HLR Both are assigned in an operator specific way Prof. Anirudha Sahoo 3.45 .
46 . Anirudha Sahoo 3.MSISDN ´real telephone numberµ of a MS It is stored centrally in the HLR MS can have several MSISDNs depending on SIM It follows international ISDN numbering plan Country Code (CC): upto 3 decimal places National Destination Code (NDC): 2-3 decimal places Subscriber Number (SN) : maximal 10 decimal places ± MSISDN = CC + NDC + SN Prof.
GSM roaming VLR registers users roaming in its area ² Recognizes mobile station is from another PLMN ² If roaming is allowed. VLR finds the mobile·s HLR in its home PLMN ² VLR constructs a global title from IMSI to allow signaling from VLR to mobile·s HLR via public telephone network ² VLR generates a mobile subscriber roaming number (MSRN) used to route incoming calls to mobile station ² MSRN is sent to mobile·s HLR Prof. Anirudha Sahoo 3.47 .
Anirudha Sahoo 3.GSM roaming VLR contains ² MSRN ² TMSI ² Location area where mobile station has registered ² Info for supplementary services (if any) ² IMSI ² HLR or global title ² Local identity for mobile station (if any) Prof.48 .
Anirudha Sahoo 3.49 .GSM handoffs Intra-BSS: if old and new BTSs are attached to same base station ² MSC is not involved Intra-MSC: if old and new BTSs are attached to different base stations but within same MSC Inter-MSC: if MSCs are changed Prof.
MSC determines that best candidate BSS is under its control 4. Mobile station monitors signal quality and determines handoff is required. including new radio channel assignment Prof. sends signal measurements to serving BSS 2. Serving BSS sends handoff request to MSC with ranked list of qualified target BSSs 3. MSC notifies serving BSS to begin handoff. Anirudha Sahoo 3.GSM Intra-MSC handoff 1. Target BSS selects and reserves radio channels for new connection. sends Ack to MSC 6.50 . MSC reserves a trunk to target BSS 5.
Target BSS notifies MSC that handoff is detected 10. notifies target BSS on new channel 9. Serving BSS forwards new radio channel assignment to mobile station 8. MSC notifies serving BSS to release old radio traffic channel Prof. Anirudha Sahoo 3.GSM Intra-MSC handoff 7. MSC switches voice connection to target BSS. which responds when handoff is complete 12. Mobile station retunes to new radio channel. Target BSS and mobile station exchange messages to synchronize transmission in proper timeslot 11.51 .
Target VLR returns TMSI 6. Serving MSC determines that best candidate BSS is under control of a target MSC and calls target MSC 4. Serving BSS sends handoff request to MSC 3. Target MSC reserves a trunk to target BSS 7. Target MSC notifies serving MSC that it is ready for handoff Prof. Target MSC notifies its VLR to assign a TMSI 5.GSM Inter-MSC handoff 1. MS sends signal measurements to serving BSS 2. Target BSS selects and reserves radio channels for new connection. sends Ack to target MSC 8. Anirudha Sahoo 3.52 .
Anirudha MSC 3. Target MSC notifies servingSahoo Prof. Serving MSC notifies serving BSS to begin handoff. Old network resources are released .53 16. notifies target BSS on new channel 12. Target BSS and mobile station synchronize timeslot 14. Target BSS notifies target MSC that handoff is detected 13. Mobile station retunes to new radio channel.GSM Inter-MSC handoff 9. which responds when handoff is complete 15. including new radio channel assignment 10. Serving BSS forwards new radio channel assignment to mobile station 11. Voice connection is switched to target BSS.
Anirudha Sahoo 3.GSM Security Access Control and Authentication ² User should not be able to use the GSM resources without being authenticated Confidentiality ² Messages containing user related information should not be accessible to others Anonymity ² User identifier is not used over the air Prof.54 .
cipher key generation algorithm.GSM Security Access Control and authentication ² GSM handsets must be presented with a subscriber identity module (SIM) ² SIM must be validated with personal identification number (PIN) ² SIM also stores subscriber authentication key. encryption algorithm Prof. Anirudha Sahoo 3.55 . authentication algorithm.
and voice ² Info is encrypted before transmission Prof.GSM Security ² During registration (when roaming). Anirudha Sahoo 3. signaling.56 . mobile station receives ´challengeµ and uses authentication key and authentication algorithm to generate ´challenge responseµ to verify user·s identity Confidentiality (Privacy from eavesdropping) ² Temporary encryption key is used for privacy of data.
Anirudha Sahoo 3.GSM Security Anonymity of users ² Supported by temporary mobile subscriber ID (TMSI) ² When registered. mobile station sends globally-unique international mobile subscriber ID (IMSI) to network ² Network assigns TMSI for use during call .IMSI is not sent over radio link ² Only network and mobile station know true identity ² New TMSI is assigned when roam into new area Prof.57 .
Anirudha Sahoo .GSM Summary Uplink frequencies Downlink frequencies Total GSM bandwidth Channel bandwidth Number of RF carriers Multiple access Users/carrier Number of simul. users Speech coding rate FEC coded speech rate 890-915 MHz 935-960 MHz 25 MHz up + 25 MHz down 200 kHz 124 TDMA 8 992 13 kb/s 22.58 Prof.8 kb/s 3.
15 sec final attempt 2 sec 4 sec Prof. Anirudha Sahoo 3.59 .GSM service quality requirements Speech intelligibility Max one-way delay Max handoff gap Time to alert mobile of inbound cell Release time to called network Connect time to called network 90% 90 ms 150 ms if intercell 4 sec first attempt.
GSM 900 and GSM 1800 Frequency band Border spacing Duplex spacing Carrier spacing Carriers Timeslots per carrier Multiple access Typical cell range Handset Power GSM 900 890-915 MHz 935-960 MHz 25 MHz 45 MHz 200 kHz 124 8 TDMA/FDMA <300m 35 km 0.25 & 1 W Prof.60 .8 & 8 W GSM 1800 1710-1785 MHz 1805-1880 MHz 75 MHz 95 MHz 200 kHz 374 8 TDMA/FDMA <100m 15 km 0. Anirudha Sahoo 3.
This action might not be possible to undo. Are you sure you want to continue?