You are on page 1of 11


By: Anubhav Trivedi

GSM (Global System for Mobile communications) is the most popular standard for mobile
phones in the world. Its promoter, the GSM Association, estimates that 80% of the
global mobile market uses the standard. GSM is used by over 3 billion people across
more than 212 countries and territories. Its ubiquity makes international roaming very
common between mobile phone operators, enabling subscribers to use their phones in
many parts of the world. GSM differs from its predecessors in that both signaling and
speech channels are digital, and thus is considered a second generation (2G) mobile phone
GSM services and features
1. Telephonic services : It includes emergency calls and fax related services.

2. Supplementary ISDN services: These are digital in nature and includes call
diversion and call identification. It also includes SMS , which allows GSM
subscribers and base station to transmit alphanumeric pages of limited length.

3. Subscriber Identity Module: One of the key features of GSM is the Subscriber
Identity Module (SIM), commonly known as a SIM card. The SIM is a detachable
smart card containing the user's subscription information and phone book.

This allows the user to retain his or her information after switching handsets.
Alternatively, the user can also change operators while retaining the handset
simply by changing the SIM. Some operators will block this by allowing the phone
to use only a single SIM, or only a SIM issued by them; this practice is known as
SIM locking, and is illegal in some countries.

4. GSM Security: GSM was designed with a moderate level of security.

Communications between the subscriber and the base station can be encrypted.

GSM uses several cryptographic algorithms for security. The A5/1 and A5/2
stream ciphers are used for ensuring over-the-air voice privacy.

5. Voice Codecs : GSM has used a variety of voice codecs to squeeze 3.1 kHz audio
into between 5.6 and 13 kbit/s. Originally, two codecs, named after the types of
data channel they were allocated, were used, called Half Rate (5.6 kbit/s) and
Full Rate (13 kbit/s). These used a system based upon linear predictive coding
(LPC). In addition to being efficient with bitrates, these codecs also made it
easier to identify more important parts of the audio, allowing the air interface
layer to prioritize and better protect these parts of the signal.
6. GSM Frequencies: GSM networks operate in a number of different frequency

a.) Most 2G GSM networks operate in the 900 MHz or 1800 MHz bands.

b.) The rarer 400 and 450 MHz frequency bands are assigned in some countries
where these frequencies were previously used for first-generation systems.

c.) Most 3G GSM networks in Europe operate in the 2100 MHz frequency band.

d.) GSM-900 uses 890–915 MHz to send information from the mobile station to
the base station (uplink) and 935–960 MHz for the other direction
(downlink), providing 124 RF channels (channel numbers 1 to 124) spaced at
200 kHz. Duplex spacing of 45 MHz is used.

GSM Architecture


BT A-BIS Interface

S A Interface

BT Networ
It consist of three major interconnected systems that interact between themselves and
with the user through certain interfaces

The subsystems are:

1. BSS { Base Station Subsystem } : The base station subsystem (BSS) is the
section of a traditional cellular telephone network which is responsible for
handling traffic and signaling between a mobile phone and the network
switching subsystem. The BSS carries out transcoding of speech channels,
allocation of radio channels to mobile phones, paging, quality management of
transmission and reception over the air interface and many other tasks
related to the radio network.

It also provides and manage radio transmission path between mobile station
and mobile switching station.

 BSC { Base Station Controller } : The base station controller (BSC) provides,
classically, the intelligence behind the BTSs. Typically a BSC has tens or even
hundreds of BTSs under its control.

• The BSC handles allocation of radio channels, receives

measurements from the mobile phones, controls handovers from BTS
to BTS (except in the case of an inter-BSC handover in which case
control is in part the responsibility of the anchor MSC).

• A key function of the BSC is to act as a concentrator where many

different low capacity connections to BTSs (with relatively low
utilisation) become reduced to a smaller number of connections
towards the mobile switching center (MSC) (with a high level of

• A BSC is often based on a distributed computing architecture, with

redundancy applied to critical functional units to ensure
availability in the event of fault conditions.

• BSC controls the BTS and handoff management.

 BTS { Base Transceiver Station } :

• Its function is encryption channel selection , allocation and

• It also does monitoring of radio channels whether busy or idle in

• The base transceiver station, or BTS, contains the equipment for

transmitting and receiving of radio signals (transceivers), antennas,
and equipment for encrypting and decrypting communications with the
base station controller (BSC).

• A BTS is controlled by a parent BSC via the base station control

function (BCF).

• The BCF provides an operations and maintenance (O&M) connection to

the network management system (NMS), and manages operational
states of each TRX, as well as software handling and alarm

• Frequency hopping is often used to increase overall BTS

performance; this involves the rapid switching of voice traffic
between TRXs in a sector. A hopping sequence is followed by the TRXs
and handsets using the sector.

 Transcoder: The transcoder is responsible for transcoding the voice

channel coding between the coding used in the mobile network, and the
coding used by the world's terrestrial circuit-switched network, the Public
Switched Telephone Network.

ABIS Interface:

The interface between the BTS and BSC. Generally carried by a DS-1, ES-1, or E1 TDM circuit.
Uses TDM subchannels for traffic (TCH), LAPD protocol for BTS supervision and telecom
signaling, and carries synchronization from the BSC to the BTS and MS.

2. NSS { Network Switching Subsystem }

• Network switching subsystem (NSS) is the component of a GSM system

that carries out switching functions and manages the communications
between mobile phones and the Public Switched Telephone Network

• It is owned and deployed by mobile phone operators and allows mobile

phones to communicate with each other and telephones in the wider
telecommunications network.
• The Network Switching Subsystem, also referred to as the GSM core
network, usually refers to the circuit-switched core network, used
for traditional GSM services such as voice calls, SMS, and circuit
switched data calls.

 MSC { Mobile Switching Center } :

• The mobile switching center (MSC) is the primary service delivery node
for GSM, responsible for handling voice calls and SMS as well as
other services (such as conference calls, FAX and circuit switched

• The MSC sets up and releases the end-to-end connection, handles

mobility and hand-over requirements during the call and takes care
of charging and real time pre-paid account monitoring.

• The gateway MSC (G-MSC) is the MSC that determines which visited
MSC the subscriber who is being called is currently located. It also
interfaces with the PSTN.

• The visited MSC (V-MSC) is the MSC where a customer is currently

located. The VLR associated with this MSC will have the subscriber's
data in it.

• The anchor MSC is the MSC from which a handover has been initiated.

• The target MSC is the MSC toward which a Handover should take
place. A mobile switching centre server is a part of the redesigned
MSC concept starting from 3GPP Release 5.

 Mobile Switching Center Server { MSS }: The mobile switching centre server is a
soft-switch variant of the mobile switching centre, which provides circuit-
switched calling, mobility management, and GSM services to the mobile
phones roaming within the area that it serves.

In NSS there are three different databases :

i. HLR{ Home Location Register }:

• The home location register (HLR) is a central database

that contains details of each mobile phone subscriber
that is authorized to use the GSM core network.
• There can be several logical, and physical, HLRs per
public land mobile network (PLMN), though one
international mobile subscriber identity (IMSI)/MSISDN
pair can be associated with only one logical HLR (which
can span several physical nodes) at a time.

• The HLR stores details of every SIM card issued by the

mobile phone operator. Each SIM has a unique identifier
called an IMSI which is the primary key to each HLR

Examples of other data stored in the HLR against an IMSI record is:

• GSM services that the subscriber has requested or been given.

• GPRS settings to allow the subscriber to access packet services.
• Current location of subscriber (VLR and serving GPRS support node/SGSN).
• Call divert settings applicable for each associated MSISDN.

ii. VLR {Visitor Location Register}:

• The visitor location register is a temporary database of the

subscribers who have roamed into the particular area
which it serves.
• Each base station in the network is served by exactly
one VLR, hence a subscriber cannot be present in more
than one VLR at a time.
• The data stored in the VLR has either been received from
the HLR, or collected from the MS.
• In practice, for performance reasons, most vendors
integrate the VLR directly to the V-MSC and, where this
is not done, the VLR is very tightly linked with the MSC
via a proprietary interface.

Data stored include:

• IMSI (the subscriber's identity number).

• Authentication data.
• MSISDN (the subscriber's phone number).
• GSM services that the subscriber is allowed to access.
• access point (GPRS) subscribed.
• The HLR address of the subscriber.
iii. AC { Authentication Center }:

• The authentication centre (AC) has a function to

authenticate each SIM card that attempts to connect to
the GSM core network (typically when the phone is
powered on).
• Once the authentication is successful, the HLR is
allowed to manage the SIM and services described above.
• An encryption key is also generated that is subsequently
used to encrypt all wireless communications (voice, SMS,
etc.) between the mobile phone and the GSM core
• If the authentication fails, then no services are possible
from that particular combination of SIM card and mobile
phone operator attempted.
• The AUC does not engage directly in the authentication
process, but instead generates data known as triplets for
the MSC to use during the procedure.

 EIR { Equipment Identity Register } :

• The equipment identity register is often integrated to the HLR. The EIR
keeps a list of mobile phones (identified by their IMEI) which are to be
banned from the network or monitored.
• This is designed to allow tracking of stolen mobile phones. In theory
all data about all stolen mobile phones should be distributed to all
EIRs in the world through a Central EIR.
• The EIR data does not have to change in real time, which means that
this function can be less distributed than the function of the HLR.
• The EIR is a database that contains information about the identity of
the mobile equipment that prevents calls from stolen, unauthorized
or defective mobile stations. Some EIR also have the capability to log
Handset attempts and store it in a log file.

 A-Interface: The interface between BSC and MSC. It uses the SS7 protocol called the
Signaling Correction Control Protocol {SCCP} which support communication between MSC
and BSS as well as network message between the individual subscriber and MSC.
3. OSS { Operation Support Subsystem }

• The billing centre is responsible for processing the toll tickets

generated by the VLRs and HLRs and generating a bill for each
subscriber. It is also responsible for to generate billing data of
roaming subscriber.
• The short message service centre supports the sending and reception of
text messages.
• The multimedia messaging service centre supports the sending of
multimedia messages (e.g., images, audio, video and their combinations)
to (or from) MMS-enabled Handsets.
• The voicemail system records and stores voicemails.
• It maintains all telecommunication hardware and network operation
with the particular market.
• Manage all mobile equipment in the system.

 ISDN: Integrated Services Digital Network is a telephone system network.

• ISDN is a circuit-switched telephone network system, that also

provides access to packet switched networks, designed to allow
digital transmission of voice and data over ordinary telephone copper
wires, resulting in better voice quality than an analog phone.
• It offers circuit-switched connections (for either voice or data), and
packet-switched connections (for data), in increments of 64 kbit/s.
• Another major market application is Internet access, where ISDN
typically provides a maximum of 128 kbit/s in both upstream and
downstream directions (which can be considered to be broadband
speed, since it exceeds the narrowband speeds of standard analog 56k
telephone lines). ISDN B-channels can be bonded to achieve a greater
data rate, typically 3 or 4 BRIs (6 to 8 64 kbit/s channels) are bonded.
• ISDN provides simultaneous voice, video, and text transmission
between individual desktop videoconferencing systems and group
(room) videoconferencing systems.


• The public switched telephone network is the network of the world's

public circuit-switched telephone networks, in much the same way that
the Internet is the network of the world's public IP-based packet-
switched networks.
• Originally a network of fixed-line analog telephone systems, the PSTN
is now almost entirely digital, and now includes mobile as well as
fixed telephones.
GSM Frame Structure
GSM uses two bands for duplex communication. Each band is 25MHz in width , shifted towards
900MHz. Each band is divided into 124 channels of 200 KHz separated by guard bands.

Reverse Band = 124 channels

Band 25 MHz = 124 channels

890 MHz 915


Band 25 MHz = 124 channels

935 MHz 960


Forward Band = 124 channels

6.12 sec


120 ms

1326 TDMA frames

= 26 frames

0 1 2 3 4 5 6
3 57 1 26 1 57 3
1 Frame = 8 time slots

Timeslots 156.25 bis

Trail Bit C.B. S.F. Sync. Bit S.F. C.B. Trail Bit Guard Bit

C.B.= Coded Bit

S.F.= Steady Flag

There are 8 time slots for TDMA frame and the frame period is 4.615 ms. A frame
contains 156.25*8= 1250 bits.

Each data frame starts with and end with zero bits , for frame delinoation purpose. It
also contains 257 bits information field , each one having a control bit that indicate
whether following information field is for voice or data. Between the information
field is a 26 bit synchronization field that is used by the receiver to synchronize to the
senders from boundaries.