ACCESSNET®-T Network Topology

7 Network Topology
Component modularity means that the ACCESSNET®-T mobile radio network can be implemented
in accordance with the customer’s requirements, with a variety of hierarchical levels and various
levels of geographical coverage available (from local or regional networks right through to nation-
wide networks). Switching functions and database functions are distributed across the entire net-
work to speed up call setup times. This also facilitates local operation, should the tie-lines to other
network elements fail. On ACCESSNET®-T, a network structure featuring interconnected subnets
can be realized at state or regional level. Although relatively small, these subnets are absolutely
complete (see Figure 7.1).

Figure 7.1 Simple diagram illustrating a nationwide network

The structure of a subnet depends on traffic as well as on availability and efficiency requirements.
In some cases, the network architecture will therefore be straightforward, but certain other appli-
cations will call for a more complex network, where the network elements form a kind of mesh.
The high degree of flexibility and modularity associated with the network element architecture
means that any kind of topology is possible, from a single-cell system right through to a nation-
wide one. Even linear-type connections can be realized extremely well.

Figure 7.2 Example network structures

Systems and Solutions 90ACNSYS02 – 1.5 73

ACCESSNET®-T Network Topology
Requirements for the Network Topology

7.1 Requirements for the Network Topology

The following points must be taken into consideration when selecting a topology for a TETRA com-
munication network and when selecting appropriate switching units.

7.1.1 Reliability of the Supply

Base stations can be safeguarded against the failure of a switching unit or the failure of a tie line
between the switching unit and base station by connecting the base stations to two switching
units. This means that each switching unit must be capable of handling all the traffic should the
other unit fail.

Figure 7.3 Redundant connection of base stations

7.1.2 Capacity of the Exchange Units

As described in "Exchange Centre Capacities", the switching units have limited capacity. If more
base stations need to be operated on a network, additional switching units will need to be used.

7.1.2.1 Site Redundancy of the Exchange Units

"Site security" refers to the capability of the network to continue operating normally in the event of
a site failure (e.g. as a result of a power failure, lightning strike, act of terror, etc.). Site redundancy
in respect of switching units means that the base stations are always connected to switching units
at different sites. Each switching unit must be capable of handling all the traffic normally associ-
ated with the base station connected via the redundant interface.

Figure 7.4 Connection of base stations with and without site redundancy

74 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Requirements for the Network Topology

7.1.2.2 Connecting Line Lengths

Connecting base stations to switching units that are far away automatically entails the use of long
tie-lines. It is therefore advisable to connect only base stations from the same region to related
sets of switching units in order to minimize line costs.

Figure 7.5 Connection of base stations from region 2 to switching unit in region 1

Figure 7.6 Local base station connection

7.1.2.3 Delay in Setting Up Calls

The higher the number of switching units involved in setting up a call, the longer the delay time.
Consequently, the use of unnecessary transit exchanges should be avoided.

7.1.3 Connecting Network

The interfaces supported in ACCESSNET®-T are described in the following.For details, please refer
to chapter 4, „Interworking“.

Systems and Solutions 90ACNSYS02 – 1.5 75

ACCESSNET®-T Network Topology
Requirements for the Network Topology

7.1.3.1 Interface between Exchange and Base Station

Voice and signals are transmitted via E1 connections.

Figure 7.7 E1 connection between exchange and base station

7.1.3.2 Interface between Exchanges

It must be possible to transfer both voice and control information between switching units. Voice
communication capacity is defined by means of a traffic model. As a guide, the same capacity can
be taken to apply to control information. If both switching units are located at the same site, the
control information can be transmitted directly via a LAN. If there is no LAN available for the sig-
nal data, which is usually the case with switching units that are located on separate sites, the LAN
is mapped via E1.

7.1.3.3 Connecting Wired TETRA Subscribers

Dispatchers can either be connected via an ISDN Basic Rate Interface (BRI, 2B+D) or via an ISDN
Primary Rate Interface (PRI, 30B+1D). In the case of the BRI interface, a separate B-channel
(64 kbit/s) is used for voice or control information.

7.1.4 Network Structures for Large Networks

7.1.4.1 Fully Meshed Network

The simplest way of meeting fail-safe requirements is to connect each switching unit to every
other switching unit. This also makes it possible to use any two switching units for each redundant
base station connection. The following example shows a configuration involving four switching
units.

76 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Requirements for the Network Topology

Figure 7.8 Fully meshed network with four switching units

Should one of the four switching units fail, the remaining three assume responsibility for the asso-
ciated base station. Consequently, each switching unit must be capable of handling more base
stations than would otherwise be required during normal operation. Naturally, in the event of less
stringent requirements, it is possible for just some of the base stations to be connected to two
switching units. For further information, see "Model Contemplations" on page 88.

Advantages of the fully meshed network

A fully meshed network provides the following advantages:
• Redundant connection of the base stations
• Larger overall capacity by using multiple exchanges
• Relative short connecting lines; if the networks are locally limited (e.g. in a metropolitan area)
the connecting lines will also be relatively short
• Site redundancy by distributing the exchanges among different sites
• Low call setup times since a maximum of two exchange stations are passed during call setup
(refer toFigure 7.8)

Disadvantages of the fully meshed network

A fully meshed network provides the following disadvantages:
• An increasing number of exchanges also increases the number of connecting lines dispropor-
tionately. 6 exchanges already require 15 connections
• In the case of large networks (e.g. a nationwide network) the question arises whether it
makes sense to connect base stations redundantly between exchange units that are at great
distance from each other. TETRA users who are at great distance from each other normally
call each other more rarely than subscribers living in the same region A traffic concept should
consider this circumstance.
The following scenario clarifies these disadvantages of the fully meshed network:

Systems and Solutions 90ACNSYS02 – 1.5 77

ACCESSNET®-T Network Topology
Requirements for the Network Topology

Figure 7.9 Disadvantage of the fully meshed network in the case of large networks

7.1.4.2 Cluster Architecture

The problem outlined above can be solved by adopting a cluster architecture, which involves divid-
ing the area to be covered into groups or "clusters". Each of these clusters consists of two sites for
the switching units and a certain number of base stations. A single region constitutes a cluster.

Figure 7.10 Cluster architecture

78 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Network Capacity

Advantages of the Cluster Architecture

A cluster architecture provides the following advantages:
• Redundant connection of the base stations between semi-clusters (0 to 100 % of the base sta-
tions) (refer to Figure 7.10)
• Larger overall capacity by using multiple exchanges
• Considerateness for the locally existing traffic flows and low bandwidth between the regions
(inter-cluster connections) (refer toFigure 7.10)
• Site redundancy is available if the half-clusters are set up in different locations (refer to Figure
7.11)
• Low call setup times since a maximum of two exchange stations are passed during call setup
(refer to Figure 7.10)
• Each half-cluster (in the figure above, called Half-Cluster 1 through Half-Cluster 6) can be
made up of multiple exchange units, depending on the required capacity

Figure 7.11 Half-clusters made up of one exchange or multiple exchanges

7.2 Network Capacity

7.2.1 Preconditions and Dependencies

In general, user communication behaviour is represented by means of a mathematical traffic

model. This determines the number of basic channels required and in turn the required number of
carrier frequencies. To ensure that the anticipated radio traffic can be put through the network
without this leading to bottlenecks, the interconnection network must also be designed in line
with this traffic load model. The traffic model also determines the required bandwidths for the
connection of control centers and other networks (PSTNs and mobile radio networks, PABX).

Systems and Solutions 90ACNSYS02 – 1.5 79

ACCESSNET®-T Network Topology
Network Capacity

Figure 7.12 Example of connection to a PSTN

The traffic model takes account of the different call types available with the TETRA system. Thus,
group calls generally occupy just one radio channel, whereas individual calls resembling tele-
phone communication require two radio channels. Specific subscriber services also require the
use of additional radio resources. Security measures such as the redundant connection of radio
carrier modules also increase the required number of carrier modules and frequencies. Differences
in terms of the anticipated usage scenarios (e.g. "standard operation", "special operation", "opera-
tion in a disaster") have a huge impact on the traffic model. The individual and cumulative effect of
the above considerations must also be taken into account in respect of data and call capacity.
Shared use of the network by different subscriber organisations must take into account the call
types in their entirety. For example, multiple individual calls will require greater network capacity
than group calls. Resource-intensive subscriber services (e.g. call holding, etc.) should be avoided
wherever possible (see also,"Extended Features With Increased Resource Consumption").
An optimum traffic value should be calculated on the basis of the requirements of the various
organizations in regard to the number of simultaneously operating groups and on the basis of the
number of subscribers within the individual radio coverage zones. This value can then be used
when designing network capacity. If the traffic values are underestimated, the switching unit
capacities will have to be increased and the communication network expanded at a later stage,
which is why it is important to allow sufficient reserves at the planning stage. An overcautious
estimate on the other hand, particularly in respect of rural areas (around 60% of base stations),
will result in a high-cost installation with at least two carriers, which in most cases is not neces-
sary.
Rapidly deployable network elements provide a flexible and cost-effective solution in respect of
ensuring the availability of radio technology during "special usage scenarios" or disasters. How-
ever, please note that integrating network elements of this kind also entails certain interconnec-
tion network capacities, which must be taken into consideration at the planning stage.

80 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Radio Coverage

Concerning shared network access, binding regulations must therefore be enforced in order to
achieve optimum network design. In the interests of long-term capacity planning, any potential
changes in regard to usage and expansion should be agreed to and taken into account at the plan-
ning stage.

7.2.2 Exchange Centre Capacities

The number of base stations that can be connected to exchanges depends on the average number
of carriers in the base stations.Table 7-1 shows the capacities for all the exchanges of the ACCESS-
NET®-T system.

Table 7.1 Capacity of the exchanges

Capacity of the R2-20 R2-40 R2-60 R2-90 R2-120 R2-180 R2-240 R2-300
DMX-500
Number of base 10 20 30 45 60 90 120 150
stations
Number of carrier 20 40 60 90 120 180 240 300
frequencies
Number of E1 ports 9 9 9 18 18 27 36 45
(G.703/704) for
base stations

In most cases, the number of E1 links is not to be considered critical since the exchange units are
equipped with a sufficient number of E1 ports.

7.3 Radio Coverage

7.3.1 Preconditions and Dependencies

The coverage quality of the mobile radio network is directly related to the number of base stations
used. The radio coverage quality requirements therefore directly affect the investment costs.
For each additional base station, the costs of site construction, electrical installations and provid-
ing the tie line between the base station and switching unit must be added to the cost of procur-
ing the actual system components. Often there are additional ongoing costs associated with hiring
or maintaining sites and in respect of electrical supplies and transmission lines.
A cost-conscious approach to planning must therefore make use of the synergies that exist in
terms of existing customer or operator sites. Nevertheless, the cost-conscious approach has its
limits, because of the need for complete radio coverage.
However, outdoor base station DOB-500 can be used to gain freedom scope for integrating lower-
cost, lower-quality sites into the radio network planning process.

Systems and Solutions 90ACNSYS02 – 1.5 81

ACCESSNET®-T Network Topology
Radio Coverage

7.3.2 Selecting the Terminal Equipment

The selection of terminal equipment and the associated output power have an impact on the base
stations required to meet the given radio coverage requirements. In practice, this means that there
might be sufficient coverage for an in-car radio (mobile radio), but not sufficient radio coverage for
a hand-held radio to establish a connection. In the interests of reducing the number of base sta-
tions required, the use of more powerful in-car radios is therefore preferable.

7.3.2.1 Direct Terminal-to-Terminal Communication

In addition to the conventional operating mode (Trunked Mode Operation, TMO), the TETRA stand-
ard also features a direct communication mode (Direct Mode Operation, DMO). This "walkie-talkie"
function makes communication possible even outside the limits of radio network coverage.

7.3.2.2 Expansion of the Service Area

The majority of in-car radios currently on the market can function as radio network relay stations
(DMO gateway functionality) or as amplifiers for direct communication between hand-held radios
(DMO repeater functionality).
If used strategically, these functionalities can help to optimize coverage temporarily and cost-
effectively for the purpose of meeting virtually all non-standard requirements. For example, an in-
car radio, which has been installed inside a service vehicle and positioned in front of a building,
can be used to ensure communication within this building on a temporary basis and maintain con-
tact with the radio network. The output power of in-car radios benefits network planning if, within
rural and remote areas, vehicles are to be used exclusively.
Significantly fewer base stations are needed to achieve coverage for these radios than if full cover-
age for hand-held radios were required. The necessary hand-held radios can still be operated
within the immediate vicinity of in-car radios featuring the DMO gateway (within a radius of
approximately 1-2 km).

Figure 7.13 Example of hand-held radio coverage without DMO repeater

82 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Radio Coverage

Figure 7.14 Example of hand-held radio coverage with DMO repeater

The pictures provide an example of actual coverage achieved for hand-held radios (green area) and
10 W in-car radios (yellow area). The area circled in red in Figure 7.14 shows the coverage
achieved for hand-held radios when a DMO repeater (10 W in-car radio) is used. This is in the
center of a zone which would normally provide coverage for in-car radios only.
When planning a shared network for multiple subscriber organizations (VPN), the key to imple-
menting an ahead-looking approach is to take account of the specific requirements of these
organizations whilst still adopting a uniform technical solution. In our experience, the fire and
ambulance services generally obtain sufficient coverage using in-car radios. If the use of hand-
held radios is required, as is sometimes the case when extinguishing fires inside buildings, cover-
age can be provided by means of DMO gateways, which maintain contact with the control cent-
ers.
The same applies to police applications in rural areas when you consider that the officer is nor-
mally confined to the immediate vicinity of the service vehicle containing the radio. The repeater
and gateway functionalities of the in-car radios can also be used to create a temporary subnet.
This enables efficient communication to take place in areas where coverage is at a critical level.

7.3.2.3 Method of Carrying the Hand-Held Radios

Regardless of the considerations outlined above, the manner in which hand-held radios are to be
typically used must be known at the preliminary planning stage and the implications in terms of
radio coverage taken into account. For example, carrying hand-held radios covert will have a major
impact on their transmission and reception capabilities. To cater for this without having to
increase radio coverage significantly, special terminal equipment with protruding antenna is avail-
able. However, a standard hand-held radio is designed to be carried in the open in the same way
as with GSM. It is therefore advisable to give priority to terminal-specific alternatives, rather than
increasing the coverage zone by means of base stations.
Below are some typical attenuation values associated with various hand-held radio carrying meth-
ods, which should help to clarify the situation described above.

Systems and Solutions 90ACNSYS02 – 1.5 83

ACCESSNET®-T Network Topology
Radio Coverage

Table 7.2 Attenuation values

How the Device is Used Attenuation Value
PMR mode, hand-held radio used directly in front of the face 0-3 dB
GSM-like mode, when telephoning with the hand-held radio next to 5-8 dB
the ear
Hand-held radio against chest and used in conjunction with cable 12-15 dB
microphone
Hand-held radio attached to waistbelt and used in conjunction with up to 30 dB
cable microphone

The attenuation (bodyloss) values may worsen or even improve within the radio field according to
the position of the user in relation to the base station.

7.3.2.4 Selecting the Antenna System

Strict limits are imposed in respect of the antenna system design as a result of building regulations
and the required level of radio coverage. However, the following basic issues must always be
addressed, because of how the "link budget" (the overall picture concerning positive and negative
radio propagation parameters = attenuation) is affected.
A chain of numerous negative elements (attenuators) will of course result in poorer radio propaga-
tion and in turn a "smaller" cell. This is of particular significance for the reception path (uplink)
within the base station, as the terminal equipment's comparatively low transmission power of 1 to
10 watts must be taken into account.

Omnidirectional Cell
In terms of mechanical design, an omnidirectional cell, whose antenna takes the form of a simple
isotropic radiator (rod antenna), is the most cost-effective solution. In an ideal situation (which
depends on the nature of the terrain), the radio signal will be propagated uniformly in all direc-
tions. This type of antenna design is therefore suitable for any kind of terrain characterized by rela-
tively consistent structures including, for example, agricultural areas, slightly undulating wooded
areas or villages and small towns with low-level buildings.

84 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Network Topology
Radio Coverage

Figure 7.15 Example of a rod antenna design

Quasi Omnidirectional Cell

In densely-structured areas (craggy terrain, towns whose buildings vary dramatically in height)
the omnidirectional cell referred to above is unable to propagate the radio signal evenly, resulting
in constrictions and gaps in coverage. Sometimes it may be desirable to channel the radio cell
along streets or railway tracks, for example. In such cases, the radio field can be restricted by
means of sectoral antennas.
The angle of radiation of these antennas varies; in general, sectoral antennas with an angle of
radiation of 120° are used. An arrangement of three such sectoral antennas again provides omni-
directional coverage, but with the advantage to individually adjust the orientation of the antennas
(down tilt) (see Figure 7.17).

Figure 7.16 Cross-polarized sectoral antenna

Systems and Solutions 90ACNSYS02 – 1.5 85

ACCESSNET®-T Network Topology
Radio Coverage

Figure 7.17 Quasi-Cross-polarized sectoral antenna

If a unique carrier frequency is used in each sector (together with unique signal channel), which
constitutes a true sectoral configuration, then no additional linking elements (power splitters) are
required, as each carrier frequency is assigned to just one group of transmission/reception anten-
nas. The sectors do not interfere with one another, as they act as individual cells with separate
base stations. It is important to note that these types of base station cost considerably more than
standard ones, but that the range of a sector exceeds that of an omnidirectional cell.
The quasi-omnidirectional cell represents a cheaper alternative. This type of configuration also
makes use of sectoral antennas. However, this time the same carrier frequencies are used in
respect of all the antennas. In this case, the advantages referred to above in terms of range apply
to a lesser extent, as the radio fields of the individual sectors have an attenuative effect on one
another and power splitters are required to control the antennas.

7.3.3 Link Budget

All the issues presented above are factors involved in the creation of the link budget, which the
radio network planner then uses to determine the required number of base stations. A brief expla-
nation of the individual negative factors (attenuation) and positive factors (gain, amplification) is
provided below.
Examples of elements with attenuating effects:

86 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T
Table 7.3 Attenuating elements
Element
Combiner (obligatory)
Cable design (obligatory)
Duplexer (optional)
Power splitter (optional)
The following elements can counter the above-mentioned attenuation:
Table 7.4 Countering elements
Element
Antenna (obligatory)
Antenna amplifier (optional)
7.3.4 Cluster Size and Frequency Repetition
Since the available spectrum is always limited, it is important for large mobile networks to repeat
the allocated frequencies. The repeatability, however, depends on the resistance of the method
used to radio interference. For TETRA, the carrier-to-interference ratio (C/I) is 19 dB. The deducible
Systems and Solutions 90ACNSYS02 – 1.5
Network Topology
Radio Coverage
Description
Combiners are generally integrated into the base station.
These elements route the outputs of multiple senders to one com-
mon transmitting antenna. The frequencies of the combined send-
ers must not drop below a defined difference. This is important for
planning the frequency allocation.
Each cable connection and especially lightning protection elements
cause additional (albeit very low) attenuation.
The attenuation values depend on the type of cable used and espe-
cially on a clean, technically sound installation.
TETRA base stations use the "diversity" effect for enhancing the
receiving characteristics. This is achieved by filtering the best
wanted signal from different signal reflections using multiple anten-
nas and receivers. This means that a base station would need at
least three rod antennas.
With the aid of a duplexer, multiple usage of an antenna can be
achieved (combining a reception input and a sender output) so that
only two antennas are required. This causes additional duplexer
attenuation in the send and reception directions. This characteristic
is already integrated into some types of base stations, which can
thus keep the losses as low as possible.
If sectorized antennas are used instead of rod antennas, power
splitters are used for controlling these antennas. These elements
split the send/reception signal from one to e.g. three connections,
which provides for area coverage if 3 x 120° sectorized antennas are
used.
Description
The antenna gain of an antenna normally depends on the installa-
tion height of the antenna. A 3-m rod antenna provides more gain
than a 0.5-m antenna.
A sectorized antenna normally provides more gain than a rod
antenna.
These elements counter the losses by amplifying the reception side.
The closer the amplifier is mounted to the antenna, the better nega-
tive effects caused by the cabling can be countered. For this reason,
Tower Mounted Amplifiers (TMA) are being discussed that can be
mounted directly in the vicinity of the antennas in the open.
87
ACCESSNET®-T Network Topology
Radio Coverage

repeatability results in a cluster size of 12. This means, 12 cells form a repeatable arrangement of a
closed frequency allocation. Figure 7.18 shows the neighbouring clusters in different colours. You
can see how the repeatability is implemented.

Figure 7.18 Representation of the 12-cell cluster

State-of-the-art radio network planning includes the use of software packages for predicting the
radio frequency coverage, using the defined link budgets and digital maps. ROHDE&SCHWARZ
uses a software that comprises appropriate tools for planning the interference-free frequency allo-
cation.

7.3.5 Model Contemplations

All the issues addressed so far demonstrate that when different requirements are placed on a
TETRA mobile radio network, different solutions will arise. This is summarized by the example of a
nationwide network based on the concept of the modular network structure.
Basic Model
• Basic coverage of the entire country, Base: 10-W vehicle radios (area coverage)
Optional Models:
• Basic coverage of the entire country, Base: 3-W vehicle radios (area coverage)
• Coverage of the regional capitals for operating 1-W hand-held radios (HFG)
• Coverage of large cities for operating 1-W hand-held radios
• Coverage of the motorways and large cities for operating 1-W hand-held radios
• Coverage in special buildings (1-W hand-held radios)
• Coverage in tunnels (1-W hand-held radios)
• Coverage in selected areas for covert carrying
• Coverage for helicopters
The above options bring about a permanent increase in the number of base stations from approx.
100 % to approx. 180 %. In addition, these numbers result from planning that optimizes radio cov-
erage without considering the use of existing sites that deviate from the optimum site. For an
exact specification of the number, a corresponding radio network planning is required.

88 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Safety Aspects
Threat Scenarios

8 Safety Aspects
Security issues affect both the money spent on switching units in respect of quantity and features
and the money spent on the resulting connection network.
The issues considered in this chapter apply in respect of safeguarding against technical malfunc-
tions and in particular for safeguarding against intentional acts of interference or sabotage as well
as against acts of God.
Overall network availability is generally 99.99%. This does not allow for downtime due to circum-
stances attributable to threats of a non-technical nature. However, in a security network, it is pre-
cisely the threat of external attack which should dictate how issues of network security are
addressed.
The location of possible failures is also of importance. The reasons for such failures are a second-
ary issue. Action to deal with loss of radio communication in a relatively unpopulated area of forest
will clearly not be the same as when dealing with the loss of a cell connected to an item of high-
security equipment. What is vital, regardless of circumstances, is how quickly problems can be
rectified. Ideally, a system should be able to switch to stand-by resources automatically. In extreme
cases, the faulty network elements can be replaced with mobile units, but this process can take
considerable time.

8.1 Threat Scenarios

The courses of action in terms of technology and organization described below will provide exten-
sive protection against virtually every possible threat, including terror attacks which may endanger
locations where switches are positioned. A detailed description of each possible course of action
is provided in relation to the threats posed.

8.1.1 Engineering Deficiencies in the Network Components

All technical equipment is rated in accordance with a statistic known as "MBTF" (Mean Time
Between Failure). Suppliers provide an assurance that failure statistics will not exceed this rate.
From a technical point of view, the overall availability of a network is calculated on the basis of the
MTBF values for its individual components. However, in practice, the time required to rectify the
technical defect to which the failure concerned can be attributed also has to be taken into
account. All components, in particular the connecting line system and the reliability of the power
supply, must be included in the calculation.

Systems and Solutions 90ACNSYS02 – 1.5 89

ACCESSNET®-T Safety Aspects
Threat Scenarios

Table 8.1 Technical failure

Threat Defence

• Technical failure of base stations,switching • Durability of locations

units or entireexchanges and tie-lines
• Reporting of technical problems (alarms)
• Reporting of loss of tie line (alarms)
• Fallback function for base stationInterfacing
of base stations via logic ring lines
• Redundant tie-lines
• Redundant interface between base stations
and two switching units
• Internal redundancy of central elements in
base stations and on switching units (no sin-
gle point of failure)

8.1.2 Manipulation

Manipulation occurs when signalling and traffic data is deleted or tampered with. This can be
attempted to interfere with communication between subscribers or attack the infrastructure.

8.1.2.1 Manipulation of the Air Interface

Table 8.2 Manipulation of the air interface

Threat Defence

• Jammers or replay attacks • Locating of jammers and launching of coun-

• Modification fo signalling information
• Modification of digital voice stream
termeasures
• Air interface encryption with long repetition
times
• End-to-end encryption with time stamp
• Two-way periodic authentication

8.1.2.2 Manipulation of the Network Infrastructure

Table 8.3 Manipulation of the network infrastructure

Threat Defence

• Destruction of data • Alternative routing of voice and data between

• Substitution of signalling and voice streams switching units and base stations
• Shutting down of network components • Checking of the integrity of tie-lines; access
• Introduction of third-party network compo- control for network management
nents to record data

90 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T
8.1.2.3 Threats Posed by Subscribers
Table 8.4 Threats posed by subscribers
Threat
Cloning of terminals
Call forwarding to other subscribers
Changing keys to interfere in the communication
Theft of authorized terminals
Recording and manipulation of subscriber data.
8.1.2.4 Threats for the Network Infrastructure
Table 8.5 Threats via the network infrastructure
Threat
• Recording of voice and signalling
• "Imposter" ISI interface to record calls/secu-
rity information
• Tapping of the ISI connection
• Tapping of interfaces for recording voice and
billing information
8.1.2.5 Physical Attacks
Table 8.6 Physical attacks
Threat
• Physical attacks on base stations, exchanges
and tie-lines.
Systems and Solutions 90ACNSYS02 – 1.5
Safety Aspects
Threat Scenarios
Defence
Make reading out impossible (hardware)
Block call forwarding
Record connection data
File notices of loss of stolen terminals, disable ter-
minals
Mutual authentication via the network manage-
ment
Defence
• Physical) allocation of entry and access rights
• Encryption of interfaces with other networks
• Applications for recording data and for billing
• Authentication of teams of operators
• Restrict or prevent fully-automatic network
gateways such as ISI in favour of guest sub-
scribers, which can be managed because
they are registered.
Defence
• Durability of locations
• Reporting of technical problems
• Reporting of loss of connecting line (alarms)
• Fallback function for base stationInterfacing
of base stations via logic ring lines
• Redundant tie-lines
• Redundant interface between base stations
and two switching units
• Internal redundancy of central elements in
base stations and on switching units (no sin-
gle point of failure)
91
ACCESSNET®-T Safety Aspects
Threat Scenarios

8.1.2.6 Unauthorized Consumption of Resources

Table 8.7 Unauthorized use of resources

Threat Defence

• Malicious generation of overload using PSTN
and PABX calls or generation of overload via
data interfaces
• Malicious generation of overload on gate-
ways with analog radio systems or dispatcher
systems
• Check list of authorized users in subscriber
management periodically
• Restrict or prevent fully-automatic network
gateways such as ISI

8.1.3 Tapping

Unauthorized subscribers can access the network and intercept communication. Both the air inter-
face and the infrastructure can be tapped in this way. Data at risk includes voice data and also sig-
nalling and management information.

8.1.3.1 Tapping the Air Interface

Table 8.8 Tapping the air interface

Threat Defence

• Tapping of voice data or locating of subscrib- • Encryption of the air interface

ers in order to create movement profiles.

8.1.3.2 Tapping the Network Infrastructure

Table 8.9 Tapping the network infrastructure

Threat Defence

• Tapping of voice data and identities of sub- • Encryption of tie-lines

scribers to the infrastructure or infrastructure • End-to-end encryption
interface IDs • Change code at regular intervals
• Recording of authentication and encryption
codes
• Recording of configuration and management
data

92 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Safety Aspects
Threat Scenarios

8.1.4 Essential Engineering Measures to Increase Safety

On ACCESSNET®-T mobile radio networks, security is achievable in a variety of ways and combina-
tions are possible and encouraged. The optional feature of redundancy supports linear scaling.
This means that a tactical approach can be taken and the base station with the highest priority in
terms of security requirements selected. Usually, it is primarily base stations in conurbations or in
areas categorized as important, which have specific security requirements and need redundant
connections. Unlike safeguarding with mobile units, redundant connections provide an immediate
and automatic means of defence and are therefore the preferred method to counter threats of a
criminal or terrorist nature aimed at physically shutting down network components in particular.

8.1.4.1 Authentication

Authentication (see also Chapter “Functionality and Performance Features”) provides an effective
means to counter the illegal use of the network. However, please note that malfunctions on the
network that stop base stations communicating with the Authentication Center (line failure, faults
on the exchange) will also prevent authentication. In such cases, the base stations have to be able
to make as much information as possible available to all authorized subscribers (including informa-
tion acquired previously during normal operation).

8.1.4.2 Encryption of the Air Interface

Encrypting the air interface provides an effective means of countering the recording of movement
profiles and critical attacks on data carried via the air interface. (See also Chapter “Functionality
and Performance Features”.)

8.1.4.3 End-to-End Encryption

End-to-end (E2E) encryption provides the most effective means of countering attacks on data (tap-
ping, see also Chapter “Functionality and Performance Features"). Please note that this function is
managed by the terminal equipment. The TETRA infrastructure transports data on request, but
does not modify it. This means that it is possible to use a number of different E2E systems with
various Key Management Centers (KMC) on one TETRA network. Please note that when the base
stations are in fallback mode, the KMC cannot be reached and, as a consequence, the level of
security is reduced.

Systems and Solutions 90ACNSYS02 – 1.5 93

ACCESSNET®-T Safety Aspects
Threat Scenarios

Note Important Notice

Important notice:Encryption components described in this document are subject to German and/or
European export regulations and may need an export license.

8.1.4.4 DMO Mode of the Terminals

In this operating mode, communication between users can be maintained even if the network can-
not be accessed. DMO is a standard function of TETRA terminal equipment and as such is not sub-
ject to an additional charge. DMO mode is the most effective means of countering all physical
attacks on the network, as it runs independently of the network infrastructure.

8.1.4.5 Fallback Mode of the Base Stations

Even if the connection between a base station and the switching unit is lost or faulty, the base sta-
tion can still maintain radio communication within its radio range (radio cell operating in island
mode). In such cases, only the link to a central control center is lost.
All TETRA base stations feature this mode, which is known as fallback mode, although functional
scope will vary from station to station.
The actual facilities for communication and in particular for management and registration, as well
as for substitution in the event of it not being possible to authenticate subscribers, are determined
to a large extent by the technical implementation of the base station. On the ACCESSNET®-T radio
system, all base stations are able to access basic information for all subscribers, with the result
that switching over to island mode imposes virtually no restrictions in respect of operation.

8.1.4.6 Redundant Connecting Lines

The inclusion of redundant tie-lines provides a physical means of protecting the communication
network against the effects of faults. On the interconnection network itself, the function runs so
that it is not visible to the equipment connected. This approach is very cost-intensive in respect of
the interface for the base stations, as every line has to be installed twice and, in addition, the
intelligence for switching over has to be available in the form of switching units or routers. On a
non-redundant structure (simple star configuration), failure on tie-lines have to be brought under
control by means of fallback mode on the base station.

94 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Safety Aspects
Threat Scenarios

Figure 8.1 Simple diagram illustrating circuit with external multiplexers

Figure 8.2 Solution with ACCESSNET®-T internal multiplexers

8.1.4.7 Ring Configurations of Base Stations

Linking base stations in logic rings (usually on the same switching unit) provides a means of pro-
tecting the interconnection network against the effects of faults, as every base station can be
reached via two routes. This is particularly useful for microwave links. As the route is selected
autonomously by the base station, no central data storage locations are required. On a non-redun-
dant structure (simple star configuration), failure on tie-lines have to be brought under control by
means of fallback mode on the base station.
Ring configurations are an optimized version of redundant tie-lines, as only one additional line (to
close the ring) is required. Ring formats also provide an easy means of integrating a mobile base
station in the event that bandwidth has been reserved accordingly (see also “Mobile Units”).

Figure 8.3 Example of two ring configurations each with one switching unit

Systems and Solutions 90ACNSYS02 – 1.5 95

ACCESSNET®-T Safety Aspects
Threat Scenarios

8.1.4.8 Redundant Connection of Base Stations to two Exchange Units

This type of interfacing increases network security, in particular in the event of physical attacks
such as acts of terror or natural disasters, because one base station is run by two independent
switching units located at different places. Regardless of whether the fault occurs on the commu-
nication network or in the switching unit itself, the base stations are each run by the "partner
switching unit". In order to exploit the full potential of this feature, additional action should be
taken when routing the interconnection network (lines separated physically) or a local power sup-
ply (sufficient battery back-up or local generator for base stations) should be used.

Figure 8.4 Simple diagram illustrating ring configuration with two switching units

8.1.4.9 Site Redundancy (Safeguarding of Exchange Sites)

By combining the exchanges, an even higher safety level than the redundant connection of base
stations to two exchange units as shown above is achievable: site redundancy. In this case,
exchange units set up spatially separated are configured such that 100 % of the base stations
served by a switch group (half-cluster) are connected to the second half-cluster. If an entire site
with multiple switches fails, the operation of the network is still maintained.

Figure 8.5 Alternative routing if an exchange fails

8.1.4.10 Mobile Units

The following types of mobile units will need to be used in order to meet the various technical
requirements:
• Mobile units with and without switching capability (for a number of base stations)

96 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Safety Aspects
Threat Scenarios

• Mobile units with/without interface to the existing network, which is still functioning
• Mobile units with/without power supply
The simplest type of mobile unit is a base station which will run in fallback mode. Ideally, this will
be a base station with two carriers suitable for installation outdoors and which is easily transport-
able.The options for using a base station as a mobile unit are as follows:
• Subscribers who may communicate are not restricted
• (no authentication possible) – security risk should be avoided
• Subscribers who may communicate are configured manually
• (local network management) – a manual task which is prone to errors, only for exceptional cir-
cumstances
• The mobile base station is prepared by being connected on the network in order to acquire all
necessary subscriber, group and priority data, before being transported using battery back-up.
This means that all subscribers will have been authorized in normal operation and will remain
known to the mobile unit along with their essential features. This eliminates the need for
manual operations.
If a mobile base station is to be integrated into the existing network (which is continuing to oper-
ate), a spare bandwidth must be provided on the ring in the communication network. The connec-
tion can then be made via cables or microwaves. Whatever the case, each base station of the
existing network must feature one free line termination which can be used as a branch connec-
tion; otherwise a means of connection will have to be established using external equipment. This
procedure is very complex and almost always requires the network to be shut down.
In instances in which the switching units are affected by a failure and no automatic means of pro-
tection (interface between base stations and two switching units) is available on the network, a
mobile unit with switching function is required. The unit can either operate in island mode or be
used to establish connections with any base stations on the network that are continuing to func-
tion via microwaves or cables, in order to increase coverage. Usually, a capacity of up to ten base
stations will be sufficient.
Also in this case, security in respect of unauthorized subscribers should be considered, as in gen-
eral, it will not be possible to communicate with central resources such as Authentication Centers
or Key Management Centers. Once again, the ideal solution is for the system to have been pre-
pared in advance for such a scenario by locating all data required for communication on the net-
work. Whatever the circumstances, the complete integration of a mobile unit with switching
capability into an existing network will always require extensive manual configuration. This
applies to both mobile systems and to existing network components and should only be consid-
ered as an option in the event of disastrous circumstances prevailing for a considerable period of
time.
Of primary importance in respect of the mechanical layout of mobile units are the requirements of
each unit in terms of space and power. Ideally, a mobile base station should be compatible for out-
door installation and feature an easy-to-connect modular design. This means that the actual base
station can be connected to the antenna branching equipment and the power supply, so that the
use of local facilities can be optimized in respect of the requirements to be met.

Systems and Solutions 90ACNSYS02 – 1.5 97

ACCESSNET®-T Safety Aspects
Threat Scenarios

8.1.5 Model Contemplations

Basic Package
• Communication via terminal equipment direct mode (DMO)
• Base station fallback mode
Optional Modules
• Mixed base station configuration (ring or star)
• Scalable redundant interfacing of base stations
• Mobile units without switching capability
• Mobile unit with switching capability
Redundancy increases both network connection costs and the number of switching units, because
spare capacitiy must be provided in order to be able to run the additional base stations in the
event of a fault. The optimum number of base stations connected to two switching units, as appro-
priate for security requirements, is subject to a dedicated network planning.

Figure 8.6 Example of a mixed base station configuration

98 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Functionality and Performance Features
Preconditions and Dependencies

9 Functionality and Performance Features

9.1 Preconditions and Dependencies

The features that are defined according to the ETSI standard are classified as follows:
• Basic features
• Supplementary features
• Supplementary features with increased resource consumption
• Features without TIP specification
The "supplementary features with increased resource consumption" classification is a major cost
factor as it implicitly increases the required network capacity. The "full duplex individual call" fea-
ture, for example, already requires two service channels and even four service channels if the sub-
scriber called is in the same cell.
More resources are even used by the "call hold" or "call waiting" feature. The traffic considerations
in the PMR mobile radio networks do usually not take any of these features into account, because
they actually are untypical and increase the costs considerably. Regarding this fact, a restriction is
possible for most organizations as the focus is on the group call.
The "features without TIP specification" classification refers to functions that are considered in the
standard but for which binding implementation regulations in the meaning of a "TETRA Interoper-
ability Profile" (TIP) are not available. Implementing these features today may lead to inconsisten-
cies, because the TETRA MoU will define specifications at some point of time in the future. For this
reason, features of this type cannot be implemented without risk.

9.1.1 Description of the TIP Specifications

The basis for all TIP documents is the ETSI standard. TIP documents are implementation regula-
tions to ensure a specific function described in the ETSI standard and to guarantee interoperability
between the terminal equipment and the infrastructure.
Usability of the ETSI standard thus becomes clear. With TETRA, the ETSI standard allows for differ-
ent implementation versions for specific functions. The ETSI standard can be considered to be a
large box of components that can be taken out to implement a possible version. Only the TIP
implementation regulations ensure that all system components and terminal equipment tested
according to the TIP are compatible with one another.
Following the multi-vendor principle, agreements between the individual infrastructure and termi-
nal equipment manufacturers are not binding (according to a TETRA MoU agreement). Otherwise,
there is a danger of developing functions that only work with specific terminal equipment or sys-
tems, which implies commitment to only one manufacturer or a small number of manufacturers.
Therefore, every TETRA MoU member is able to contribute or prioritize TIP requirements according
to a specified procedure.

Systems and Solutions 90ACNSYS02 – 1.5 99

ACCESSNET®-T Functionality and Performance Features
Performance Features and Services

9.1.2 The TIP Process

The procedure defined by the TETRA MoU intends that any suggestions and their prioritization for
a TIP specification are discussed and contributed by the "Operations and Users Association". This
prioritization is then revised in co-operation with the manufacturers. Every association member
has the right to contribute a suggestion. By means of the "TETRA MoU Specification Group" the
TETRA MoU Technical Forum evaluates the suggestion in detail. The Specification Group member-
ship is attached to specific conditions, i.e. operators cannot be permanent members of the Specifi-
cation Group.
Members of the "Technical Forum" can contribute amendments, which are then subject to a vote.
The document the members decide on is the TIP document. In this context, the manufacturers and
testing authorities develop and pass detailed IOP test suggestions. They are the basis for certifica-
tion. The typical process time for a TIP document is between six and nine months.
Services for which a TIP specification has not yet been specified are classified as "features without
TIP". These features should only be implemented without risk after specification of the TETRA
MoU.

9.2 Performance Features and Services

9.2.1 Basic Performance Features

Basic features are services that are considered absolutely necessary in order to properly use a
radio service. These services with all functions should be available to all users.

9.2.1.1 Definition of Terms

Table 9.1 Supported basic services

Basic Services Description
Full duplex Call type with two subscribers; communication in both directions is
possible at any time (typical telephony). Two uplink/downlink serv-
ice channels are used.
Half duplex Call type with two or more subscribers; communication is only pos-
sible for one subscriber at a time. Each subscriber can request talk
authorization (typical 2-way radio communication). Only one uplink/
downlink service channels is used.
Simplex Call type with two or more subscribers; communication is only pos-
sible for one subscriber at a time. Each subscriber can request talk
authorization (typical 2-way radio communication in DMO mode).
Only one frequency is used.

100 Systems and Solutions 90ACNSYS02 – 1.5

ACCESSNET®-T Functionality and Performance Features
Performance Features and Services

9.2.1.2 Definition of Areas

Each base station specifies a radio cell (also referred to as location area). Adjacent radio cells over-
lap to enable subscriber movement within the network by means of a "hand-over" without cancel-
ling the call. At a given time a terminal equipment is registered at exactly one base station. The
base station informs the terminal equipment up to which signal quality and traffic load the termi-
nal equipment is to remain at this base station. During this procedure the terminal equipment is
also informed about the parameters of the adjacent cell. Using its own evaluation of the signal
quality the terminal equipment decides at which point it changes to the adjacent base station.
Optimum service quality can therefore only be achieved if the terminal equipment and the infra-
structure work together.

Figure 9.1 Radio coverage of adjacent cells

9.2.1.3 Call Restore

If a user changes from one base station’s radio coverage area into a different base station’s radio
coverage area, the existing call is automatically restored in the new radio coverage area. ACCESS-
NET®-T supports call restoration for circuit mode calls and connection-oriented data services.

Systems and Solutions 90ACNSYS02 – 1.5 101