4/18/2021

Introduction to Global System for

Mobile Communications (GSM)
(Continued)

1 2

Mobile Station
The mobile station (MS) consists of:
• the mobile equipment (the terminal)
• a smart card called the Subscriber Identity Module
(SIM).
• The SIM card is protected by a four-digit Personal
Identification Number (PIN).
• It provides personal mobility, so that the user can have
access to subscribed services irrespective of a specific
terminal.
By inserting the SIM card into another GSM terminal, the
user is able:
• to receive calls at that terminal,
• make calls from that terminal, and
• receive other subscribed services.

3 4
 4/18/2021

• The mobile equipment is uniquely identified by the

International Mobile Equipment Identity (IMEI).
The SIM card contains: • Note: The IMEI and the IMSI are independent, thereby
allowing personal mobility.
• also the International Mobile Subscriber Identity (IMSI)
used to identify the subscriber to the system, • The SIM card may be protected against unauthorized
use by a password or personal identity number.
• a secret key for authentication, and other information.

5 6

Base Station Subsystem

• A list of IMEIs in the network is stored in the Equipment
Identity Register (EIR).
The status returned in response to an IMEI query to the • The Base Station Subsystem is composed of two
EIR is one of the following: parts, the Base Transceiver Station (BTS) and the
• White-listed -The terminal is allowed to connect to the Base Station Controller (BSC).
network.
• Grey-listed -The terminal is under observation from the • These communicate across a standardized
network for possible problems. interface, allowing (as in the rest of the system)
• Black-listed -The terminal has either been reported operation between components made by
stolen, or is not type approved (the correct type of different suppliers.
terminal for a GSM network). The terminal is not allowed
to connect to the network.
7 8
 4/18/2021

Base Transceiver Station

• The BTS is the Mobile Station's access point to the network -handling speech encoding,
• The interface between the MS and the BTS is known as the Um -encryption,
Interface or the Air Interface
• . It is responsible for: -multiplexing (TDMA), and
-carrying out radio communications between the -modulation/demodulation of the radio signals. It is
network and the MS also capable of frequency hopping
-defining a cell
-handlings the radio-link protocols with the Mobile
Station..
9 10

• A BTS is assigned a Cell Identity. • It provides means to geographically locate connected

• The cell identity is 16-bit number (double octet) mobile phones.
• it identifies that cell in a particular Location Area. • If a cell phone is connected to a GSM network then
the position of that particular cell phone can be
• The cell identity is part of the Cell Global Identification
determined using CGI of the cell which is covering that
(CGI),
cell phone
• Cell Global Identity (CGI) is a standard identifier for
mobile phones cells,

11 12
 4/18/2021

Base Station Controller(BSC)
• The BSC manages the radio resources for one or more
BTSs.
• The interface between the BTS and the BSC is known as the
Abis Interface
• It handles:
-radio-channel setup or Allocation
-power and signal measurements from the MS
- frequency administration such as frequency hopping
- handovers from one BTS to another
13
Network Subsystem
• The Mobile services Switching Center (MSC) is central
component of the Network Subsystem.
• It acts like a normal switching node of the PSTN or
ISDN, and all the functionality needed to handle a
mobile subscriber,
• The interface between the BSC and the MSC is known
as the A Interface
14

The Home Location Register (HLR)

• The HLR is a large database that permanently
It provides: stores data about subscribers
- Registration, • The HLR contains all the administrative
-Authentication, information of each subscriber registered in the
corresponding GSM network, along with the
-Location updating, current location of the mobile.
-Handovers, and • The HLR maintains subscriber-specific information
-Call routing to a roaming subscriber. such as:
- the MSISDN,
-The connection to the fixed networks (such as the
PSTN or ISDN. -IMSI,
15 16
 4/18/2021

Visitor Location Register (VLR)

-current location of the MS,
• The VLR is a database that contains a subset of the
-roaming restrictions, and information located on the HLR.
-subscriber supplemental features • It contains similar information as the HLR, but only for
Note: subscribers currently in its Location Area.
• But mainly, administrative information
There is logically only one HLR in any given network, • There is a VLR for every Location Area.
• The VLR reduces the overall number of queries to the
HLR and thus reduces network traffic.
• VLRs are often identified by the Location Area Code
(LAC) for the area they service.
17 18

Equipment Identity Register (EIR)

•The black list is a list if IMEIs that are to be
• This is a database that contains a list of all valid mobile equipment on denied service by the network for some
the network, reason.
• The EIR keeps tracks of handsets on the network using the IMEI. •Reasons include the IMEI being listed:
• Each mobile station is identified by its International Mobile - as stolen or
Equipment Identity (IMEI).
• There is only one EIR per network. It is composed of three lists. The
-cloned or
white list, the gray list, and the black list. -if the handset is malfunctioning or
-doesn't have the technical capabilities to
operate on the network.
19 20

• The gray list is a list of IMEIs that are to be monitored
for suspicious activity.
• This could include:
-handsets that are behaving oddly or
-not performing as the network expects it to.
• The white list is an unpopulated list. That means if an
IMEI is not on the black list or on the gray list, then it
is considered good and is "on the white list".
21
• Encryption - In GSM, encryption refers to the process of
creating authentication and ciphering cryptovariables
using a special key and an encryption algorithm.
• Ciphering - Ciphering refers to the process of changing
plaintext data into encrypted data using a special key and
a special encryption algorithm.
• Transmissions between the MS and the BTS on the Um
link, are enciphered
• The AuC generates crypto-variables such as the RAND,
SRES, and Kc.
23
4/18/2021
Authentication Center (Auc)
• This AuC handles the authentication and encryption
tasks for the network.
• The Auc stores the Key for each IMSI on the network.
• Authentication - Whenever a MS requests access to a
network, the network must authenticate the MS.
• Authentication verifies the identity and validity of the
SIM card to the network and ensures that the
subscriber is authorized access to the network.
22
• Kc - The Kc is the 64-bit ciphering key that is used in the A5
encryption algorithm to encipher and decipher the data
that is being transmitted on the Um interface.
• Ki - The Ki is the individual subscriber authentication key. It
is a 128-bit number that is paired with an IMSI when the
SIM card is created.
• The Ki is only stored on the SIM card and at the
Authentication Center (AuC). The Ki should never be
transmitted across the network on any link.
24

• RAND - The RAND is a random 128-bit number that is
generated by the Auc when the network requests to
authenticate a subscriber. The RAND is used to generate the
Signed Response (SRES) and Kc crypto variables.
• SRES -Signed Response - The SRES is a 32-bit crypto variable
used in the authentication process. The MS is challenged by
being given the RAND by the network, the SRES is the
expected correct response. The SRES is never passed on the
Um (Air) interface. It is kept at the MSC/VLR, which performs
the authentication check.
• Although it is not required, the Auc is normally physically
collocated with the HLR.
25
Multiple access and channel structure
• Radio spectrum is a limited resource shared by all users,
a method must be devised to divide up the bandwidth
among as many users as possible.
• The method used by GSM is a combination of Time- and
Frequency-Division Multiple Access (TDMA/FDMA).
• The FDMA part involves the division by frequency of the
(maximum) 25 MHz bandwidth into 124 carrier
frequencies spaced 200 kHz apart.
• One or more carrier frequencies are assigned to each
base station.
27
4/18/2021
Radio link
• The International Telecommunication Union (ITU),
allocated the bands 890-915 MHz for the uplink
(mobile station to base station) and
• 935-960 MHz for the downlink (base station to mobile
station) for mobile networks
• GSM frequencies initially set with 25 MHz (transmit
and receive) spaced apart by 45 MHz
26
• Each of these carrier frequencies is then divided in time,
using a TDMA scheme.
• The unit of time in this TDMA scheme is called a burst
period and it lasts 15/26 ms (or approx. 0.577 ms).
• All these definitions are cyclic, and the entire pattern
repeats approximately every 3 hours.
• Channels can be divided into:
- dedicated channels, which are allocated to a mobile
station, and
-common channels, which are used by mobile stations
in idle mode.
28

Traffic channels
• A traffic channel (TCH) is used to carry speech and data
traffic.
• Traffic channels are defined using a 26-frame multi-frame, or
group of 26 TDMA frames.
• On each multiframe, there are 24 frames for Traffic
Channels,
• Within each Frame are 8 Timeslots at 576.92 μs per.
• The length of a 26-frame multi-frame is 120 ms, which is
how the length of a burst period is defined (120 ms divided
by 26 frames)
29
Speech coding
• GSM is a digital system, so speech which is inherently
analog, has to be digitized.
• The method employed by ISDN, and by current
telephone systems for multiplexing voice lines over
high speed trunks and optical fiber lines, is Pulse
Coded Modulation (PCM).
31
4/18/2021
Control channels
• The common channels are used by idle mode mobiles to
exchange the signaling information required to change to
dedicated mode.
• Common control channels can be accessed both by idle
mode and dedicated mode mobiles.
• Mobiles already in dedicated mode monitor the
surrounding base stations for handover and other
information
30
• PCM (Pulse Code Modulation) is a standardized method used
in the telephone network -
• to change an analog signal to a digital one.
• The analog signal is first sampled at a 8-kHz sampling rate.
Then each sample is quantized into 1 of 256 levels and then
• Encoded into digital eight-bit words.
32
 4/18/2021

Multipath equalization

• At the 900 MHz range, radio waves bounce off everything -

buildings, hills, cars, airplanes, etc.
• Thus many reflected signals, each with a different phase, can
reach an antenna.
• Equalization is used to extract the desired signal from the
unwanted reflections.
• It works by finding out how a known transmitted signal is
modified by multi-path fading, and constructing an inverse
filter to extract the rest of the desired signal
33 34

Frequency hopping in GSM Discontinuous transmission (DTX)

• The mobile station can move between a transmit,
receive, and monitor time slot within one TDMA
frame,
• They are normally on different frequencies.
• GSM makes use of this frequency agility to
implement frequency hopping, where the mobile
and BTS transmit each TDMA frame on a different
carrier frequency.
35
• Discontinuous transmission (DTX) is a method that takes
advantage of the fact that a person speaks less that 40
percent of the time in normal conversation,
• This is done by turning the transmitter off during silence
periods.
• It is also added benefit of DTX in that power is conserved
at the mobile unit.
• The most important component of DTX is, Voice Activity
Detection. It must distinguish between voice and noise
inputs
36

• The Voice Activity Detection (VAD), which has to
determine whether the sound represents speech or
noise, even if the background noise is very important.
• If the voice signal is considered as noise, the
transmitter is turned off producing then, an
unpleasant effect called clipping.
• An inconvenient of the DTX function is that when the
signal is considered as noise, the transmitter is turned
off
37
Discontinuous reception
• Another method used to conserve power at the
mobile station is discontinuous reception.
• The paging channel, used by the base station to signal
an incoming call, is structured into sub-channels.
(The Paging Channel (PCH) is a downlink transport
channel. The PCH is always transmitted over the entire
cell.)
• Each mobile station needs to listen only to its own
sub-channel.
• In the time between successive paging sub-channels,
the mobile can go into sleep mode, when almost no
power is used. 39
4/18/2021
• So, a total silence is heard at the receiver.
• This can be very annoying to the user at the reception
because it seems that the connection is dead.
• In order to overcome this problem, the receiver
creates a minimum of background noise called
comfort noise.
• The comfort noise eliminates the impression that the
connection is dead
38
Power control
• At the same time the base stations perform measurements
on the power level of the different mobile stations.
• These power levels are adjusted so that the power is nearly
the same for each burst.
• There are five classes of mobile stations defined, according to
their peak transmitter power, rated at 20, 8, 5, 2, and 0.8
watts.
• To minimize co-channel interference and to conserve power,
both the mobiles and the Base Transceiver Stations operate
at the lowest power level that will maintain an acceptable
signal quality.
• Power levels can be stepped up or down from the peak
power down to a minimum of 20 mill watts.
40
 4/18/2021

41 42