4/18/2021

Network aspects
Global System for Mobile
• A GSM mobile can roam nationally and internationally
Communications (GSM) ,3G,4G • This requires registration, authentication, call routing
(Continued /3) and location updating functions
• All these are standardized in GSM networks.
• The fact that the geographical area covered by the
network is divided into cells necessitates the
implementation of a handover mechanism

1 2

Handover
• In a cellular network, the radio and fixed links
required are not permanently allocated for the
duration of a call.
• Handover, is the switching of an on-going call to a
different channel or cell.
• There are four different types of handover in the
GSM system
3 4
This involves transferring a call between:
1. Channels (time slots) in the same cell
2. Cells (Base Transceiver Stations) under the
control of the same Base Station Controller
(BSC),
3. Cells under the control of different BSCs, but
belonging to the same Mobile services
Switching Center (MSC), and
4. Cells under the control of different MSCs.

• The first two types of handover are called internal
handovers.
• They involve only one Base Station Controller (BSC).
• To save signaling bandwidth, they are managed by the
BSC without involving the Mobile services Switching
Center (MSC),
5 6
Basic Call routing in GSM
7 8
4/18/2021
• EXCEPT to notify it at the completion of the handover.
• The last two types of handover are called external
handovers-
• They are handled by the MSCs involved.
• Handovers can be initiated by either the mobile or the
MSC (as a means of traffic load balancing).
Basic procedures of Call routing in GSM
1. MS sends dialed number to BSS
2. BSS sends dialed number to MSC
3,4 MSC checks VLR if MS is allowed the requested
service . If so, MSC asks BSS to allocate resources for
call.
5 MSC routes the call to GMSC
6 GMSC routes the call to local exchange of called user
7, 8, 9,10 Answer back(ring back) tone is routed from
called user to MS via GMSC,MSC,BSS

Mobile Internet Communication Technologies
• There are number of mobile communication technologies
which have been developed ever since from analog days.
• Some of the mobile and internet communication
technologies adopted by different mobile companies in
different parts of the world.
1. GSM
2. CDMA
3. EDGE
4. GPRS
5. VoIP etc
9 10
• The subscriber is charged for the amount of time it
remained connected to the network.
• Data transmission speed is relatively slow using CSD
which is about 14.4 kbps for those GSM networks who
are operated at 1800 frequency band,
• And even low at 9.6 kbps when 900 MHZ GSM
network is used.
11
4/18/2021
Introduction to CSD ( Circuit Switched Data )
• GSM use technology called Circuit Switched Data
(CSD) for transferring data.
• CSD creates special connection to the network to
transfer data,
• it can take up to 30 seconds before this
connection can put to use.
• After the connection is made, data starts to be
transmitted .
General Packet Radio Services(GPRS)
• This is one of the technologies to improve 2G phones
(second generation phones) to enable them transfer data
at higher speed.
• GPRS allows mobile phones to remain connected to
network and transfer requested or sent data instantly,
• E.G. if you receive MMS from other mobile phone, you do
not need to press a button to check if you have any new
MMS, instead mobile handset notifies you when new MMS
is downloaded to your mobile.
• GPRS technology can provide you up to 32 kbps to 48 kbps. 12

• Data can transfer during the call and there is no
requirement of disconnecting call to receiving
incoming or out going data.
• For example, you can receive SMS during the call
and you can reply to it without having to disconnect
your on going call.
• GPRS usage is charged for the amount of data sent
and received.
• Unlike CSD which is charged for amount of time it
remained connected.
13
• These timeslots are available simultaneously, so the greater
the number of slots, the faster the data transfer speed.
• Because GPRS transmits data in packets, the timeslots are
not in use all the time, but are shared amongst all users of
the network.
• That increases the overall data capacity of the network,
• It also means that you are billed for the quantity of data
transmitted, not the time that you are online
15
4/18/2021
GPRS Class Types
• The class of a GPRS phone determines the speed at
which data can be transferred.
• Technically the class refers to the number of time slots
available for upload (sending data from the phone) or
download (receiving data from the network).
• The timeslots used for data are in addition to the slot
that is reserved for voice calls.
14
• It may mean that during busy times, data transfer rates
slow down, ---because the network will give priority to
voice calls.
• The most common GPRS classes in use are given in the
next slide
• Generally the higher the GPRS class, the faster the data
transfer rates.
16

Class Slots Max. data transfer speed
Class 2 3 8 - 12 kbps upload / 16 - 24 kbps download
Class 4 4 8 - 12 kbps upload / 24 - 36 kbps download
Class 6 4 24 - 36 kbps upload / 24 - 36 kbps download
Class 8 5 8 - 12 kbps upload / 32 - 40 kbps download
Class 10 5 16 - 24 kbps upload / 32 - 48 kbps download
Class 12 5 32 - 48 kbps upload / 32 - 48 kbps download
17
Enhanced Data rates for GSM Evolution(EDGE)
• EDGE or EGPRS provides data transfer rates
significantly faster than GPRS or HSCSD.
• EDGE increased the speed of each timeslot to 48 kbps
and allows the use of up to 8 timeslots,
• This gives a maximum data transfer rate of 384 kbps.
19
4/18/2021
High Speed Circuit Switched Data( HSCSD)
• HSCSD enables data to be transferred more rapidly than the
standard GSM (Circuit Switched Data) system by using
multiple channels.
• The maximum number of timeslots that can be used is four,
giving a maximum data transfer rate of 57.6 kbps (or 38.4 kbps
on a GSM 900 network).
• HSCSD is more expensive to use than GPRS, because all four
slots are used simultaneously –
• it does not transmit data in packets. Because of this, HSCSD is
not as popular as GPRS and it was replaced by EDGE.
18
• In places where an EDGE network is not available,
GPRS is used instead.
• EDGE offers the best that can be achieved with a 2.5G
network, and will eventually was replaced by 3G
• The following table summarizes some possible
configurations of GPRS and circuit switched data
services.
20
 4/18/2021

TDMA Timeslots
Technology Download (kbit/s) Upload (kbit/s)
allocated
CSD 9.6 9.6 1+1 Advantages of EDGE over previous technologies
HSCSD 28.8 14.4 2+1
• The good and practical aspect of implementing Edge
HSCSD 43.2 14.4 3+1 technology was its adaptability to the existing system
GPRS 80.0
20.0 (Class 8 & 10
4+1
like GPRS, HSCSD (high speed circuit switched data)
and CS-4) and specifications;
40.0 (Class 10 and
GPRS 60.0
CS-4)
3+2 • it does not require new systems to be developed for
59.2 (Class 8, 10 and deploying it.
EGPRS (EDGE) 236.8 4+1
MCS-9) • EDGE/EGPRS can be operated on existing frequency
EGPRS (EDGE) 177.6
118.4 (Class 10 and
3+2 spectrum that is 800MHz, 1800 MHz and 1900 MHz.
MCS-9)
MCS=Modulation and Coding Scheme 21 22

Voice Over Internet Protocol (VOIP)

• EGPRS/EDGE is cost effective when it comes installing
it on the network,
• it requires small units of improvement and
enhancements on existing network.
• The most obvious advantage of EDGE is it provides
thrice as better speed as GPRS does.
• It Improved performance of existing applications and
room for new applications like video calls on mobile
etc
23
• VoIP is combination of two technologies Voice data and
Internet Protocol to transmit voice on longer distances
with lowest costs.
• VoIP technology determines how Internet telephony,
making calls on internet, making calls from phone to PC,
Pc to Phone and Phone to Phone works at present day.
• VoIP is technology which is used to transmit voice traffic,
( voice data) over IP network,
24

• voice applications are used for transferring voice
data, one can quote an example of such:
• voice chat,
• Internet phones -use packet-switched VoIP, or
Internet telephony, to transmit telephone calls over
the Internet as opposed to the circuit-switched
telephony used by the traditional Public Switched
Telephone Network (PSTN).
• teleconferencing.
25
VoIP and Mobile Communication
• VoIP is also playing significant role in Mobile communication
technologies
• It is giving competitive edge in businesses between
companies who have deployed VoIP services in their mobile
network.
• Calls are getting cheaper and cheaper, due to voice over
internet protocol.
• With the help of VoIP networking; internationals calls are
way much cheaper now and they cost almost as much as
local calls,
• More and More free minutes are provided to get business
benefits by different mobile companies to attract more
consumer market.
27
4/18/2021
• The VoIP infrastructure includes:
-Broadband Internet connection,
- regular telephone line and
-VoIP software and hardware.
• Some of renowned companies of the voice over
internet protocol business are Vonage and Skype.
• Cisco systems have also a big name in providing the
VoIP hardware
26
Features of Voice Over Internet Protocol
• The best feature for which VoIP was first invented and got
known is making calls from one end of the world to the
other end of the world with very nominal cost price.
• Broadband however is required for VoIP network to work.
• Subscribers of VoIP phones can take IP phones along
with them any where in the world for staying in touch by
cost effective communication back home.
• Another useful feature for VoIP technology, it supports
software phones as well,
• Software phones are also called soft phones.
28

• Soft phones are basically software which interfaces
exactly like phone on computer for communication.
• Using such soft phones one can make phone calls every
where in the world,
• Soft phones are connected to VoIP network with help of
broadband internet connections.
• Voice over internet protocol may also provide features to
check voice mail from remote location or sending email
with attachments using internet
29
• The BTS component of 2G GSM networks is replaced by a
new component called Node B in 3G UMTS networks.
• The functionality provided by the BSC in 2G GSM
networks is provided by a component called the Radio
Network Controller (RNC) in UMTS.
31
4/18/2021
3G Systems -UMTS Overview
• The Universal Mobile Telecommunications System
UMTS) is a third-generation (3G) cellular standard
• It has several implementations that go by different
brands.
Example :
-Freedom of Mobile Multimedia Access (FOMA) and
-Wideband Code Division Multiple Access (W-
CDMA).
30
In UMTS there are four different kinds of services
defined. Each with it's own quality of service:
1. Conversational class (voice, video telephony, video
gaming)
2. Streaming class (multimedia, video on demand,
webcast)
3. Interactive class (web browsing, network gaming,
database access)
4. Background class (email, SMS, downloading
32
 4/18/2021

UMTS Architecture
A UMTS network consist of three interacting domains;
1.) User Equipment (UE).
2.) UMTS Terrestrial Radio Access Network (UTRAN)
or Radio Network Subsystem (RNS)and
3.) Core Network (CN),

33 34

1.) User Equipment

• The UMTS standard does not restrict the functionality
of the User Equipment in any way.
• Terminals work as an air interface counter part for
Node-B and have many different types of identities.
• Most of these UMTS identity types are taken directly
from GSM specifications.
• The UE also contains a SIM card, although in the case
of UMTS it is termed a USIM (Universal Subscriber
Identity Module).
35
• This is a more advanced version of the SIM card used in
GSM and other systems, but embodies the same types of
information.
• The USIM also contains a short message storage area
that allows messages to stay with the user even when
the phone is changed.
• Similarly "phone book" numbers and call information of
the numbers of incoming and outgoing calls are stored.
36
 4/18/2021

2a.) The functions of Node-B

• International Mobile Subscriber Identity (IMSI)
• Temporary Mobile Subscriber Identity (TMSI) Basic functions of Node B are
• Packet Temporary Mobile Subscriber Identity (P-TMSI) • Air interface Transmission / Reception
• Mobile station ISDN (MSISDN) • Modulation / Demodulation
• International Mobile Station Equipment Identity • CDMA Physical Channel coding
(IMEI) • Micro Diversity
• International Mobile Station Equipment Identity and • Error Handing
Software Number (IMEISV) • Closed loop power control
• ETC

37 38

3.) Core Network

Basic functions of RNC are: • The UMTS core network architecture is a migration of
• Radio Resource Control that used for GSM with further elements overlaid to
• Admission Control enable the additional functionality demanded by UMTS.
• Channel Allocation • In view of the different ways in which data may be
• Power Control Settings carried, the UMTS core network may be split into two
• Handover Control different areas:
• Macro Diversity • Circuit switched elements: These elements are
• Ciphering primarily based on the GSM network entities and carry
• Segmentation / Reassembly data in a circuit switched manner, i.e. a permanent
• Broadcast Signalling channel for the duration of the call.
• Open Loop Power Control
39 40

• Packet switched elements: These network entities
are designed to carry packet data. This enables much
higher network usage as the capacity can be shared
and data is carried as packets which are routed
according to their destination.
• Some network elements, particularly those that are
associated with registration are shared by both
domains and operate in the same way that they did
with GSM.
41
• HSDPA provides average data throughput speeds of 550-
1100 kbps to the user.
• The delay within the network (latency) is also lower.
• HSDPA can be implemented in the standard 5 MHz
channels available for UMTS.
• HSDPA requires a software and hardware modification of
the base stations (Node B) as well as a software upgrade
of the Radio Network controller (RNC).
• The user will require a new terminal.
43
4/18/2021
High Speed Downlink Packet Access (HSDPA)
• HSDPA is an enhancement of the UMTS radio-
interface to make higher data rates possible.
• HSDPA introduces a high speed downlink shared
channel (HS-DSCH).
• This high speed channel is shared among the users.
• The "theoretical" peak data rate is in the order of 14
Mbps.
42
High Speed Uplink Packet Access (HSUPA)
• HSUPA is a 3G technology described in the UMTS
standard .
• It is an enhancement of the UMTS radio-interface to
make higher data rates possible in the uplink.
• To do so, HSUPA introduces an enhanced dedicated
channel (E-DCH).
• Among its other features, HSUPA offers improvements in
the uplink speeds of its predecessor (HSDPA), with uplink
speeds of 5.7 Mbps.
• HSUPA also supports WLAN integration.
44

High Speed Packet Access(HSPA)
• HSPA Refers to a family of WWAN mobile technologies
that provides mobile broadband access for GSM-
based devices.
• HSPA is considered a post-3G cellular technology.
• With the elements of 3G HSPA launched, further
evolutions were in the pipeline.
45
Long Term Evolution(LTE) ,(4G)
• LTE,4G, 3GPP LTE or 3G LTE (Long Term Evolution) is the
newer generation radio interface of 3GPP.
• It is the follow up and evolution of the 3GPP air interface
UMTS (evolved UTRA) and its associated radio access
network (evolved UTRAN).
• LTE offers even higher peak data rates with a reduced
latency.
• LTE will is a completely packet-optimized radio-access
technology.
47
4/18/2021
• The first of these was known as HSPA+ or Evolved
HSPA.
• The evolved HSPA or HSPA+ provides data rates up to
42 Mbps in the downlink and 11 Mbps in the uplink
(per 5MHz carrier)
• It achieves this by using high order modulation and
MIMO (multiple input, multiple output) technologies.
46
• 3GPP LTE improves spectral efficiency, allowing for a
large increase in system capacity and reduced cost per
gigabyte.
• LTE is able to offer more services with better user
experience.
• Initial deployment of LTE took place in 2009
48

The technical objectives for LTE
Include:
Significantly increased peak data rate, instantaneous data rate
of 100 Mbit/s on the downlink and 50 Mbit/s on the uplink in
a 20 MHz channel;
• Improved user throughput. the user throughput improved by
a factor of 3 and 2 for the downlink and uplink respectively;
• Improved data rate at cell edge by a factor of 2 to make
higher data rates available with wide-area coverage without
the need for additional cell sites;
49
• LTE uses Orthogonal Frequency Division Multiplexing
(OFDM) on the downlink to cope with multipath and
to allow scalable bandwidths.
• OFDM uses a large number of individual sub-carriers
with a spacing of 15 kHz.
• OFDM parameters can be adjusted in such a way that
even very large cells with a radius exceeding 120 km
can be used.
51
4/18/2021
• Improved spectrum efficiency-Efficient use of the spectrum
• Scalable bandwidth
1.25, 1.6 ,2.5, 5, 10, 15 or 20 MHz channels, dependent on
the data rate needed by the user;
• Optimized for low mobile speed but also supporting high
mobile speed
• Compatibility with earlier releases and with other systems
• LTE is a purely IP-based Technology, Adding mobility
towards RLAN and other non 3GPP air interfaces.
50
• The uplink uses only a single carrier combined with FDMA
(SC-FDMA).
• FDMA is chosen to allow for power-efficient transmission
of the user terminal.
• The bandwidth can be varied to handle the data rate
needed by the user.
• Users are separated by assigning the a unique time
interval on an assigned frequency.
• If the terminal has a limited transmission power or not
enough data to transmit also frequency separation is
used.
• LTE can utilize existing 2G and 3G spectra as well. 52
 4/18/2021

LTE channel bandwidths and characteristics

The channel bandwidths that have been chosen for LTE are:
• One of the key parameters associated with the use of
OFDM within LTE is the choice of bandwidth. 1. 1.4 MHz
• The available bandwidth influences a variety of decisions 2. 3 MHz
including the number of carriers that can be 3. 5 MHz
accommodated in the OFDM signal and in turn this 4. 10 MHz
influences elements including the symbol length and so
5. 15 MHz
forth.
6. 20 MHz
• LTE defines a number of channel bandwidths. The greater
the bandwidth, the greater the channel capacity. In addition to this the subcarriers are spaced 15 kHz apart
from each other.
53 54

55 56

57
• The term "3GPP specification" covers all GSM (including GPRS and
EDGE), W-CDMA (including HSPA) and LTE (including LTE-Advanced
and LTE-Advanced Pro) specifications, and the emerging 5G
specifications.
59
4/18/2021
• The 3rd Generation Partnership Project (3GPP) unites
[Seven] telecommunications standard development
organizations (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA,
TTC), known as “Organizational Partners” and
provides their members with a stable environment to
produce the Reports and Specifications that define
3GPP technologies.
58
• LTE-Advanced
• Author: Jeanette Wannstrom, for 3GPP,
• (Submission, June 2013)
• In LTE-Advanced focus is on higher capacity:The
driving force to further develop LTE towards LTE–
Advanced - LTE Release10 was to provide higher
bitrates in a cost efficient way and, at the same time,
completely fulfil the requirements set by ITU for IMT
Advanced, also referred to as 4G. 60

• Increased peak data rate, DL 3 Gbps, UL 1.5 Gbps
• Higher spectral efficiency, from a maximum of
16bps/Hz in R8 to 30 bps/Hz in R10
• Increased number of simultaneously active
subscribers
• Improved performance at cell edges, e.g. for DL 2x2
MIMO at least 2.40 bps/Hz/cell.
61
• Each aggregated carrier is referred to as a component
carrier. The component carrier can have a bandwidth
of 1.4, 3, 5, 10, 15 or 20 MHz and a maximum of five
component carriers can be aggregated. Hence the
maximum bandwidth is 100 MHz. The number of
aggregated carriers can be different in DL and UL,
however the number of UL component carriers is
never larger than the number of DL component
carriers. The individual component carriers can also be
of different bandwidths, see figure 1.
63
4/18/2021
• The main new functionalities introduced in LTE-
Advanced are Carrier Aggregation (CA), enhanced use
of multi-antenna techniques and support for Relay
Nodes (RN).
• Carrier Aggregation
• The most straightforward way to increase capacity is
to add more bandwidth. Since it is important to keep
backward compatibility with R8 and R9 mobiles the
increase in bandwidth in LTE-Advanced is provided
through aggregation of R8/R9 carriers. Carrier
aggregation can be used for both FDD and TDD.
62
• MSISDN (pronounced as /'em es ai es di en/ or misden) is a
number uniquely identifying a subscription in a GSM or a UMTS
mobile network. ... The MSISDN together with IMSI are two
important numbers used for identifying a mobile subscriber.
• It is the telephone number of the Subscriber Identity Module
(SIM) card displayed on mobile or cellular phones
• TMSI. The Temporary Mobile Subscriber Identity (TMSI) is a
temporary identification number that is used in the GSM network
instead of the IMSI to ensure the privacy of the mobile subscriber.
The TMSI prohibits tracing of the identity of a mobile subscriber
by interception of the traffic on the radio link.
64
 4/18/2021

• The IMEI is a 15 digit number composed of several

• Packet Temporary Mobile Subscriber Identity (P-
TMSI) Is a temporary identity issued to a GPRS
enabled mobile device to track its location within in a
GSM or a UMTS network, and is unique within a given
Routing Area (RA). ... The P-TMSI is used by the GPRS
network to page the specified mobile device.
65
subsections: Type Allocation Code (TAC), Serial Number(SN)
and a Check-Digit(CD). Since 2004 however IMEI Software
Version numbers or IMEISV are being used to assist with a
carrier’s identification of the software version running on the
device. This feature can assist with upgrades, notification to
users and maintenance of the user device by the carrier. This
number is composed of the TAC, SN and SV for a total of 16
digits (sometimes 17). The check digit is generally dropped
from the IMEISV. The check digit can be calculated, if
missing, by dropping the SV digits and using Luhns Algorithm
against the remaining digits starting at the right most digit.
The layout of both the IMEI and IMEISV is described below. 66

For both the IMEI AND IMEISV The most important numbers
are the first 8 and the next 6 (TAC and Serial Number). The
• T = TAC digit numbers following will either be the check digit (with a 0 filler
• N = Serial Number digit to reach 15 digits) or the software version composed of two
• C = Check Digit digits. What should also be known is that the two software
• S = Software Version digit digits can change over time based upon an update to the
• IMEI = TTTTTTTT-NNNNNN-C device’s software. With today’s devices this can be a frequent
• IMEISV = TTTTTTTT=NNNNNN-SS occurrence!

67 68
 4/18/2021

• With Android devices pressing the common *#06# will

• Difference between Open Loop Power Control vs Closed Loop Power Control

• Cellular system basically composed of two main entities viz. Base Station (BS) and Mobile subscriber Station (MSS). Base Station serves more than one mobile subscribers(MSs) in its coverage area. Power control is very

list the IMEISV in the form of 17 digits (TTTTTTTT-

essential in cellular communication system due to following features.

NNNNNN-C / SS) whereas iOS devices will simply

• • To maintain Signal to Noise Ratio at the receiving end of a communication link for effective communication. It is required to increase the transmit power in the conditions when it goes down below the noise power
level. This is due to transmitted power will get attenuated due to path loss as well as other factors on the path from transmitter to the receiver.
• • It is often required to reduce the transmit power to minimize the co-channel interference. Refer RF interference to understand the co-channel and other RF interference types.

display the common 15 (TTTTTTTT-NNNNNN-C).

• • As BS in CDMA and other cellular systems receive transmissions from different mobile subscribers, it is required to equalize the power level from these subscribers.

However, both CDR data from carriers and mobile

• There are two main types of power controls viz. open loop and closed loop. Let us examine the difference between Open Loop Power Control vs Closed Loop Power Control used in the cellular system.
• Open Loop Power Control
• Open Loop Power Control

forensic software often only list the standard IMEI • In the Open Loop Power Control, there is no feedback either from mobile to BS or from BS to mobile. Let us take example of CDMA system wherein there is dedicated pilot channel provided for channel estimation. It is

number while others list the IMEISV. At times some

transmitted by the base station to all the subscribers. The mobile unit receives the pilot channel and estimates the power strength. Based on this estimate, the mobile unit adjusts the transmit power accordingly.
During this open loop control, it is assumed that both forward link (from BS to MS) and reverse link (from MS to BS) are correlated.

• Closed Loop Power Control

mobile forensic software lists both!

• Closed Loop Power Control

• In the Closed Loop Power Control, feedback is used for adjusting the transmit power level. Let us see how this is done in the forward link. BS receives the mobile signal. Based on this received power level as well as
other parameters such as SNR and BER, Base station determines what is the optimum power level mobile need to transmit to achieve effective communication link performance. This estimated power level is
communicated to the mobile by the BS over control channel. Mobile adjusts the power level accordingly using the feedback provided by the BS.

69 70