Professional Documents
Culture Documents
INTRODUCTION
1.1 COMMUNICATION
Four elements of Communication are : Source Destination Media Message
2. GSM ARCHITECTURE
The Global System for Mobile communications is a digital cellular communications system. It was developed in order to create a common European mobile telephone standard but it has been rapidly accepted worldwide. GSM was designed to be compatible with ISDN services.
The standardized GSM system had to meet certain criteria:
Spectrum efficiency International roaming Low mobile and base stations costs Good subjective voice quality Compatibility with other systems such as ISDN (Integrated Services Digital Network) Ability to support new services
EGSM 900
PCS 1900
The SIM is a smart card that identifies the mobile. Only by inserting it, the user can have access to all the subscribed services. The SIM card is protected by a four-digit
Personal Identification Number(PIN) in order to identify the subscriber to the system.
Mobile Switching Center(MSC) : It is the central component of the NSS. The MSC performs the switching functions of the network. It also provides connection to other networks. Gateway Mobile Switching Center(GMSC) : A gateway is a node interconnecting two networks. The GMSC is the interface between the mobile cellular network and the PSTN. It is in charge of routing calls from the fixed network towards a GSM user. The GMSC is often implemented in the same machines as the MSC
Home Location Register(HLR) : The HLR is considered as a very important database that stores information of the subscribers belonging to the covering area of a MSC. It also stores the current location of these subscribers and the services to which they have access. The location of the subscriber corresponds to the SS7 address of the Visitor Location Register (VLR) associated to the terminal.
Visitor Location Register(VLR) : The VLR contains information from a subscriber's HLR necessary in order to provide the subscribed services to visiting users. When a subscriber enters the covering area of a new MSC, the VLR associated to this MSC will request information about the new subscriber to its corresponding HLR. Authentication Center(AuC) : The AuC register is used for security purposes. It provides the parameters needed for authentication and encryption functions. Equipment Identity Register(EIR) : The EIR is also used for security purposes. It is a register containing information about the mobile equipments. The EIR allows then to forbid calls from stolen or unauthorized terminals.
The physical channel is the medium over which the information is carried. In TDMA, time is divided into discrete periods called timeslots and these timeslots represent physical channels. The timeslots are arranged in sequence and are conventionally numbered 0 to 7. Each repetition of this sequence is called a TDMA frame. 2.3.2 LOGICAL CHANNELS:Logical Channels are transmitted via Physical Channel onto which they are mapped. There are 12 types of logical channels in the GSM system. 2 are used for traffic, 9 for control signaling and 1 for message distributing.
2.3.3 TRAFFIC CHANNEL:There are 2 types of traffic channels:Full Rate Channel used for full rate speech at 13 kbps or data upto 14.4 kbps. Half Rate Channel used for half rate speech at 6.5 kbps or data upto 4.8 kbps. 2.3.4 CONTROL CHANNEL:There are 3 different groups of control channels with each group containing 3 different logical channels. BROADCAST CHANNELS (BCH): The BCCH is transmitted by the BTS at all times. The information carried on the BCCH is monitored by the MS periodically when it is switched on and not in a call. BCCH carries the following information: Location Area Identity (LAI). List of neighbouring cells which should be monitored by the MS. List of frequencies used in the cell. Power Control Indicator. The MS will monitor BCCH information from surrounding cells and store the information from the best six cells.
1. Frequency Correction Channel (FCCH) This is transmitted frequently on the BCCH timeslot and allows the mobile to synchronize its own frequency to that of the transmitting base site. 2. Synchronization Channel (SCH) The SCH carries the information to enable the MS to synchronize to the TDMA frame structure and know the timing of the individual timeslots.
COMMON CONTROL CHANNELS (CCCH): 1. Paging Channel (PCH) used on the DL to page the MS. 2. Random Access Channel (RACH) used by the mobile on the UL when it requires to gain access to the system. This occurs when the mobile initiates a call or responds to a page. 3. Access Grant Control Channel (AGCH) used by the BTS on the DL to assign a dedicated control channel to a mobile in response to an access message. The mobile will move to the dedicated channel in order to proceed with either a call setup, response to a paging message, Location Area Update or Short Message Service.
DEDICATED CONTROL CHANNELS (DCCH) : 1) Standalone Dedicated Control Channel (SDCCH) used for system signalling during call set up or registration and the transmission of short text messages in the idle mode( both UL and DL). 2) Slow Associated Control Channel (SACCH) Measurement reports from the MS to the BTS are sent on the uplink through this channel. On the downlink the MS receives information from BTS what transmitting power to use and also instructions on Timing Advance. 3) Fast Associated Control Channel (FACCH) 20 ms of speech is replaced by a control message. FACCH is used to carry out user authentication, handovers and immediate assignment.
2.4 HANDOVERS
The user movements can produce the need to change the channel or cell, especially when the quality of the communication is decreasing. This procedure of changing the resources is called handover. Four different types of handovers can be distinguished:
Handover of channels in the same cell. Handover of cells controlled by the same BSC. Handover of cells belonging to the same MSC but controlled by different BSCs. Handover of cells controlled by different MSCs.
Handovers are mainly controlled by the MSC. However in order to avoid unnecessary signaling information, the first two types of handovers are managed by the concerned BSC (in this case, the MSC is only notified of the handover).
3. MOBILITY MANAGEMENT
The MM function is in charge of all the aspects related with the mobility of the user, specially the location management and the authentication and security.
ii. iii.
iv.
Every radio transmitter in the PLMN broadcasts, via a control channel, a Location Area Identity (LAI) code to identify the location area that it serves. This LAI code is stored in the Subscriber Identity Module (SIM) of the mobile equipment. It has three components : Mobile Country Code(MCC) : A 3-digit code that uniquely identifies the country of domicile of the mobile subscriber. Mobile Network Code(MNC) : A 2-digit code that identifies the home GSM PLMN of the mobile subsctiber. Location Area Code(LAC) : It identifies a location within the PLMN.
Mobile Station ISDN Number (MSISDN) : The real telephone number of a mobile station is the Mobile Subscriber ISDN Number.
MCC-3 digits NDC-3 digits SN-max 10 digits
o Mobile Subscriber Roaming Number (MSRN) : The MSRN is the number required by the gateway MSC to route an incoming call to a MS that is not currently under the gateways control. o International Mobile Subscriber Identity (IMSI) : When registering for service with a mobile network operator, each subscriber receives a unique identifier, the IMSI. This IMSI is stored in the SIM.
MCC-3 digits MNC-2 digits MSIN-max 10 digits
Temporary Mobile Subscriber Identity (TMSI) : The VLR being responsible for the current location of a subscriber can assign a Temporary Mobile Subscriber Identity (TMSI), which has only local significance, in the area handled by the VLR. It is used in place of IMSI for the definite identification and addressing of the MS.
o International Mobile Station Equipment Identity(IMEI) : It uniquely identifies mobile stations internationally. TAC-6 digits FAC-2 SNR-7 digits SP-1
*TAC-Type Approval Code, FAC-Final Assembly Code, SNR-Serial Number, SP-Spare Digit
2.
3.
4.
5.
3.6 AUTHENTICATION
Since the air interface is vulnerable to fraudulent access, it is necessary to determine if the IMSI received from the MS is from the SIM that was assigned this IMSI. To prevent access of unregistered users, authentication of subscribers is used. Authentication is built around the notion and Authentication Key (Ki) that resides in only two places: in an Authentication Center (AUC) and in the users SIM card. Since the authentication key, Ki, is (or should) never be transmitted, in is virtually impossible for un-authorized individuals to obtain this key to impersonate a given mobile subscriber. The three Authentication parameters are : RAND, which is completely random number SRES, which is an authentication signed response. It is generated by applying the authentication algorithm (A3) to RAND and Ki.
Kc, which is a cipher key. The Kc parameter is generated by applying the cipher key generation algorithm (A8) to RAND and Ki. These parameters (named an authentication triplet) are generated the AUC at the request of the HLR to which the subscriber belongs. The algorithms A3 and A8 are defined by the PLMN operator and are executed by the SIM.
HLR
Get authentication parameters (IMSI) Authentication parameters (SRES, Kc, RAND) Request for service
(4) SDCCH
1) The new VLR sends a request to the HLR/AUC (Authentication and Kc) requesting the authentication triplets (RAND, SRES, and Kc) available for the specified IMSI. 2) The AUC, using the IMSI, extracts the subscribers authentication key (Ki). The AUC then generates a random number (RAND), applies the Ki and RAND to both the authentication algorithm (A3) and the cipher key generation algorithm (A8) to produce an authentication Signed Response (SRES) and a Cipher Key (Kc). The AUC then returns to the new VLR an authentication triplet: RAND, SRES, and Kc. 3) The MSC/VLR keeps the two parameters Kc and SRES for later use and then sends a message to the MS. The MS reads its Ki from the SIM, applies the RAND and Ki to both A3 and A8 to produce SRES and Kc. The MS saves Kc for later, and will use Kc when it receives command to cipher the channel. 4) The MS returns the generated SRES to the MSC/VLR. The VLR compares the SRES returned from the MS with the expected SRES received earlier from the AUC. If equal, the mobile passes authentication. If unequal, all signalling activities will be aborted. In this scenario, well assume that authentication passes.
(1)
(2)
Cipher - uplink - channel SDCCH Uplink - channel-Ciphered SDCCH BSS Cipher the downlink channel
(3)
(4)
Ciphering completed
1) The new MSC/VLR requests the BSS to cipher the radio channel. Included in this message is the Cipher Key (Kc), which was made available earlier during the authentication. 2) The BSS retrieves the cipher key, Kc, from the message and then transmits a request to the MS requesting it to begin ciphering the uplink channel. 3) The MS uses the cipher key generated previously when it was confirmation over the ciphered channel to the BSS. 4) The BSS upon ciphering the downlink channel sends a cipher complete message to the MSC.
HLR
(1)
Authentication Ciphering
(2)
(3)
Location Updated
1) The new VLR sends a message to the HLR informing it that the given IMSI has changed locations an can be reached by routing all incoming calls to the VLR address included in the message 2) The HLR requests the old VLR to remove the subscriber record associated with the given IMSI. The request is acknowledge. 3) The HLR updates the new VLR with subscriber data (mobiles subscribers customer profile).
The steps in equipment validation are as follows: 1. MSC request MS to send IMEI. 2. MS send IMEI. 3. MSC request EIR to Check IMEI. EIR check that IMEI is within valid range and valid equipment. 4. EIR returns the results to MSC if results are negative then MSC drop the call. If call continues, then MSC inform the N/W of the event.
HLR
(1) (2)
Location Update Accept (TMSI) SDCCH Location Update Complete SDCCH Clear Signalling connection Clear Complete Release radio Signaling Channel SDCCH
(3)
(4)
1) The MSC forwards the location update accept message to the MS. This message includes the new TMSI. 2) The MS retrieves the new TMSI value from the message and updates its SIM with this new value. The mobile sends then an update complete message back to the MSC. 3) The MSC requests from the BSS that the signalling connection be released between the MSC and the MS. The MSC releases its portion of the signalling connection when it receives the clear complete message from the BSS. 4) The BSS sends a radio resource channel release message to the MS and then frees up the Stand-alone Dedicated Control Channel (SDCCH) that was allocated previously. The BSS then informs the MSC that the signalling connections have been cleared.
4. CALL PROCESSING
4.1 MOBILE TO LAND CALL SCENARIO
The following table lists the phases of a mobile-to-land call. Stage Description 1 Request for service, the MS request to setup a call. 2 Authentication; the MSC/ VLR request the AUC for authentication parameters. Using these parameters the MS is authenticated. 3 Ciphering: Using the parameters that were made available earlier during the authentication the uplink and the downlink are ciphered. 4 Equipment Validation: the MSC/VLR requests the EIR to check the IMEI for validity. 5 Call Setup; the MSC established a connection to the MS. 6 Handovers 7 Call release, the speech path is released. The figure shows the different steps in a Mobile-to-Call scenario:
There are 2 steps in setting a call - Setting of a voice path between MS & MSC by allocating a radio traffic channel & a voice Trunk - Setting a voice path between MSC & PSTN. 6. MS send a call setup request to MSC. It included dialed digit 7 MSC request VLR to supply subs parameters. Requested message contain digit dialed (DD) and service indication (SI). 8. VLR will check for call barring etc. VLR will supply subs data for call processing. 9 MSC will inform MS that call is proceeding.
10. MSC allocates a trunk to BSS for serving MS and request the BSS (TN) to allocate a radio channel (TCH) for MS. 11. BSS allocate Radio channel on SDCCH. 12. MS tunes TCH and send acknowledgement to BSS. 13. BSS connects the radio channel to assigned trunk of MSC, BSS deallocates the SDCCH, BSS send trunk & radio assignment message to MSC.
CALL SETUP WITH LAND N/W - A path has been established between MS & MSC now a path will be established from MSC to PSTN. 14. MSC sends a N/W setup message to PSTN. In message are dialed digit and details of Trunk to be used for call. 15. PSTN informs MSC with networking alerting message. MS will hear ringing tone from PSTN. 16. MSC informs MS that the destination number is being alerted. 17. When B. party go off-hook, PSTN will inform the MSC of this event. Billing start, MS is connected to the destination party. 18. MSC informs the MS that the connection has been established. 19. MS acknowledges the receipt of the connect message.
RELEASE OF CALL 20. MS initiate the release of call by pressing end button. MS will send the Disconnect message to MSC. 21. MSC send Release message to PSTN End to END connection is terminated. 22. MSC send Release message to MS. 23. MS send Release Complete message. 24. Voice Trunk between MSC & BSS is released. 25. The Traffic channel is cleared. 26. The Release of the Resources is completed.
ROUTING ANALYSIS Assume that MS is already registered and allocated TMSI and MS in his home system 1. PSTN subscriber dials MS ISDN. 2. GMSC request HLR to provide routing information about this MS. 3. HLR provides MSRN to GMSC, if MS is roaming is its home MSC area then MSRN = MS ISDN, if roaming in different MSC area then MS ISDN & MSRN are different. Assume that MS roaming in Home MSC area. 4. MSC informs VLR for a call to MS, In the message is MSRN. 5. VLR responds to MSC by LAI & TMSI.
PAGING 6. MSC used LAI given by VLR to determine which BSS should page, included in the message is the TMSI. 7. BSS broadcast TMSI, of MS in paging channel (PCH). 8. MS detects TMSI, or IMSI on paging channel MS asks channel request on RACH. 9. BSS allocates SDCCH on AGCH. Now onwards MS communicate as SDCCH till MS gets a TCH. 10. MS responds paging on SDCCH, in the message MS sends TMSI, LAI. 11. BSS send this message to MSC.
Authentication Ciphering, Equipment validation are done in same manner as in Mobile to Land call. In the case, the MS is visiting a new MSC area, the authentication and Equipment Validation are performed as follows. The Visited VLR request the authentication parameters from the Home AUC through the Network connecting the two MSCs and then through the HOME HLR. - The Equipment Validation phase involves the visited MSC & the HOME EIR. There are again two steps in setting up a voice path for a call from a mobile to a PSTN subscriber. - The call setup with the mobile:- A voice path is created between MS & MSC by allocating a TCH and a voice trunk. - The call setup with the land N/W:- Where a voice path is established between the MSC & a PSTN N/W
13. MSC informs MS that a call can be setup. 14. MS perform compatibility check, it acknowledges the call setup message confirm. 15. MSC selects a trunk to BSS and request BSS to allot a radio channel (TCH). 16. BSS allot TCH and transmits an Assignment command over SDCCH to MS. 17. MS tunes to TCH and transmits an assignment complete message back to BSS. MS user phone rings. MS do not use SDCCH after it gets TCH. 18. BSS on receiving assignment complete message connects the TCH to Trunk. SDCCH is free now and send Assignment Complete Message to MSC.
19. MS got TCH, MS begin alerting the user after if receives a TCH. An alerting message is sent to MSC. 20. MSC on getting alerting indication from MS will generate ringing to calling party and sends a N/W alerting to PSTN. 21. Mobile subscriber answers, MS stops alerting and send connect message to MSC. 22. MSC removes audible tone to PSTN, and connects PSTN trunk to BSS trunk and send connect message to PSTN, Billing start. 23. MSC send a connection acknowledge to MS.
RELEASE 24. MSC receives a Release message from the N/W to terminate the end to end connection. 25. MSC send disconnect message to MS. 26. MS send Release to MSC 27. MSC send Release complete to MS. 28. Voice trunk between MSC & BSS in cleared. 29. The Traffic channel is released. 30. The recourses are completely released.
IF MS ROAMING IN ANOTHER MSC AREA 1. The call is routed from home MSC to the visited MSC and MSRN is transmitted then to the VLR 2. The VLR sends a message to the visited MSC asking it to perform paging by passing to it the new LAI & TMSI of the MS.
Each of the functional program modules is termed as a user part. The rules (protocol) dictate the sequence in which things must be done. To show this graphically, a convention has been adopted for the drawing. In this drawing, the functional modules that deal with a message just about to be transmitted over the links (or one just received from the links) are shown at the bottom. Other modules are shown stacked above in the sequence in which their functions are performed. The resulting picture is commonly called a stack. A typical SS7 stack is shown below.
TRANSACTION CAPABILITIES APPLICATION PART SIGNALLING CONNECTION CONTROL PART INTEGRATED TELEPHONE SERVICES SERVICES USER PART DIGITAL NETWORK USER PART
5.2.1 ISUP MESSAGE TYPES Initial Address Message (IAM): It is sent in the forward direction by each switch in
the circuit between the calling party and the destination switch of the called party. An IAM carried the called partys number in the mandatory variable part and may contain the caller partys name and number in the optional part. Address Complete Message (ACM): It is sent in the backward direction to indicate the remote end of the trunk circuit has been reserved. The originating switch responds to an ACM message by connecting the calling partys line to the trunk to complete the voice circuit between the calling party and the called party. Release Message (REL): It is sent in either direction to indicate the call is being released to a specified cause indicator. The call is released when either the calling party or the called party hangs up the phone. Release Complete Message (RLC): It is sent in the opposite direction of the REL to acknowledge the release of the remote end of a trunk circuit and to end the billing cycle.
6. INTELLIGENT NETWORK
In an intelligent network (IN), control of call processing is moved out from the switch and into the network. The idea is to give service providers the ability to develop new services quickly, independently, and inexpensively; a capability they do not have when new services are implemented on network switches. An Intelligent Network is a service independent tele-communications network. That is, intelligence is taken out of the switch and placed in computer nodes that are distributed throughout the network. This provides the network operator with the means to control and develop services more effectively. New capabilities can be rapidly introduced into the network. Once introduced, services are easily customized to meet the individual customers needs.
6.1 IN OBJECTIVES
1. Speed in service development, offering new services quickly. 2. Reduce service management costs through standardisation. 3. Use in multi-vendor environments, common signalling standards.
6.3 IN ELEMENTS
Service Switching Points (SSP) Service Control Points (SCP) Intelligent Peripherals (IP) Service Management Systems (SMS)
Use of SCP for centralised services: -Calling card services -800 service
SCP
STP
SWITCHING SYSTEM
The Service Switching Points sends the request to the Service Control Points (SCP), which controls any further treatment of call. It passes call control from the exchange to the SCP and then relays instructions from the SCP back to the exchange.
At IN service invocation, the SSF copies information from the access protocol (e.g. ISUP or DTAP) onto the INAP message that is used to invoke the IN service. When the SSF receives instruction from SCP, it copies information received from the SCP on to the call control protocol.
The transaction capability (TC) messages are TC Begin, TC Continue, TC End. The IN service is started by the SSF by sending the initial DP operation to the SCF. The IN service responds by sending the continue operation, which instructs the SSF to continue call establishment. In the pre-arranged end example, the SCF does not explicitly close the IN dialogue. However, since the SCF did not arm any of the DPs in the BCSM, there will not be any further communication between SSF and SCF through this IN dialogue. The SSF and SCF therefore decide to close the IN dialogue. In the basic end example, the SCF instructs the SSF to continue call establishment and at the same time instructs the SSF to close the IN dialogue.
When the BCSM transits to a DP that is armed as EDP-R, the SSF automatically disarms that DP. The control relationship between the SSF and SCF remains at least until the end of the processing of this DP.