Professional Documents
Culture Documents
Communication Systems 10: Chair of Communication Systems Department of Applied Sciences University of Freiburg 2006
Communication Systems 10: Chair of Communication Systems Department of Applied Sciences University of Freiburg 2006
Systems
10th lecture
1 | 49
Communication Systems
Last lecture digital telephony networks
2 | 49
Communication Systems
Last lecture introduction to mobile telephony networks
3 | 49
Communication Systems
Plan for this lecture
GSM interfaces
Radio interface Um
Control channels
Call setup
security issues
4 | 49
Communication Systems
Last lecture first introduction to GSM structure
5 | 49
Communication Systems
GSM interfaces and components
6 | 49
Communication Systems
GSM interfaces and components
7 | 49
Communication Systems
GSM interfaces and components
8 | 49
Communication Systems
GSM interfaces and components
9 | 49
Communication Systems
GSM network components
10 | 49
Communication Systems
GSM components network operation, MSC
11 | 49
Communication Systems
GSM components - MSC
12 | 49
Communication Systems
GSM components visitor location register (VLR)
13 | 49
Communication Systems
GSM components visitor location register (VLR)
14 | 49
Communication Systems
GSM components home location register (HLR)
15 | 49
Communication Systems
GSM components authentication center (AUC)
16 | 49
Communication Systems
GSM components mobile stations (MS)
17 | 49
Communication Systems
GSM components mobile stations (MS)
Implementations
Early devices were single band for GSM900 or DCS1800 or
PCS1900
Today mostly so called multiband phones are sold (allow
communication in two or all three GSM bands)
Newest devices are multimode which could handle both GSM
and UMTS (and several data standards like GPRS)
18 | 49
Communication Systems
GSM components mobile stations (SIM)
19 | 49
Communication Systems
GSM components mobile stations (SIM)
21 | 49
Communication Systems
GSM components - radio subsystem (BTS)
22 | 49
Communication Systems
GSM components - radio subsystem (BSC)
Functions of a BSC
One BSC may control up to
40 BTS (kept in database)
switch calls from MSC to
correct BTS and conversely
Protocol and coding
conversion for traffic (voice)
& signaling (GSM-specific to
ISDN-specific)
Manage mobility of MS
(handover between different
BTS)
Enforce power control
23 | 49
Communication Systems
GSM the radio interface Um
Lets start with the physical layer of the beloved OSI model
Um defines the communication of MS with the GSM
infrastructure
24 | 49
Communication Systems
GSM Um: FDM & TDM
25 | 49
Communication Systems
GSM Um: FDM & TDM
8 periodic time slots - 0,577ms each
TDM frame composed of 8 timeslots equals to 4,615ms
Every time slot a so called burst - succession of 148bit is
transmitted
Between the bursts a security buffer of 8,25bit/burst is put in
between
26 | 49
Communication Systems
GSM Um: FDM & TDM
Through FDM/TDM
hybrid in GSM 992
channels available
In DCS1800 more
channels: 75MHz
band split into
200kHz channels
allows a total of
374 carriers
27 | 49
Communication Systems
GSM Um: burst types / dummy burst
28 | 49
Communication Systems
GSM Um: fequency hopping
Not all channels in a given cell are of equal quality and multi
path reception / adjacent channels may disrupt
communication
29 | 49
Communication Systems
GSM Um: GMSK modulation
30 | 49
Communication Systems
GSM the Um logical layer
The traffic channels carry the user data (voice, SMS, fax, ...)
Full rate channel: Bm 22,8kbit/s (TCH/F)
Half rate channel: Lm 13,4kbit/s (TCH/H)
31 | 49
Communication Systems
GSM control channels
32 | 49
Communication Systems
GSM control channels: FCCH, SCH
33 | 49
Communication Systems
GSM control channels: BCCH
BCCH provides:
Details of the control channel configuration
Parameters to be used in the cell
Random access backoff values
Maximum power an MS may access
(MS_TXPWR_MAX_CCCH)
34 | 49
Communication Systems
GSM control channels: BCCH
BCCH provides:
Minimum received power at MS (RXLEV_ACCESS_MIN)
Is cell allowed? (CELL_BAR_ACCESS)
List of carriers used in the cell
Needed if frequency hopping is applied
List of BCCH carriers and BSIC of neighboring cells
35 | 49
Communication Systems
GSM control channels
36 | 49
Communication Systems
GSM the Um logical layer
42 | 49
Communication Systems
GSM call setup network originated call
43 | 49
Communication Systems
GSM call setup mobile originated call
44 | 49
Communication Systems
GSM Authentication, Authorisation, Access
45 | 49
Communication Systems
GSM Authentication, Authorisation, Access
46 | 49
Communication Systems
GSM Authentication, Authorisation, Access
Sequence of authorization and generation of shared keys for
encryption
1. The network sends an authentication request message to MS, conveying a 128-bit
random number (RAND).
2. MS uses the RAND, the secret key Ki (stored at SIM), and the encryption algorithm
A3, to compute a 32-bit number as a signed response (SRES).
3. MS computes the 64-bit ciphering key Kc using encryption algorithm A8, which will
be later used in the ciphering procedure.
4. MS responses with an authentication response message containing SRES.
5. The netwotk uses same parameters and algorithm to computer another SRES.
6. MS SRES and the network SRES are compared with each other. If mactch, the
network accepts the user as an authorized subscriber. Otherwise, authentication is
rejected.
7. After authentication has been successful, the network transmits a ciphering mode
message to MS indicating whether encryption is to be applied.
8. In case ciphering is to be performed, the secret key Kc and encryption algorithm A5
are used for ciphering.
47 | 49
Communication Systems
GSM stream encryption
48 | 49
Communication Systems
GSM literature
Some of the pictures are taken from text books or online sources
http://www.ks.uni-freiburg.de/download/papers/telsemWS05/G2-
GSM/HA_GSM2_Mohry_1.pdf
http://www.ks.uni-freiburg.de/download/papers/telsemWS05/GSM-
UMTS/ausarbeitungCarkciQiang.pdf
49 | 49