Professional Documents
Culture Documents
GSM Mob MGMT
GSM Mob MGMT
2
GSM network layout
PSTN
ISDN
OMC
BSC
MSC GMSC
E
Abis
BTS BSC A B,C
HLR
EIR
BTS VLR
BTS Um AUC
3
GSM MAP protocol
4
What is a location area (LA)?
5
Addresses and Identifiers
• International Mobile Station Equipment Identity (IMEI)
– It is similar to a serial number. It is allocated by equipment
manufacturer, registered by network, and stored in EIR
• International Mobile Subscriber Identity (IMSI)
CC NDC SN
8
Addresses and identifiers
9
TMSI, IMSI, MSRN and MSISDN
10
Addresses and Identifiers
CC MNC LAC
11
Location management
12
Ways to obtain MSRN
1. Obtaining at location update – MSRN for the MS
is assigned at the time of each location update,
and is stored in the HLR. This way the HLR is in
a position to immediately supply the routing info
(MSRN) needed to switch a call through to the
local MSC.
2. Obtaining on a per call basis – This case requires
that the HLR has at least an identification for
the currently responsible VLR. When routing
info is requested from the HLR, it first has to
obtain the MSRN from the VLR. This MSRN is
assigned on a per call basis, i.e. each call involves
a new MSRN assignment
13
Routing information: case when MSRN
is selected per call by VLR/MSC
IM
N
ISD
MS
SI
RN
MS
RN
MS
MSISDN
MSRN
GMSC MSC/VLR
GMSC ISDN
LA 1 4 1
MSRN
2
3
MSISDN
BSC MSRN MSC
BTS MSC HLR
7
TMSI
5
7
MSRN
TMSI
LA 2
BSC
EIR
BTS
8 7
TMSI TMSI
VLR
AUC
6
MS BTS
TMSI 15
Messages exchanged: call delivery
1 GMSC 5 4
PSTN
2 HLR 3 VLR
6
Target
MSC
Target
VLR MSC
GMSC HLR
Originating
1. ISUP IAM
Switch 2. MAP_SEND_ROUTING_INFO
3. MAP_PROVIDE_ROAMING_NUMBER
4. MAP_PROVIDE_ROAMING_NUMBER_ack
5. MAP_SEND_ROUTING_INFO_ack
6. ISUP IAM
16
Find operation in GSM
• ISDN switch recognizes from the MSISDN that the
call subscriber is a mobile subscriber. Therefore,
forward the call to the GMSC of the home PLMN
(Public Land Mobile Network)
• GMSC requests the current routing address (MSRN)
from the HLR using MAP
• By way of MSRN the call is forwarded to the local
MSC
• Local MSC determines the TMSI of the MS (by
querying VLR) and initiates the paging procedure in
the relevant LA
• After MS responds to the page the connection can
be switched through.
17
GSM security
• Authentication
• What signed response (SRES) are you able to
derive from the input challenge RAND by
applying the A3 algorithm with your personal
key Ki (Ki is per subscriber)?
A3 algorithm A3 algorithm
A5 algorithm A5 algorithm
20
Location registration
• MS has to register with the PLMN to get communication services
• Registration is required for a change of PLMN
• MS has to report to current PLMN with its IMSI and receive new
TMSI by executing Location Registration process.
• The TMSI is stored in SIM, so that even after power on or off,
there is only normal Location Update.
• If the MS recognizes by reading the LAI broadcast on BCCH that
it is in new LA, it performs Location Update to update the HLR
records.
• Location update procedure could also be performed periodically,
independent of the MS movement.
• The difference in Location Registration and Location Update is
that in location update the MS has already been assigned a TMSI.
21
MS BSS/MSC VLR HLR AUC
Location registration
IMSI Ki
Loc.Upd.Req
Upd Loc.Area Auth.Info.Req
(IMSI,LAI) Aut.Par.Req
(IMSI,LAI) (IMSI)
(IMSI)
Authenticate Aut. Info.
Auth.Info
Authentic. Req (IMSI,Kc, (IMSI,Kc,
(RAND) RAND,SRES)
(RAND) RAND,SRES)
Ki RAND
SRES
A3 & A8
Kc SRES
Auth.Resp. Auth.Resp
(SRES) =
(SRES) Update
Location
(IMSI,MSRN)
Generate Contd...
TMSI 22
(…contd) Location registration.
Kc(M) Kc Kc(M)
New TMSI is received by MS
A5 (TMSI Reallocation) in ciphering mode.
M
TMSI Realloc.Cmd.
Authentication
Update Location
(IMSI,MSRN)
Generate
TMSI
24
(..contd) Location update.
Start ciphering.
(TMSI)
Loc. Upd. Acept
(IMSI)
Loc. Upd. Acept
26
Attributes of radio-link handover
• Hard handover
• MAHO
• Backward
• COS selection scheme: static
– Cross-over switch: anchor switch
27
Handover (MAHO)
28
Handover procedures in GSM
8
Connection route
MSC-A MSC-B
MSC-C
1
6 8
BSC
4 3
BTS 1 BSC
BSC
BTS 2
2
BTS 3
BTS 3
5 7 29
Inter MSC basic handover
MS/BSS 1 MSC-A MSC-B VLR-B
Handover required Perform Handover Allocate Handover number
Handover report
Radio chan. Ack
IAM MS/BSS 2
ACM
HA Indication HB Indication
HB Confirm
Send End Signal
ANS
RLC
End Signal Handover report
30
Subsequent handover from MSC-B to MSC-A
MS/BSS 1 MSC-A MSC-B MS/BSS 2
HA Required
Perform subsequent
Handover
Subseq. Handover
HB Indication
Acknowledge
HB Confirm
HA Indication
End Signal VLR-B
Handover report
End of Call REL
RLC
31
Subsequent handover from MSC-B to MSC-C
MSC-A MSC-B MS
Handover
MSC-C VLR-C
Perform Handover
Allocate Handover
Number
IAM
ACM
HB Indication
(Contd…)
32
(…contd) Subsequent handover from MSC-B to MSC-C
MSC-A MSC-B MS
Perform subsequent
HA Indication
Acknowledge
MSC-C
HB Confirm
Send End Signal
ANS
MSC-B VLR-B
End Signal
Handoff Report
REL
RLC
33
Abbreviations
• ISC: International switching center
• OMC: Operations and maintenance center
• GMSC: Gateway switching center
• MSC: Mobile switching center
• VLR: Visitor location register
• HLR: Home Location register
• EIR: Equipment Identification register
• AUC: Authentication center
• BSC: Base station controller
• BTS: Base transceiver station
• MS: Mobile subscriber
• TMSI: Temporary Mobile Subscriber Identity
• IMSI: International Mobile Subscriber Identity
34
References
35