Professional Documents
Culture Documents
CSE 062
Unit 2
Syllabus
• They are consistent with the world-wide digitization of the telephone network, and are an extension of the
Integrated Services Digital Network (ISDN)
• Uses a digital radio interface between the cellular network and the mobile subscriber equipment.
CELLULAR TELEPHONY
• A cellular telephone system links mobile subscribers into the public telephone system.
• Information between the mobile unit and the cellular network uses radio communication. Hence the
subscriber is able to move around and become fully mobile.
• The service area in which mobile communication is to be provided is divided into regions called cells.
• Each cell has the equipment to transmit and receive calls from any subscriber located within the
borders of its radio coverage area.
Radio
Cell
Mobile subscriber
GSM FREQUENCIES
• GSM systems use radio frequencies between 890-915 MHz for receiving and between 935-
960 MHz for transmitting.
• RF carriers are spaced every 200 kHz, allowing a total of 124 carriers for use.
• An RF carrier is a pair of radio frequencies, one used in each direction.
• Transmit and receive frequencies are always separated by 45 MHz.
1. Increased Capacity
• The GSM system provides a greater subscriber capacity than analogue systems.
• GSM allows 25 kHz per user, that is, eight conversations per 200 kHz channel pair (a pair
comprising one transmit channel and one receive channel).
• Digital channel coding and the modulation used makes the signal resistant to interference.
• A Carrier to Interference Ratio (C/I) level of 12 dB is achieved, as opposed to the 18 dB typical
with analogue cellular.
• This allows increased geographic reuse by permitting a reduction in the number of cells.
2. Audio Quality
• Digital transmission of speech and high performance digital signal processors provide good
quality speech transmission.
• Since GSM is a digital technology, the signals passed over a digital air interface can be protected
against errors by using better error detection and correction techniques.
• In regions of interference or noise-limited operation the speech quality is noticeably better than
analogue.
3. Use of Standardized Open Interfaces
• Standard interfaces such as C7 and X25 are used throughout the system. Hence different
manufacturers can be selected for different parts of the PLMN.
• There is a high flexibility in where the network components are situated.
4. Improved Security and Confidentiality
14
GSM Network Architecture
16
17
Mobile Station (MS)
18
Mobile Station
SIM Card
=Handset Battery
+ +
The Smart Card to use
f153454
GSM
2W
jmhfod
kgdjipj
The SIM-Card Functions Credit Card Size
µ SIM-Card
Global GSM Mobility
Card
15 mm The Smart Card to use
25 mm
Permanent data:
GSM
- Unique mobile subscriber identity Microchip with stored
through IMSI number, user information
- Authentication parameter Ki,
- Authentication algorithm A3,
- Generating encryption key Kc Removable data:
algorithm A8. - Temporary Mobile Subscriber Number,
- Location Area Identification.
Subscriber Identification
IMSI MS - ISDN
Mobile Station -
International Mobile Subscriber Identity
Nature Integrated Services Digital Network Nb
Similar to ISDN,
Conformity with E212
Conformity with E164/E213
Country
Mobile Mobile Mobile Subscriber National Mobile Subscriber
Code
Meaning Country Network Ident. Nb
(where Destination (national definition)
Code Code H1 H2 = Identity of HLR
subscription Code * M1 M2 = nbr of logical HLR
within the home PLMN
has been made)
The ME is the only part of the GSM network which the subscriber will
really see.
There are three main types of ME, these are listed below:
1. Vehicle Mounted
22
Subscriber Identity module (SIM)
• The SIM is a card which plugs into the ME.
• This card identifies the MS subscriber and also provides other information regarding the services that
subscriber should receive.
• The SIM card, and the high degree of inbuilt system security, provides protection of the subscriber’s
information and protection of networks against fraudulent access.
• The SIM can be protected by use of Personal Identity Number (PIN) password, similar to bank/credit
charge cards, to prevent unauthorized use of the card.
• By making a distinction between the subscriber identity and the ME identity, GSM can route calls and
23
perform billing based on the identity of the ‘subscriber’ rather than the equipment or its location.
The SIM contains several pieces of information:
The SIM is capable of storing additional information such as accumulated call charges.
24
1. BSS Architecture
MSC
Radio
TCU Interface
A Interface
S2000H&L
NSS BTS
Ater Interface
Public Telephone Network
Radio
Interface
OMN Interface
S8000
Indoor
Sun
StorEdge A5000
BSS BTS
MS
Base Station Controller (BSC)
• Any operational information required by the BTS will be received via the BSC.
• Likewise any information required about the BTS (by the OMC for example) will be obtained
by the BSC.
• The BSC incorporates a digital switching matrix, which it uses to connect the radio channels on
the air interface with the terrestrial circuits from the MSC.
• The BSC switching matrix also allows the BSC to perform “handovers” between radio channels
on BTSs, under its control, without involving the MSC.
26
BSC General Architecture and Functions
To Network
BTS Abis interface A interface SubSystem
Base Transceiver Station (BTS)
• The BTS provides the air interface connection with the MS.
• It also has a limited amount of Control functionality which reduces the amount of traffic passing
between the BTS and BSC.
• Where the BSC and BTS are both shown to control a function, the control is divided between the
two, or may be located wholly at one.
28
BTS General Architecture and Functions
BTS
Duplexer
COUPLING SYSTEM
HLR
BSS D D BSS
VLR VLR
G-interface
B-interface B-interface
C-interface
A-interface MSC A-interface
GMSC
F F
E EIR
E
IWF IWF
It also contains the databases required for subscriber data and mobility management.
• MSC is the heart of the system, controlling the Switching & Billing.
• The MSC can carry out different functions depending upon its position in the network.
• When it provides interface between PSTN & BSS in GSM network then it is known as a Gateway MSC
• One MSC is capable of supporting a regional capital with approximately one million inhabitants.
34
MSC’s Functionalities
Call Processing
1. Control of data/voice call setup
2. Inter-BSS and inter-MSC handovers
3. Control of mobility management (subscriber validation and location).
Operations and Maintenance Support
1. Database management
2. Traffic metering and measurement
3. A Man–machine interface.
Internetwork Interworking
1. Interface between the GSM network and the PSTN.
Billing
35
1. Collects call billing data.
Home Location Register (HLR)
The HLR is the master database which contains each user’s service profile.
The data it contains is remotely accessed by all the MSCs and the VLRs in the network.
Although the network may contain more than one HLR, there is only one database record per
subscriber .
The subscriber data may be accessed by either the IMSI or the MSISDN number.
36
Home Location Register
HLR
Subscriber
Management
Center Permanent records
- MSISDN
- IMSI
- Subscriber's service provision
Temporary records
- VLR address
- Ciphering items
(Kc, Sres, Rand)
Visitor Location Register (VLR)
VLR is a temporary database for all user currently located in the system including roamers & non-
roamers.
The data exists for only as long as the subscriber is “active” in the particular area covered by the VLR.
The VLR database will therefore contain some duplicate data as well as more precise data relevant to the
subscriber.
This function eliminates the need for excessive and time-consuming references to the “home” HLR
database.
38
Visitor Location Register
VLR
LA1
Permanent records
- IMSI
- Subscriber’s service provision
LA3
LA2 Temporary records
- Ciphering items
(Kc, Sres, Rand)
- LAI - TMSI
LA4
The additional data stored in the VLR is listed below:
& each G-MSC has a HLR which usually resides with the G-MSC
40
Equipment Identity Register (EIR)
This database is concerned solely with MS equipment and not with the subscriber who
is using it to make or receive a call.
The EIR database consists of lists of IMEIs (or ranges of IMEIs) organized as follows:
1. White List
2. Black List
3. Grey List
41
Equipment Identity Register
EIR
Black list
(barred ME)
IMEI
White list
(valid ME)
Mobile
Equipment Gray list
(faulty ME)
43
Authentication Centre (AuC)
The authentication process will usually take place each time the subscriber
“initializes” on.
44
Authentication Center
AUC
Ciphering Triplets
Ki RAND 5
HLR Request
AUC provides
3. OSS Architecture
The OSS provides the capability to manage the GSM network remotely.
This area of the GSM network is not currently tightly specified by the GSM specifications.
It is left to the network provider to decide what capabilities they wish it to have.
46
47
Operations and Maintenance Centre (OMC)
The OMC provides a central point from which to control and monitor the other network
entities (i.e. base stations, switches, database, etc).
1. OMC-R
2. OMC-S
1. Event/Alarm Management.
2. Fault Management.
3. Performance Management.
4. Configuration Management.
5. Security Management.
49
50
Localization and Calling
One fundamental feature of GSM system is the automatic , worldwide localization of users.
GSM perform periodic location updates even if a user does not use the MS.
The HLR always contains information about the current location , and VLR currently responsible for the MS
informs the HLR about location changes.
As soon as an MS moves into the range of a new VLR, the HLR sends all user data needed to new VLR.
Changing position of services is also called roaming.
1. Mobile station inter national ISDN number (MSISDN): The only important number for a user of
GSM in is the phone number. Phone no is associated with SIM ,which is personalized for a user . This
no consists of country code (CC) ,the national destination code(NDC) , and subscriber number (SN) .
2. International mobile subscriber identity(IMSI): GSM uses the IMSI for internal unique identification
of a subscriber. It consists of mobile country code (MCC) ,the mobile network code(MNC) , and mobile
subscriber identification identity(MSIN).
3. Temporary mobile subscriber identity(TMSI): GSM uses the 4 byte TMSI for local subscriber
identification .TMSI is selected by the current VLR and is only valid temporarily and within the location
area of VLR.
4. Mobile station roaming number(MSRN): Another temporary address that hides the location of a
subscriber is MSRN. MSRN contains the current visitor country code(VCC) ,the visitor national
destination code (VNDC)
MOBILE TERMINATED CALL (MTC)
1: Calling a GSM subscriber
1, 2: connection request
3, 4: security check
• The GSM handover process uses a mobile assisted technique for accurate and fast handovers, in order to:
• When the MS is engaged in a speech conversation, a portion of the TDMA frame is idle while
the rest of the frame is used for uplink (BTS receive) and downlink (BTS transmit) timeslots.
• During the idle time period of the frame, the MS changes radio channel frequency and
monitors and measures the signal level of the six best neighbor cells.
• Measurements which feed the handover decision algorithm are made at both ends of the radio
link.
MS END
• At the MS end, measurements are continuously signalled, via the associated control channel, to
the BSS where the decision for handover is ultimately made.
• MS measurements include:
– Serving cell downlink received signal level, and six best neighbor cells downlink received
signal level.
• The MS also decodes the Base Station ID Code (BSIC) from the six best neighbor cells, and
reports the BSICs and the measurement information to the BSS.
BTS END
• The BTS measures the uplink link quality, received signal level, and MS to BTS site
distance.
• The MS RF transmit output power budget is also considered in the handover decision.
• During the conversation, the MS only transmits and receives for one eighth of the time, that is during one
timeslot in each frame.
• During its idle time (the remaining seven timeslots), the MS switches to the BCCH of the surrounding
cells and measures its signal strength.
• The signal strength measurements of the surrounding cells, and the signal strength and quality
measurements of the serving cell, are reported back to the serving cell via the SACCH once in every
SACCH multiframe.
• This information is evaluated by the BSS for use in deciding when the MS should be handed over to
another traffic channel.
Downlink
Uplink
T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
NUMBER OF NEIGHBORS
• The MS has a omni-directional antenna. Much of the MS power goes to the server but a lot is
interfering with surrounding cells using the same channel.
• The TDMA frames of adjacent cell are not aligned since they are not synchronized. Hence the
uplink in the surrounding cell suffers from interference.
Channel 10
Cell 1
Channel 10
Cell 2
• The BSS keeps on measuring the interference on the idle timeslots.
• Ambient noise is measured and recorded 104 times in one SACCH multiframe.
• These measurements are averaged out to produce one figure.
• The BSS then distributes the idle timeslots into band 0 to band 5.
• Since the BSS knows the interference level on idle timeslots, it uses this data to
allocate the best channel first and the worst last.
HANDOVER CONDITIONS
BSC
Call is handed
BTS from timeslot 3 to timeslot 5
• Handover takes place in the same cell from one timeslot to another timeslot
of the same carrier or different carriers( but the same cell).
• Intra-cell handover is triggered only if the cause is interference.
• Intra-cell handover can be enabled or disabled in a cell.
2. Intra-BSC Handover
BSC1
BTS1
Call is handed from timeslot 3
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the same BSC.
Handover takes place between different cell which are controlled by the same BSC.
3. Inter-BSC Handover
BSS1
BTS1
Call is handed from timeslot 3
MSC
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the different BSC.
BSS2
BTS2
Handover takes place between different cell which are controlled by the different BSC.
4. Inter-MSC Handover
MSC1 BSS1
BTS1
Call is handed from timeslot 3
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the different BSC, each BSC
being controlled by different MSC.
MSC2 BSS2
BTS2
Handover takes place between different cell which are controlled by the different BSC and
each BSC is controlled by different MSC.
Security in GSM
Security services
Access control/authentication
• User SIM (Subscriber Identity Module): secret PIN (personal identification number)
• SIM network: challenge response method
Confidentiality
• Voice and signaling encrypted on the wireless link (after successful authentication)
Anonymity
• Temporary identity TMSI (Temporary Mobile Subscriber Identity)
• Newly assigned at each new location update (LUP)
• Encrypted transmission
Continued..
RAND
Ki RAND RAND Ki
A3 A3
SIM
SRES* 32 bit SRES 32 bit
MSC SRES
SRES* =? SRES SRES
32 bit
RAND
Ki RAND RAND Ki
AC 128 bit 128 bit 128 bit 128 bit SIM
A8 A8
cipher Kc
key 64 bit Kc
64 bit
data encrypted SRES
data
BTS MS
data
A5 A5
Continued..
GSM has its security methods standardized.
GSM maintains end-to-end security by retaining the confidentiality of calls and anonymity of the
GSM subscriber.
Temporary identification numbers are assigned to the subscriber’s number to maintain the privacy
of the user.
The privacy of the communication is maintained by applying encryption algorithms and frequency
hopping that can be enabled using digital systems and signalling.
Continued..
1. Mobile Station Authentication
The GSM network authenticates the identity of the subscriber through the use of a challenge-response
mechanism.
A 128-bit Random Number (RAND) is sent to the MS. The MS computes the 32-bit Signed Response
(SRES) based on the encryption of the RAND with the authentication algorithm (A3) using the
individual subscriber authentication key (Ki).
Upon receiving the SRES from the subscriber, the GSM network repeats the calculation to verify the
identity of the subscriber.
Continued..
The individual subscriber authentication key (Ki) is never transmitted over the radio channel, as it is
present in the subscriber's SIM, as well as the AUC, HLR, and VLR databases.
If the received SRES agrees with the calculated value, the MS has been successfully authenticated and
may continue. If the values do not match, the connection is terminated and an authentication failure is
indicated to the MS.
The calculation of the signed response is processed within the SIM. It provides enhanced security, as
confidential subscriber information such as the IMSI or the individual subscriber authentication key
(Ki) is never released from the SIM during the authentication process.
Continued..
2. Signalling and Data Confidentiality
The SIM contains the ciphering key generating algorithm (A8) that is used to produce the 64-bit ciphering key
(Kc). This key is computed by applying the same random number (RAND) used in the authentication process to
ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki).
GSM provides an additional level of security by having a way to change the ciphering key, making the system
more resistant to eavesdropping. The ciphering key may be changed at regular intervals as required.
Encrypted voice and data communications between the MS and the network is accomplished by using the ciphering
algorithm A5.
Encrypted communication is initiated by a ciphering mode request command from the GSM network. Upon receipt
of this command, the mobile station begins encryption and decryption of data using the ciphering algorithm (A5)
and the ciphering key (Kc).
Continued..
3. Subscriber Identity Confidentiality
To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI) is used.
Once the authentication and encryption procedures are done, the TMSI is sent to the mobile station.
For communications outside the location area, the Location Area Identification (LAI) is necessary in
addition to the TMSI.
General Packet Radio System (GPRS)
General Packet Radio System is also known as GPRS is a third-generation step toward internet
access.
GPRS is also known as GSM-IP that is a Global-System Mobile Communications Internet Protocol as it
keeps the users of this system online, allows to make voice calls, and access internet on-the-go.
Even Time-Division Multiple Access (TDMA) users benefit from this system as it provides packet radio
access.
GPRS also permits the network operators to execute an Internet Protocol (IP) based core architecture for
integrated voice and data applications that will continue to be used and expanded for 3G services.
Continued..
GPRS supersedes the wired connections, as this system has simplified access to the packet data
networks like the internet.
The packet radio principle is employed by GPRS to transport user data packets in a structure way
between GSM mobile stations and external packet data networks. These packets can be directly routed
to the packet switched networks from the GPRS mobile stations.
In the current versions of GPRS, networks based on the Internet Protocol (IP) like the global internet
or private/corporate intranets and X.25 networks are supported.
Continued..
Who owns GPRS ?
The GPRS specifications are written by the European Telecommunications Standard Institute (ETSI), the
European counterpart of the American National Standard Institute (ANSI).
Key Features
• The always online feature - Removes the dial-up process, making applications only one click away.
• An upgrade to existing systems - Operators do not have to replace their equipment; rather, GPRS is added
on top of the existing infrastructure.
GPRS is the first step toward an end-to-end wireless infrastructure and has the following goals:
• Open architecture
• Consistent IP services
Higher Data Rate: In the typical GSM mobile, setup alone is a lengthy process and equally, rates for data permission are
restrained to 9.6 kbit/s. The session establishment time offered while GPRS is in practice is lower than one second and
ISDN-line data rates are up to many 10 kbit/s.
Easy Billing: GPRS packet transmission offers a more user-friendly billing than that offered by circuit switched services.
• In circuit switched services, billing is based on the duration of the connection. This is unsuitable for applications with
bursty traffic. The user must pay for the entire airtime, even for idle periods when no packets are sent (e.g., when the user
reads a Web page).
• In contrast to this, with packet switched services, billing can be based on the amount of transmitted data. The advantage for
the user is that he or she can be "online" over a long period of time but will be billed based on the transmitted data volume.
Continued..
GPRS has opened a wide range of unique services to the mobile wireless subscriber. Some of the characteristics that
have opened a market full of enhanced value services to the users are listed as below.
• Mobility - The ability to maintain constant voice and data communications while on the move.
• Immediacy - Allows subscribers to obtain connectivity when needed, regardless of location and without a lengthy
login session.
Using the above three characteristics varied possible applications are being developed to offer to the mobile
subscribers. These applications, in general, can be divided into two high-level categories:
• Corporation
• Consumer
Continued..
These two levels further include:
• Location-based applications - Navigation, traffic conditions, airline/rail schedules and location finder, etc.
• Advertising - Advertising may be location sensitive. For example, a user entering a mall can receive
advertisements specific to the stores in that mall.
Continued..
Continued..
GSM Network Modification or Upgrade Required for GPRS.
Element
Mobile Station New Mobile Station is required to access GPRS services.
(MS)
BSC The Base Station Controller (BSC) requires a software upgrade and the
installation of new hardware called the packet control unit (PCU).
The PCU directs the data traffic to the GPRS network and can be a separate
hardware element associated with the BSC.
GPRS Support The deployment of GPRS requires the installation of new core network
Nodes (GSNs) elements called the serving GPRS support node (SGSN) and gateway GPRS
support node (GGSN).
Databases (HLR, All the databases involved in the network will require software upgrades to
VLR, etc.) handle the new call models and functions introduced by GPRS.
Continued..
1. GPRS Mobile Stations
New MS are required to use GPRS services because existing GSM phones do not handle the enhanced air interface
or packet data. These mobile stations are backward compatible for making voice calls using GSM.
Each BSC requires the installation of one or more Packet Control Units (PCUs) and a software upgrade.
The PCU provides a physical and logical data interface to the Base Station Subsystem (BSS) for packet data traffic.
When either voice or data traffic is originated at the subscriber mobile, it is transported over the air interface to the
BTS, and from the BTS to the BSC in the same way as a standard GSM call.
However, at the output of the BSC, the traffic is separated; voice is sent to the Mobile Switching Center (MSC) per
standard GSM, and data is sent to a new device called the SGSN via the PCU over a Frame Relay interface.
Continued..
3. GPRS Support Nodes
o The Gateway GPRS Support Node acts as an interface and a router to external networks.
o It contains routing information for GPRS mobiles, which is used to tunnel packets through the IP based internal
backbone to the correct Serving GPRS Support Node.
o The GGSN also can act as a packet filter for incoming traffic.
o The Serving GPRS Support Node is responsible for authentication of GPRS mobiles, registration of mobiles in
the network, mobility management.
Continued..
4. Internal Backbone
o The internal backbone is an IP based network used to carry packets between different GSNs.
o Tunnelling is used between SGSNs and GGSNs, so the internal backbone does not need any
information about domains outside the GPRS network.
5. Routing Area
o GPRS introduces the concept of a Routing Area. This concept is similar to Location Area in GSM,
except that it generally contains fewer cells.
o Because routing areas are smaller than location areas, less radio resources are used while
broadcasting a page message.
Continued..
The QoS is a vital feature of GPRS services as there are different QoS support requirements for assorted GPRS
applications like realtime multimedia, web browsing, and e-mail transfer. GPRS allows defining QoS profiles
using the following parameters :
• Service Precedence
• Reliability
• Delay
• Throughput
Continued..
1. Service Precedence: The preference given to a service when compared to another service is known as Service
Precedence. This level of priority is classified into three levels called:
• high
• normal
• low
When there is network congestion, the packets of low priority are discarded as compared to high or normal priority packets.
2. Reliability
This parameter signifies the transmission characteristics required by an application. The reliability classes are defined which
guarantee certain maximum values for the probability of loss, duplication, mis-sequencing, and corruption of packets.
Continued..
3. Delay
o The delay is defined as the end-to-end transfer time between two communicating mobile stations or between a
mobile station and the GI interface to an external packet data network.
o This includes all delays within the GPRS network, e.g., the delay for request and assignment of radio resources
and the transit delay in the GPRS backbone network.
o Transfer delays outside the GPRS network, e.g., in external transit networks, are not taken into account.
4. Throughput
The throughput specifies the maximum/peak bit rate and the mean bit rate.
THANK YOU