Mobile Computing

CSE 062

Unit 2
 Syllabus

Unit 2 TELECOMMUNICATION NETWORKS

A GSM: Mobile services, System architecture,

Radio interface, Protocols

B Localization and calling, Handover, Security

C General Packet Radio Service (GPRS): GPRS

Architecture, GPRS network nodes,
 INTRODUCTION TO GSM
• The Global System for Mobile Communications (GSM) is a set of recommendations and
specifications for a digital cellular telephone network (known as a Public Land Mobile
Network, or PLMN).

• These recommendations ensure the

 Compatibility of equipment from different GSM manufacturers
 Interconnectivity between different administrations, including operation across international
boundaries.
• GSM networks are digital and can cater for high system capacities.

• They are consistent with the world-wide digitization of the telephone network, and are an extension of the
Integrated Services Digital Network (ISDN)

• Uses a digital radio interface between the cellular network and the mobile subscriber equipment.
CELLULAR TELEPHONY

• A cellular telephone system links mobile subscribers into the public telephone system.
• Information between the mobile unit and the cellular network uses radio communication. Hence the
subscriber is able to move around and become fully mobile.
• The service area in which mobile communication is to be provided is divided into regions called cells.
• Each cell has the equipment to transmit and receive calls from any subscriber located within the
borders of its radio coverage area.

Radio
Cell

Mobile subscriber
GSM FREQUENCIES
• GSM systems use radio frequencies between 890-915 MHz for receiving and between 935-
960 MHz for transmitting.
• RF carriers are spaced every 200 kHz, allowing a total of 124 carriers for use.
• An RF carrier is a pair of radio frequencies, one used in each direction.
• Transmit and receive frequencies are always separated by 45 MHz.

UPLINK FREQUENCIES DOWNLINK FREQUENCIES

890 915 935 960

UPLINK AND DOWNLINK FREQUENCY SEPARATED BY 45MHZ

Extended GSM (EGSM)
• EGSM has 10MHz of bandwidth on both transmit and receive.
• Receive bandwidth is from 880 MHz to 890 MHz.
• Transmit bandwidth is from 925 MHz to 935 MHz.
• Total RF carriers in EGSM is 50.

UPLINK FREQUENCIES DOWNLINK FREQUENCIES

880 890 915 925 935 960

UPLINK AND DOWNLINK FREQUENCY SEPARATED BY 45MHZ

 FEATURES OF GSM

1. Increased Capacity

• The GSM system provides a greater subscriber capacity than analogue systems.
• GSM allows 25 kHz per user, that is, eight conversations per 200 kHz channel pair (a pair
comprising one transmit channel and one receive channel).
• Digital channel coding and the modulation used makes the signal resistant to interference.
• A Carrier to Interference Ratio (C/I) level of 12 dB is achieved, as opposed to the 18 dB typical
with analogue cellular.
• This allows increased geographic reuse by permitting a reduction in the number of cells.
2. Audio Quality

• Digital transmission of speech and high performance digital signal processors provide good
quality speech transmission.
• Since GSM is a digital technology, the signals passed over a digital air interface can be protected
against errors by using better error detection and correction techniques.
• In regions of interference or noise-limited operation the speech quality is noticeably better than
analogue.
3. Use of Standardized Open Interfaces
• Standard interfaces such as C7 and X25 are used throughout the system. Hence different
manufacturers can be selected for different parts of the PLMN.
• There is a high flexibility in where the network components are situated.
4. Improved Security and Confidentiality

• GSM offers high speech and data confidentiality.

• Subscriber authentication can be performed by the system to check if a subscriber is a valid
subscriber or not.
• The GSM system provides for high degree of confidentiality for the subscriber. Calls are
encoded and ciphered when sent over air.
• The mobile has a identity number hard coded into it when it is manufactured. This number is
stored in a standard database and whenever a call is made the equipment can be checked to see if
it has been reported stolen.
5. Cleaner Handovers

• GSM uses Mobile assisted handover technique.

• This data is passed on the Network which then uses sophisticated algorithms to determine the need of
handover.
6. Subscriber Identification
• In a GSM system the mobile station and the subscriber are identified separately.
• The subscriber is identified by means of a smart card known as a SIM.
• This enables the subscriber to use different mobile equipment while retaining the same subscriber
number.
7. Enhanced Range of Services

• Speech services for normal telephony.

• Short Message Service for point to point transmission of text message.
• Cell broadcast for transmission of text message from the cell to all MS in its coverage area.
Message like traffic information or advertising can be transmitted.
• Fax and data services are provided. Data rates available are 2.4 Kb/s, 4.8 Kb/s and 9.6 Kb/s.
• Supplementary services like number identification, call barring, call forwarding, charging display
etc. can be provided.
8. Frequency Reuse
• There are total 124 carriers in GSM ( additional 50 carriers are available if EGSM band is used).
• Each carrier has 8 timeslots and if 7 can be used for traffic then a maximum of 868 (124 X 7) calls
can be made. This is not enough and hence frequencies have to be reused.
• The same RF carrier can be used for many conversations in several different cells at the same time.
 GSM Architecture

GSM architecture is mainly divided into three Subsystems

1. Base Station Subsystem (BSS)

2. Network & Switching Subsystem (NSS)

3. Operations & Support Subsystem (OSS)

Mobile Station sometimes included in BSS

14
GSM Network Architecture
16
17
Mobile Station (MS)

The MS consists of two parts

1. Mobile Equipment (ME)

2. Subscriber Identity module (SIM)

18
 Mobile Station

SIM Card
=Handset Battery

Global GSM Mobility battery

Card

+ +
The Smart Card to use

f153454
GSM
2W
jmhfod
kgdjipj
The SIM-Card Functions Credit Card Size
µ SIM-Card
Global GSM Mobility
Card
15 mm The Smart Card to use
25 mm

Permanent data:
GSM
- Unique mobile subscriber identity Microchip with stored
through IMSI number, user information
- Authentication parameter Ki,
- Authentication algorithm A3,
- Generating encryption key Kc Removable data:
algorithm A8. - Temporary Mobile Subscriber Number,
- Location Area Identification.
Subscriber Identification
IMSI MS - ISDN

Mobile Station -
International Mobile Subscriber Identity
Nature Integrated Services Digital Network Nb

Similar to ISDN,
Conformity with E212
Conformity with E164/E213

Identify a PLMN Identify the subscriber National Significant Mobile Number

worldwide of a PLMN

MCC MNC MSIN CC NDC SN

Format H1 H2 x x x ......... x x x M1 M2 xx xx xx xx

Country
Mobile Mobile Mobile Subscriber National Mobile Subscriber
Code
Meaning Country Network Ident. Nb
(where Destination (national definition)
Code Code H1 H2 = Identity of HLR
subscription Code * M1 M2 = nbr of logical HLR
within the home PLMN
has been made)

Nb. digits 3 2 max 10 1 to 3 2 to 4 total max 15

* This code does not identify a geographical area

but an operator
Mobile Equipment (ME)

 The ME is the only part of the GSM network which the subscriber will
really see.

 There are three main types of ME, these are listed below:

1. Vehicle Mounted

2. Portable Mobile Unit

3. Hand portable Unit

22
 Subscriber Identity module (SIM)
• The SIM is a card which plugs into the ME.

• This card identifies the MS subscriber and also provides other information regarding the services that
subscriber should receive.

• The SIM card, and the high degree of inbuilt system security, provides protection of the subscriber’s
information and protection of networks against fraudulent access.

• The SIM can be protected by use of Personal Identity Number (PIN) password, similar to bank/credit
charge cards, to prevent unauthorized use of the card.

• SIM cards are designed to be difficult to duplicate.

• By making a distinction between the subscriber identity and the ME identity, GSM can route calls and
23
perform billing based on the identity of the ‘subscriber’ rather than the equipment or its location.
The SIM contains several pieces of information:

1. International Mobile Subscriber Identity (IMSI)

2. Temporary Mobile Subscriber Identity (TMSI)

3. Location Area Identity (LAI)

4. Subscriber Authentication Key (Ki)

5. Mobile Station Integrated Services Digital Network (MSISDN)

The SIM is capable of storing additional information such as accumulated call charges.

The SIM also executes the Authentication Algorithm.

24
1. BSS Architecture
MSC
Radio
TCU Interface
A Interface
S2000H&L
NSS BTS

Ater Interface
Public Telephone Network

Abis Interface S8000 MS

BSC Outdoor
OMC-R BTS

Radio
Interface

OMN Interface

S8000
Indoor
Sun
StorEdge A5000

BSS BTS
MS
Base Station Controller (BSC)

• The BSC provides the control for the BSS.

• Any operational information required by the BTS will be received via the BSC.

• Likewise any information required about the BTS (by the OMC for example) will be obtained
by the BSC.

• The BSC incorporates a digital switching matrix, which it uses to connect the radio channels on
the air interface with the terrestrial circuits from the MSC.

• The BSC switching matrix also allows the BSC to perform “handovers” between radio channels
on BTSs, under its control, without involving the MSC.

26
BSC General Architecture and Functions

- Radio Resource BSC

management for its BTSs
- Intercell hand-over Processing X.25
Unit controller
O&M
- Allocation of channels for
communication
- Reallocation of frequencies
Switching
among BTSs
matrix
- Time and frequency
synchronization to BTSs
- Controls frequency
hopping
PCM PCM
controller controller

To Network
BTS Abis interface A interface SubSystem
 Base Transceiver Station (BTS)
• The BTS provides the air interface connection with the MS.

• It also has a limited amount of Control functionality which reduces the amount of traffic passing
between the BTS and BSC.

• Where the BSC and BTS are both shown to control a function, the control is divided between the
two, or may be located wholly at one.

28
BTS General Architecture and Functions
BTS

- Interface between Antennas Antenna

Transmission coupler
and TRXs of each cell

Duplexer
COUPLING SYSTEM

- Encodes, encrypts, modulates, Reception coupler

feeds the RF signal to the
antenna
- Decrypts and equalizes the TRX
signal then demodulates (Transceiver-Receiver)
- Mobile call detection
- Uplink channel measurements
- Timing advance
BCF
- Frequency hopping (Base Common Functions)
Abis
interface

BSC - Multiplexes speech and user's data channels to BSC.

- Multiplexes signaling channels to BSC.
BSS Configurations
• The maximum number of BTSs which
may be controlled by one BSC is not
specified by GSM.

•The BTSs and BSC may either be located

at the same cell site “co-located”, or located
at different sites “Remote”.

•Another BSS configuration is the daisy

chain.

•Problem- transmission delay through the

chain. 30
2. NSS Architecture
Site 1 Site 2
AUC
H

HLR
BSS D D BSS
VLR VLR
G-interface
B-interface B-interface
C-interface
A-interface MSC A-interface
GMSC

Other GSM, Other GSM,

PSTN, ISDN E-interface PSTN, ISDN

F F

E EIR
E
IWF IWF

Billing SMS-SC Billing

Server Server
 The Network Switching System includes the main switching functions of the GSM network.

 It also contains the databases required for subscriber data and mobility management.

 The components of the Network Switching System are listed below:

1. Mobile Services Switching Centre – MSC

2. Home Location Register – HLR

3. Visitor Location Register – VLR

4. Equipment Identity Register – EIR

5. Authentication Centre – AUC

6. Interworking Function – IWF

32
7. Echo Canceller – EC
33
 Mobile Switching Centre (MSC)

• MSC is the heart of the system, controlling the Switching & Billing.

• The MSC can carry out different functions depending upon its position in the network.

• When it provides interface between PSTN & BSS in GSM network then it is known as a Gateway MSC

• Provides service to MSs located within a defined geographic coverage area.

• The network typically contains more than one MSC.

• One MSC is capable of supporting a regional capital with approximately one million inhabitants.

34
MSC’s Functionalities

 Call Processing
1. Control of data/voice call setup
2. Inter-BSS and inter-MSC handovers
3. Control of mobility management (subscriber validation and location).
 Operations and Maintenance Support
1. Database management
2. Traffic metering and measurement
3. A Man–machine interface.
 Internetwork Interworking
1. Interface between the GSM network and the PSTN.
 Billing
35
1. Collects call billing data.
Home Location Register (HLR)

 The HLR is the master database which contains each user’s service profile.

 Various identification numbers, authentication parameters, and addresses are stored.

 The data it contains is remotely accessed by all the MSCs and the VLRs in the network.

 Although the network may contain more than one HLR, there is only one database record per
subscriber .

 The subscriber data may be accessed by either the IMSI or the MSISDN number.

36
Home Location Register

HLR
Subscriber
Management
Center Permanent records
- MSISDN
- IMSI
- Subscriber's service provision

Temporary records
- VLR address
- Ciphering items
(Kc, Sres, Rand)
 Visitor Location Register (VLR)

 VLR is a temporary database for all user currently located in the system including roamers & non-
roamers.

 The data exists for only as long as the subscriber is “active” in the particular area covered by the VLR.

 The VLR database will therefore contain some duplicate data as well as more precise data relevant to the
subscriber.

 This function eliminates the need for excessive and time-consuming references to the “home” HLR
database.

38
Visitor Location Register

VLR
LA1
Permanent records
- IMSI
- Subscriber’s service provision

LA3
LA2 Temporary records
- Ciphering items
(Kc, Sres, Rand)
- LAI - TMSI

LA4
The additional data stored in the VLR is listed below:

1. Mobile status (busy/free/no answer etc.).

2. Location Area Identity (LAI).

3. Temporary Mobile Subscriber Identity (TMSI).

4. Mobile Station Roaming Number (MSRN).

 MSC updates VLR with HLR information.

 Each MSC has VLR which resides with the MSC

& each G-MSC has a HLR which usually resides with the G-MSC

40
Equipment Identity Register (EIR)

 The EIR contains a centralized database for validating the IMEI.

 This database is concerned solely with MS equipment and not with the subscriber who
is using it to make or receive a call.

 The EIR database consists of lists of IMEIs (or ranges of IMEIs) organized as follows:

1. White List

2. Black List

3. Grey List

41
Equipment Identity Register

EIR

Black list
(barred ME)
IMEI

White list
(valid ME)
Mobile
Equipment Gray list
(faulty ME)
43
Authentication Centre (AuC)

 The AuC is a processor system that performs the “authentication” function.

 It is normally co-located with the HLR as it will be required to

continuously access and update, as necessary, the system subscriber
records.

 The authentication process will usually take place each time the subscriber
“initializes” on.

44
Authentication Center

AUC

Ciphering Triplets
Ki RAND 5

HLR Request

Security SRES, Kc, RAND

A3, A8 algorithms
IMSI

AUC provides
3. OSS Architecture

 The OSS provides the capability to manage the GSM network remotely.

 This area of the GSM network is not currently tightly specified by the GSM specifications.

 It is left to the network provider to decide what capabilities they wish it to have.

 The Operations and Maintenance System comprises of two parts:

1. Network Management Centre (NMC)

2. Operations and Maintenance Centre (OMC)

46
47
Operations and Maintenance Centre (OMC)

 The OMC provides a central point from which to control and monitor the other network
entities (i.e. base stations, switches, database, etc).

 It also monitors the quality of service being provided by the network.

 There are two types of OMC these are:

1. OMC-R

OMC controls specifically the Base Station System.

2. OMC-S

OMC controls specifically the Network Switching System.

48
The OMC should support the following functions as per ITS–TS recommendations:

1. Event/Alarm Management.

2. Fault Management.

3. Performance Management.

4. Configuration Management.

5. Security Management.

49
50
Localization and Calling
 One fundamental feature of GSM system is the automatic , worldwide localization of users.

 GSM perform periodic location updates even if a user does not use the MS.

 The HLR always contains information about the current location , and VLR currently responsible for the MS
informs the HLR about location changes.

 As soon as an MS moves into the range of a new VLR, the HLR sends all user data needed to new VLR.
 Changing position of services is also called roaming.

- Within the network of one provider

- Between two providers in one country (National Roaming)
- Different providers in different countries (International Roaming)

 To locate an MS and to address the MS following number are required:

1. Mobile station inter national ISDN number (MSISDN): The only important number for a user of
GSM in is the phone number. Phone no is associated with SIM ,which is personalized for a user . This
no consists of country code (CC) ,the national destination code(NDC) , and subscriber number (SN) .
2. International mobile subscriber identity(IMSI): GSM uses the IMSI for internal unique identification
of a subscriber. It consists of mobile country code (MCC) ,the mobile network code(MNC) , and mobile
subscriber identification identity(MSIN).

3. Temporary mobile subscriber identity(TMSI): GSM uses the 4 byte TMSI for local subscriber
identification .TMSI is selected by the current VLR and is only valid temporarily and within the location
area of VLR.
4. Mobile station roaming number(MSRN): Another temporary address that hides the location of a
subscriber is MSRN. MSRN contains the current visitor country code(VCC) ,the visitor national
destination code (VNDC)
MOBILE TERMINATED CALL (MTC)
1: Calling a GSM subscriber

2: Forwarding call to GMSC

3: Signal call setup to HLR

4, 5: Request MSRN from VLR

6: Forward responsible MSC to GMSC

7: Forward call to current MSC

8, 9: Get current status of MS

10, 11: Paging of MS

12, 13: MS answers

14, 15: Security checks

16, 17: Set up connection

MOBILE ORIGINATED CALL (MOC)

1, 2: connection request

3, 4: security check

5-8: check resources (free circuit)

9-10: set up call

 HANDOVER

• The GSM handover process uses a mobile assisted technique for accurate and fast handovers, in order to:

– Maintain the user connection link quality.

– Manage traffic distribution

• The overall handover process is implemented in the MS,BSS & MSC.

• Measurement of radio subsystem downlink performance and signal strengths received from surrounding cells, is
made in the MS.
• These measurements are sent to the BSS for assessment.
• The BSS measures the uplink performance for the MS being served and also assesses the signal strength of
interference on its idle traffic channels.
• Initial assessment of the measurements in conjunction with defined thresholds and handover strategy may be
performed in the BSS.
• The MS assists the handover decision process by performing certain measurements.

• When the MS is engaged in a speech conversation, a portion of the TDMA frame is idle while
the rest of the frame is used for uplink (BTS receive) and downlink (BTS transmit) timeslots.

• During the idle time period of the frame, the MS changes radio channel frequency and
monitors and measures the signal level of the six best neighbor cells.

• Measurements which feed the handover decision algorithm are made at both ends of the radio
link.
 MS END
• At the MS end, measurements are continuously signalled, via the associated control channel, to
the BSS where the decision for handover is ultimately made.

• MS measurements include:

– Serving cell downlink quality (bit error rate (BER) estimate).

– Serving cell downlink received signal level, and six best neighbor cells downlink received
signal level.

• The MS also decodes the Base Station ID Code (BSIC) from the six best neighbor cells, and
reports the BSICs and the measurement information to the BSS.
BTS END

• The BTS measures the uplink link quality, received signal level, and MS to BTS site
distance.

• The MS RF transmit output power budget is also considered in the handover decision.

• If the MS can be served by a neighbor cell at a lower power, the handover is

recommended.

• From a system perspective, handover may be considered due to loading or congestion

conditions. In this case, the MSC or BSC tries to balance channel usage among cells.
 MS IDLE TIME REPORTING

• During the conversation, the MS only transmits and receives for one eighth of the time, that is during one
timeslot in each frame.

• During its idle time (the remaining seven timeslots), the MS switches to the BCCH of the surrounding
cells and measures its signal strength.

• The signal strength measurements of the surrounding cells, and the signal strength and quality
measurements of the serving cell, are reported back to the serving cell via the SACCH once in every
SACCH multiframe.

• This information is evaluated by the BSS for use in deciding when the MS should be handed over to
another traffic channel.

• This reporting is the basis for MS assisted handovers.

 MEASUREMENT IN ACTIVE MODE

Downlink

Uplink

1. MS receives and measures signal strength on serving cell(TS2).

2. MS transmits
3. MS measures signal strength for at least one neighbor cell.
4. MS reads BSIC on SCH for one of the 6 strongest neighbor.
NUMBER OF NEIGHBORS
Maximum 32 averaging of RSS takes place.
Practically a cell neighbors can be equipped for a cell.
If high numbers of neighbors are equipped, then the accuracy of RSS is decreased.

T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

T T T T T T T T T T T T S T T T T T T T T T T T T I
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
NUMBER OF NEIGHBORS

• In one SACCH multiframe, there are 104 TDMA frames.

• Out of this 104 frames 4 frames are idle and are used to decode the BSIC.
• Remaining 100 TDMA frames are used to measure RSS (Received Signal Strength)
of the neighbor.
• If 25 neighbors are equipped, then in one SACCH multiframe, each neighbor is
measured 100/25 = 4 times and averaged out. This produces a less accurate value.
• If 10 neighbors are equipped, then in one SACCH multiframe, each neighbor is
measured 100/10 = 10 times and averaged out. This produces a more accurate value.
INTERFERENCE ON IDLE CHANNEL

• GSM causes its own time interference.

• The MS has a omni-directional antenna. Much of the MS power goes to the server but a lot is
interfering with surrounding cells using the same channel.

• The TDMA frames of adjacent cell are not aligned since they are not synchronized. Hence the
uplink in the surrounding cell suffers from interference.

Channel 10
Cell 1

Channel 10
Cell 2
• The BSS keeps on measuring the interference on the idle timeslots.
• Ambient noise is measured and recorded 104 times in one SACCH multiframe.
• These measurements are averaged out to produce one figure.
• The BSS then distributes the idle timeslots into band 0 to band 5.
• Since the BSS knows the interference level on idle timeslots, it uses this data to
allocate the best channel first and the worst last.
HANDOVER CONDITIONS

Handover is done on five conditions

– Interference
– RXQUAL
– RXLEV
– Distance or Timing Advance
– Power Budget
Interference - If signal level is high and still there is RXQUAL problem, then the RXQUAL
problem is because of interference.
RXQUAL - It is the receive quality. It ranges from 0 to 7 , 0 being the best and 7 the worst
RXLEV - It is the receive level. It varies from -47dBm to -110dBm.
Timing Advance - Ranges from 0 to 63.
Power budget - It is used to save the power of the MS.
HANDOVER TYPES
1. Intra-Cell Handover

BSC

Call is handed
BTS from timeslot 3 to timeslot 5

• Handover takes place in the same cell from one timeslot to another timeslot
of the same carrier or different carriers( but the same cell).
• Intra-cell handover is triggered only if the cause is interference.
• Intra-cell handover can be enabled or disabled in a cell.
2. Intra-BSC Handover

BSC1

BTS1
Call is handed from timeslot 3
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the same BSC.

Handover takes place between different cell which are controlled by the same BSC.
3. Inter-BSC Handover

BSS1

BTS1
Call is handed from timeslot 3
MSC
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the different BSC.

BSS2

BTS2
Handover takes place between different cell which are controlled by the different BSC.
 4. Inter-MSC Handover

MSC1 BSS1

BTS1
Call is handed from timeslot 3
of cell1 to timeslot 1 of cell2 .
Both the cells are controlled
by the different BSC, each BSC
being controlled by different MSC.
MSC2 BSS2

BTS2

Handover takes place between different cell which are controlled by the different BSC and
each BSC is controlled by different MSC.
Security in GSM
Security services
 Access control/authentication
• User SIM (Subscriber Identity Module): secret PIN (personal identification number)
• SIM network: challenge response method
 Confidentiality
• Voice and signaling encrypted on the wireless link (after successful authentication)
 Anonymity
• Temporary identity TMSI (Temporary Mobile Subscriber Identity)
• Newly assigned at each new location update (LUP)
• Encrypted transmission
Continued..

 3 algorithms specified in GSM

• A3 for authentication (“secret”, open interface)

• A5 for encryption (standardized)

• A8 for key generation (“secret”, open interface)

GSM - authentication

mobile network SIM

RAND
Ki RAND RAND Ki

AC 128 bit 128 bit 128 bit 128 bit

A3 A3
SIM
SRES* 32 bit SRES 32 bit

MSC SRES
SRES* =? SRES SRES
32 bit

Ki: individual subscriber authentication key SRES: signed response

GSM - key generation and encryption

mobile network (BTS) MS with SIM

RAND
Ki RAND RAND Ki
AC 128 bit 128 bit 128 bit 128 bit SIM

A8 A8

cipher Kc
key 64 bit Kc
64 bit
data encrypted SRES
data
BTS MS
data
A5 A5
Continued..
 GSM has its security methods standardized.

 GSM maintains end-to-end security by retaining the confidentiality of calls and anonymity of the
GSM subscriber.

 Temporary identification numbers are assigned to the subscriber’s number to maintain the privacy
of the user.

 The privacy of the communication is maintained by applying encryption algorithms and frequency
hopping that can be enabled using digital systems and signalling.
Continued..
1. Mobile Station Authentication

 The GSM network authenticates the identity of the subscriber through the use of a challenge-response
mechanism.

 A 128-bit Random Number (RAND) is sent to the MS. The MS computes the 32-bit Signed Response
(SRES) based on the encryption of the RAND with the authentication algorithm (A3) using the
individual subscriber authentication key (Ki).

 Upon receiving the SRES from the subscriber, the GSM network repeats the calculation to verify the
identity of the subscriber.
 Continued..
 The individual subscriber authentication key (Ki) is never transmitted over the radio channel, as it is
present in the subscriber's SIM, as well as the AUC, HLR, and VLR databases.

 If the received SRES agrees with the calculated value, the MS has been successfully authenticated and
may continue. If the values do not match, the connection is terminated and an authentication failure is
indicated to the MS.

 The calculation of the signed response is processed within the SIM. It provides enhanced security, as
confidential subscriber information such as the IMSI or the individual subscriber authentication key
(Ki) is never released from the SIM during the authentication process.
Continued..
2. Signalling and Data Confidentiality

 The SIM contains the ciphering key generating algorithm (A8) that is used to produce the 64-bit ciphering key
(Kc). This key is computed by applying the same random number (RAND) used in the authentication process to
ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki).

 GSM provides an additional level of security by having a way to change the ciphering key, making the system
more resistant to eavesdropping. The ciphering key may be changed at regular intervals as required.

 Encrypted voice and data communications between the MS and the network is accomplished by using the ciphering
algorithm A5.

 Encrypted communication is initiated by a ciphering mode request command from the GSM network. Upon receipt
of this command, the mobile station begins encryption and decryption of data using the ciphering algorithm (A5)
and the ciphering key (Kc).
 Continued..
3. Subscriber Identity Confidentiality

 To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI) is used.

 Once the authentication and encryption procedures are done, the TMSI is sent to the mobile station.

 After the receipt, the mobile station responds.

 The TMSI is valid in the location area in which it was issued.

 For communications outside the location area, the Location Area Identification (LAI) is necessary in
addition to the TMSI.
General Packet Radio System (GPRS)

 General Packet Radio System is also known as GPRS is a third-generation step toward internet
access.

 GPRS is also known as GSM-IP that is a Global-System Mobile Communications Internet Protocol as it
keeps the users of this system online, allows to make voice calls, and access internet on-the-go.

 Even Time-Division Multiple Access (TDMA) users benefit from this system as it provides packet radio
access.

 GPRS also permits the network operators to execute an Internet Protocol (IP) based core architecture for
integrated voice and data applications that will continue to be used and expanded for 3G services.
Continued..
 GPRS supersedes the wired connections, as this system has simplified access to the packet data
networks like the internet.

 The packet radio principle is employed by GPRS to transport user data packets in a structure way
between GSM mobile stations and external packet data networks. These packets can be directly routed
to the packet switched networks from the GPRS mobile stations.

 In the current versions of GPRS, networks based on the Internet Protocol (IP) like the global internet
or private/corporate intranets and X.25 networks are supported.
Continued..
Who owns GPRS ?

 The GPRS specifications are written by the European Telecommunications Standard Institute (ETSI), the
European counterpart of the American National Standard Institute (ANSI).

Key Features

 Following three key features describe wireless packet data:

• The always online feature - Removes the dial-up process, making applications only one click away.

• An upgrade to existing systems - Operators do not have to replace their equipment; rather, GPRS is added
on top of the existing infrastructure.

• An integral part of future 3G/5G systems

Continued..
Goals of GPRS

 GPRS is the first step toward an end-to-end wireless infrastructure and has the following goals:

• Open architecture

• Consistent IP services

• Same infrastructure for different air interfaces

• Integrated telephony and Internet infrastructure

• Leverage industry investment in IP

• Service innovation independent of infrastructure

Continued..
Benefits of GPRS

 Higher Data Rate: In the typical GSM mobile, setup alone is a lengthy process and equally, rates for data permission are
restrained to 9.6 kbit/s. The session establishment time offered while GPRS is in practice is lower than one second and
ISDN-line data rates are up to many 10 kbit/s.

 Easy Billing: GPRS packet transmission offers a more user-friendly billing than that offered by circuit switched services.

• In circuit switched services, billing is based on the duration of the connection. This is unsuitable for applications with
bursty traffic. The user must pay for the entire airtime, even for idle periods when no packets are sent (e.g., when the user
reads a Web page).

• In contrast to this, with packet switched services, billing can be based on the amount of transmitted data. The advantage for
the user is that he or she can be "online" over a long period of time but will be billed based on the transmitted data volume.
Continued..
GPRS has opened a wide range of unique services to the mobile wireless subscriber. Some of the characteristics that
have opened a market full of enhanced value services to the users are listed as below.

• Mobility - The ability to maintain constant voice and data communications while on the move.

• Immediacy - Allows subscribers to obtain connectivity when needed, regardless of location and without a lengthy
login session.

• Localization - Allows subscribers to obtain information relevant to their current location.

 Using the above three characteristics varied possible applications are being developed to offer to the mobile
subscribers. These applications, in general, can be divided into two high-level categories:

• Corporation

• Consumer
 Continued..
These two levels further include:

• Communications - E-mail, fax, unified messaging and intranet/internet access, etc.

• Value-added services - Information services and games, etc.

• E-commerce - Retail, ticket purchasing, banking and financial trading, etc.

• Location-based applications - Navigation, traffic conditions, airline/rail schedules and location finder, etc.

• Vertical applications - Freight delivery, fleet management and sales-force automation.

• Advertising - Advertising may be location sensitive. For example, a user entering a mall can receive
advertisements specific to the stores in that mall.
Continued..
Continued..
GSM Network Modification or Upgrade Required for GPRS.
Element
Mobile Station New Mobile Station is required to access GPRS services.
(MS)

BTS A software upgrade is required in the existing Base Transceiver Station(BTS).

BSC The Base Station Controller (BSC) requires a software upgrade and the
installation of new hardware called the packet control unit (PCU).
The PCU directs the data traffic to the GPRS network and can be a separate
hardware element associated with the BSC.
GPRS Support The deployment of GPRS requires the installation of new core network
Nodes (GSNs) elements called the serving GPRS support node (SGSN) and gateway GPRS
support node (GGSN).
Databases (HLR, All the databases involved in the network will require software upgrades to
VLR, etc.) handle the new call models and functions introduced by GPRS.
Continued..
1. GPRS Mobile Stations

 New MS are required to use GPRS services because existing GSM phones do not handle the enhanced air interface
or packet data. These mobile stations are backward compatible for making voice calls using GSM.

2. GPRS Base Station Subsystem

 Each BSC requires the installation of one or more Packet Control Units (PCUs) and a software upgrade.

 The PCU provides a physical and logical data interface to the Base Station Subsystem (BSS) for packet data traffic.

 When either voice or data traffic is originated at the subscriber mobile, it is transported over the air interface to the
BTS, and from the BTS to the BSC in the same way as a standard GSM call.

 However, at the output of the BSC, the traffic is separated; voice is sent to the Mobile Switching Center (MSC) per
standard GSM, and data is sent to a new device called the SGSN via the PCU over a Frame Relay interface.
Continued..
3. GPRS Support Nodes

 Gateway GPRS Support Node (GGSN)

o The Gateway GPRS Support Node acts as an interface and a router to external networks.

o It contains routing information for GPRS mobiles, which is used to tunnel packets through the IP based internal
backbone to the correct Serving GPRS Support Node.

o The GGSN also can act as a packet filter for incoming traffic.

 Serving GPRS Support Node (SGSN)

o The Serving GPRS Support Node is responsible for authentication of GPRS mobiles, registration of mobiles in
the network, mobility management.
Continued..
4. Internal Backbone

o The internal backbone is an IP based network used to carry packets between different GSNs.

o Tunnelling is used between SGSNs and GGSNs, so the internal backbone does not need any
information about domains outside the GPRS network.

5. Routing Area

o GPRS introduces the concept of a Routing Area. This concept is similar to Location Area in GSM,
except that it generally contains fewer cells.

o Because routing areas are smaller than location areas, less radio resources are used while
broadcasting a page message.
Continued..
 The QoS is a vital feature of GPRS services as there are different QoS support requirements for assorted GPRS
applications like realtime multimedia, web browsing, and e-mail transfer. GPRS allows defining QoS profiles
using the following parameters :

• Service Precedence

• Reliability

• Delay

• Throughput
Continued..
1. Service Precedence: The preference given to a service when compared to another service is known as Service
Precedence. This level of priority is classified into three levels called:

• high

• normal

• low

When there is network congestion, the packets of low priority are discarded as compared to high or normal priority packets.

2. Reliability

This parameter signifies the transmission characteristics required by an application. The reliability classes are defined which
guarantee certain maximum values for the probability of loss, duplication, mis-sequencing, and corruption of packets.
Continued..
3. Delay

o The delay is defined as the end-to-end transfer time between two communicating mobile stations or between a
mobile station and the GI interface to an external packet data network.

o This includes all delays within the GPRS network, e.g., the delay for request and assignment of radio resources
and the transit delay in the GPRS backbone network.

o Transfer delays outside the GPRS network, e.g., in external transit networks, are not taken into account.

4. Throughput

The throughput specifies the maximum/peak bit rate and the mean bit rate.
THANK YOU