You are on page 1of 48

Wireless Communications

UniForum Chicago Bill Latura

Context Basic Concepts How a Cell Phone System Works The 3 Gs Cellular Data Networks Wireless Data

Circuit and Packet Switching


A physical path is obtained for and dedicated to a single connection between two end-points in the network for the duration of the connection. Ordinary voice phone service is circuit-switched. The phone company reserves a specific physical path to the number being called for the duration of the call. During that time, no one else can use the physical lines involved. Small units of data called packets are routed through a network based on the destination address contained within each packet. The same data path can be used by many users in the network. This type of communication between sender and receiver is known as connectionless (rather than dedicated). Most traffic over the Internet uses packet switching. The Internet is basically a connectionless network.


Spread Spectrum Transmission

Direct Sequence
Highest power consumption Highest potential data rates Lowest aggregate capacity using multiple physical layers than frequency hopping Smallest number of geographically separate radio cells due to limited channels Greater range than frequency hopping Slices transmission into small coded bits and spreads message across whole spectrum Utilizes wide signal channel

Frequency Hopping
Lower cost Lowest power consumption Most tolerant to signal interference Lower potential data rates Highest aggregate capacity using multiple physical layers Less range than direct sequence Concentrates power in very narrow spectrum Hops in random pattern 100 times/sec Spreads power across band instead of signal


CDMA (Code-Division Multiple Access) a digital cellular technology that uses spread-spectrum techniques. Unlike systems that use TDMA, CDMA does not assign a specific frequency to each user. Instead, every channel uses the full available spectrum. Individual conversations are encoded with a pseudo-random digital sequence. TDMA (Time Division Multiple Access) a technology for delivering digital wireless service using time division multiplexing. TDMA works by dividing a radio frequency into time slots and then allocating slots to multiple calls. In this way, a single frequency can support multiple, simultaneous data channels. TDMA is used by the GSM digital cellular system.

Cellular Networks
All BSs within a cluster are connected to a Mobile Switching Center(MSC). Each MSC of a cluster is then connected to the MSC of other clusters and a PSTN main switching center. The MSC stores information about the subscribers located within the cluster and is responsible for directing calls to them.

Making a Call

2. 3.



Scan Control Channels: Your cell phone needs to use the "closest" base station because that's the one with the strongest signal and the one that will give the best connection. To find the closest base station, your phone checks all 21 control channels and determines which has the strongest signal. Choose Strongest: Your cell phone chooses the strongest signal and decides to use that one for placing the call. Send Origination Message: Your cell phone now transmits a very short message (about 1/4 second) that contains the MIN (Mobile Identification Number, aka your cell phone number), its ESN (Electronic Serial Number), and the number you just dialed. Get Channel Assignment: After the cellular service provider verifies that you are a valid, paying customer (based on the MIN and ESN your phone sent), the base station sends a Channel Assignment message to your phone (also a short 1/4-second burst). This message tells your phone where (that is, on which channel) the conversation will take place. Begin Conversation

A wireless roaming network has five components that make it work:

A database for storing customer profile information such as features, dialing capabilities, and the home serving area identification. This is called the home location register (HLR). A database of mobile numbers used by each switch on the network. A signaling network for transmitting data messages between switches. Routing specifications that direct the data messages to the appropriate destination. Public long-distance connections for call delivery

A registration cycle keeps track of a phone as it travels around the network. It begins when a wireless user powers on their phone. The general steps for this process are: When the phone is powered on, it sends a data message to the cellsite. This data message contains the Mobile Identification Number (MIN or phone number) and the Electronic Serial Number (ESN). The cellsite forwards this information to the switch. The switch compares the MIN with a table of all MINs in the network. It will determine if the MIN belongs to a home customer, or to a visiting customer. In either case, the switch will request the subscriber's feature profile from the Home Location Register (HLR). The HLR for home customers may be integrated into the same switch or stored on a separate platform.

If the HLR is a separate platform, or if the customer is visiting from another system, the switch then sends a data message to the HLR across the signaling network. Routing specifications stored at Signaling Transfer Points (STPs) provide the necessary information to direct the message to the home location register. When the Home Location Register (HLR) receives the message, it checks the MIN & the ESN. If the numbers are valid, the HLR records the location of the phone and returns a message containing the subscriber's feature list and calling restrictions to the visited switch. Once the visited switch receives the return message, it creates a Visitor Location Register (VLR) to store information about the roamer, including the MIN, ESN, features, etc... This register will be used by the roamer as long as they are registered in the visited system.

During a call, the base station would monitor the signal level from the mobile phone. When the mobile phone is moving into a new cell, the signal level will fall to a critical value causing the base station to inform the Mobile Switching Center(MSC) about this event. The MSC would instruct all the surrounding base stations to measure the mobile phone's signal level and transfer control to the base station receiving the strongest signal level. This is known as hand-over and occurs within 400ms, so the phone user is hardly aware of a break. Registration is done again with the new base station. Location information stored in the MSC about this mobile telephone is updated. If the mobile telephone is moved into a cell belonging to a different cluster it would also have to register with the new MSC.

1G (Analog)
Uses frequency division multiple access (FDMA) to communicate (every call in one area uses its own set of channels for communication) No support for wireless data NMT (Nordic Mobile Telephone) is an analog cellular phone system deployed in more than 40 countries in Europe. NMT was the first analog cellular phone system (launched in the Scandinavian countries 1979). The system used originally 450 MHz band (NMT 450), but later when more capacity was needed, it was also adopted for 900 MHz band (NMT 900).

1G (Analog)
AMPS (Advanced Mobile Phone System) is the analog cellular phone system used in North and South America. AMPS uses FDMA and operates at 800 MHz band. AMPS was introduced in the USA in 1983. TACS (Total Access Communication System) was developed in Britain using the 900 MHz band. TACS was based on the AMPS system and was adopted in other countries such as Hong Kong and Japan. ETACS (Extended Total Access Communication System) was developed in the UK and is available in Europe and Asia.

2G (Digital)
Uses digital encoding and includes CDMA, TDMA and GSM. Text messages can be sent on 2G networks, but more bandwidth hungry applications require 2.5G. Circuit switched In the United States, GSM, TDMA, and CDMA are assigned two frequency ranges that include the frequency ranges assigned to analog cellular, 824 MHz to 849 MHz and 869 MHz to 894 MHz, and also the frequency ranges of 1850 to 1910 MHz and 1930 MHz to 1990 MHz.

2G (Digital)
CDMA (Code Division Multiple Access) uses a spread spectrum technique to scatter a radio signal across a wide range of frequencies. IDEN, (Integrated Digital Enhanced Network) is a wireless technology from Motorola combining the capabilities of a digital cellular telephone, two-way radio, alphanumeric pager, and data/fax modem in a single network. iDEN operates in the 800 MHz, 900MHz, and 1.5 GHz bands and is based on time division multiple access (TDMA) and GSM architecture.

2G (Digital)
GSM (Global System for Mobile Communications) is the digital transmission technique widely adopted in Europe and supported in North America. GSM uses 900 MHz and 1800 MHz in Europe. In North America, GSM uses the 1900 MHz band. TDMA (Time Division Multiple Access) divides each cellular channel into three time slots in order to increase the amount of data that can be carried. GSM and D-AMPS use TDMA in one form or another. It is also generally used to describe what was formerly known as D-AMPS. TDMA networks are operated in the United States, Latin America, New Zealand, parts of Russia and Asia Pacific.

2G Vendor Support
Cingular supports TDMA and GSM. Nextel relies on iDEN. T-Mobile supports GSM. AT&T Wireless supports TDMA and GSM networks. Verizon Wireless uses CDMA.

An enhancement to 2G networks that allows them to operate in a "packet switched" manner 2.5G networks incorporate 2G technology with GPRS' higher speeds to support data transport. 2.5G is a bridge from the voice-centric 2G networks to the data-centric 3G networks. GPRS (General Packet Radio Service) is a radio technology for GSM networks that adds packetswitching protocols. As a 2.5G technology, GPRS enables high-speed wireless Internet and other data communications. GPRS networks can deliver SMS, MMS, email, games, and WAP applications.

3G networks promise next-generation service with transmission rates of 144Kbps and higher that can support multimedia applications, such as video, video conferencing and Internet access. Both UMTS (WCDMA) and EDGE will support 3G services. 3G networks operate on a different frequency than 2G networks.

UMTS (Universal Mobile Telecommunications System) or WCDM (Wideband Code Division Multiple Access) was selected as the successor to GSM. It is the European standard for 3G wideband digital radio communications, and it utilizes one 5 MHz channel for both voice and data, offering data speeds up to 2 Mbps. EDGE is a mobile network radio technology that allows current GSM networks to offer 3G services within existing frequencies. As an evolution of GSM/GPRS, EDGE is an upgrade to GPRS' data and GSM's voice networks. EDGE provides data speed three times that of GPRS.

Cellular Data Networks

Short Message Service

Multimedia Message Service

General Packet Radio Service

High Speed Circuit Switched Data

Enhanced Data Rates for Global Evolution

Short Message Service (SMS)

Globally accepted wireless service that enables the transmission of alphanumeric messages between mobile devices and external systems Available in US on GSM-based PCS as well as TDMA and CDMA based cellular systems Short Message Service Center (SMSC) acts as a relay and store and forward system for messages Point to point delivery of messages Active mobile handset is able to receive or send a short message at any time, independent of whether a voice or data call is in progress Utilizes out-of-band packet delivery and low-bandwidth message delivery Guarantees delivery of the short message by the network. Temporary transmission failures are identified, and the message is stored in the network until the destination becomes available

Multimedia Message Service, a store-and-forward method of transmitting graphics, video clips, sound files and short text messages over wireless networks using the WAP protocol. Carriers deploy special servers, dubbed MMS Centers (MMSCs) to implement the offerings on their systems. MMS also supports e-mail addressing, so the device can send e-mails directly to an e-mail address. The most common use of MMS is for communication between mobile phones. MMS, however, is not the same as e-mail. MMS is based on the concept of multimedia messaging. The presentation of the message is coded into the presentation file so that the images, sounds and text are displayed in a predetermined order as one singular message. MMS does not support attachments as e-mail does. To the end user, MMS is similar to SMS.

GPRS (General Packet Radio Service) is a specification for data transfer on TDMA and GSM networks. The theoretical limit for packet switched data is approx. 170 kb/s. A realistic bit rate is 30-70 kb/s. . GPRS supports both TCP/IP and X.25 communications. It provides moderate speed data transfer, by using unused TDMA channels on a GSM network. GSM circuit switch connections are still used for voice, but data is sent and received in "packets" in the same way as it would be in the fixed internet environment. The advantage is that network resources are used more efficiently. Rather than maintaining a circuit for the duration of the connection, which ties up resources regardless of whether anything is actually being sent or received, GPRS only consumes resource when information packets are transmitted.

HSCSD (High Speed Circuit Switched Data) is a specification for data transfer over GSM networks. HSCSD utilizes up to four 9.6Kb or 14.4Kb time slots, for a total bandwidth of 38.4Kb or 57.6Kb. 14.4Kb time slots are only available on GSM networks that operate at 1,800Mhz. 900Mhz GSM networks are limited to 9.6Kb time slots. Therefore, HSCSD is limited to 38.4Kbps on 900Mhz GSM networks. HSCSD can only achieve 57.6Kbps on 1,800Mhz GSM networks.


HSCSD has an advantage over GPRS in that HSCSD supports guaranteed quality of service because of the dedicated circuitswitched communications channel. This makes HSCSD a better protocol for timing-sensitive applications such as image or video transfer. GPRS has the advantage over HSCSD for most data transfer because HSCSD, which is circuit-switched, is less bandwidth efficient with expensive wireless links than GPRS, which is packet-switched. For an application such as downloading, HSCSD may be preferred, since circuit-switched data is usually given priority over packet-switched data on a mobile network, and there are few seconds when no data is being transferred.

Enhanced Data Rates for Global Evolution (EDGE) is a bolton enhancement to 2G and GPRS networks. This technology is compatible with TDMA and GSM networks. EDGE uses the same spectrum allocated for GSM850, GSM900, GSM1800 and GSM1900 operation. Instead of employing GMSK (Gaussian minimum-shift keying) EDGE uses 8PSK (8 Phase Shift Keying) producing a 3bit word for every change in carrier phase. This effectively triples the gross data rate offered by GSM. EDGE, like GPRS, uses a rate adaptation algorithm that adapts the modulation and coding scheme (MCS) used to the quality of the radio channel, and thus the bit rate and robustness of data transmission. It introduces a new technology not found in GPRS, Incremental Redundancy, which, instead of retransmitting disturbed packets, sends more redundancy information to be combined in the receiver. This increases the probability of correct decoding.

Wireless Data 802.11x Bluetooth ZigBee UltraWideBand

Wireless Application Protocol An application communication protocol Used to access services and information Inherited from Internet standards Used for handheld devices such as mobile phones A protocol designed for micro browsers Enables the creating of web applications for mobile devices. Uses the mark-up language WML (not HTML) WML is defined as an XML 1.0 application

The WAP standard is based on HTML, XML and TCP/IP. It consists of a WML language specification, a WMLScript specification, and a Wireless Telephony Application Interface (WTAI) specification. WML stands for Wireless Markup Language. It is a mark-up language inherited from HTML, but WML is based on XML, so it is much stricter than HTML. WML uses WMLScript to run simple code on the client. WMLScript is a light JavaScript language. WML scripts are not embedded in the WML pages. WML pages only contain references to script URLs. WML scripts need to be compiled into byte code on a server before they can run in a WAP browser.

ISM Frequency Bands

The three ISM frequency bands are the only ones available for unlicensed wireless transmission in the US. Only one band has world-wide availability. Industrial, Scientific, and Medical (ISM) spread spectrum modulation  902-928 MHz  2.4-2.4835 GHz (home of microwave oven band)  5.725-5.850 GHz under 1 watt transmitter output power more bandwidth with higher frequencies, which support higher data rates.

802.11x (Wi-Fi)
Standards The following standards exist : IEEE 802.11 - The original 2 Mbit/s, 2.4 GHz standard IEEE 802.11a - 54 Mbit/s, 5 GHz standard IEEE 802.11b - Enhancements to 802.11 to support 5.5 and 11 Mbit/s IEEE 802.11d - New countries IEEE 802.11e - Enhancements: QoS, including packet bursting IEEE 802.11f - Inter-Access Point Protocol (IAPP) IEEE 802.11g - 54 Mbit/s, 2.4 GHz (backwards compatible with b) IEEE 802.11h - 5 GHz spectrum, Dynamic Channel/Frequency Selection (DCS/DFS) and Transmit Power Control (TPC) for European compatibility IEEE 802.11i - Enhanced security IEEE 802.11j - Extensions for Japan IEEE 802.11n - Higher throughput improvements IEEE 802.11p - Adding wireless capabilities to mobile vehicles such as ambulances and passenger cars

802.11b has a range of about 50 meters with the low-gain omnidirectional antennas typically used in 802.11b devices. 802.11b has a maximum throughput of 11 Mbit/s, however a significant percentage of this bandwidth is used for communications overhead; in practice the maximum throughput is about 5.5 Mbit/s. Metal, water, and thick walls absorb 802.11b signals and decrease the range drastically. 802.11 runs in the 2.4 GHz spectrum and uses Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) as its media access method. With high-gain external antennas, the protocol can also be used in fixed point-to-point arrangements, typically at ranges up to 8 kilometers (although some report success at ranges up to 80120 km where line of sight can be established). This is usually done to replace leased lines, or in place of microwave communications equipment. Current cards can operate at 11 Mbit/s, but will scale back to 5.5, then 2, then 1, if signal strength becomes an issue.

The 802.11a standard uses the 5 GHz band, and operates at a raw speed of 54 Mbit/s, and more realistic net achievable speeds in the mid-20 Mbit/s. The speed is reduced to 48, 36, 34, 18, 12, 9 then 6 Mbit/s if required. 802.11a has 12 nonoverlapping channels, 8 dedicated to indoor and 4 to point to point. 802.11a has not seen wide adoption because of the high adoption rate of 802.11b, and because of concerns about range: at 5 GHz, 802.11a cannot reach as far as 802.11b, other things (such as same power limitations) being equal; it is also absorbed more readily. Most manufacturers of 802.11a equipment countered the lack of market success by releasing dual-band or dual-mode/tri-mode cards that can automatically handle 802.11a and b or a, b and g as available. Access point equipment which can support all these standards simultaneously is also available.

802.11g works in the 2.4 GHz band (like 802.11b) but operates at 54 Mbit/s raw, or about 24.7 Mbit/s net, throughput like 802.11a. It is fully backwards compatible with b and uses the same frequencies. In older equipment, however, the presence of an 802.11b participant significantly reduces the speed of an 802.11g network. A new feature called Super G is now integrated in certain access points. These can boost network speeds up to 108 Mbit/s by using channel bonding. This feature may interfere with other networks and may not support all b and g client cards. In addition, packet bursting techniques are also available in some chipsets and products which will also considerably increase speeds. Again, they may not be compatible with some equipment.

In January 2004, IEEE announced that it will develop a new standard for wide-area wireless networks. The real speed would be 100 Mbit/s (even 250 Mbit/s in PHY level), and so up to 4-5 times faster than 802.11g, and perhaps 50 times faster than 802.11b. As projected, 802.11n will also offer a better operating distance than current networks. The standardization progress is expected to be completed by the end of 2006.

802.11 Security (WEP)

Wired Equivalent Privacy A security protocol for wireless local area networks defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN. LANs are inherently more secure than WLANs because LANs are somewhat protected by the physical properties of their structure, having some or all part of the network inside a building that can be protected from unauthorized access. WLANs, which operate over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. Data encryption protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy.

802.11 Security (WEP)

Some versions use the 40-bit key that was originally used to formulate the standard, while other newer versions use a 128-bit (104 in reality) key; to each is added a 24-bit initialization vector (IV) which is transmitted in the clear. When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by an RC4 key. This key is composed of a 24-bit initialization vector (IV) and the 40 (or 104)-bit WEP key. The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. The IV is chosen by the sender and can be changed periodically so every packet won't be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end. The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.

802.11 Security (WEP Weaknesses)

WEP has been widely criticized for a number of weaknesses: A high percentage of wireless networks have WEP disabled because of the administrative overhead of maintaining a shared WEP key. WEP has the same problem as all systems based upon shared keys: any secret held by more than one person soon becomes public knowledge. Take for example an employee who leaves a company they still know the shared WEP key. The ex-employee could sit outside the company with an 802.11 NIC and sniff network traffic or even attack the internal network. The ICV algorithm is not appropriate: The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful choice for a cryptographic hash. Better-designed encryption systems use algorithms such as MD5 or SHA-1 for their ICVs. The initialization vector that seeds the WEP algorithm is sent in the clear. The WEP checksum is linear and predictable.

802.11 Security (WPA)

Wi-Fi Protected Access
The Wi-Fi Alliance has taken a subset of the draft 802.11i standard, calling it WPA, and now certifies devices that meet the requirements. WPA uses Temporal Key Integrity Protocol (TKIP) as the protocol and algorithm to improve security of keys used with WEP. It changes the way keys are derived and rotates keys more often for security. It also adds a message-integrity-check function to prevent packet forgeries. While WPA goes a long way toward addressing the shortcomings of WEP, not all users will be able to take advantage of it. That's because WPA might not be backward-compatible with some legacy devices and operating systems. Moreover, not all users can share the same security infrastructure. Some users will have a PDA and lack the processing resources of a PC. TKIP/WPA will degrade performance unless a WLAN system has hardware that will run and accelerate the WPA protocol. For most WLANs, there's currently a trade-off between security and performance without the presence of hardware acceleration in the access point.

802.11 Security (RSN)

Robust Security Network RSN uses dynamic negotiation of authentication and encryption algorithms between access points and mobile devices. The authentication schemes proposed in the draft standard are based on 802.1X and Extensible Authentication Protocol (EAP). The encryption algorithm is Advanced Encryption Standard (AES). Dynamic negotiation of authentication and encryption algorithms lets RSN evolve with the state of the art in security, adding algorithms to address new threats and continuing to provide the security necessary to protect information that WLANs carry. Using dynamic negotiation, 802.1X, EAP and AES, RSN is significantly stronger than WEP and WPA. However, RSN will run very poorly on legacy devices. Only the latest devices have the hardware required to accelerate the algorithms in clients and access points, providing the performance expected of today's WLAN products. WPA will improve security of legacy devices to a minimally acceptable level, but RSN is the future of over-the-air security for 802.11.

Royalty free operation 721 kbps plus three voice channels 2.402-2.480 GHz unlicensed ISM band Frequency hopping spread spectrum  79 hops separated by 1 MHz Range < 20 feet Transmit power 0.1mW Bluetooth supports both point-to-point and point to multi-point connections. Several Piconets can be established and linked together ad hoc. Each Piconet is identified by a different frequency hopping sequence.

Piconet A

Piconet B

1 4 3 2

Moderate duty cycle, secondary battery lasts same as master Very high QoS and very low, guaranteed latency Quasi-static star network up to seven clients with ability to participate in more than one network Frequency Hopping Spread Spectrum is extremely difficult to create extended networks without large synchronization cost

ZigBee-compliant products take full advantage of a powerful IEEE 802.15.4 physical radio standard and operate in unlicensed bands worldwide at 2.4GHz (global), 915Mhz (Americas) and 868Mhz (Europe). Raw data throughput rates of 250Kbs can be achieved at 2.4GHz (16 channels), 40Kbs at 915Mhz (10 channels) and 20Kbs at 868Mhz (1 channel). Transmission distances range from 10 to 100 meters, depending on power output and environmental characteristics

Very low duty cycle, very long primary battery life Static and dynamic star and mesh networks, >65,000 nodes, with low latency available Ability to remain quiescent for long periods without communications Direct Sequence Spread Spectrum allows devices to sleep without the requirement for close synchronization

ZigBee Applications
Lighting controls Automatic Meter Reading Wireless smoke and CO detectors HVAC control Heating control Home security Environmental controls Blind, drapery and shade controls Medical sensing and monitoring Universal Remote Control to a Set-Top Box which includes Home Control Industrial and building automation

Bluetooth on steroids Designed for short-range, wireless personal area networks (WPANs) enabling wireless connection of multiple devices for transmission of video, audio and other high-bandwidth data. Its use will be to relay data from a host device to other devices in the immediate area (up to 10 meters or 30 feet). UWB uses very low-powered, short-pulse radio signals many times in the picosecond duration range to transfer data over a very wide range of frequencies. A UWB transmission involves billions of pulses spread over several gigahertz.

UWB should deliver bandwidths from about 40Mbps to 600Mbps, and eventually data rates could be up to gigabits-per-second (with higher power). UWB systems consume very little power, around one ten-thousandth of that of cell phones. This makes UWB practical for use in smaller devices, such as cell phones and PDAs, that users carry at all times. Because UWB operates at such low power, it has very little interference impact on other systems. UWB causes less interference than conventional radionetwork solutions. In addition, the relatively wide spectrum that UWB utilizes significantly minimizes the impact of interference from other systems as well.