Introduction to GSM: Mobile Phone Subscribers Worldwide 0 200 400 600 800 1000 1200 1996 1997 1998 1999 2000 2001 2002 yea...
Introduction to GSM:  Development of Mobile Telecommunication Systems 1G 2G 3G 2.5G IS-95 cdmaOne IS-136 TDMA D-AMPS GSM P...
GSM Overview <ul><li>Several first generation analog cellular systems in Europe but incompatible - limited roaming </li></...
GSM: Overview <ul><li>Simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European t...
GSM, cont.. <ul><li>Objectives: </li></ul><ul><ul><li>Broad offering of speech and data services </li></ul></ul><ul><ul><l...
GSM, cont.. <ul><li>13 recommendations </li></ul><ul><ul><li>R.00: Preamble </li></ul></ul><ul><ul><li>R.01: General struc...
GSM, cont.. <ul><ul><li>R.05: Physical layer on radio path: multiple access, channel coding, modulation, transmission </li...
GSM, cont.. <ul><li>Summary of features </li></ul>Channel bandwidth 200 kHz Multiple access TDMA Users/carrier 8 Speech co...
GSM, cont.. <ul><li>Summary of service quality requirements </li></ul>Speech intelligibility 90% Max one-way delay 90 ms M...
GSM:  Performance Characteristics <ul><li>Communication  </li></ul><ul><ul><li>Mobile, wireless communication; support for...
GSM: Mobile Services <ul><li>GSM offers </li></ul><ul><ul><li>Several types of connections </li></ul></ul><ul><ul><ul><li>...
Bearer Services <ul><li>Telecommunication services to transfer data between access points </li></ul><ul><li>Different data...
Tele Services I <ul><li>Offered Services </li></ul><ul><ul><li>Mobile Telephony primary goal of GSM was to enable mobile t...
Tele Services II <ul><li>Additional services </li></ul><ul><ul><li>Non-Voice-Teleservices </li></ul></ul><ul><ul><ul><li>F...
Supplementary Services <ul><li>May differ between different service providers, countries and protocol versions  </li></ul>...
Architecture of the GSM System <ul><li>GSM is a PLMN (Public Land Mobile Network) </li></ul><ul><ul><li>Several providers ...
GSM:  Architecture Overview Fixed Network (PSTN) BSC BSC MSC MSC GMSC OMC, EIR,  AUC VLR HLR NSS with OSS RSS VLR
GSM: Reference Architecture Radio Subsystem (RSS)
GSM General Architecture BSS MSC VLR HLR EIR AUC MT TE MS Um A PSTN BSC BTS BTS OMC NMC ADC OSS BSS MS GSM Public  Land Mo...
System Architecture:  Radio Subsystem <ul><li>Components </li></ul><ul><ul><li>MS  (Mobile Station) </li></ul></ul><ul><ul...
GSM General Architecture, cont.. <ul><li>Mobile station (MS) communicates to base stations through radio interface Um </li...
GSM General Architecture, cont.. <ul><li>Terminal equipment (TE), e.g., telephone set.  </li></ul><ul><li>Contains termina...
GSM General Architecture, cont.. <ul><li>Base station Subsystem (BSS) communicates with mobile switching center through ne...
GSM General Architecture, cont.. <ul><li>Base station controller (BSC) manages radio channels, paging, handoff for several...
GSM General Architecture, cont.. <ul><li>Home location register (HLR) stores subscriber info and part of MS’s location inf...
GSM General Architecture, cont.. <ul><li>Authentication center (AUC) is accessed by HLR to authenticate a user for service...
GSM General Architecture, cont.. <ul><li>Operation subsystem (OSS) contains: Operations and Maintenance Center (OMC), Netw...
System Architecture: Network and Switching Subsystem <ul><li>Components </li></ul><ul><ul><li>MSC  (Mobile Services Switch...
Radio Subsystem <ul><li>The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers </li><...
Mobile Station <ul><li>Terminal for the use of GSM services </li></ul><ul><li>A mobile station (MS) comprises two elements...
Base Station Subsystem <ul><li>Base Transceiver Station and Base Station Controller </li></ul><ul><ul><li>Tasks of a BSS a...
GSM: Cellular Network <ul><ul><li>use of several carrier frequencies </li></ul></ul><ul><ul><li>not the same frequency in ...
Network and Switching Subsystem <ul><li>NSS is the main component of the public mobile network GSM </li></ul><ul><ul><li>S...
Network and Switching Subsystem <ul><ul><li>Databases (important: scalability, high capacity, low delay) </li></ul></ul><u...
Network and Switching Subsystem <ul><ul><li>Authentication Center (AUC) </li></ul></ul><ul><ul><ul><li>Generates user spec...
Mobile Service Switching Center <ul><li>The MSC (mobile switching center) plays a central role in GSM </li></ul><ul><ul><l...
Mobile Service Switching Center <ul><li>Functions of a MSC </li></ul><ul><ul><li>specific functions for paging and call fo...
Mechanisms to Support Mobility <ul><li>Registration </li></ul><ul><ul><li>Performed as soon as the mobile unit is powered ...
Registration Procedure <ul><li>As we turn on an MS, it passively synchronizes to the frequency, and frame timings of the c...
Registration Procedure:  MS turned on in a New MSC Area <ul><li>1-4: A radio channel is established between the MS and BSS...
Call Establishment:  Mobile Originated Call <ul><li>1-5: Similar to registration procedure </li></ul><ul><li>6-7: Cipherin...
Mobile Originated Call <ul><li>1, 2: connection    request </li></ul><ul><li>3, 4: security check </li></ul><ul><li>5-8: c...
Call Establishment:  Mobile Terminated Call <ul><li>After dialing, the PSTN directs the call to the MSC of the destination...
Mobile Terminated Call <ul><li>1: calling a GSM subscriber </li></ul><ul><li>2: forwarding call to GMSC </li></ul><ul><li>...
Handoff (Handover in Europe) <ul><li>Two types </li></ul><ul><ul><li>Internal: between BTSs that belong to the same BSSs <...
Handoff Decision receive level BTS old receive level BTS old MS MS Hysteresis MARGIN BTS old BTS new
Handoff Procedure Mobile-assisted Handoff
Handoff Procedure HO access BTS old BSC new measurement result BSC old Link establishment MSC MS measurement report HO dec...
Security in GSM <ul><li>Security Services (Features) </li></ul><ul><ul><li>Access Control/Authentication (Identity Authent...
Security in GSM <ul><li>3 algorithms specified in GSM </li></ul><ul><ul><li>A3 for authentication (“secret”) </li></ul></u...
Security in GSM <ul><li>Service Request authentication procedure includes: </li></ul><ul><li>* Mobile transmitting its Tem...
The GSM Protocol Architecture
GSM Protocol Stack <ul><li>Layer 1: Physical layer </li></ul><ul><ul><li>A and A-bis interfaces follow the ISDN standard w...
Physical Packets Bursts <ul><li>Normal Burst (NB) </li></ul><ul><ul><li>3 tail bits (TBs) at the beginning and end (gap ti...
GSM – TDMA/FDMA ( 124 Frequencies; in each Freq there are 8 channels (time slots)) 935-960 MHz 124 channels (200 kHz) Down...
GSM Physical Channels : : Frequency 124 Frequency 2 Frequency 1 Ch 1 Timeslot 1 Ch 2 Ch 3 Ch 4 Ch 5 Ch 6 Ch 7 Ch 8 Ch 1 Ch...
GSM-Channels <ul><li>The total RF Spectrum (~50 MHz) is located in 890-915 MHz (upstream) and 935 – 960MHz (downstream) </...
GSM-Channels <ul><li>For a given channel the uplink F_u and downlink F_d frequency can be obtained from  </li></ul><ul><li...
GSM-Channel & Frames <ul><li>When an MS is assigned to an information channel, a radio channel and a timeslot are also ass...
GSM Hierarchy of Frame Structure Hyperframe (=2048 superframes=2,715,648 frames=21,725,184slots) 0 1 2 2045 2046 2047 ... ...
GSM Logical Channel Structure CCH  TCH/F TCH/H BCH CCCH DCCH FCCH SCH BCCH PCH AGCH RACH TCH  CBCH ACCH SDCCH FACCH SACCH
GSM Channel Types <ul><li>3 groups of logical (i.e., Virtual Circuits) channels, TCH, CCH and CBCH, which are realized on ...
GSM Logical Channels <ul><li>Traffic (TCH) Channels:   </li></ul><ul><li>Two-way, carrying voice and data </li></ul><ul><u...
GSM Logical Channels, cont.. <ul><li>CCH consists of 3 groups of logical control channels, BCH, CCCH and DCCH </li></ul><u...
GSM Logical Channels <ul><ul><li>FCCH (Frequency Correction Channel):   </li></ul></ul><ul><ul><li>An MS uses it to synchr...
GSM Logical Channels, cont… <ul><li>CCCH (Common Control Channel)  One way:  </li></ul><ul><li>Consists of three sub-chann...
GSM Logical Channels, cont… <ul><li>DCCH (Dedicated Control Channel):  bi-directional point-to-point -- main signaling cha...
GSM Logical Channels, cont… <ul><ul><li>ACCH consists of two sub-channels, SACCH and FACCH </li></ul></ul><ul><ul><ul><li>...
Upcoming SlideShare
Loading in …5
×

CHAPTER 8 (PART I: 2G PCS Systems

2,091 views
1,960 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,091
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
139
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CHAPTER 8 (PART I: 2G PCS Systems

  1. 2. Introduction to GSM: Mobile Phone Subscribers Worldwide 0 200 400 600 800 1000 1200 1996 1997 1998 1999 2000 2001 2002 year Subscribers [million] GSM total TDMA total CDMA total PDC total Analogue total Total wireless Prediction (1998)
  2. 3. Introduction to GSM: Development of Mobile Telecommunication Systems 1G 2G 3G 2.5G IS-95 cdmaOne IS-136 TDMA D-AMPS GSM PDC GPRS IMT-DS UTRA FDD / W-CDMA EDGE IMT-TC UTRA TDD / TD-CDMA cdma2000 1X 1X EV-DV (3X) AMPS NMT IMT-SC IS-136HS UWC-136 IMT-TC TD-SCDMA CT0/1 CT2 IMT-FT DECT CDMA TDMA FDMA IMT-MC cdma2000 1X EV-DO
  3. 4. GSM Overview <ul><li>Several first generation analog cellular systems in Europe but incompatible - limited roaming </li></ul><ul><li>1987-1989 ETSI standards for pan-European Global System for Mobile Communications (GSM, originally Group Spe’ciale Mobile 1982) at 900 MHz </li></ul><ul><ul><li>1992 GSM is launched </li></ul></ul><ul><ul><li>1990-1993 Standards for Digital Cellular System at 1800 MHz (DCS 1800, recently renamed GSM 1800; US version is PCS 1900) </li></ul></ul>
  4. 5. GSM: Overview <ul><li>Simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European telecommunication administrations  seamless roaming within Europe possible </li></ul><ul><li>Today many providers all over the world use GSM (more than 184 countries in Asia, Africa, Europe, Australia, America) </li></ul><ul><li>More than 747 million subscribers </li></ul><ul><li>More than 70% of all digital mobile phones use GSM </li></ul>
  5. 6. GSM, cont.. <ul><li>Objectives: </li></ul><ul><ul><li>Broad offering of speech and data services </li></ul></ul><ul><ul><li>Compatible with wireline networks </li></ul></ul><ul><ul><li>Automatic roaming and handoff </li></ul></ul><ul><ul><li>Highly efficient use of frequency spectrum </li></ul></ul><ul><ul><li>Support for different types of mobile terminal equipment (e.g., cars, portable handsets) </li></ul></ul><ul><ul><li>Digital signaling and transmission </li></ul></ul><ul><ul><li>Low cost infrastructure and terminal equipment </li></ul></ul>
  6. 7. GSM, cont.. <ul><li>13 recommendations </li></ul><ul><ul><li>R.00: Preamble </li></ul></ul><ul><ul><li>R.01: General structure of recommendations, GSM overview </li></ul></ul><ul><ul><li>R.02: Service aspects: types of services </li></ul></ul><ul><ul><li>R.03: Network aspects: architecture, call routing, performance objectives </li></ul></ul><ul><ul><li>R.04: Mobile/base station interface and protocols </li></ul></ul>
  7. 8. GSM, cont.. <ul><ul><li>R.05: Physical layer on radio path: multiple access, channel coding, modulation, transmission </li></ul></ul><ul><ul><li>R.06: Speech coding aspects </li></ul></ul><ul><ul><li>R.07: Terminal adaptors for mobile stations </li></ul></ul><ul><ul><li>R.08: Base station and mobile switching center (MSC) interface </li></ul></ul><ul><ul><li>R.09: Interworking with PSTN and packet data networks </li></ul></ul><ul><ul><li>R.10: Service interworking, short message service </li></ul></ul><ul><ul><li>R.11: Equipment specification </li></ul></ul><ul><ul><li>R.12: Operation and maintenance, tariffs, traffic administration </li></ul></ul>
  8. 9. GSM, cont.. <ul><li>Summary of features </li></ul>Channel bandwidth 200 kHz Multiple access TDMA Users/carrier 8 Speech coding rate 13 kb/s FEC coded speech rate 22.8 kb/s
  9. 10. GSM, cont.. <ul><li>Summary of service quality requirements </li></ul>Speech intelligibility 90% Max one-way delay 90 ms Max handoff gap 150 ms if intercell Time to alert mobile of inbound cell 4 sec first attempt, 15 sec final attempt Release time to called network 2 sec Connect time to called network 4 sec
  10. 11. GSM: Performance Characteristics <ul><li>Communication </li></ul><ul><ul><li>Mobile, wireless communication; support for voice and data services </li></ul></ul><ul><li>Total mobility </li></ul><ul><ul><li>International access, chip-card enables use of access points for different providers </li></ul></ul><ul><li>Worldwide connectivity </li></ul><ul><ul><li>One number, the network handles localization </li></ul></ul><ul><li>High capacity </li></ul><ul><ul><li>Better frequency efficiency, smaller cells, more customers per cell </li></ul></ul><ul><li>High transmission quality </li></ul><ul><ul><li>High audio quality and reliability for wireless, uninterrupted phone calls at higher speeds (e.g., from cars, trains) </li></ul></ul><ul><li>Security functions </li></ul><ul><ul><li>Access control, authentication via chip-card and PIN </li></ul></ul>
  11. 12. GSM: Mobile Services <ul><li>GSM offers </li></ul><ul><ul><li>Several types of connections </li></ul></ul><ul><ul><ul><li>Voice connections, data connections, short message service </li></ul></ul></ul><ul><ul><li>Multi-service options (combination of basic services) </li></ul></ul><ul><li>Three service domains </li></ul><ul><ul><li>Bearer Services </li></ul></ul><ul><ul><li>Telematic Services </li></ul></ul><ul><ul><li>Supplementary Services </li></ul></ul>
  12. 13. Bearer Services <ul><li>Telecommunication services to transfer data between access points </li></ul><ul><li>Different data rates for voice and data (original standard) </li></ul><ul><ul><li>Data service (circuit switched) </li></ul></ul><ul><ul><ul><li>synchronous: 2.4, 4.8 or 9.6 kbit/s </li></ul></ul></ul><ul><ul><ul><li>asynchronous: 300 - 1200 bit/s </li></ul></ul></ul><ul><ul><li>Data service (packet switched) </li></ul></ul><ul><ul><ul><li>synchronous: 2.4, 4.8 or 9.6 kbit/s </li></ul></ul></ul><ul><ul><ul><li>asynchronous: 300 - 9600 bit/s </li></ul></ul></ul><ul><li>Today: data rates of approx. 50 kbit/s possible </li></ul>
  13. 14. Tele Services I <ul><li>Offered Services </li></ul><ul><ul><li>Mobile Telephony primary goal of GSM was to enable mobile telephony offering the traditional bandwidth of 3.1 kHz </li></ul></ul><ul><ul><li>Emergency Number common number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible) </li></ul></ul>
  14. 15. Tele Services II <ul><li>Additional services </li></ul><ul><ul><li>Non-Voice-Teleservices </li></ul></ul><ul><ul><ul><li>Fax </li></ul></ul></ul><ul><ul><ul><li>Voice mailbox (implemented in the fixed network supporting the mobile terminals) </li></ul></ul></ul><ul><ul><ul><li>Electronic mail (MHS, Message Handling System, implemented in the fixed network) </li></ul></ul></ul><ul><ul><ul><li>Short Message Service (SMS) alphanumeric data transmission to/from the mobile terminal using the signaling channel, thus allowing simultaneous use of basic services and SMS </li></ul></ul></ul>
  15. 16. Supplementary Services <ul><li>May differ between different service providers, countries and protocol versions </li></ul><ul><li>Important services </li></ul><ul><ul><li>Identification: forwarding of caller number </li></ul></ul><ul><ul><li>Suppression of number forwarding </li></ul></ul><ul><ul><li>Automatic call-back </li></ul></ul><ul><ul><li>Conferencing with up to 7 participants </li></ul></ul><ul><ul><li>Locking of the mobile terminal (incoming or outgoing calls) </li></ul></ul><ul><ul><li>... </li></ul></ul>
  16. 17. Architecture of the GSM System <ul><li>GSM is a PLMN (Public Land Mobile Network) </li></ul><ul><ul><li>Several providers setup mobile networks following the GSM standard within each country </li></ul></ul><ul><ul><li>Components </li></ul></ul><ul><ul><ul><li>MS (Mobile Station) </li></ul></ul></ul><ul><ul><ul><li>BS (Base Station) </li></ul></ul></ul><ul><ul><ul><li>MSC (Mobile Switching Center) </li></ul></ul></ul><ul><ul><ul><li>LR (Location Register) </li></ul></ul></ul><ul><ul><li>Subsystems </li></ul></ul><ul><ul><ul><li>RSS (Radio Subsystem): covers all radio aspects </li></ul></ul></ul><ul><ul><ul><li>NSS (Network and Switching Subsystem): call forwarding, handover, switching </li></ul></ul></ul><ul><ul><ul><li>OSS (Operation Subsystem): management of the network </li></ul></ul></ul>
  17. 18. GSM: Architecture Overview Fixed Network (PSTN) BSC BSC MSC MSC GMSC OMC, EIR, AUC VLR HLR NSS with OSS RSS VLR
  18. 19. GSM: Reference Architecture Radio Subsystem (RSS)
  19. 20. GSM General Architecture BSS MSC VLR HLR EIR AUC MT TE MS Um A PSTN BSC BTS BTS OMC NMC ADC OSS BSS MS GSM Public Land Mobile Network (PLMN) OSS: Operation Subsystem BSS: Base Station Subsystem MS: Mobile Station (Mobile User) Abis
  20. 21. System Architecture: Radio Subsystem <ul><li>Components </li></ul><ul><ul><li>MS (Mobile Station) </li></ul></ul><ul><ul><li>BSS (Base Station Subsystem): consisting of </li></ul></ul><ul><ul><ul><li>BTS (Base Transceiver Station): sender and receiver </li></ul></ul></ul><ul><ul><ul><li>BSC (Base Station Controller): controlling several transceivers </li></ul></ul></ul><ul><li>Interfaces </li></ul><ul><ul><li>U m : radio interface </li></ul></ul><ul><ul><li>A bis : standardized, open interface with 16 kbit/s user channels </li></ul></ul><ul><ul><li>A : standardized, open interface with 64 kbit/s user channels </li></ul></ul>U m A bis A BSS Radio Subsystem Network and Switching Subsystem MS MS BTS BSC MSC BTS BTS BSC BTS MSC
  21. 22. GSM General Architecture, cont.. <ul><li>Mobile station (MS) communicates to base stations through radio interface Um </li></ul><ul><li>Mobile termination (MT) supports physical channel between MS and base station (radio transmission, channel coding, speech coding) </li></ul>
  22. 23. GSM General Architecture, cont.. <ul><li>Terminal equipment (TE), e.g., telephone set. </li></ul><ul><li>Contains terminal/user-specific data in form of smart card (subscriber identify module or SIM card), plugs into any GSM terminal like credit card and identifies user to network for personal mobility (in addition to terminal mobility) and security </li></ul>
  23. 24. GSM General Architecture, cont.. <ul><li>Base station Subsystem (BSS) communicates with mobile switching center through network interface A </li></ul><ul><li>Base Transceiver Station (BTS) handles channel allocation, signaling, frequency hopping, handover initiation, etc. </li></ul><ul><li>BTS communicates with BSC using Abis interface </li></ul>
  24. 25. GSM General Architecture, cont.. <ul><li>Base station controller (BSC) manages radio channels, paging, handoff for several BTSs </li></ul><ul><li>BSC communicates with MSC using A interface </li></ul><ul><li>Mobile switching center (MSC) is gateway to PSTN and packet data networks </li></ul><ul><li>Performs switching, paging functions, MS location updating, handoff control, etc. </li></ul>
  25. 26. GSM General Architecture, cont.. <ul><li>Home location register (HLR) stores subscriber info and part of MS’s location info to route incoming calls to visitor location register (VLR) where mobile is roaming </li></ul><ul><li>VLR registers users roaming in its area and assigns roaming numbers </li></ul>
  26. 27. GSM General Architecture, cont.. <ul><li>Authentication center (AUC) is accessed by HLR to authenticate a user for service. </li></ul><ul><li>It contains authentication and encryption keys for subscribers </li></ul><ul><li>Equipment identity register (EIR) allows stolen or fraudulent mobile stations to be identified </li></ul>
  27. 28. GSM General Architecture, cont.. <ul><li>Operation subsystem (OSS) contains: Operations and Maintenance Center (OMC), Network Management Center (NMC), and Administration Center (ADC). </li></ul><ul><li>These network elements work together to monitor, control, maintain, and manage the network </li></ul>
  28. 29. System Architecture: Network and Switching Subsystem <ul><li>Components </li></ul><ul><ul><li>MSC (Mobile Services Switching Center): </li></ul></ul><ul><ul><li>ISDN (Integrated Services Digital Network) </li></ul></ul><ul><ul><li>PSTN (Public Switched Telephone Network) </li></ul></ul><ul><li>Databases </li></ul><ul><ul><li>HLR (Home Location R egister) </li></ul></ul><ul><ul><li>VLR (Visitor Location R egister) </li></ul></ul><ul><ul><li>EIR (Equipment Identity Register) </li></ul></ul>network subsystem fixed partner networks MSC MSC ISDN PSTN SS7 EIR HLR VLR ISDN PSTN
  29. 30. Radio Subsystem <ul><li>The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers </li></ul><ul><li>Components </li></ul><ul><ul><li>Mobile Stations (MS) </li></ul></ul><ul><ul><li>Base Station Subsystem (BSS): </li></ul></ul><ul><ul><ul><li>Base Transceiver Station (BTS): radio components including sender, receiver, antenna - if directed antennas are used one BTS can cover several cells </li></ul></ul></ul><ul><ul><ul><li>Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels (U m ) onto terrestrial channels (A interface) </li></ul></ul></ul><ul><ul><ul><li>BSS = BSC + sum(BTS) + interconnection </li></ul></ul></ul>
  30. 31. Mobile Station <ul><li>Terminal for the use of GSM services </li></ul><ul><li>A mobile station (MS) comprises two elements: </li></ul><ul><ul><li>ME (Mobile Equipment): </li></ul></ul><ul><ul><ul><li>Peripheral device of the MS, offers services to a user </li></ul></ul></ul><ul><ul><ul><li>Speaker, microphone, keypad, and radio modem </li></ul></ul></ul><ul><ul><ul><li>Usually subsidized by the service provider to encourage new subscribers </li></ul></ul></ul><ul><ul><li>SIM (Subscriber Identity Module): </li></ul></ul><ul><ul><ul><li>Smart card issued at subscription time </li></ul></ul></ul><ul><ul><ul><li>Personalization of the mobile terminal, stores user parameters such as address and type of service </li></ul></ul></ul><ul><ul><ul><li>Calls are directed to the SIM rather than the terminal </li></ul></ul></ul><ul><ul><ul><li>Stores short messages </li></ul></ul></ul><ul><ul><ul><li>Carries a PIN number that needs to be verified to make the information on the card available to the user. </li></ul></ul></ul>
  31. 32. Base Station Subsystem <ul><li>Base Transceiver Station and Base Station Controller </li></ul><ul><ul><li>Tasks of a BSS are distributed over BSC and BTS </li></ul></ul><ul><ul><li>BTS comprises radio specific functions </li></ul></ul><ul><ul><li>BSC is the switching center for radio channels </li></ul></ul>
  32. 33. GSM: Cellular Network <ul><ul><li>use of several carrier frequencies </li></ul></ul><ul><ul><li>not the same frequency in adjoining cells </li></ul></ul><ul><ul><li>cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. </li></ul></ul><ul><ul><li>hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) </li></ul></ul><ul><ul><li>if a mobile user changes cells  handover of the connection to the neighbor cell </li></ul></ul>possible radio coverage of the cell idealized shape of the cell segmentation of the area into cells cell
  33. 34. Network and Switching Subsystem <ul><li>NSS is the main component of the public mobile network GSM </li></ul><ul><ul><li>Switching, mobility management, interconnection to other networks, system control </li></ul></ul><ul><li>Components </li></ul><ul><ul><li>Mobile Services Switching Center (MSC) </li></ul></ul><ul><ul><ul><li>Controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC </li></ul></ul></ul>
  34. 35. Network and Switching Subsystem <ul><ul><li>Databases (important: scalability, high capacity, low delay) </li></ul></ul><ul><ul><ul><li>Home Location Register (HLR): central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs) </li></ul></ul></ul><ul><ul><ul><li>Visitor Location Register (VLR): local database for a subset of user data, including data about all user currently in the domain of the VLR </li></ul></ul></ul><ul><ul><ul><li>Equipment Identity Register (EIR): registers GSM mobile stations and user rights. Stolen or malfunctioning mobile stations can be locked and sometimes even localized. </li></ul></ul></ul>
  35. 36. Network and Switching Subsystem <ul><ul><li>Authentication Center (AUC) </li></ul></ul><ul><ul><ul><li>Generates user specific authentication parameters on request of a VLR </li></ul></ul></ul><ul><ul><ul><li>Authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system </li></ul></ul></ul>
  36. 37. Mobile Service Switching Center <ul><li>The MSC (mobile switching center) plays a central role in GSM </li></ul><ul><ul><li>switching functions </li></ul></ul><ul><ul><li>additional functions for mobility support </li></ul></ul><ul><ul><li>management of network resources </li></ul></ul><ul><ul><li>interworking functions via Gateway MSC (GMSC) </li></ul></ul><ul><ul><li>integration of several databases </li></ul></ul>
  37. 38. Mobile Service Switching Center <ul><li>Functions of a MSC </li></ul><ul><ul><li>specific functions for paging and call forwarding </li></ul></ul><ul><ul><li>termination of SS7 (signaling system no. 7) </li></ul></ul><ul><ul><li>mobility specific signaling </li></ul></ul><ul><ul><li>location registration and forwarding of location information </li></ul></ul><ul><ul><li>provision of new services (fax, data calls) </li></ul></ul><ul><ul><li>support of short message service (SMS) </li></ul></ul><ul><ul><li>generation and forwarding of accounting and billing information </li></ul></ul>
  38. 39. Mechanisms to Support Mobility <ul><li>Registration </li></ul><ul><ul><li>Performed as soon as the mobile unit is powered on </li></ul></ul><ul><li>Call establishment </li></ul><ul><ul><li>Performed when the user initiates or receives a call </li></ul></ul><ul><li>Handover </li></ul><ul><ul><li>Performed when the MS needs to change its connection point to the network </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>Protects from fraud and eavesdropping </li></ul></ul>
  39. 40. Registration Procedure <ul><li>As we turn on an MS, it passively synchronizes to the frequency, and frame timings of the closest BS to get ready for information exchange. </li></ul><ul><li>The MS then listens to advertisements from the BS regarding system and cell identity to determine its location in the network. </li></ul><ul><li>If the current location is not the same, the MS initiates a registration procedure. </li></ul>
  40. 41. Registration Procedure: MS turned on in a New MSC Area <ul><li>1-4: A radio channel is established between the MS and BSS to process the registration </li></ul><ul><li>5-8: The NSS authenticates the MS </li></ul><ul><li>9-11: A TMSI (Temporary Mobile Subscriber Identity) is assigned and updates are made in the VLR and HLR </li></ul><ul><li>12: The temporary radio channel is released. </li></ul>
  41. 42. Call Establishment: Mobile Originated Call <ul><li>1-5: Similar to registration procedure </li></ul><ul><li>6-7: Ciphering to protect against eavesdropping </li></ul><ul><li>8-15: Similar procedure as in POTS (Plain Old Telephone Service), except for the additional traffic channel assignment procedure (10-11) </li></ul>
  42. 43. Mobile Originated Call <ul><li>1, 2: connection request </li></ul><ul><li>3, 4: security check </li></ul><ul><li>5-8: check resources (free circuit) </li></ul><ul><li>9-10: set up call </li></ul>GMSC VLR BSS MSC MS 1 2 6 5 3 4 9 10 7 8 PSTN
  43. 44. Call Establishment: Mobile Terminated Call <ul><li>After dialing, the PSTN directs the call to the MSC of the destination address </li></ul><ul><li>The MSC requests routing information from the HLR </li></ul><ul><li>Since the MS is in another area, the address of the new MSC is given to the original MSC. It contacts the new MSC. </li></ul><ul><li>The VLR of the new MSC initiates a paging procedure in all BSS under the control of the new MSC </li></ul><ul><li>After a reply from the MS, a link is established for communication. </li></ul>
  44. 45. Mobile Terminated Call <ul><li>1: calling a GSM subscriber </li></ul><ul><li>2: forwarding call to GMSC </li></ul><ul><li>3: signal call setup to HLR </li></ul><ul><li>4, 5: request MSRN from VLR </li></ul><ul><li>6: forward responsible MSC to GMSC </li></ul><ul><li>7: forward call to current MSC </li></ul><ul><li>8, 9: get current status of MS </li></ul><ul><li>10, 11: paging of MS </li></ul><ul><li>12, 13: MS answers </li></ul><ul><li>14, 15: security checks </li></ul><ul><li>16, 17: set up connection </li></ul>calling station GMSC HLR VLR BSS BSS BSS MSC MS 1 2 3 4 5 6 7 8 9 10 11 12 13 16 10 10 11 11 11 14 15 17 PSTN
  45. 46. Handoff (Handover in Europe) <ul><li>Two types </li></ul><ul><ul><li>Internal: between BTSs that belong to the same BSSs </li></ul></ul><ul><ul><li>External: between two different BSSs controlled by the same MSC </li></ul></ul><ul><li>Sometimes there are handoffs between BSSs that are controlled by two different MSCs (the old MSC continues to handle call management) </li></ul><ul><li>Reasons to handoff: </li></ul><ul><ul><li>Signal strength deterioration at the edge of a cell </li></ul></ul><ul><ul><li>Traffic balancing (to easy traffic congestion) </li></ul></ul>
  46. 47. Handoff Decision receive level BTS old receive level BTS old MS MS Hysteresis MARGIN BTS old BTS new
  47. 48. Handoff Procedure Mobile-assisted Handoff
  48. 49. Handoff Procedure HO access BTS old BSC new measurement result BSC old Link establishment MSC MS measurement report HO decision HO required BTS new HO request resource allocation ch. activation ch. activation ack HO request ack HO command HO command HO command HO complete HO complete clear command clear command clear complete clear complete
  49. 50. Security in GSM <ul><li>Security Services (Features) </li></ul><ul><ul><li>Access Control/Authentication (Identity Authentication) </li></ul></ul><ul><ul><ul><li>User is assigned SIM (Subscriber Identity Module) at the subscription time which contains </li></ul></ul></ul><ul><ul><ul><li>* IMSI: International Mobile Subscriber Identity </li></ul></ul></ul><ul><ul><ul><li>* Individual Subscriber Authentication Key (Secret PIN) (Personal Identification Number) </li></ul></ul></ul><ul><ul><ul><li>* and the Authentication Algorithm (Challenge response method) </li></ul></ul></ul><ul><ul><li>Identity Confidentiality </li></ul></ul><ul><ul><ul><li>voice and signaling encrypted on the wireless link (after successful authentication) </li></ul></ul></ul><ul><ul><li>User Data Confidentiality (Privacy/Anonymity) </li></ul></ul><ul><ul><ul><li>temporary identity TMSI (Temporary Mobile Subscriber Identity) </li></ul></ul></ul><ul><ul><ul><li>newly assigned at each new location update (LUP) </li></ul></ul></ul><ul><ul><ul><li>encrypted transmission </li></ul></ul></ul>
  50. 51. Security in GSM <ul><li>3 algorithms specified in GSM </li></ul><ul><ul><li>A3 for authentication (“secret”) </li></ul></ul><ul><ul><li>A5 for encryption (standardized) </li></ul></ul><ul><ul><li>A8 for key generation (“secret”) </li></ul></ul><ul><li>A5 uses a key of 128 bits, and the “response to the challenge” is 32 bits long – not very secure </li></ul><ul><li>Key information is not shared between systems: </li></ul><ul><ul><li>A triple consisting of the random number used in challenge, challenge response, and the data encryption key are exchanged between the VLR and the HLR. </li></ul></ul><ul><ul><li>The VLR verifies if the response generated by the MS is the same. </li></ul></ul>
  51. 52. Security in GSM <ul><li>Service Request authentication procedure includes: </li></ul><ul><li>* Mobile transmitting its Temporary IMSI (TIMSI) </li></ul><ul><li>* Network replying with a randomly generated number (RAND) </li></ul><ul><li>* Mobile computes the Signed Response (SRES) using the </li></ul><ul><li>authentiction algorithm, the key (which is a function of the </li></ul><ul><li>frame number) and RAND, and sends the SRES back to the </li></ul><ul><li>network </li></ul><ul><li>* Network compares the SRES from the mobile with its </li></ul><ul><li>computation of the SRES and authenticates a user or not. </li></ul><ul><li>Privacy is provided by a Temporary Mobile Subscription Identity (TMSI) valid during its binding to a VLR and computed after the authentication procedure. </li></ul><ul><li>IMSI (on the SIM CARD)  15 digits </li></ul><ul><li>* MCC (Mobile Country Code) (3 digits) </li></ul><ul><li>* MNC (Mobile Network Code) (2 digits) </li></ul><ul><li>* MSIN (Mobile Subscriber Identifier) (2 digits) </li></ul><ul><li>* NMSI (Network Mobil Subscriber Identifier) (2 digits) </li></ul>
  52. 53. The GSM Protocol Architecture
  53. 54. GSM Protocol Stack <ul><li>Layer 1: Physical layer </li></ul><ul><ul><li>A and A-bis interfaces follow the ISDN standard with 64 kbps digital data per voice user </li></ul></ul><ul><ul><li>The new physical later in GSM is for the U m air interface </li></ul></ul><ul><ul><li>Specifies how the voice and data are formatted into packets and sent through the radio channel </li></ul></ul><ul><ul><li>Specifies radio modem details, structure of traffic and control packets in the air </li></ul></ul><ul><ul><li>Modulation and coding techniques, power control methodology, and time synchronization approaches which enable establishment and maintenance of channels </li></ul></ul>
  54. 55. Physical Packets Bursts <ul><li>Normal Burst (NB) </li></ul><ul><ul><li>3 tail bits (TBs) at the beginning and end (gap time) </li></ul></ul><ul><ul><li>8.25 bits of gap period </li></ul></ul><ul><ul><li>Two sets of 58 bits (116) encrypted bits: 114 bits of data and two flags to indicate user traffic or signaling and control </li></ul></ul><ul><ul><li>26-bit training sequence for the equalizers </li></ul></ul><ul><li>Frequency-correction burst (FB) </li></ul><ul><ul><li>Broadcasted by the BSs. The MS uses it to synchronize with the master clock in the system </li></ul></ul><ul><li>Synchronization burst (SB) </li></ul><ul><ul><li>Forwarded by the BTS. The MS uses it for training of the equalizer, learning of network identity and to synchronize the time slots </li></ul></ul><ul><li>Random access burst (RAB) </li></ul><ul><ul><li>Use by the MS to access the BS as it registers to the network </li></ul></ul>
  55. 56. GSM – TDMA/FDMA ( 124 Frequencies; in each Freq there are 8 channels (time slots)) 935-960 MHz 124 channels (200 kHz) Downlink 890-915 MHz 124 channels (200 kHz) Uplink frequency time GSM TDMA Frame GSM Time-Slot (normal burst) tail user data Training S guard space S user data tail guard space 3 bits 57 bits 26 bits 57 bits 1 1 3 Each TDM channel occupies the 200 kHz carrier for 577 ms every 4.615 ms Each channel is separated in time via a frame Each frame is subdivided into 8 GSM time-slots Each slot represents a physical TDM channel and lasts for 577 µ s 1 2 3 4 5 6 7 8 4.615 ms 577 µs
  56. 57. GSM Physical Channels : : Frequency 124 Frequency 2 Frequency 1 Ch 1 Timeslot 1 Ch 2 Ch 3 Ch 4 Ch 5 Ch 6 Ch 7 Ch 8 Ch 1 Ch 2 Ch 3 Ch 4 Ch 5 Ch 6 Ch 7 Ch 8 Ch 1 Ch 2 Ch 3 Ch 4 Ch 5 Ch 6 Ch 7 Ch 8 : : 2 3 4 5 6 7 8 TDMA frame = 4.615 ms
  57. 58. GSM-Channels <ul><li>The total RF Spectrum (~50 MHz) is located in 890-915 MHz (upstream) and 935 – 960MHz (downstream) </li></ul><ul><li>This spectrum is divided into 124 RF carriers of 200KHz. </li></ul><ul><li>The offset of the upstream/downstream pairing is fixed 45 MHz. </li></ul><ul><li>Each RF carrier is further divided into 8 time slots (TDMA)-physical channels </li></ul><ul><li>There is no pre-assignment of any channels to a specific and exclusive use. </li></ul>
  58. 59. GSM-Channels <ul><li>For a given channel the uplink F_u and downlink F_d frequency can be obtained from </li></ul><ul><li>F_u = 890.2 + 0.2 (N-1) MHz </li></ul><ul><li>F_d = 935.2 + 0.2 (N-1) MHz </li></ul><ul><li>with N = 1,2,…, 124. </li></ul>
  59. 60. GSM-Channel & Frames <ul><li>When an MS is assigned to an information channel, a radio channel and a timeslot are also assigned. </li></ul><ul><li>Radio channels are assigned in frequency pairs (one for the uplink and other for the downlink). </li></ul><ul><li>Each pair of radio channels supports up to 8 simultaneous calls. </li></ul><ul><li>Thus, the GSM can support up to 992 simultaneous users with full rate speech coder. </li></ul><ul><li>This number can be doubled to 1984 with half rate speech coder. </li></ul>
  60. 61. GSM Hierarchy of Frame Structure Hyperframe (=2048 superframes=2,715,648 frames=21,725,184slots) 0 1 2 2045 2046 2047 ... 0 1 2 48 49 50 ... 0 1 24 25 ... Superframe (=51 multiframes)) 0 1 24 25 ... 0 1 2 48 49 50 ... 0 1 6 7 ... Multiframe (traffic or control multiframes) Frame: 8 burst of time slots burst slot 577 µs 4.615 ms 120 ms 235.4 ms 6.12 s 3 h 28 min 53.76 s
  61. 62. GSM Logical Channel Structure CCH TCH/F TCH/H BCH CCCH DCCH FCCH SCH BCCH PCH AGCH RACH TCH CBCH ACCH SDCCH FACCH SACCH
  62. 63. GSM Channel Types <ul><li>3 groups of logical (i.e., Virtual Circuits) channels, TCH, CCH and CBCH, which are realized on top of physical channels. </li></ul><ul><li>TCH (Traffic Channel) </li></ul><ul><li>To carry voice or data traffic of the users </li></ul><ul><li>CCH (Control Channel) </li></ul><ul><li>For control and signaling functions </li></ul><ul><li>CBCH (Cell Broadcast Channel) </li></ul><ul><li>For broadcast functions from a service center to a MS in a cell area . </li></ul>
  63. 64. GSM Logical Channels <ul><li>Traffic (TCH) Channels: </li></ul><ul><li>Two-way, carrying voice and data </li></ul><ul><ul><li>Full-rate traffic channels (TCH/F) </li></ul></ul><ul><ul><li>Half-rate traffic channels (TCH/H) </li></ul></ul><ul><ul><li>Full rate channel may carry 13 kb/s speech or data at 12, 6, or 3.6 kb/s </li></ul></ul><ul><ul><li>Half rate channel may carry 6.5 kb/s speech or data at 6 or 3.6 kb/s </li></ul></ul>
  64. 65. GSM Logical Channels, cont.. <ul><li>CCH consists of 3 groups of logical control channels, BCH, CCCH and DCCH </li></ul><ul><li>BCH (Broadcast Channel): </li></ul><ul><li>Point-to-multipoint downlink only. </li></ul><ul><li>Contains three sub-channels, BCCH, FCCH and SCH </li></ul><ul><ul><li>BCCH (Broadcast Control Channel): </li></ul></ul><ul><ul><li>Used by the BTS to broadcast synchronization parameters, available services, and cell ID. </li></ul></ul><ul><ul><li>I.o.w. sending cell identities, organization info about common control channels, cell service available, etc. </li></ul></ul>
  65. 66. GSM Logical Channels <ul><ul><li>FCCH (Frequency Correction Channel): </li></ul></ul><ul><ul><li>An MS uses it to synchronize its carrier frequency and bit timing. </li></ul></ul><ul><ul><li>SCH (Synchronization Channel): </li></ul></ul><ul><ul><li>Used by the BTS to broadcast frame synchronization signals to all MSs; </li></ul></ul><ul><ul><li>I.o,w., send TDMA frame number and base station identity code to synchronize MSs. </li></ul></ul>
  66. 67. GSM Logical Channels, cont… <ul><li>CCCH (Common Control Channel) One way: </li></ul><ul><li>Consists of three sub-channels, PCH, AGCH and RACH. These channels are used for paging and access </li></ul><ul><ul><li>- PCH (Paging Channel): Used by BTS to page the MS </li></ul></ul><ul><ul><li>AGCH (Access Grant Channel): </li></ul></ul><ul><ul><li>to assign MSs to stand-alone dedicated control channels for initial assignment; Used by the MS to access the BTS for call establishment </li></ul></ul><ul><ul><li>RACH (Random Access Channel): for MS to send requests for dedicated connections; f or the acknowledgement from the BTS to the MS after a successful attempt by MS using RCH. </li></ul></ul>
  67. 68. GSM Logical Channels, cont… <ul><li>DCCH (Dedicated Control Channel): bi-directional point-to-point -- main signaling channels. Consist of two sub-channels, SDCCH and ACCH </li></ul><ul><ul><li>SDCCH (Stand-alone dedicated control channel): </li></ul></ul><ul><ul><li>for service request, subscriber authentication, equipment validation, assignment to a traffic channel; Call establishment and mobility management </li></ul></ul>
  68. 69. GSM Logical Channels, cont… <ul><ul><li>ACCH consists of two sub-channels, SACCH and FACCH </li></ul></ul><ul><ul><ul><li>SACCH (slow associated control channel): for out-of-band signaling associated with a traffic channel, e.g., signal strength measurements; Assigned to each TCH and SDCCH. Used to exchange parameters between the BTS and the MS to maintain the link. </li></ul></ul></ul><ul><ul><ul><li>FACCH (fast associated control channel): for preemptive signaling on a traffic channel, e.g., for handoff messages; Used to support fast transitions in the channel when SACCH is not adequate. </li></ul></ul></ul>

×