Microsoft PowerPoint - 2G_GPRS_3G


Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Microsoft PowerPoint - 2G_GPRS_3G

  1. 1. Chap 5 2G: GSM System 1
  2. 2. Outlines Introduction GSM Architecture Air Interface Location Tracking and Call Setup HandOff Security Summary 2
  3. 3. Introduction 3
  4. 4. Introduction Global System for Mobile Communications (GSM) is a digital wireless network standard. It was developed by Group Special Mobile of Conference Europeenne des Postes et Telecommunications (CEPT) and European Telecommunications Standards Institute (ETSI). GSM Phases 1 and 2 define digital cellular telecommunications system. GSM Phase 2+ targets on Speech Codec and Data Service. 4
  5. 5. The Basic Requirements of GSM Basic Requirements set out by GSM Original text as written by the committee in 1985 Services Quality of Services and Security Radio Frequency Utilization Network Cost 5
  6. 6. GSM Architecture 6
  8. 8. GSM Architecture BTS EIR BTS BSC HLR VLR AUC ME BTS Cloud SIM Abis interface MSC GMSC PSTN Cloud Cloud MS BTS Cloud A interface BTS BSC BTS Network and Switching Network and Switching Um interface Subsystem (NSS) Subsystem Base Station Subsystems (BSS) 8
  9. 9. Mobile Station (MS) Also called Mobile Terminal (MT) The MS consists of two parts: Subscriber Identity Module (SIM) Mobile Equipment (ME) 9
  10. 10. SIM A SIM contains subscriber-related information A list of abbreviated and customized short dialing numbers Short message Names of preferred Networks to provide service Personal Identity Number (PIN) . 10
  11. 11. SIM SIM contains important information including IMSI Ki TMSI Access Control Code Kc LAI SIM information can be modified: By the subscriber either by keypad or a PC using an RS232 connection By sending codes through short messages (network operators) 11
  12. 12. Mobile Equipment (ME) ME: non-customer-related hardware and software specific to the radio interface ME can not be used if no SIM is on the MS. Except for emergency calls The SIM-ME design supports portability: The MS is the property of the subscriber. The SIM is the property of the service provider. 12
  13. 13. Base Station System (BSS) The Base Station System (BSS) connects the MS and NSS. BSS contains Base transceiver station (BTS) Base station controller (BSC) 13
  14. 14. BTS Base Transceiver Station (BTS) contains Transmitter Receiver Signaling equipment specific to the radio interface in order to contact the MSs. Transcoder/Rate Adapter Unit (TRAU) GSM-specific speech encoding/decoding and rate adaptation in data transmission 14
  15. 15. Omni-directional Antenna GSM 1800 GSM 900 Lightning conductor 15
  16. 16. Directional Antenna Lightning conductor GSM 1800 GSM 900 16
  17. 17. Directional Antenna 17
  18. 18. BSC (1/2) Base Station Controller (BSC) Radio channel assignment Handoff management Connect to an MSC Connect to several BTSs Maintain cell configuration data of these BTSs. The BSC communicates with the BTSs via the A-bis. 18
  19. 19. BSC (2/2) The processor load of a BSC: Call activities (around 20-25%) Paging and short message service (around 10-15%) Mobility management (handoff and location update, around 20-25% Hardware checking/network-triggered events (around 15-20%) When a BSC is overloaded, it first rejects location update, next MS originating calls, then handoff. 19
  20. 20. NSS (1/2) Network and Switching Subsystem (NSS) Telephone switching functions Subscriber profiles Mobility management Components in NSS: MSC: provide basic switching function Gateway MSC (GMSC): route an incoming call to an MSC by interrogating the HLR directory. 20
  21. 21. NSS (2/2) Components in NSS (continuous): HLR and VLR maintain the current location of the MS. Authentication Center (AuC) is used in the security management. Equipment Identity Register (EIR) is used for the registration of MS equipment. 21
  22. 22. GSM Interfaces BTS EIR BTS BSC HLR VLR AUC ME BTS MAP interface Cloud SIM Abis interface MSC GMSC PSTN Cloud Cloud MS BTS Cloud A interface BTS BSC BTS Network and Switching Network and Switching Um interface Subsystem (NSS) Subsystem Base Station Subsystems (BSS) 22
  23. 23. Air Interface 23
  24. 24. Radio Interface-Um (1/3) The GSM radio link uses TDMA/FDD technology. 890-915 MHz (uplink) 935-960 MHz (downlink) 124 pairs × 200 KHz 8 time slots (bursts) per carrier A frame consists 8 timeslots (each 0.577 msec for a time slot). The length of GSM frame in a frequency carrier is 4.615 msec. 24
  25. 25. Radio Interface-Um (2/3) Downlink FDMA C0 TS0 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS0 TS1 TS2 TS3 TS4 892.2 MHz C1 TS0 TS1 TS2 TS3 TS4 TS5 TS6 TS7 TS0 TS1 TS2 TS3 TS4 892.4 MHz Frame Frame (TDMA) MS Control channel Traffic channel 25
  26. 26. GSM Normal Burst Tailing Data Flag Training Flag Data Tailing Guard 3 57 bits 1 26 bits 1 57 bits 3 8.25 bits Burst (148 bits/0.564 msec) Time Slot (156.25 bits or 0.577 msec) Begin with 3 head bits, and end with 3 bits. Two groups are separated by an equalizer training sequence of 26 bits. The flags indicates whether the information 26 carried is for speech/data, or signaling.
  27. 27. Logical Channels 27
  28. 28. Traffic Channel (TCH) TCHs are intended to carry user information (speech or data). Full-rate TCH (TCH/F) Transmission speed: 13 Kbps for speech Transmission speed: 9.6, 4.8 or 2.4 Kbps for data Enhanced full-rate (EFR) speech coders for improving the speech quality Half-rate TCH (TCH/H) Transmission speed: 6.5 Kbps speech Transmission speed: 4.8 or 2.4 Kbps of data. 28
  29. 29. Control Channels (CCH) CCHs: to carry signaling information Three types of CCHs : Broadcast channel (BCH) Common control channel (CCCH) Dedicated control channel (DCCH) 29
  30. 30. Broadcast Channels (BCHs) BTS broadcasts system information to the MSs through BCHs. Two types in BCH: Frequency Correction Channel (FCCH) and Synchronization Channel (SCH) The information allows the MS to acquire and stay synchronized with the BSS. Broadcast Control Channel (BCCH) (downlink) Access information for the selected cell Information related to the surrounding cells to support cell selection 30 Location registration procedures in an MS
  31. 31. Common Control Channel (CCCH) Three types in CCCH: Random Access Channel (RACH) (uplink) Used by the MSs for initial access to the network Collision may occurs. Slotted Aloha protocol is used to resolve access collision. Access Grant Channel (AGCH) (downlink) Used by the network to indicate radio link allocation upon prime access of an MS Paging Channel (PCH) (downlink) Used by the network to page the destination MS in call termination 31
  32. 32. Dedicated Control Channel (DCCH) (1/2) DCCH is for dedicated use by a specific MS. Four types in DCCH: Standalone Dedicated Control Channel (SDCCH) (down/uplink) used only for signaling and for short message Slow Associated Control Channel (SACCH) (down/uplink) Associated with either a TCH or an SDCCH For non-urgent procedures Power and time alignment control information (downlink) Measurement reports from the MS (uplink) 32
  33. 33. Dedicated Control Channel (DCCH) (2/2) Four types in DCCH (continuous): Fast Associated Control Channel (FACCH) (down/uplink) Used for time-critical signaling, such as call-establishing progress, authentication of subscriber, or handoff. FACCH use TCH during a call. May cause user data loss. Cell Broadcast Channel (CBCH) (downlink) Carries only the short message service cell broadcast messages, which use the same time slot as the SDCCH. 33
  34. 34. GSM Burst Structure Tailing Data Flag Training Flag Data Tailing Guard 3 57 bits 1 26 bits 1 57 bits 3 8.25 bits Normal Burst Tailing Fixed Bits Tailing Guard 3 142 bits 3 8.25 bits Frequency Correction Burst Tailing Data Training Data Tailing Guard 3 39 bits 64 bits 39 bits 3 8.25 bits Synchronization Burst Tailing Synch. Seq. Data Tailing Guard 3 41 bits 36 bits 3 68.25 bits Access Burst 34
  35. 35. Example of Channel Usage (GSM Call Origination) 35
  36. 36. Example of Channel Usage (GSM Call Termination) 36
  37. 37. Mobility Databases 37
  38. 38. Mobility Databases The hierarchical databases used in GSM. The home location register (HLR) is a database used for MS information management. The visitor location register (VLR) is the database of the service area visited by an MS. HLR VLR 1 VLR 2 MSC 1 MSC 2 38
  39. 39. Key Terms GSM uses some identifiers Mobile system ISDN (MSISDN) Mobile Station Roaming Number (MSRN) International Mobile Subscriber Identity (IMSI) Temporary Mobile Subscriber Identity (TMSI) International Mobile station Equipment Identity (IMEI) Location Area Identity (LAI) Cell Global Identity (CAI) 39
  40. 40. MSISDN Mobile System ISDN MSISDN uses the same format as the ISDN address (based on ITU-T Recommendation E.164). HLR uses MSISDN to provide routing instructions to other components in order to reach the subscriber. Total up to 15 digits Country code National destination Subscriber (CC) code (NDC) number (SN) 40
  41. 41. MSRN Mobile Station Roaming Number The routing address to route the call to the MS through the visited MSC. MSRN=CC+NDC+SN 41
  42. 42. IMSI International Mobile Subscriber Identity Each mobile unit is identified uniquely with an IMSI. IMSI includes the country, mobile network, mobile subscriber. Total up to 15 digits 3 digits 1- 2 digits Up to 10 digits Mobile country Mobile network Mobile subscriber code (MCC) code (MNC) identification code (MSIC) 42
  43. 43. TMSI Temporary Mobile Subscriber Identify TMSI is an alias used in place of the IMSI. This value is sent over the air interface in place of the IMSI for purposes of security. 43
  44. 44. IMEI International Mobile Station Equipment Identity IMEI is assigned to the GSM at the factory. When a GSM component passes conformance and interoperability tests, it is given a TAC. Up to 15 digits 3 digits 2 digits Up to 10 digits Type approval Final assembly code (FAC) code (FAC) Serial number (MSIC) 44 Spare 1 digit
  45. 45. LAI Location Area Identity LAI identifies a location area (LA). When an MS roams into another cell, if it is in the same LAI, no information is exchanged. Total up to 15 digits 3 digits 1-2 digits Up to 10 digits Mobile country Mobile network Location area code (LAC) code (MCC) code (MNC) 45
  46. 46. CGI Cell Global Identity CGI = LAI + CI = MCC + MNC + LAC + CI CI : Cell Identity 46
  47. 47. Home Location Register (HLR) An HLR record consists of 3 types of information: Mobile station information IMSI (used by the MS to access the network) MSISDN (the ISDN number-“Phone Number” of the MS) Location information ISDN number of the VLR (where the MS resides) ISDN number of the MSC (where the MS resides) Service information service subscription service restrictions supplementary services 47
  48. 48. Visitor Location Register (VLR) The VLR information consists of three parts: Mobile Station Information IMSI MSISDN TMSI Location Information MSC Number Location Area ID (LAI) Service Information A subset of the service Information stored in HLR 48
  49. 49. Identifiers and Components 號碼 HLR VLR/MSC BSC BTS MS MSISDN MSRN IMSI TMSI LAI CGI MSC號碼 49
  50. 50. Location Tracking (Mobility Management) 50
  51. 51. Location Update BS 1 BS 2 BS 3 51
  52. 52. Two-level Hierarchical Strategy The current location of an MS is maintained by a two-level hierarchical strategy with the HLR and the VLRs. HLR VLR 1 VLR 2 MSC 1 MSC 2 52
  53. 53. Location Area Location area (LA) is the basic unit for location tracking. MSC MSC MSC LA 2 LA 3 LA 1 53
  54. 54. GSM Location Area Hierarchy HLR VLR1 VLR2 MSC1 MSC2 HLR : HOME Location Register VLR : VISITOR Location Register MSC : Mobile Switching Center LA1 LA2 LA : Location Area MS MS : Mobile Station 54
  55. 55. Location Update Concept Registration: the location update procedure initiated by the MS: Step 1. BS periodically broadcasts the LA address. Step 2. When an MS finds the LA of BS different from the one stored in it memory, it sends a registration message to the network. Step 3. The location information is update. 55
  56. 56. Periodically Registration The MS periodically send registration messages to the network. The period is 6 minutes to 24 hours. Periodic registration is useful for fault-tolerance purposes. 56
  57. 57. GSM Basic Location Update Procedure In GSM, registration or location update occurs when an MS moves from one LA to another. Three cases of location update: Case 1. Inter-LA Movement Case 2. Inter-MSC Movement Case 3. Inter-VLR Movement 57
  58. 58. GSM Basic Location Update Procedure Case 1. Inter-LA Movement 58
  59. 59. Current State of Mobile Phone MSC=MSC1 HLR1 VLR1 VLR2 MSC1 MSC2 MSC3 LAI=LA1 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 TMSI=0105 59 LAI=LA1
  60. 60. Intra-MSC (Inter-LA) HLR1 VLR1 VLR2 MSC1 MSC2 MSC3 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 60 moving
  61. 61. Intra-MSC 當手機自BTS2→BTS3,因聽見的LAI與紀錄的 LAI不同,因此觸發註冊程序(Registration) HLR1 VLR1 VLR2 Step 1:手機送出: MSC1 MSC2 MSC3 TMSI=0105 舊LAI=LA1 BSC1 BSC2 BSC3 BSC4 新LAI=LA2 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 Step 2:手機update SIM LAI=LA2 LA1 LA2 LA3 LA4 moving Step 3:當MSC1收到註冊要求後,check TMSI是否 在記錄中,此例存在,表示本次移動僅更換 LAI,未更換MSC Step 4:MSC1更新記錄中新的LAI為LA2 61
  62. 62. Intra-MSC Steps 5:MSC1送一註冊要求至VLR1,內含 送者=MSC1 TMSI=0105 舊LAI=LA1 新LAI=LA2 Steps 6:VLR發現記錄中MSC與送者相同→確定不更正 MSC HLR1 VLR更改記錄中LAI←LA2 VLR1 VLR2 Steps 7:VLR回ACK給MSC MSC1 MSC2 MSC3 Steps 8:MSC─→BSC ─→BTS ─→MS BSC1 BSC2 BSC3 BSC4 ACK ACK ACK BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 moving 62
  63. 63. GSM Basic Location Update Procedure Case 2. Inter-MSC Movement 63
  64. 64. Inter-MSC HLR1 VLR1 VLR2 MSC1 MSC2 MSC3 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 64 moving
  65. 65. Inter-MSC 假設手機目前在BTS3,並往BTS4移動,手機目前處於待機 Step 1:手機移至BTS4,手機聽見LA3,與其SIM卡中的LAI不同,觸 發Registration procedure Step 2:手機送出(給BTS4): TMSI=0105 HLR1 舊LAI=LA2 新LAI=LA3 VLR1 VLR2 MSC1 MSC2 MSC3 Step 3: BTS4轉送給BSC3,再轉送MSC2 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 65 moving
  66. 66. Inter-MSC Step 4:MSC2發現TMSI資料不存在,MSC2往上傳給VLR1 送者=MSC2 TMSI=0105 舊LAI=LA2 新LAI=LA3 Step 5: VLR1 check TMSI已存在,送者MSC與紀錄不同,確定此次 移動為跨MSC但未跨VLR HLR1 VLR update紀錄,MSC←MSC2 VLR1 VLR2 MSC1 MSC2 MSC3 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 moving 66
  67. 67. Inter-MSC Step 6: HLR1 (1)VLR1上送HLR 送者=VLR1 VLR1 VLR2 新MSC=MSC2 MSC1 MSC2 MSC3 IMSI=… BSC1 BSC2 BSC3 BSC4 (2)VLR2下送MSC2 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 IMSI=… LA1 LA2 LA3 LA4 TMSI=0105 LAI=LA3 moving (3)VLR下送註冊取消命令給MSC1 IMSI=… TMSI=0105 67
  68. 68. Inter-MSC Step 7:HKR以IMSI check VLR欄→相同 因此只update MSC←MSC2,並ACK VLR1 Step 8:MSC2新增一筆紀錄 Step 9: MSC1將TMSI:0105紀錄刪除,並ACK VLR1 HLR1 Step 10: VLR1→MSC2→BSC3→BTS4→手機 ACK ACK ACK ACK VLR1 VLR2 MSC1 MSC2 MSC3 Step 11:手機update LAI←LA3 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 68 moving
  69. 69. GSM Basic Location Update Procedure Case 3. Inter-VLR Movement 69
  70. 70. Inter-VLR HLR1 VLR1 VLR2 MSC1 MSC2 MSC3 BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 70 moving
  71. 71. Inter-VLR Step 1:MS update LAI←LA4,觸發Registration,手機送 MS→BTS5←BSC4←MSC3 TMSI=0105 HLR1 舊LAI=LA3 新LAI=LA4 VLR1 VLR2 MSC1 MSC2 MSC3 Step 2:MSC3 check無此資料,送給VLR2 送者=MSC3 BSC1 BSC2 BSC3 BSC4 TMSI=0105 舊LAI=LA3 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 新LAI=LA4 LA1 LA2 LA3 LA4 Step 3:VLR2 check無此紀錄 moving 依TMSI反推舊VLR=VLR1 VLR2送一訊息給VLR1,目的(1)check TMSI正確否,(2)索取IMSI VLR1收到後,check TMSI存在 取出IMSI,回送VLR2 VLR2新增一筆紀錄 71
  72. 72. Inter-VLR Step 4:VLR2以IMSI反推HLR=HLR1,VLR2網上送給HLR1 送者=VLR2 新MSC=MSC3 IMSI=… Step 5:HLR1一IMSI進行update HLR1 VLR←VLR2 VLR1 VLR2 MSC ←MSC3 HLR →VLR2 MSC1 MSC2 MSC3 ACK BSC1 BSC2 BSC3 BSC4 BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 moving 72
  73. 73. Inter-VLR TMSI Step 6:VLR2 → VLR1,VLR1刪除此資料,並通知MSC2近刪除 刪除 Step 7:VLR2製造依新的TMSI=0208,update自己TMSI=0208 Step 8:VLR2下傳MSC3 新TMSI=0208 HLR1 LAI=LA4 VLR1 VLR2 IMSI=… MSC1 MSC2 MSC3 Step 9:新增一筆資料 BSC1 BSC2 BSC3 BSC4 Step 10:MSC3→BSC4→BTS5→MS BTS1 BTS2 BTS3 BTS4 BTS5 BTS6 LA1 LA2 LA3 LA4 Step 11:手機update TMSI=0208 moving 73
  74. 74. Call Origination and Termination 74
  75. 75. Call Origination Operation VLR V2 u1 2 3 P C T Nd S lo u C lo u d M SC T e r m in a tin g VLR S w itc h M SC 2 . M A P _ S E N D _ IN F O _ F O R _ O U T G O IN G _ C A L L 3 . M A P _ S E N D _ IN F O _ F O R _ O U T G O IN G _ C A L L _ a c k 4 . IA M 75
  76. 76. GSM Basic Call Origination The process is Step 1. MS sends the call origination request to MSC. Step 2. MSC forwards the request to VLR with message MAP_SEND_INFO_FOR_OUTGOING_CALL. Step 3. VLR checks MS’s profile and sends MAP_SEND_INFO_FOR_OUTGOING_CALL_ack to MSC to grant the call request. Step 4. MSC sets up the trunk according to the standard PSTN call setup procedure. 76
  77. 77. Call Termination Message Flow 77
  78. 78. Call Termination (1/2) Routing information for call termination can be obtained form the serving VLR. The basic call termination process: Step 1. A MS’s ISDN (MSISDN) number is dialed by a PSTN user. The call is routed to a gateway MSC by an SS7 ISUP IAM message. Step 2. GMSC sends MAP_SEND_ROUTING_INFORMATION with the MSISDN to HLR. 78
  79. 79. Call Termination (2/2) The process continues: Step 3. HLR sends a MAP_PROVIDE_ROAMING_NUMBER to VLR. Parameter included: IMSI of the MS, the MSC number. Steps 4 and 5. VLR creates Mobile Subscriber Roaming Number (MSRN) by using the MSC number stored in the VLR record. MSRN is sent back to the gateway MSC through HLR. MSRN provides the address of the target MSC where the MS resides. Step 6. An SS7 ISUP IAM message is directed from the gateway MSC to the target MSC to setup the voice trunk. 79
  80. 80. The Mobile Call Termination (Delivery) Procedure MSISDN IMSI MSISDN 1 1 HLR VLR 1 GMSC 2 2 1 MSRN MSRN Other Cloud Cloud Cloud Switches MSISDN 3 MSC 依據PSTN正常 Other Cloud Cloud 3 Cloud 程序建立電話 Switches 3 80
  81. 81. Handoff (Handover) 81
  82. 82. Handoff 82
  83. 83. Two Aspects of Mobility in a PCS Network Handoff Link transfer, or Handover A mobile user moves from one coverage area of an old BS to the coverage area of a new BS during the conversation. The radio link to the old BS is disconnected and a radio link to the new BS should be established to continue the conversation. Roaming When a mobile user moves from one system to another, the user location should tell the PCS system. 83
  84. 84. BS Coverage Area BS coverage area:irregular. In the cell boundary: Signal from a neighboring BS Signal from the serving BS Otherwise: Forced termination 84
  85. 85. Handoff Cost Handoffs are expensive. Special for the system with small cell sizes Small cell size for To increase the capacity of the systems To reduce power requirements of MSs. 85
  86. 86. Issues for Handoff Management Handoff detection Who and how Channel assignment Radio link transfer 86
  87. 87. Handoff Detection 87
  88. 88. Strategies for Handoff Detection Who makes a decision for handoff? Three handoff detection schemes: Mobile-Controlled Handoff (MCHO) Network-Controlled Handoff (NCHO) Mobile-Assisted Handoff (MAHO) Others 88
  89. 89. Mobile-Controlled Handoff (MCHO) MCHO is used in DECT and PACS. Part I. The MS continuously monitors the signals of the surrounding BSs. Part II. The MS initiates the handoff process when some handoff criteria are met. 89
  90. 90. Network-Controlled Handoff (NCHO) Used in CT-2+ and AMPS Part I. The surrounding BSs measure the signal from the MS. Part II. The network initiates the handoff process when some handoff criteria are met. MSC controls the handoff. 90
  91. 91. Mobile-Assisted Handoff (MAHO) Used in GSM, IS-136 and IS-95 Part I. The network asks the MS to measure the signal from the surrounding BSs. Part II. The network makes the handoff decision based on the reports from the MS. 91
  92. 92. Channel Assignment for Handoff Calls 92
  93. 93. Channel Assignment Purpose:to achieve a high degree of spectrum utilization for a given grade of service Ex:To reduce forced terminations 93
  94. 94. Forced Terminations Blocked call:Initial access requests fail For new call No available channels on the visited BS Forced terminations:Handoff requests fail For handoff call No available channel on the selected BSs Which one is serious, new call blocking or force terminating? 94
  95. 95. Some trade-offs Service quality Spectrum utilization Implementation complexity of the channel assignment algorithm Number of database lookups 95
  96. 96. Flowchart for Non-prioritized Scheme New or no Channel Channel handoff available? blocked call arrival yes Channel Ongoing Channel assigned call released 96
  97. 97. Flowchart for Reserved Channel Scheme New Normal no Channel call channel blocked arrival available? yes Channel Ongoing Channel assigned call released yes yes Handoff Normal Reserved no no call channel channel arrival available? available? 97
  98. 98. Link Transfer 98
  99. 99. Link Transfer Two operations: The radio link is transferred from the old BS to the new BS. MSC The network bridges the Old trunk to the new BS and BS New drop the trunk to the old BS BS. 99
  100. 100. Five Distinct Link Transfer Cases (1/3) 1. Intra-BTS handoff or intra-cell handoff 2. Inter-BTS handoff or inter-cell handoff 3. Inter-BSC handoff 4. Inter-MSC handoff or intersystem handoff 5. Intersystem handoff between two PCS networks 100
  101. 101. Inter-BSC Handoff (a) Before handoff (b) After handoff MSC 1 MSC 1 BSC 1 BSC 2 BSC 1 BSC 2 New New BS BS Old Old BS BS 101
  103. 103. Inter-MSC Link Transfer (a) Before handoff (b) After handoff PSTN PSTN PSTN PSTN trunk trunk MSC A MSC B MSC A MSC B BS 2 BS 2 BS 1 BS 1 103
  105. 105. Inter-MSC (2/2) Serving Serving Target Target Target MS BSS MSC MSC BSS VLR 13 HAND_ACC 14 CHH_INFO 15 HAND_DET 16 HAND_COMP 17 HAND_COMP 18 SEND_ENDING 19 ANSWER 20 REL_RCH 21 REL_RCH_COMP 22 END_SIGNAL 23 NET_REL 24 ERL_HAND_NUM
  106. 106. Anchor MSC MSC A MSC B MSC C BS 1 BS 2 BS 3 BS 4 BS 5 4 2 1 3 MSC A is the anchor MSC. 1: inter-BS handoff 2: handoff forward 3: handoff back 4: handoff to the third 106
  107. 107. Path Minimization MSCA MSCB MSCA MSCB (a) Handoff forwad (a) Handoff Backwad MSCB MSCB MSCA MSCA MSCc MSCc (c) Handoff to the Third (d) Path Minimization 107
  108. 108. Radio Link Transfer 108
  109. 109. Hard Handoff 109
  110. 110. Hard Handoff MS connects with only one BS at a time. Interruption in the conversation occurs MSC Used in TDMA and FDMA systems Old New BS We will study the signaling of BS handoff: MCHO Link Transfer MAHO/NCHO Link Transfer 110 Subrating MCHO Link Transfer
  111. 111. Hard Handoff Link Transfer for MCHO A handoff request message is initiated by the MS. The network can initiate the handoff. But always MS chooses the BS. MS selects a new radio channel. If a handoff failure occurs, the MS link-quality maintenance process must decide what to do next. 111
  112. 112. Soft Handoff 112
  113. 113. Soft Handoff MS connects to multiple BSs simultaneously. BSs use the same frequency. MSC BSs must be synchronized. The network must combine the BS 1 BS 2 signals form the multiple BSs simultaneously. Soft handoff is more complicated than hard handoff. 113
  114. 114. Mobility Management Mobility management procedures begin when a system detects the presence of a visiting terminal. (1) serving base station → serving MSC (inform MSC the terminal’s action) (2) MSC records that the terminal is in its operating area (3) MSC send this information to its VLR. (4) VLR notifies the terminal’s HLR. (5) HLR notifies the old VLR to erase record. 114
  115. 115. VLR --- --- Power on HLR BS --- CSS Visited MSC VLR Home MSC BS : Registration notification invoke, contains MIN, ECN, SID : Registration notification invoke, contains MIN, ECN, SID, address BS of VLR. BS :Registration cancellation invoke : profile request invoke : profile request result
  116. 116. Figure 4.4 Registration of a terminal in a visited service area.
  117. 117. Prior Prior Serving MSC VLR HLR VLR Figure 4.4 Registration of a terminal in a visited service area
  118. 118. Handoff Categories IS-41 specifies three handoff protocols: handoff forward, handoff back, and handoff to third. Intersystem handoff requires dedicated communication links between a pair of MSCs: voice trunks: for carrying user information in calls handed from one MSC to another data links: for carrying control messages between the two switch. 118
  119. 119. Handoff forward: The terminal moves into the service area of system B causing MSC-A and MSC-B to perform a handoff. MSC-A is the anchor MSC MSC-A is responsible for routing the call to the remote party. MSC-B is the serving MSC because it currently has control of the call. After handoff, MSC-B is the target MSC. Figure 4.8 The situation after a handoff forward from system A(anchor system) to system B(serving system).
  120. 120. Handoff Back: The terminal can return to the service area of system A. MSC-B recognizes that the call arrived from system A and it initiates a handoff back protocol, which releases the voice circuit between MSC- A and MSC-B. Without this protocol, the systems would tie up two voice trunks one taking the call from system A to system B the other taking it from system B to system A.
  121. 121. Handoff forward: It is possible that the terminal will move from system B to a third system C. This produces two possibilities in Figures 4.9 and 4.10. In Figure 4.9, MSC-B and MSC-C perform a handoff forward procedure the one that moved the call from system A to system B. System B provides a path from MSC-A to MSC-C. The situation can continue, adding more and more MSCs to the chain, up to a limit established by the anchor Figure 4.9 Call path after handoff forward to system. system C
  122. 122. Handoff to third: An alternative occurs when there is a direct connection between systems A and C. IS-41 includes a protocol referred to as handoff to third, which establishes a direct link between MSC-A and MSC-C and release the link between A and B. Figure 4.10 If there are circuits connecting MSC-A and MSC-C, the system performs handoff to third.
  123. 123. Handoff Protocols There are two phases to every handoff procedure. Location phase the serving MSC collects measurement reports from cells in the neighborhood of the cell presently occupied by a terminal. When measurements are required from one or more cells in a system adjacent to the serving system, the adjacent system becomes a candidate system. The serving MSC and a candidate MSC exchange handoff measurement request messages.
  124. 124. A HANDOFF MEASUREMENT REQUEST INVOKE message, transmitted by the serving MSC includes: information about the terminal (station class mark, SCM, indicates the capabilities of the terminal) information about the serving base station (SAT and a base station identifier), and information about the radio channel carrying the call (channel number). Based on the identity of the serving base station, the candidate MSC selects one or more candidate cells and transmits a HANDOFF MEASUREMENT REQUEST RESULT message to the serving MSC.
  125. 125. The HANDOFF MEASUREMENT REQUEST RESULT message contains identities of candidate cells and associated signal strength measurements. The serving MSC selects a target cell for the handoff. If the target cell is served by a candidate MSC, this MSC becomes the target MSC for the handoff. The handoff procedure then moves from the location phase to the handoff phase. Handoff phase: the serving MSC determines the type of handoff to initiate (forward, back, or handoff to third).
  126. 126. Handoff Forward Protocol: The serving MSC sends a FACILITIES DIRECTIVE INVOKE message to the target MSC. This message contains: information about the terminal (SCM, MIN, ESN) information about the call: billing ID (established by the anchor MSC at the beginning of the call); inter-MSC circuit (voice trunk that will carry the call from the serving MSC to the target MSC); inter-switch count (the total number of MSCs through which the call will pass after the handoff); information about the call status (serving cell, serving channel); and target cell identifier (based on measurement reports from the get MSC).
  127. 127. If the target MSC accepts the handoff, it selects a channel to handle the call in the new cell and then sends a FACILITIES DIRECTIVE RESULT message to the serving MSC. This message contains information about the new channel: channel number, SAT, and transmit power level (VMAC). On receiving this message, the serving MSC sends an AMPS HANDOFF message to the terminal through the serving cell. When the target base station detects the SAT, it sends a message to the target MSC which completes the handoff forward operation by sending a MOBILE ON CHANNEL INVOKE message to the prior serving MSC.
  128. 128. Figure 4.11 Message sequence and system operations for handoff forward.
  129. 129. Figure 4.11 Message sequence and system operations for handoff forward.
  130. 130. Handoff Back Protocol: If the location phase results in a determination by the serving MSC(MSC-B) that the call would best be handled in the system(system A) previously occupied by the terminal, the serving MSC initiates a handoff back procedure. It (MSC-B) sends a HANDOFF BACK INVOKE message to the previous MSC (MSC-A), which is now the target MSC of the handoff protocol. The message plays the same role as the FACILITIES DIRECTIVE INVOKE message. The target MSC (MSC-A) sends HANDOFF BACK RESULT message to the serving MSC (MSC-B). This message contains the same information as the FACILITIES DIRECTIVE RESULT message.
  131. 131. When the target MSC(MSC-A) learns that the terminal has arrived on the assigned channel at the target base station, it sends a FACILITIES RELEASE INVOKE message to the serving MSC (MSC-B). This message identifies the voice trunk that carries the call between the two MSCs. On receiving this message, the serving MSC (MSC-B) releases the voice trunk and sends a FACILITIES RELEASE RESULT message to the target MSC. Any two MSCs in a chain can perform the handoff back protocol.
  132. 132. Handoff to third Protocol: Handoff to third protocol is an example of path minimization procedure, in which the system reduces the number of voice trunks carrying a call through three or more systems.
  133. 133. Security 135
  134. 134. Security GSM security is addressed in two aspects: authentication and encryption. Authentication avoids fraudulent access by a cloned MS. Encryption avoids unauthorized listening. 136
  135. 135. Parameters Parameters: Ki is used to achieve authentication. Ki is stored in the AuC and SIM. Ki is not known to the subscriber. RAND A 128-bit random number generated by the home system. SRES is generated by algorithm A3. Kc is generated by algorithm A8 for the encryption. Frame Number A TDMA frame number encoded in the data bits. 137
  136. 136. Algorithms Authentication Algorithms: A3. Authentication function. In AuC and SIM Encryption Algorithms: A8. To generate the encryption Key In AuC and SIM A5. An algorithm stored in the MS (handset hardware) and the visited system. Used for the data ciphering and deciphering 138
  137. 137. Authentication and Encryption Mobile Station Home System RAND Ki Ki reject A8 A3 A3 A8 No Equal SRES ? SRES Kc Yes accept authentication encryption Visited System Frame Kc Number Data A5 Ciphered Data A5 Data 139
  138. 138. Authentication by Triplet Triplet: RAND, SRES, Kc AuC→HLR→VLR in advance Example: Authentication in registration New VLR uses LAI to find old VLR. Old VLR sends triplets to new VLR. New VLR challenges MS by using RAND and SRES. 140
  139. 139. Encryption Mobile Station Home System RAND Ki Ki reject A8 A3 A3 A8 No Equal SRES ? SRES Kc Yes accept authentication encryption Visited System Frame Kc Number Data A5 Ciphered Data A5 Data 141
  140. 140. Summary GSM Architecture MS, BSS, NSS Radio Interface GSM Radio and Channels Location Tracking Hand Off Security 142
  141. 141. Chap 6 2.5G: GPRS 143
  142. 142. 2.5G: GPRS General Packet Radio Service (GPRS) A packet-switched protocol GPRS radio link protocol To guarantee fast call setup procedure and low-bit error rate for data transfer between the MSs and the BSs A new infrastructure is introduced to GPRS for the packet services. 144
  143. 143. GPRS Architecture TE M SC HLR Signaling link PSTN radio PSDN MS interface TAF SGSN GGSN ISDN BSS HLR : Home Location Register SGSN : Serving GPRS Support Node VLR : Visitor Location Register GGSN : Gateway GPRS Support Node M SC : M obile Switching Center TE : Terminal Equipment BSS : Base Station Subsystem PSTN : Public Switched Telephone Network TAF : Terminal Adaption Function PSDN : Public Switched Data Network 145
  144. 144. Chap 7 3G: WCDMA 146
  145. 145. 3G: WCDMA Spread Spectrum Technique 147
  146. 146. Scheme of CDMA(uplink) s(t) = s1(t) +s2(t) s1(t) d1(t)+c1(t)s2(t) LPF LPF s2(t) c2(t)s1(t)+d2(t) 148
  147. 147. Principle of CDMA 4 spread codes for users A,B,C,D to send one bit data A: 00011011 A: (-1-1-1+1+1-1+1+1) B: 00101110 B: (-1-1+1-1+1+1+1-1) C: 01011100 C: (-1+1-1+1+1+1-1-1) D: 01000010 D: (-1+1-1-1-1-1+1-1) Example: A S1=(-1-1-1+1+1-1+1+1) => S1•A=(1+1+1+1+1+1+1+1)/8=1 B+C S2=(-2 0 0 0+2+2 0-2) => S2•C=(2+0+0+0+2+2+0+2)/8=1 A+B+C+D S3=(-2-2 0-2 0-2+4 0) => S3•C=(2-2+0-2+0-2-4+0)/8=-1 Proof: S•C =(B+C)•C = B•C + C•C = 0 + 1 = 1 149
  148. 148. Orthogonal Variable Spreading Factor C c h ,4 ,0 = (1 ,1 ,1 ,1 ) C c h ,2 ,0 = (1 ,1 ) C c h ,4 ,1 = (1 ,1 ,-1 ,-1 ) C c h ,1 ,0 = (1 ) C c h ,4 ,2 = (1 ,-1 ,1 ,-1 ) C c h ,2 ,1 = (1 ,-1 ) C c h ,4 ,3 = (1 ,-1 ,-1 ,1 ) SF = 1 SF = 2 SF = 4 Orthogonal • Same tree path non-orthogonal 150