11.0 IntroductionThird generation or 3G is now the generally accepted term used to describe the next wave ofmobile networks and services. First generation (1G) is used to categorize the first analoguemobile systems that emerged in the 1980s, such as the advanced mobile phone system(AMPS) and nordic mobile telephony (NMT). These systems provided a limited mobilesolution for voice, but had major limitations, particularly in terms of interworking, securityand quality. The next wave, second generation (2G), arrived in the late 1980s and movedtowards a digital solution which gave the added benefit of allowing the transfer of data andprovision of other non-voice services. Of these, the global system for mobile communication(GSM) has been the most successful, with its global roaming model. Third generation (3G)leverages on the developments in cellular to date, and combines them with complementarydevelopments in both the fixed-line telecoms networks and from the world of the Internet.The result is the development of a more general purpose network, which offers theflexibility to provide and support access to any service, regardless of location .1.1 First GenerationFirst-generation cellular radio network includes the mobile terminals, the base stations andthe mobile switching centers. First-generation wireless systems provide analog speech andinefficient, low-rate data transmission between the base station and the mobile user. Thespeech signals are usually digitized for transmission between the base station and the MSC.Advance mobile phone system is an example of the first-generation wireless network whichwas first built by engineers from AT&T Bell Laboratories. In the first-generation cellularnetworks, the MSC maintains all mobile related information and controls each mobilehandoff. The MSC also performs all of the network management functions, e.g., callhandling and processing, billing, etc. The MSC is interconnected with the PSTN via wiredtrunks and a tandem switch. MSCs are also connected with other MSCs via dedicatedsignaling channels (mostly via SS7 network) for the exchange of location, authentication,and call signaling information. The US cellular carriers use the IS-41 protocol [IS41] to
2allow MSCs of different service providers to pass information about their subscribers toother MSCs on demand. IS-41 relies on the autonomous registration feature of AMPS . Amobile uses autonomous registration to notify a serving MSC of its presence and location.The mobile accomplishes this by periodically transmitting its identity information, e.g., MINand ESN, which allows the MSC to constantly update an entry in its database about thewhereabouts of the mobile. The MSC is able to distinguish home users from roaming usersbased on the MIN of each active user. The Home Location Register (HLR) keeps thelocation information of each home subscriber while the Visiting Location Register (VLR)only keeps information of a roaming user. The visited system creates a VLR record for eachnew roamer and notifies the home system via the IS-41 so it can update its own HLR .Through first generation, a voice call gets modulated to a higher frequency of about150MHz and up as it is transmitted between radio towers. This is done using a techniquecalled Frequency-Division Multiple Access (FDMA).In terms of overall connection quality,first generation compares unfavourably to its successors. It has low capacity, unreliablehandoff, poor voice links, and no security at all since voice calls were played back in radiotowers, making these calls susceptible to unwanted eavesdropping by third parties. However,first generation did maintain a few advantages over second generation. In comparison to firstgeneration’s analog signals, second generation digital signals are very reliant on location andproximity. If a 2G handset made a call far away from a cell tower, the digital signal may notbe strong enough to reach it. While a call made from a first generation handset had generallypoorer quality than that of a first generation handset, it survived longer distances. This is dueto the analog signal having a smooth curve compared to the digital signal, which had ajagged, angular curve. As conditions worsen, the quality of a call made from a firstgeneration handset would gradually worsen, but a call made from a second generationhandset would fail completely .
3 Base BaseMobile Transceiver StationStation Station Controller(MS) (BTS) (BSC) Mobile Station PSTN Controller (MSC) Home Visitors Location Location Register Register (HLR) (VLR) Fig.1.0 Architecture of first generation  1.2 Second Generation The roots of the development of the global system for mobile communications (GSM) began with a group formed by the European Conference of Postal Telecommunications Administrations (CEPT) to investigate the development of a standard mobile telephone system to be used throughout Europe. This group was known as the Groupe Special Mobile or GSM for short, and this is initially where the acronym GSM came from; however, it is now widely understood to stand for global system for mobile communications. A unified telephone system was desirable since Europe is made up of many separate countries each with their own government, language, culture and telecommunication infrastructure, much of which was still in the hands of state-run monopolies. As there is much trade between these countries, a mobile network which would free users to roam internationally from country to country was seen as a valuable asset. The other major region to discuss in parallel is movements in mobile communications in the USA. Mobile technology was advancing there also, but the motivation to provide roaming capabilities was not such a fundamental
4requirement, since it is one country. There was and is considerable regionalization ofcommunications in the USA and this was reflected in the proliferation of mobile devices,where operators only needed to cater for the domestic market. GSM was eventually adoptedas a European standard by the European Telecommunications Standards Institute (ETSI). Ithas been standardized to operate on three principal frequency regions, being 900 MHz, 1800MHz and 1900 MHz. GSM is by far the most successful of the second generation cellularsystems, and has seen widespread adoption not only across Europe but also throughout theAsia-Pacific region, and more recently, the Americas. Some of the large mobile networkoperators in the USA are also introducing GSM, either as a migration step towards theUMTS flavour of 3G or simply in addition to the current offerings .1.2.1 General ArchitectureFrom figure 1.1 which shows the general architecture for a GSM network. The variousfunctional blocks are explained as followed.• Mobile station (MS)The MS consists of the mobile equipment (ME; the actual device) and a smart card calledthe subscriber identity module (SIM). The SIM offers personal mobility since the user canremove the SIM card from one mobile device and place it in another device withoutinforming the network operator. In contrast, most other 2G systems require a registrationupdate to the operator. The SIM contains a globally unique identifier, the internationalmobile subscriber identity (IMSI), as well as a secret key used for authentication and othersecurity procedures. The IMSI (or a variation of it for security purposes) is used throughoutthe network as the identifier for the subscriber. This system enables a subscriber to changethe mobile equipment and still be able to make calls, receive calls and receive othersubscriber information by simply transferring the SIM card to the new device. Any callsmade will appear on a single user bill irrespective of changes in the mobile device . Themobile equipment is also uniquely identifiable by the international mobile equipmentidentity (IMEI). The IMEI and IMSI are independent, thus providing the user flexibility by
5separating the concept of subscriber from access device. Many operators still issue ‘locked’mobile devices where the equipment is tied for use only on a particular operator’s network.A mobile device not equipped with a SIM must also still be able to Base Base User Equipme Transceiv Station TRAU er Station Controller nt (UE) (BTS) (BSC) Home Equipment Mobile Authenticat Location Identity Station ion Centre Register Register Controller (AUC) (HLR) (EIR) (MSC) PSTN GMSCFig 1.1 Architecture of second generationmake emergency calls. To protect the call from undesirable snooping or listening in, theIMSI will not always be transmitted over the cell to identify the subscriber. Instead atemporary IMSI (T-IMSI) identifier is used and changed at regular intervals. Note that forextra security the whole data stream is encrypted over the air interface.
6• Base station subsystem (BSS)The base station subsystem (BSS) is composed of three parts, the base transceiver station(BTS), the base station controller (BSC), which controls the BTSs, and the transcoding andrate adaption unit (TRAU) .• Base transceiver station (BTS)The BTS houses the radio transceivers (TRXs) that define a cell and handle the radio linkwith the mobile station. As was seen, each transceiver can handle up to eight full-rate userssimultaneously. If more than eight full-rate users request resources within the TRX then theywill receive a busy tone, or a network busy message may be displayed on the mobile device.It is possible to increase the number of simultaneous users in a cell by increasing the numberof TRXs, hence the number of frequencies used. When a mobile device moves from one cellto another the BTS may change. Within the GSM system a mobile device is connected toonly one BTS at a given time. The first TRX in a cell can actually only handle a maximumof seven (possibly less) simultaneous users since one channel on the downlink is used forbroadcasting general system information through what is known as the broadcast and controlchannel (BCCH). The BTS is also responsible for encrypting the radio link to the mobiledevice based on security information it receives from the core network .• Base station controller (BSC)The BSC manages the radio resources for one or more BTSs. It handles the radio channelsetup, frequency hopping and handover procedures when a user moves from one cell toanother. When a handover occurs, the BSC may change; it is a design consideration that thiswill not change with the same regularity as a BTS change. A BSC communicates with theBTS through time division multiplex (TDM) channels over what is referred to as the Abisinterface, generally implemented using E1 or T1 lines. If the numerous BTSs and thecorresponding BSC are in close proximity then this link may be a fibre optic or copper cableconnection. In some cases, there are a large number of BTSs in close proximity but quite
7some distance away from the controlling BSC. In such cases it may be more efficient torelay the calls from each of the BTSs to a single BTS via microwave links. This type of linkmay be very cost effective since generally the running costs of a point-to-point microwavelink may be free. Of course this has to be weighed against the cost of the purchasing anddeployment of the equipment. The collector BTS can then connect to the BSC via anothermicrowave link or via a landline cable. A problem with the above system is that if thecollector BTS fails then calls from the other BTSs may also fail. To overcome this problemit is possible to have two collector BTSs both sending the calls to the BSC. This forms aredundant link and if one collector BTS fails then this does not present such a large problem,as is illustrated in Figure 1.3 • Transcoding and rate adaption unit (TRAU)The central role of the second generation systems is to transfer speech calls and the systemhas been designed and optimized for voice traffic. The human voice is converted to binary ina rather complex process. GSM is now quite an old system and as such the original encodingmethod used (LPC-RPE1) is not as efficient as some of the more recently developed codingsystems such as those used in other cellular systems. There have been many developmentsin digital signal processing (DSP) which have enabled good voice quality to be transmittedat lower data rates. Although the TRAU is actually
8 BTS BTS BTS Base Station Controller BTS (BSC) Base Station Controller (BTS) BTS BTSFig1.3 Base Station Connectivityseen as being logically part of the BSS, it usually resides close to the MSC since this hassignificant impact on reducing the transmission costs . The voice data is sent in a 16 kbpschannel through to the TRAU from the mobile device via the BTS and BSC. Thetranscoding and rate adaptation unit will convert this speech to the standard 64 kbps fortransfer over the PSTN or ISDN network. Where over the air interface; speech uses 13 kbps(full-rate) and data 9.6 or 14.4 kbps, with each of these requiring a 16 kbps link through theBSS. As has been mentioned, digital voice data is robust in the face of errors, and canhandle substantial bit error rates before the user begins to notice signal degradation. This isin stark contrast to data such as IP packets, which is extremely error intolerant and achecksum is generally used to drop a packet which contains an error. The adaptive multirate(AMR) speech CODECS which are implemented in UMTS and also the enhanced full-rate(EFR) bit rates for the second generation GSM, TDMA and PDC systems for comparison.The GSM EFR uses the algebraic code excited linear prediction (ACELP) algorithm andgives better quality speech than full-rate (FR) using 12.2 kbps. A half-rate (HR) method of
9speech coding has also been introduced in to the standards, which is known as code excitedlinear prediction-vector sum excited linear prediction (CELP-VSELP). This method willenable two subscribers to share a single time slot . • Network switching subsystem (NSS)The NSS comprises the circuit switched core network part of the GSM system. The mainelement is the mobile switching centre (MSC) switch and a number of databases refer to asthe visitor location register (VLR) and home location register (HLR). The HLR is always inthe home network for roaming subscribers and thus any data exchange may have to crossinternational boundaries. The MSC and VLR are usually combined and are located in thevisited network. • Mobile switching centre (MSC)This acts like a normal switching node for a PSTN or ISDN network. It also takes care of allthe additional functionality required to support a mobile subscriber. It therefore has the dualrole of both switching and management. When a mobile device is switched on and requestsa connection to a mobile network, it is principally the MSC that processes this request, withthe BSS merely providing the access to facilitate this request. If the request is successfulthen the MSC registers the mobile device within its associated VLR (see below; mostmanufacturers tend to combine the VLR functionality with the MSC). The VLR will updatethe HLR with the location of this mobile device, and the HLR may be either in the samenetwork, or a different network in the case of a roaming user.The MSC deals with registration, authentication (the MSC requests information from theauthentication centre but it is the MSC which actually does the authentication), mobiledevice location updating and routing of calls to and from a mobile user. An MSC whichprovides the connectivity from the mobile network to the fixed network, e.g. ISDN orPSTN, is known as a gateway-MSC (G-MSC) .
10 • Home Location Register (HLR)When a subscriber registers with an operator, they enter into what is known as a servicelevel agreement (SLA). This operator’s mobile network is known as the home network orhome public land mobile network (H-PLMN). The HLR is a huge database located withinthis home network which stores administrative information about the mobile subscriber. Theinformation stored for a user in the HLR will include their IMSI, service subscriptioninformation, service restrictions and supplementary services. The HLR is also expected toknow the location of its mobile users. It actually knows their location only to the VLR withwhich the mobile device is registered. The HLR also only knows the location of a mobiledevice which is switched on and has registered with some mobile operator’s network. Thisis the case even if the mobile is in a different country connected to another mobile operator’snetwork, as long as a roaming agreement exists between the two mobile operators. TheGSM system provides all the technical capabilities to support roaming; however, thisroaming agreement is also required so that both operators can settle billing issues arisingfrom calls made by visiting mobile subscribers. • Visitor Location Register (VLR)The VLR is another database of users and is commonly integrated with an MSC. Unlike theHLR, where most information is of a permanent nature, the VLR only holds temporaryinformation on subscribers currently registered within its vicinity. This vicinity covers thesubscribers in the serving area of its associated MSC. When a mobile device enters a newarea, the mobile device may wish to connect to this network and if so informs the MSC ofits arrival. Once the MSC checks are complete, the MSC will update the VLR. A message issent to the HLR informing it of the VLR which contains the location of the mobile. If themobile device is making or has recently made a call, then the VLR will know the location ofthe mobile device down to a single cell. If the mobile device has requested and been grantedattachment to a mobile network, but not made any calls recently, then the location of themobile device will be known by the VLR to a location area, i.e. a group of cells and not asingle cell .
11 • Equipment Identity Register (EIR)The EIR is a list of all valid mobiles on the network. If a terminal has been reported stolenor the equipment is not type approved then it may not be allowed to operate in the network.The terminals are identified by their unique IMEI identifier . • Authentication Centre (AuC)The AuC is a database containing a copy of the secret key present in each of the users’ SIMcards. This is used to enable authentication and encryption over the radio link. The AuCuses a challenge–response mechanism, where it will send a random number to the mobilestation; the mobile station encrypts this and returns it. The AuC will now decrypt thereceived number and if it is successfully decrypted to the number originally sent, then themobile station is authenticated and admitted to the network. To make and receive calls, thelocation of the mobile device has to be known by the network. It would be extremelyinefficient if a user needed to be paged across an entire network, and almost impossible tosupport roaming to other networks. Each cell broadcasts its globally unique identity on itsbroadcast channel, which is used by the mobile device for location purposes. Mobilitymanagement is the mechanism that the network uses for keeping a dynamic record of thelocation of all of the mobile devices currently active in the network. In this context, locationdoes not refer specifically to the geographical location of the mobile device, but rather itslocation with respect to a cell in which it is currently located. However, for the developmentof cellular towards third generation, geographical location becomes important as an enablerfor location-based services (LBS). The major benefit of the cellular telephone over a fixedlandline is the mobility that it presents to the subscriber. Initially, this mobility was merelyallowing the user to move around and be tracked within a certain area; however, nowmobility extends to cover the concept of roaming. Unfortunately, the provision of mobilitymakes the network much more complex to design and operate. As a subscriber moves fromone location to another, the strength of the signal it receives from the base station to which itis currently listening will fluctuate, and, conversely, the signal received by the base stationfrom the mobile device will also vary. Both the network and the mobile device must
12constantly monitor the strength of the signal, with the mobile device periodically reportingthe information it has measured to the network. The mobile device also monitors thestrength of other cells in the vicinity. When the signal strength gets too weak from aparticular base station, a handover (also known as a handoff) to a base station in another cellmay take place. The network must try to guarantee that in the event of a handover, the usercall is not dropped and there is a smooth transition from cell to cell, even if the user ismoving quite rapidly, as is the case for a motorist. The HLR, which is in the home network,knows which VLR has information regarding the particular subscriber. The information theVLR holds depends on the connection state of the mobile device: in idle mode only thelocation area (LA) is known whereas in dedicated mode the actual cell is known. Most ofthe GSM mobile network is designed and implemented in a hierarchical manner. The changeof a cell from one base station to another is relatively simple if the BTSs are controlled bythe same BSC. The change of a BSC is more complex and hence will require moresignalling but will occur less frequently since each BSC controls a number of BTSs. Achange of the MSC is also possible but, again, this should be rather infrequent for mostusers. If a user is in a vehicle and moving at high speed, then a number of MSC handoversmay take place during a prolonged voice call. However, this will probably occur rarely asthe vehicle will likely have crashed or the driver been arrested before handover occurs! Thissystem of handover enables a subscriber to continue with a call in progress while movingfrom one geographical area to another.• When User 1 changes from one cell to another, a cell update is required. As noted, thisdoes not require much in the way of signalling.• When User 2 changes cell, a cell update and a BSC update are required. This will requiremore signalling, with the MSC controlling the change in BSC.• When User 3 changes cell, a cell update, a BSC update and an MSC update are required.This is a much more complex task, which will require a greater amount of signalling. Notethat these updates only take place when a mobile device has a call in progress, or in what isreferred to as dedicated mode. Mobile devices which do not have a call in progress but may
13have registered with the network are said to be in idle mode. Mobile devices in idle modewill only send periodic updates indicating that the mobile is still active, thus reducing thesignalling load on the network. When a user wishes to make a call, the mobile device willtransparently update the network as to its position and move to dedicated mode. In idlemode the location of the mobile device is still known but over a number of cells rather thana single cell. In idle mode the mobile device monitors a certain area spanning a number ofcells, known as a Location Area (LA), and sends location update information to the networkwhen the mobile device physically crosses a boundary between LAs. A certain period oftime has elapsed. Even when the mobile device is stationary, after a long period of inactivityit will send an update to allow the network to refresh its stored information regarding thesubscriber’s location. Devices which do not send this update will be assumed to have left thecoverage area and their data may be removed from the network. This interval is networkconfigurable and could be, for example, one hour.1.2.2 GSM Air InterfaceThere is a limited spectrum of frequencies that is both available and suitable for GSM.Cellular operators have to compete for this bandwidth with the likes of the military,broadcast television and broadcast radio. The available electromagnetic spectrum has beensplit into a number of bands by both national and international regulatory bodies.Fortunately there was much international agreement on the frequencies in the 900 MHz and1800 MHz bands, which brought in large economies of scale, reducing the price of handsets,and thus enabling GSM to flourish. GSM was originally designed to work in a 900 MHzband but is now used in 1800 MHz, 1900 MHz and a number of others, such as 450 MHz.As shown in Figure 1.4, the 900 MHz range is made up of two separate 25 MHz bands,between 890–915 MHz and 935–960 MHz. The lower 25 MHz is used for the mobilestation, or uplink, transmission and the upper 25 MHz of the range is
14 GSM Mobile Station 20MHz GSM Base Station Transmits Transmits890 915 935 960 Fig 1.4: GSM original band used for base station, or downlink, transmission. There is a gap of 20 MHz between the transmission sub-bands i.e. the GSM base station transmit band starts at 890 + 45 MHz. The mobile device transmits on the lower frequency since it is a physical property of electromagnetic waves that there will generally be less attenuation on lower frequencies. The base station is not reliant on a small battery and can therefore radiate greater power, thus the greater attenuation in the downlink is not seen as a major problem, allowing the mobile device to avail itself of better transmission characteristics. As discussed, GSM works on a combination of frequency division multiplexing (FDM), and time division multiplexing (TDM) multiple access schemes. It also uses slotted-Aloha, a contention method which is similar in operation to Ethernet. This contention mechanism is required since it is possible for two mobile subscribers to make a request for resources at exactly the same time. The mobile stations use this contention method to compete with each other to request a traffic channel (TCH), which is required for a call. Like Ethernet, there is a chance that a collision will occur, so mechanisms are implemented to deal with this. The FDM allocates each GSM channel 200 kHz of bandwidth and therefore there are 25 MHz/200 kHz = 125 channels available in each direction. One of these channels is not used for data transfer but is used as a guard band, leaving 124 channels available for communication. A matching pair of GSM frequency channels, i.e. one uplink and a corresponding downlink, is controlled by a device referred to as a transceiver (TRX). All of the operators in a country using GSM900 have to share these 124 channels and they will be allocated a licence covering a range of them by the national telecommunications regulator. Say there are four mobile operators in a given country. Each of them may be allocated 31 channels (124/4). For example, Operator 1 may
15be allocated 31 channels starting from 890.0 MHz, 890.2 MHz, and 890.4 MHz etc. up to896.0 MHz in the uplink and 935.0 MHz, 935.2 MHz, 935.4 MHz etc. up to 941.0 MHz inthe downlink, as shown in Figure 3.8. TDM further splits each of these frequency channelsinto eight separate time slots, each of which may be allocated to a user or used for controlpurposes. These time slots are individually referred to as slot 0 through to slot 7, and form aTDM frame. A single time slot in GSM is also referred to as a burst; however, this shouldnot be confused with the term ‘error burst’. If a cell is allocated a single frequency (oneTRX) then slot 0 on this frequency is reserved as a control channel. If two or morefrequencies are employed within the cell then it may require additional control channels toincrease the overall efficiency. The slot 0 control channel always includes the broadcast andcontrol channel (BCCH), which is broadcast from the base station in the downlink toprovide information to the mobile devices registered in the cell, such as the cell identifier,network operator etc.[3,4]1.3 Deficiencies of First- and Second-Generation Wireless SystemsFirst-generation cellular systems provide connection-oriented services for each voice user.Voice channels are dedicated to the users at a serving base station and network resources arededicated to the voice traffic on initiation of a call. The MSC sets up a dedicated voicechannel connection between the base station and the PSTN for the duration of a cellularphone call. Circuit switching is used to transmit voice traffic to and from the users terminalto the PSTN. Circuit switching establishes a dedicated radio channel between the basestation and the mobile, and a dedicated phone line between the MSC and the PSTN for theentire duration of a call. First-generation cellular systems provide data communicationsusing circuit switching. Wireless data services such as fax and electronic mail are not wellsupported by circuit switching because of their short, bursty transmission, which arefollowed by periods of inactivity. Often, the time required to establish a circuit exceeds theduration of the data transmission. Modem signals carrying data need to be passed throughthe audio filters that are designed for analog, FM, and common air interfaces. Thus, it is
16both clumsy and inefficient, e.g., voice filtering must be deactivated when data aretransmitted .1.4 Third-Generation Wireless NetworksThe deficiencies of the first- and second-generation wireless systems prevent them fromallowing roaming users to enjoy high data rate connections and multimediacommunications. The aim of third-generation wireless networks is to introduce a single setof standards that provide higher airlink bandwidth and support multimedia applications. Inaddition, the third-generation wireless systems are expected to be able to communicate withother information networks, e.g., the Internet and other public and private databases.Examples of third-generation wireless systems are TIA IxEV Data Only (or commonlyreferred to as High Data Rate system)-based networks [EVDO], TIA IxEVDV-basednetworks [EVDV], and 3GPP UMTS networks [UMTS]. Such 3G systems promise a peakairlink bandwidth of 2-3Mbps .1.4.1 UMTS / WCDMA Network ArchitectureThe UMTS network architecture is required to provide a greater level of performance to thatof the original GSM network. However as many networks had migrated through the use ofGPRS and EDGE, they already had the ability to carry data. Accordingly many of theelements required for the WCDMA / UMTS network architecture were seen as a migration.This considerably reduced the cost of implementing the UMTS network as many elementswere in place or needed upgrading. With one of the major aims of UMTS being to be able tocarry data, the UMTS network architecture was designed to enable a considerableimprovement in data performance over that provided for GSM .The UMTS network architecture can be divided into three main elements:User Equipment (UE): The User Equipment or UE is the name given to what was previoustermed the mobile, or cellphone. The new name was chosen because the considerably
17greater functionality that the UE could have. It could also be anything between a mobilephone used for talking or a data terminal attached to a computer with no voice capability.Radio Network Subsystem (RNS): The RNS is the equivalent of the previous Base StationSubsystem or BSS in GSM. It provides and manages the air interface for the overallnetwork.Core Network: The core network provides all the central processing and management forthe system. It is the equivalent of the GSM Network Switching Subsystem or NSS. Thecore network is then the overall entity that interfaces to external networks including thepublic phone network and other cellular telecommunications networks.Fig. 1.5 UMTS Network Architecture Overview • User Equipment, UEThe User Equipment UE is a major element of the overall UMTS network architecture. Itforms the final interface with the user. In view of the far greater number of applications and
18facilities that it can perform, the decision was made to call it user equipment rather than amobile. However it is essentially the handset (in the broadest terminology), although havingaccess to much higher speed data communications, it can be much more versatile,containing many more applications. It consists of a variety of different elements includingRF circuitry, processing, antenna, battery, etc.There are a number of elements within the UE that can be described separately:User Equipment RF circuitry: The RF areas handle all elements of the signal, both for thereceiver and for the transmitter. One of the major challenges for the RF power amplifier wasto reduce the power consumption. The form of modulation used for W-CDMA requires theuse of a linear amplifier. These inherently take more current than non linear amplifierswhich can be used for the form of modulation used on GSM. Accordingly to maintainbattery life, measures were introduced into many of the designs to ensure the optimumefficiency.Baseband processing: The base-band signal processing consists mainly of digital circuitry.This is considerably more complicated than that used in phones for previous generations.Again this has been optimised to reduce the current consumption as far as possible.Battery: While current consumption has been minimised as far as possible within thecircuitry of the phone, there has been an increase in current drain on the battery. With usersexpecting the same lifetime between charging batteries as experienced on the previousgeneration phones, this has necessitated the use of new and improved battery technology.Now Lithium Ion (Li-ion) batteries are used. These phones to remain small and relativelylight while still retaining or even improving the overall life between charges.Universal Subscriber Identity Module, USIM: The UE also contains a SIM card, althoughin the case of UMTS it is termed a USIM (Universal Subscriber Identity Module). This is amore advanced version of the SIM card used in GSM and other systems, but embodies thesame types of information. It contains the International Mobile Subscriber Identity number
19(IMSI) as well as the Mobile Station International ISDN Number (MSISDN). Otherinformation that the USIM holds includes the preferred language to enable the correctlanguage information to be displayed, especially when roaming, and a list of preferred andprohibited Public Land Mobile Networks (PLMN). The USIM also contains a shortmessage storage area that allows messages to stay with the user even when the phone ischanged. Similarly "phone book" numbers and call information of the numbers of incomingand outgoing calls are stored.The UE can take a variety of forms, although the most common format is still a version of a"mobile phone" although having many data capabilities. Other broadband dongles are alsobeing widely used .1.4.2 UMTS Radio Network SubsystemThis is the section of the UMTS / WCDMA network that interfaces to both the UE and thecore network. The overall radio access network, i.e. collectively all the Radio NetworkSubsystem is known as the UTRAN UMTS Radio Access Network.The Radio Network Subsystem comprises two main components:Radio Network Controller, RNC: This element of the radio network subsystem controls theNode Bs that are connected to it. The RNC undertakes the radio resource management andsome of the mobility management functions, although not all. It is also the point at whichthe data encryption / decryption is performed to protect the user data from eavesdropping.Node B: Node B is the term used within UMTS to denote the base station transceiver. Itcontains the transmitter and receiver to communicate with the UEs within the cell. In orderto facilitate effective handover between Node Bs under the control of different RNCs, theRNC not only communicates with the Core Network, but also with neighbouring RNCs.
20Fig 1.6 UMTS Radio Network Subsystem Architecture • UMTS Core NetworkThe UMTS core network architecture is a migration of that used for GSM with furtherelements overlaid to enable the additional functionality demanded by UMTS. In view of thedifferent ways in which data may be carried, the UMTS core network may be split into twodifferent areas:Circuit switched elements: These elements are primarily based on the GSM networkentities and carry data in a circuit switched manner, i.e. a permanent channel for the durationof the call.Packet switched elements: These network entities are designed to carry packet data. Thisenables much higher network usage as the capacity can be shared and data is carried aspackets which are routed according to their destination. Some network elements,particularly those that are associated with registration are shared by both domains andoperate in the same way that they did with GSM .
21 Fig 1.7 UMTS Core Network • Circuit Switch ElementsThe circuit switched elements of the UMTS core network architecture include the followingnetwork entities: Mobile switching centre (MSC): This is essentially the same as that within GSM, and it manages the circuit switched calls under way. The mobile switching centre (MSC) is the centre piece of the circuit switched core network. The same MSC can be used to serve both the GSM-BSS and the UTRAN connections. A GSM-MSC must be upgraded to meet the 3G requirements, but the same MSC can be used to serve both access networks. In addition to the radio access networks, it has interfaces to the fixed PSTN network, other MSCs, the packet-switched network (SGSN), and various core network registers (HLR, EIR, AuC). Physically, the VLR is implemented in connection with the MSC, so the interface between them (the B interface) exists only logically. Several BSSs can be connected to the MSC. The number and the size of MSCs also vary; a small operator may only have one small MSC, but once the number of subscribers increase, several large MSCs may be needed. The functions of an MSC include the following : • Paging;
22• Coordination of call setup from all MSs in the MSC’s jurisdiction;• Dynamic allocation of resources;• Location registration;• Interworking functions (IWFs) with other type of networks;• Handover management (especially the complex inter-MSC handovers);• Billing of subscribers (not the actual billing, but collecting the data for the billing center);• Encryption parameter management;• Signaling exchange between different interfaces;• Frequency allocation management in the whole MSC area;• Echo canceler operation and control.The MSC terminates the MM and CM protocols of the air interface protocol stack, so theMSC has to manage these protocols, or delegate some responsibilities to other core networkelements.Gateway MSC (GMSC): This is effectively the interface to the external networks. TheGateway MSC (GMSC) is an MSC that is located between the PSTN and the other MSCs inthe network. Its function is to route the incoming calls to the appropriate MSCs by firstinterrogating the appropriate HLR. If the operator allows the outside networks to access itsHLRs, then a dedicated GMSC is not necessary as the other networks can route the calls tothe right MSC by themselves. In practice it is also possible that all MSCs are also GMSCs ina PLMN. • Packet Switched Elements: The packet switched elements of the UMTS core network architecture include the following network entities: Serving GPRS Support Node (SGSN): As the name implies, this entity was first developed when GPRS was introduced, and its use has been carried over into the UMTS network architecture. The SGSN provides a number of functions within the UMTS network architecture.
23 Mobility management: When a UE attaches to the Packet Switched domain of the UMTS Core Network, the SGSN generates MM information based on the mobiles current location. Session management: The SGSN manages the data sessions providing the required quality of service and also managing what are termed the PDP (Packet data Protocol) contexts, i.e. the pipes over which the data is sent. Interaction with other areas of the network: The SGSN is able to manage its elements within the network only by communicating with other areas of the network, e.g. MSC and other circuit switched areas. Billing: The SGSN is also responsible for billing. It achieves this by monitoring the flow of user data across the GPRS network. CDRs (Call Detail Records) are generated by the SGSN before being transferred to the charging entities (Charging Gateway Function, CGF). Gateway GPRS Support Node (GGSN): Like the SGSN, this entity was also first introduced into the GPRS network. The Gateway GPRS Support Node (GGSN) is the central element within the UMTS packet switched network. It handles inter-working between the UMTS packet switched network and external packet switched networks, and can be considered as a very sophisticated router. In operation, when the GGSN receives data addressed to a specific user, it checks if the user is active and then forwards the data to the SGSN serving the particular UE .• Shared ElementsThe shared elements of the UMTS core network architecture include the following networkentities:• Visitor Location RegisterThe visitor location register (VLR) contains information about the mobile stations roaming inthis MSC area. It is also possible that one VLR handles the visitor register of several MSCareas. Note that a VLR contains information from all active subscribers in its area, even fromthose to whom this network is their home network, so the name VLR is misleading as most
24entries in that register are not visitors, but users in their own home network. The VLR containspretty much the same information as the home location register (HLR), the difference being thatthe information in the VLR is there temporarily, whereas the HLR is a site for permanentinformation storage. When a user makes a subscription, the subscriber’s data is added to hishome HLR. From there it is copied to the VLR the user is currently registered with. When auser registers with another network, the subscriber data is removed from the old VLR andcopied to the new VLR. There are, however, some network optimization schemes, which maychange this principle in the future. The VLR contains such data that the normal call setupprocedures can be handled without consulting the HLR. This is important especially if the useris roaming abroad, and the signalling connection to the home network is expensive. A VLR subscriber data entry includes the following information: • International mobile subscriber identity (IMSI); • Mobile station international ISDN number (MSISDN); • Mobile station roaming number (MSRN); • Temporary mobile station identity (TMSI), if applicable; • Local mobile station identity (LMSI), if used; • Location area where the mobile station has been registered; • Identity of the SGSN where the MS has been registered, if applicable; • Last known location and the initial location of the MS. In addition, there can be lots of optional data, depending on what features the network supports [e.g., CAMEL or local service area (LSA)]. The VLR may also contain supplementary service parameters. The procedures the VLR has to perform include the following: • Authentication procedures with the HLR and the AuC; • Cipher key management and retrieval from the home HLR/AuC; • Allocation of new TMSI numbers; • Tracking of the state of all MSs in its area; • Paging procedure support (retrieval of the TMSI and the current location area).
25• Home location register (HLR): This database contains all the administrative information about each subscriber along with their last known location. In this way, the UMTS network is able to route calls to the relevant RNC / Node B. When a user switches on their UE, it registers with the network and from this it is possible to determine which Node B it communicates with so that incoming calls can be routed appropriately. Even when the UE is not active (but switched on) it re-registers periodically to ensure that the network (HLR) is aware of its latest position with their current or last known location on the network. The HLR contains the permanent subscriber data register. Each subscriber information profile is stored in only one HLR. The HLR can be implemented in the same equipment as the MSC/VLR, but the usual arrangement is to have the MSC/VLR as one unit, and the HLR/AuC/EIR combination as another unit. One PLMN can have several HLRs. The subscriber information is entered into the HLR when the user makes a subscription. There are two kinds of information in an HLR register entry, permanent and temporary. The permanent data never change, unless the subscription parameters are changed. An example of this is the user who adds some supplementary services to his/her subscription. The temporary data contain things like the current (VLR) address and ciphering information, which can change quite often, even from call to call. Temporary data are also sometimes conditional; that is, it is not always there. A subscriber data entry can be accessed by either IMSI or MSISDN . The permanent data in the HLR include among others: • International mobile subscriber number (IMSI), which identifies the subscriber (or actually his or her SIM card) unambiguously; • MS category information; • Possible roaming restrictions; • Closed user group (CUG) membership data; • Supplementary services parameters; • Authentication key; • Network access mode (NAM), which determines whether the user can access the GPRS networks, non-GPRS networks, or both.
26 In addition, if GPRS is supported, PDP addresses are included. Again, there may be lots of other entries, depending on what features the network supports. The temporary data include the following: • Local mobile station identity (LMSI); • Triplet vector; that is, three authentication and ciphering parameters: (1) random number (RAND), (2) signed response (SRES), and (3) ciphering key (Kc); • Quintuplet vector; that is, five authentication and ciphering parameters: (1) random challenge (RAND), (2) expected response (XRES), (3) cipher key (CK), (4) integrity key (IK), and (5) authentication token (AUTN); • MSC number; • VLR number (the identity of the currently registered VLR). In addition, if GPRS is supported, SGSN and GGSN numbers (SS7 addresses) are included The HLR also forwards the charging information to the billing center.• Equipment identity register (EIR): The EIR is the entity that decides whether given UE equipment may be allowed onto the network. Each UE has a number known as the International Mobile Equipment Identity. This number, as mentioned above, is installed in the equipment and is checked by the network during registration. The equipment identity register (EIR) stores the international mobile equipment identities (IMEIs) used in the system. An EIR may contain three separate lists: White list: The IMEIs of the equipment known to be in good order; Black list: The IMEIs of any equipment reported to be stolen; Gray list: The IMEIs of the equipment known to contain problems (such as faulty software) that are not fatal enough to justify barring them. At a minimum an EIR must contain a white list. It is unfortunate that the black list and the checks against it are not mandatory, as stolen mobile phones can now be used in some networks that have a weaker security policy. And it is even more unfortunate that changing the IMEI code of a handset is not yet illegal in many countries.
27 Typically a PLMN has only one EIR, which then interconnects to all HLRs in the network. Note that EIR handles IMEI values, not IMSIs or any other identities. The IMEI is (or should be) a unique identity of a mobile handset assigned when it is manufactured. Authentication centre (AuC) : The AuC is a protected database that contains the secret key also contained in the users USIM card. The authentication center (AuC) is associated with an HLR. The AuC stores the subscriber authentication key, Ki, and the corresponding IMSI. These are permanent data entered at subscription time. The Ki key is used to generate an authentication parameter triplet (Kc, SRES, RAND) during the authentication procedure. Parameter Kc is also used in encryption algorithms. An AuC physically always exists with an HLR. The MAP interface between them (the H interface) has not been standardized [3,5].Reference:
28Mooi Choo Chuah and Qinqing Zhang (2006) Design and Performance of 3G Wireless Networks and Wireless LANS, Springer Science and Business Media Inc.Jeffrey Bannister, Paul Mather and Sebastian Coope (2004) Convergence Technologies for 3G Networks IP, UMTS, EGPRS and ATM.,John Wiley and Sons LTD.Juha Korhonen (2003) Introduction to 3G Mobile Communications, Artech House, Inc.G.Gomez and R. Sanchez (2005) End to End Quality of Service Over Cellular Networks, Data Service Performance and Optimization in 2G/3G. John Wiley and Sons LTD.Monoru Etoh (2005) Next Generation Mobile System 3G and Beyond, John Wiley and Sons.Willie W, Broadband Wireless Mobile 3G and Beyond. John Wiley and Sons Ltd.Dr. Jonathan P. Castro, The UMTS Network and Radio Access Technology; Interface Technique for Future Mobile Systems. John Wiley and Sons Ltd.Williams C.Y. Lee (2006) Wireless and Cellular Telecommunication, McGraw Hill, Singapore.V. Vangi, A. Damnjanovic and B. Vojcic (2004) The cdma2000 System for Mobile Communications, Prentice-Hall PTR.S.C. Yang (2004) 3G CDMA 2000, Artech House, Inc., Boston.B. Pelletier and H. Leib (2004) ̋PCS Third Generation CDMA system, Study of the Physical ̏ Layer. Wireless Communication Group at Mc Gill University.H. Holma and Antti Toskala (2001) WCDMA for UMTS, John Wiley and Sons.C. Smith and D. Collins (2002) 3G Wireless Works, McGraw-Hill.D. Collins (2001) Carrier Grade Voice Over IP, McGraw Hill.V.K. Garg (2000) IS-95 CDMA and cdma2000, Prentice- Hall PTR.
29D. J. Goodman (1997) Wireless Personal Communications Systems. Addison-Wesley, Reading, MAO. Sallent, J. Perez-Romero, R. Agusti et al. (2003) ‘Provisioning multimedia wireless networks for better QoS: RRM strategies for 3G W-CDMA.’ IEEE Communications Magazine 41(2), 100–107Walke, B., Mobile Radio Networks, New York: Wiley,Silventoinen, M. (1999) “Indoor Base Station Systems,” in GSM—Evolution Towards 3rd Generation Systems, Z. Zvonar, P. Jung, and K. Kammerlander (eds.), Norwell, MA: Kluwer Academic Publishers.Roberts, J., U. Mocci, and J. Virtamo (1996) “Broadband Network Teletraffic,” COST 242 report, Berlin: Springer-Verlag.A. S. Tanenbaum (2003) Computer Networks, 4th edn. Prentice Hall, Upper Saddle River,NJ.H. Taub, D. Schilling (1986) Principles of Communication Systems. 2nd edn. McGraw-Hill, New York.A. J. Viterbi (1995) CDMA: Principles of Spread Spectrum Communication. Addison-Wesley, Reading, MA.A. J. Viterbi (1967) ‘Error bounds for convolutional codes and an asymptotically optimum decoding algorithm’, IEEE Transactions on Information Theory IT-13, 260–269.D. J. Goodman (1997) Wireless Personal Communications Systems. Addison-Wesley, Reading, MA.H. Holma, A. Toskala (2002) WCDMA for UMTS, 2nd edn. John Wiley and Sons, Chichester.J. Laiho, A. Wacker, T. Novosad (2002) Radio Network Planning and Optimisation for UMTS,John Wiley and Sons, Chichester.
30S. Floyd, V. Jacobson (1993) ‘Random early detection gateways for congestion avoidance’, IEEE/ACM Transactions on Networking, 1(4), 397–413.Karkkainen, K.H.A. (1995) “Influence of Various PN Sequence Phase Optimization Criteria on the SNR Performance of an Asynchronous DS-CDMA System,” Proc. IEEE 1995 Military Communications Conference (MILCOM 95), San Diego, California.Ojanpera, T., and R. Prasad (1998) Wideband CDMA for Third Generation Mobile Communications, Norwood, MA: Artech House.Holma, H., and A. Toskala (eds.), (2000) WCDMA for UMTS: Radio Access for Third Generation Mobile Communications, New York: Wiley.Prasad, R., W. Mohr, and W. Konhauser (2000) Third Generation Mobile Communication Systems, Norwood, MA: Artech House.Black, U. D. (1989) Data Networks: Concepts, Theory, and Practice, Englewood Cliffs, NJ: Prentice Hall International.Viterbi, A. J. (1995) CDMA: Principles of Spread Spectrum Communication, Reading, MA: Addison-Wesley.