GSM Network - Distributed Service Model


Published on

Published in: Technology

GSM Network - Distributed Service Model

  1. 1. GSM(Global System for Mobile Communication)<br />Prepared by:<br />Reynald Susainathan<br />[Unit-3]<br />
  2. 2. Need for development<br />Europe had numerous coexisting Analog mobile phone system (1G), often based on similar standards, but ran on slightly different carrier frequency, resulting in:<br />Each system was incompatible with other’s equipment and operation.<br />Hence there was a limited market for equipments of this type.<br />
  3. 3. Solution<br />“Group Special Mobile” (GSM) was formed to study and develop a pan-European public land mobile system.<br />
  4. 4. Features of the Proposed System<br />Good subjective speech quality<br />Low terminal and service cost<br />Support for international roaming<br />Ability to support handheld terminals<br />Support for range of new services and facilities<br />Spectral efficiency<br />ISDN compatibility<br />
  5. 5. Strategies for GSM development<br />GSM developers chose “Digital System”, as opposed to then-standard analog cellular systems like AMPS in US and TACS in UK.<br />They had faith in:<br />Advancement in Compression Algorithms<br />Digital Signal Processors<br />Since they would allow fulfillment of the original criteria and continual improvement in QoS<br />GSM recommendations allows:<br />Flexibility &<br />Competitive innovation<br />GSM Specification provides enough standardization to:<br />Guarantee proper internetworking between components of the system<br />This is done by providing the following for each Functional Entities defined in the system:<br />Functional Description &<br />Interface Description.<br />
  6. 6. GSM Versions<br />GSM 900<br />Uplink : 890-915 MHz<br />Downlink : 935-960 MHz<br />DCS (Digital Cellular System) 1800<br />Uplink : 1710-1785 MHz<br />Downlink : 1805-1880 MHz<br />PCS (Personal Communication Service) 1900<br />Uplink : 1850-1910 MHz<br />Downlink : 1930-1990 MHz<br />
  7. 7. GSM Versions<br />GSM 400 (To replace analog systems in sparsely populated areas)<br />Uplink : 450.4-457.6 / 478.8-486 MHz<br />Downlink : 460.4-467.6 / 488.8-496 MHz<br />GSM-Rail (For rail-road systems [GSM-R])<br />Offers many additional services not available in public GSM.<br />Offers 19 exclusive channels for railroad operators for voice and data traffic.<br />Special features:<br />Emergency calls with acknowledgements<br />Voice Group Call Service (VGCS)<br />Voice Broadband Service (VBS)<br />Advanced Speech Call Items (ASCI)<br />
  8. 8. GSM-R<br />Calls are prioritized:<br />Calls have very short set-up times:<br />Emergency calls less than 2s<br />Group calls less than 5s<br />Calls can be directed<br />To all users at a certain location<br />To all users with a certain function<br />To all users within number space<br />Trains going not faster than 160 km/h can control all gates, switches and signals themselves.<br />GSM-R can be still used to maintain control in trains faster than 160 km/h<br />
  9. 9. Mobile Services<br />Section - 1<br />
  10. 10. 3 Categories of GSM Service<br />GSM permits the integration of different voice and data services and the inter-working with existing network, offering 3 types of services:<br />Bearer Service<br />Tele Service &<br />Supplementary Service<br />
  11. 11. Bearer and Tele Service Model<br />Mobile Termination (Performs all network specific tasks like TDMA, FDMA, Coding etc). It offers interface for data transmission.<br />Mobile Station<br />Air Interface<br />GSM – Public Land Mobile Network<br />Bearer Service comprises of all services that enable transparent transmission of data between the interfaces to the network. (ie., ‘S’ in case of MS)<br />Interfaces like U, S, R in ISDN have not been defined for all networks, so it depends on specific network, which interface is used for reference for transparent transmission of data.<br />In classical GSM model, bearer services are connection-oriented and circuit- or packet-switched. These services need only lower 3 layers of ISO/OSI reference model.<br />Tele Service are application specific and need all 7 layers of ISO/OSI model<br />
  12. 12. Bearer Services<br />Original GSM data rates: up to 9600 bit/s for non-voice services. <br />Bearer service permits data transmission, that may be<br />Transparent and Non-Transparent &<br />Synchronous and Non-Synchronous <br />Transparent Bearer Service (TBS):<br />Uses only the function of the physical layer to transmit data.<br />Data transmission has constant delay and throughput if no transmission error occurs.<br />Transmission quality can be improved by use of Forward Error Correction (FEC), which codes redundancy into data stream and helps reconstruct original data if transmission errors occur.<br />Depending on FEC data rates of 2.4, 4.8 or 9.6 kbit/s is possible.<br />TBS do not try to recover lost data in case of shadowing or interruption due to handover.<br />Non-Transparent Bearer Service (NBS):<br />Uses protocol layers 2 & 3 for error correction and flow control.<br />These services use the TBS, adding a RLP (Radio Link Protocol).<br />RLP comprises mechanisms like<br />HDLC (High-Level Data Link Control) &<br />Special selective-reject mechanism to trigger retransmission of erroneous data<br />Achieved bit error rate is less than 10-7, but now throughput and delay may vary depending on transmission quality.<br />
  13. 13. Advantages of Bearer Services<br />Using TBS and NBS, GSM specifies several bearer services for internetworking with PSTN, ISDN and Packet Switched Public Data Network like X.25, which is available world-wide.<br />Data transmission can be<br />Full-Duplex, Synchronous with data rates of 1.2, 2.4, 4.8 & 9.6 kbit/s<br />Full-Duplex, Asynchronous from 300 to 9600 bit/s<br />Relatively low data rate reflect the assumption that data services will only constitute small percentage of overall traffic.<br />But this is changing, new developments introduce new data services.<br />
  14. 14. Tele-Services<br />GSM focuses on Voice-Oriented Tele Services<br />These comprise:<br />Encrypted Voice Transmission<br />Message Services &<br />Basic Data Communication with terminals as known from PSTN or ISDN<br />Main service is “Telephony”<br />Hence the primary goal of GSM is “Provision of High-Quality Digital Voice Transmission” offering at least typical bandwidth of 3.1 KHz of analog phone systems.<br />Special codes (coder/decoder) are used for voice transmission, while other codes are used for transmission of analog data for communication with traditional computer modems.<br />“Emergency Number”<br />Same number throughout Europe<br />Mandatory service for all providers and its free of cost<br />Highest priority, pre-empting other connections &<br />Will automatically be set-up with the closest emergency center.<br />
  15. 15. Tele-Services<br />Short Message Service (SMS)<br />Offers transmission of message up to 160 characters.<br />SMS do not use standard data channel of GSM<br />Uses unused capacity in signaling channels.<br />Sending / Receiving SMS possible during data / voice transmission.<br />Applications usage – Network Operators – Content Providers – Push Service<br />Enhanced Message Service (EMS)<br />Successor of SMS.<br />Large message size (760 characters), concatenating several SMSs<br />Formatted Text <br />Transmission of animated pictures, small images & ring tones in standardized way<br />Multimedia Message Service (MMS)<br />Allows transmission of large pictures (GIF, JPG, WBMP), short video clips &<br />Comes with mobile phones that integrate small camera.<br />
  16. 16. Tele-Services<br />Group 3 Fax<br />Non-Voice Tele Service<br />Fax data transmitted as Digital Data over Analog Telephone Network according to ITU-standards T.4 and T.30 using modems.<br />Transparent Fax Service is used.<br />Fax Data &<br />Fax Signaling is transmitted using TBS<br />Low transmission quality causes an automatic adaptation of bearer service to lower data rates and higher redundancy for better FEC.<br />
  17. 17. Supplementary-Services<br />Similar to ISDN networks, it offers enhancement to standard telephony services<br />Typical services offered are:<br />User Identification<br />Call Redirection or Forwarding of ongoing calls<br />Standard ISDN features are also available:<br />Closed Group Users &<br />Multi-party Communication<br />
  18. 18. System architecture<br />Section - 2<br />
  19. 19. Subsystems of GSM<br />Radio Subsystem (RSS)<br />Network and Switching Subsystem (NSS) &<br />Operating Subsystem (OSS)<br />
  20. 20.
  21. 21. Radio Subsystem (RSS)<br />
  22. 22. Radio Subsystem<br />Comprises radio specific entities like:<br />MS (Mobile Station)<br />BSS (Base Station Subsystem)<br />RSS and NSS are connected via “A Interface” and connected to OSS via “O Interface”.<br />“A Interface” is based on circuit-switched PCM-30 systems (2.048 Mbit/s), carrying up to 30 64 kbit/s connections.<br />“O Interface” uses Signaling system No. 7 (SS7) based on X.25 carrying management data to/from the RSS.<br />
  23. 23. Components of RSS<br />Base Station Subsystem (BSS)<br />Base Transceiver Station (BTS)<br />Base Station Controller (BSC)<br />Mobile Station (MS)<br />
  24. 24. Base Station Subsystem<br />A GSM Network comprises many BSSs.<br />BSS is controlled by BSC<br />BSS contains several BTSs.<br />Functions of BSS are:<br />Maintaining radio connections to a MS.<br />Coding / Decoding of voice &<br />Rate adaptation to / from the wireless network part. <br />
  25. 25. Base Transceiver Station<br />BTS comprises all radio equipments like:<br />Antennas<br />Signal Processing<br />Amplifiers<br />A BTS can form a radio cell, or several cells using sectorized antennas.<br />BTS is connected to MS via Um Interface.<br />BTS is connected to BSC via Abis Interface.<br />Um contains all mechanisms necessary for wireless transmission (TDMA, FDMA etc)<br />Abis consists of 16 or 64 kbit/s connections.<br />A GSM cell can measure between some 100m and 35km depending on the environment. <br />
  26. 26. Base Station Controller<br />Manages BTSs<br />Its functionality include:<br />Reserves radio frequencies<br />Handles the handover from one BTS to another within BSS<br />Performs paging of the MS<br />Multiplexes radio channel onto the fixed network connections at the A interface.<br />
  27. 27. Mobile Station<br />MS comprises of below for communication with GSM Network<br />User equipment <br />User independent Hardware & Software <br />Subscriber Identity Module (SIM)<br />Stores user specific data relevant to GSM<br />Without SIM only emergency call are possible<br />User can personalize MS using SIM<br />Contains many identifiers and tables such as:<br />Card-type<br />Serial number<br />A list of subscribed services<br />Personal Identity Number (PIN)<br />PIN Unblocking Key (PUK)<br />An Authentication Key Ki&<br />International Mobile Subscriber Identity (IMSI)<br />A MS can be identified via the International Mobile Equipment Identity (IMEI), helps in theft protection.<br />
  28. 28. Mobile Station<br />MS stores dynamic information while logging onto the GSM System, such as:<br />Cipher Key Kc &<br />Location Information containing:<br />Temporary Mobile Subscriber Identity (TSMI) &<br />Location Area Identification (LAI).<br />Transmit power of MS:<br />GSM 900 : 2W<br />GSM 1800 : 1W<br />Other types of interfaces in MS:<br />Display<br />Loudspeaker & Microphone<br />Programmable soft keys<br />Computer Modems<br />IrDA or Bluetooth<br />
  29. 29. Network and Switching Subsystem (NSS)<br />
  30. 30. Functionalities of NSS<br />NSS connects the Wireless Network with standard public networks.<br />Performs handover between different BSSs.<br />Comprises function for worldwide localization of users<br />Supports charging, accounting and roaming of users between different providers in different countries<br />
  31. 31. NSS Switches and Databases<br />Mobile Service Switching Center (MSC)<br />Home Location Register (HLR)<br />Visitor Location Register (VLR)<br />
  32. 32. Mobile Service Switching Center<br />High performance digital ISDN Switches.<br />Forms the fixed backbone of a GSM system:<br />Sets up connection to other MSC and to BSC via “A” interface.<br />MSC manages several BSCs in a geographical region.<br />Gateway MSC (GMSC) has additional connections to other fixed networks like PSTN & ISDN.<br />Using Internetworking Functions (IWF), a MSC can connect to a Public Data Network (PDN) like X.25<br />
  33. 33. Mobile Service Switching Center<br />MSC handles all signaling needed for:<br />Connection setup<br />Connection release &<br />Handover of connections to other MSCs<br />The Standard Signaling System No. 7 (SS7) is used.<br />Aspects of SS7:<br />Reliable routing and delivery of control messages<br />Establishing and monitoring of calls<br />Features of SS7:<br />Number portability,<br />Free phone/toll/collect/credit calls,<br />Call forwarding,<br />Three-way calling<br />MSC functions for supplementary services:<br />Call Forwarding,<br />Multi-party calls,<br />Reverse charging etc.<br />
  34. 34. Home Location Register (HLR)<br />An important database in GSM system.<br />Stores user-relevant information like:<br />Mobile Subscriber ISDN number (MSISDN)<br />Subscribed Services (Eg: call forwarding, roaming restrictions, GPRS) &<br />International Mobile Subscriber Identity (IMSI)<br />Dynamic Information is also needed:<br />Current Location Area (LA) of MS<br />Mobile Subscriber Roaming Number (MSRN)<br />Current Visitor Location Register (VLR) &<br />Current MSC<br />
  35. 35. Home Location Register (HLR)<br />Functional Aspects:<br />As soon as MS leaves its LA HLR is updated<br />This is needed to localize a user within a worldwide GSM Network.<br />Supports charging and accounting<br />HLR can manage data for several millions of customers<br />Maintains highly specialized databases that fulfills real-time requirements to answer requests within time-bound.<br />
  36. 36. Visitor Location Register (VLR)<br />VLR is associated with each MSC<br />VLR is a dynamic database<br />Functional aspects of VLR:<br />Stores all important information needed for MS users currently in LA that is associated to the MSC<br />IMSI<br />MSISDN<br />HLR Address<br />If a new MS comes into an LA, VLR copies relevant information for this user from HLR.<br />This hierarchy of VLR and HLR avoids frequent HLR updates and long-distant signaling from the user.<br />Typically used for localization like HLR.<br />
  37. 37. Operation Subsystem<br />
  38. 38. OSS<br />Contains necessary functions for:<br />Network Operation &<br />Maintenance<br />OSS contains Network Entities<br />OSS accesses other entities via SS7 signaling<br />
  39. 39. OSS Entities<br />Operation and Maintenance Centre (OMC)<br />Authentication Center (AuC)<br />Equipment Identity Register (EIR)<br />
  40. 40. Operation & Maintenance Centre (OMC)<br />OMC monitors & controls all other Network Entities via “O interface” (SS7 with X.25)<br />OMC uses concepts of TMN (Telecommunication Management Network)<br />OMC’s management functions:<br />Traffic monitoring<br />Status reports of network entities<br />Subscriber Management <br />Accounting and Billing &<br />Security Management<br />
  41. 41. Authentication Centre (AuC)<br />Defined to protect<br />User Identity &<br />Data Transmission<br />AuC contains algorithms for:<br />Authentication<br />Key for encryption &<br />Values needed for user authentication in HLR.<br />AuC is situated in a special protected part of the HLR<br />
  42. 42. Equipment Identity Register (EIR)<br />EIR is a Database for all IMEIs<br />Stores all device identifications registered for this network.<br />Entries in EIR<br />White-list<br />List of valid IMEIs<br />Grey-list<br />List of malfunctioning devices<br />
  43. 43. Radio interface<br />Section 4.1.3<br />
  44. 44. Um Interface<br />Um is a Radio Interface<br />It comprises of mechanisms needed for:<br />Multiplexing <br />GSM implements SDMA using cells with BTS and assigns an MS to a BTS.<br />FDD is used to separate downlink and uplink.<br />Media access.<br />Combines TDMA and FDMA.<br />
  45. 45. GSM - FDMA<br />GSM 900:<br />124 channels, each 200 KHz wide<br />Channel 1 & Channel 124 are not use for technical reasons.<br />32 channels are reserved for organizational data<br />Remaining 90 are used for customers<br />GSM 1800:<br />374 channels<br />Each BTS manages a single channel for organizational data and up to 10 channels for user data.<br />
  46. 46. GSM - TDMA<br />
  47. 47. GSM - TDMA<br />Each of 248 channels is additionally separated in time via a GSM TDMA Frame.<br />Each 200 KHz carrier is subdivided into frames that are repeated continuously.<br />Duration of a frame is 4.615ms<br />A frame is again subdivided into 8 GSM Time Slots<br />Each slot represents a physical TDM channel and lasts for 577μs.<br />Each TDM channel occupies the 200 KHz carrier for 577μs every 4.615ms.<br />
  48. 48. Data Transmission<br />Data is transmitted in small portions called bursts.<br /> Normal burst is shown in the previous picture.<br />A Burst is only: <br />546.5μs long and <br />Contains 148 bits<br />The remaining 30.5μs is used as Guard Space.<br />Avoids overlapping with other burst, due to:<br />Different path delays &<br />Give transmitter time to turn on and off.<br />Filling the whole slot with data allows for transmission of 156.25 bit with 577μs.<br />Each physical TDM channel has a raw data rate of about 33.8 kbit/s.<br />Each radio carrier transmits approximately 270 kbit/s over Um interface.<br />
  49. 49. Normal Burst<br />tail is set to zero; can be used to enhance receiver performance.<br />Training sequence is used to:<br />Adapt the parameters f the receiver to the current path propagation characteristics &<br />Select the strongest signal in case of Multi-path propagation.<br />S flag indicates whether the data field contains user or network control data.<br />
  50. 50. Other types of Bursts<br />Frequency correction burst<br />Allows MS to correct the local oscillator to avoid interference with neighboring channels.<br />Synchronization burst<br />With an extended training sequence synchronizes MS with BTS in time.<br />Access burst<br />Used for the initial connection setup between MS and BTS<br />Dummy burst<br />Used if no data is available for a slot.<br />
  51. 51. Simple Transmitter Hardware<br />Two factors allow its use:<br />The slot for uplink and downlink of a physical TDM channel are separated in frequency<br />GSM 900 – 45 MHz<br />GSM 1800 – 95 MHz uses FDD.<br />TDMA frames are shifted in time for 3 slots:<br />If BTS sends data at time t0 in slot one on the downlink.<br />MS accesses slot one on uplink at time t0+3.577μs.<br />An MS does not need a full-duplex transmitter, a simpler half-duplex transmitter switching between receiving and sending is enough.<br />
  52. 52. Slow Frequency Hopping<br />GSM specifies an optimal slow frequency hopping:<br />To avoid frequency selective fading<br />MS and BTS may change the carrier frequency after each frame based on a common hopping sequence.<br />An MS changes its frequency between up and downlink slots respectively.<br />
  53. 53. Logical Channels and Frame Hierarchy<br />
  54. 54. [Background Reading]<br />Co-dec:<br />Stands for "compressor / decompressor" and "code/decode".<br />It helps speed up data transfer.<br />Mathematical codecs are built to encode (“shrink”) a signal for transmission and then decode it for viewing or edition.<br />Voice Co-dec:<br />an application of data compression of digital audio signals containing speech. Coding uses voice-specific parameter estimation using audio signal processing techniques to model the speech signal, combined with generic data compression algorithm to represent the resulting modeled parameters in a compact bitstream<br />
  55. 55. Two groups of logical channels<br />Traffic channels &<br />Control channels<br />
  56. 56. Traffic Channel (TCH)<br />GSM uses TCH to transmit user data (Voice, fax, etc… )<br />Two basic categories of TCH:<br />Full-Rate TCH (TCH/F)<br />Data Rate : 22.8 kbit/s<br />Half-Rate TCH(TCH/H)<br />Data Rate : 11.4 kbit/s<br />With voice codecs available at beginning of GSM standardization, 13 kbit/s was required, remaining capacity of TCH/F is used for error-correction (TCH/FS)<br />Improved codecs allow for better voice coding and can use TCH/H.<br />Using TCH/HS doubles the capacity of the GSM system for voice transmission.<br />However, speech quality reduces with use of TCH/HS<br />Many providers are trying to avoid them.<br />
  57. 57. Traffic Channel (TCH)<br />Standard codecs for voice are called:<br />Full Rate (FR) : 13 kbit/s<br />Half Rate (HR) : 5.6 kbit/s<br />Enhanced Full Rate (EFR) : 12.2 kbit/s<br />Provides better quality than FR as long as transmission error rate is low.<br />Adaptive Multi-Rate (AMR)<br />New codes<br />Automatically chooses best mode of operation depending on the error rate, will be used together with 3G systems.<br />Tandem-Free Operation (TFO):<br />An additional increase in voice quality is provided<br />This mode can be used if two MSs are exchanging voice data:<br />In this case, coding to and from PCM encoded voice can be skipped &<br />GSM encoded voice data is directly exchanged. <br />
  58. 58. Traffic Channel (TCH)<br />Data transmission in GSM is possible at different rates:<br />TCH/F4.8 for 4.8 kbit/s<br />TCH/F9.6 for 9.6 kbit/s<br />TCH/F14.4 for 14.4 kbit/s<br />These logical channels differ in terms of their:<br />Coding schemes and <br />Error correction capabilities.<br />
  59. 59. Control Channel (CCH)<br />Many different CCHs are used in a GSM system to control:<br />Medium Access<br />Allocation of traffic channels or<br />Mobility Management<br />
  60. 60. 3 Groups of CCH<br />Broadcast Control Channel (BCCH)<br />Common Control Channel (CCCH)<br />Dedicated Control Channel (DCCH)<br />
  61. 61. Broadcast Control Channel (BCCH)<br />BTS uses this channel to signal information to all MSs within a cell.<br />Information transmitted in the channel is:<br />The Cell identifier<br />Options available within this cell and in neighboring cells &<br />Frequencies available within this cell and in neighboring cells<br />Sub-channels of BCCH:<br />Frequency Correction Channel (FCCH): BTS sends information for frequency correction via this channel.<br />Synchronization Channel (SCH): BTS sends information about time synchronization via this channel.<br />
  62. 62. CommonControl Channel (CCCH)<br />All information regarding the connection setup between MS and BS is exchanged via CCCH.<br />Sub-channels:<br />Paging Channel (PCH): BTS uses this channel for calls towards an MS.<br />Random Access Channel (RACH): <br />If an MS wants to set up a call, it uses RACH to send data to BTS.<br />RACH implements multiple access using slotted ALOHA.<br />All MSs within a cell may access this channel.<br />Access Grant Channel (AGCH):<br />BTS uses it to signal an MS that it can use a TCH or SDCCH for further connection setup.<br />
  63. 63. DedicatedControl Channel (DCCH)<br />Previous channels are unidirectional; DCCH is bidirectional.<br />Sub-channels of DCCH:<br />Stand-alone Dedicated Control Channel (SDCCH):<br />As long as an MS has not established a TCH with BTS, it uses SDCCH with a low data rate of 782 bit/s for signaling.<br />This can comprise authentication, registration or other data needed for setting up a TCH.<br />Slow Associated Dedicated Control Channel (SADCCH):<br />Each TCH and SDCCH has a SADCCH associated with it for exchanging system information, such as <br />Channel Quality &<br />Signal Power Level<br />Fast Associated Dedicated Control Channel (FADCCH):<br />If more signaling information needs to be transmitted and a TCH already exists, GSM uses FADCCH.<br />FADCHH uses Time Slots which are otherwise used by the TCH:<br />This is necessary in case of handovers where BTS and MS have to exchange large amount of data in less time.<br />
  64. 64. Accessing Time Slots<br />Channels cannot use time slots arbitrarily:<br />GSM specifies multiplexing schemes that integrate several hierarchies of frames.<br />If a simple TCH/F is used for Data Transmission:<br />Each TCH/F will have an associated SACCH.<br />If fast signaling is required, the FACCH uses the time slots for the TCH/F.<br />Typical usage pattern of a physical channel for data transmission looks like this:<br />With T indicating the User Traffic in the TCH/F and <br />S indicating the signaling traffic in SACCH<br />TTTTTTTTTTTTSTTTTTTTTTTTTx<br />TTTTTTTTTTTTSTTTTTTTTTTTTx<br />12 slots of user data followed by a signalling slot, again 12 slots with user data follow, then an unused slot.<br />This pattern of 26 slots is repeated over and over again.<br />Only 24 out of 26 physical slots are used for TCH/F.<br />As each normal burst for data transmission carries 114 bit user data and is repeated every 4.615ms.<br />This results in data rate of 24.7 kbit/s.<br />As TCH/F uses only 24/26 slots, final data rate is 22.8 kbit/s as specified.<br />SACCH thus has capacity of 950 bit/s.<br />
  65. 65. Traffic Multi-frame<br />The periodic pattern of 26 slots occurs in all TDMA frames with a TCH. The combination of these frames is called Traffic Multi-Frame.<br />
  66. 66. GSM structuring of time using a frame hierarchy<br />
  67. 67. Protocols<br />Section - 4<br />
  68. 68. Protocol Architecture for Signalling<br />BSS Application<br />Call Management<br />Mobility Management<br />BTS Management<br />Radio Resource Management<br />Link Access Procedure for D-Channel (Light-weight)<br />Signalling System No. 7<br />Pulse Code Modulation<br />
  69. 69. Layer-1 Physical Layer<br />Handles all radio-specific functions:<br />Creation of bursts according to the five different formats,<br />Multiplexing of bursts into a TDMA Frame,<br />Synchronization with BTS,<br />Detection of Idle channels &<br />Measurement of Channel Quality on the downlink.<br />Physical layer at Um interface:<br />Uses GMSK for digital modulation &<br />Performs encryption / decryption of data<br />Encryption is not performed end-to-end but only between MS and BSS over the Air Interface (Um)<br />
  70. 70. Layer-1 Physical Layer<br />Synchronization includes:<br />Correction of individual path delay between an MS and BTS.<br />As all MSs within a cell use the same BTS and thus needs to be synchronized to this BTS.<br />BTS generates time structure of frames, slots, etc.<br />Here, the problematic aspect are different round-trip times (RTT)<br />Adjusting Access Time for Synchronization for long distant MS.<br />Maximum distance between MS and BSS is 35 km:<br />MS 35 km away has RTT of around 0.23ms<br />If this MS used the slot structure without correction, large guard spaces would be required, as 0.23 ms, <br />As already 0.23 ms is 40% of 0.577ms available for each slot.<br />Hence, BTS sends the current RTT to MS, which then adjusts its access time to that all burst reach BTS within time limits.<br />This mechanism reduces guard space to 30.5μs / 5%.<br />Adjusting the access is controlled via:<br />The variable Timing Advance, where a burst can be shifted up 63 bit earlier time, with each bit having a duration of 3.69 μs <br />As the variable timing advance cannot be extended a burst cannot be shifted earlier than 63 bit times<br />This results in 35 km maximum distance between an MS and a BTS.<br />It might be possible to receive the signal over long distance;<br />To avoid collision at the BTS, the access cannot be allowed!!.<br />
  71. 71. Layer-1 Physical Layer<br />Important tasks of Physical Layer:<br />Channel Coding <br />Makes use of FEC<br />Different logical channels of GSM use different coding schemes with different correction capabilities.<br />Speech channel needs additional coding of voice data after analog to digital conversion, to achieve data rate of 22.8 kbit/s<br />Error Detection / Correction.<br />GSM Physical layer does it. <br />It does not deliver erroneous data to the higher layers.<br />Voice service is main to GSM, the physical layer contain special functions like:<br />Voice Activity Detection (VAD)<br />Transmits voice data only when there is a voice signal.<br />This helps to decrease interference as a channel might be silent approximately 60% of the time<br />During periods of silence the physical layer generates a Comfort Noise to fake a connection, but no actual transmission takes place.<br />The noise is even adapted to the current background noise at the communication partner’s location.<br />
  72. 72. Layer-1 Physical Layer<br />Delay Handling:<br />Interleaving of data for a channel to minimize interference due to burst errors and the recurrence pattern of a logical channel generates a delay for transmission.<br />Delay is about:<br />TCH/FS – 60ms<br />TCH/F9 – 100ms<br />These times have to be added to transmission delay if communicating with an MS instead of a standard fixed station.<br />This influences the performance of the higher layer protocols.<br />
  73. 73. Layer 2: LAPDm<br />Signalling between entities in GSM Network requires higher layers.<br />For this purpose LAPDm protocol has been defined at the Um interface for Layer-2.<br />LAPDmis derived from LAPD in ISDN systems, which is a version of HDLC.<br />LAPDm is lightweight LAPD because it does not need synchronization flags or check-summing for error detection (Since GSM Physical layer does).<br />LAPDm offers:<br />Reliable data transfer over connections,<br />Re-sequencing of data frames &<br />Flow control.<br />There is no buffering between layer 1 & 2, LAPDm obeys the frame structures, recurrence patterns etc… defined for Um interface.<br />Further services provided by LAPDm:<br />Segmentation & Re-assembly of data.<br />Acknowledged / Unacknowledged data transfer.<br />
  74. 74. Layer 3: Network Layer<br />Comprises several sub-layers:<br />Radio Resource Management (RR)<br />Mobility Management (MM)<br />Radio Resource Management (RR):<br />Lowest sub-layer<br />Only a part of this layer RR’, is implemented in BTS, remainder is situated in BSC.<br />The functions of RR’ are supported by BSC via the BTS Management (BTSM)<br />Main task of RR include:<br />Setup,<br />Maintenance &<br />Release of radio channels.<br />RR also directly accesses the physical layer for radio information and offers a reliable connection to the next higher layers.<br />
  75. 75. Layer 3: Network Layer<br />Mobility Management (MM):<br />Contains functions for:<br />Registration,<br />Authentication,<br />Identification,<br />Location updating &<br />Provision of a TMSI (Temporary Mobile Subscriber Identity)<br />Replaces IMSI (International Mobile Subscriber Identity) &<br />Hides the real identity of an MS user over an air interface.<br />While IMSI identifies a user, the TMSI is valid only in the current location area of a VLR.<br />MM offers reliable connection to the next higher layer<br />
  76. 76. Layer 4: Call Management Layer<br />Contains three entities:<br />Call Control (CC)<br />Provides point-to-point connection between two terminals and is used by higher layers for:<br />Call establishment<br />Call Clearing &<br />Change of call parameters.<br />Short Message Service (SMS) <br />Allows message transfer using:<br />SDCCH &<br />SADCCH (if no signalling data is sent)<br />Supplementary Service (SS)<br />DTMF (Dual Tone Multiple Frequency)<br />Provides functions to send in-band tones over GSM Network.<br />These tones are used for:<br />Remote control of answering machines or<br />The entry of PINs in electronic banking &<br />Also used for dialing traditional analog telephones systems.<br />These tones can be directly send over the voice codec of a GSM MS, as the codec would distort tones.<br />They are transferred as signals and then converted into tones in the fixed network part of the GSM system.<br />
  77. 77. Additional Protocols used<br />Additional protocols are used at Abis and A interfaces.<br />Data transmission at physical layer uses PCM (Pulse Code Modulation) system.<br />PCM systems offer transparent 64 kbit/s channels, GSM also allows for sub-multiplexing of four 16kbit/s channel into a single 64 kbit/s channel.<br />Signalling System (SS7):<br />Used for signalling between an MSC and BSC.<br />Transfers management information between:<br />MSCs,<br />HLR,<br />VLRs,<br />AuC,<br />EIR &<br />OMC<br />MSC can also control BSS via a BSS Application (BSSAP).<br />
  78. 78. Localization & CALLING<br />Section - 5<br />
  79. 79. Roaming<br />As soon as the MS moves the range of new VLR, the HLR sends all the user data needed to the new VLR.<br />Changing VLRs with uninterrupted availability of all services is call Roaming.<br />
  80. 80. Locating & Addressing a MS<br />We need several numbers like:<br />MSISDN<br />Mobile Station International ISDN Number<br />IMSI<br />International Mobile Subscriber Identity<br />TMSI<br />Temporary Mobile Subscriber Identity<br />MSRN<br />Mobile Station Roaming Number<br />
  81. 81. MSISDN<br />The only important number for a GSM user is the phone number.<br />This is associated with SIM, personalized for a user.<br />MSISDN follows the ITU-T standard E.164 for addresses as it is also used in fixed ISDN Networks.<br />This number consists of:<br />Country Code (CC)<br />National Destination Code (NDC) &<br />Subscriber Number (SN)<br />
  82. 82. IMSI<br />GSM uses IMSI for internal unique identification of a subscriber.<br />ISMI consists of:<br />Mobile Country Code (MCC)<br />Mobile Network Code (MNC)<br />Mobile Subscriber Identification Number (MSIN)<br />
  83. 83. TMSI<br />To hide IMSI, which would give away the exact identity of the user signalling over the air interface.<br />GSM uses 4 byte TMSI for local subscriber identity.<br />TMSI is selected by the current VLR and is only valid temporarily and within the location area of a VLR.<br />Additionally VLR may change TMSI periodically.<br />
  84. 84. Mobile Station Roaming Number<br />Temporary Address that hides the identity and location of the subscriber.<br />VLR generates this address on request from MSC, and the address is also stored in HLR.<br />MSRN maintains:<br />Current VCC (Visitor Country Code),<br />VNDC (Visitor National Destination Code)<br />The identification of the current MSC together with the subscriber number.<br />MSRN helps the HLR to find a subscriber for an incoming call.<br />
  85. 85. Mobile Terminated Call (MTC)<br />
  86. 86. MTC<br />
  87. 87.
  88. 88. Mobile Originated Call<br />
  89. 89.
  90. 90. MOC<br />
  91. 91.
  92. 92. Messages exchanged between MS and BTS<br />
  93. 93. Handover<br />Section-6<br />
  94. 94. GSM Handover<br />Aims at a maximum handover duration of 60ms.<br />
  95. 95. Reasons for Handover<br />Mobile station moves out of range of a BTS:<br />Received signal level decreases continuously and falls below the minimum requirement for communication:<br />Error rate may grow due to interference<br />Diminishing quality of the radio link<br />Load Balancing<br />Wired infrastructure (MSC, BSC) decides that the traffic in one cell is too high and shifts some MS to other cell with lower load.<br />
  96. 96. 4 Possible Handover Scenarios in GSM<br />Intra-cell Handover:<br />Within a cell, Narrow-Band interference could make transmission at certain frequency impossible.<br />BSC decides to change the carrier frequency.<br />Inter-cell, intra-BSC Handover:<br />MS moves from one cell to another<br />But stays in the control of same BSC<br />BSC performs a handover, assigns a new radio channel<br />Inter-BSC, intra-MSC Handover:<br />A BSC controls limited number of cells<br />GSM performs handover between cells controlled by different BSC.<br />This is controlled by MSC<br />Inter-MSC Handover:<br />Handover between two cells belonging to different MSCs.<br />Both MSCs performs handover together.<br />
  97. 97. Types of Handover in GSM<br />
  98. 98. Handover Decision<br />Periodic measurement of the downlink and uplink quality respectively:<br />Done by MS and BTS, to provide necessary information for a handover due to a weak link.<br />Link Quality comprises:<br />Signal Level &<br />Bit Error Rate<br />Measurement reports are sent by MS about every half-second; containing:<br />The quality of the current link for transmission; <br />The quality of certain channels in the neighboring cells.<br />
  99. 99. Handover Decision depending on Receive Level<br />Here, handover decision depends on the actual value of the received signal level, but on the average value.<br />BSC collects all values from BTS and MS, calculates the average.<br />This value is compared to the threshold (HO_MARIGIN) which includes some hysteresis to control ping-pong effect, it may even occur sometimes.<br />
  100. 100. Intra-MSC Handover<br />
  101. 101. security<br />Section-7<br />
  102. 102. Confidential Information Storage<br />Confidential Information is stored in:<br />AuC &<br />Individual SIM, which stores:<br />Personal secret data – this is protected with PIN against unauthorized use.<br />
  103. 103. GSM Security Service<br />Access Control and Authentication<br />Step 1:<br />Authentication for valid user of a SIM<br />User needs secret PIN to use SIM<br />Step 2:<br />Subscriber Authentication<br />Based on Challenge-response scheme<br />Confidentiality<br />All user related data is encrypted.<br />After authentication, BTS and MS applies encryption to voice, data and signalling.<br />This confidentiality exists between BTS and MS, not end-to-end<br />Anonymity<br />All data is encrypted before transmission &<br />User Identifiers are not used over air<br />Instead GSM transmits a temporary identifier (TMSI), which is newly assigned by the VLR after each location update.<br />Additionally VLR can change TMSI periodically.<br />
  104. 104. GSM Security Algorithms<br />Authentication – Algorithm A3<br />Encryption – Algorithm A5<br />Generation of Cipher Keys – Algorithm A8<br />Only A5 is publically available; A3 and A8 are secret but standardized with <br />
  105. 105. Authentication<br />Authentication is based on SIM, which stores:<br />Authentication Key ki,<br />User Identification IMSI &<br />A3 Algorithm<br />Uses Challenge-Response Method:<br />AC sends RAND to SIM; and SIM replies with SRES.<br />For each IMSI, AuC does:<br />Generation of RAND<br />Signed Response SRES &<br />Cipher Key Kc.<br />AuC sends the above to HLR<br />Current VLR requests the appropriate value for RAND, SRES & Kc from HLR.<br />For Auth, VLR sends RAND to SIM.<br />Both Network and Subscriber module performs with Key Ki using A3.<br />VLR compares both values; accepts if both are equal.<br />
  106. 106. Encryption<br />User-related information are encrypted over the air interface.<br />After auth, MS and BSS starts encryption by cipher key Kc.<br />Kc is generated using individual key Ki and random value by applying A8.<br />Note, SIM and Network both calculate the same Kc on RAND.<br />Kc is not transmitted over Air Interface.<br />MS and BTS can encrypt and decrypt using A5 and Kc.<br />
  107. 107. New Data Service<br />Section-8<br />
  108. 108. Approaches<br />HSCSD:<br />High Speed Circuit Switched Data<br />As GSM is based on connection-oriented traffic channel, with 9.6 kbit/s, several such channels could be combined to increase bandwidth.<br />This is called HSCSD.<br />GPRS:<br />Introduction of Packet-Oriented traffic in GSM.<br />Shifts the thinking from Connections / Telephone to Packets / Internet<br />
  109. 109. References<br /><br />Jochen Schiller, “Mobile Communications” 2nd Edition<br />