Wireless electronic notice board using gsm technolgy
PID3902073
1. Reliability Analysis of GSM Network Using Software
Defined Radio-Based System
Asif Ali Zamzami, Ega Putra Devara, Joni Pramana, Amang Sudarsono, and Ahmad Zainudin
Dept. of Electrical Engineering
Electronic Engineering Polytechnic Institute of Surabaya
Kampus PENS, Jalan Raya ITS, Sukolilo 60111, Indonesia
Email: alizamzam92@gmail.com, {amang,zai}@pens.ac.id
Abstract— Recently, the development of
telecommunication fields is growing rapidly. One of the
important issues in the development of telecommunications is
the expansion of public mobile network infrastructures, i.e.,
base stations. However, the development of base stations
requires substantial funds. Currently, there is a solution in
building base station infrastructure with more efficient and
cheaper by using Software Defined Radio (SDR) and Universal
Software Radio Peripheral (USRP). USRP is working as a base
station and SDR as a software complement in the development
of the system. In this paper, we propose a GSM 2.5G network
system. We utilize several software such as soft-switch, GNU
radio and OpenBTS to support Mobile Switching Center
(MSC), Base Station Controller (BSC), and Base Transceiver
Station (BTS) functionalities. We demonstrate handover
mechanism between two and more base stations, and
authentication mechanism in the system. We also measure the
throughput of the system provided by General Packet Radio
Service (GPRS). The system capacity provides in average of 4
Kbps for download and 3 Kbps for upload. The main factor
that affects the throughput is the factor of multi slot channel
allocations towards download and upload. We also
demonstrate handover mechanism when MS moves away from
USRP 1 towards USRP 2, signal level of USRP 1 received by
MS is weaker than signal level of USRP 2. Thus, MS selects
USRP which has a strong signal as its base station. In addition,
to prevent hacking and provide user authentication on the
system, user and MSC must have a same key of Ki. By using a
secret key of Ki which owned GSM network, only users that
have the same key of Ki can be registered on the system.
Keywords — OpenBTS; GSM; GPRS; SDR; USRP; Handover;
Authentication
I. INTRODUCTION
Telecommunication technology is growing rapidly as
the emergence of cordless telephone technology (Wireless
Telephone). One of the cordless telephone technology is
Global System for Mobile Communication (GSM). Every
telecommunication provider has a different coverage area.
The smallest area of the cordless telephone service is called a
cell. Therefore, cordless telephones is called phone cellular
and every BTS covers a cell [1].
Based on such phenomenon, the right solution for
building a GSM network, which is easy and cheap cost is to
use SDR and USRP. GSM network using SDR and USRP
called OpenBTS network. The difference between OpenBTS
network and a commercial network is depending on the
device. OpenBTS network is based on an open source
software platform while commercial network is based on a
hardware for building a GSM network. The advantage of
OpenBTS network is free of charge and can be reconfigured.
OpenBTS can be used as an alternative to the cellular
network when a commercial GSM network was broken and
when needed to make communications in rural areas [2].
GSM network which is built by using USRP and SDR
is more efficient and cheaper than the construction of
commercial BTS, because the SDR is open source software
that is used to build an own MSC which can be obtained free
of charge, while commercial base station requires the costs
between five hundred thousand to one million USD [2].
In this paper, we propose a study and analysis of GSM
network using SDR and USRP. This research is not only
about how to measure a call delay, a categorization of voice,
and sending a message, but also to measures the transmission
of GPRS packet data, to measures how long the handover
delay between two USRP, and to implements the
authentication for security on GSM network.
II. GSM WITH OPENBTS FRAMEWORK
The GSM network is a system that consists of several
cells. The range of a cell or a service area is referred a
coverage area that is having a variable size.
To allow mobility of users and to maintain the
connection between the mobile phone and the network
center is always connected, either in the idle mode (no
phone calls) or in the special mode (on call), then it would
require a handover process [3].
OpenBTS is an editable software which is replicated
on a Linux Operating System platform. The OpenBTS GSM
network uses a Universal Software Radio Peripheral
(USRP) to transmit standard signals on the GSM cellular
network. OpenBTS uses an asterisk as a soft-switch to
interconnect with other telecommunication networks such as
Public Switched Telephone Network (PSTN) or other
telecommunication operators which is using Voice over IP
(VoIP) [4].
2. III. SYSTEM DESIGN
In this section, we describe a procedure of the system
design which is used to build a GSM network. This system
design includes how to build an infrastructure system,
GPRS Internet network, handover mechanism, and
authentication using key Ki between the Mobile Station and
the Mobile Switching Center in a GSM network that uses
SDR and USRP.
A. Hardware Planning
The earliest stage should be done in this study was
the preparation of the necessary hardware in the system. We
utilized a laptop PC with Gigabit Ethernet LAN
specifications (i.e., so that the laptop PC can be connected to
the USRP), a USRP N210 as a mini base stations that
transmits and receives signals in the GSM network system
that has been built, two vertical antennas of VERT 900 as
the antenna on the USRP, an Ethernet cable to connect
between a PC and USRP, and four Mobile Station as the
users of GSM network..
B. Software Planning
To develop a network infrastructure, it requires a
software as a complementary component of the GSM
network, such as Asterisk which acts as a soft-switch, GNU
Radio 3.7.4 to emit a signal, OpenBTS 4.0 to control a
USRP device, Sipauthserver acts as a Session Initiation
Protocol (SIP) which is used to register the subscriber
identity and request a location of Subscriber identity on the
GSM network, and Smqueue acts as a message server to
store, transmit, and divert SMSs [5]. Figure 1 illustrates the
design of GSM network system.
Figure 1. Illustration of the block diagram of the GSM
network system topology
MS sends a request to the GSM network and registers
on a GSM network-based software. The request that
submitted is accompanied an identifiable information about
the MS. This identifiable information includes International
Mobile Subscriber Identity (IMSI) number, International
Mobile Equipment Identity (IMEI), Temporary Mobile
Subscriber Identity (TMSI), and Location Area Code
(LAC), respectively. MSC will configure that identifiable
information into the database, openbts.db. If MS is allowed
to connect into the GSM network, MSC will register the
subscriber identity into the database, sqlite3.db. Then the
smqueue will send a message (i.e., in default: “Welcome to
the GSM Network”).
Transceiver is a software that connects between
USRP as a base station and asterisk as a soft-switch. USRP
as a base station is controlled by OpenBTS software. USRP
is also connected to the Asterisk as a switching center of
MSC. Asterisk contains a Subscriber Identity, and IMSI.
Thus, IMSI must be set in the Asterisk.
Multi USRP using 3 laptop PCs which are connected
to the Switch. The first laptop PC acts as an MSC contains a
database to control and serve two laptop PCs or more at the
infrastructure of the GSM network, and two other laptop
PCs act as a BSC which is used to control two USRPs.
Thus, a handover mechanism can be implemented on the
GSM network. Figure 2 and Figure 3 show the block
diagram of Multi USRP system topology.
Figure 2. Block diagram of Multi USRP System topology
[6]
Figure 3. Block diagram of our Multi USRP System
topology
MS moves away from USRP 1 as an old base station
and moves toward USRP 2 as a new base station. MS was
looking for a base station which has a stronger signal. If MS
has found a stronger signal level of the new base station,
MS will handover to a new base station. So the new base
station will take over to serve the MS, with the requirement
the new base station is the part of the same MSC.
3. IV. IMPLEMENTATION OF GSM NETWORK
This research is purposed to implement a GSM
network by using SDR and USRP look like a system of
conventional GSM network.
A. Subscriber Identity Authentication
Authentication is required to make a selection, only
MS with a particular IMSI number and a particular key Ki
that is allowed to be authenticated and registered on the
GSM network. Thus, the OpenBTS network in this GSM
network has been closed for every provider that wants to be
connected. Requirements before giving a key Ki numbers
into AuC and MS is a SIM card reader which is ready to use
on laptop PC and PySim as a portable software has been
installed as well. To configure IMSI number, it has to
follow international standards IMSI number, in which the
initial three digits are Mobile Country Code (MCC), the
next two digits are Mobile Network Code (MNC), and the
next ten digits are Mobile Subscription Identification
Number (MSIN).
B. Handover
Handover is the process where the user services
move from one sector to other sectors or move from one
BTS to another BTS. So, the users are also experiencing
displacement channel frequency. Handover is controlled by
the MSC. Handover becomes one of the important things in
the GSM network, because it prevents the occurrence of
network disconnection.
C. GPRS
General Packet Radio Service (GPRS) is a packet-
based data transmission services on GSM networks. Thus,
the mobile station is able to send data (e.g., text, images,
etc) to another mobile station.
V. EXPERIMENTAL SETUP
Figure 4. The establishment of a network system
The GSM network contains a single USRP which is
connected to the PC via an Ethernet cable, a laptop PC as an
MSC containing SDR which serves as a USRP controller to
build a GSM network like a commercial GSM, so it can
make a communication of text, voice and data (GPRS) as
shown in Figure 4.
The multi OpenBTS system is using 2 laptop PCs and
2 USRPs that connected to a Cisco Switch for building a
multi network handover system.
VI. EXPERIMENTAL RESULTS AND ANALYSIS
In this section, we describe our experimental results
and the analysis as follows:
A. Testing of distance and quality network
This test aims to determine how far the distance
range and signal quality resulting from network system
which has been built. The test is performed in two places,
in the indoor and outdoor areas. Figure 5 shows the result
of the coverage area based on the level of the signal.
LevelSignal(dBm)
Figure 5. Graph of the signal quality based on distance
Based on the Figure 5, GSM network that uses SDR
and USRP is able to make a coverage area that has a radius
of 60 meters in the indoor area and 90 meters in the outdoor
area, respectively. Therefore, the USRP has a coverage area
of 7.850 m2
in the indoor area and 25.434 m2
in the outdoor
area. When sending a message between two mobile phones
on GSM networks that use SDR and USRP, it takes an
average of 3 seconds at the indoor area and 6 seconds in the
outdoor area, and when the mobile phone calls to another
mobile phone, it takes an average of 6 seconds in the indoor
area and 14 seconds in the outdoor area.
USRP is like an Access Point, when the location is
Line of Sight (LOS) between MS and USRP, USRP can
covers about 100 meters from the signal source. The result
of the signal quality testing based on the distance, USRP's
signal can reach about 60 meters in the indoor area, and 90
meters in the outdoor area. The difference between the
signal quality based on the distance of indoor and outdoor is
because the outdoor area has a little obstacle condition that
is caused by signal reflection and attenuation. The data was
performed 10 times, and calculated the average of the data
to get the value. However, to calculate signal level in dB,
each signal level data must firstly be converted into power
in Watts and calculated the average of the data signal level
in Watts, then converted back to signal level in dB.
4. B. Testing of the delay sending messages in the indoor
This test aims to determine how much time that is
required to send a message between two and more MSs.
Figure 6. MS1-MS2 was adjacent in Indoor area
The measurement starts when MS 1 sends a message
to the MS 2, and the measurement is stopped when the MS
2 receives a message from MS 1. The distance between
USRP and MS affects the delivery time of the message as
shown in Figure 6. If the position of MS is far from USRP,
GSM networks need a few times to send a message from
one mobile station to another mobile station.
Communication between MS 1 and MS 2 is done when the
MS 1 sends the message to the MS 2. Meanwhile,
communication between MS 2 and MS 1 is done when the
MS 2 sends a message to the MS 1 (i.e., the message reply).
C. Testing to make calls
The measurement starts when MS 1 calls to the MS
2, and the measurement is stopped when the MS 2 was
ringing. On the calls testing, the main parameters that affect
the quality of voice is the value of time delay from Call
Setup Success Rate (CSSR). At a distance of 1-20 meters in
the indoor area, the value of call delay reached about 5.9
seconds, and at a distance of 20-40 meters in the outdoor
area, the value of call delay reached about 9.12 seconds as
shown in Figure 7. This is because the delay time is
influenced by the coverage area. This condition is affected
by the noise.
Figure 7. Measurement of call delay on one channel in the
indoor
D. Testing voice quality
In the testing quality of voice, the result of voice
quality is very clear when the mobile station approached
toward USRP. Because the signal that received at the
mobile station is very strong, it is between -51 dBm to -65
dBm. If the mobile station moves away from the USRP, the
quality of voice will decrease and will be drop calls when
the signal that received at Mobile Station is weak.
Table 1. Measurement of voice quality in the Indoor
Coverage Voice Quality
1-47 m Good Voice
48-55 m Bad Voice
56-60 m Drop Call
This measurement is carried out in two areas, Table 1
is the measurement of indoor area and a table 2 is the
measurement of the outdoor area. This measurement
compares the voice communication between two MSs at a
predetermined location.
Table 2. Measurement of voice quality in the Outdoor
Coverage Voice Quality
1-37 m Good Voice
38-86m Bad Voice
87-90 m Drop Call
The voice is categorized as a good voice, when the
voice both MS 1 and MS 2 are clear. And the voice is
considered as a bad voice, when the voice either MS 1 or
MS 2 is not clear, even drop the call. This testing is
conducted manually by human ear without any systematic
calculation or computation of Signal to Noise Ratio (SNR).
E. Testing of GPRS network
In this testing is to compares the throughput between
download and upload based on Multi-slot 3+2. Figure 8
shows the comparison between download and upload:
Figure 8. Graph of comparison between download and
upload based on Multi-slot 3 + 2
5. Based on the Figure 8, this measurement using the
application on the mobile station to see the throughput. The
measurements are made by sending images to another MS
through the Internet GPRS.
Figure 9. Graph of comparison between download and
upload based on Multi-slot 4+1
Based on the Figure 9 multi-slot configuration with 4
+ 1. Multi-slot 4+1 is the configuration to declare the four
slot for downloading data and one slot for uploading data.
Based on the Figure 8 and Figure 9, the slot of the
download is bigger than the slot of upload, so the download
process is faster than upload process for each data (e.g.,
image, text, voice). The throughput of GPRS is 4 Kbps for
download and 3 kbps for upload. So, when the slot of
downloading is bigger than the slot of uploading, it means
that it will be faster for downloading data than uploading
data.The value of download throughput up to 4 Kbps and
the value of upload throughput below 3 Kbps. This is
because the value of download throughput is greater than
upload, so the slot of the download is more prioritized than
the slot of upload.
F. Testing Measurement of Handover
The circle plots shown in the Figure 10 is the location
of handover between USRP 1 and the USRP 2. When MS
moves away from a coverage area of the USRP 1, the signal
level of the USRP 1 will decrease, due to the signal of the
USRP 1 is weaker than the signal of the USRP 2. Thus, the
USRP 2 takes over the network when there is no
communication to avoid network disconnection or drop call,
then the benefit of the construction of the GSM network
using two or more Base Stations is able to create a new
coverage area on the GSM network. Thus, MS would be
easier to get a good signal quality. The result of drive test is
shown in Figure 10.
Figure 10. Map Plot Coverage Rx level and handover
Based on the Figure 10, it can be seen that the Rx
level in its coverage area which is obtained from drive test is
good. The good signal is marked with green mark. It can be
seen when MS moves away from the coverage area of
USRP 1 and moves toward USRP 2, there is a handover
process, because the signal of USRP 1 is weaker than the
signal of USRP 2, on the figure the weak signal is marked
with a yellow mark. So the mobile station chooses USRP 2
as its new base station.
Figure 11. Measurement of sending message when
handover
Furthermore, the result of the testing is shown in Figure 11.
1. MS 1 fixed in the coverage area of USRP 1 and MS 2
located 10 meters from USRP 1, to call each other
requires about 7 seconds of delay time.
2. MS 2 at a point 25 meters far away from the USRP 1, to
call each other requires about 20 seconds, because the
distance is far from the coverage area of USRP 1.
3. MS 1 is fixed in the coverage area of USRP 1, MS 2
moves toward USRP 2, MS 2 handover to a point near
the coverage area of USRP 2, to call each other requires
about 8 seconds.
4. MS 2 handover at a point that far from USRP 2, to call
each other requirea about 20 seconds.
6. Thus, handover or the addition of a new cell is very
useful for network users. Because the quality of signal that
is produced by USRP will always good even though MS
moves away from main USRP (USRP 1) and moves closer
toward the neighbor USRP (USRP 2).
G. Testing authentication on MS
The requirement of this testing is that IMSI in the
MS has been registered on a GSM network. In this testing
there are two authentications on GSM network. Such as a
commercial GSM network, when the MSC in GSM
networks has a key Ki of MS, GSM network and cellular
phone will use full authentication to connect automatically
with each other. However, when the Ki at the MSC is not
known, the MSC will send the Random Number (RAND) to
do computation with Ki at MS. The result of computation
between Ki and RAND is Sign Response (SRES), the value
of SRES in the MS will be sent back to the MSC. Besides
that, MSC has a duplicate of SRES namely SRES'. If the
value of SRES' on MSC was changed, then the
authentication and verification between the MS and the
MSC will not happen. On the other words, MS is not
authenticated at the MSC.
Figure 12. Illustrates the block diagram of authentication on
GSM network
Based on Figure 12, the GSM network will reduce a
MS that will not have a same key with MSC. So, the mobile
station which is not connected to the GSM network will not
have a service from GSM network.
Table 5. Authentication testing on GSM network
5102234 efd86cba efd86cba
53427856 b652659b b652659b
14695d2d 14695d2d
d7647135 d7647135
5102234 19bd47bf efd86cba
53427856 d3841e3a b652659b
e13bcf67 14695d2d
fd0ca75a d7647135
2 _ -
IMSI Match
1 31,22 s Match
No Ki (MS) Ki (AuC) DELAY (s)
Based on the Table 5, MSC has a MCC and MNC
that the value of MCC is 510, and the value of MNC is 22.
So, the only number IMSI that has a value 510 of MCC and
the value 22 of MNC that can be registered to the GSM
network. But, MS 2 will never connect to the GSM network,
because MS 2 has a different key with the AuC, although
MCC and MNC of the MS are same with the MCC and
MNC of the GSM network.
VII. CONCLUSION
We have presented an implementation and its analysis of a
GSM network using SDR and USRP in term of data
exchange measurement, make calls and voice quality
measurements, handover mechanism and authentication
mechanism measurements. The result of the download
throughput comparison, the largest value of the throughput
is 4.57 Kbps on the multi-slot 4+1 and 4.3 Kbps on the
multi-slot 3+2. The factors of the multi-slot configuration
downloaded affect the results of the download throughput
speeds. Meanwhile, the result of the upload throughput
comparison, the largest value of the throughput is 4.09 Kbps
on the multi-slot 3+2 and 2.81 Kbps on the multi-slot 4+1.
The factors of the multi-slot configuration upload affect the
results of the upload throughput speeds.
REFERENCES
[1] W. Khan and H. Ullah, ”Authentication and Secure
Communication in GSM, GPRS, and UMTS Using
Asymmetric Cryptography”, IJCSI International Journal
of Computer Science Issues, Vol. 7, Issue 3, No 9, pp.
10-16, May, 2010.
[2] K. Heimerl, K. Ali, and J. Blumenstock, “Expanding
Rural Cellular Networks with Virtual Coverage”, 10th
USENIX Symposium on Networked Systems Design
and Implementation, pp. 283-296, 2013.
[3] C. McAbee, M. Tummala, and J. McEachen, "GSM to
UMTS Network Handover Vulnerability Testing Using
Software-Defined Radio," 48th Hawaii International
Conference on System Sciences (HICSS2015), pp. 5422-
5431, Jan, 5-8, 2015.
[4] J. Meggelen, J. Smith, and L. Madsen, “Asterisk: The
Future of Telephony”, Published by O’Reilly Media Inc.,
1005 Gravenstein Highway North, Sebastopol, CA
95472, ISBN 0-596-00962-3, August, 2007.
[5] G. Waleed, “Asterisk Open Source to Implement Voice
over Internet Protocol”, IJCSNS International Journal
of Computer Science and Network Security, Vol. 9 No.
6, School of Computer and Communication Engineering,
University Malaysia Perlis, pp. 39-42, June, 2009.
[6] M. Iedema, “Getting Started with OpenBTS”, Published
by O’Reilly Media, Inc., 1005 Gravenstein Highway
North, Sebastopol, CA 95472, ISBN: 978-1-491-91065-
8, January, 2015.