Personal Broadband Networks, PBN (CE74024-3)


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Personal Broadband Networks, PBN (CE74024-3)

  1. 1. Faculty of Computing, Engineering & Technology Global System for Mobile Communications Personal Broadband Networks, PBN (CE74024-3) Alison L Griffiths C203 2004
  2. 2. 2 Objectives Introduction GSM Network Architecture Timing & Power Control Gaussian Minimal Shift Keying Modulation Timeslots, Frames & Multiframes GSM PBN (CE74024-3) 2004
  3. 3. 3 GSM Introduction PBN (CE74024-3) 2004
  4. 4. 4 Origins of 2nd Generation Systems Lessons that were nearly learned from 1G Need for standardisation Two contrasting approaches Europe Because of European Union, decided to develop a pan- GSM European standard for the next generation of mobile networks ROW Particularly the US and countries in US sphere of influence allowed market forces to remain dominant Japan, far-east went in a different direction PBN (CE74024-3) 2004
  5. 5. 5 Origins of 2nd Generation Systems Europe In 1982 groupe spéciale mobile (GSM) founded to develop next generation standard Soon renamed global system for mobile communications GSM Tasked the European Telecommunications Standards Institute (ETSI) with responsibility of specifying and maintaining the standard 5,000 pages long the 1st version was released in 1991 PBN (CE74024-3) 2004
  6. 6. 6 Origins of 2nd Generation Systems USA Original AMPS analogue system upgraded to digital in 1991 (D-AMPS) US military had been using a secure system for some time, this was made commercially available in 1991 called Code Division Multiple Access GSM (CDMA) Japan Originally developed the Japanese Digital Cellular (JDC) system in 1993 Later renamed Personal Digital Cellular (PDC) PBN (CE74024-3) 2004
  7. 7. 7 Origins of 2nd Generation Systems In Europe the frequency allocated for the new 2nd Generation systems was originally 900 MHz In US no new spectrum was initially allocated for D-AMPS & CDMA both competing at 850 MHz, GSM was allocated at 1900 MHz (900 was GSM owned by RAM Mobile for Mobitex) Soon realised that 900 MHz could not offer sufficient bandwidth in metropolitan areas PBN (CE74024-3) 2004
  8. 8. 8 Origins of 2nd Generation Systems Again solution adopted was different In 1994, Europe allocated a new frequency, 1800 MHz (known as Digital Cellular System (DCS) 1800) Used smaller cells and more efficient codecs US companies had to concentrate on squeezing GSM more out of the available bandwidth by improving the technology Because of the standards based approach GSM became the dominant worldwide technology PBN (CE74024-3) 2004
  9. 9. 9 Origins of 2nd Generation Systems GSM now used in over 190 countries Over 400 different providers worldwide Has over 70% of world market Estimated 800 million GSM users worldwide In US GSM 135 million CDMA 107 million TDMA 16 million GSM!! Japan PDC has 60 million users PBN (CE74024-3) 2004
  10. 10. 10 TDMA vs CDMA The major difference between the new 2G technologies was the access scheme 1G had used FDMA Initially all 2G technologies were TDMA (before arrival of CDMA) GSM PBN (CE74024-3) 2004
  11. 11. 11 GSM as a 2nd Generation System GSM principally designed to service voice Data not seen as a major revenue generator However, does provide limited data GSM services 3 categories of services defined Bearer services Tele services Supplementary services PBN (CE74024-3) 2004
  12. 12. 12 GSM Bearer Services Original GSM allowed for 9600 bit/s non-voice services Permits transparent / non-transparent, synchronous or asynchronous data transmission Transparent bearer services GSM Used only at the physical layer May use FEC Non-transparent bearer services Use services of the Transparent bearer Utilise link control for retransmission, etc Uses the bearer services to interwork with PSTN, ISDN, X.25, etc PBN (CE74024-3) 2004
  13. 13. 13 GSM Tele Services Voice encryption Messaging (SMS, EMS, MMS) Basic data communication (eg Fax) High-quality voice delivery using 3.1 kHz GSM bandwidth Codecs for voice and modem Standard free of charge emergency number, has highest priority, automatically connects to nearest emergency center PBN (CE74024-3) 2004
  14. 14. 14 GSM Supplementary Services Similar to ISDN networks May include User identification Call redirection GSM Call forwarding Closed User Groups Mulitparty calls PBN (CE74024-3) 2004
  15. 15. 15 GSM Architecture Consists of three subsystems GSM PBN (CE74024-3) 2004
  16. 16. 16 Radio Subsystem (RSS) Comprises all radio specific entities… GSM PBN (CE74024-3) 2004
  17. 17. 17 Radio Subsystem (RSS) (1) Mobile Station (MS, the phone) Comprises of all equipment MS GSM needed for communication with GSM network PBN (CE74024-3) 2004
  18. 18. 18 Mobile Station (MS) Consists of Subscriber Identity Module (SIM) Stores user-specific data – Card type – Subscription type & therefore which services user can/cannot access – Personal Identification Number (PIN) GSM – A PIN unblocking key (PUK) used if the SIM is locked accidentally – Authentication key (Ki) – International mobile subscriber identity (IMSI) permanent – The cipher key (Kc) set once phone is logged on to network – Temporary mobile subscriber identity (TMSI) when user is not on home network used with the Location area identification (LAI) to locate the user on any GSM network in the world PBN (CE74024-3) 2004
  19. 19. 19 Mobile Station (MS) cont… Without the SIM only emergency calls are allowed International Mobile Equipment Identity (IMEI) Unique ID for the device used for theft protection For GSM 900 phone has transmit power of 2W GSM For GSM 1800, 1W due to smaller cells Apart from the phone interface MS may also consist of Display, speaker, microphone, programmable keys, computer modem, IrDA, Bluetooth, etc PBN (CE74024-3) 2004
  20. 20. 20 Radio Subsystem (RSS) (2) Base Transceiver Station (BTS) Comprises of all the radio equipment GSM Antennas Signal processors BTS Amplifiers PBN (CE74024-3) 2004
  21. 21. 21 Base Station Transceiver (BTS) BTS manages a radio cell Using sectorized Radio Cell antenna may manage several GSM cells GSM cell can be anything BTS from 100m to 35km PBN (CE74024-3) 2004
  22. 22. 22 Radio Subsystem (RSS) (3) MS and BTS are connected by Radio Cell the Um interface (ISDN U MS GSM interface for Um mobile) BTS PBN (CE74024-3) 2004
  23. 23. 23 Radio Subsystem (RSS) (3) Base Station Controller (BSC) manages a collection of GSM BTS’s Abis BSC PBN (CE74024-3) 2004
  24. 24. 24 Base Station Controller (BSC) Reserves radio frequencies Handles handover between BTS’s Performs paging of MS’s Multiplexes the radio channels onto the GSM fixed network Communicates with the BTS’s using the Abis interface PBN (CE74024-3) 2004
  25. 25. 25 BCS / BTS Tasks Function BTS BSC Management of radio channels Frequency hopping Management of terrestrial channels Mapping of terrestrial onto radio channels Channel coding and decoding GSM Rate adaptation Encryption and decryption Paging Uplink signal measurement Traffic measurement Authentication Location registry, location update Handover management PBN (CE74024-3) 2004
  26. 26. 26 Radio Subsystem (RSS) (4) The BSC and its managed BTS’s and connected MS’s is called a GSM Base Station Subsystem (BSS) BSS PBN (CE74024-3) 2004
  27. 27. 27 Base Station Subsystem (BSS) GSM networks consist of n BSS’s BSS performs all the necessary functions for maintaining a radio connection to a MS GSM Coding/decoding of voice traffic Rate adaptation between the wireless and fixed network PBN (CE74024-3) 2004
  28. 28. 28 Network & Switching Subsystem (NSS) “heart” of the GSM system [Schiller, 2002] GSM PBN (CE74024-3) 2004
  29. 29. 29 NSS Connects the wireless and fixed networks together Performs handovers between BSS’s Supports GSM All functions necessary for worldwide localisation of users Charging & accounting Roaming Consists of switches and databases PBN (CE74024-3) 2004
  30. 30. 30 NSS (1) Mobile services switching center (MSC) MSC GSM PBN (CE74024-3) 2004
  31. 31. 31 Mobile Services Switching Center (MSC) High-performance digital ISDN switches Setup connections with other MSC’s Connect to the BSC’s over the A interface Form the fixed backbone of the GSM network MSC usually manages a group of BSC’s in a GSM geographical area Handles All signalling necessary for connection setup & release Handover between MSC’s All supplementary services (eg call forwarding) Uses SS7 PBN (CE74024-3) 2004
  32. 32. 32 NSS (2) Gateway MSC (GMSC) MSC GSM GMSC PBN (CE74024-3) 2004
  33. 33. 33 Gateway MSC (GMSC) Special node that handles connections to other fixed networks PSTN ISDN GSM Using special additional interworking functions (IWF) can connect to public data networks such as X.25 PBN (CE74024-3) 2004
  34. 34. 34 NSS (3) Gateway MSC (GMSC) connects to MSC fixed networks GSM GMSC IWF PDN ISDN PSTN PBN (CE74024-3) 2004
  35. 35. 35 NSS (4) Home location register (HLR) HLR is the most MSC important GSM database in a GSM system GMSC IWF PDN ISDN PSTN PBN (CE74024-3) 2004
  36. 36. 36 Home Location Register (HLR) Stores all relevant user data including Mobile Subscriber ISDN number (MSISDN) Details of subscription permissions Call forwarding Roaming GSM GPRS Subscribers ISMI Users location area (LA) Mobile subscriber roaming number (MSRN) User’s current VLR (see following) and MSC Only 1 customer HLR record worldwide Real-time database has to provide data within certain time bounds PBN (CE74024-3) 2004
  37. 37. 37 NSS (5) Visitor location register (VLR) HLR associated with MSC particular MSC VLR GSM GMSC IWF PDN ISDN PSTN PBN (CE74024-3) 2004
  38. 38. 38 Visitor Location Register (VLR) Dynamic real-time database that stores data on users in a particular LA associated with the MSC IMSI MSISDN GSM HLR address When new MS enters an LA controlled by the MSC the VLR copies data from user HLR Not uncommon for a VLR to hold data on 1million+ subscribers! PBN (CE74024-3) 2004
  39. 39. 39 Operation Subsystem (OSS) Functions for network operation & maintenance GSM PBN (CE74024-3) 2004
  40. 40. 40 OSS (1) Authentication center (AuC) AuC GSM PBN (CE74024-3) 2004
  41. 41. 41 Authentication Center (AuC) Due to the vulnerability of mobile networks to attack, GSM specification separates out the algorithms for key generation into a OSS network entity Used by the HLR to authenticate a user GSM May be a securely partitioned part of the HLR PBN (CE74024-3) 2004
  42. 42. 42 OSS (2) Operation and maintenance center (OMC) AuC OMC GSM PBN (CE74024-3) 2004
  43. 43. 43 Operation and Maintenance Center (OMC) Monitors and controls all other network entities Via the O interface using SS7 with X.25 Typically manages GSM Traffic monitoring Status reports Subscriber & security management Accounting and billing Uses the concept of telecommunications management network (TMN) specified by ITU-T PBN (CE74024-3) 2004
  44. 44. 44 OSS (3) Equipment identity register (EIR) AuC OMC EIR GSM PBN (CE74024-3) 2004
  45. 45. 45 Equipment Identity Register (EIR) Database of all IMEI’s for the network Contains a blacklist of any MS that has been reported stolen or is currently locked GSM White list contains all valid MS’s Gray list contains all MS’s that may not be functioning correctly PBN (CE74024-3) 2004
  46. 46. 46 GSM GSM Network PBN (CE74024-3) 2004
  47. 47. 47 GSM Network interfaces Aspects of the interconnection between the subsystems are controlled by different interfaces Between the OMC and the other network components GSM specifies the O interface This uses SS7 signalling to manage and control the GSM network entities Between the NSS and RSS is the A interface for communication between BSC’s and MSC’s, basically PCM-30 system multiplexing 30 x 64 bit channels at 2048 kbps using SS7 PBN (CE74024-3) 2004
  48. 48. 48 GSM Network interfaces Signalling between BSC’s and BTS’s is defined by the Abis interface Transmission rates of 16 or 64kbps Finally, GSM specifies the Um interface between the MS and the BTS GSM This comprises of many of the fundamental concepts we have previously discussed SDMA, FDMA, TDMA, etc PBN (CE74024-3) 2004
  49. 49. 49 The Um interface GSM uses SDMA between cells with each MS assigned to a BTS FDD is used to separate the uplink and downlink channels GSM 900 GSM Uplink 890 – 915 Downlink 935 – 960 GSM 1800 Uplink 1710 – 1785 Downlink 1805 – 1880 GSM 1900 Uplink 1850 – 1910 Downlink 1930 - 1990 PBN (CE74024-3) 2004
  50. 50. 50 The Um interface Uses combination of FDAM and TDMA to access the radio media For example in GSM 900 124 channels 200 kHz wide (FDMA) for uplink/downlink GSM Only channels 2 to 123 are used due to technical limitations 32 channels are used by the network for management, etc Leaving 90 channels for MS to actually use for calls/data etc Each BTS manages 1 organisational channel and n (typically 10 user channels) PBN (CE74024-3) 2004
  51. 51. 51 The Um interface GSM 900 cont… Each of the 248 channels is partitioned by time using TDMA Each TDMA frame is 4.615 ms long Each frame contains 8 GSM time slots GSM Each slot represents 577 µs Therefore each TDM channel occupies the 200 kHz channel for 577 µs every 4.615 ms PBN (CE74024-3) 2004
  52. 52. 52 The Um interface GSM 900 cont… Data is transmitted in bursts, ETSI specifies 5 categories normal burst – user & signalling data frequency correction burst – used by the MS GSM to correct its oscillation to avoid interference from adjacent channels synchronization burst – for syncing BTS and MS access burst – used during connection set-up dummy burst – used when no data is being transmitted PBN (CE74024-3) 2004
  53. 53. 53 The Um interface GSM 900 cont… Normal burst Of the 577 µs available for a normal burst, 30.5 is used as the guard space to avoid overlapping bursts (enough to contain 148bits of data) GSM Each TDM channel has raw data rate of approx 33.8 kbits/s Total throughput for the 8 slots is 270 kbits/s PBN (CE74024-3) 2004
  54. 54. 54 GSM GSM TDM Slot tail – usually 0’s Training – used to assist receiver to allow it to adapt to current propagation characteristics S flag – used to indicate if the associated data field contains user or network data PBN (CE74024-3) 2004
  55. 55. 55 The Um interface cont… GSM 900 cont… Each time frame is shifted in time three slots Eg if BTS sends data at time t0 in one slot of the downlink, the MS accesses slot 1 of the uplink at t0 + 3 x 577µs GSM Because of the specified FDM and TDM schemes, GSM and MS does not need to be full-duplex as MS switches between uplink and downlink GSM transmitters are relatively simple and low cost Finally frequency hopping may be done between switching from uplink to downlink after each frame PBN (CE74024-3) 2004
  56. 56. 56 Objectives Understanding: GSM Channels GSM protocol stack Roaming Handover GSM Security Call Setup PBN (CE74024-3) 2004
  57. 57. 57 GSM Logical Channels Specifies two basic groups Traffic channels (TCH) Control channels (CCH) GSM PBN (CE74024-3) 2004
  58. 58. 58 Traffic Channels Used to transmit data Originally two categories full-rate TCH (TCH/F) – Data rate of 22.8 kbps – Used originally due to low performance codecs – Required 13kbps for voice – Recent improvement is enhanced full-rate (EFR) which requires 12.2kbps GSM half-rate TCH (TCH/H) – Data rate 5.6 kbps – Doubles capacity of the network – Lowers voice quality 3G systems use adaptive multi-rate traffic (AMR) channels Additional categories have been defined, for example TCH/F4.8, TCH/F9.6 Basically these just have different coding and error correction schemes PBN (CE74024-3) 2004
  59. 59. 59 Control Channels Used to control medium access Three main groups have been defined Broadcast Control Channel (BCCH) Common Control Channel (CCCH) Dedicated Control Channel (DCCH) GSM There are subgroups within the main groups! PBN (CE74024-3) 2004
  60. 60. 60 Broadcast Control Channels Used by the BTS’s to signal information to the MS’s Cell ID’s Cell options (frequency hopping patterns, etc) Available frequencies GSM Subchannel groups include Frequency Correction Channel (FCCH) Synchronisation Channel (SCH) All BCCH’s are unidirectional PBN (CE74024-3) 2004
  61. 61. 61 Common Control Channels Used for information exchange during connection set-up For Mobile Terminated Calls (MTC) BTS uses a paging channel (PCH) For Mobile Originated Calls (MTO) MS uses the random access channel (RACH) this is a shared GSM channel for all MS’s in a cell BTS uses an access grant channel (AGCH) to signal to MS to go to a specific TCH or SDCCH (see Dedicated Control Channels) to continue call set-up All CCCH’s are unidirectional PBN (CE74024-3) 2004
  62. 62. 62 Dedicated Control Channels If MS does not have a TCH open with the BTS it can open a stand-alone dedicated control channel (SDCCH) low data rate channel for signalling eg authentication data, registration, etc to allow it to set-up a TCH Every TCH and SDCCH has an associated slow GSM associated dedicated control channel (SACCH) used to exchange system data such as power levels and channel quality If a TCH exists then a fast associated control channel (FACCH) is used, commonly for cell handovers during calls PBN (CE74024-3) 2004
  63. 63. 63 Multiplexing Control Channels GSM specifies a specific sequence for transmitting TCH/SACCH data 12 slots of TCH followed by 1 SACCH followed by another 12 slots of TCH followed by an used slot The combination of these 26 slots occurs on all GSM TDMA TCH frames GSM The combination of 26 of these frames is called a traffic multiframe Signalling data is combined into 51 TDMA frames called a control multiframe These two are then multiplexed into superframes which in turn are multiplexed into hyperframes (2,715,648 TDMA frames with a duration of approx 3.5 hours!) PBN (CE74024-3) 2004
  64. 64. 64 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  65. 65. 65 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  66. 66. 66 Overview of GSM Protocol Stacks Radio Controls the bursts Synchronisation with the BTS Including delay correction (ie different delays, called round trip times RTT due to proximity of MS to BTS) Idle channel detection GSM Downlink channel quality Encryption/decryption between MS and BTS* Channel coding Error detection/correction Voice Activity Detection (VAD) Comfort Noise (CN) PBN (CE74024-3) 2004
  67. 67. 67 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  68. 68. 68 Overview of GSM Protocol Stacks LAPDm and LAPD Link access procedure for the D-channel, used in ISDN m is lightweight version which does not perform error detection/correction at the air interface GSM Used to ensure reliability of connection (similar to HDLC on conventional computer networks) Segmentation/reassembly of data ack/nack of data transfer PBN (CE74024-3) 2004
  69. 69. 69 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  70. 70. 70 Overview of GSM Protocol Stacks RR Radio resource management RR split between BTS and BSC using BTS management (BTSM) Responsible for channel GSM Setup Maintenance Release PBN (CE74024-3) 2004
  71. 71. 71 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  72. 72. 72 Overview of GSM Protocol Stacks MM Mobility Management Handles Registration Authentication GSM Identification Location updates Provisioning of – Temporary Mobile Subscriber Identity TMSI for insertion into the VLR PBN (CE74024-3) 2004
  73. 73. 73 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  74. 74. 74 Overview of GSM Protocol Stacks CM Call Management Contains three entities Call Control (CC) – Point-to-point connection between two end-points Short Message Service (SMS) GSM – Uses SDCCH and SACCH (if no signalling data is sent) Supplementary Service (SS) – Forwarding, etc Responsible for in-band tones called dual tone multiple frequency (DTMF) Eg Tone services such as PIN identification for answering machines These tones cannot be sent over voice channel as codec will distort them PBN (CE74024-3) 2004
  75. 75. 75 GSM Overview of GSM Protocol Stacks PBN (CE74024-3) 2004
  76. 76. 76 Overview of GSM Protocol Stacks PCM 64 kbps for voice 16 kbps for data multiplexed to 64 kbps SS7 See lecture on SS7 GSM Base Station Subsystem Application Part (BSSAP) may also be used for control of a BSS by an MSC PBN (CE74024-3) 2004
  77. 77. 77 Roaming Major feature of GSM is automatic world wide location of users using the same phone number HLR always contains data about MS location As soon as user moves location, HLR transmits data to appropriate VLR GSM Changing VLR’s without interruption in service is called roaming PBN (CE74024-3) 2004
  78. 78. 78 Roaming To locate MS requires Mobile Station ISDN number (MSISDN) Consists of – country code (CC) – National Destination Code (NDC) usually the number of the network provider – Subscriber number (SN) the phone number allocated to the SIM International Mobile Subscriber Identity (IMSI) GSM Consists of – Mobile country code (MCC) – Mobile network code (MNC) – Mobile Subscriber Identification Number (MSIN) Temporary Mobile Subscriber Identity (TMSI) Used to hide the IMSI over the air interface to protect their identity Mobile Station Roaming Number (MSRN) Temporary address generated by the VLR containing the Visitor country code (VCC) and Visitor National Destination Code (VNDC) PBN (CE74024-3) 2004
  79. 79. 79 Handover Crossing from one cell to another requires that the network update user location data, etc. Process is called handover GSM aims at maximum handover duration of 60ms GSM Two primary reasons for handover Network cannot guarantee QOS due to distance from current BTS Loading on one BTS may necessitate transfer to another, load balancing PBN (CE74024-3) 2004
  80. 80. 80 Handover BTS and MS perform periodic tests on the quality of uplink & downlink (approx every 0.5s) called Mobile Assisted Handover (MAHO) The values are compared to a handover margin (HO_MARGIN) Dependent upon difference between the GSM current value and the HO_MARGIN handover decision is made by the BSC MSC is notified and it manages the connection to the new BSC/BTS MS has to drop existing connection once new one is established PBN (CE74024-3) 2004
  81. 81. 81 GSM Security Original specification identified three security algorithms A3 – used for authentication A5 – used for encryption A8 – used to generate cipher key Only A5 was published by the ETSI GSM In 1998 A3/A8 leaked on the Internet, transpired that the claimed 64bit key used for cipher frequently only used 54bits Network providers may add additional layers of security Only BTS to MS is encrypted PBN (CE74024-3) 2004
  82. 82. 82 Call setup – MS terminated (MTC) 1 User dials mobile number 5 2 Fixed network identifies target as PSTN mobile & contacts the network via 1 PSTN 2 GMSC 3 the gateway 3 GMSC identifies the targets HLR & 6 signals call setup HLR 4 After HLR checks subscriber data, it MSC contacts VLR for current MSRN GSM 7 4 8 5 HLR passes the MS’s current MSC BSS to the GMSC 10 BSS VLR 6 GMSC forwards call setup to MSC 7 MSC requests current MS status BSS from VLR 9 8 Initiates paging in all cells in its LA 9 BTS’s transmit paging call to MS MS 10 If MS available, MSC requests VLR to set security. VLR returns all clear for connection to be established PBN (CE74024-3) 2004
  83. 83. 83 Call setup – MS Originated (MOC) Network Network 1 MS transmits request for connection 2 Request forwarded to MSC 4 3 MSC checks subscriber services with VLR MSC 4 MSC checks available resources GSM 2 3 throughout network & if all are available sets up connection. BSS BSS VLR Target may be: -Serviced by same MSC 1 BSS -Serviced by MSC on same network -Another network (mobile or fixed) MS PBN (CE74024-3) 2004