Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gsm fundamentals

  • Login to see the comments

  • Be the first to like this

Gsm fundamentals

  1. 1. 1.0 Introduction Third generation or 3G is now the generally accepted term used to describe the next wave of mobile networks and services. First generation (1G) is used to categorize the first analogue mobile systems that emerged in the 1980s, such as the advanced mobile phone system (AMPS) and nordic mobile telephony (NMT). These systems provided a limited mobile solution for voice, but had major limitations, particularly in terms of interworking, security and quality. The next wave, second generation (2G), arrived in the late 1980s and moved towards a digital solution which gave the added benefit of allowing the transfer of data and provision of other non-voice services. Of these, the global system for mobile communication (GSM) has been the most successful, with its global roaming model. Third generation (3G) leverages on the developments in cellular to date, and combines them with complementary developments in both the fixed-line telecoms networks and from the world of the Internet. The result is the development of a more general purpose network, which offers the flexibility to provide and support access to any service, regardless of location [1]. 1.1 First Generation First-generation cellular radio network includes the mobile terminals, the base stations and the mobile switching centers. First-generation wireless systems provide analog speech and inefficient, low-rate data transmission between the base station and the mobile user. The speech signals are usually digitized for transmission between the base station and the MSC. Advance mobile phone system is an example of the first-generation wireless network which was first built by engineers from AT&T Bell Laboratories. In the first-generation cellular networks, the MSC maintains all mobile related information and controls each mobile handoff. The MSC also performs all of the network management functions, e.g., call handling and processing, billing, etc. The MSC is interconnected with the PSTN via wired trunks and a tandem switch. MSCs are also connected with other MSCs via dedicated signaling channels (mostly via SS7 network) for the exchange of location, authentication, and call signaling information. The US cellular carriers use the IS-41 protocol [IS41] to 1
  2. 2. allow MSCs of different service providers to pass information about their subscribers to other MSCs on demand. IS-41 relies on the autonomous registration feature of AMPS [2]. A mobile uses autonomous registration to notify a serving MSC of its presence and location. The mobile accomplishes this by periodically transmitting its identity information, e.g., MIN and ESN, which allows the MSC to constantly update an entry in its database about the whereabouts of the mobile. The MSC is able to distinguish home users from roaming users based on the MIN of each active user. The Home Location Register (HLR) keeps the location information of each home subscriber while the Visiting Location Register (VLR) only keeps information of a roaming user. The visited system creates a VLR record for each new roamer and notifies the home system via the IS-41 so it can update its own HLR [1]. Through first generation, a voice call gets modulated to a higher frequency of about 150MHz and up as it is transmitted between radio towers. This is done using a technique called Frequency-Division Multiple Access (FDMA).In terms of overall connection quality, first generation compares unfavourably to its successors. It has low capacity, unreliable handoff, poor voice links, and no security at all since voice calls were played back in radio towers, making these calls susceptible to unwanted eavesdropping by third parties. However, first generation did maintain a few advantages over second generation. In comparison to first generation’s analog signals, second generation digital signals are very reliant on location and proximity. If a 2G handset made a call far away from a cell tower, the digital signal may not be strong enough to reach it. While a call made from a first generation handset had generally poorer quality than that of a first generation handset, it survived longer distances. This is due to the analog signal having a smooth curve compared to the digital signal, which had a jagged, angular curve. As conditions worsen, the quality of a call made from a first generation handset would gradually worsen, but a call made from a second generation handset would fail completely [3]. 2
  3. 3. Fig.1.0 Architecture of first generation [2] 1.2 Second Generation The roots of the development of the global system for mobile communications (GSM) began with a group formed by the European Conference of Postal Telecommunications Administrations (CEPT) to investigate the development of a standard mobile telephone system to be used throughout Europe. This group was known as the Groupe Special Mobile or GSM for short, and this is initially where the acronym GSM came from; however, it is now widely understood to stand for global system for mobile communications. A unified telephone system was desirable since Europe is made up of many separate countries each with their own government, language, culture and telecommunication infrastructure, much of which was still in the hands of state-run monopolies. As there is much trade between these countries, a mobile network which would free users to roam internationally from country to country was seen as a valuable asset. The other major region to discuss in parallel is movements in mobile communications in the USA. Mobile technology was advancing there also, but the motivation to provide roaming capabilities was not such a fundamental PSTN Mobile Station (MS) Base Transceiver Station (BTS) Mobile Station Controller (MSC) Base Station Controller (BSC) Visitors Location Register (VLR) Home Location Register (HLR) 3
  4. 4. requirement, since it is one country. There was and is considerable regionalization of communications in the USA and this was reflected in the proliferation of mobile devices, where operators only needed to cater for the domestic market. GSM was eventually adopted as a European standard by the European Telecommunications Standards Institute (ETSI). It has been standardized to operate on three principal frequency regions, being 900 MHz, 1800 MHz and 1900 MHz. GSM is by far the most successful of the second generation cellular systems, and has seen widespread adoption not only across Europe but also throughout the Asia-Pacific region, and more recently, the Americas. Some of the large mobile network operators in the USA are also introducing GSM, either as a migration step towards the UMTS flavour of 3G or simply in addition to the current offerings [3]. 1.2.1 General Architecture From figure 1.1 which shows the general architecture for a GSM network. The various functional blocks are explained as followed. •Mobile station (MS) The MS consists of the mobile equipment (ME; the actual device) and a smart card called the subscriber identity module (SIM). The SIM offers personal mobility since the user can remove the SIM card from one mobile device and place it in another device without informing the network operator. In contrast, most other 2G systems require a registration update to the operator. The SIM contains a globally unique identifier, the international mobile subscriber identity (IMSI), as well as a secret key used for authentication and other security procedures. The IMSI (or a variation of it for security purposes) is used throughout the network as the identifier for the subscriber. This system enables a subscriber to change the mobile equipment and still be able to make calls, receive calls and receive other subscriber information by simply transferring the SIM card to the new device. Any calls made will appear on a single user bill irrespective of changes in the mobile device [2]. The mobile equipment is also uniquely identifiable by the international mobile equipment identity (IMEI). The IMEI and IMSI are independent, thus providing the user flexibility by 4
  5. 5. separating the concept of subscriber from access device. Many operators still issue ‘locked’ mobile devices where the equipment is tied for use only on a particular operator’s network. A mobile device not equipped with a SIM must also still be able to Fig 1.1 Architecture of second generation make emergency calls. To protect the call from undesirable snooping or listening in, the IMSI will not always be transmitted over the cell to identify the subscriber. Instead a temporary IMSI (T-IMSI) identifier is used and changed at regular intervals. Note that for extra security the whole data stream is encrypted over the air interface. Home Location Register (HLR) Authenticat ion Centre (AUC) User Equipme nt (UE) PSTN Equipment Identity Register (EIR) GMSC Base Transceiv er Station (BTS) Mobile Station Controller (MSC) TRAU Base Station Controller (BSC) 5
  6. 6. • Base station subsystem (BSS) The base station subsystem (BSS) is composed of three parts, the base transceiver station (BTS), the base station controller (BSC), which controls the BTSs, and the transcoding and rate adaption unit (TRAU) [1]. • Base transceiver station (BTS) The BTS houses the radio transceivers (TRXs) that define a cell and handle the radio link with the mobile station. As was seen, each transceiver can handle up to eight full-rate users simultaneously. If more than eight full-rate users request resources within the TRX then they will receive a busy tone, or a network busy message may be displayed on the mobile device. It is possible to increase the number of simultaneous users in a cell by increasing the number of TRXs, hence the number of frequencies used. When a mobile device moves from one cell to another the BTS may change. Within the GSM system a mobile device is connected to only one BTS at a given time. The first TRX in a cell can actually only handle a maximum of seven (possibly less) simultaneous users since one channel on the downlink is used for broadcasting general system information through what is known as the broadcast and control channel (BCCH). The BTS is also responsible for encrypting the radio link to the mobile device based on security information it receives from the core network [3]. • Base station controller (BSC) The BSC manages the radio resources for one or more BTSs. It handles the radio channel setup, frequency hopping and handover procedures when a user moves from one cell to another. When a handover occurs, the BSC may change; it is a design consideration that this will not change with the same regularity as a BTS change. A BSC communicates with the BTS through time division multiplex (TDM) channels over what is referred to as the Abis interface, generally implemented using E1 or T1 lines. If the numerous BTSs and the corresponding BSC are in close proximity then this link may be a fibre optic or copper cable connection. In some cases, there are a large number of BTSs in close proximity but quite 6
  7. 7. some distance away from the controlling BSC. In such cases it may be more efficient to relay the calls from each of the BTSs to a single BTS via microwave links. This type of link may be very cost effective since generally the running costs of a point-to-point microwave link may be free. Of course this has to be weighed against the cost of the purchasing and deployment of the equipment. The collector BTS can then connect to the BSC via another microwave link or via a landline cable. A problem with the above system is that if the collector BTS fails then calls from the other BTSs may also fail. To overcome this problem it is possible to have two collector BTSs both sending the calls to the BSC. This forms a redundant link and if one collector BTS fails then this does not present such a large problem, as is illustrated in Figure 1.3 • Transcoding and rate adaption unit (TRAU) The central role of the second generation systems is to transfer speech calls and the system has been designed and optimized for voice traffic. The human voice is converted to binary in a rather complex process. GSM is now quite an old system and as such the original encoding method used (LPC-RPE1) is not as efficient as some of the more recently developed coding systems such as those used in other cellular systems. There have been many developments in digital signal processing (DSP) which have enabled good voice quality to be transmitted at lower data rates. Although the TRAU is actually 7
  8. 8. Fig1.3 Base Station Connectivity seen as being logically part of the BSS, it usually resides close to the MSC since this has significant impact on reducing the transmission costs [2]. The voice data is sent in a 16 kbps channel through to the TRAU from the mobile device via the BTS and BSC. The transcoding and rate adaptation unit will convert this speech to the standard 64 kbps for transfer over the PSTN or ISDN network. Where over the air interface; speech uses 13 kbps (full-rate) and data 9.6 or 14.4 kbps, with each of these requiring a 16 kbps link through the BSS. As has been mentioned, digital voice data is robust in the face of errors, and can handle substantial bit error rates before the user begins to notice signal degradation. This is in stark contrast to data such as IP packets, which is extremely error intolerant and a checksum is generally used to drop a packet which contains an error. The adaptive multirate (AMR) speech CODECS which are implemented in UMTS and also the enhanced full-rate (EFR) bit rates for the second generation GSM, TDMA and PDC systems for comparison. The GSM EFR uses the algebraic code excited linear prediction (ACELP) algorithm and gives better quality speech than full-rate (FR) using 12.2 kbps. A half-rate (HR) method of Base Station Controller (BSC) BTS BTS BTS BTS BTS BTS Base Station Controller (BTS) BTS 8
  9. 9. speech coding has also been introduced in to the standards, which is known as code excited linear prediction-vector sum excited linear prediction (CELP-VSELP). This method will enable two subscribers to share a single time slot [4]. • Network switching subsystem (NSS) The NSS comprises the circuit switched core network part of the GSM system. The main element is the mobile switching centre (MSC) switch and a number of databases refer to as the visitor location register (VLR) and home location register (HLR). The HLR is always in the home network for roaming subscribers and thus any data exchange may have to cross international boundaries. The MSC and VLR are usually combined and are located in the visited network. • Mobile switching centre (MSC) This acts like a normal switching node for a PSTN or ISDN network. It also takes care of all the additional functionality required to support a mobile subscriber. It therefore has the dual role of both switching and management. When a mobile device is switched on and requests a connection to a mobile network, it is principally the MSC that processes this request, with the BSS merely providing the access to facilitate this request. If the request is successful then the MSC registers the mobile device within its associated VLR (see below; most manufacturers tend to combine the VLR functionality with the MSC). The VLR will update the HLR with the location of this mobile device, and the HLR may be either in the same network, or a different network in the case of a roaming user. The MSC deals with registration, authentication (the MSC requests information from the authentication centre but it is the MSC which actually does the authentication), mobile device location updating and routing of calls to and from a mobile user. An MSC which provides the connectivity from the mobile network to the fixed network, e.g. ISDN or PSTN, is known as a gateway-MSC (G-MSC) [2]. 9
  10. 10. • Home Location Register (HLR) When a subscriber registers with an operator, they enter into what is known as a service level agreement (SLA). This operator’s mobile network is known as the home network or home public land mobile network (H-PLMN). The HLR is a huge database located within this home network which stores administrative information about the mobile subscriber. The information stored for a user in the HLR will include their IMSI, service subscription information, service restrictions and supplementary services. The HLR is also expected to know the location of its mobile users. It actually knows their location only to the VLR with which the mobile device is registered. The HLR also only knows the location of a mobile device which is switched on and has registered with some mobile operator’s network. This is the case even if the mobile is in a different country connected to another mobile operator’s network, as long as a roaming agreement exists between the two mobile operators. The GSM system provides all the technical capabilities to support roaming; however, this roaming agreement is also required so that both operators can settle billing issues arising from calls made by visiting mobile subscribers. • Visitor Location Register (VLR) The VLR is another database of users and is commonly integrated with an MSC. Unlike the HLR, where most information is of a permanent nature, the VLR only holds temporary information on subscribers currently registered within its vicinity. This vicinity covers the subscribers in the serving area of its associated MSC. When a mobile device enters a new area, the mobile device may wish to connect to this network and if so informs the MSC of its arrival. Once the MSC checks are complete, the MSC will update the VLR. A message is sent to the HLR informing it of the VLR which contains the location of the mobile. If the mobile device is making or has recently made a call, then the VLR will know the location of the mobile device down to a single cell. If the mobile device has requested and been granted attachment to a mobile network, but not made any calls recently, then the location of the 10
  11. 11. mobile device will be known by the VLR to a location area, i.e. a group of cells and not a single cell [1]. • Equipment Identity Register (EIR) The EIR is a list of all valid mobiles on the network. If a terminal has been reported stolen or the equipment is not type approved then it may not be allowed to operate in the network. The terminals are identified by their unique IMEI identifier [5]. • Authentication Centre (AuC) The AuC is a database containing a copy of the secret key present in each of the users’ SIM cards. This is used to enable authentication and encryption over the radio link. The AuC uses a challenge–response mechanism, where it will send a random number to the mobile station; the mobile station encrypts this and returns it. The AuC will now decrypt the received number and if it is successfully decrypted to the number originally sent, then the mobile station is authenticated and admitted to the network. To make and receive calls, the location of the mobile device has to be known by the network. It would be extremely inefficient if a user needed to be paged across an entire network, and almost impossible to support roaming to other networks. Each cell broadcasts its globally unique identity on its broadcast channel, which is used by the mobile device for location purposes. Mobility management is the mechanism that the network uses for keeping a dynamic record of the location of all of the mobile devices currently active in the network. In this context, location does not refer specifically to the geographical location of the mobile device, but rather its location with respect to a cell in which it is currently located. However, for the development of cellular towards third generation, geographical location becomes important as an enabler for location-based services (LBS). The major benefit of the cellular telephone over a fixed landline is the mobility that it presents to the subscriber. Initially, this mobility was merely allowing the user to move around and be tracked within a certain area; however, now mobility extends to cover the concept of roaming. Unfortunately, the provision of mobility makes the network much more complex to design and operate. As a subscriber moves from 11
  12. 12. one location to another, the strength of the signal it receives from the base station to which it is currently listening will fluctuate, and, conversely, the signal received by the base station from the mobile device will also vary. Both the network and the mobile device must constantly monitor the strength of the signal, with the mobile device periodically reporting the information it has measured to the network. The mobile device also monitors the strength of other cells in the vicinity. When the signal strength gets too weak from a particular base station, a handover (also known as a handoff) to a base station in another cell may take place. The network must try to guarantee that in the event of a handover, the user call is not dropped and there is a smooth transition from cell to cell, even if the user is moving quite rapidly, as is the case for a motorist. The HLR, which is in the home network, knows which VLR has information regarding the particular subscriber. The information the VLR holds depends on the connection state of the mobile device: in idle mode only the location area (LA) is known whereas in dedicated mode the actual cell is known. Most of the GSM mobile network is designed and implemented in a hierarchical manner. The change of a cell from one base station to another is relatively simple if the BTSs are controlled by the same BSC. The change of a BSC is more complex and hence will require more signalling but will occur less frequently since each BSC controls a number of BTSs. A change of the MSC is also possible but, again, this should be rather infrequent for most users. If a user is in a vehicle and moving at high speed, then a number of MSC handovers may take place during a prolonged voice call. However, this will probably occur rarely as the vehicle will likely have crashed or the driver been arrested before handover occurs! This system of handover enables a subscriber to continue with a call in progress while moving from one geographical area to another. • When User 1 changes from one cell to another, a cell update is required. As noted, this does not require much in the way of signalling. • When User 2 changes cell, a cell update and a BSC update are required. This will require more signalling, with the MSC controlling the change in BSC. 12
  13. 13. • When User 3 changes cell, a cell update, a BSC update and an MSC update are required. This is a much more complex task, which will require a greater amount of signalling. Note that these updates only take place when a mobile device has a call in progress, or in what is referred to as dedicated mode. Mobile devices which do not have a call in progress but may have registered with the network are said to be in idle mode. Mobile devices in idle mode will only send periodic updates indicating that the mobile is still active, thus reducing the signalling load on the network. When a user wishes to make a call, the mobile device will transparently update the network as to its position and move to dedicated mode. In idle mode the location of the mobile device is still known but over a number of cells rather than a single cell. In idle mode the mobile device monitors a certain area spanning a number of cells, known as a Location Area (LA), and sends location update information to the network when the mobile device physically crosses a boundary between LAs. A certain period of time has elapsed. Even when the mobile device is stationary, after a long period of inactivity it will send an update to allow the network to refresh its stored information regarding the subscriber’s location. Devices which do not send this update will be assumed to have left the coverage area and their data may be removed from the network. This interval is network configurable and could be, for example, one hour. 1.2.2 GSM Air Interface There is a limited spectrum of frequencies that is both available and suitable for GSM. Cellular operators have to compete for this bandwidth with the likes of the military, broadcast television and broadcast radio. The available electromagnetic spectrum has been split into a number of bands by both national and international regulatory bodies. Fortunately there was much international agreement on the frequencies in the 900 MHz and 1800 MHz bands, which brought in large economies of scale, reducing the price of handsets, and thus enabling GSM to flourish. GSM was originally designed to work in a 900 MHz band but is now used in 1800 MHz, 1900 MHz and a number of others, such as 450 MHz. As shown in Figure 1.4, the 900 MHz range is made up of two separate 25 MHz bands, 13
  14. 14. between 890–915 MHz and 935–960 MHz. The lower 25 MHz is used for the mobile station, or uplink, transmission and the upper 25 MHz of the range is GSM Mobile Station Transmits 20MHz GSM Base Station Transmits 890 915 935 960 Fig 1.4: GSM original band used for base station, or downlink, transmission. There is a gap of 20 MHz between the transmission sub-bands i.e. the GSM base station transmit band starts at 890 + 45 MHz. The mobile device transmits on the lower frequency since it is a physical property of electromagnetic waves that there will generally be less attenuation on lower frequencies. The base station is not reliant on a small battery and can therefore radiate greater power, thus the greater attenuation in the downlink is not seen as a major problem, allowing the mobile device to avail itself of better transmission characteristics. As discussed, GSM works on a combination of frequency division multiplexing (FDM), and time division multiplexing (TDM) multiple access schemes. It also uses slotted-Aloha, a contention method which is similar in operation to Ethernet. This contention mechanism is required since it is possible for two mobile subscribers to make a request for resources at exactly the same time. The mobile stations use this contention method to compete with each other to request a traffic channel (TCH), which is required for a call. Like Ethernet, there is a chance that a collision will occur, so mechanisms are implemented to deal with this. The FDM allocates each GSM channel 200 kHz of bandwidth and therefore there are 25 MHz/200 kHz = 125 channels available in each direction. One of these channels is not used for data transfer but is used as a guard band, leaving 124 channels available for communication. A matching pair of GSM 14
  15. 15. frequency channels, i.e. one uplink and a corresponding downlink, is controlled by a device referred to as a transceiver (TRX). All of the operators in a country using GSM900 have to share these 124 channels and they will be allocated a licence covering a range of them by the national telecommunications regulator. Say there are four mobile operators in a given country. Each of them may be allocated 31 channels (124/4). For example, Operator 1 may be allocated 31 channels starting from 890.0 MHz, 890.2 MHz, and 890.4 MHz etc. up to 896.0 MHz in the uplink and 935.0 MHz, 935.2 MHz, 935.4 MHz etc. up to 941.0 MHz in the downlink, as shown in Figure 3.8. TDM further splits each of these frequency channels into eight separate time slots, each of which may be allocated to a user or used for control purposes. These time slots are individually referred to as slot 0 through to slot 7, and form a TDM frame. A single time slot in GSM is also referred to as a burst; however, this should not be confused with the term ‘error burst’. If a cell is allocated a single frequency (one TRX) then slot 0 on this frequency is reserved as a control channel. If two or more frequencies are employed within the cell then it may require additional control channels to increase the overall efficiency. The slot 0 control channel always includes the broadcast and control channel (BCCH), which is broadcast from the base station in the downlink to provide information to the mobile devices registered in the cell, such as the cell identifier, network operator etc.[3,4] 1.3 Deficiencies of First- and Second-Generation Wireless Systems First-generation cellular systems provide connection-oriented services for each voice user. Voice channels are dedicated to the users at a serving base station and network resources are dedicated to the voice traffic on initiation of a call. The MSC sets up a dedicated voice channel connection between the base station and the PSTN for the duration of a cellular phone call. Circuit switching is used to transmit voice traffic to and from the user's terminal to the PSTN. Circuit switching establishes a dedicated radio channel between the base station and the mobile, and a dedicated phone line between the MSC and the PSTN for the entire duration of a call. First-generation cellular systems provide data communications using circuit switching. Wireless data services such as fax and electronic mail are not well 15
  16. 16. supported by circuit switching because of their short, bursty transmission, which are followed by periods of inactivity. Often, the time required to establish a circuit exceeds the duration of the data transmission. Modem signals carrying data need to be passed through the audio filters that are designed for analog, FM, and common air interfaces. Thus, it is both clumsy and inefficient, e.g., voice filtering must be deactivated when data are transmitted [6]. 1.4 Third-Generation Wireless Networks The deficiencies of the first- and second-generation wireless systems prevent them from allowing roaming users to enjoy high data rate connections and multimedia communications. The aim of third-generation wireless networks is to introduce a single set of standards that provide higher airlink bandwidth and support multimedia applications. In addition, the third-generation wireless systems are expected to be able to communicate with other information networks, e.g., the Internet and other public and private databases. Examples of third-generation wireless systems are TIA IxEV Data Only (or commonly referred to as High Data Rate system)-based networks [EVDO], TIA IxEVDV-based networks [EVDV], and 3GPP UMTS networks [UMTS]. Such 3G systems promise a peak airlink bandwidth of 2-3Mbps [4]. 1.4.1 UMTS / WCDMA Network Architecture The UMTS network architecture is required to provide a greater level of performance to that of the original GSM network. However as many networks had migrated through the use of GPRS and EDGE, they already had the ability to carry data. Accordingly many of the elements required for the WCDMA / UMTS network architecture were seen as a migration. This considerably reduced the cost of implementing the UMTS network as many elements were in place or needed upgrading. With one of the major aims of UMTS being to be able to carry data, the UMTS network architecture was designed to enable a considerable improvement in data performance over that provided for GSM [5]. 16
  17. 17. The UMTS network architecture can be divided into three main elements: User Equipment (UE): The User Equipment or UE is the name given to what was previous termed the mobile, or cellphone. The new name was chosen because the considerably greater functionality that the UE could have. It could also be anything between a mobile phone used for talking or a data terminal attached to a computer with no voice capability. Radio Network Subsystem (RNS): The RNS is the equivalent of the previous Base Station Subsystem or BSS in GSM. It provides and manages the air interface for the overall network. Core Network: The core network provides all the central processing and management for the system. It is the equivalent of the GSM Network Switching Subsystem or NSS. The core network is then the overall entity that interfaces to external networks including the public phone network and other cellular telecommunications networks. Fig. 1.5 UMTS Network Architecture Overview 17
  18. 18. • User Equipment, UE The User Equipment UE is a major element of the overall UMTS network architecture. It forms the final interface with the user. In view of the far greater number of applications and facilities that it can perform, the decision was made to call it user equipment rather than a mobile. However it is essentially the handset (in the broadest terminology), although having access to much higher speed data communications, it can be much more versatile, containing many more applications. It consists of a variety of different elements including RF circuitry, processing, antenna, battery, etc. There are a number of elements within the UE that can be described separately: User Equipment RF circuitry: The RF areas handle all elements of the signal, both for the receiver and for the transmitter. One of the major challenges for the RF power amplifier was to reduce the power consumption. The form of modulation used for W-CDMA requires the use of a linear amplifier. These inherently take more current than non linear amplifiers which can be used for the form of modulation used on GSM. Accordingly to maintain battery life, measures were introduced into many of the designs to ensure the optimum efficiency. Baseband processing: The base-band signal processing consists mainly of digital circuitry. This is considerably more complicated than that used in phones for previous generations. Again this has been optimised to reduce the current consumption as far as possible. Battery: While current consumption has been minimised as far as possible within the circuitry of the phone, there has been an increase in current drain on the battery. With users expecting the same lifetime between charging batteries as experienced on the previous generation phones, this has necessitated the use of new and improved battery technology. Now Lithium Ion (Li-ion) batteries are used. These phones to remain small and relatively light while still retaining or even improving the overall life between charges. 18
  19. 19. Universal Subscriber Identity Module, USIM: The UE also contains a SIM card, although in the case of UMTS it is termed a USIM (Universal Subscriber Identity Module). This is a more advanced version of the SIM card used in GSM and other systems, but embodies the same types of information. It contains the International Mobile Subscriber Identity number (IMSI) as well as the Mobile Station International ISDN Number (MSISDN). Other information that the USIM holds includes the preferred language to enable the correct language information to be displayed, especially when roaming, and a list of preferred and prohibited Public Land Mobile Networks (PLMN). The USIM also contains a short message storage area that allows messages to stay with the user even when the phone is changed. Similarly "phone book" numbers and call information of the numbers of incoming and outgoing calls are stored. The UE can take a variety of forms, although the most common format is still a version of a "mobile phone" although having many data capabilities. Other broadband dongles are also being widely used [5]. 1.4.2 UMTS Radio Network Subsystem This is the section of the UMTS / WCDMA network that interfaces to both the UE and the core network. The overall radio access network, i.e. collectively all the Radio Network Subsystem is known as the UTRAN UMTS Radio Access Network. The Radio Network Subsystem comprises two main components: Radio Network Controller, RNC: This element of the radio network subsystem controls the Node Bs that are connected to it. The RNC undertakes the radio resource management and some of the mobility management functions, although not all. It is also the point at which the data encryption / decryption is performed to protect the user data from eavesdropping. Node B: Node B is the term used within UMTS to denote the base station transceiver. It contains the transmitter and receiver to communicate with the UEs within the cell. In order 19
  20. 20. to facilitate effective handover between Node Bs under the control of different RNCs, the RNC not only communicates with the Core Network, but also with neighbouring RNCs. Fig 1.6 UMTS Radio Network Subsystem Architecture • UMTS Core Network The UMTS core network architecture is a migration of that used for GSM with further elements overlaid to enable the additional functionality demanded by UMTS. In view of the different ways in which data may be carried, the UMTS core network may be split into two different areas: Circuit switched elements: These elements are primarily based on the GSM network entities and carry data in a circuit switched manner, i.e. a permanent channel for the duration of the call. Packet switched elements: These network entities are designed to carry packet data. This enables much higher network usage as the capacity can be shared and data is carried as packets which are routed according to their destination. Some network elements, particularly those that are associated with registration are shared by both domains and operate in the same way that they did with GSM [1]. 20
  21. 21. Fig 1.7 UMTS Core Network • Circuit Switch Elements The circuit switched elements of the UMTS core network architecture include the following network entities: Mobile switching centre (MSC): This is essentially the same as that within GSM, and it manages the circuit switched calls under way. The mobile switching centre (MSC) is the centre piece of the circuit switched core network. The same MSC can be used to serve both the GSM-BSS and the UTRAN connections. A GSM-MSC must be upgraded to meet the 3G requirements, but the same MSC can be used to serve both access networks. In addition to the radio access networks, it has interfaces to the fixed PSTN network, other MSCs, the packet-switched network (SGSN), and various core network registers (HLR, EIR, AuC). Physically, the VLR is implemented in connection with the MSC, so the interface between them (the B interface) exists only logically. Several BSSs can be connected to the MSC. The number and the size of MSCs also vary; a small operator may only have one small MSC, but once the number of subscribers increase, several large MSCs may be needed. The functions of an MSC include the following [1]: • Paging; 21
  22. 22. • Coordination of call setup from all MSs in the MSC’s jurisdiction; • Dynamic allocation of resources; • Location registration; • Interworking functions (IWFs) with other type of networks; • Handover management (especially the complex inter-MSC handovers); • Billing of subscribers (not the actual billing, but collecting the data for the billing center); • Encryption parameter management; • Signaling exchange between different interfaces; • Frequency allocation management in the whole MSC area; • Echo canceler operation and control. The MSC terminates the MM and CM protocols of the air interface protocol stack, so the MSC has to manage these protocols, or delegate some responsibilities to other core network elements. Gateway MSC (GMSC): This is effectively the interface to the external networks. The Gateway MSC (GMSC) is an MSC that is located between the PSTN and the other MSCs in the network. Its function is to route the incoming calls to the appropriate MSCs by first interrogating the appropriate HLR. If the operator allows the outside networks to access its HLRs, then a dedicated GMSC is not necessary as the other networks can route the calls to the right MSC by themselves. In practice it is also possible that all MSCs are also GMSCs in a PLMN. • Packet Switched Elements: The packet switched elements of the UMTS core network architecture include the following network entities: Serving GPRS Support Node (SGSN): As the name implies, this entity was first developed when GPRS was introduced, and its use has been carried over into the UMTS network architecture. The SGSN provides a number of functions within the UMTS network architecture. 22
  23. 23. Mobility management: When a UE attaches to the Packet Switched domain of the UMTS Core Network, the SGSN generates MM information based on the mobile's current location. Session management: The SGSN manages the data sessions providing the required quality of service and also managing what are termed the PDP (Packet data Protocol) contexts, i.e. the pipes over which the data is sent. Interaction with other areas of the network: The SGSN is able to manage its elements within the network only by communicating with other areas of the network, e.g. MSC and other circuit switched areas. Billing: The SGSN is also responsible for billing. It achieves this by monitoring the flow of user data across the GPRS network. CDRs (Call Detail Records) are generated by the SGSN before being transferred to the charging entities (Charging Gateway Function, CGF). Gateway GPRS Support Node (GGSN): Like the SGSN, this entity was also first introduced into the GPRS network. The Gateway GPRS Support Node (GGSN) is the central element within the UMTS packet switched network. It handles inter-working between the UMTS packet switched network and external packet switched networks, and can be considered as a very sophisticated router. In operation, when the GGSN receives data addressed to a specific user, it checks if the user is active and then forwards the data to the SGSN serving the particular UE [3]. • Shared Elements The shared elements of the UMTS core network architecture include the following network entities: • Visitor Location Register The visitor location register (VLR) contains information about the mobile stations roaming in this MSC area. It is also possible that one VLR handles the visitor register of several MSC areas. Note that a VLR contains information from all active subscribers in its area, even from those to whom this network is their home network, so the name VLR is misleading as most 23
  24. 24. entries in that register are not visitors, but users in their own home network. The VLR contains pretty much the same information as the home location register (HLR), the difference being that the information in the VLR is there temporarily, whereas the HLR is a site for permanent information storage. When a user makes a subscription, the subscriber’s data is added to his home HLR. From there it is copied to the VLR the user is currently registered with. When a user registers with another network, the subscriber data is removed from the old VLR and copied to the new VLR. There are, however, some network optimization schemes, which may change this principle in the future. The VLR contains such data that the normal call setup procedures can be handled without consulting the HLR. This is important especially if the user is roaming abroad, and the signalling connection to the home network is expensive. A VLR subscriber data entry includes the following information: • International mobile subscriber identity (IMSI); • Mobile station international ISDN number (MSISDN); • Mobile station roaming number (MSRN); • Temporary mobile station identity (TMSI), if applicable; • Local mobile station identity (LMSI), if used; • Location area where the mobile station has been registered; • Identity of the SGSN where the MS has been registered, if applicable; • Last known location and the initial location of the MS. In addition, there can be lots of optional data, depending on what features the network supports [e.g., CAMEL or local service area (LSA)]. The VLR may also contain supplementary service parameters. The procedures the VLR has to perform include the following: • Authentication procedures with the HLR and the AuC; • Cipher key management and retrieval from the home HLR/AuC; • Allocation of new TMSI numbers; • Tracking of the state of all MSs in its area; • Paging procedure support (retrieval of the TMSI and the current location area). 24
  25. 25. • Home location register (HLR): This database contains all the administrative information about each subscriber along with their last known location. In this way, the UMTS network is able to route calls to the relevant RNC / Node B. When a user switches on their UE, it registers with the network and from this it is possible to determine which Node B it communicates with so that incoming calls can be routed appropriately. Even when the UE is not active (but switched on) it re-registers periodically to ensure that the network (HLR) is aware of its latest position with their current or last known location on the network. The HLR contains the permanent subscriber data register. Each subscriber information profile is stored in only one HLR. The HLR can be implemented in the same equipment as the MSC/VLR, but the usual arrangement is to have the MSC/VLR as one unit, and the HLR/AuC/EIR combination as another unit. One PLMN can have several HLRs. The subscriber information is entered into the HLR when the user makes a subscription. There are two kinds of information in an HLR register entry, permanent and temporary. The permanent data never change, unless the subscription parameters are changed. An example of this is the user who adds some supplementary services to his/her subscription. The temporary data contain things like the current (VLR) address and ciphering information, which can change quite often, even from call to call. Temporary data are also sometimes conditional; that is, it is not always there. A subscriber data entry can be accessed by either IMSI or MSISDN [5]. The permanent data in the HLR include among others: • International mobile subscriber number (IMSI), which identifies the subscriber (or actually his or her SIM card) unambiguously; • MS category information; • Possible roaming restrictions; • Closed user group (CUG) membership data; • Supplementary services parameters; • Authentication key; 25
  26. 26. • Network access mode (NAM), which determines whether the user can access the GPRS networks, non-GPRS networks, or both. In addition, if GPRS is supported, PDP addresses are included. Again, there may be lots of other entries, depending on what features the network supports. The temporary data include the following: • Local mobile station identity (LMSI); • Triplet vector; that is, three authentication and ciphering parameters: (1) random number (RAND), (2) signed response (SRES), and (3) ciphering key (Kc); • Quintuplet vector; that is, five authentication and ciphering parameters: (1) random challenge (RAND), (2) expected response (XRES), (3) cipher key (CK), (4) integrity key (IK), and (5) authentication token (AUTN); • MSC number; • VLR number (the identity of the currently registered VLR). In addition, if GPRS is supported, SGSN and GGSN numbers (SS7 addresses) are included The HLR also forwards the charging information to the billing center. • Equipment identity register (EIR): The EIR is the entity that decides whether given UE equipment may be allowed onto the network. Each UE has a number known as the International Mobile Equipment Identity. This number, as mentioned above, is installed in the equipment and is checked by the network during registration. The equipment identity register (EIR) stores the international mobile equipment identities (IMEIs) used in the system. An EIR may contain three separate lists: White list: The IMEIs of the equipment known to be in good order; Black list: The IMEIs of any equipment reported to be stolen; Gray list: The IMEIs of the equipment known to contain problems (such as faulty software) that are not fatal enough to justify barring them. At a minimum an EIR must contain a white list. It is unfortunate that the black list and the checks against it are not mandatory, as stolen mobile phones can now be used in some 26
  27. 27. networks that have a weaker security policy. And it is even more unfortunate that changing the IMEI code of a handset is not yet illegal in many countries. Typically a PLMN has only one EIR, which then interconnects to all HLRs in the network. Note that EIR handles IMEI values, not IMSIs or any other identities. The IMEI is (or should be) a unique identity of a mobile handset assigned when it is manufactured. Authentication centre (AuC) : The AuC is a protected database that contains the secret key also contained in the user's USIM card. The authentication center (AuC) is associated with an HLR. The AuC stores the subscriber authentication key, Ki, and the corresponding IMSI. These are permanent data entered at subscription time. The Ki key is used to generate an authentication parameter triplet (Kc, SRES, RAND) during the authentication procedure. Parameter Kc is also used in encryption algorithms. An AuC physically always exists with an HLR. The MAP interface between them (the H interface) has not been standardized [3,5]. 27
  28. 28. Reference: Mooi Choo Chuah and Qinqing Zhang (2006) Design and Performance of 3G Wireless Networks and Wireless LANS, Springer Science and Business Media Inc. Jeffrey Bannister, Paul Mather and Sebastian Coope (2004) Convergence Technologies for 3G Networks IP, UMTS, EGPRS and ATM.,John Wiley and Sons LTD. Juha Korhonen (2003) Introduction to 3G Mobile Communications, Artech House, Inc. G.Gomez and R. Sanchez (2005) End to End Quality of Service Over Cellular Networks, Data Service Performance and Optimization in 2G/3G. John Wiley and Sons LTD. Monoru Etoh (2005) Next Generation Mobile System 3G and Beyond, John Wiley and Sons. Willie W, Broadband Wireless Mobile 3G and Beyond. John Wiley and Sons Ltd. Dr. Jonathan P. Castro, The UMTS Network and Radio Access Technology; Interface Technique for Future Mobile Systems. John Wiley and Sons Ltd. Williams C.Y. Lee (2006) Wireless and Cellular Telecommunication, McGraw Hill, Singapore. V. Vangi, A. Damnjanovic and B. Vojcic (2004) The cdma2000 System for Mobile Communications, Prentice-Hall PTR. S.C. Yang (2004) 3G CDMA 2000, Artech House, Inc., Boston. B. Pelletier and H. Leib (2004) PCS Third Generation CDMA system, Study of the Physical̋ Layer. Wireless Communication Group at Mc Gill University.̏ H. Holma and Antti Toskala (2001) WCDMA for UMTS, John Wiley and Sons. C. Smith and D. Collins (2002) 3G Wireless Works, McGraw-Hill. D. Collins (2001) Carrier Grade Voice Over IP, McGraw Hill. 28
  29. 29. V.K. Garg (2000) IS-95 CDMA and cdma2000, Prentice- Hall PTR. D. J. Goodman (1997) Wireless Personal Communications Systems. Addison-Wesley, Reading, MA O. Sallent, J. Perez-Romero, R. Agusti et al. (2003) ‘Provisioning multimedia wireless networks for better QoS: RRM strategies for 3G W-CDMA.’ IEEE Communications Magazine 41(2), 100–107 Walke, B., Mobile Radio Networks, New York: Wiley, Silventoinen, M. (1999) “Indoor Base Station Systems,” in GSM—Evolution Towards 3rd Generation Systems, Z. Zvonar, P. Jung, and K. Kammerlander (eds.), Norwell, MA: Kluwer Academic Publishers. Roberts, J., U. Mocci, and J. Virtamo (1996) “Broadband Network Teletraffic,” COST 242 report, Berlin: Springer-Verlag. A. S. Tanenbaum (2003) Computer Networks, 4th edn. Prentice Hall, Upper Saddle River,NJ. H. Taub, D. Schilling (1986) Principles of Communication Systems. 2nd edn. McGraw-Hill, New York. A. J. Viterbi (1995) CDMA: Principles of Spread Spectrum Communication. Addison-Wesley, Reading, MA. A. J. Viterbi (1967) ‘Error bounds for convolutional codes and an asymptotically optimum decoding algorithm’, IEEE Transactions on Information Theory IT-13, 260–269. D. J. Goodman (1997) Wireless Personal Communications Systems. Addison-Wesley, Reading, MA. H. Holma, A. Toskala (2002) WCDMA for UMTS, 2nd edn. John Wiley and Sons, Chichester. 29
  30. 30. J. Laiho, A. Wacker, T. Novosad (2002) Radio Network Planning and Optimisation for UMTS,John Wiley and Sons, Chichester. S. Floyd, V. Jacobson (1993) ‘Random early detection gateways for congestion avoidance’, IEEE/ACM Transactions on Networking, 1(4), 397–413. Karkkainen, K.H.A. (1995) “Influence of Various PN Sequence Phase Optimization Criteria on the SNR Performance of an Asynchronous DS-CDMA System,” Proc. IEEE 1995 Military Communications Conference (MILCOM 95), San Diego, California. Ojanpera, T., and R. Prasad (1998) Wideband CDMA for Third Generation Mobile Communications, Norwood, MA: Artech House. Holma, H., and A. Toskala (eds.), (2000) WCDMA for UMTS: Radio Access for Third Generation Mobile Communications, New York: Wiley. Prasad, R., W. Mohr, and W. Konhauser (2000) Third Generation Mobile Communication Systems, Norwood, MA: Artech House. Black, U. D. (1989) Data Networks: Concepts, Theory, and Practice, Englewood Cliffs, NJ: Prentice Hall International. Viterbi, A. J. (1995) CDMA: Principles of Spread Spectrum Communication, Reading, MA: Addison-Wesley. 30