MK by Mobile Communication

Basic Concepts of Cellular
Networks and Mobile IP
Aug 31, 2005
Mayur.M.Parmar

• Evolution of Cellular Networks
• Architectures
– AMPS
– GSM
• Security Mechanisms in GSM
Cellular Networks: Agenda

Origin of Wireless Communications
• Wireless communications gained popularity in
1930’s
– Mainly used for public safety by police and other
government organizations
– Not connected to the PSTN (Public Switching
Telephone Networks)
• First public mobile telephone service started in
1946 in United States
– Using a single high power transmitter and large tower
to cover an area of 50 km

Concept of Cellular Networks
• A single high power
transmitter services one
larger area  multiple low
power transmitters service
multiple smaller areas
(Cells)
• Frequency can be reused
by cells far away from each
other  improve usage
• A set of cells that do not
share frequency form a
cluster
• The cluster is then
replicated throughout the
desired communication
area

Evolution of Cellular Networks
1G 2G 3G 4G2.5G
Analog Digital
Circuit-switching Packet-switching

1G Systems
• Goal: To develop a working system that could
provide basic voice service
• Time frame: 1970-1990
• Technology: FDMA/FDD
• Example Systems:
– Advanced Mobile Phone System (AMPS-USA)
– Total Access Communication System (TACS-UK)
– Nordic Mobile Telephone (NMT-Europe)
• Incompatible analog systems

2G Systems
• Goal: Digital voice service with improved quality
and also provide better data services
• Time Frame: 1990- 2000
• Technology: TDMA/TDD, CDMA
• Example Systems:
– Global System for Mobile (GSM-Europe)
– IS-136(TDMA)
– IS-95 (CDMA)

• Goal: To provide better data rates and wider
range of data services and also act as a
transition to 3G
• Time frame: 2000-2002
• Systems:
– IS-95B
– High Speed Circuit Switched Data (HSCSD)
– General Packet Radio Service (GPRS)
– Enhanced Data rates for GSM Evolution (EDGE)
2.5G Systems

• Goal: High speed wireless data access and
unified universal standard
• Time frame: 2002-
• Two competing standards
– One based on GSM, IS-136 and PDC known as
3GPP
– Other based on IS-95 named 3GPP2
• Completely move from circuit switching to
packet switching
• Enhanced data rates of 2-20Mbps
3G Systems

• Future systems
• Goal:
– High mobility, High data rate, IP based
network
– Hybrid network that can interoperate with
other networks
4G Systems

AMPS
• 1G system developed by Bell Labs
• Analog system used FDMA/FDD
• 40Mhz of spectrum
• 842 channels
• rate: 10kbps

Public
Switched
Telephone
Network
MTSO
(MSC)
BTS
BTS
BTS
BTS
MTSO: Mobile Telecommunication Switching Office
Also known as MSC (Mobile Switching Center)
BTS: Base Transceiver Station
AMPS: Architecture

Public
Switched
Telephone
Network
MTSO
(MSC)
BTS
BTS
BTS
BTS
Paging
message
Paging
message
Paging
message
Paging
message
AMPS: Conventional Telephone  Cell Phone

• Call arrives at MSC via the PSTN
• MSC then sends out a paging message via all
BTS on the FCC (Forward Control Channel).
• The paging message contains subscriber’s
Mobile Identification Number (MIN)
• The mobile unit responds with an
acknowledgement on the RCC (Reverse
Control Channel)
• MSC directs BS to assign FVC (Forward Voice
Channel) and RVC (Reverse Voice Channel)
AMPS: Conventional Telephone  Cell Phone

• Subscriber unit transmits an origination
message on the RCC
• Origination message contains
– MIN
– Electronic Serial Number
– Station Class Mark
– Destination phone number
• If BTS receives it correctly then it is passed on to
MSC
• MSC validates the information and connects the
call
AMPS: Cell phone initializes a call

• GSM system consists of three interconnected sub-
systems
– Base station Subsystem
• Mobile station (MS)
• Base Transceiver Station (BTS)
• Base Station Controllers (BSC)
– Network Switching Subsystem (NSS)
• Mobile Switching Center (MSC)
• Home Location Register (HLR)
• Visitor Location Register (VLR)
• Authentication center (AUC)
– Operation Support Subsystem
• Operation Maintenance Centers
GSM: Architecture

Base Station Subsystem
BSC
BSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BTS
•BSCs connect the MS to the NSS
•The BTS provides last mile connection to the MS
and communication is between the BTS and MS
•Handover between BTS within same BSC is handled by the BSC
GSM

BSC
BSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BTS
Base Station Subsystem
MSC
HLR VLR AUC
Public Networks
Network Switching Subsystem
OSS
Operation Support Subsystem
GSM

• Principles
– Only authenticated users are allowed to access the
network
– No user data or voice communication is transmitted in
“clear text”
• The subscriber identity module (SIM) card is a
vital part of GSM security. It stores
– International Mobile Subscriber Identity (IMSI)
– Ciphering Key Generating Algorithm (A8)
– Authentication Algorithm (A3)
– Personal Identification Number
– Individual Subscriber Authentication Key (Ki)
Security in GSM

• Mobile station contains
– A5 algorithm and IMEI
• The network stores
– A3, A5, A8 algorithms
• The Authentication Center stores
– IMSI
– Temporary Mobile Subscriber Identity (TMSI)
– Individual Subscriber Authentication Key (Ki)
Security in GSM

Channel Establishment
Identity (TMSI or IMSI)
Authentication Request (RAND) Run Authentication
Algorithm (RAND)
Response
(SRES,Kc)
Authentication Response (SRES)
•RAND is 128 bit random
sequence
•SRES is signed response
generated for
authentication
Security in GSM: Authentication
Network
Mobile
Station
SIM

At the Network end
At the Mobile user end in the SIM
A3 Algorithm
RAND (challenge)
Ki (128 bit)
Transmitted to mobile
A3 Algorithm
RAND (challenge)
Ki (128 bit)
A8 Algorithm
Kc used for encryption
of user data and
signaling data
Proper authentication
completed if result is zero
Transmitted
back to base
station
Authentication based on RAND

• Ki is known only to the operator who programs
the SIM card and is tied to IMSI
• IMSI should be transmitted as less as possible.
• Only TMSI is used for authentication
• TMSI is periodically updated

• GSM uses symmetric cryptography
– Data is encrypted using an algorithm which is seeded
by the ciphering key Kc
• Kc is known only to base station and mobile
phone and is frequently changed
• The A5 algorithm is used for ciphering the data
• Along with Kc the algorithm is ‘seeded’ by the
value based on the TDMA frame
• Internal state of the algorithm is flushed after a
burst
Security in GSM: Data Encryption

A5 algorithm
Kc (from A8 algorithm)
Count
(from TDMA frame)
User Data
Xor
Encoded
message

• Why Mobile IP?
• Basic Principle of Mobile IP
• Route Optimization
Mobile IP: Agenda

• Internet hosts/interfaces are identified by IP address
– Domain name service (DNS) translates host name to IP
address
– IP address identifies host/interface and locates its network
IP Addressing
Gateway
Host 1 MH
129.168.105.126 129.168.105.124
ISU: 129.168.*.*
Internet
Host 2
Gateway
130.203.4.112
PSU:
130.203.*.*

• A host move to another network requires different
network address
– But this would change the host’s identity
– How can others still reach the moving host? How can on-
going connections to the moving host be not interrupted?
• Applications
– GPRS (2.5G), 3G cellular networks
– Mission-critical applications
• IP devices held by police, ambulance, coast guards are always
connected when moving
– Moving offices, …
Problems

CH
MH
Home network
MH
CHMH = mobile host CH = correspondent host
Home network Foreign network
Foreign network
How to direct packets to moving hosts transparently?
Routing for Mobile Host

• An analogy: what do you do when moving from one
apartment to another?
– Leave a forwarding address with your old post-office!
– The old post-office forwards mails to your new post-
office, which then forwards them to you
• Mobile IP:
– Two other entities – home agent (old post-office), foreign
agent (new post-office)
– Mobile host registers with home agent the new location
– Home agent captures packets meant for mobile host, and
forwards it to the foreign agent, which then delivers it to
the mobile host
Mobile IP: Basic Idea

MH = mobile host CH = correspondent host
HA = home agent FA = foreign agent
•MH discovers a FA in the foreign network.
•MH seeks a care-off address from the FA
•MH registers/authenticates its care-off address to the HA in its home
network.
HA
CH
FAMH
A MH Moves to a Foreign Network
129.186.*.* 130.203.*.*
129.186.105.216
130.203.4.112

•HA receives packets for the MH.
•HA tunnels packets to FA
•FA decapsulates packets and delivers them to MH
HA
CH
FA MH
Packets towards MH
MH = mobile host CH = correspondent host
HA = home agent FA = foreign agent

Source address = address of CH
Destination address = home IP address of MH
Payload
Source address = address of HA
Destination address = care-of address of MH
Source address = address of CH
Destination address = home IP address of MH
Original payload
Packet from CH to MH
Home agent intercepts above packet and tunnels it
Packet Addressing

HA
CH
Home network Foreign network #1
FA #1 MH
Foreign network #2
FA #2 MH
•MH registers new address (FA #2) with HA & FA #1
•HA tunnels packets to FA #2, which delivers them to MH
•Packets in flight can be forwarded from FA #1 to FA #2
If MH Moves Again

HA
CH
FA MH
Mobile hosts also send packets
•Mobile host uses its home IP address as source address
-Lower latency
-Still transparent to correspondent host
-No obvious need to encapsulate packet to CH
-Triangle Routing
Packets from MH

HA
CH
FA MH
•When HA receives a packet (from CH) to tunnel to FA:
•It sends a binding message to CH with the care-of address
of the MH.
•CH caches the address, and forward later packets directly
to the care-of address.
Route Optimization

• When a FA receives a tunneled message,
but sees no visitor entry for the mobile
host, it generates a binding warning
message to the appropriate HA
• When a HA receives a warning, it issues
an update message to the CH, which
removes the care-of address from its
cache.
Route Optimization

• Topic of next class: Wireless LAN and
Mobile Ad Hoc Network
• Reminder: pick the papers you want to
present (with preferred dates if you want)
ASAP.
Notice

MK by Mobile Communication

More Related Content

What's hot

Viewers also liked

Similar to MK by Mobile Communication

Recently uploaded

MK by Mobile Communication