gsm operation

272 views

Published on

gsm operation

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
272
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

gsm operation

  1. 1. i i d ad H GSM Network Areas... Public Land Mobile Network (PLMN) MSC / VLR Area Location Area Cell
  2. 2. i i d ad H GSM Network Areas... Public Land Mobile Network (PLMN)
  3. 3. i i d ad H GSM Network Areas... MSC/VLR Service Area MSC
  4. 4. i i d ad H GSM Network Areas... Location Area MSC/VLR Service Area LUP .1 Paging .2
  5. 5. i i d ad H GSM Network Areas... Cell LA CGI) (BSIC) CGI : Cell Global ID BSIC : Basic Station Identity Code
  6. 6. i i d ad H  MSISDN - Mobile subscriber International ISDN Number • • International number for mobile subscriber that includes at most 15 digits Mapping to Mobile Station Roaming Number (MSRN) by HLR Country Code (CC + National Destination Code (NDC + Subscriber Number (SN Example: 98912347658  IMSI - International Mobile Subscriber Identity   International number that Uniquely Identifies the User (SIM Card) and is stored in SIM Card, HLR and VLR unique 15 digits assigned Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile Subscriber Identification Number (MSIN) Example : 432111234567890 432(MCC)----11(MNC)----1234567890(MSIN)
  7. 7. i i d ad H  TMSI - Temporary Mobile Subscriber Identity 32-bit number assigned by VLR to uniquely identify a mobile station within a VLR’s area  32 Bits  Local Number Allocated By VLR  May Be Changed Periodically  Hides The IMSI Over The Air Interface (Transmitted Instead Of IMSI)  MSRN - Mobile Station Roaming Number Is used for routing  Generated By VLR For All Visiting Users (HLR asks VLR to assign this number for called party)  Helps HLR To Determine Current Location Area  Hides The IMSI Inside The Network Visitor Country Code (VCC) + Visitor National Destination Code (VNDC) + Current MSC Code + Temporary Subscriber Number Example : 989110100 to 989110107 for one MSC 
  8. 8. i i d ad H IMSI MSISDN MSC Address 2- MSISDN 1- MSISDN PSTN GMSC HLR 5- MSRN 3- IMSI 4-MSRN MSC/VLR
  9. 9. i i d ad H International Mobile Station Equipment Identity (IMEI) Unique 15 digits assigned by equipment manufacturer (TYPE APPROVAL CODE) TAC (FINAL ASSEMBLY CODE) FAC (SERIAL NUNBER) SNR SP  .1 .2 .3 .4 IMEI=TAC+FAC+SNR+SP LAI CI 357,087,008,609,717 (USSD= *#06#) Cell Global Identity (CGI) LA (LOCATION AREA IDENTITY) LAI (CELL IDENTITY) CI  .1 .2 CGI=MCC+MNC+LAC+CI Base Station Identity Code (BSIC) (NATIONAL COUNTRY CODE) NCC (BASE STATION COUNTRY CODE) BCC BSIC=NCC+BCC  .1 .2
  10. 10. i i d ad H Personal Identity Number ( PIN)  PIN , IMSI SIM , Location Area Identity( LAI)  Based on international ISDN numbering plan that is broadcast regularly by the BTS on broadcast channel (MOBILE COUNTRY CODE) MCC (MOBILE NETWORK CODE) MNC (LOCATION AREA CODE) LAC LAI=MCC+MNC+LAC .1 .2 .3
  11. 11. i i d ad H Location Updating…      Location updating is used to reduce the area over which paging must be undertaken in a cellular system. The cellular coverage area is divided up into a number of location areas. All cells broadcast the identity of their Location Area (LAI). Each time a mobile station observes that it has moved into a new location area it informs the network by performing a location update; this enables the network to perform paging over a smaller area than would otherwise be necessary. In the extreme case each cell could be a location area, the system would know very precisely where a mobile was but at the expense of a very high level of location update signalling. As a compromise location areas are generally defined as a group of cells.
  12. 12. i i d ad H Location Update (LU)  MS is aware of location • •  Events which determine a current location update • •  BTS broadcasts Location Area Identification (LAI) on BCCH SIM stores current LAI and TMSI MS is switched on and current LAI equals stored LAI a timer set by the network expires and MS reports position (TMSI may be updated and stored in SIM) Events which determine a new location update • • MS is switched on and current LAI differs from stored LAI MS enters a new location area (TMSI and LAI are updated and stored in SIM)
  13. 13. i i d ad H Location Update (LU) In practice, there are three types of location updates: Location Registration (Power On) Generic 3. Periodic 1. 2.  Location registration: •  Generic: •  takes place when a mobile station is turned on.This is also known as IMSI Attach because as soon as the mobile station is switched on, it informs the Visitor Location Register(VLR)that it is now back in service and is able to receive calls.As a result of a successful registration,the network sends the mobile station two numbers that are stored in the SIM(Subscriber Identity Module)card of the mobile station. Every time the mobile receives data through the control channels,it reads the LAI and compares it with the LAI stored in its SIM card. A Generic location update is performed if they are different.The mobile starts a location Update process by accessing the MSC/VLR that sent the location data. Periodic: • Periodic Location Update is carried out when the network does not receive any location update request from the mobile in a specified time.
  14. 14. i i d ad H Location Updating… Location never update (no cost). Location updates for every cell crossing (high cost). Need to page every cells (high cost). Need to page only one cell (low cost). Location update Partition the region into different location areas.
  15. 15. i i d ad H Location Updating… Location update is performed when there is a boundary crossing. LA-1 LA-2 No location update Location update How to determine the size of a LA?
  16. 16. i i d ad H Location Update (LUP)
  17. 17. i i d ad H  Paging Paging is a process of broadcasting a message which alerts a specific mobile to take some action, for example if there is an incoming call to be received.  If the system does not know the precise cell in which a mobile is located it must perform paging in a number of cells.  An extreme approach would be to undertake paging throughout the entire coverage area of a cellular system whenever a mobile is to be alerted; however, in anything but the smallest system this would be wasteful of valuable signalling capacity, particularly over the air interface.  The problem is addressed by the use of location areas and location updating.
  18. 18. i i d ad H Paging
  19. 19. i i d ad H GSM Call Delivery Procedure… HLR (5) VLR MSC (3) (2) (6) (4) MSC VLR (7) Mobile Switching Center (1) Calling MS Called MS
  20. 20. i i d ad H GSM Call Delivery Procedure… 1. 2. 3. 4. 5. 6. 7. Calling MS sends a call initiation signal to MSC through BS. MSC sends a location request to HLR of the called MS HLR determines serving VLR of called MS and sends a route request message to it. MSC allocates a temporary ID to MS and sends this ID to HLR HLR forwards the ID to MSC of the calling MS Calling MSC requests a call set up to the called MSC Paging messages are sent to cells within the LA.
  21. 21. i i d ad H GSM Mobile Terminated Call              1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN from VLR 6: forward responsible MSC to GMSC 7: forward call to current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection
  22. 22. i i d ad H      Handover… Handover is the means of maintaining a call when a user moves outside the coverage area of the serving cell. The call must be switched to an alternative cell to provide service, automatically and without loss of service. Handover is a complex process requiring synchronisation of events between the mobile station and the network. In particular, there is the need to route the call to the new cell before handover can be effected whilst maintaining the old connection until the new connection is known to have succeeded. Handover is a time critical process requiring action to be taken before the existing radio link degrades to such an extent that the call is lost.
  23. 23. i i d ad H Handover…
  24. 24. i i d ad H Intra-cell Handover BTS BTS
  25. 25. i i d ad H Inter-cell Intra-BSC Handover   BSC   BSC BTS BTS
  26. 26. i i d ad H Inter-BSC Intra-MSC Handover BSC MSC VLR B T S B T S BSC B T S B T S B T S B T S B T S B T S B T S
  27. 27. i i d ad H Inter-BSC Inter-MSC Handover BSC MSC1 VLR B T S B T S B T S B T S MSC2 B T S BSC B T S B T S B T S B T S VLR
  28. 28. i i d ad H Handover Downlink Uplink MS Handover Handover 1. HO because Interference (uplink or downlink) 2. HO because Uplink quality 3. HO because Downlink quality 4. HO because Uplink level 5. HO because Downlink level 6. HO because MS-BS distance 7. HO because Turn-around-corner MS 8. HO because Rapid field drop 9. HO because Fast/Slow-moving MS 10. HO because Better cell (PBGT or Umbrella) 11. HO because Good C/I ratio BTS  BSC Handover •
  29. 29. i i d ad H Handover Downlink Uplink Downlink • Uplink Intra-Cell -85dbm Inter-Cell Handover 
  30. 30. i i d ad H Downlink QDR QUR (Inter-cell Handover)    Uplink Downlink Handover QDR: Downlink Rx quality threshold QUR: Uplink Rx quality threshold QMRG: HO margin quality Handover • Uplink Handover QMRG 
  31. 31. i i d ad H Downlink Uplink LUR (Inter-cell Downlink Handover Handover • Uplink Handover LMRG LDR Handover)  LDR: Downlink Rx Level threshold  LUR: Uplink Rx Level threshold  LMRG: HO margin Level 
  32. 32. i i d ad H Power Budge Uplink Handover BSC PMRG SACCH Power budget Handover ) Power Budget PBGT Downlink BTS MS PMRG n PBGT Power Budget Handover BSC 6db PBGT 6*120mSec MS Handover MIH Handover PBGT Handover • • 
  33. 33. i i d ad H B S C PBGT(BTS1--BTS2)=7db Defined PMRG for BTS1 is 6db 7db>6db then Handover command To MS Because Power Budget Copyright © 1996 Northern Telecom MS BTS1 (900MHz) BTS2 (900MHz)
  34. 34. i i d ad H Umbrella Handover • Umbrella Handover Handover Upper layer Handover Lower layer Handover BSC Handover • AUCL MS Handover Dual Handover AUCL BTS Umbrella AUCL • Handover band • AUCL:HO level umbrella 
  35. 35. i i d ad H AUCL (900-> 1800) = -75db B S C AUCL (1800-> 900) = -68db Level of BTS2 =-70 -70dbm >-75dbm then Command for Handover from BTS1(900) to BTS2(1800) Copyright © 1996 Northern Telecom MS BTS1 (900MHz) BTS2 (1800MHz)
  36. 36. i i d ad H Handover • Handover Handover rapid field Downlink Uplink   Handover Turn-around-corner MS drop  
  37. 37. i i d ad H Mobile-Assisted Handover (MAHO)
  38. 38. i i d ad H 1. GSM Security (1) Ciphering is used across the air interface to provide speech and signaling encryption. When the authentication procedure has been completed successfully ,the BTS and the mobile station are ready to start the ciphering procedure for signaling and speech/data transmission 2. Authentication is a procedure used in checking the validity and integrity of subscriber data. With the help of authentication procedure the operator prevents the use of false SIM modules in the network. The authentication procedure is based on an identity key “Ki” ,that is issued to each subscriber when his data are established in the HLR. The authentication procedure verifies that the “Ki” is exactly the same on the subscriber side as on the network side. The Authentication Center generates information that can be used for all the security purpose during one transaction. This information is called an Authentication Triplet.
  39. 39. i i d ad H GSM Security (1) 3. access control/authentication • • user SIM (Subscriber Identity Module): secret PIN (Personal Identification Number) SIM network: challenge - response method confidentiality 4. • voice and signaling encrypted on the wireless link (after successful authentication) anonymity 5. • • • TMSI - Temporary Mobile Subscriber Identity newly assigned at each new location update encrypted transmission 3 algorithms specified in GSM 6. • • • A3 for authentication (“secret”, open interface) A5 for encryption (standardized) A8 for encryption key generation
  40. 40. i i d ad H Security in GSM…
  41. 41. i i d ad H  GSM Security The authentication triplet consists of three number: RAND 1. RAND is a Random number  SRES 2. SRES (Signed Response) is a result that the algorithm A3 produces on the basis of certain source information  Kc 3.  Kc is a ciphering key that A8 generates on the basis of certain source information.
  42. 42. i i d ad H GSM - authentication…
  43. 43. i i d ad H GSM – authentication…
  44. 44. i i d ad H Authentication HLR SRES VLR SRES Ki VLR VLR AUC A3 (Ki,SRES,RAND) MS RAND SIM Ki HLR MSC A3 MSC MS .1 HLR AUC .2 AUC VLR MS .4 SRES MSC .7 .3 .5 .6 .8
  45. 45. i i d ad H Authentication Algorithms       XOR COMP128-1 COMP128-2 COMP128-3 COMP128-4 OPERATORE’S SPECIAL ALGORITHM
  46. 46. i i d ad H GSM - key generation and encryption
  47. 47. i i d ad H .1 MSC Kc VLR BSS ---- MSC MS ---- BSS MS MSC BSS .2 .3 .4 .5 .6
  48. 48. i i d ad H Any Questions & Comments ?

×