Upload File

11_extension of gsm overview

prev
next
out of 49
Download 11_Extension of GSM Overview

Upload: saif-ullah

Post on 14-Jan-2016

21 views

Category:

Documents


0 download

Report

DESCRIPTION

AA

TRANSCRIPT

  • Communication Systems11th lectureChair of Communication SystemsDepartment of Applied SciencesUniversity of Freiburg2008* | 49

  • Communication SystemsLast lecture digital telephony networksPlease be reminded: End of registration period for the exam in Communication Systems is the 27th June both for Master and Bachelor studentsWe will decide from the number of registrants on oral/written for Master studentsSignaling in large scale digital networksPrimary Rate Interface (PRI) to connect large organizations PBXGlobal call setup and routing with signaling system #7 (which is loosely modeled after OSI stack)Several protocols to handle different servicesSpecial protocol QSIG for inter-connecting PBX (in private, corporate telephony networks)* | 49

  • Communication SystemsLast lecture introduction to mobile telephony networksInterfaces in the telephony world are the standards equivalent to protocols in the TCP/IP worldMajor difference: TCP/IP is rather open to everyone and not restricted to an exclusive club of telephony equipment manufacturers and telcos (which has major implications for security issues)Introduction to mobile telephony networks from the analogous world to cell based infrastructure to second generation interoperable digital mobile phone networksStandardization process started middle of 80sFirst deployment in 1991, 92Fast growth till then more then 500 million subscribers by 2005GSM Global System for Mobile communication is a worldwide standard by now, available everywhere with few exceptions* | 49

  • Communication SystemsLast lecture first introduction to GSM structureGSM consists of radio, network and operation and maintenance subsystemsRadio subsystem is comprised of Mobile Stations (MS, end user equipment), Base Transceiver Stations (BTS, covering a certain Location Area)BTS are handled by Base Station controllers (BSC), which are controlled by MSC:* | 49

  • Communication SystemsPlan for this lectureExtension of GSM overviewGSM interfacesGSM network componentsMobile switching center,visitor location register, home location register, authentication center, mobile stations, SIM, radio subsystem...Radio interface UmControl channelsNetwork control, SS7Call setupAuthentication, Authorization, AccessSecurity issues* | 49

  • Communication SystemsGSM interfaces and components* | 49

  • Communication SystemsGSM interfaces and componentsLike in the digital telephony network interfaces between the different components are definedUm is the radio interface (m for mobile) between the mobile stations and the base station transceiver, modeled after the user interface in the ISDN world (Uk0 , UG2)Abis is the interface between BTS and BSCA the interface of the BSC to the MSCThe network subsystem defines the following interfacesB between MSC and visitor location register (VLR)C between MSC and home location register (HLR)* | 49

  • Communication SystemsGSM interfaces and componentsThe several MSC are interconnected viaE interfaces, this is the interface to Gateway MSC tooF defines the interface to the equipment identifier register (EIR)The different VLR talk to each other (needed when hand-overs between different MSC occur) via G interfaceOperation & Maintenance Subsystem (OSS) is the whole systems management layerNetwork measurement and control functionsMonitored and initiated from the OMC (Operation and Maintenance Center)Network Administration* | 49

  • Communication SystemsGSM interfaces and componentsOMC keeps track of configuration, operation, performance management, statisticsCollection and analysis, network maintenanceCommercial operation & chargingAccounting & billingSecurity Management, e.g. Equipment Identity Register (EIR) management* | 49

  • Communication SystemsGSM network componentsNetwork and radio subsystem are supervised by OMCMany BSCs are controlled by Mobile Switching Center (MSC), which is part of Network subsystemSomewhere in between is the TRAU (Transcoding and Rate adaption Unit)* | 49

  • Communication SystemsGSM components network operation, MSCA provider network has in general many distributed MSCsThus the MSC is a typical ISDN switching center with additional components for mobility managementMany standards and interfaces discussed in last lecture apply here tooControls the access and authorization of mobile subscribersGets the user data from HLR and copies it to the VLR of all MS in range* | 49

  • Communication SystemsGSM components - MSCTo convert 13kbit/s (from MS), 16kbit/s (from BSC because of some added in-band information) to 64kbit/s ISDN data rate a TRAU is typically included in between MSC and BSCPerforms all the switching and routing functions of a fixed network switching node and adds specific mobility-related functions, likeAllocation and administration of radio resourcesManagement of mobile usersRegistration, authenticationManages handover execution and controlDoes paging (search for MS within the BSCs)* | 49

  • Communication SystemsGSM components visitor location register (VLR)MSC looks up users and communication information in VLRVLR is a temporary database dynamically updated when subscribers enter or leave vicinity of the serving MSCone database per MSC (or per group of MSCs), typically joint MSC-VLR implementationIdea: Avoid heavy MSC-VRL signaling load on network linksVLR entries contain the following information:Every user / MSISDN actually staying in the administrative area of the associated MSCEntry created when an MS enters the MSC area (registration)May store data for roaming users (subscribed to different operators)* | 49

  • Communication SystemsGSM components visitor location register (VLR)VLR entries contain the following information:Tracking and routing informationMobile Station Roaming Number (MSRN)Temporary Mobile Station Identity (TMSI) assigned by MSCLocation Area Identity (LAI) where MS has registered needed for paging and call setup* | 49

  • Communication SystemsGSM components home location register (HLR)While VLR keeps user data only temporarily, the permanent storage of data takes place in HLREach mobile provider keeps such a database to store its subscribers informationSubscriber and subscription dataIMSI, MSISDNParameters (authorization) for additional servicesinfo about user equipment (IMEI)Authentication dataService setup for call deflection, mobile phone box, ...* | 49

  • Communication SystemsGSM components authentication center (AUC)Typically seen as part of OMCAssociated to HLR (home location register)Might be integrated with HLRSearch key: IMSIResponsible of storing security-relevant subscriber dataSubscribers secret key Ki (for authentication)Shared encryption key on the radio channel (Kc)Algorithms to compute temporary keys used during authentication process* | 49

  • Communication SystemsGSM components mobile stations (MS)GSM separates user mobility from equipment mobility by defining two distinct componentsMobile Equipment (ME) Or Mobile Terminal (MT) it is the cellular telephone itself (mobile phone hardware)It has its own address / identifier: IMEI (International Mobile Equipment Identity)Composed of the technical components for user interaction: keypad, display, speaker and microphone, may containInterfaces for additional services like fax or data (peripheral connections as Bluetooth, IrDA or serial connections might be available too)* | 49

  • Communication SystemsGSM components mobile stations (MS)Five transmit power classes defined for MS in 900MHz band20, 8, 5, 2, 0.8 Watt normally used are 8W for vehicular and 0.8W for portable devicesOnly two classes for 1800MHz band: 1 and 0.25WImplementationsEarly devices were single band for GSM900 or DCS1800 or PCS1900Today mostly so called multi-band phones are sold (allow communication in two or all three GSM bands)Newest devices are multi-mode which could handle both GSM and UMTS (and several data standards like GPRS)* | 49

  • Communication SystemsGSM components mobile stations (SIM)Second component is the Subscriber Identity Module (SIM)SIM keeps the following addresses / identifiers:IMSI (International Mobile Subscriber Identity) 15-digit composed of Mobile Country Code, Mobile Network Code, Mobile Subscriber Identification NumberIs sent (for security reasons only) when entering network or doing location updateMSISDN (Mobile Subscriber ISDN number) of 15 digits is the telephone number users call, composed of Country Code (Germany 49, US 1), National Destination Code (Provider prefix without the 0), Subscriber Number* | 49

  • Communication SystemsGSM components mobile stations (SIM)The MSISDN is used for routing in traditional telephony networks (but not for routing in mobile)Translated in MSC to TMSI, unique within a certain Location Area (LA), kept in the VLRTMSI is temporarily stored on SIMNot fixed, regularily changed to avoid outside user trackingSame applies for MSRN (Mobile Station Roaming Number, GSM internally):VCC = contry code of visited mobile networkVNDC = location code (place where the user actually is)VMSN = ID of the visited MSCVSN = subscriber ID, assigned by VLR* | 49

  • Communication SystemsGSM components mobile stations (SIM)MSRN is similarily composed to MSISDN, but location dependentSIM itself is piece of hardware, a plug-in-module, a so-called smartcard (or fixed chip within the phone only on special devices)Usually provided in the ID-000 format, which is about 0,76mm thick plastic with cast-in chipIt contains: a CPU, internal bus system connecting RAM and EEPROM and an electrical interface (contact pads on the upper side)* | 49

  • Communication SystemsGSM components - radio subsystem (BTS)Radio interface functions (MS BTS)GMSK modulation-demodulationchannel coding, encryption/decryptionburst formatting, interleavingsignal strength measurementsinterference measurements* | 49

  • Communication SystemsGSM components - radio subsystem (BSC)Functions of a BSCOne BSC may control up to 40 BTS (kept in database)switch calls from MSC to correct BTS and converselyProtocol and coding conversion for traffic (voice) & signaling (GSM-specific to ISDN-specific)Manage mobility of MS (handover between different BTS)Enforce power control* | 49

  • Communication SystemsGSM the radio interface UmLets start with the physical layer of the beloved OSI modelUm defines the communication of MS with the GSM infrastructureThe bandwidth is 270,833kbit/s (bit rate not integer because derived from time slots as explained later)Because of the limited frequency band multiplex access is used* | 49

  • Communication SystemsGSM Um: FDM & TDMFrequency Division Multiplexing two 25MHz bandsUplink (MS to BTS) = 890 915MHz.Downlink (BTS to MS) = 935 960MHzEach defined channel has a 200kHz bandwidthDuplex spacing: 45MHzThus 124 bearer frequency pairs possible, suggested to use only 122 to keep additional guard top and bottomIn practice, due to power control and shadowing, adjacent channels cannot be used within the same cellAdditionally in each frequency channel Time Division Multiplexing (TDM) is applied* | 49

  • Communication SystemsGSM Um: FDM & TDM8 periodic time slots - 0,577ms eachTDM frame composed of 8 time slots equals to 4,615msEvery time slot a so called burst - succession of 148bit is transmittedBetween the bursts a security buffer of 8,25bit/burst is put in between* | 49

  • Communication SystemsGSM Um: FDM & TDMThrough FDM/TDM hybrid in GSM 992 channels availableIn DCS1800 more channels: 75MHz band split into 200kHz channels allows a total of 374 carriersThus 2992 physical channels available in E-GSM* | 49

  • Communication SystemsGSM Um: burst types / dummy burstFive different burst types definedNormal BurstAccess BurstFrequency Correction BurstSynchronization BurstDummy Burst to fill in inactive bursts in Broadcast Control Channel (BCCH, direction from BTS to MS) to have most power on this channel (helpful, when MS needs to find BCCH)* | 49

  • Communication SystemsGSM Um: fequency hoppingNot all channels in a given cell are of equal quality and multi path reception / adjacent channels may disrupt communicationThus frequency hopping is introducedavoid frequency-selective fading, co-channel interference* | 49

  • Communication SystemsGSM Um: GMSK modulationSplit single bits into odd and evenDouble the time period of each bitFour casesBg=Bu=0 use f2 invertedBg=1,Bu=0 use f1 inv.Bg=0,Bu=1 use f1Bg=1, Bu=1 use f2* | 49

  • Communication SystemsGSM the Um logical layerThe logical layer could be seen as the equivalent of OSI data link layerHere are the logical channels mapped into the physical onesTwo distinctions: traffic channels and control channelsThe traffic channels carry the user data (voice, SMS, fax, ...)Full rate channel: Bm 22,8kbit/s (TCH/F)Half rate channel: Lm 13,4kbit/s (TCH/H)* | 49

  • Communication SystemsGSM control channelsBeside the traffic channels are a group of control channels definedThey handle system information, connection setup and connection controlBroadcast Control Channel (BCCH) group handles beacon signaling, synchronization of MS with the serving BTS, timing advance adjustment, it comprises ofBCCH Broadcast Control ChannelFCCH Frequency Control ChannelSCH Synchronization Channel* | 49

  • Communication SystemsGSM control channels: FCCH, SCHFCCH is responsible for first part of MS tuning (synchronisation of mobile device to BTS signal)MS listens on strongest beacon for a pure sine wave (FCCH), first coarse bit synchronization used for fine tuning of oscillatorImmediately after follows a SCH burstSCH: Fine tuning of synchronization (64 bits training sequence)Read burst content for synchronization data25 bits (+ 10 parity + 4 tail + convolutional coding = 78bits)6 bits: BSIC, 19 bits: Frame Number (reduced)Finally MS is able to read BCCH information* | 49

  • Communication SystemsGSM control channels: BCCHBCCH is responsible forSending out of beacon on one frequency per cell (by BTS)Contains 16bit Location Area (LA) codeMUST BE on Time Slot #0, following time slots might used by TCHBCCH provides:Details of the control channel configurationParameters to be used in the cellRandom access backoff valuesMaximum power an MS may access (MS_TXPWR_MAX_CCCH)* | 49

  • Communication SystemsGSM control channels: BCCHBCCH provides:Minimum received power at MS (RXLEV_ACCESS_MIN)Is cell allowed? (CELL_BAR_ACCESS)List of carriers used in the cellNeeded if frequency hopping is appliedList of BCCH carriers and BSIC of neighboring cells* | 49

  • Communication SystemsGSM control channelsNext group Common Control Channel (CCCH) it consists ofRandom Acces Channel (RACH)Access Grant Channel (AGCH)Paging Channel (PCH)Third group is the Dedicated/Associated Control Channel (DCCH)/ (ACCH)Stand-alone Dedicated Control Channel SDCCHFast/Slow Associated Control Channel SACCH/FACCHFACCH used when several signalling information needs to be transmittedCall setup, Handover* | 49

  • Communication SystemsGSM the Um logical layerChannels are grouped into26-multiframe - payload / voice summarizes the bursts of TCHs and associated SACCHs and FACCHs 51-multiframe signaling data puts together all bursts of traffic channels without SACCHs and FACCHsGSM uses certain predefined pattern of channel combinations:CC1: TCH/F + FACCH/F + SACCH/TFCC2: TCH/H (0,1) + FACCH/H(0,1) + SACCH/TH(0,1)CC3: TCH/H(0) + FACCH/H(0) + SACCH/TH(0)+TCH/H(1)CC4: FCCH + SCH + BCCH + CCCHCC5: FCCH + SCH + BCCH + CCCH + SDCCH/4(0,1,2,3) + SACCH/C4 (0,1,2,3)CC6: BCCH + CCCH CC7: SDCCH/8 + SA* | 49

  • Communication SystemsGSM frames, multiframes, superframesWhy 26, 51:An active call transmits/receive in 25 frames, except the last oneIn this last frame, it can monitor the BCCH of this (and neighbor) cellThis particular numbering allows to scan all BCCH slots during a superframeImportant slots while call is active: frequency correction FCCH and sync SCH - needed for handoverWhy multiframes - determine how BCCH is constructed, e.g. which specific information transmitted on BCCH during a given multiframeSuperframes are composed of multiframesUsed as input parameter by encryption algorithm* | 49

  • Communication SystemsGSM network control, SS7Backend of mobile networks is the same digital telephony network as for ISDN (Intelligent Network IN)Thus Signaling System 7 is used for the network generic and GSM specific tasksMAP (Mobile Application Part) Located in presentation layer (OSI layer 6)communication between different MSCs or MSC and HLR* | 49

  • Communication SystemsGSM network control, SS7DTAP the Direct Transfer Application Part is located on the presentation layer tooUsed to send messages from the MS to MSC directlyBSSMAP (Base Station Subsystem MAPFound on session layer (OSI layer 5)Handles communication between MSC and radio subsystemAdditionally SCCP (Signaling Connection and Control Part) on transport layer similar to TCP or UDP, instead of port numbers SubSystemNumbers (SSN) are usedTCAP (Transaction Capability Application Part) - session layer known from last lecture* | 49

  • Communication SystemsGSM call setupAfter defining the lower layers we could deal with the important part for the subscribers receive a call in a mobile phone networkThe called device/user has to be looked up in a given location area (paging)To be able to answer the MS has to request a channelIt gets assigned a control channel by the BSC immediately if cell is not congested* | 49

  • Communication SystemsGSM call setup network originated callThe MS sends out an acknowledgement (subscriber is present)Next steps check the authorization of the subscriberIf check was passed the system changes into encryption modeThe MS signals which kind of service it wishes to use (voice, data, ...)Depending on the preferred service a traffic channel is assignedA call signal is produced for the calling party and a ring is generated on the MS* | 49

  • Communication SystemsGSM call setup network originated callThe subscriber accepts the call, ack is sent and connection is establishedA full rate traffic channel (for voice) is usedDuring call setup and operation several control channels are used: PCH, RACH, AGCH, SDCCH, ...Mobile originated calls are mostly similarNo paging is needed because the MS activily requests a channelA signaling channel is assigned by BSC* | 49

  • Communication SystemsGSM call setup mobile originated callService request a SDCCH is requiredSame authorization and encryption procedure has to be doneSignaling of desired service and assignment of proper payload channelSignaling of call signal to the subscriber at the MSCall setup if called party answers* | 49

  • Communication SystemsGSM Authentication, Authorization, AccessIn a public network like GSM the triple-A of authentication, authorisation, access plays a major roleThe subscribers ID has to be kept confidentialThe network access has to be granted or denied to the subscriberThe integrity and confidentiality of data has to be ensured by the networkThis is achieved by a more or less sophisticated asymmetric and symmetric encryption and authentication processTemporary and confidential identities and keys are used* | 49

  • Communication SystemsGSM Authentication, Authorization, Access* | 49

  • Communication SystemsGSM Authentication, Authorization, AccessSequence of authorization and generation of shared keys for encryption1. The network sends an authentication request message to MS, conveying a 128-bit random number (RAND).2. MS uses the RAND, the secret key Ki (stored at SIM), and the encryption algorithm A3, to compute a 32-bit number as a signed response (SRES).3. MS computes the 64-bit ciphering key Kc using encryption algorithm A8, which will be later used in the ciphering procedure. 4. MS responses with an authentication response message containing SRES.5. The netwotk uses same parameters and algorithm to computer another SRES.6. MS SRES and the network SRES are compared with each other. If mactch, the network accepts the user as an authorized subscriber. Otherwise, authentication is rejected.7. After authentication has been successful, the network transmits a ciphering mode message to MS indicating whether encryption is to be applied.8. In case ciphering is to be performed, the secret key Kc and encryption algorithm A5 are used for ciphering.* | 49

  • Communication SystemsGSM stream encryption* | 49

  • Communication SystemsGSM literature, next exercise, lecturesSome of the pictures are taken from text books or online sources

    German text books:Jochen Schiller, MobilkommunikationBernhard Walke, Mobilfunknetze und ihre Protokolle, Grundlagen GSM, UMTS, ...Generally you might want to check the seminar papers of the telephony seminar held in the beginning of 2006:http://www.ks.uni-freiburg.de/php_veranstaltungsdetail.php?id=9summary of GSM and UMTS telephony networks and other topics dealt with in this lectureNext lecture: Friday, 27th July (next practical course on Tuesday, 24th)

    * | 49


Overview of Gsm

Gsm+Overview 1

GSM Overview Study

Gsm Overview March00

Overview of GSM, GPRS, and UMTS - Binyahya Librarybinyahya.com/books/Overview of GSM, GPRS, and UMTS.pdf · Overview of GSM, GPRS, and UMTS ... is the controlling component of the

GSM SS7 Overview

An Overview Of The Gsm System

1.GSM Overview

[Vodafone] GSM Overview

Overview of GSM, GPRS, And UMTS_15784

Finalised GSM Overview

GSM Overview Spanish

GSM BSS Overview

Gsm overview

GSM Architecture Overview

37852532 GSM Overview

2 GSM Overview

Gsm (an overview)

GSM Overview Updated

An overview of the GSM system.docx

TC GSM Overview

Chapter 01.Overview of Gsm

1 GSM Overview

GSM Overview Presentation

GSM R Overview

Overview of GSM and CDMA

Overview Of Gsm Cellular Network & Operations

Overview of GSM, GPRS, and UMTS - Binyahyabinyahya.com/books/Overview of GSM, GPRS, and UMTS - CISCO.pdf · Overview of GSM, GPRS, and UMTS ... BTS communicates to the BSC over the

3928235 GSM Overview