gsm basics&call flow

7/31/2019 Gsm Basics&Call Flow

1/35

GB_BT01_E1_0 GSM Basics

Course Objectives:

Aware of the Development Background of GSM technology

Grasp GSM Network structure and Features

State GSM main interfaces

Aware GSM common Events

Describe basic calling process


2/35

Contents

1 GSM Basic ......................................................................................................................................................1

1.1 2G Mobile Communication Technology Evolution ......................................................................................1

1.2 Mobile Communication Technology Development Trend ...........................................................................5

1.3 GSM History ..................................................................................................................................................6

1.4 GSM Features .................................................................................................................................................7

1.5 GSM Specifications .......................................................................................................................................8

1.6 GSM Network Structure ................................................................................................................................9

1.7 GSM Protocol Platform ...............................................................................................................................12

1.8 Available GSM Services ..............................................................................................................................15

1.8.1 Telecommunications Services Provided by the GSM ................................................................15

1.8.2 Supplementary Services of the GSM System .............................................................................16

1.9 Operation Band ............................................................................................................................................17

2 GSM Events ..................................................................................................................................................20

2.1 Status of Mobile Subscriber .........................................................................................................................20

2.1.1 Attach Flag upon MS Power-on ..................................................................................................20

2.1.2 Detach upon MS Power-off .........................................................................................................21

2.1.3 MS Busy .......................................................................................................................................21

2.1.4 Periodical Registration .................................................................................................................21

2.2 Location Update ...........................................................................................................................................21

2.2.1 Normal Location Update ............................................................................................................22

2.2.2 Periodical Location Update .........................................................................................................22

2.2.3 IMSI Attach ..................................................................................................................................22

2.3 Handover ......................................................................................................................................................22

i


3/35


4/35

1 GSM Basic

1.1 2G Mobile Communication Technology Evolution

Brief History of Evolution

The outline of GSM history is shown below:

1979 - Europe wide frequency band reserved for cellular

1982 - Groupe Spcial Mobile (GSM) created within CEPT

1986 Eight proposals put forward by European countries after extensive

research and experiments accepted in Paris

1988 - ETSI took over GSM Committee

1990 - The phase 1 GSM recommendations frozen

1991 - GSM Committee renamed Special Mobile Group and GSM renamed as

Global System for Mobile Communication

1992 - GSM launched for commercial operations

1993 Major part of GSM phase 2 standard completed

1994 A new research phase (Phase 2+) added to improve GSM for mobile data

services

Mobile Communication during 1920 ~ 1940

In 1920, mobile communication system was first used by military while in1940s; it was

put in use for civil purpose.

Mobile communication started flourishing in recent decade. Its development phases are

as follows:

First generation (1G) mobile communication system

Second generation (2G) mobile communication system

Third generation (3G) mobile communication system

1


5/35


1G during 1980s

Since 1980's, 1G analog mobile communication system adopts cellular networkingtechnology. Till 1982 Cellular Systems were exclusively Analog Radio Technology.

At the end of 1980s Analog System was unable to meet continuing demands due to:

Severely confined spectrum allocations

Interference in multipath fading environment

Incompatibility among various analog systems

Inability to substantially reduce the cost of mobile terminals and infrastructure

required

Easy to eavesdrop and misuse the subscribers account

Standards of First Generation

Different standards of first generation are shown in Table 1.1-1.

Table 1.1-1 Different Standards of First Generation

Standard Origin Frequency Band

Advanced Mobile Phone System (AMPS) North America 800 MHz

Nordic Mobile Telephone System-

450/900 (NMT-450/900)

North Europe

(Scandinavian)450 & 900 MHz

Total Access Communication System

(TACS)U.K. 900 MHz

2G during 1990s

During 1990s, Digital mobile communication system characterized by digital

transmission, Time Division Multiple Access (TDMA), and narrowband Code Division

Multiple Access (CDMA) were developed.

Standards of Second Generation

Different standards of second generation are:

GSM

CDMAIS95

Personal Digital Cellular (PDC)

Advantages of 2G

2


6/35

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply

1 to the text that you want to appear here.

Compared with 1G mobile communication system, 2G mobile communication system

has the following advantages:

Provides high spectrum utilization and large system capacity.

Provides diversified services (voice services and low-rate circuit-switched data

services).

Enables automatic roaming.

Provides better voice quality.

Provides good security.

Can be interconnected with ISDN and PSTN.

Basic structure of GSM network is shown in Fig 1.1-1.

Fig 1.1-1 Basic Structure of GSM Network

Discrepancies of 2G

2G mobile communication system has the following discrepancies:

Provides low-rate data services only and cannot support multi-media service. For

example, Internet data access speed of GSM MS can reach 9.6 kbps theoretically.

Different 2G mobile communication systems in the world use different

3


7/35


8/35



1.2 Mobile Communication Technology Development Trend

3G Research during 1980s

3G research, development, and establishment started in mid 1980s.

IMT-2000

International Mobile Telecommunication 2000 (IMT-2000) established by International

Telecommunications Union (ITU) introduces 3G.

IMT-2000 introduces:

Mobile data service and some fixed high-speed data services through one or more

radio channels

Fixed network platform

A global standard

IMT-2000 services, which are compatible with other fixed network services

High quality

Use of common band in the world

Small terminals used in the world

Global roaming

Multi-media services and terminals

Higher frequency utilization

Flexibility for development to the next generation

High-speed hierarchical data rate

Rate up to 2 Mbps while stationary

Rate up to 384 kbps during walking speed

Rate up to 144 kbps while in vehicle

Instead of having pure technology, communication system is currently developing

into a mode featuring the combination of services and technology.

Communication technology is estimated to undergo the largest change in future. It

is strategic transition from voice services to data services from the aspect of

5


9/35


market application and service demand. This change has deeply influenced the

development trend of communication technology.

4G Services

Some researchers and telecom operators describe fourth-generation (4G) mobile

communication system as a new world better than 3G, which can provide:

Many unimaginable applications

Over 100 Mbps data transmission rate, which is 10,000 times of current MSs and

50 times of 3G MSs

High-performance multi-media contents

Service as a personal identification device through ID application

Service for high-resolution movies and TV programs, acting as bridge of

combined broadcast and new telecommunication infrastructure

Some services such as 4G wireless instant connections, are cheaper than 3G

services.

1.3 GSM HistoryBecause analog mobile communication system had limited expansion capability, Global

System for Mobile Communication (GSM) was developed on demand for capacity

expansion which achieved global success. It operates at 900 MHz band within European

countries.

GSM Development process is as follows:

1982: Conference of European Posts and Telegraphs (CEPT) formed a study

group called the Group Special Mobile (GSM) to study and develop 2G mobile

communication system.

1986: Eight proposals put forward by European countries after massive research

and experiments were accepted in Paris, and on-site experiments were performed.

1987: After on-site test, demonstration, and comparison, GSM member countries

have reached an agreement that digital system adopts narrowband Time Division

Multiple Access (TDMA), Regular Pulse Excitation-Long Term Prediction (RPE-

LTP), voice coding, and Gaussian Minimum Shift Keying (GMSK) modulation.

1998: Eighteen European countries reached GSM Memorandum of Understanding

6


10/35



(MOU).

1989: GSM took effect.

1991: First GSM network was deployed in Europe.

1992: GSM standard was frozen.

1993: Major part of GSM phase II standard was completed.

1994: A new research phase (Phase 2+) was added to further improvement of

GSM as a platform of mobile data services.

1.4 GSM Features

GSM system has the following features:

High Spectrum efficiency

GSM system features high spectrum efficiency due to the high-efficient modulator,

channel coding, interleaving, balancing, and voice coding technologies adopted.

Large capacity

Volumetric efficiency (number of channels/cell/MHz) of GSM system is three to five

times higher than that of Total Access Communication System (TACS).

High voice quality

Digital transmission technologies and GSM specifications, voice quality is irrelevant

with radio transmission quality.

Open interfaces epic

GSM standard provides open air interface, also open interfaces between networks and

those between network entities, such as A interface and Abis interface.

High security

MS identification code encryption makes eavesdropper unable to determine the MS

number, ensuring subscribers location security. Voice encryption, signaling data, and

identification codes make the eavesdropper unable to receive the communication

contents.

Interconnection with Integrated Services Digital Network (ISDN) and PSTN.

7


11/35


GSM can interconnect with other networks through current standard interfaces, such as

Integrated Service User Part (ISUP) or Telephone User Part (TUP).

Roaming function

GSM supports roaming by introducing Subscriber Identity Module (SIM) card that

separates subscriber from the terminal equipment.

Diversified services

GSM provides diversified services, tele-services, bearer services, and supplementary

services.

Inter-cell handover

During conversation, MS continues to report the detailed radio environment of local cell

and neighboring cells to serving base station. If inter-cell handover is required, MS sends

a handover request to serving base station.

1.5 GSM Specifications

European Telecommunications Standards Institute (ETSI) initiated and made GSM

standard.

ETSI developed GSM in several phases and set up more Special Mobile Groups (SMG)

to make the related GSM standard.

GSM detailed specifications conform on functions and interfaces only, not on hardware.

Purpose is to reduce the restriction on designers, enabling the operators to purchase

equipment from different manufacturers.

GSM technical specifications consist of 12 fields:

Field 1: General

Field 2: Services

Field 3: Network Functions

Field 4: MS-BS Interfaces and Protocols

Field 5: Physical Layer on Radio Path

Field 6: Speech Coding

Field 7: MS Terminal Adaptor

8


12/35


13/35


for voice and data.

NSS Main components are:

Mobile Switching Centre (MSC)

Home Location Register (HLR)

Visitor Location Register (VLR)

Equipment Identification Register (EIR)

Authentication Centre (AUC)

Short Message Centre (SMC)

Home Location Register - HLR is a central database of a system. HLR stores all the

information related to subscribers, including the roaming authority, basic services,

supplementary services, and current location information. It provides routing information

for MSC for call setup.HLR may cover several MSC service areas or even the whole

PLMN.

Visitor Location Register - VLR stores all subscriber information in its coverage area

and provides call setup conditions for the registered mobile subscribers.As a dynamic

database, VLR must exchange large volume of data with HLR to ensure data validity.

When an MS leaves the controlling area of a VLR, it registers in another VLR. The

original VLR deletes the temporary records of that subscriber.VLR integrated within

MSC.

Equipment Identification Register - EIR stores the parameters related to MS. It can

identify, monitor, and block the MS. ERI preventing unauthorized MS from accessing the

network.

Authentication Centre - AUC is a strictly protected database that stores subscriber

authentication information and encryption parameters. AUC integrated with HLR

physically.

Base Station Subsystem BSS serves as a bridge between NSS and MS. It performs

radio channel management and wireless reception and transmission. Base Station

Controller (BSC) and Base Transceiver Station (BTS) are main components of BSS.

Base Station Controller - Located between MSC and BTS, it controls and manages

more than one BTS. It performs radio channel assignments. BTS and MS transmit power

control, and inter-cell handover. BSC is also small a switch that converge and connects

10


14/35



local network with the MSC through A interface. Abis interface connects BTS to BSC.

Base Transceiver Station - BTS is wireless transceiving equipment controlled by theBSC in BSS. BTS carries radio transmission. It performs wired-related wireless

conversion, radio diversity, radio channel encryption, and hopping. Um interface

connects BTS to MS.

Transcoding and Rate Adaptation Unit - TRAU Located between BSC and MSC,

TRAU transcodes between 16 kbps RPE-LTP codes and 64 kbps A law PCM codes.

Operation and Maintenance Subsystem OMS is operation & maintenance part of

GSM. Functional units in GSM are connected to OMS internal networks. OMS monitors

various functional units in GSM network, submits status report, and performs fault

diagnosis.

OMS consists of two parts: OMC System (OMC-S) and OMC-Radio (OMC-R). The

OMC-S performs operation and NSS maintenance, while OMC-R performs operation

and BSS maintenance.

Mobile Station

MS is subscriber equipment in GSM, it can be vehicle installed or hand portable. MS

consists of mobile equipment and SIM.

Mobile equipment processes voice signals, receives and transmits radio signals.

SIM stores all information required for identifying a subscriber and security information,

preventing unauthorized subscribers. Mobile equipment cannot access GSM network

without a SIM card.

Network Service Area

GSM service area refers to the total area covered by networks of all GSM operators.

Network consists of several MSC service areas, each of which consists of several cells.

Logically, several cells form a location area (LA).

MSC Service Area - A Public Land Mobile Network (PLMN) includes multiple MSC

service areas. MSC service area refers to the MSC coverage area, that is, the total area

covered by BTS under control of BSC connected to MSC. All MSs in the service area

table register in local VLR. Therefore, in actual network, MSC is always integrated with

VLR as a node.

11


15/35


Location Area - Each MSC/VLR service area includes multiple of LAs. MS can move

freely without performing location update in LA. Hence, LA is the paging area of a

broadcast paging message.An LA belongs to one MSC/VLR only, that is, LA cannot

cross MSC/VLR.The system can identify different LA via LA Identity (LAI).

Cell - LA contains several cells. Each cell has a unique Cell Global Identification (CGI),

which indicates a basic radio coverage area in a network.

Fig 1.6-4shows the relationship among different coverage areas in a GSM network.

GSM service area

The total network coverage provided by all GSM operatorsPLMN service area

The network coverage provided by a GSM operator

MSC service areaThe area controlled by an MSC

Location areaAn area for location update and paging

CellA service area provided by a

specific BTS

Fig 1.6-4 Relationship among Coverage Areas in a GSM Network

1.7 GSM Protocol Platform

GSM technical specifications make clear and normative definition of interfaces and

protocols between subsystems and various functional entities. Interface refers to the

point where two adjacent entities are connected. Protocol defines the rules for

information exchange at the connection point.

GSM Interfaces

Fig 1.7-5 shows the GSM interfaces.

12


16/35



MS BTS BSC MSC

VLR VLR

HLR

MSC

EIR

Sm Um Abis A

B

D

C

E F

G

Fig 1.7-5 shows the GSM interfaces.

Sm Interface: Man-machine interface implemented in MS. It is an interface between

subscribers and PLMN. MS consists of keyboard, LCD, and SIM card.

Um Interface: Radio interface between MS and BTS. It is an important interface in

PLMN. Digital mobile communication network has different radio interface as compared

to analogue mobile communication network.

A Interface: It is an interface between BSC and MSC. Base station management

information, call processing interface, mobility management information, and specific

communication information are transferred through A interface.

Abis Interface: It is an interface between BSC and BTS. Supports all services provided

to subscribers. Also supports the control of BTS radio equipment and management of

radio resources assigned.

B Interface: It is an interface between MSC and VLR.VLR is a database locating and

managing MS when MS roams in the related MSC control area. MSC can query the

current location of MS from VLR and update MS location.When subscriber uses a

special supplementary service or changes a relevant service, MSC notifies the VLR.

Sometime VLR also updates information in HLR.

C Interface: It is an interface between MSC and HLR. C interfacetransfers management

and route selection information.When a call finishes, MSC sends the billing information

to HLR.When PSTN cannot get location information of a mobile subscriber, the related

GMSC queries HLR of the subscriber to obtain the roaming number of the called MS,

and then transfers it to the PSTN.

D Interface: It is an interface between HLR and VLR. Exchanges MS location

13


17/35


information and subscriber management information. To enable a mobile subscriber to

originate or receive calls in the whole service area, data must be exchanged between

HLR and VLR. VLR notifies HLR about the current location of MS belonging to HLR,

and then provides MS roaming number. HLR sends VLR all the data required to support

the services of the MS.When an MS roams to the service area of another VLR, HLR

notifies the previous VLR to delete the relevant MS information. When MS uses

supplementary services, or some parameters are changed, D interface is also used to

exchange the related information.

E Interface: It is an Interface between MSCs. It exchanges the handover information

between two MSCs.When MS in a conversation moves from one MSC service area to

another MSC service area, inter-cell handover occurs to maintain the conversation. At

that time, related MSCs exchange the handover information through E interface.

F Interface: It is an interface between MSC and EIR. It exchanges the MS management

information, such as IMEI, between MSC and EIR.

G Interface: It is an interface between VLRs. When MS uses a Temporary Mobile

Subscriber Identity (TMSI) to register with a new VLR, the relevant information is

exchanged between VLRs through G interface.This interface also searches IMSI of the

subscriber from VLR that registers TMSI.

GSM Protocol Structure and OSI

2G cellular mobile network GSM adopts Open System Interconnection (OSI) model to

define its protocol structure. Fig 1.7-6 shows GSM interface protocol model, which

defines the interfaces and protocols between MS and MSC.

Um interface Abis interface A interface

CM

MM

RRM

LAPDm

Radio

CM

MM

RRM

MTP

64

kbit/s

RRM

LAPDm

Radio

LAPD

64

kbit/s

RRM

LAPD

64

kbit/s

MTP

64

kbit/s

SCCP SCCP

MS BTS BSC MSC

Fig 1.7-6 GSM Interface Protocol Model

14


18/35



OSI reference model is a hierarchical structure. According to the hierarchy concept,

communication process can be divided into several logical layers from lowest to highest

layer. In different systems, the entities in the same layer that exchange information for

the same purpose are called peer entities. Entities in adjacent layers interact with each

other through the common layer. The lower layers provide services to higher layers. The

services provided by layer N is a combination of the services and functions provided by

the layers below it.

First layer of Um interface protocol is physical layer, which is marked as L1 and it

is a lowest layer. L1 provides basic radio channels for the information

transmission of higher layers.

Second layer L2 is data link layer, which is marked as LAPDm. It covers various data

transmission structures and controls data transmission.

Application layer is the third highest layer L3. It covers various messages and programs,

and controls services. L3 includes Radio Resource Management (RRM), Mobility

Management (MM) and Call connection Management (CM).

Abis interface protocol is slightly different from Um interface protocol. Its

physical layer is 64 kbps land line, and link layer is LAPD.

First layer of A interface protocol is 64 kbps land line, and second layer is the

Message Transfer Part (MTP), which is part of Common Channel Signalling7

(CCS7) network. MTP consists of many network protocols and centralizes all

link layer protocols. Signaling connection control part (SCCP) and MTP together

represent a network layer protocol on A interface.

In BSC both MM and CM are transparently transmitted

1.8 Available GSM Services

1.8.1 Telecommunications Services Provided by the GSM

1. Circuit Services

1) Voice Service

Full-rate voice service

Half-rate voice service

15


19/35


Enhanced full-rate voice service

2) Data service

14.4Kbit/s full-rate data service




2. SMS services(support Chinese short messages)

1) Point-to-point short message service

Point-to-point short message service with the mobile user serving as called

Point-to-point short message service with the mobile user serving as caller

2) Cell Broadcast Short Message

Cell broadcast service originated from the SMS center or the OMC-R.

3. Packet Services

1) GPRS service

2) EDGE service

At present, the point-to-point interactive telecom services are supported,

including:

Access to the database: Allocate service to users as needed, e.g. Internet, and

provide storing and forwarding, as well as information processing for user-to-user

communications.

Session service: Provide bi-directional user-to-user and port-to-port real time

information communication, e.g. Internet Telnet service.

Tele-action service: Applicable to small-volume data processing services, credit

card confirmations, lottery transactions, electronic monitoring, remote meter

reading (water, electricity and gas), monitoring systems, and so on.

1.8.2 Supplementary Services of the GSM System

GSM supplementary services are diversified, including:

Call Forwarding Unconditional: forward all incoming calls to the number specified by

16


20/35



the subscriber.

Barring: barring of outgoing/coming calls.

Call Waiting: When a call is connected for a subscriber, indication of a new coming call

is given to the subscriber. The subscriber can accept, reject or ignore the waiting call.

Call Hold: A subscriber can suspend the connected call to do other things.

Multiparty Service: A simultaneous communication with up to six parties is allowed.

Closed User Group: The subscribers of CUG are restricted from outgoing and incoming

calls, but they can normally communicate with each other.

Hot Billing: The network generates an instant call billing message from the billing

manager. It is applicable to leased phone service, including all kinds of call modes. Bills

are generated and presented to the subscriber immediately after the call is ended.

1.9 Operation Band

1. Working band

Currently, the GSM communication system works at 900 MHz, extended 900

MHz and 1800 MHz, or 1900 MHz band in some countries.

1) 900 MHz band

Uplink (MS transmitting and BS receiving) frequency range: 890 MHz ~ 915

MHz

Downlink (BS transmitting and MS receiving) frequency range: 935 MHz ~

960MHz

2) Extended 900 MHz band

Uplink (MS transmitting and BS receiving) frequency range: 880 MHz ~ 915

MHz

Downlink (BS transmitting and MS receiving) frequency range: 925 MHz ~ 960

MHz

3) 1,800 MHz band

Uplink (MS transmitting and BS receiving) frequency range: 1,710 MHz ~ 1,785

MHz

17


21/35


Downlink (BS transmitting and MS receiving) frequency range: 1,805 MHz ~

1,880 MHz

4) 1,900 MHz band

Uplink (MS transmitting and BS receiving) frequency range: 1,850 MHz ~ 1,910

MHz

Downlink (BS transmitting and MS receiving) frequency range: 1,930 MHz ~

1,990 MHz

2. Channel interval

The interval between two adjacent channels in any band is 200 kHz.

3. Channel configuration

All channels are configured with the same interval.

1) 900 MHz band

The channel numbers are in the range of 1 ~ 124. There are 124 frequency bands in

all.

The relationship between a channel number and nominal central frequency of a

frequency band is illustrated as follows:

Fu (n) = 890 + 0.2 n-512 (MHz), uplink

Fd (n) = Fu (n) + 45 (MHz), downlink

Where, 1 n 124, n is a channel number, or an Absolute Radio Frequency

Channel Number (ARFCN).

2) Extended 900MHz band

The channel numbers are in the range of 0 ~ 124 and 975 ~ 1023. There are 174

frequency bands in all.



Fu (n) = 890 + 0.2 n (MHz), 0 n 124

Fu (n) = 890 + 0.2 (n-1024) (MHz), 975 n 1023

Fd (n) = Fu (n) + 45 (MHz)

3) 1,800 MHz band

18


22/35



The channel numbers are in the range of 512 ~ 885. There are 374 frequency bands

in all.



Fu (n) = 1710.2 + 0.2 (n-512) (MHz)

Fd (n) = Fu (n) + 95 (MHz)

512 n 885

4) 1,900 MHz band

The channel numbers are in the range of 512 ~ 811. There are 300 frequency bands

in all.



Fu (n) = 1850.2 + 0.2 (n-512) (MHz)

Fd (n) = Fu (n) + 80 (MHz)

512 n 811

4. Duplex transceiving interval

1) 900 MHz band

The duplex transceiving interval is 45 MHz.

2) Extended 900 MHz band

The duplex transceiving interval is 45MHz.

3) 1,800 MHz band


4) 1,900 MHz band


19


23/35


24/35



original LAI stored in the SIM card. VLR only adds Attach flag to this subscriber.

2.1.2 Detach upon MS Power-off

After the MS is powered off, the MS sends a Detach Request to the MSC. After the MSC

receives the request, it informs VLR to add the Detach flag to IMSI of this MS. At this

time, HLR does not receive the notice indicating that this subscriber is detached from the

network. After this subscriber is paged, the HLR requests the MSRN from the

MSC/VLR. At this time, the VLR informs the HLR that this MS is powered off.

2.1.3 MS Busy

In this case, the MS is allocated with a traffic channel to transmit the voice or data and

the IMSI of the subscriber is marked as Busy.

2.1.4 Periodical Registration

When the MS sends the IMSI Detach message to the network, it is possible that the GSM

system cannot decode properly due to the poor radio quality or other reasons and still

believes that MS is in Attach status. Or when the MS is powered on but has roamed

beyond the service coverage, i.e., a blind area, the GSM system does not know it and still

believes that the MS is in Attach status. In both cases, if the subscriber is paged, the

system will keep sending paging messages, wasting radio resources.

To solve the above problems, the measure of forced registration is taken in the GSM

system: The MS must make registration at a regular interval. This is called periodical

location update. If the GSM system does not receive the periodical registration

information of the MS, the VLR where the MS resides records the Implicit Detach status

of the MS. When the correct periodical registration information is received again, the

status is changed into Attach status.

2.2 Location Update

When the MS changes the location area, it finds out that the LAI in its SIM card is

inconsistent with the LAI received. Thus, it registers the location information. This flow

is called location update. Location update is originated by the MS. There are three type

of location update:

Normal Location Update.

21


25/35


26/35



2.3.2 Classification of Handover

According to the scope of handover , it can be divided into the following types

1. Intra-cell hand-over

2. Inter-cell hand-over

3. Inter-BSC hand-over of same MSC

4. Inter-MSCs hand-over

According to the synchronous relationship between MS and BTS when handover

happens, there are three type of handover:

1. Synchronous: MS use the same TA both in destination and target cell. This usually

applies to hand-over of same cell or different sectors within the same cell. This is

the hand-over with highest speed.

2. Asynchronous: MS dont know the TA to be used in target cell. When either of

the two cells doesnt synchronize with BSC, this mode should be used. The hand-

over speed is low.

3. Pseudo-synchronous: MS is able to calculate out the TA it should use in the target

cell. When both cells have synchronized with BSC, this mode may be used. The

hand-over speed is fast.

2.4 Cell selection and Reselection

2.4.1 Cell selection

After a MS is turned on, it will attempt to contact a common GSM PLMN, so the MS

will select an appropriate cell, and extract from it the parameters of the control channel

and the prerequisite system information. Such a selection process is referred to as cellselection. The quality of a radio channel is an important factor of cell selection. The

GSM specification defines the path loss criterion C1, and such appropriate cell must

ensure that C1>0. The C1 is calculated according to the following formula:

C1=RXLEV-RXLEV_ACCESS_MIN-MAX((MS_TXPWR_MAX_CCH-P), 0)

Where:

The RXLEV is the average reception level.

23


27/35


The RXLEV_ACCESS_MIN is the minimum level at which the MS is allowed to

access.

The MS_TXPWR_MAX_CCH is the maximum power level of the CCH.

The P is the maximum transmitted power of the MS.

MAX (X, Y) = X; If X Y.

MAX (X, Y) = Y; If Y X.

After the MS selects a cell, it will stay in the selected cell if no major changes have

occurred to various conditions.

2.4.2 Cell reselection

After a MS selects a cell, the MS will stay in the selected cell as long as no major

changes occur to various conditions. At the same time, the MS starts to measure the

signal level of the BCCH carrier of the adjacent cells, records the six adjacent cells with

the highest signal levels, and extracts from them the various system messages and

control messages of each adjacent cell. When the appropriate conditions are met, the MS

will switch from the current cell to another cell, a process known as cell reselection.

Such appropriate conditions include multiple factors, including cell priority, and whether

the cell is prohibited from access. Among them, an important factor is the quality of the

radio channel. When the signal quality of the adjacent cell exceeds that of the current

cell, cell reselection is triggered. For cell reselection, the channel quality criterion is

determined by the C2 parameter, which is calculated according to the following formula:

2.5 Authentication

Fig. 2.5-1 shows the authentication process, where RAND is the question asked by the

network side and only the legal subscriber can give the correct answer SRES.

RAND is generated by the random number generator of the AUC on the network side. It

is 128 bits in length. The value of RAND is obtained in a random manner from the range

of 0~21281.

SRES is called a signed response. It is obtained through the calculation of subscribers

unique key parameter Ki. It is 32 bits in length.

Ki is stored in the SIM card and AUC in a very confidential way. Even the subscribers do

not know their own Ki. Ki can be of any format and any length.

24


28/35



A3 algorithm is the authentication algorithm determined by the carrier. It is also

confidential. The only restriction of the A3 algorithm is the length of the input parameter

(RAND is 128 bits in length) and the size of the output parameter (SRES must be 32

bits).

Mobile Terminal Network

A3 algorithm

Random number generatorKi RAND

SRES'

SRES

Ki

A3 algorithm

Fig. 2.5-1 Authentication Process

2.6 Encryption

In the GSM, the position of encryption and decryption over the transmission link allows

the transmitting data in all dedicated modes to use the same protection method. The

transmitting method can be the subscriber information (such as voice and data),

subscriber-specific signaling (such as message carrying the called number), or even the

system-specific signaling (such as the message carrying radio measurement result for the

handover).

Encryption and decryption are the exclusive or operation (this algorithm is called the A5

algorithm) of 114 radio burst pulse code bits and one 114-bit encryption sequence

generated by a special algorithm. To obtain each burst encryption sequence, A5

calculates on two inputs: One is the frame number and the other is the key (Kc) agreed

upon by the MS and network, as shown in Fig. 2.6-2. Two different sequences are used

over the uplink and downlink. For each burst, one sequence is used for the encryption

inside the MS and meanwhile used as the decryption sequence in BTS. The other

25


29/35


sequence is used for the encryption of BTS and meanwhile used as the decryption

sequence in MS.

A5

Frame No.

(22-bit)Kc (64-bit)

A5

S1

(114-bit)

S2 S1 S2

MS BTS

Frame No.

(22-bit)Kc (64-bit)

(114-bit) (114-bit) (114-bit)

Fig. 2.6-2 Encryption Algorithm

1. Frame number: Frame number is encoded into a serials of three values, which are

22 bits in total.

Frame number of each burst varies with the type of radio channel. Each burst

dedicated for communication on the same direction uses different encryption

sequence.

2. A5 algorithm

A5 algorithm must be defined in the global range. This algorithm can be describes

into the two 114-bit sequence black boxes generated by a 22-bit parameter (frame

number) and a 64-bit parameter (Kc).

3. Kc

Before the encryption, Kc must be agreed upon by both the MS and network. In

the GSM, the Kc is calculated during the authentication and then stored in the

SIM card permanently. On the network side, this potential key is also stored in the

visited MSC/VLR and ready for use in the encryption.

The algorithm that uses the RAND (same with the one used for authentication)

and Ki to calculate the Kc is called A8 algorithm. Like the A3 algorithm that

calculate the SRES using RAND and Ki, the A8 algorithm also needs to be

26


30/35



determined by the carrier.

Fig. 2.6-3 shows how the Kc is calculated.

Mobile Terminal Network

A8 algorithm

Random number

generatorKiRAND

Kc

Ki

Kc

A8 algorithm

Fig. 2.6-3 Kc Calculation Method

27


31/35

3 GSM basic calling process

Though basically similar, the call process of mobile subscribers and that of ordinary

fixed subscribers are different in the following aspects:

Before a mobile subscriber originates a call, he should first input the number, ensure that

no modification is needed, and then send the call.

Before the number is sent out and the call is connected, there is some additional

information that should be transferred between mobile stations (MS) and the network.

Such operations are automatically performed by the equipment, with no need for user

interference, but it results in a certain delay.

3.1 Initialization

Initialization is a random access process. It starts from MS which sends a channel

request message on RACH.

After receiving this message, BTS notifies BSC, and attaches BTSs estimation of the

transmission delay (TA) from this MS to BTS and the cause for the current access.

BSC will select an idle and dedicated channel SDCCH to notify BTS to activate it

according to the access cause and the current information.

Access causes mainly include: location updating; response to a paging call; and

subscriber service application, such as a call, sending one short message.

After BTS completes the activiation of the designated channel, BSC sends the

immediate allocation message on AGCH via BTS, including the description of the

SDCCH channel assigned by BSC to MS, TA, the maximum initialization transmission

power and the access random reference value.

When MS correctly receives its initialized allocation, it will, according to channel

description, adjust itself to this channel, set up a signaling transmission link, and send the

first initialized message on the dedicated channel, including subscribers identification

number (such as IMSI), cause for the current access, registration, and authentication. If

BSC has no idle channels to allocate, BSC will send to MS the immediate allocation

rejected message.

28


32/35



3.2 Location update

(1) MS moves from one area (belonging to the coverage of MSC-B) to another area

(belonging to the coverage of MSC-A).

(2) By detecting the broadcasting information sent persistently by the base station BS,

MS finds out that the newly received location area identification is different from the

currently used location area identification.

(3)(4) MS sends the location updating request with the message of Im here via this

base station to MSC-A.

(5) MSC-A sends the location updating message that contains the MSC-A identifier and

MS identification number to HLR (the authentication or encryption calculation process

will start from here, though not shown in the diagram).

(6) HLR sends back the response message, including all the related subscriber data.

(7)(8) Subscriber data registration in the visited VLR.

(9) Sending related location updating response message via the base station to MS (if

TMSI is re-assigned, it is sent together to MS).

(10) Notifying the original VLR to delete subscriber data related to this MS.

3.3 Outgoing call flow from MS to PSTN

(1) Within the service cell, once the mobile subscriber dials, the mobile station will

request the base station for the random access channel.

(2) The setup process to set up signaling connection between the mobile station MS and

29


33/35


the mobile service switching center MSC.

(3) Authentication of the mobile stations identification number; if encryption is needed,then it sets the encryption mode and enter the call setup starting phase.

(4) Service channel allocation

(5) Adopting the No.7 signaling user part ISUP/TUP to set up a channel from the fixed

network (ISDN/PSTN) to the called subscriber, send ringing to the called subscriber, and

send back the call connection acknowledgment signal to the mobile station.

(6)The called subscriber offhooks to reply, in which case a response (connection)

message is sent to the mobile station, thus entering the ultimate call session phase.

3.4 Incoming Call Flow from PSTN to MS

(1) Through the No.7 signaling user part ISUP/TUP to enter MSC(GMSC) and

receive a call from the fixed network (ISDN/PSTN).

(2) GMSC requests HLR for the MSC address (i.e., MSRN) visited by the related

called mobile subscriber.

(3) HLR requests the visited VLR to assign MSRN which is assigned and notified by

VLR to HLR in each call.

(4) After GMSC obtains MSRN from HLR, it can re-search for routes to set up

connection to the visited MSC.

(5)(6) The visited MSC obtains related subscriber data from VLR.

30


34/35



(7)(8) MSC sends paging messages to the mobile station through all base

stations( BS) in the location area.

(9)(10) The mobile station of the called mobile subscriber sends back the paging

response messages, then carries out the same steps of (1), (2), (3), (4) as shown

in the above outgoing call flow till the mobile station rings,

then sends back the call connection acknowledgment signal (omitted in the diagram) to

the calling subscriber.

(11) The mobile subscriber offhooks to answer, thus the response (connection)

message is sent back to the fixed network to signal calling and called parties enter

final call session.

3.5 Call Flow Between Two Mobile Subscribers

MS1 is served by MSC1/VLR1, and MS2 is served by MSC2/VLR2 and belongs to

HLR/AUC.

1. MS1 dials the phone number of MS2. BSS informs MSC1 of the call.

2. MSC2 analyzes the phone number of MS2, finds out the home HLR of MSC2 and

sends the route application to HLR.

3. HLR queries the current location information of MS2 and obtains the

MSC2/VLR2 that serves the MS2. HLR requests the route information from the

31


35/35


MSC2/VLR2.

4. MSC2/VLR2 allocates the route information, that is, MSRN and submits theMSRN to the HLR.

5. HLR sends the MSRN to the MSC1.

6. MSC2 sets up the call with MSC2 according to the MSRN.

7. MSC2/VLR2 sends the paging message to MS2.

8. MSC2/VLR2 receives the message, indicating the access of MS2 is allowed.

9. The call between MSC2 and MSC1 is set up.

10. MSC1 sends the successful connection signal to MS1. MS1 and MS2 can talk

over the phone.

Fig. 3.5-4 shows the call flow.

Fig. 3.5-4 Call Flow

gsm basics&call flow

Documents