gsm operation
TRANSCRIPT
Ha d
dii
GSM Network Areas...
Cell
Location Area
MSC / VLR Area
Public Land Mobile Network (PLMN)
Ha d
dii
Public Land Mobile Network (PLMN)
GSM Network Areas...
Ha d
dii
GSM Network Areas...
MSC/VLR Service Area
MSC
Ha d
dii
GSM Network Areas...
Location Area
MSC/VLR Service Area
.1LUP
.2Paging
Ha d
dii
GSM Network Areas...
Cell
LA
CGI)
(BSIC)
CGI : Cell Global ID
BSIC : Basic Station Identity Code
Ha d
dii
MSISDN - Mobile subscriber International ISDN Number• International number for mobile subscriber that includes at most 15 digits
• Mapping to Mobile Station Roaming Number (MSRN) by HLR
Country Code (CC + National Destination Code (NDC + Subscriber Number (SN
Example: 98912347658
IMSI - International Mobile Subscriber Identity International number that Uniquely Identifies the User (SIM Card) and is stored in SIM
Card, HLR and VLR
unique 15 digits assigned
Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile Subscriber Identification Number (MSIN)
Example : 432111234567890
432(MCC)----11(MNC)----1234567890(MSIN)
Ha d
dii
TMSI - Temporary Mobile Subscriber Identity
32-bit number assigned by VLR to uniquely identify a mobile station within a VLR’s area
32 Bits
Local Number Allocated By VLR
May Be Changed Periodically
Hides The IMSI Over The Air Interface (Transmitted Instead Of IMSI)
MSRN - Mobile Station Roaming Number
Is used for routing
Generated By VLR For All Visiting Users (HLR asks VLR to assign this number for called party)
Helps HLR To Determine Current Location Area
Hides The IMSI Inside The Network
Visitor Country Code (VCC) + Visitor National Destination Code (VNDC) + Current MSC Code + Temporary Subscriber Number
Example : 989110100 to 989110107 for one MSC
Ha d
dii
PSTN GMSC
HLR
MSC/VLR
1- MSISDN
2- MSISDN
5- MSRN
3-
IMS
I
4-M
SR
N
MSISDN IMSI MSC Address
Ha d
dii
International Mobile Station Equipment Identity (IMEI)
Unique 15 digits assigned by equipment manufacturer
.1(TYPE APPROVAL CODE) TAC
.2(FINAL ASSEMBLY CODE) FAC
.3(SERIAL NUNBER) SNR
.4SP
IMEI=TAC+FAC+SNR+SP
357,087,008,609,717 (USSD= *#06#)
Cell Global Identity (CGI)
LACILAI
.1(LOCATION AREA IDENTITY) LAI
.2(CELL IDENTITY) CI
CGI=MCC+MNC+LAC+CI
Base Station Identity Code (BSIC)
.1(NATIONAL COUNTRY CODE) NCC
.2(BASE STATION COUNTRY CODE) BCC
BSIC=NCC+BCC
Ha d
dii
Personal Identity Number ( PIN)
PIN
SIM,
,IMSI
Location Area Identity( LAI)
Based on international ISDN numbering plan that is broadcast regularly by the BTS
on broadcast channel
.1(MOBILE COUNTRY CODE) MCC
.2(MOBILE NETWORK CODE) MNC
.3(LOCATION AREA CODE) LAC
LAI=MCC+MNC+LAC
Ha d
dii
Location Updating…
Location updating is used to reduce the area over which paging
must be undertaken in a cellular system.
The cellular coverage area is divided up into a number of
location areas.
All cells broadcast the identity of their Location Area (LAI).
Each time a mobile station observes that it has moved into a new
location area it informs the network by performing a location
update; this enables the network to perform paging over a
smaller area than would otherwise be necessary.
In the extreme case each cell could be a location area, the
system would know very precisely where a mobile was but at the
expense of a very high level of location update signalling. As a
compromise location areas are generally defined as a group of
cells.
Ha d
dii
Location Update (LU)
MS is aware of location• BTS broadcasts Location Area Identification (LAI) on BCCH
• SIM stores current LAI and TMSI
Events which determine a current location update• MS is switched on and current LAI equals stored LAI
• a timer set by the network expires and MS reports position (TMSI may be updated and stored in SIM)
Events which determine a new location update• MS is switched on and current LAI differs from stored LAI
• MS enters a new location area (TMSI and LAI are updated and stored in SIM)
Ha d
dii
In practice, there are three types of location updates:1. Location Registration (Power On)
2. Generic
3. Periodic
Location registration:
• takes place when a mobile station is turned on.This is also known as IMSI Attach because as soon as the mobile station is switched on, it informs the Visitor Location Register(VLR)that it is now back in service and is able to receive calls.As a result of a successful registration,the network sends the mobile station two numbers that are stored in the SIM(Subscriber Identity Module)card of the mobile station.
Generic:• Every time the mobile receives data through the control channels,it
reads the LAI and compares it with the LAI stored in its SIM card. A Generic location update is performed if they are different.The mobile starts a location Update process by accessing the MSC/VLR that sent the location data.
Periodic:• Periodic Location Update is carried out when the network does not
receive any location update request from the mobile in a specified time.
Location Update (LU)
Ha d
dii
Location never update (no cost).
Need to page every cells (high cost).
Location updates for every cell crossing (high cost).
Need to page only one cell (low cost).
Location update
Partition the region into different location areas.
Location Updating…
Ha d
dii
Location Updating…
LA-1
LA-2
Location update
No location update
Location update is performed when there is a boundary crossing.
How to determine the size of a LA?
Ha d
dii
Location Update (LUP)
Ha d
dii
Paging is a process of broadcasting a message which alerts a specific mobile to take some action, for
example if there is an incoming call to be received.
If the system does not know the precise cell in which a mobile is located it must perform paging in a
number of cells.
An extreme approach would be to undertake paging throughout the entire coverage area of a cellular
system whenever a mobile is to be alerted; however, in anything but the smallest system this would
be wasteful of valuable signalling capacity, particularly over the air interface.
The problem is addressed by the use of location areas and location updating.
Paging
Ha d
dii
Paging
Ha d
dii
MSC MSC VLRVLR
HLR
(1)
(6)(4)
(3)
(2)
(5)
Mobile
Switching
Center
Calling MS
Called MS
(7)
GSM Call Delivery Procedure…
Ha d
dii
GSM Call Delivery Procedure…
1. Calling MS sends a call initiation signal to MSC through BS.
2. MSC sends a location request to HLR of the called MS
3. HLR determines serving VLR of called MS and sends a route request message to it.
4. MSC allocates a temporary ID to MS and sends this ID to HLR
5. HLR forwards the ID to MSC of the calling MS
6. Calling MSC requests a call set up to the called MSC
7. Paging messages are sent to cells within the LA.
Ha d
dii
GSM Mobile Terminated Call
1: calling a GSM subscriber
2: forwarding call to GMSC
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
7: forward call to
current MSC
8, 9: get current status of MS
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
Ha d
dii
Handover is the means of maintaining a call when a user
moves outside the coverage area of the serving cell.
The call must be switched to an alternative cell to provide
service, automatically and without loss of service.
Handover is a complex process requiring synchronisation of
events between the mobile station and the network.
In particular, there is the need to route the call to the new cell
before handover can be effected whilst maintaining the old
connection until the new connection is known to have
succeeded.
Handover is a time critical process requiring action to be taken
before the existing radio link degrades to such an extent that
the call is lost.
Handover…
Ha d
dii
Handover…
Ha d
dii
Intra-cell Handover
BTS BTS
Ha d
dii
Inter-cell Intra-BSC Handover
BSC
BTS BTS
BSC
Ha d
dii
Inter-BSC Intra-MSC Handover
MSCVLR
BSC
BTS
BSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BTS
Ha d
dii
Inter-BSC Inter-MSC Handover
MSC1VLR
MSC2VLR
BSC
BTS
BSC
BTS
BTS
BTS
BTS
BTS
BTS
BTS
BTS
Ha d
dii
Handover
•BSCBTSMSUplinkDownlink
Handover
HandoverHandover
1. HO because Interference (uplink or downlink)
2. HO because Uplink quality
3. HO because Downlink quality
4. HO because Uplink level
5. HO because Downlink level
6. HO because MS-BS distance
7. HO because Turn-around-corner MS
8. HO because Rapid field drop
9. HO because Fast/Slow-moving MS
10. HO because Better cell (PBGT or Umbrella)
11. HO because Good C/I ratio
Ha d
dii
HandoverUplinkDownlink
•UplinkDownlink
-85dbm
HandoverInter-CellIntra-Cell
Ha d
dii
HandoverUplinkDownlink
•UplinkDownlinkQURQDR
Handover
QMRGHandover(Inter-cell Handover)
QDR: Downlink Rx quality threshold
QUR: Uplink Rx quality threshold
QMRG: HO margin quality
Ha d
dii
HandoverUplinkDownlink
•UplinkDownlinkLUR
LDRHandover
LMRGHandover(Inter-cell
Handover)
LDR: Downlink Rx Level threshold
LUR: Uplink Rx Level threshold
LMRG: HO margin Level
Ha d
dii
HandoverPower Budge
•PBGTPower Budget)Uplink
Downlink
MSBTSHandover
PBGTnPMRGBSC
HandoverPower BudgetPMRG
6dbBSCSACCH
MS6*120mSecPBGT
HandoverMIHHandoverPower budget
•HandoverPBGT
Ha d
dii
Copyright
© 1996
Northern
Telecom
MS
BSC
BTS1(900MHz)
BTS2(900MHz)
PBGT(BTS1--BTS2)=7db
Defined PMRG for BTS1 is 6db
7db>6db then Handover command To MS
Because Power Budget
Ha d
dii
HandoverUmbrella
•HandoverUmbrella
Handover
Upper layerLower layer
HandoverHandover
•HandoverBSC
AUCL
HandoverMS
AUCL
AUCLBTSHandover
•HandoverUmbrellaDual
band
• AUCL:HO level umbrella
Ha d
dii
Copyright
© 1996
Northern
Telecom
MS
BSC
BTS1(900MHz)
BTS2(1800MHz)
AUCL (900-> 1800) = -75db
AUCL (1800-> 900) = -68db
Level of BTS2 =-70
-70dbm >-75dbm then
Command for Handover from
BTS1(900) to BTS2(1800)
Ha d
dii
Handover
•
Handover
Handover
HandoverUplinkDownlinkrapid field
dropTurn-around-corner MS
Ha d
dii
Mobile-Assisted Handover (MAHO)
Ha d
dii
1. Ciphering
is used across the air interface to provide speech and signaling encryption. When the
authentication procedure has been completed successfully ,the BTS and the mobile
station are ready to start the ciphering procedure for signaling and speech/data
transmission
2. Authentication
is a procedure used in checking the validity and integrity of subscriber data. With the
help of authentication procedure the operator prevents the use of false SIM modules
in the network. The authentication procedure is based on an identity key “Ki” ,that is
issued to each subscriber when his data are established in the HLR. The
authentication procedure verifies that the “Ki” is exactly the same on the subscriber
side as on the network side. The Authentication Center generates information that
can be used for all the security purpose during one transaction. This information is
called an Authentication Triplet.
GSM Security (1)
Ha d
dii
3. access control/authentication• user SIM (Subscriber Identity Module): secret PIN (Personal Identification
Number)
• SIM network: challenge - response method
4. confidentiality• voice and signaling encrypted on the wireless link (after successful
authentication)
5. anonymity• TMSI - Temporary Mobile Subscriber Identity
• newly assigned at each new location update
• encrypted transmission
6. 3 algorithms specified in GSM• A3 for authentication (“secret”, open interface)
• A5 for encryption (standardized)
• A8 for encryption key generation
GSM Security (1)
Ha d
dii
Security in GSM…
Ha d
dii
The authentication triplet consists of three number:
1. RAND RAND is a Random number
2. SRES SRES (Signed Response) is a result that the algorithm A3 produces on the basis of certain source information
3. Kc Kc is a ciphering key that A8 generates on the basis of certain source information.
GSM Security
Ha d
dii
GSM - authentication…
Ha d
dii
GSM – authentication…
Ha d
dii
Authentication
.1VLRVLRHLR
.2HLRAUC
.3AUCA3KiSRES
.4AUCHLR(Ki,SRES,RAND)VLR
.5VLRMSCRANDMS
.6MSA3KiSIMSRES
.7SRESMSMSC
.8MSC
Ha d
dii
Authentication Algorithms
XOR
COMP128-1
COMP128-2
COMP128-3
COMP128-4
OPERATORE’S SPECIAL ALGORITHM
Ha d
dii
GSM - key generation and encryption
Ha d
dii
.1
.2VLRKcMSC
.3MSC----BSS
.4BSS----MS
.5MS
.6BSSMSC
Ha d
dii
Any Questions & Comments ?