module1 part2
TRANSCRIPT
Global system for
mobile
communication
1
Introduction
It covers around 71% of the market today
People not only use for business but also personal life
Used for wireless telephony and messaging through SMS
Supports facsimile (Fax) and data communication
GSM is based on set of standards. The proposed GSM had to meet certain business
objectives, these are:
Support for international roaming
Good speech quality
Ability to support handheld terminals
Low terminal and service cost
ISDN compatibility
2
GSM history timeline 3
Frequency reuse concept led to the development of Cellular technology by AT&T and Bell Labs in 1947
Characteristics were:
The area covered is subdivided into radio zones or cells. Cells can be of any shape, for convenient it is considered as hexagon. Base stations are placed at the centre of these cells
Each cells i receives a subset of frequencies from the total set assigned to respective mobile network. To avoid any type of interference, no to neighbouring cells can use same frequency
Only at distance of D (known as frequency reuse distance) , the same frequency from the set can be reused.
When moving from one cell to another during an outgoing conversation , an automatic channel change occurs. This phenomenon is called handover
4
Regular repetition of frequencies in cells result in a clustering of cells
The size of cluster is defined by k, the number of cells in the cluster
This also defines the frequency reuse distance D
The following fig is an example of cluster size of 4
5
Cell clusters in GSM 6
GSM Architecture
Are structured in hierarchic fashion
Administrative region assigned to one MSC(mobile switching centre)
Administrative region is called PLMN i.e. Public Land Mobile Network
It is subdivided into one or many Location Area (LA).One LA consists of many cell groups
Each cell group is assigned to one BSC (base station controller)
Each LA there will be at least one BSC
Cells in one BSC can belong to different LA’s
Cells are formed by the radio areas covered by a BTS (Base Transceiver Station)
Several BTs are controlled by one BSC
Traffic from the MS is routed through MSC
7
GSM System hierarchy 8
Architecture of GSM9
All subscribers with cellular network operator , permanent data such
as the service profile is stored in the Home Location Register (HLR)
Authentication information like International Mobile Subscriber
Identity (IMSI)
Identification information like name, address etc of the subscriber
Operator selected denial of service to the subscriber
Billing information like prepaid or postpaid customer
10
Handling supplementary services like CFU (Call forwarding
Unconditional), CFB (Call Forwarding Busy), CFNR (Call Forwarding Not Reachable ), CFNR( Call Forwarding Not Reachable)or CFNA
(Call forwarding Not Answered)
Storage of SMS number in case the mobile not connectable so that
whenever the mobile is connectable , a paging signal is sent to the
SC
11
GSM entities12
GSM entities
The GSM technical specifications define different entities that form
the GSM network by defining their functions and interface requirements
Can be divided into five different groups:
The Mobile Station (MS): Includes the Mobile Equipment (ME) and
the Subscriber Identity Module(SIM)
The Base Station Subsystem (BSS) : includes the Base Transceiver
Station (BTS) and Base Station Controller (BSC)
13
The Network and Switching Subsystem (NSS) : it includes MSTN,
HLR,VLR, Equipment Identity Register (EIR) , Authentication Centre (AUC)
The Operation and Support Subsystem (OSS): includes the
operation and Maintenance Centre (OMC)
The data infrastructure: include PSTN, ISDN , PDN(Public Data
network)
14
Mobile Station
Technical name for mobile or the cellular phone
Earlier days , mobile phone were large in size and now they come in
smaller in size
It has two important components in it
The mobile equipment or device or phone without SIM
Subscriber Identity Module (SIM)
The weight and volume of the mobile phones are decreasing
Life of Battery charging is also increasing.
15
SIM is installed in every GSM phone, they are smart processor card
They have a processor and small amount of memory i.e 32K bytes
By inserting SIM card, user have access to all subscribed services.
It has International Mobile Subscriber identity used to identify the
subscriber to the system, a secret key for authentication and other
security information
Applications are developed and stored in SIM cards using SAT (Sim
Application Toolkit)
16
The base station subsystem
Connects the Mobile station and the NSS (Network and Switching
Subsystem)
Can be divided into two parts
The base transceiver station (BTS) or base station
The base station controller (BSC)
The base station corresponds to the transceivers and antennas used
in each cell of the network
Urban areas large number of BTS will be deployed
Usually placed in the centre of the cell
17
Its transmitting power defines the size of cell
Each BTS has one to 16 transceivers depending on the density of
users in a cell
BSC is the connection between the BTS and Mobile service
Switching Centre (MSC)
It manages the radio resources for one or more BTS
It handles handovers, radio-channels setup, control of radio
frequency power levels of BTSs, exchange function and frequency
hopping.
18
The network and switching
subsystem
The central component of the network subsystem is the Mobile Switching Center (MSC)
Functions are:
It acts like a normal switching node for mobile subscribers of the same network
Acts like a normal switching node for PSTN fixed telephone
Acts like a normal switching node for ISDN
Provides all the functionality needed to handle a mobile subscriber such as registration, authentication, location updating handovers and call routing.
It includes databases needed in order to store information to manage the mobility of a roaming subscriber.
19
The MSC with Home Location Register (HLR) and Visitor Location
Register (VLR) databases, provide the call routing and roaming capabilities of GSM
HLR stores the important information of subscribers belonging to the
covering area of a MSC
It contains all administrative information like current location of the
mobile, authentication data
HLR is always fixed an stored in the home network and VLR logically
moves with subscriber.
20
VLR considered as temporary copy of some important information
stored in HLR
VLR is similar to cache, HLR is persistent storage
It contains the selected administrative information borrowed from
HLR, necessary for control and provisioning of the subscribed
services.
When a subscriber enters a covering area of new MSC, the VLR
associated with this MSC will request information about the new
subscriber from its corresponding HLR in home network
21
Another component called (GMSC) Gateway MSC that is
associated with MSC
It is a gateway is node interconnecting two networks
The GMSC is the interface between the mobile cellular network and
the PSTN
It is in charge of routing calls from fixed network towards a GSM user
and vice versa
22
The operation and support
subsytem
It controls and monitors the GSM system
Is connected to different components of the NSS and to the BSC
Controls the traffic of load of the BSS
Provisioning information for different services is managed in this subsystem
Equipment Identity Register (EIR) is a database that contains a list all valid
mobile equipment's within the network, where each mobile station is
identified by its IMEI (international Mobile Equipment identity)
EIR consists a list of IMEI all valid terminals
23
An IMEI is marked invalid if it reported as stolen or not type
approved.
EIR allows the MSC to forbid the calls from the stolen or unauthorized
terminals.
Authentication Center(AUC) is responsible for authentication of
subscribers
It is a protected database and stores a copy of secret key stored in
each subscribers sim card
These data help in verifying the user’s identity
24
Message centre
Popular service provided by GSM is SMS i.e. Short Message Service.
Is a data service and allows a user to enter a text message upto 160
characters in length when 7-bit English characters are used
Is always ON network
Message center is also called as Service Center (SC) or SMS
controller
There are two types of SMS
SMMT
SMMO
25
26
SMMT- Short Message Mobile Terminal
Is an incoming short message from the network
Terminated in the MS
SMMO-Short Message Mobile Originated
Is an outgoing message
Originated at MS
Forwarded to network for delivery
27
Call routing in GSM
Human interface is analog
There are many complex technologies used between the human
analog interface in mobile and digital network
The following figure is sequence of operation from speech to radio
wave
28
29
Digitizer and source coding
User speech is digitized at 8 KHz sampling rate using Regular Pulse
Excited-Linear Predictive Coder (RFE-LPC) with a Long Term Predictor
loop
Here information from previous sample is used to predict the current
sample
Each sample is then represented in signed 13-bit linear PCM value
It is then passed to coder with frames of 160 samples
30
Channel coding
Introduces redundancy information into the data for error detection
Gross bit rate after channel coding is 22.8 kbps
456 bits are divided into eight 57-bit blocks, and result is interleaved
among eight successive time slots bursts for protection against burst
transmission.
Interleaving
Rearranges a group of bits in a particular way
Improves performance of the error correction mechanisms
Decreases possibility of whole bursts during the transmission
31
Ciphering
Encrypts block of user data using a symmetric key shared by the mobile station
and BTS
Burst formatting
Adds some binary information to the ciphered block
Is used for synchronization and equalization of the received data
Modulation
Technique chosen for the GSM system is Gaussian Minimum Shift Keying(GMSK)
The binary data is converted back into analog signal to fit the frequency and
time requirements for multiple access rules
32
Multipath and equalization
GSM frequency bands gets reflected from buildings, hills etc, so not only
the right signal received by an antenna but many reflected signals
which corrupt the information are also received
An equalizer is responsible for extracting the right signal from the
received signal
It estimates the channel impulse response of the GSM system and then
constructs an invers filter
33
Synchronization
For successful operation of a mobile, time and frequency
synchronization is needed.
Frequency synchronization is needed so that transmitter and receiver
frequency match
Time synchronization is necessary to identify the frame boundary and
bits within the frame
34
An example
Assume that a party called a GSM directory number +919845052534
The directory number dialled to reach a mobile subscriber is called the
Mobile Subscriber ISDN (MSISDN)
It includes country code and national destination code which indicated
subscriber’s operator
MSISDN number of subscriber in Bangalore associated with Airtel network is +919845XYYYYY
+ means the prefix for international dialling like 00 in UK / India or 011 in USA
35
91 is the country code for India
98 is the network operator code, here Airtel
X is the level number managed by the network operator ranging
from 0 to 9
YYYYY is the subscriber code managed by operator
36
Call routing for mobile terminating
call
37
Call first goes to local PSTN exchange
PSTN exchange looks at the routing table and determines that is a
call to mobile network
It forwards call to Gateway MSC of the mobile network
It decides whether to route this call or not
If the user has not paid the bills, the call may not be routed
If the phone is powered off then , a message may be played or call is
forwarded to voice mail
38
If MSC finds that the call can be processed, it will find out address of
the VLR where mobile is expected to be present
If the VLR is of different PLMN , it will forward the call to foreign PLMN
through gateway MSC
If VLR is in the home network, it will determine the location Area (LA)
Within the LA it will page and locate the phone and connect the
call
39
PLMN interfaces
Basic configuration of PLMN consists of a central HLR and central
VLR
Contains all security, provisioning and subscriber-related information
MSC needs subscriber parameter for successful call set-up
40
Configuration
of GSM PLMN
41
GSM addresses and identifiers
To manage all complex functions, GSM deals with many address and identifiers, they are
IMEI
IMSI
MSISDN
LAI
MSRN
TMSI
LMSI
Cell identifier
Identification of MSCs and location registers
42
International Mobile Station
Equipment Identity (IMEI)
Every mobile equipment in this world has a unique identifier, called as
IMEI
Allocated by the manufacturer and registered by the network operator
in Equipment Identity Register (EIR)
To see your IMEI number, type *#06# on the phone
43
International Mobile Subscriber
Identity (IMSI)
When registered with a GSM operator, each subscriber is assigned with
a unique identifier
IMSI is stored in SIM card and secured by the operator
A mobile station can operate only when it has a valid IMSI
There are several parts in IMSI, which are as follows
44
Three decimal digits of Mobile Country Code(MCC), for India it is 404
Two decimal digits of Mobile Network Code (MNC)
Uniquely identifies a mobile operator within a country
For airtel in Delhi it is 10
Maximum 10 digits of Mobile Subscriber Identification Number (MSIN)
This is unique number of the subscriber within a home network
45
Mobile Subscriber ISDN numbers
(MSISDN) Real telephone number that is known in this external world
It is public information where as IMEI is private information to a operator
The MSISDN categories follow the following international ISDN (Integrated
Systems Data Network) numbering plan as the following
Country Code (CC): one of three decimal digits of the country code
Eg: USA-1, India-91, Finland-358
National Destination Code (NDC) : typically 2 to 3 decimal digits
In India 94 for BSNL, 98 for all other operators
Subscriber Number (SN) : Maximum 10 decimal digits
Eight digit number, consist
Two decimal digits of operator code
Followed by one decimal digit level number
5 digit subscriber number
46
Location Area Identity (LAI)
Each LA in PLMN has its own identifier
It is unique
Consists three digits of CC, two digits of Mobile Network Code i.e.
MNC, maximum five digit of Location Area Code.
47
Mobile Station Roaming Number
(MSRN)
When a subscriber is roaming in another network, he is assigned with
a temporary ISDN number
This ISDN is used by the Local VLR in charge of the mobile station
48
Temporary Mobile Subscriber
Identity (TMSI)
Temporary identifier assigned by the serving VLR
Used in place of the IMSI for identification and addressing of the
mobile station
It is never stored in HLR
Difficult to determine the identity of subscriber by listening to the
radio channel
Stored in the SIM card
49
Location Mobile Subscriber Identity
(LMSI)
Assigned by the VLR and stored in the HLR
Used as searching key for faster database access in VLR
50
Cell identifier (CI)
Within a LA , every cell has unique cell identifier
Together with a Lai a cell can be identified uniquely through Global
Cell Identity
51
Identification of MSC and location
registers
MSC, HLR,VLR,SCs are addressed by ISDN numbers
They may have Signaling Point Code (SPC) within a PLMN
52
Network aspects in GSM
When a call is in progress and the user is on the move, there will be a
handover mechanism from one cell to another
Resembles to relay race, where one athlete passes the baton to
another
Roaming and handover are performed by NSS, mainly using the
Mobile Application Part (MAP) built on the Signalling System #7 (SS7)
protocol
The signalling protocol is GSM has three layers, shown in the
following figures
53
54
Layer 1 is the physical layer, which uses the channel structures over the air
interface
Layer 2 is data link layer, called LAPDm i.e. modified version of LAPD
protocol
Layer 3 is divided into three layers
Radio Resources Management
Controls set-up, maintenance, termination of radio and fixed channels including
handovers
Mobility management
Manages location updating and registration procedures such as security and
authentication
Connection Management
Handles general call control, manages supplementary services, SMS
55
Mobility management
Person travelling on train without GSM phone or wireless
communication device
If he wants to talk, how will he talk
If the train stops at a station for a long time, he can try to locate a
public call office in a station and make the call
He must finish the call before the train departs
There is no way any person can make a call when they want
56
Using MM , one can make outgoing calls and receive incoming calls while in motion
In wired network where device is stationary, the point of attachment to the
network is also fixed
Address of the device is sufficient to locate the device in routing table and
establish the connection
Incase of wireless devices, device moves from one location to another
making the old routing table invalid
Therefore establishing and maintaining a connection is complex
Paging, location updates, handover and roaming are performed to
provide mobility
57
Paging
For getting a call connected, a MS has to be traced, located and
then call connected
The MS is traced through a paging process within a location
Using the BSS signalling channel the paging message for an MS is
sent that includes the IMSI as the identifier of the MS
A single paging message across the MSC to BSS interface contains
information of the cells in which the page shall be broadcast
In paging the making a decision is difficult i.e which cell to start
paging from, this is because there is huge number of cells
58
If we cannot locate the mobile quickly, the call cannot be connected resulting the lost revenue
Eg: it can start from the centre of the network and keep searching each
and every cell for long time
Such global paging system is going to cost more and consume lot of time
To optimize the cost and response time, paging starts at location where the
MS was present last.
The location of MS is recorded in the HLR and updated through Location
Update
The MS is searched in these cells where it has the highest probability of
being present
59
Location update
Concerned with procedures that enable the network to know the
current location of powdered on MS so that mobile terminated call routing can be completed.
If the location of MS is not known, tracking the MS through the
paging costs in terms of radio and backbone SS7 signalling
bandwidth
To optimize this, location information is regularly updated within core
network
The presence and location information is kept up to date within VLR and HLR
60
Assume the MS is willing to communicate, the MS must be powered
off-on and attached to the network
If the MS is attached to the network , it must be located through the
paging before successful communication can take place for mobile
terminated calls and mobile terminated SMS
When MS is powered off, the HLR is updated with an explicit IMSI
detach which indicates that MS is not available and connection
cannot be established.
61
Handover
When the call is going on in a moving vehicle, the relationship
between the radio signals and user is dynamic
The user movements can make the user to move away from a
wireless tower, causing the radio signals to reduce and ultimately
break
The user has to be moved to another cell where the signal strength is
higher
Will result in changing the association of the resources to another
channel within the same cell or different cell altogether, this is called handover
62
Handover has to be made very fast without any disruption to the service to
the higher layer
In north America handover is called as “handoff”
A handover can be initiated by a mobile or network
A mobile initiated handover is based on radio subsystem criteria of Radio
Frequency (RF), quality of signal or distance from tower
Network initiated handover is associated by a mobile device is based on traffic
loading per cell, maintenance request etc
63
There are four different types of handover in the GSM system , which
involves transferring call in between
Channels in the same cell
Cells under the control of same BSC
Cells under the control of different BSC, but belonging to same MSC
Cells under the control of different MSC
The first two are called internal handovers [handled by BSC]and next
two are called external handovers [handled by MSC]
64
Handover procedure 65
Authentication and Security issues
during handover
GSM uses A3,A8 and A5 algorithms for security
A3 algorithm is used to authenticate the subscriber
A8 algorithm is used to generate Cipher key Kc
A5 algorithm is used to cipher everything that is transmitted over the
air that include both signal and traffic
When handover occurs necessary information is transmitted within
the system infrastructure to enable communication to proceed from
the old BSS to new BSS, synchronization process is resumed
The key remains unchanged at handover
66
Roaming
When handover happens between one network to another network
is called roaming
When a mobile is powered off , it performs an IMSI detach to say the
network that is no longer connected.
When a mobile station is turned on in a new network or the
subscriber moves to different operators PLMN , then the subscriber
must register with the new network to indicate its current location.
The first location update is called IMSI attach procedure where the
MS indicates its IMSI to the new network.
68
A location update is performed periodically
A location update message is sent to new MSC/VLR which records
the location area information and then sends this information to the
subscriber’s HLR
If the mobile station is authenticated and authorized in the new
MSC/VLR the subscriber’s HLR cancels the registration of the mobile
station with the old MSC/VLR
69
Two types of roaming
Horizontal Roaming
Roaming between two networks of the same family
GSM to GSM roaming
Vertical Roaming
Roaming between two networks of different families
When vertical roaming happens without any disruption it is called
seamless roaming.
GSM to CDMA, GPS to WIFI
70
GSM Frequency Allocation
GSM in general uses 900 MHz band
890-915 MHz are allocated for uplink i.e. MS to BS
935-960 MHz are allocated for downlink i.e. BS to MS
Mobile to Base
Ft(n)=890.2+0.2(n-1) MHz
Base to Mobile
Ft(n)=Fr(n)+45MHz
71
72
73
3 (tail) These tail bits at the start of the GSM burst give time for the
transmitter to ramp up its power
57 (data): This block of data is used to carry information, and most often contains the digitised voice data
1 (steal bit )is bit within the GSM burst indicates the type of data in the
previous field.
26 (Midamble): This training sequence is used as a timing reference and for equalisation.
1 (steal bit ) Again this flag indicates the type of data in the data field.
57 (data) Again, this block of data within the GSM burst is used for carrying
data.
3 (tail) These final bits within the GSM burst are used to enable the
transmitter power to ramp down. They are often called final tail bits, or just
tail bits.
8.25 (guard bits) At the end of the GSM burst there is a guard period. This is introduced to prevent transmitted bursts from different mobiles overlapping.
74