6. Radio Interfaces in GSM Networks .ppt
RambabuReddy
1 views
26 slides
Oct 14, 2025
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
Radio Interfaces in GSM Networks
Slide Content
Radio Interface
GSM-900 uses 890 - 915 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 935 - 960 MHz for the other direction (downlink),
providing 124 RF channels paced at 200 kHz.
GSM-1800 uses 1710 - 1785 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 1805 - 1880 MHz for the other direction (downlink),
providing 374 channels
GSM-1900 uses 1850 - 1910 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 1930 - 1990 MHz for the other direction (downlink),
providing around 300 channels
GSM-900 uses 890 - 915 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 935 - 960 MHz for the other direction (downlink),
providing 124 RF channels paced at 200 kHz.
GSM-1800 uses 1710 - 1785 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 1805 - 1880 MHz for the other direction (downlink),
providing 374 channels
GSM-1900 uses 1850 - 1910 MHz to send information from the
Mobile Station to the Base Transceiver Station (uplink)
and 1930 - 1990 MHz for the other direction (downlink),
providing around 300 channels
1 2 3 4 5 6 7 8
higher GSM frame structures
935-960 MHz
124 channels (200 kHz)
downlink
890-915 MHz
124 channels (200 kHz)
uplink
f r e
q
u
e
n
c
y
time
GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs
577 µs
tailuser data TrainingS
guard
space
Suser datatail
guard
space
3 bits57 bits 26 bits 57 bits1 1 3
GSM Radio Interface - TDMA/FDMA
higher GSM frame structures
935-960 MHz
124 channels (200 kHz)
downlink
890-915 MHz
124 channels (200 kHz)
uplink
f r e
q
u
e
n
c
y
time
GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs
577 µs
tailuser data TrainingS
guard
space
Suser datatail
guard
space
3 bits57 bits 26 bits 57 bits1 1 3
GSM Radio Interface - TDMA/FDMA
The first and last three bits of a normal burst (tail) are all set to 0
and can be used to enhance the receiver performance.
The training sequence in the middle of a slot is used to adapt the
parameters of the receiver to the current path propagation
characteristics and to select the strongest signal in case of
multi-path propagation.
A flag S indicates whether the data field contains user or network
control data.
Types of Bursts:
1.Normal Burst
2.Frequency Correction Burst
3.Synchronization Burst
4.Access Burst
5.Dummy Burst
and can be used to enhance the receiver performance.
The training sequence in the middle of a slot is used to adapt the
parameters of the receiver to the current path propagation
characteristics and to select the strongest signal in case of
multi-path propagation.
A flag S indicates whether the data field contains user or network
control data.
Types of Bursts:
1.Normal Burst
2.Frequency Correction Burst
3.Synchronization Burst
4.Access Burst
5.Dummy Burst
GSM Protocols
The signalling protocol in GSM is structured into three
general layers depending on the interface, as shown
below.
Layer 1 is the physical layer that handles all radio-
specific functions. This includes the creation of bursts
according to the five different formats, multiplexing of
bursts into a TDMA frame, synchronization with the
BTS, detection of idle channels, and measurement of
the channel quality on the downlink.
The physical layer at U
m uses GMSK for digital
modulation and performs encryption/decryption of
data, i.e., encryption is not performed end-to-end, but
only between MS and BSS over the air interface.
The signalling protocol in GSM is structured into three
general layers depending on the interface, as shown
below.
Layer 1 is the physical layer that handles all radio-
specific functions. This includes the creation of bursts
according to the five different formats, multiplexing of
bursts into a TDMA frame, synchronization with the
BTS, detection of idle channels, and measurement of
the channel quality on the downlink.
The physical layer at U
m uses GMSK for digital
modulation and performs encryption/decryption of
data, i.e., encryption is not performed end-to-end, but
only between MS and BSS over the air interface.
GSM protocol layers for signaling
CM
MM
RR
MM
LAPD
m
radio
LAPD
m
radio
LAPD
PCM
RR’ BTSM
CM
LAPD
PCM
RR’
BTSM
16/64 kbit/s
U
m
A
bis
A
SS7
PCM
SS7
PCM
64 kbit/s /
2.048 Mbit/s
MS BTS BSC MSC
BSSAP
BSSAP
CM
MM
RR
MM
LAPD
m
radio
LAPD
m
radio
LAPD
PCM
RR’ BTSM
CM
LAPD
PCM
RR’
BTSM
16/64 kbit/s
U
m
A
bis
A
SS7
PCM
SS7
PCM
64 kbit/s /
2.048 Mbit/s
MS BTS BSC MSC
BSSAP
BSSAP
Signalling between entities in a GSM network requires higher
layers. For this purpose, the LAPD
m protocol has been defined
at the U
m interface for layer two.
LAPD
m
has been derived from link access procedure for the D-
channel (LAPD) in ISDN systems, which is a version of HDLC.
LAPD
m
is a lightweight LAPD because it does not need
synchronization flags or checksum for error detection.
LAPD
m offers reliable data transfer over connections, re-
sequencing of data frames, and flow control.
layers. For this purpose, the LAPD
m protocol has been defined
at the U
m interface for layer two.
LAPD
m
has been derived from link access procedure for the D-
channel (LAPD) in ISDN systems, which is a version of HDLC.
LAPD
m
is a lightweight LAPD because it does not need
synchronization flags or checksum for error detection.
LAPD
m offers reliable data transfer over connections, re-
sequencing of data frames, and flow control.
The network layer in GSM, layer three, comprises several sub
layers. The lowest sub layer is the radio resource management
(RR). Only a part of this layer, RR’, is implemented in the BTS,
the remainder is situated in the BSC.
The functions of RR’ are supported by the BSC via the BTS
management (BTSM).
The main tasks of RR are setup, maintenance, and release of
radio channels.
Mobility Management (MM) contains functions for registration,
authentication, identification, location updating, and the
provision of a temporary mobile subscriber identity (TMSI).
layers. The lowest sub layer is the radio resource management
(RR). Only a part of this layer, RR’, is implemented in the BTS,
the remainder is situated in the BSC.
The functions of RR’ are supported by the BSC via the BTS
management (BTSM).
The main tasks of RR are setup, maintenance, and release of
radio channels.
Mobility Management (MM) contains functions for registration,
authentication, identification, location updating, and the
provision of a temporary mobile subscriber identity (TMSI).
Finally, the call management (CM) layer contains three
entities: call control (CC), short message service (SMS),
and supplementary service (SS).
Additional protocols are used at the A
bis
and A interfaces.
Data transmission at the physical layer typically uses
pulse code modulation (PCM) systems.
LAPD is used for layer two at A
bis
, BTSM for BTS
management.
Signalling System No. 7 (SS7) is used for signalling
between an MSC and a BSC. This protocol also transfers
all management information between MSCs, HLR, VLRs,
A
u
C, EIR, and OMC. An MSC can also control a BSS via
a BSS application part (BSSAP).
entities: call control (CC), short message service (SMS),
and supplementary service (SS).
Additional protocols are used at the A
bis
and A interfaces.
Data transmission at the physical layer typically uses
pulse code modulation (PCM) systems.
LAPD is used for layer two at A
bis
, BTSM for BTS
management.
Signalling System No. 7 (SS7) is used for signalling
between an MSC and a BSC. This protocol also transfers
all management information between MSCs, HLR, VLRs,
A
u
C, EIR, and OMC. An MSC can also control a BSS via
a BSS application part (BSSAP).
Localization & Calling
One fundamental feature of the GSM system is the
automatic, worldwide localization of users. The system
always knows where a user currently is, and the same
phone number is valid worldwide.
To provide this service, GSM performs periodic location
updates even if a user does not use the mobile station’
Changing VLRs with uninterrupted availability of all services
is also called roaming. Roaming can take place within the
network of one provider, between two providers in one
country (national roaming is, often not supported due to
competition between operators), but also between different
providers in different countries (international roaming).
One fundamental feature of the GSM system is the
automatic, worldwide localization of users. The system
always knows where a user currently is, and the same
phone number is valid worldwide.
To provide this service, GSM performs periodic location
updates even if a user does not use the mobile station’
Changing VLRs with uninterrupted availability of all services
is also called roaming. Roaming can take place within the
network of one provider, between two providers in one
country (national roaming is, often not supported due to
competition between operators), but also between different
providers in different countries (international roaming).
GSM is very attractive: one device, over 190
countries! To locate an MS and to address the
MS, several numbers are needed:
1.Mobile Station International ISDN Number (MSISDN)
a.country code (CC)
b.national destination code (NDC)
c.subscriber number (SN).
2.International Mobile Subscriber Identity (IMSI)
3.Temporary Mobile Subscriber Identity (TMSI)
4.Mobile Station Roaming Number (MSRN)
a.visitor country code (VCC)
b.visitor national destination code (VNDC)
countries! To locate an MS and to address the
MS, several numbers are needed:
1.Mobile Station International ISDN Number (MSISDN)
a.country code (CC)
b.national destination code (NDC)
c.subscriber number (SN).
2.International Mobile Subscriber Identity (IMSI)
3.Temporary Mobile Subscriber Identity (TMSI)
4.Mobile Station Roaming Number (MSRN)
a.visitor country code (VCC)
b.visitor national destination code (VNDC)
Mobile Terminated Call
PSTN
calling
station
GMSC
HLR VLR
BSSBSSBSS
MSC
MS
1 2
3
4
5
6
7
89
10
1112
13
16
10
10
11 11 11
1415
17
1: calling a GSM subscriber
2: forwarding call to GMSC
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
7: forward call to
current MSC
8, 9: get current status of MS
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
PSTN
calling
station
GMSC
HLR VLR
BSSBSSBSS
MSC
MS
1 2
3
4
5
6
7
89
10
1112
13
16
10
10
11 11 11
1415
17
1: calling a GSM subscriber
2: forwarding call to GMSC
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
7: forward call to
current MSC
8, 9: get current status of MS
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
Mobile Originated Call
PSTN GMSC
VLR
BSS
MSC
MS
1
2
6 5
34
9
10
7 8
1, 2: connection request
3, 4: security check
5-8: check resources (free
circuit)
9-10: set up call
PSTN GMSC
VLR
BSS
MSC
MS
1
2
6 5
34
9
10
7 8
1, 2: connection request
3, 4: security check
5-8: check resources (free
circuit)
9-10: set up call
MTC/MOC
BTSMS
paging request
channel request
immediate assignment
paging response
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
BTSMS
channel request
immediate assignment
service request
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
MTC MOC
BTSMS
paging request
channel request
immediate assignment
paging response
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
BTSMS
channel request
immediate assignment
service request
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
MTC MOC
Handover
Cellular systems require handover procedures, as single cells
do not cover the whole service area, but, e.g., only up to 35 km
around each antenna on the countryside and some hundred
meters in cities. The smaller the cell size and the faster the
movement of a mobile station through the cells (up to 250
km/h for GSM), the more handovers of on-going calls are
required.
There are two basic reasons for a handover:
● The mobile station moves out of the range of a BTS or a
certain antenna of a BTS respectively. The received signal
level decreases continuously until it falls below the minimal
requirements for communication. The error rate may grow due
to interference, the distance to the BTS may be too high (max.
35 km) etc. – all these effects may diminish the quality of the
radio link and make radio transmission impossible in the near
future.
Cellular systems require handover procedures, as single cells
do not cover the whole service area, but, e.g., only up to 35 km
around each antenna on the countryside and some hundred
meters in cities. The smaller the cell size and the faster the
movement of a mobile station through the cells (up to 250
km/h for GSM), the more handovers of on-going calls are
required.
There are two basic reasons for a handover:
● The mobile station moves out of the range of a BTS or a
certain antenna of a BTS respectively. The received signal
level decreases continuously until it falls below the minimal
requirements for communication. The error rate may grow due
to interference, the distance to the BTS may be too high (max.
35 km) etc. – all these effects may diminish the quality of the
radio link and make radio transmission impossible in the near
future.
● The wired infrastructure (MSC, BSC) may decide that the
traffic in one cell is too high and shift some MS to other cells
with a lower load (if possible).Handover may be due to load
balancing.
We have four possible handover scenarios in GSM:
● Intra-cell handover: Within a cell, narrow-band interference
could make transmission at a certain frequency impossible.
The BSC could then decide to change the carrier frequency
(scenario 1).
● Inter-cell, intra-BSC handover: This is a typical handover
scenario. The mobile station moves from one cell to another,
but stays within the control of the same BSC. The BSC then
performs a handover, assigns a new radio channel in the new
cell and releases the old one (scenario 2).
traffic in one cell is too high and shift some MS to other cells
with a lower load (if possible).Handover may be due to load
balancing.
We have four possible handover scenarios in GSM:
● Intra-cell handover: Within a cell, narrow-band interference
could make transmission at a certain frequency impossible.
The BSC could then decide to change the carrier frequency
(scenario 1).
● Inter-cell, intra-BSC handover: This is a typical handover
scenario. The mobile station moves from one cell to another,
but stays within the control of the same BSC. The BSC then
performs a handover, assigns a new radio channel in the new
cell and releases the old one (scenario 2).
4 types of handover
MSC MSC
BSC BSCBSC
BTS BTS BTSBTS
MS MS MS MS
1
2 3 4
MSC MSC
BSC BSCBSC
BTS BTS BTSBTS
MS MS MS MS
1
2 3 4
● Inter-BSC, intra-MSC handover: As a BSC only controls a
limited number of cells; GSM also has to perform handovers
between cells controlled by different BSCs. This handover then
has to be controlled by the MSC (scenario 3).
● Inter MSC handover: A handover could be required
between two cells belonging to different MSCs. Now both
MSCs perform the handover together (scenario 4).
limited number of cells; GSM also has to perform handovers
between cells controlled by different BSCs. This handover then
has to be controlled by the MSC (scenario 3).
● Inter MSC handover: A handover could be required
between two cells belonging to different MSCs. Now both
MSCs perform the handover together (scenario 4).
Handover decision
receive level
BTS
old
receive level
BTS
new
MS MS
HO_MARGIN
BTS
old
BTS
new
Handover Decision Depending on Receive Level
receive level
BTS
old
receive level
BTS
new
MS MS
HO_MARGIN
BTS
old
BTS
new
Handover Decision Depending on Receive Level
Handover procedure
HO access
BTS
old BSC
new
measurement
result
BSC
old
Link establishment
MSCMS
measurement
report
HO decision
HO required
BTS
new
HO request
resource allocation
ch. activation
ch. activation ack
HO request ack
HO command
HO command
HO command
HO complete
HO complete
clear command
clear command
clear complete
clear complete
HO access
BTS
old BSC
new
measurement
result
BSC
old
Link establishment
MSCMS
measurement
report
HO decision
HO required
BTS
new
HO request
resource allocation
ch. activation
ch. activation ack
HO request ack
HO command
HO command
HO command
HO complete
HO complete
clear command
clear command
clear complete
clear complete
Security in GSM
Security services
access control/authentication
user SIM (Subscriber Identity Module): secret PIN (personal
identification number)
SIM network: challenge response method
confidentiality
voice and signaling encrypted on the wireless link (after successful
authentication)
anonymity
temporary identity TMSI
(Temporary Mobile Subscriber Identity)
newly assigned at each new location update (LUP)
encrypted transmission
3 algorithms specified in GSM
A3 for authentication (“secret”, open interface)
A5 for encryption (standardized)
A8 for key generation (“secret”, open interface)
“secret”:
• A3 and A8
available via the
Internet
• network providers
can use stronger
mechanisms
Security services
access control/authentication
user SIM (Subscriber Identity Module): secret PIN (personal
identification number)
SIM network: challenge response method
confidentiality
voice and signaling encrypted on the wireless link (after successful
authentication)
anonymity
temporary identity TMSI
(Temporary Mobile Subscriber Identity)
newly assigned at each new location update (LUP)
encrypted transmission
3 algorithms specified in GSM
A3 for authentication (“secret”, open interface)
A5 for encryption (standardized)
A8 for key generation (“secret”, open interface)
“secret”:
• A3 and A8
available via the
Internet
• network providers
can use stronger
mechanisms
GSM - authentication
A3
RANDK
i
128 bit 128 bit
SRES* 32 bit
A3
RAND K
i
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES
32 bit
mobile network
SIM
AC
MSC
SIM
K
i
: individual subscriber authentication keySRES: signed response
A3
RANDK
i
128 bit 128 bit
SRES* 32 bit
A3
RAND K
i
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES
32 bit
mobile network
SIM
AC
MSC
SIM
K
i
: individual subscriber authentication keySRES: signed response
GSM - key generation and encryption
A8
RANDK
i
128 bit 128 bit
K
c
64 bit
A8
RAND K
i
128 bit 128 bit
SRES
RAND
encrypted
data
mobile network (BTS) MS with SIM
AC
BTS
SIM
A5
K
c
64 bit
A5
MS
data data
cipher
key
A8
RANDK
i
128 bit 128 bit
K
c
64 bit
A8
RAND K
i
128 bit 128 bit
SRES
RAND
encrypted
data
mobile network (BTS) MS with SIM
AC
BTS
SIM
A5
K
c
64 bit
A5
MS
data data
cipher
key
Data services in GSM I
Data transmission standardized with only 9.6 kbit/s
advanced coding allows 14.4 kbit/s
not enough for Internet and multimedia applications
HSCSD (High-Speed Circuit Switched Data)
already standardized
bundling of several time-slots to get higher
AIUR (Air Interface User Rate)
(e.g., 57.6 kbit/s using 4 slots, 14.4 each)
advantage: ready to use, constant quality, simple
disadvantage: channels blocked for voice transmission
Data transmission standardized with only 9.6 kbit/s
advanced coding allows 14.4 kbit/s
not enough for Internet and multimedia applications
HSCSD (High-Speed Circuit Switched Data)
already standardized
bundling of several time-slots to get higher
AIUR (Air Interface User Rate)
(e.g., 57.6 kbit/s using 4 slots, 14.4 each)
advantage: ready to use, constant quality, simple
disadvantage: channels blocked for voice transmission
Data services in GSM II
GPRS (General Packet Radio Service)
packet switching
using free slots only if data packets ready to send
(e.g., 115 kbit/s using 8 slots temporarily)
standardization 1998
advantage: one step towards UMTS, more flexible
disadvantage: more investment needed
GPRS network elements
GSN (GPRS Support Nodes): GGSN and SGSN
GGSN (Gateway GSN)
interworking unit between GPRS and PDN (Packet Data Network)
SGSN (Serving GSN)
supports the MS (location, billing, security)
GR (GPRS Register)
user addresses
GPRS (General Packet Radio Service)
packet switching
using free slots only if data packets ready to send
(e.g., 115 kbit/s using 8 slots temporarily)
standardization 1998
advantage: one step towards UMTS, more flexible
disadvantage: more investment needed
GPRS network elements
GSN (GPRS Support Nodes): GGSN and SGSN
GGSN (Gateway GSN)
interworking unit between GPRS and PDN (Packet Data Network)
SGSN (Serving GSN)
supports the MS (location, billing, security)
GR (GPRS Register)
user addresses
GPRS architecture and interfaces
MS
BSS GGSNSGSN
MSC
U
m
EIR
HLR/
GR
VLR
PDN
G
b
G
n
G
i
SGSN
G
n
MS
BSS GGSNSGSN
MSC
U
m
EIR
HLR/
GR
VLR
PDN
G
b
G
n
G
i
SGSN
G
n
GPRS protocol architecture
apps.
IP/X.25
LLC
GTP
MAC
radio
MAC
radio
FR
RLC BSSGP
IP/X.25
FR
U
m
G
b
G
n
L1/L2 L1/L2
MS BSS SGSN GGSN
UDP/TCP
G
i
SNDCP
RLC BSSGP IP IP
LLCUDP/TCP
SNDCP GTP
apps.
IP/X.25
LLC
GTP
MAC
radio
MAC
radio
FR
RLC BSSGP
IP/X.25
FR
U
m
G
b
G
n
L1/L2 L1/L2
MS BSS SGSN GGSN
UDP/TCP
G
i
SNDCP
RLC BSSGP IP IP
LLCUDP/TCP
SNDCP GTP
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 26
- Age 64 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
81 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
75 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
72 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
58 views
21
Know for Certain
DaveSinNM
33 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
37 views