Unit II -Mobile telecommunication systems
1,015 views
39 slides
Feb 10, 2020
Slide 1 of 39
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
About This Presentation
Mobile telecommunication systems
Slide Content
RAMCO INSTITUTE OF TECHNOLOGY
Department of Computer Science and Engineering
Academic Year: 2019- 2020 (Even Semester)
Degree, Semester & Branch: VI Semester B.E. CSE.
Course Code & Title: CS8601 Mobile Computing.
Name of the Faculty member: Dr.M.Kaliappan, Associate Professor/CSE
--------------------------------------------------------------------------------------------------------------
UNIT-II- MOBILE TELECOMMUNICATION SYSTEM
Introduction to Cellular Systems - GSM – Services & Architecture – Protocols –
Connection Establishment – Frequency Allocation – Routing – Mobility Management –
Security – GPRS- UMTS – Architecture – Handover - Security.
-------------------------------------------------------------------------------------------------------------
Credit: Jochen Schiller, “Mobile Communication”, PHI, Prasant Kumar Pattnaik,
Rajib Mall, “Fundamentals of Mobile Computing”, PHI
--------------------------------------------------------------------------------------------------------------
Objective:
To expose the students to learn the basics of the mobile telecommunication system.
Outcome:
Illustrate the generations of mobile telecommunication systems in wireless
networks
--------------------------------------------------------------------------------------------------------------
2.1 Cellular systems (8 Marks)
Cellular systems for mobile communications implement SDM. Each transmitter,
typically called a base station, covers a certain area, a cell. Figure 1 shows the cellular
system.
Figure1: Cellular system
• Partition the area into smaller regions called cells.
• Each cell gets at least one base station or tower
• Users within a cell connect to the tower and make communication.
• Base Station keep track of the calls
Department of Computer Science and Engineering
Academic Year: 2019- 2020 (Even Semester)
Degree, Semester & Branch: VI Semester B.E. CSE.
Course Code & Title: CS8601 Mobile Computing.
Name of the Faculty member: Dr.M.Kaliappan, Associate Professor/CSE
--------------------------------------------------------------------------------------------------------------
UNIT-II- MOBILE TELECOMMUNICATION SYSTEM
Introduction to Cellular Systems - GSM – Services & Architecture – Protocols –
Connection Establishment – Frequency Allocation – Routing – Mobility Management –
Security – GPRS- UMTS – Architecture – Handover - Security.
-------------------------------------------------------------------------------------------------------------
Credit: Jochen Schiller, “Mobile Communication”, PHI, Prasant Kumar Pattnaik,
Rajib Mall, “Fundamentals of Mobile Computing”, PHI
--------------------------------------------------------------------------------------------------------------
Objective:
To expose the students to learn the basics of the mobile telecommunication system.
Outcome:
Illustrate the generations of mobile telecommunication systems in wireless
networks
--------------------------------------------------------------------------------------------------------------
2.1 Cellular systems (8 Marks)
Cellular systems for mobile communications implement SDM. Each transmitter,
typically called a base station, covers a certain area, a cell. Figure 1 shows the cellular
system.
Figure1: Cellular system
• Partition the area into smaller regions called cells.
• Each cell gets at least one base station or tower
• Users within a cell connect to the tower and make communication.
• Base Station keep track of the calls
Goal
– The goal is never to use the same frequency at the same time within the
interference range.
– Two possible models create the cell patterns with minimal interference in
which Cells are combined in clusters.
• 3 cell cluster
– All cells within a cluster use disjointed sets of frequencies.
– One cell in the cluster uses set f1, another cell f2, and the third cell f3.
– This pattern shows the repetition of the same frequency sets.
– To reduce interference further sectorized antennas can be used.
– Figure shows the use of three sectors per cell in a cluster with three cells
• Dynamic Channel allocation(DCA)
• Channels are not permanently allocated to the cells. When a User
makes a call request then Base Station (BS) send that request to the
Mobile Station Center (MSC) for the allocation of channels or voice
channels.
• It is Digital Enhanced Cordless Telecommunications(DECT
• Cell planning faces another problem – the cell size depends on the current load.
• While a cell can cover a larger area under a light load, it shrinks if the load
increases.
• Figure illustrates this phenomenon with a user transmitting a high bit rate stream
(video stream) within a CDM cell. The cell shrink
• This additional two user‟s drop out of the cell after shrinking that is shown in
Figure 2.
Figure2: Cell shrinking
• Typical Cell sizes
– Tens of meters in buildings
– some cites few hundred meters
– country side few tens of kilometers
– The goal is never to use the same frequency at the same time within the
interference range.
– Two possible models create the cell patterns with minimal interference in
which Cells are combined in clusters.
• 3 cell cluster
– All cells within a cluster use disjointed sets of frequencies.
– One cell in the cluster uses set f1, another cell f2, and the third cell f3.
– This pattern shows the repetition of the same frequency sets.
– To reduce interference further sectorized antennas can be used.
– Figure shows the use of three sectors per cell in a cluster with three cells
• Dynamic Channel allocation(DCA)
• Channels are not permanently allocated to the cells. When a User
makes a call request then Base Station (BS) send that request to the
Mobile Station Center (MSC) for the allocation of channels or voice
channels.
• It is Digital Enhanced Cordless Telecommunications(DECT
• Cell planning faces another problem – the cell size depends on the current load.
• While a cell can cover a larger area under a light load, it shrinks if the load
increases.
• Figure illustrates this phenomenon with a user transmitting a high bit rate stream
(video stream) within a CDM cell. The cell shrink
• This additional two user‟s drop out of the cell after shrinking that is shown in
Figure 2.
Figure2: Cell shrinking
• Typical Cell sizes
– Tens of meters in buildings
– some cites few hundred meters
– country side few tens of kilometers
Advantages of cellular systems (2 Marks)
• Higher capacity: Implementing SDM allows frequency reuse
• Less transmission power: While power aspects are not a big problem for base
stations
• It deals interference
• Robustness: Cellular systems are decentralized and so, more robust against the
failure of single components. If one antenna fails, this only influences
communication within a small area
Disadvantages or Problems (2 Marks)
• Infrastructure needed: Cellular systems need a complex infrastructure to connect all
base stations. This includes many antennas, switches for call forwarding, GPS to
find a mobile station etc, which makes the whole system quite expensive
• Handover (changing from one cell to another) necessary
• Frequency planning: To avoid interference between transmitters using the same
frequencies, frequencies have to be distributed carefully.
• Cell planning: The cell size depends on the current load
Other common channel
Figure3: Different types of channel
2.2 GSM
What is GSM? (2 Marks)
Global System for Mobile (GSM) is a second generation cellular standard developed to
cater voice services and data service using digital modulation
• Cellular Generation in Wireless Networks
– 1st Generation of Cellular Communication (AMPS, TACS)
– 2
nd
Generation of TDMA , GSM
– 3
rd
Generation WCDMA
– 4
th
Generation LTE
• Higher capacity: Implementing SDM allows frequency reuse
• Less transmission power: While power aspects are not a big problem for base
stations
• It deals interference
• Robustness: Cellular systems are decentralized and so, more robust against the
failure of single components. If one antenna fails, this only influences
communication within a small area
Disadvantages or Problems (2 Marks)
• Infrastructure needed: Cellular systems need a complex infrastructure to connect all
base stations. This includes many antennas, switches for call forwarding, GPS to
find a mobile station etc, which makes the whole system quite expensive
• Handover (changing from one cell to another) necessary
• Frequency planning: To avoid interference between transmitters using the same
frequencies, frequencies have to be distributed carefully.
• Cell planning: The cell size depends on the current load
Other common channel
Figure3: Different types of channel
2.2 GSM
What is GSM? (2 Marks)
Global System for Mobile (GSM) is a second generation cellular standard developed to
cater voice services and data service using digital modulation
• Cellular Generation in Wireless Networks
– 1st Generation of Cellular Communication (AMPS, TACS)
– 2
nd
Generation of TDMA , GSM
– 3
rd
Generation WCDMA
– 4
th
Generation LTE
• 2
nd
Generation services
– SMS(Short Message Services)
– Multi Party Calling
– Call holding
– Call waiting
– Mobile data service
– Mobile fax service
– Call line identity
– Advice of charging
– Cell broadcast
2.2.1 GSM History
• Developed by groupe spéciale mobile (GSM)(founded 1982) which was an
initiative of CEPT ( Conference of European Post and Telecommunication )
• Aim : to replace the incompatible analog system
• Presently the responsibility of GSM standardization resides with ETSI ( European
telecommunication Standards Institute )
• Under ETSI, GSM is named as “ Global System for Mobile communication”
• Full set of specifications became available in 1990
• GSM is a typical second generation system, replacing the first generation analog
systems, but not offering the high worldwide data rates.
• GSM operates either 900MHZ or 1800 MHZ
• American continent (USA and Canada) uses the 850MHZ and 1900 MHZ bands.
• In the 900 MHZ, 890–915 MHz for uplinks and 935–960 MHz for downlinks
• GSM is a circuit-switched system that divides each 200 kHz channel into eight 25
kHz time-slots.
• GSM makes use of Time Division Multiple Access (TDMA) technique for
transmitting signals
• Today many providers all over the world use GSM (more than 135 countries in
Asia, Africa, Europe, Australia, America)
• More than 1300 million subscribers in world and 45 million subscriber in India
2.2.2 Why GSM? Or Features of GSM (2 Marks)
• Improved spectrum efficiency
• International roaming
• Low-cost mobile sets and base stations (BSs)
• High-quality speech
• Compatibility with Integrated Services Digital Network (ISDN) and other telephone
company services
nd
Generation services
– SMS(Short Message Services)
– Multi Party Calling
– Call holding
– Call waiting
– Mobile data service
– Mobile fax service
– Call line identity
– Advice of charging
– Cell broadcast
2.2.1 GSM History
• Developed by groupe spéciale mobile (GSM)(founded 1982) which was an
initiative of CEPT ( Conference of European Post and Telecommunication )
• Aim : to replace the incompatible analog system
• Presently the responsibility of GSM standardization resides with ETSI ( European
telecommunication Standards Institute )
• Under ETSI, GSM is named as “ Global System for Mobile communication”
• Full set of specifications became available in 1990
• GSM is a typical second generation system, replacing the first generation analog
systems, but not offering the high worldwide data rates.
• GSM operates either 900MHZ or 1800 MHZ
• American continent (USA and Canada) uses the 850MHZ and 1900 MHZ bands.
• In the 900 MHZ, 890–915 MHz for uplinks and 935–960 MHz for downlinks
• GSM is a circuit-switched system that divides each 200 kHz channel into eight 25
kHz time-slots.
• GSM makes use of Time Division Multiple Access (TDMA) technique for
transmitting signals
• Today many providers all over the world use GSM (more than 135 countries in
Asia, Africa, Europe, Australia, America)
• More than 1300 million subscribers in world and 45 million subscriber in India
2.2.2 Why GSM? Or Features of GSM (2 Marks)
• Improved spectrum efficiency
• International roaming
• Low-cost mobile sets and base stations (BSs)
• High-quality speech
• Compatibility with Integrated Services Digital Network (ISDN) and other telephone
company services
• Support for new service
2.2.3 GSM services (8 Marks)
• Bearer service
• Tele service
• Supplementary service
• Bearer service
• It gives the subscribers the capability to send and receive data to/from
remote computers
• It enable transmission of data between GSM and other networks like PSTN,
ISDN etc
• It supports data rate 300bps to 9.6kpbs, SMS, email and internet access.
• This service implemented in lower three layers of OSI reference model.
• It provides users with capability to execute remote application
• It support either transparent or non-transparent mode of data transmission
• The transparent mode use the functions of physical layer for data
transmission(Constant delay and throughput)
• Forward Error Correction mechanism used to increase the quality of data
transmission
• Non transparent use the protocol of second and third layer to implement
error correction and flow control
• Tele service (2 Marks)
• GSM provides both the voice oriented teleservice and non-voice teleservice
• Telephony
• GSM provides high quality digital transmission, offering bandwidth
of 3.1KHZ of analog phone system
• Special codecs used for voice transmission and , other codecs used
for analog data communication with modem used in Fax machine
• Emergency number
• The same number (101) is used throughout an area with free of cost,
provided by all service providers
• This number connection will be setup automatically with closest
emergency centre
• Short Message service
• It offers transmission of text message of size up to 160 characters.
• SMS service use signalling channels and duplex system for sending
and receiving SMS message
• Fax
2.2.3 GSM services (8 Marks)
• Bearer service
• Tele service
• Supplementary service
• Bearer service
• It gives the subscribers the capability to send and receive data to/from
remote computers
• It enable transmission of data between GSM and other networks like PSTN,
ISDN etc
• It supports data rate 300bps to 9.6kpbs, SMS, email and internet access.
• This service implemented in lower three layers of OSI reference model.
• It provides users with capability to execute remote application
• It support either transparent or non-transparent mode of data transmission
• The transparent mode use the functions of physical layer for data
transmission(Constant delay and throughput)
• Forward Error Correction mechanism used to increase the quality of data
transmission
• Non transparent use the protocol of second and third layer to implement
error correction and flow control
• Tele service (2 Marks)
• GSM provides both the voice oriented teleservice and non-voice teleservice
• Telephony
• GSM provides high quality digital transmission, offering bandwidth
of 3.1KHZ of analog phone system
• Special codecs used for voice transmission and , other codecs used
for analog data communication with modem used in Fax machine
• Emergency number
• The same number (101) is used throughout an area with free of cost,
provided by all service providers
• This number connection will be setup automatically with closest
emergency centre
• Short Message service
• It offers transmission of text message of size up to 160 characters.
• SMS service use signalling channels and duplex system for sending
and receiving SMS message
• Fax
• Fax service transmit modem fax data as digital data over analog
telephone network
• List of emergency/rescue/management contact numbers currently in
operation in India
100 Police
102 Ambulance
101 Fire
108 Disaster management
181 Women's helpline
1097 AIDS helpline
1098 Child abuse hotline
+91 9540161344 Air ambulance
• Supplementary service
– GSM provide Supplementary services like user identification, call
redirection, and forwarding on-going calls
2.2.4 GSM Architecture (16 Marks)
• GSM system consists of three subsystems,
– Radio subsystem (RSS)
– Network and Switching subsystem (NSS)
– Operation subsystem (OSS)
Figure 4 : Architecture of GSM
telephone network
• List of emergency/rescue/management contact numbers currently in
operation in India
100 Police
102 Ambulance
101 Fire
108 Disaster management
181 Women's helpline
1097 AIDS helpline
1098 Child abuse hotline
+91 9540161344 Air ambulance
• Supplementary service
– GSM provide Supplementary services like user identification, call
redirection, and forwarding on-going calls
2.2.4 GSM Architecture (16 Marks)
• GSM system consists of three subsystems,
– Radio subsystem (RSS)
– Network and Switching subsystem (NSS)
– Operation subsystem (OSS)
Figure 4 : Architecture of GSM
2.2.4.1 GSM network areas
• Cell: Cell is the basic service area; one BTS covers one cell. Each cell is given a
Cell Global Identity (CGI), a number that uniquely identifies the cell.
• Location Area: A group of cells form a Location Area (LA).Each LA is assigned a
Location Area Identity (LAI). Each LA is served by one or more BSCs.
• MSC/VLR Service Area: The area covered by one MSC is called the MSC/VLR
service area.
• PLMN: The area covered by one network operator is called the Public Land Mobile
Network (PLMN). A PLMN can contain one or more MSCs.
2.2.4.2 Radio subsystem (RSS) comprises
– Mobile stations (MS)
– Base station subsystem (BSS)
• Base transceiver station (BTS)
• Base station controller (BSC)
– Um interface – all mechanisms for wireless transmission (TDMA, FDMA etc.)
– Abis interface – 16 or 64 kbits/s connections
– Mobile station
• Cell phone contains two major components : Subscriber identity
module(SIM), mobile device
• SIM
• SIM contains subscription information of Subscriber and hold
key information that activate the phone‟
• SIM contains microcontroller to store and receive data from the
flash storage.
• Identification information stored SIM‟s ROM.
• Additional flash memory is included for storing other
information like address, pictures , audio and video
• SIM card contains other identifiers like card type, serial number,
a list of subscribed services, personal identity number(PIN)
• Each mobile device has unique identifier that is known as International
Mobile Station Equipment Identity (IMEI)
2.2.4.2.1 Vital addresses and identifiers are used in GSM
• International Mobile Station Equipment Identity (IMEI)
• International Mobile Subscriber Identity (IMSI)
• Mobile Subscriber ISDN Number (MSISDN)
• Mobile Station Roaming Number (MSRN)
• Location Area Identity (LAI)
• Temporary Mobile Subscriber Identity (TMSI)
• Cell: Cell is the basic service area; one BTS covers one cell. Each cell is given a
Cell Global Identity (CGI), a number that uniquely identifies the cell.
• Location Area: A group of cells form a Location Area (LA).Each LA is assigned a
Location Area Identity (LAI). Each LA is served by one or more BSCs.
• MSC/VLR Service Area: The area covered by one MSC is called the MSC/VLR
service area.
• PLMN: The area covered by one network operator is called the Public Land Mobile
Network (PLMN). A PLMN can contain one or more MSCs.
2.2.4.2 Radio subsystem (RSS) comprises
– Mobile stations (MS)
– Base station subsystem (BSS)
• Base transceiver station (BTS)
• Base station controller (BSC)
– Um interface – all mechanisms for wireless transmission (TDMA, FDMA etc.)
– Abis interface – 16 or 64 kbits/s connections
– Mobile station
• Cell phone contains two major components : Subscriber identity
module(SIM), mobile device
• SIM
• SIM contains subscription information of Subscriber and hold
key information that activate the phone‟
• SIM contains microcontroller to store and receive data from the
flash storage.
• Identification information stored SIM‟s ROM.
• Additional flash memory is included for storing other
information like address, pictures , audio and video
• SIM card contains other identifiers like card type, serial number,
a list of subscribed services, personal identity number(PIN)
• Each mobile device has unique identifier that is known as International
Mobile Station Equipment Identity (IMEI)
2.2.4.2.1 Vital addresses and identifiers are used in GSM
• International Mobile Station Equipment Identity (IMEI)
• International Mobile Subscriber Identity (IMSI)
• Mobile Subscriber ISDN Number (MSISDN)
• Mobile Station Roaming Number (MSRN)
• Location Area Identity (LAI)
• Temporary Mobile Subscriber Identity (TMSI)
• Local Mobile Subscriber Identity (LMSI)
• Cell Identifier (CI)
2.2.4.2.2 IMEI
– IMEI looks like a serial number which distinctively identifies a mobile station
internationally.
– This is allocated by the equipment manufacturer and registered by the network
operator, who stores it in the Equipment Identity Register (EIR).
– gives clues about the manufacturer and the date of manufacturing
– Parts of IMEI:
– Type Approval Code (TAC) : 6 decimal places, centrally assigned.
– Final Assembly Code (FAC) : 6 decimal places, assigned by the
manufacturer.
– Serial Number (SNR) : 6 decimal places, assigned by the manufacturer.
– Spare (SP) : 1 decimal place.
– IMEI = TAC + FAC + SNR + SP.
2.2.4.2.3 International Mobile Subscriber Identity (IMSI)
– Every registered user has an original IMSI with a valid IMEI stored in their
SIM.
– IMSI comprises of the following parts:
• Mobile Country Code (MCC) : 3 decimal places, internationally
standardized.
• Mobile Network Code (MNC) : 2 decimal places, for unique
identification of mobile network within the country.
• Mobile Subscriber Identification Number (MSIN) : Maximum 10
decimal places, identification number of the subscriber in the home
mobile network
MCC 405 India(Chennai)
MNC 04 RelienceCom
MSIN 123456789
2.2.4.2.4 Mobile Subscriber ISDN Number (MSISDN)
– The authentic telephone number of a mobile station is the Mobile Subscriber ISDN
Number (MSISDN). Based on the SIM, a mobile station can have many MSISDNs.
– Country Code (CC) : Up to 3 decimal places.
– National Destination Code (NDC) : Typically 2-3 decimal places.
– Subscriber Number (SN) : Maximum 10 decimal places.
• MSISDN: 919003613335
• CC India 91
• Cell Identifier (CI)
2.2.4.2.2 IMEI
– IMEI looks like a serial number which distinctively identifies a mobile station
internationally.
– This is allocated by the equipment manufacturer and registered by the network
operator, who stores it in the Equipment Identity Register (EIR).
– gives clues about the manufacturer and the date of manufacturing
– Parts of IMEI:
– Type Approval Code (TAC) : 6 decimal places, centrally assigned.
– Final Assembly Code (FAC) : 6 decimal places, assigned by the
manufacturer.
– Serial Number (SNR) : 6 decimal places, assigned by the manufacturer.
– Spare (SP) : 1 decimal place.
– IMEI = TAC + FAC + SNR + SP.
2.2.4.2.3 International Mobile Subscriber Identity (IMSI)
– Every registered user has an original IMSI with a valid IMEI stored in their
SIM.
– IMSI comprises of the following parts:
• Mobile Country Code (MCC) : 3 decimal places, internationally
standardized.
• Mobile Network Code (MNC) : 2 decimal places, for unique
identification of mobile network within the country.
• Mobile Subscriber Identification Number (MSIN) : Maximum 10
decimal places, identification number of the subscriber in the home
mobile network
MCC 405 India(Chennai)
MNC 04 RelienceCom
MSIN 123456789
2.2.4.2.4 Mobile Subscriber ISDN Number (MSISDN)
– The authentic telephone number of a mobile station is the Mobile Subscriber ISDN
Number (MSISDN). Based on the SIM, a mobile station can have many MSISDNs.
– Country Code (CC) : Up to 3 decimal places.
– National Destination Code (NDC) : Typically 2-3 decimal places.
– Subscriber Number (SN) : Maximum 10 decimal places.
• MSISDN: 919003613335
• CC India 91
• NDC Tamilnadu 900
• SN Subscriber's number 3613335
2.2.4.2.5 Mobile Station Roaming Number (MSRN)
– It is an interim location dependent ISDN number, assigned to a mobile station by a
regionally responsible Visitor Location Register (VLR).
• The MSRN has the same structure as the MSISDN.
– Country Code (CC) : of the visited network.
– National Destination Code (NDC) : of the visited network.
– Subscriber Number (SN) : in the current mobile network.
2.2.4.2 Location Area Identity (LAI)
• Within a PLMN, a Location Area identifies its own authentic Location Area
Identity (LAI).
• The LAI hierarchy is based on international standard
– Country Code (CC) : 3 decimal places.
– Mobile Network Code (MNC) : 2 decimal places.
– Location Area Code (LAC) : maximum 5 decimal places
• Temporary Mobile Subscriber Identity (TMSI)
– TMSI can be assigned by the VLR, which is responsible for the current
location of a subscriber when MS is roaming.
• Local Mobile Subscriber Identity (LMSI)
– Each mobile station can be assigned with a Local Mobile Subscriber
Identity (LMSI), which is an original key, by the VLR.
– This key can be used as the auxiliary searching key for each mobile station
within its region
• Cell Identifier (CI)
– A Cell Identifier (CI) used to identify the individual cells within an LA .
2.2.4.3 Base Station subsystems
• A GSM networks comprises many BSSs
• Each BSS consists of a Base station controller (BSC) and several Base Transceiver
stations (BTSs).
• BSS performs all functions necessary to maintain radio connection to MS as well as
does coding/decoding of voice
• Base station controller (BSC)
• A BTS comprises all radio equipment such as antenna, signal processors,
and amplifiers for radio transmission
• It encodes the received signal, modulate it on a carrier wave and feeds the
RF signal to antenna.
• It communicate with both MS and BSC
• SN Subscriber's number 3613335
2.2.4.2.5 Mobile Station Roaming Number (MSRN)
– It is an interim location dependent ISDN number, assigned to a mobile station by a
regionally responsible Visitor Location Register (VLR).
• The MSRN has the same structure as the MSISDN.
– Country Code (CC) : of the visited network.
– National Destination Code (NDC) : of the visited network.
– Subscriber Number (SN) : in the current mobile network.
2.2.4.2 Location Area Identity (LAI)
• Within a PLMN, a Location Area identifies its own authentic Location Area
Identity (LAI).
• The LAI hierarchy is based on international standard
– Country Code (CC) : 3 decimal places.
– Mobile Network Code (MNC) : 2 decimal places.
– Location Area Code (LAC) : maximum 5 decimal places
• Temporary Mobile Subscriber Identity (TMSI)
– TMSI can be assigned by the VLR, which is responsible for the current
location of a subscriber when MS is roaming.
• Local Mobile Subscriber Identity (LMSI)
– Each mobile station can be assigned with a Local Mobile Subscriber
Identity (LMSI), which is an original key, by the VLR.
– This key can be used as the auxiliary searching key for each mobile station
within its region
• Cell Identifier (CI)
– A Cell Identifier (CI) used to identify the individual cells within an LA .
2.2.4.3 Base Station subsystems
• A GSM networks comprises many BSSs
• Each BSS consists of a Base station controller (BSC) and several Base Transceiver
stations (BTSs).
• BSS performs all functions necessary to maintain radio connection to MS as well as
does coding/decoding of voice
• Base station controller (BSC)
• A BTS comprises all radio equipment such as antenna, signal processors,
and amplifiers for radio transmission
• It encodes the received signal, modulate it on a carrier wave and feeds the
RF signal to antenna.
• It communicate with both MS and BSC
• A BSC manages the radio resources of the BTSs.
• It assigns frequency and time slots for MSs in the area.
• It manages the handoff from one BTS to another BTS.
2.2.4.4 Network and switching subsystem
• The NSS connects the wireless network with standard public networks,
performs handovers between different BSSs, comprises functions for worldwide
localization of users and supports charging, accounting, and roaming of users
between different providers in different countries.
• Mobile services switching center (MSC):
• MSCs are high-performance digital ISDN switches. They set up
connections to other MSCs and to the BSCs via the A interface.
• MSC manages several BSCs in a geographical region. A gateway MSC
(GMSC) has additional connections to other fixed networks, such as
PSTN and ISDN.
• An MSC handles standard signaling system (SS7) needed for connection
setup, connection release and handover of connections to other MSCs.
• SS7 covers control signaling for digital networks (reliable routing and
delivery of control messages, establishing and monitoring of calls).
• Features of SS7 are
• number portability,
• free phone/toll/collect/credit calls,
• call forwarding,
• three-way calling
• Home location register (HLR):
• The HLR is a database in a GSM system as it stores all user-relevant
information.
• This comprises static information, such as the mobile subscriber ISDN
number (MSISDN), subscribed services (e.g., call forwarding, roaming
restrictions), and the international mobile subscriber identity (IMSI).
• Dynamic information is also needed, e.g., the current location area (LA)
of the MS, the mobile subscriber roaming number (MSRN), the current
VLR and MSC.
• As soon as an MS leaves its current LA, the information in the HLR is
updated. This information is necessary to localize a user in the worldwide
GSM network.
• HLRs can manage data for several million customers and contain highly
specialized data bases
• It assigns frequency and time slots for MSs in the area.
• It manages the handoff from one BTS to another BTS.
2.2.4.4 Network and switching subsystem
• The NSS connects the wireless network with standard public networks,
performs handovers between different BSSs, comprises functions for worldwide
localization of users and supports charging, accounting, and roaming of users
between different providers in different countries.
• Mobile services switching center (MSC):
• MSCs are high-performance digital ISDN switches. They set up
connections to other MSCs and to the BSCs via the A interface.
• MSC manages several BSCs in a geographical region. A gateway MSC
(GMSC) has additional connections to other fixed networks, such as
PSTN and ISDN.
• An MSC handles standard signaling system (SS7) needed for connection
setup, connection release and handover of connections to other MSCs.
• SS7 covers control signaling for digital networks (reliable routing and
delivery of control messages, establishing and monitoring of calls).
• Features of SS7 are
• number portability,
• free phone/toll/collect/credit calls,
• call forwarding,
• three-way calling
• Home location register (HLR):
• The HLR is a database in a GSM system as it stores all user-relevant
information.
• This comprises static information, such as the mobile subscriber ISDN
number (MSISDN), subscribed services (e.g., call forwarding, roaming
restrictions), and the international mobile subscriber identity (IMSI).
• Dynamic information is also needed, e.g., the current location area (LA)
of the MS, the mobile subscriber roaming number (MSRN), the current
VLR and MSC.
• As soon as an MS leaves its current LA, the information in the HLR is
updated. This information is necessary to localize a user in the worldwide
GSM network.
• HLRs can manage data for several million customers and contain highly
specialized data bases
• Visitor location register (VLR):
• The VLR associated to each MSC is a dynamic database which stores all
important information needed for the MS users currently in the LA that is
associated to the MSC (e.g., IMSI, MSISDN, HLR address).
• If a new MS comes into an LA, the VLR is responsible for, it copies all
relevant information for this user from the HLR.
• The use of HLR and VLR for user localization.
• Some VLRs in existence, are capable of managing up to one million
customers
2.2.4.5 Operation subsystem (OSS)
• The OSS contains the necessary functions for network operation and
maintenance.
• The OSS possesses network entities of its own and accesses other entities via
SS7 signaling.
• Operation and maintenance center (OMC):
• The OMC monitors and controls all other network entities via the O
interface (SS7 with X.25).
• Typical OMC management functions are
• traffic monitoring,
• status reports of network entities,
• subscriber and security management,
• Accounting and billing.
• Equipment identity register (EIR):
• The EIR is a database for all IMEIs, i.e., it stores all device identifications
registered for this network.
• As MSs are mobile, they can be easily stolen. With a valid SIM, anyone
could use the stolen MS.
• The EIR has a blacklist of stolen (or locked) devices.
• The EIR also contains a list of valid IMEIs (white list), and a list of
malfunctioning devices (gray list).
• The VLR associated to each MSC is a dynamic database which stores all
important information needed for the MS users currently in the LA that is
associated to the MSC (e.g., IMSI, MSISDN, HLR address).
• If a new MS comes into an LA, the VLR is responsible for, it copies all
relevant information for this user from the HLR.
• The use of HLR and VLR for user localization.
• Some VLRs in existence, are capable of managing up to one million
customers
2.2.4.5 Operation subsystem (OSS)
• The OSS contains the necessary functions for network operation and
maintenance.
• The OSS possesses network entities of its own and accesses other entities via
SS7 signaling.
• Operation and maintenance center (OMC):
• The OMC monitors and controls all other network entities via the O
interface (SS7 with X.25).
• Typical OMC management functions are
• traffic monitoring,
• status reports of network entities,
• subscriber and security management,
• Accounting and billing.
• Equipment identity register (EIR):
• The EIR is a database for all IMEIs, i.e., it stores all device identifications
registered for this network.
• As MSs are mobile, they can be easily stolen. With a valid SIM, anyone
could use the stolen MS.
• The EIR has a blacklist of stolen (or locked) devices.
• The EIR also contains a list of valid IMEIs (white list), and a list of
malfunctioning devices (gray list).
2.2.5 GSM Protocol Stack (8 Marks)
• GSM protocol stack which covers Layer-1, Layer-2 and Layer-3 modules of
MS(Mobile Station),BTS(Base Transceiver Station),BSC(Base Station Controller)
and MSC(Mobile Switching Center).
Figure 5 : GSM Protocol stack
GSM signaling protocol will be assembled into three layers
• Layer 1 :
– Physical layer. It makes use of the channel structures over the air interface.
– Layer 1 defines the electrical, mechanical, and functional specifications for
activating, maintaining, and deactivating the physical link between end systems.
– Layer 1 device: HUB, NIC, Repeater
– It links all the devices connected to it and forms a single
– FDMA/TDMA is the air interface (radio), also called Um interface.
– At MS, FDMA/TDMA is used which is also followed at BTS, BTS takes this
format from MS and convert it to 64kbps digital format for the digital link and
interfaces with BSC.
– BSC communicates with MSC in the same format.
Figure 6 : Example of Layer 1
• GSM protocol stack which covers Layer-1, Layer-2 and Layer-3 modules of
MS(Mobile Station),BTS(Base Transceiver Station),BSC(Base Station Controller)
and MSC(Mobile Switching Center).
Figure 5 : GSM Protocol stack
GSM signaling protocol will be assembled into three layers
• Layer 1 :
– Physical layer. It makes use of the channel structures over the air interface.
– Layer 1 defines the electrical, mechanical, and functional specifications for
activating, maintaining, and deactivating the physical link between end systems.
– Layer 1 device: HUB, NIC, Repeater
– It links all the devices connected to it and forms a single
– FDMA/TDMA is the air interface (radio), also called Um interface.
– At MS, FDMA/TDMA is used which is also followed at BTS, BTS takes this
format from MS and convert it to 64kbps digital format for the digital link and
interfaces with BSC.
– BSC communicates with MSC in the same format.
Figure 6 : Example of Layer 1
• Layer 2 :
– Layer 2 operates at Data-link layer. Ex: switch
– Layer 2 defines how data is formatted for transmission and how access to
the physical media is controlled.
– It perform three functions such as Establish, maintain and tear down the
link, Flow control, Error detection
– Data-link layer. Across the Um interface, data-link layer is a Link access
protocol for D channel (LAP-D) protocol used in ISDN.
– Across the A interface, the Message Transfer Part (MTP), Layer 2 of SS7 is
used.
Figure 7: Example of Layer2
• Layer 3 :
– The network layer provides connectivity and path selection between two
host systems that might be located on geographically separated networks.
– EX: Router
– It can be divided into three sub-layers:
• Radio Resource Management (RR),
• Mobility Management (MM),
• Connection Management (CM).
Figure 8: Example of Layer3
– Layer 2 operates at Data-link layer. Ex: switch
– Layer 2 defines how data is formatted for transmission and how access to
the physical media is controlled.
– It perform three functions such as Establish, maintain and tear down the
link, Flow control, Error detection
– Data-link layer. Across the Um interface, data-link layer is a Link access
protocol for D channel (LAP-D) protocol used in ISDN.
– Across the A interface, the Message Transfer Part (MTP), Layer 2 of SS7 is
used.
Figure 7: Example of Layer2
• Layer 3 :
– The network layer provides connectivity and path selection between two
host systems that might be located on geographically separated networks.
– EX: Router
– It can be divided into three sub-layers:
• Radio Resource Management (RR),
• Mobility Management (MM),
• Connection Management (CM).
Figure 8: Example of Layer3
• MS to BTS Protocols
– RR layer is the lower layer which manages a link, both radio and fixed,
between MS and MSC.
– RR layer is to manage the RR-session.
– MM layer handle the functions that arise from the mobility of the subscriber
and also the authentication and security aspects.
– MM provide Location management which enable the system to identify the
current location of a MS .
• CM is responsible for Call Control, Supplementary Service
Management, and Short Message Service Management.
• Other functions of the CC sublayer include
– call establishment,
– selection of the type of service
– call release.
• BSC Protocols
– Abis interface is used between BTS and BSC. At this level, radio resources
at the lower portion of Layer 3 will be changed from RR to Base
Transceiver Station Management (BTSM).
– BTS management layer is a relay function at BTS to BSC
– RR protocols will be responsible for the allocation and reallocation of traffic
channels between MS and BTS
– BSC has some radio resource management in place for the frequency
coordination, frequency allocation and management of the overall network
layer for the Layer 2 interfaces.
• MSC Protocols
– Base Station System Management Application Part (BSS MAP) will be the
equal set of radio resources.
– To find and connect to the users across the network, MSCs will interact
using the control-signalling network.
– Location registers will be included in the MSC databases to help in the role
of determining how and whether connections should be made to roaming
users
– Every GSM MS user will be given a HLR which in turn consists of the
user‟s location and subscribed services.
– VLR is a separate register used for tracking the location of a user.
– When the user moves out of the HLR covered area, VLR will be notified by
the MS to discover the location of the user.
– RR layer is the lower layer which manages a link, both radio and fixed,
between MS and MSC.
– RR layer is to manage the RR-session.
– MM layer handle the functions that arise from the mobility of the subscriber
and also the authentication and security aspects.
– MM provide Location management which enable the system to identify the
current location of a MS .
• CM is responsible for Call Control, Supplementary Service
Management, and Short Message Service Management.
• Other functions of the CC sublayer include
– call establishment,
– selection of the type of service
– call release.
• BSC Protocols
– Abis interface is used between BTS and BSC. At this level, radio resources
at the lower portion of Layer 3 will be changed from RR to Base
Transceiver Station Management (BTSM).
– BTS management layer is a relay function at BTS to BSC
– RR protocols will be responsible for the allocation and reallocation of traffic
channels between MS and BTS
– BSC has some radio resource management in place for the frequency
coordination, frequency allocation and management of the overall network
layer for the Layer 2 interfaces.
• MSC Protocols
– Base Station System Management Application Part (BSS MAP) will be the
equal set of radio resources.
– To find and connect to the users across the network, MSCs will interact
using the control-signalling network.
– Location registers will be included in the MSC databases to help in the role
of determining how and whether connections should be made to roaming
users
– Every GSM MS user will be given a HLR which in turn consists of the
user‟s location and subscribed services.
– VLR is a separate register used for tracking the location of a user.
– When the user moves out of the HLR covered area, VLR will be notified by
the MS to discover the location of the user.
2.2.6 GSM-Frequency allocation or Radio interface (8 Marks)
• GSM operates either 900MHZ or 1800 MHZ
• American continent (USA and Canada) uses the 850MHZ and 1900 MHZ bands.
• In the 900 MHZ,
– 890–915 MHz for uplinks
– 935–960 MHz for downlinks
Figure 9: Figure2: Example of Layer2
• Radio interface comprises multiplexing and media access.
• GSM implements SDMA using cells with BTS and assigns an MS to a BTS.
• Furthermore, FDD is used to separate downlink and uplink.
• Media access combines TDMA and FDMA.
• In GSM 900, 124 channels, each 200 kHz wide, are used for FDMA, whereas GSM
1800 uses, 374 channels.
• Due to technical reasons, channels 1 and 124 are not used for transmission in GSM
900.
• Typically, 32 channels are reserved for organizational data; the remaining 90 are
used for customers.
• Each BTS then manages a single channel for organizational data and, e.g., up to 10
channels for user data.
• Each 200 kHz carrier is subdivided into TDMA frames that are repeated
continuously. The duration of a frame is 4.615 ms.
• A frame is again subdivided into 8 time slots, where each slot represents a
physical TDM channel and lasts for 577 μs.
• Each TDM channel occupies the 200 kHz carrier for 577 μs every 4.615 ms.
• GSM operates either 900MHZ or 1800 MHZ
• American continent (USA and Canada) uses the 850MHZ and 1900 MHZ bands.
• In the 900 MHZ,
– 890–915 MHz for uplinks
– 935–960 MHz for downlinks
Figure 9: Figure2: Example of Layer2
• Radio interface comprises multiplexing and media access.
• GSM implements SDMA using cells with BTS and assigns an MS to a BTS.
• Furthermore, FDD is used to separate downlink and uplink.
• Media access combines TDMA and FDMA.
• In GSM 900, 124 channels, each 200 kHz wide, are used for FDMA, whereas GSM
1800 uses, 374 channels.
• Due to technical reasons, channels 1 and 124 are not used for transmission in GSM
900.
• Typically, 32 channels are reserved for organizational data; the remaining 90 are
used for customers.
• Each BTS then manages a single channel for organizational data and, e.g., up to 10
channels for user data.
• Each 200 kHz carrier is subdivided into TDMA frames that are repeated
continuously. The duration of a frame is 4.615 ms.
• A frame is again subdivided into 8 time slots, where each slot represents a
physical TDM channel and lasts for 577 μs.
• Each TDM channel occupies the 200 kHz carrier for 577 μs every 4.615 ms.
• Data is transmitted in small portions, called bursts, used for data transmission
inside a time slot (user and signaling data).
• The burst is only 546.5 μs long and contains 148 bits. The remaining 30.5 μs are
used as guard space to avoid overlapping with other bursts due to different path
delays . The whole slot with data allows for the transmission of 156.25 bit within
577 μs.
Figure 10: GSM time slot
• The first and last three bits of a normal burst (tail) are all set to 0 and can be used
to enhance the receiver performance.
• The training sequence is used to adapt the current path propagation characteristics
and to select the strongest signal in case of multi-path propagation.
• A flag S indicates whether the data field contains user or network control data.
• Apart from the normal burst, four more bursts for data transmission:
– a frequency correction burst allows the MS to avoid interference with
neighboring channels,
– a synchronization burst synchronizes the MS with the BTS in time,
– an access burst is used for the initial connection setup between MS and
BTS,
– a dummy burst is used if no data is available for a slot
• Logical channels
– The physical separation of the medium into 8*124 duplex channels,
– A physical channel consists of a slot, repeated every 4.615 ms.
– GSM specifies two basic groups of logical channels,
• traffic channels and control channels
– Traffic channels(TCH)
• GSM uses a TCH to transmit user data (e.g., voice, fax).
• Two basic categories of TCHs are followed such as full-rate TCH
(TCH/F) and half-rate TCH (TCH/H).
• A TCH/F has a data rate of 22.8 kbit/s, whereas TCH/H only has
11.4 kbit/s.
– Control channels (CCH)
inside a time slot (user and signaling data).
• The burst is only 546.5 μs long and contains 148 bits. The remaining 30.5 μs are
used as guard space to avoid overlapping with other bursts due to different path
delays . The whole slot with data allows for the transmission of 156.25 bit within
577 μs.
Figure 10: GSM time slot
• The first and last three bits of a normal burst (tail) are all set to 0 and can be used
to enhance the receiver performance.
• The training sequence is used to adapt the current path propagation characteristics
and to select the strongest signal in case of multi-path propagation.
• A flag S indicates whether the data field contains user or network control data.
• Apart from the normal burst, four more bursts for data transmission:
– a frequency correction burst allows the MS to avoid interference with
neighboring channels,
– a synchronization burst synchronizes the MS with the BTS in time,
– an access burst is used for the initial connection setup between MS and
BTS,
– a dummy burst is used if no data is available for a slot
• Logical channels
– The physical separation of the medium into 8*124 duplex channels,
– A physical channel consists of a slot, repeated every 4.615 ms.
– GSM specifies two basic groups of logical channels,
• traffic channels and control channels
– Traffic channels(TCH)
• GSM uses a TCH to transmit user data (e.g., voice, fax).
• Two basic categories of TCHs are followed such as full-rate TCH
(TCH/F) and half-rate TCH (TCH/H).
• A TCH/F has a data rate of 22.8 kbit/s, whereas TCH/H only has
11.4 kbit/s.
– Control channels (CCH)
– Many different CCHs are used in a GSM system to control medium
access, allocation of traffic channels or mobility management. Three groups
of control channels have been defined, each again with sub-channels.
• Broadcast control channel (BCCH):
– A BTS uses this channel to signal information to all MSs within a
cell. Information transmitted in this channel is, e.g., the cell
identifier, and frequencies available inside the cell and in
neighboring cells.
– The BTS sends information for frequency correction via the
frequency correction channel (FCCH) and information about
time synchronization via the synchronization channel (SCH),
where both channels are sub-channels of the BCCH.
• Common control channel (CCCH):
– All information regarding connection setup between MS and BS is
exchanged via the CCCH.
– For calls toward an MS, the BTS uses the paging channel (PCH)
for paging the appropriate MS.
– If an MS wants to set up a call, it uses the random access channel
(RACH) to send data to the BTS.
– The BTS uses the access grant channel (AGCH) to signal an MS
connection setup.
• Dedicated control channel (DCCH):.
– As long as an MS has not established a TCH with the BTS, it uses
the stand-alone dedicated control channel (SDCCH) with a low
data rate (782 bit/s) for signaling.
– This can comprise authentication, registration or other data needed
for setting up a TCH
Figure 11: GSM Frame structure
access, allocation of traffic channels or mobility management. Three groups
of control channels have been defined, each again with sub-channels.
• Broadcast control channel (BCCH):
– A BTS uses this channel to signal information to all MSs within a
cell. Information transmitted in this channel is, e.g., the cell
identifier, and frequencies available inside the cell and in
neighboring cells.
– The BTS sends information for frequency correction via the
frequency correction channel (FCCH) and information about
time synchronization via the synchronization channel (SCH),
where both channels are sub-channels of the BCCH.
• Common control channel (CCCH):
– All information regarding connection setup between MS and BS is
exchanged via the CCCH.
– For calls toward an MS, the BTS uses the paging channel (PCH)
for paging the appropriate MS.
– If an MS wants to set up a call, it uses the random access channel
(RACH) to send data to the BTS.
– The BTS uses the access grant channel (AGCH) to signal an MS
connection setup.
• Dedicated control channel (DCCH):.
– As long as an MS has not established a TCH with the BTS, it uses
the stand-alone dedicated control channel (SDCCH) with a low
data rate (782 bit/s) for signaling.
– This can comprise authentication, registration or other data needed
for setting up a TCH
Figure 11: GSM Frame structure
• GSM frame
– TDMA frames containing (signaling) data and other logical channels are
combined to a control multi-frame.
– Control multi-frames consist of 51 TDMA frames and have a duration of
235.4 ms.
– This logical frame combining 26 multi-frames with 51 frames or 51 multi-
frames with 26 frames to form a super frame. 2,048 super frames build a
hyper frame with duration of almost 3.5 hours.
– Altogether, 2,715,648 TDMA frames form a hyper frame.
– This large logical structure is needed for encryption
2.2.7 Mobility Management or GSM Handover (8 Marks)
• Handover ( 2Marks)
– Handover occurs when the mobile station moves out of the coverage of the
one BTS but into another BTS controlled by the same BTS.
• only up to 35 km around each antenna on the countryside and some hundred meters
in Cities
• There are two basic reasons for a handover:
– The mobile station moves out of the range of a BTS. The received signal
level decreases continuously until it falls below the minimal requirements
for communication.
– The wired infrastructure (MSC, BSC) may decide that the traffic in one cell
is too high and shift some MS to other cells with a lower load (if
possible). Handover may be due to load balancing.
– all these effects may diminish the quality of the radio link and make
radio transmission impossible in the near future
• Handover decision depending on receive level
Figure 12 : Handover
– TDMA frames containing (signaling) data and other logical channels are
combined to a control multi-frame.
– Control multi-frames consist of 51 TDMA frames and have a duration of
235.4 ms.
– This logical frame combining 26 multi-frames with 51 frames or 51 multi-
frames with 26 frames to form a super frame. 2,048 super frames build a
hyper frame with duration of almost 3.5 hours.
– Altogether, 2,715,648 TDMA frames form a hyper frame.
– This large logical structure is needed for encryption
2.2.7 Mobility Management or GSM Handover (8 Marks)
• Handover ( 2Marks)
– Handover occurs when the mobile station moves out of the coverage of the
one BTS but into another BTS controlled by the same BTS.
• only up to 35 km around each antenna on the countryside and some hundred meters
in Cities
• There are two basic reasons for a handover:
– The mobile station moves out of the range of a BTS. The received signal
level decreases continuously until it falls below the minimal requirements
for communication.
– The wired infrastructure (MSC, BSC) may decide that the traffic in one cell
is too high and shift some MS to other cells with a lower load (if
possible). Handover may be due to load balancing.
– all these effects may diminish the quality of the radio link and make
radio transmission impossible in the near future
• Handover decision depending on receive level
Figure 12 : Handover
• Types of handover scenarios in GSM ( 2 Marks)
– Intra-cell handover
• Within a cell, narrow-band interference could make transmission
at a certain frequency impossible. The BSC could then decide to
change the carrier frequency (scenario 1).
– Inter-cell, intra-BSC handover
• The mobile station moves from one cell to another, but stays within
the control of the same BSC. The BSC then performs a handover,
assigns a new radio channel in the new cell and releases the old one
(scenario 2).
– Inter-BSC, intra-MSC handover
• GSM has to perform handovers between cells controlled by different
BSCs. This handover then has to be controlled by the MSC (scenario
3).
– Inter MSC handover
• A handover could be required between two cells belonging to
different MSCs. Now both MSCs perform the handover together
(scenario 4).
Figure 13: Handover scenarios in GSM
• To provide all the necessary information for a handover due to a weak link, MS and
BTS both perform periodic measurements of the downlink and uplink quality
respectively. (Link quality comprises signal level and bit error rate.)
– Intra-cell handover
• Within a cell, narrow-band interference could make transmission
at a certain frequency impossible. The BSC could then decide to
change the carrier frequency (scenario 1).
– Inter-cell, intra-BSC handover
• The mobile station moves from one cell to another, but stays within
the control of the same BSC. The BSC then performs a handover,
assigns a new radio channel in the new cell and releases the old one
(scenario 2).
– Inter-BSC, intra-MSC handover
• GSM has to perform handovers between cells controlled by different
BSCs. This handover then has to be controlled by the MSC (scenario
3).
– Inter MSC handover
• A handover could be required between two cells belonging to
different MSCs. Now both MSCs perform the handover together
(scenario 4).
Figure 13: Handover scenarios in GSM
• To provide all the necessary information for a handover due to a weak link, MS and
BTS both perform periodic measurements of the downlink and uplink quality
respectively. (Link quality comprises signal level and bit error rate.)
• Measurement reports are sent by the MS about every half-second and contain the
quality of the current link used for transmission as well as the quality of certain
channels in neighboring cells.
• An MS moves away from one BTS (BTSold) closer to another one (BTSnew). In
this case, the handover decision does not depend on the actual value of the received
signal level, but on the average value.
• Therefore, the BSC collects all values (bit error rate and signal levels from uplink
and downlink) from BTS and MS and calculates average values. These values are
then compared to thresholds (Handover margin (HO_MARGIN)
– a value which is too high could cause a cut-off, and a value which is too low
could cause too many handovers.
The task of the MSC then comprises the request of the resources needed for the
handover from the new BSC, BSCnew. This BSC checks if enough resources such
as frequencies or time slots are available and activates a physical channel at the
BTSnew to prepare for the arrival of the MS
2.2.8 Connection Establishment or Localization ( 8 Marks)
• Worldwide localization of users- The system always knows where a user currently
is, and the same phone number is valid worldwide.
• The HLR always contains information about the current location (only the location
area, not the precise geographical location), and the VLR currently responsible to
informs about location changes to HLR.
• As soon as an MS moves into the range of a new VLR (a new location area), the
HLR sends all user data needed to the new VLR.
• Roaming
– Changing VLRs with uninterrupted availability of all services is also called
roaming.
• National roaming
– Roaming can take place within the network of one provider, between two
providers in one country
• International roaming
– Roaming can take place between different providers in different countries .
Several Numbers are used to locate an MS.
• Mobile station international ISDN number (MSISDN)
• International mobile subscriber identity (IMSI)
• Temporary mobile subscriber identity (TMSI)
• Mobile station roaming number (MSRN)
• Mobile Subscriber ISDN Number (MSISDN)
quality of the current link used for transmission as well as the quality of certain
channels in neighboring cells.
• An MS moves away from one BTS (BTSold) closer to another one (BTSnew). In
this case, the handover decision does not depend on the actual value of the received
signal level, but on the average value.
• Therefore, the BSC collects all values (bit error rate and signal levels from uplink
and downlink) from BTS and MS and calculates average values. These values are
then compared to thresholds (Handover margin (HO_MARGIN)
– a value which is too high could cause a cut-off, and a value which is too low
could cause too many handovers.
The task of the MSC then comprises the request of the resources needed for the
handover from the new BSC, BSCnew. This BSC checks if enough resources such
as frequencies or time slots are available and activates a physical channel at the
BTSnew to prepare for the arrival of the MS
2.2.8 Connection Establishment or Localization ( 8 Marks)
• Worldwide localization of users- The system always knows where a user currently
is, and the same phone number is valid worldwide.
• The HLR always contains information about the current location (only the location
area, not the precise geographical location), and the VLR currently responsible to
informs about location changes to HLR.
• As soon as an MS moves into the range of a new VLR (a new location area), the
HLR sends all user data needed to the new VLR.
• Roaming
– Changing VLRs with uninterrupted availability of all services is also called
roaming.
• National roaming
– Roaming can take place within the network of one provider, between two
providers in one country
• International roaming
– Roaming can take place between different providers in different countries .
Several Numbers are used to locate an MS.
• Mobile station international ISDN number (MSISDN)
• International mobile subscriber identity (IMSI)
• Temporary mobile subscriber identity (TMSI)
• Mobile station roaming number (MSRN)
• Mobile Subscriber ISDN Number (MSISDN)
• The authentic telephone number of a mobile station is the Mobile Subscriber
ISDN Number (MSISDN). Based on the SIM, a mobile station can have
many MSISDNs.
• Country Code (CC) : Up to 3 decimal places.
• National Destination Code (NDC) : Typically 2-3 decimal places.
• Subscriber Number (SN) : Maximum 10 decimal places.
• MSISDN: 919003613335
• CC India 91
• NDC Tamilnadu 900
• SN Subscriber's number 3613335
• International Mobile Subscriber Identity (IMSI)
– Every registered user has an original IMSI with a valid IMEI stored in their
SIM.
– IMSI comprises of the following parts:
• Mobile Country Code (MCC) : 3 decimal places, internationally
standardized.
• Mobile Network Code (MNC) : 2 decimal places, for unique
identification of mobile network within the country.
• Mobile Subscriber Identification Number (MSIN) : Maximum 10
decimal places, identification number of the subscriber in the home
mobile network
MCC 405 India(Chennai)
MNC 04 RelienceCom
MSIN 123456789
• Temporary Mobile Subscriber Identity (TMSI)
– TMSI can be assigned by the VLR, which is responsible for the current
location of a subscriber when MS is roaming.
• Mobile Station Roaming Number (MSRN)
– It is an interim location dependent ISDN number, assigned to a mobile
station by a regionally responsible Visitor Location Register (VLR).
– The MSRN has the same structure as the MSISDN.
• Country Code (CC) : of the visited network.
• National Destination Code (NDC) : of the visited network.
• Subscriber Number (SN) : in the current mobile network
ISDN Number (MSISDN). Based on the SIM, a mobile station can have
many MSISDNs.
• Country Code (CC) : Up to 3 decimal places.
• National Destination Code (NDC) : Typically 2-3 decimal places.
• Subscriber Number (SN) : Maximum 10 decimal places.
• MSISDN: 919003613335
• CC India 91
• NDC Tamilnadu 900
• SN Subscriber's number 3613335
• International Mobile Subscriber Identity (IMSI)
– Every registered user has an original IMSI with a valid IMEI stored in their
SIM.
– IMSI comprises of the following parts:
• Mobile Country Code (MCC) : 3 decimal places, internationally
standardized.
• Mobile Network Code (MNC) : 2 decimal places, for unique
identification of mobile network within the country.
• Mobile Subscriber Identification Number (MSIN) : Maximum 10
decimal places, identification number of the subscriber in the home
mobile network
MCC 405 India(Chennai)
MNC 04 RelienceCom
MSIN 123456789
• Temporary Mobile Subscriber Identity (TMSI)
– TMSI can be assigned by the VLR, which is responsible for the current
location of a subscriber when MS is roaming.
• Mobile Station Roaming Number (MSRN)
– It is an interim location dependent ISDN number, assigned to a mobile
station by a regionally responsible Visitor Location Register (VLR).
– The MSRN has the same structure as the MSISDN.
• Country Code (CC) : of the visited network.
• National Destination Code (NDC) : of the visited network.
• Subscriber Number (SN) : in the current mobile network
Figure 14: Mobile Terminated call(MTC)
• In step 1, a user dials the phone number of a GSM subscriber. The fixed network
(PSTN) notices (looking at the destination code) that the number belongs to a user
in the GSM network and forwards the call setup to the Gateway MSC (2).
• The GMSC identifies the HLR for the subscriber (which is coded in the phone
number) and signals the call setup to the HLR (3).
• The HLR now checks whether the number exists and whether the user has
subscribed to the requested services, and requests an MSRN from the current VLR
(4).
• After receiving the MSRN (5), the HLR can determine the MSC responsible for the
MS and forwards this information to the GMSC (6). The GMSC can now forward
the call setup request to the MSC indicated (7).
• The MSC requests the current status of the MS from the VLR (8). If the MS is
available, the MSC initiates paging in all cells it are responsible for (i.e. the location
area, LA, 10), as searching for the right cell would be too time consuming.
• The BTSs of all BSSs transmit this paging signal to the MS (11). If the MS answers
(12 and 13), the VLR has to perform security checks (set up encryption etc.).
• The VLR then signals to the MSC to set up a connection to the MS (steps 15 to 17).
It is much simpler to perform a mobile originated call (MOC) compared to a
MTC.
• The MS transmits a request for a new connection (1), the BSS forwards this request
to the MSC (2). The MSC then checks if this user is allowed to set up a call with
• In step 1, a user dials the phone number of a GSM subscriber. The fixed network
(PSTN) notices (looking at the destination code) that the number belongs to a user
in the GSM network and forwards the call setup to the Gateway MSC (2).
• The GMSC identifies the HLR for the subscriber (which is coded in the phone
number) and signals the call setup to the HLR (3).
• The HLR now checks whether the number exists and whether the user has
subscribed to the requested services, and requests an MSRN from the current VLR
(4).
• After receiving the MSRN (5), the HLR can determine the MSC responsible for the
MS and forwards this information to the GMSC (6). The GMSC can now forward
the call setup request to the MSC indicated (7).
• The MSC requests the current status of the MS from the VLR (8). If the MS is
available, the MSC initiates paging in all cells it are responsible for (i.e. the location
area, LA, 10), as searching for the right cell would be too time consuming.
• The BTSs of all BSSs transmit this paging signal to the MS (11). If the MS answers
(12 and 13), the VLR has to perform security checks (set up encryption etc.).
• The VLR then signals to the MSC to set up a connection to the MS (steps 15 to 17).
It is much simpler to perform a mobile originated call (MOC) compared to a
MTC.
• The MS transmits a request for a new connection (1), the BSS forwards this request
to the MSC (2). The MSC then checks if this user is allowed to set up a call with
the requested service (3 and 4) and checks the availability of resources through the
GSM network and into the PSTN.
• If all resources are available, the MSC sets up a connection between the MS and the
fixed network
Figure 15: Mobile originated Call (MOC)
2.2. 9 Routing or calling ( 8 Marks)
• Message flow for MTC and MOC
Figure 16: Call Routing
GSM network and into the PSTN.
• If all resources are available, the MSC sets up a connection between the MS and the
fixed network
Figure 15: Mobile originated Call (MOC)
2.2. 9 Routing or calling ( 8 Marks)
• Message flow for MTC and MOC
Figure 16: Call Routing
• Paging is only necessary for an MTC, then similar message exchanges follow.
• The first step in this context is the channel access via the random access channel
(RACH) with consecutive channel assignment; the channel assigned could be a
traffic channel (TCH) or a slower signalling channel .
• The next steps, which are needed for communication security, comprise the
authentication of the MS and the switching to encrypted communication.
• The system now assigns a TCH.
• If someone is calling the MS, it answers now with „alerting‟ that the MS is ringing
and with „connect‟ that the user has pressed the connect button.
• The same actions happen the other way round if the MS has initiated the call. After
connection acknowledgement, both parties can exchange data.
2.2.10. GSM Security ( 8 Marks)
• GSM offers security services using confidential information stored in the AuC and
in the individual SIM.
• The SIM stores personal, secret data and is protected with a PIN against
unauthorized use.
• The secret key Ki used for authentication and encryption procedures is stored in the
SIM
• The security services offered by GSM :
– Access control and authentication:
• It includes the authentication of a valid user for the SIM. The user
needs a secret PIN to access the SIM.
– Confidentiality:
• All user-related data is encrypted. After authentication, BTS and
MS apply encryption to voice, data, and signaling. This
confidentiality exists only between MS and BTS, but it does not
exist end-to-end or within the whole fixed GSM/telephone network.
– Anonymity:
• To provide user anonymity, all data is encrypted before
transmission, and user identity are not used over the air. Instead,
GSM transmits a temporary identifier (TMSI), which is newly
assigned by the VLR after each location update. Additionally, the
VLR can change the TMSI at any time.
• Three algorithms have been specified to provide security services in GSM.
– Algorithm A3 is used for authentication,
– A5 for encryption, and
– A8 for the generation of a cipher key.
• The first step in this context is the channel access via the random access channel
(RACH) with consecutive channel assignment; the channel assigned could be a
traffic channel (TCH) or a slower signalling channel .
• The next steps, which are needed for communication security, comprise the
authentication of the MS and the switching to encrypted communication.
• The system now assigns a TCH.
• If someone is calling the MS, it answers now with „alerting‟ that the MS is ringing
and with „connect‟ that the user has pressed the connect button.
• The same actions happen the other way round if the MS has initiated the call. After
connection acknowledgement, both parties can exchange data.
2.2.10. GSM Security ( 8 Marks)
• GSM offers security services using confidential information stored in the AuC and
in the individual SIM.
• The SIM stores personal, secret data and is protected with a PIN against
unauthorized use.
• The secret key Ki used for authentication and encryption procedures is stored in the
SIM
• The security services offered by GSM :
– Access control and authentication:
• It includes the authentication of a valid user for the SIM. The user
needs a secret PIN to access the SIM.
– Confidentiality:
• All user-related data is encrypted. After authentication, BTS and
MS apply encryption to voice, data, and signaling. This
confidentiality exists only between MS and BTS, but it does not
exist end-to-end or within the whole fixed GSM/telephone network.
– Anonymity:
• To provide user anonymity, all data is encrypted before
transmission, and user identity are not used over the air. Instead,
GSM transmits a temporary identifier (TMSI), which is newly
assigned by the VLR after each location update. Additionally, the
VLR can change the TMSI at any time.
• Three algorithms have been specified to provide security services in GSM.
– Algorithm A3 is used for authentication,
– A5 for encryption, and
– A8 for the generation of a cipher key.
• A5 was publicly available, whereas A3 and A8 were secret.
• Both A3 and A8 are no longer secret, but were published on the internet in 1998.
• As it turned out, the algorithms are not very strong. However, network providers
can use stronger algorithms for authentication – or users can apply stronger end-to-
end encryption.
• Algorithms A3 and A8 are located on the SIM and in the AuC and can be
proprietary.
• A5 is implemented in the devices has to be identical for all providers
2.2.10.1 Authentication in GSM ( 4 Marks)
• Before a subscriber can use any service from the GSM network, he or she must be
authenticated.
• Authentication is based on the SIM, which stores the individual authentication
key Ki, the user identification IMSI, and A3 algorithm used for authentication.
• Authentication uses a challenge-response method:
– the access control AC generates a random number RAND as challenge,
– The SIM within the MS answers with SRES (signed response) as
response.
Figure 17: Authentication in GSM
• Both A3 and A8 are no longer secret, but were published on the internet in 1998.
• As it turned out, the algorithms are not very strong. However, network providers
can use stronger algorithms for authentication – or users can apply stronger end-to-
end encryption.
• Algorithms A3 and A8 are located on the SIM and in the AuC and can be
proprietary.
• A5 is implemented in the devices has to be identical for all providers
2.2.10.1 Authentication in GSM ( 4 Marks)
• Before a subscriber can use any service from the GSM network, he or she must be
authenticated.
• Authentication is based on the SIM, which stores the individual authentication
key Ki, the user identification IMSI, and A3 algorithm used for authentication.
• Authentication uses a challenge-response method:
– the access control AC generates a random number RAND as challenge,
– The SIM within the MS answers with SRES (signed response) as
response.
Figure 17: Authentication in GSM
2.2.10.2 Encryption in GSM ( 4 Marks)
• All user-related information is encrypted in GSM over the air interface to ensure
privacy.
• After authentication, MS and BTS can start using encryption by applying the cipher
key Kc .
• Kc is generated using the individual key Ki and a random value by applying the
algorithm A8.
• Note that the SIM in the MS and the network both calculate the same Kc based on
the random value RAND. The key Kc itself is not transmitted over the air
interface.
• MS and BTS can now encrypt and decrypt data using the algorithm A5 and the
cipher key Kc.
• In this case, Kc should be a 64 bit key – which is not very strong, but is at least a
good protection against simple eavesdropping
Figure 18: Encryption in GSM
• All user-related information is encrypted in GSM over the air interface to ensure
privacy.
• After authentication, MS and BTS can start using encryption by applying the cipher
key Kc .
• Kc is generated using the individual key Ki and a random value by applying the
algorithm A8.
• Note that the SIM in the MS and the network both calculate the same Kc based on
the random value RAND. The key Kc itself is not transmitted over the air
interface.
• MS and BTS can now encrypt and decrypt data using the algorithm A5 and the
cipher key Kc.
• In this case, Kc should be a 64 bit key – which is not very strong, but is at least a
good protection against simple eavesdropping
Figure 18: Encryption in GSM
2.3 General Packet Radio Service (GPRS) ( 16 Marks)
• GPRS is a packet-based mobile data service on the GSM of 3G and 2G cellular
communication systems.
• It is a non-voice, high-speed and packet-switching technology intended for GSM
networks.
• GPRS enable connections depending on Internet protocols that support a wide
variety of enterprises, as well as commercial applications.
• Packet-switched describes the type of network in which relatively small units of
data called packets are routed through a network based on the destination IP address
contained within each packet. The data is then reassembled at the recipient's end.
• Voice calls using the Internet's packet-switched system are possible.
• Another type of digital network that uses packet-switching is the X.25 network, a
widely-installed commercial wide area network protocol. Internet protocol packets
can be carried on an X.25 network.
• X.25 network are able to have virtual circuit-switching. A virtual circuit-switched
connection is a dedicated logical connection in which a logical connection is
established for two parties on a dedicated basis for some duration.
• data rates for downloads range from 28 Kbps to 171 Kbps, with upload speeds even
lower.
GSM Network
Element
Modification or Upgrade Required for GPRS.
Mobile Station (MS) New Mobile Station is required to access GPRS services. These
new terminals will be backward compatible with GSM for voice
calls.
BTS A software upgrade is required in the existing Base Transceiver
Station (BTS).
BSC The Base Station Controller (BSC) requires a software upgrade
and the installation of new hardware called the packet control unit
(PCU). The PCU directs the data traffic to the GPRS network and
can be a separate hardware element associated with the BSC.
GPRS Support
Nodes (GSNs)
The deployment of GPRS requires the installation of new core
network elements called the serving GPRS support node (SGSN)
and gateway GPRS support node (GGSN).
Databases (HLR,
VLR, etc.)
All the databases involved in the network will require software
upgrades to handle the new call models and functions introduced
by GPRS.
• GPRS is a packet-based mobile data service on the GSM of 3G and 2G cellular
communication systems.
• It is a non-voice, high-speed and packet-switching technology intended for GSM
networks.
• GPRS enable connections depending on Internet protocols that support a wide
variety of enterprises, as well as commercial applications.
• Packet-switched describes the type of network in which relatively small units of
data called packets are routed through a network based on the destination IP address
contained within each packet. The data is then reassembled at the recipient's end.
• Voice calls using the Internet's packet-switched system are possible.
• Another type of digital network that uses packet-switching is the X.25 network, a
widely-installed commercial wide area network protocol. Internet protocol packets
can be carried on an X.25 network.
• X.25 network are able to have virtual circuit-switching. A virtual circuit-switched
connection is a dedicated logical connection in which a logical connection is
established for two parties on a dedicated basis for some duration.
• data rates for downloads range from 28 Kbps to 171 Kbps, with upload speeds even
lower.
GSM Network
Element
Modification or Upgrade Required for GPRS.
Mobile Station (MS) New Mobile Station is required to access GPRS services. These
new terminals will be backward compatible with GSM for voice
calls.
BTS A software upgrade is required in the existing Base Transceiver
Station (BTS).
BSC The Base Station Controller (BSC) requires a software upgrade
and the installation of new hardware called the packet control unit
(PCU). The PCU directs the data traffic to the GPRS network and
can be a separate hardware element associated with the BSC.
GPRS Support
Nodes (GSNs)
The deployment of GPRS requires the installation of new core
network elements called the serving GPRS support node (SGSN)
and gateway GPRS support node (GGSN).
Databases (HLR,
VLR, etc.)
All the databases involved in the network will require software
upgrades to handle the new call models and functions introduced
by GPRS.
Figure 19: GPRS Architecture
2.3.1 GPRS Mobile Stations
– New Mobile Stations (MS) are required to use GPRS services because
existing GSM phones do not handle the packet data.
– A variety of MS can exist, including a high-speed version of current phones
to support high-speed data access, a new PDA device with an embedded
GSM phone, and PC cards for laptop computers.
– These mobile stations are backward compatible for making voice calls using
GSM
2.3.2 GPRS Base Station Subsystem
– Each BSC requires the installation of one or more Packet Control Units
(PCUs) and a software upgrade.
– The PCU provides a physical and logical data interface to the Base Station
Subsystem (BSS) for packet data traffic.
– The BTS can also require a software upgrade but typically does not require
hardware enhancements.
2.3.1 GPRS Mobile Stations
– New Mobile Stations (MS) are required to use GPRS services because
existing GSM phones do not handle the packet data.
– A variety of MS can exist, including a high-speed version of current phones
to support high-speed data access, a new PDA device with an embedded
GSM phone, and PC cards for laptop computers.
– These mobile stations are backward compatible for making voice calls using
GSM
2.3.2 GPRS Base Station Subsystem
– Each BSC requires the installation of one or more Packet Control Units
(PCUs) and a software upgrade.
– The PCU provides a physical and logical data interface to the Base Station
Subsystem (BSS) for packet data traffic.
– The BTS can also require a software upgrade but typically does not require
hardware enhancements.
– When either voice or data traffic is originated at the subscriber mobile, it is
transported over the air interface to the BTS, and from the BTS to the BSC
in the same way as a standard GSM call.
– However, at the output of the BSC, the traffic is separated; voice is sent to
the Mobile Switching Center (MSC) per standard GSM, and data is sent to a
new device called the SGSN via the PCU over a Frame Relay interface.
2.3.3 GPRS Support Nodes (2 Marks)
• Gateway GPRS Support Node (GGSN)
– The GGSN acts as an interface and a router to external networks.
– It contains routing information for GPRS mobiles, which is used to tunnel
packets through the IP based internal backbone to the correct Serving GPRS
Support Node.
– The GGSN also collects charging information connected to the use of the
external data networks and can act as a packet filter for incoming traffic.
• Serving GPRS Support Node (SGSN)
– The Serving GPRS Support Node is responsible for authentication of GPRS
mobiles, registration of mobiles in the network, mobility management, and
collecting information on charging for the use of the air interface.
• Internal Backbone
– The internal backbone is an IP based network used to carry packets between
different GSNs.
– Tunneling is used between SGSNs and GGSNs.
– Signaling from a GSN to a MSC, HLR or EIR is done using SS7.
• Routing Area
– GPRS introduces the concept of a Routing Area. This concept is similar to
Location Area in GSM, except that it contains fewer cells.
– Routing areas are smaller than location areas, less radio resources are used
While broadcasting a page message
2.3.5 GPRS allows defining QoS profiles using the following parameters:
– Service Precedence
– Reliability
– Delay and
– Throughput
• Service Precedence
– The preference given to a service when compared to another service is
known as Service Precedence. This level of priority is classified into three
levels called: high, normal, low. When there is network congestion, the
transported over the air interface to the BTS, and from the BTS to the BSC
in the same way as a standard GSM call.
– However, at the output of the BSC, the traffic is separated; voice is sent to
the Mobile Switching Center (MSC) per standard GSM, and data is sent to a
new device called the SGSN via the PCU over a Frame Relay interface.
2.3.3 GPRS Support Nodes (2 Marks)
• Gateway GPRS Support Node (GGSN)
– The GGSN acts as an interface and a router to external networks.
– It contains routing information for GPRS mobiles, which is used to tunnel
packets through the IP based internal backbone to the correct Serving GPRS
Support Node.
– The GGSN also collects charging information connected to the use of the
external data networks and can act as a packet filter for incoming traffic.
• Serving GPRS Support Node (SGSN)
– The Serving GPRS Support Node is responsible for authentication of GPRS
mobiles, registration of mobiles in the network, mobility management, and
collecting information on charging for the use of the air interface.
• Internal Backbone
– The internal backbone is an IP based network used to carry packets between
different GSNs.
– Tunneling is used between SGSNs and GGSNs.
– Signaling from a GSN to a MSC, HLR or EIR is done using SS7.
• Routing Area
– GPRS introduces the concept of a Routing Area. This concept is similar to
Location Area in GSM, except that it contains fewer cells.
– Routing areas are smaller than location areas, less radio resources are used
While broadcasting a page message
2.3.5 GPRS allows defining QoS profiles using the following parameters:
– Service Precedence
– Reliability
– Delay and
– Throughput
• Service Precedence
– The preference given to a service when compared to another service is
known as Service Precedence. This level of priority is classified into three
levels called: high, normal, low. When there is network congestion, the
packets of low priority are discarded as compared to high or normal priority
packets.
• Reliability
– This parameter signifies the transmission characteristics required by an
application. The reliability classes are defined which guarantee certain
maximum values for the probability of loss, duplication, mis-sequencing,
and corruption of packets
• Delay
– The delay is defined as the end-to-end transfer time between two
communicating mobile stations or between a mobile station and the GI
interface to an external packet data network.
• Throughput
– The throughput specifies the maximum/peak bit rate and the mean bit rate.
• The billing of the service is then based on the transmitted data volume, the type of
service, and the chosen QoS profile.
• The GPRS service charging can be based on the following parameters:
– Volume - The amount of bytes transferred, i.e., downloaded and uploaded.
– Duration - The duration of a Packet Data Protocol context session.
– Time - Date, time of day, and day of the week (enabling lower tariffs at off
peak hours).
– Final destination - A subscriber could be charged for access to the specific
network, such as through a proxy server.
– Location - The current location of the subscriber.
– Quality of Service - Pay more for higher network priority.
– SMS - The SGSN will produce specific CDRs for SMS.
– Served IMSI/subscriber - Different subscriber classes (different tariffs for
frequent users, businesses, or private users).
– Reverse charging - The receiving subscriber is not charged for the received
data; instead, the sending party is charged.
– Free of charge - Specified data to be free of charge.
– Flat rate - A fixed monthly fee.
2.3.6 Features of GPRS (2 Marks)
– Short Message Service: special-purpose communication protocols designed
for text messaging
– Multimedia Messaging Service: extensions to SMS to enable transmission
of videos in addition to text
– Wireless Application Protocol: a specialized communication protocol for
mobile browsers, now obsolete
packets.
• Reliability
– This parameter signifies the transmission characteristics required by an
application. The reliability classes are defined which guarantee certain
maximum values for the probability of loss, duplication, mis-sequencing,
and corruption of packets
• Delay
– The delay is defined as the end-to-end transfer time between two
communicating mobile stations or between a mobile station and the GI
interface to an external packet data network.
• Throughput
– The throughput specifies the maximum/peak bit rate and the mean bit rate.
• The billing of the service is then based on the transmitted data volume, the type of
service, and the chosen QoS profile.
• The GPRS service charging can be based on the following parameters:
– Volume - The amount of bytes transferred, i.e., downloaded and uploaded.
– Duration - The duration of a Packet Data Protocol context session.
– Time - Date, time of day, and day of the week (enabling lower tariffs at off
peak hours).
– Final destination - A subscriber could be charged for access to the specific
network, such as through a proxy server.
– Location - The current location of the subscriber.
– Quality of Service - Pay more for higher network priority.
– SMS - The SGSN will produce specific CDRs for SMS.
– Served IMSI/subscriber - Different subscriber classes (different tariffs for
frequent users, businesses, or private users).
– Reverse charging - The receiving subscriber is not charged for the received
data; instead, the sending party is charged.
– Free of charge - Specified data to be free of charge.
– Flat rate - A fixed monthly fee.
2.3.6 Features of GPRS (2 Marks)
– Short Message Service: special-purpose communication protocols designed
for text messaging
– Multimedia Messaging Service: extensions to SMS to enable transmission
of videos in addition to text
– Wireless Application Protocol: a specialized communication protocol for
mobile browsers, now obsolete
– It support Web browsing, e-commerce and location oriented applications.
2.3.7 Applications of GPRS ( 2 Marks)
• Communications - E-mail, fax, unified messaging and intranet/internet
access, etc.
• Value-added services - Information services and games, etc.
• E-commerce - Retail, ticket purchasing, banking and financial trading, etc.
• Location-based applications - Navigation, traffic conditions, airline/rail
schedules and location finder, etc.
• Vertical applications - Freight delivery, fleet management and sales-force
automation.
• Advertising
2.4 UMTS – Universal Mobile Telecommunications System (16 Marks)
• The Universal Mobile Telecommunications System (UMTS), based on the GSM
standards, is a mobile cellular system of third generation that is maintained by
3GPP (3rd Generation Partnership Project).
• It specifies a complete network system and the technology described in Freedom of
Mobile Multimedia Access (FOMA).
• UMTS uses wideband code division multiple access (W-CDMA) radio access
technology to offer greater spectral efficiency and bandwidth to mobile network
operators.
• UMTS has deep GSM roots, it is sometimes called 3GSM. However, as the name
W-CDMA implies, it also makes extensive use of CDMA technology.
• Upgraded UMTS networks provide fast download speeds of up to 14 Mbps via the
HSDPA (High-Speed Downlink Packet Access) protocol.
• Faster uplink speeds of up to 5.7 Mbps are currently underway via the HSUPA
(High-Speed Uplink Packet Access) protocol.
• Both HSDPA and HSUPA are part of a family of protocols known as High Speed
Packet Access (HSPA).
• Data rates of UMTS are:
– 144 kbps for rural
– 384 kbps for urban outdoor
– 2048 kbps for indoor and low range outdoor
• UMTS phones also come with an upgraded SIM (Subscriber Identity Module)
known as the USIM (Universal SIM). UTMS phones can work with either SIMs or
USIMs.
• With the wireless industry now moving from 3G to 4G, UMTS serves as the basis
of the 3GPP‟s new set of radio technologies, known as Long Term Evolution
(LTE).
2.3.7 Applications of GPRS ( 2 Marks)
• Communications - E-mail, fax, unified messaging and intranet/internet
access, etc.
• Value-added services - Information services and games, etc.
• E-commerce - Retail, ticket purchasing, banking and financial trading, etc.
• Location-based applications - Navigation, traffic conditions, airline/rail
schedules and location finder, etc.
• Vertical applications - Freight delivery, fleet management and sales-force
automation.
• Advertising
2.4 UMTS – Universal Mobile Telecommunications System (16 Marks)
• The Universal Mobile Telecommunications System (UMTS), based on the GSM
standards, is a mobile cellular system of third generation that is maintained by
3GPP (3rd Generation Partnership Project).
• It specifies a complete network system and the technology described in Freedom of
Mobile Multimedia Access (FOMA).
• UMTS uses wideband code division multiple access (W-CDMA) radio access
technology to offer greater spectral efficiency and bandwidth to mobile network
operators.
• UMTS has deep GSM roots, it is sometimes called 3GSM. However, as the name
W-CDMA implies, it also makes extensive use of CDMA technology.
• Upgraded UMTS networks provide fast download speeds of up to 14 Mbps via the
HSDPA (High-Speed Downlink Packet Access) protocol.
• Faster uplink speeds of up to 5.7 Mbps are currently underway via the HSUPA
(High-Speed Uplink Packet Access) protocol.
• Both HSDPA and HSUPA are part of a family of protocols known as High Speed
Packet Access (HSPA).
• Data rates of UMTS are:
– 144 kbps for rural
– 384 kbps for urban outdoor
– 2048 kbps for indoor and low range outdoor
• UMTS phones also come with an upgraded SIM (Subscriber Identity Module)
known as the USIM (Universal SIM). UTMS phones can work with either SIMs or
USIMs.
• With the wireless industry now moving from 3G to 4G, UMTS serves as the basis
of the 3GPP‟s new set of radio technologies, known as Long Term Evolution
(LTE).
• Networks upgrading from GSM to the UMTS are able to reuse a number of network
elements, including: the HLR,VLR, Mobile Switching Center, and the
Authentication Center.
• However, a new Base Station Controller and Base Transceiver Station is required
• UMTS Frequency Spectrum
– 1900-2025 MHz and 2110-2200 MHz for 3G transmission
– In the US, 1710–1755 MHz and 2110–2155 MHz will be used instead, as
the 1900 MHz band was already used.
Figure 20: UMTS Frequency Spectrum
Figure 21: UMTS Architecture SD
Mobile Station
MSC/
VLR
Base Station
Subsystem
GMSC
Network Subsystem
AUCEIR HLR
Other Networks
Note: Interfaces have been omitted for clarity purposes.
GGSN
SGSN
BTS
BSC
Node
B
RNC
RNS
UTRAN
SIM
ME
USIM
ME
+
PSTN
PLMN
Internet
elements, including: the HLR,VLR, Mobile Switching Center, and the
Authentication Center.
• However, a new Base Station Controller and Base Transceiver Station is required
• UMTS Frequency Spectrum
– 1900-2025 MHz and 2110-2200 MHz for 3G transmission
– In the US, 1710–1755 MHz and 2110–2155 MHz will be used instead, as
the 1900 MHz band was already used.
Figure 20: UMTS Frequency Spectrum
Figure 21: UMTS Architecture SD
Mobile Station
MSC/
VLR
Base Station
Subsystem
GMSC
Network Subsystem
AUCEIR HLR
Other Networks
Note: Interfaces have been omitted for clarity purposes.
GGSN
SGSN
BTS
BSC
Node
B
RNC
RNS
UTRAN
SIM
ME
USIM
ME
+
PSTN
PLMN
Internet
UMTS network architecture consists of three domains
• Core Network (CN): Provide switching, routing and transit for user traffic
• UMTS Terrestrial Radio Access Network (UTRAN): Provides the air interface
access method for user equipment.
• User Equipment (UE): Terminals work as air interface counterpart for base stations.
The various identities are: IMSI, TMSI, P-TMSI, TLLI, MSISDN, IMEI, IMEISV
2.4.1 UTRAN
• Wide band CDMA technology is selected for UTRAN air interface
• WCDMA
– Wideband Code Division Multiple Access, is a communications standard used
in 3G mobile networks.
• It supports cellular voice, text messaging, MMS, and high-speed data transmission
• TD-SCDMA(time division synchronous code division multiple Access)
• TD-SCDMA is a mobile telephone standard for wireless network operators who
want to move from a second generation (2G) wireless network to a third-generation
(3G) one
• Base stations are referred to as Node-B and control equipment for Node-B is called
as Radio Network Controller (RNC).
• Functions of Node-B are
– Air Interface Tx/Rx
– Modulation/Demodulation
– Functions of RNC are:
– Radio Resource Control
– Channel Allocation
– Power Control Settings
– Handover Control
– Ciphering
– Segmentation and reassembly
• Core Network (CN): Provide switching, routing and transit for user traffic
• UMTS Terrestrial Radio Access Network (UTRAN): Provides the air interface
access method for user equipment.
• User Equipment (UE): Terminals work as air interface counterpart for base stations.
The various identities are: IMSI, TMSI, P-TMSI, TLLI, MSISDN, IMEI, IMEISV
2.4.1 UTRAN
• Wide band CDMA technology is selected for UTRAN air interface
• WCDMA
– Wideband Code Division Multiple Access, is a communications standard used
in 3G mobile networks.
• It supports cellular voice, text messaging, MMS, and high-speed data transmission
• TD-SCDMA(time division synchronous code division multiple Access)
• TD-SCDMA is a mobile telephone standard for wireless network operators who
want to move from a second generation (2G) wireless network to a third-generation
(3G) one
• Base stations are referred to as Node-B and control equipment for Node-B is called
as Radio Network Controller (RNC).
• Functions of Node-B are
– Air Interface Tx/Rx
– Modulation/Demodulation
– Functions of RNC are:
– Radio Resource Control
– Channel Allocation
– Power Control Settings
– Handover Control
– Ciphering
– Segmentation and reassembly
2.4.2 UMTS – Security and Privacy (16 Marks)
• Problems with GSM Security ( 2 Marks)
– Weak authentication and encryption algorithms ( A5 can be broken to
reveal the cipher key) „
– Short key length (32 bits) „
– No data integrity (allows certain denial of service attacks) „
– No network authentication (false base station attack possible) „
– Limited encryption scope (Encryption terminated at the base station
• UMTS Security Features ( 2 Marks)
– Mutual Authentication
• The mobile user and the serving network authenticate each other „
– Data Integrity
• Signaling messages between the mobile station and RNC protected
by integrity code
– Network to Network Security
• Secure communication between serving networks.
– Encryption
– Secure IMSI (International Mobile Subscriber Identity) Usage …
• The user is assigned a temporary IMSI by the serving network
2.4.2.1 Encryption in UMTS ( 8 Marks)
• Signalling and user data protected from eavesdropping.
• Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.
Figure 22: Encryption in UMTS
• Problems with GSM Security ( 2 Marks)
– Weak authentication and encryption algorithms ( A5 can be broken to
reveal the cipher key) „
– Short key length (32 bits) „
– No data integrity (allows certain denial of service attacks) „
– No network authentication (false base station attack possible) „
– Limited encryption scope (Encryption terminated at the base station
• UMTS Security Features ( 2 Marks)
– Mutual Authentication
• The mobile user and the serving network authenticate each other „
– Data Integrity
• Signaling messages between the mobile station and RNC protected
by integrity code
– Network to Network Security
• Secure communication between serving networks.
– Encryption
– Secure IMSI (International Mobile Subscriber Identity) Usage …
• The user is assigned a temporary IMSI by the serving network
2.4.2.1 Encryption in UMTS ( 8 Marks)
• Signalling and user data protected from eavesdropping.
• Secret key, block cipher algorithm (KASUMI) uses 128 bit cipher key.
Figure 22: Encryption in UMTS
2.4.2.2 Integrity Check ( 4 Marks)
• Integrity and authentication of origin of signaling data provided.
• The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message
authentication code.
• UMTS provides a new data integrity mechanism which protects the messages being
signalled between the mobile station and the radio network controller (RNC). The
user and network negotiate and agree on cipher and integrity algorithms. Both the
integrity mechanism and enhanced authentication combine to provide protection
against active attacks on the radio interface
Figure 23: Integrity Check
2.4.2.3 Authentication and Key Agreement ( 8 Marks)
UMTS uses mutual authentication which means the mobile user and the
serving network authenticate each other, providing security against false base stations. This
mutual authentication uses an authentication quintet which helps to ensure that a bill is
issued to the correct person. The authentication quintet consists of the user challenge
(RAND), expected user response (X(RES)), the encryption key (CK), the integrity key (IK)
and the authentication token for network authentication (AUTN).
• Integrity and authentication of origin of signaling data provided.
• The integrity algorithm (KASUMI) uses 128 bit key and generates 64 bit message
authentication code.
• UMTS provides a new data integrity mechanism which protects the messages being
signalled between the mobile station and the radio network controller (RNC). The
user and network negotiate and agree on cipher and integrity algorithms. Both the
integrity mechanism and enhanced authentication combine to provide protection
against active attacks on the radio interface
Figure 23: Integrity Check
2.4.2.3 Authentication and Key Agreement ( 8 Marks)
UMTS uses mutual authentication which means the mobile user and the
serving network authenticate each other, providing security against false base stations. This
mutual authentication uses an authentication quintet which helps to ensure that a bill is
issued to the correct person. The authentication quintet consists of the user challenge
(RAND), expected user response (X(RES)), the encryption key (CK), the integrity key (IK)
and the authentication token for network authentication (AUTN).
Figure 24: Authentication in UMTS
The home network returns a random challenge RAND, the corresponding
authentication token AUTN, authentication
Response XRES, integrity key IK and the encryption key CK.
The visited network sends RAND authentication challenge and authentication
token AUTN to the mobile Station.
The mobile station checks AUTN and calculates the authentication response. If
AUTN is corrected.
Mobile station ignores the message.
The mobile station sends its authentication response RES to the visited network.
Visiting the network checks if RES = XRES and decide which security algorithms
radio subsystem is allowed to use.
The visited network sends algorithms admitted to the radio subsystem.
The radio access network decides permit (s) algorithms to use.
The radio access network informs the mobile station of their choice in the security
mode command message.
The home network returns a random challenge RAND, the corresponding
authentication token AUTN, authentication
Response XRES, integrity key IK and the encryption key CK.
The visited network sends RAND authentication challenge and authentication
token AUTN to the mobile Station.
The mobile station checks AUTN and calculates the authentication response. If
AUTN is corrected.
Mobile station ignores the message.
The mobile station sends its authentication response RES to the visited network.
Visiting the network checks if RES = XRES and decide which security algorithms
radio subsystem is allowed to use.
The visited network sends algorithms admitted to the radio subsystem.
The radio access network decides permit (s) algorithms to use.
The radio access network informs the mobile station of their choice in the security
mode command message.
2.4.3 UMTS Handover (8 Marks)
UMTS knows two basic classes of handovers:
2.4.3.1 Hard handover:
Switching between different antennas or different systems is performed at a certain
point in time. UTRA TDD can only use this type. Switching between TDD cells is done
between the slots of different frames.
Inter frequency handover, i.e., changing the carrier frequency, is a hard handover.
Receiving data at different frequencies at the same time requires a more complex receiver
compared to receiving data from different sources at the same carrier frequency.
Inter system handovers
This includes handovers to and from GSM or other IMT-2000 systems. A special
type of handover is the handover to a satellite system (inter-segment handover), which is
also a hard handover, as different frequencies are used.
2.4.3.2 Soft handover:
During a soft handover, a UE can receive signals from up to three different
antennas, which may belong to different node Bs.
Towards the UE the RNC splits the data stream and forwards it to the node Bs. The
UE combines the received data again. In the other direction, the UE simply sends its data
which is then received by all node Bs involved.
The RNC combines the data streams received from the node Bs. The fact that a UE
receives data from different antennas at the same time makes a handover soft. Moving from
one cell to another is a smooth, not an abrupt process
Figure 25: Soft handover
UMTS knows two basic classes of handovers:
2.4.3.1 Hard handover:
Switching between different antennas or different systems is performed at a certain
point in time. UTRA TDD can only use this type. Switching between TDD cells is done
between the slots of different frames.
Inter frequency handover, i.e., changing the carrier frequency, is a hard handover.
Receiving data at different frequencies at the same time requires a more complex receiver
compared to receiving data from different sources at the same carrier frequency.
Inter system handovers
This includes handovers to and from GSM or other IMT-2000 systems. A special
type of handover is the handover to a satellite system (inter-segment handover), which is
also a hard handover, as different frequencies are used.
2.4.3.2 Soft handover:
During a soft handover, a UE can receive signals from up to three different
antennas, which may belong to different node Bs.
Towards the UE the RNC splits the data stream and forwards it to the node Bs. The
UE combines the received data again. In the other direction, the UE simply sends its data
which is then received by all node Bs involved.
The RNC combines the data streams received from the node Bs. The fact that a UE
receives data from different antennas at the same time makes a handover soft. Moving from
one cell to another is a smooth, not an abrupt process
Figure 25: Soft handover
2.4.3. 3 Different types of UMTS Handover ( 4 Marks)
Figure 26: Different types of UMTS Handover
● Intra-node B, intra-RNC:
UE1 moves from one antenna of node B1 to another antenna. This type of handover
is called softer handover. In this case node B1 performs combining and splitting of the
data streams.
● Inter-node B, intra-RNC:
UE2 moves from node B1 to node B2. In this case RNC1 supports the soft
handover by combining and splitting data.
● Inter-RNC:
When UE3 moves from node B2 to node B3 two different types of handover can
take place.
The internal inter-RNC handover is not visible for the CN, as described in Figure 4.34.
RNC1 can act as SRNC, RNC2 will be the DRNC. The CN will communicate via the same
interface Iu all the time. As soon as a relocation of the interface Iu takes place (relocation
of the controlling RNC), the handover is called an external inter-RNC handover.
● Inter-MSC:
It could be also the case that MSC2 takes over and performs a hard handover of the
connection.
● Inter-system:
UE4 moves from a 3G UMTS network into a 2G GSM network. This hard
handover is important for real life usability of the system due to the limited 3G coverage in
the beginning.
Figure 26: Different types of UMTS Handover
● Intra-node B, intra-RNC:
UE1 moves from one antenna of node B1 to another antenna. This type of handover
is called softer handover. In this case node B1 performs combining and splitting of the
data streams.
● Inter-node B, intra-RNC:
UE2 moves from node B1 to node B2. In this case RNC1 supports the soft
handover by combining and splitting data.
● Inter-RNC:
When UE3 moves from node B2 to node B3 two different types of handover can
take place.
The internal inter-RNC handover is not visible for the CN, as described in Figure 4.34.
RNC1 can act as SRNC, RNC2 will be the DRNC. The CN will communicate via the same
interface Iu all the time. As soon as a relocation of the interface Iu takes place (relocation
of the controlling RNC), the handover is called an external inter-RNC handover.
● Inter-MSC:
It could be also the case that MSC2 takes over and performs a hard handover of the
connection.
● Inter-system:
UE4 moves from a 3G UMTS network into a 2G GSM network. This hard
handover is important for real life usability of the system due to the limited 3G coverage in
the beginning.
2.4.4 GSM vs UMTS (2 Marks)
• UMTS has faster data transfer rates than GSM.
• GSM is 2G and 2.5G while UMTS is already 3G.
• GSM is a rather old technology while UMTS is newer.
• GSM is typically based on TDMA while UMTS is mainly CDMA-based
• UMTS has faster data transfer rates than GSM.
• GSM is 2G and 2.5G while UMTS is already 3G.
• GSM is a rather old technology while UMTS is newer.
• GSM is typically based on TDMA while UMTS is mainly CDMA-based
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,015
- Slides 39
- Favorites 1
- Age 2124 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views