Académique Documents
Professionnel Documents
Culture Documents
Objectives
Identify GSM sub-systems Describe GSM Authentication and Mobility Management processes Define common GSM terminology E plain basic call flow scenarios
Course Outline
GSM !ac"ground
E#olution $istory &ocation update Authentication ' Security issues (all flow scenarios (harging Ser#ices
Introduction to GSM
1G is short for first-generation wireless telephone technology, cellphones. These are the analog cellphone standards that were introduced in the 1980s .
2G is short for secondgeneration wireless telephone technology; Uses digital signaling to connect the radio towers to the rest of the telephone system
2.5G services enable highspeed data transfer over upgraded existing 2G networ s.
!G provides the ability to transfer simultaneously both voice data " non-voice data
#$ (&'
#isitor $ocation !e"ister
)*' %&'
Equipment Identit !e"ister
Ater I%&
A I%&
+,$
To other networks
Transcoder (TCSM)
THE GS
!ET"#$%
NSS Functions
Air A
S.
,-$
S.
,-$
MS
BSS
NSS
H-$
O&M NMS
Call Control (End-to-End supervision, connect-supervise-terminate) Charging Mo ilit! Management Signalling "ith other net"or#s and the BSS Su scri er $ata %andling (&e'ers to su scri er data availa le in the net"or#, e(g( )MS), Authentication *e!s, temporar! data in the +,&s)
BSS Functions
T.
&adio -ath Control (.re/uencies to e used) B0S and 0C Control (O&M 'unctions)
T.
&S.
&TS
&S.
S!nchroni1ation (Master & Slave hierarch!, -rimar! &e'erence Cloc# (-&C) Air and A )nter'ace Signalling
&TS
Connection Esta lishment et"een MS and NSS Mo ilit! Management and Speech 0ranscoding Collection o' Statistical $ata
&TS
Where is the su
scri er2
scri er2
scri er "ants2
(&'
GSM !"t"b"ses
Su'scri'er /dentity odule )S/ *
- Su scri er )dentit! $ata (MS)S$N , )MS)) - Net"or# Authentication $ata (*i, Algorithm) - ,ocal Authentication $ata(-)N3,4,-5*3,4) - &egister $ata
GSM !"t"b"ses
,isitor -ocation $egister ),-$*
- 0emporar! $ata (M)N-)MS) services, ,AC etc) - *ept as long as su scri er is "ithin it6s coverage area - 5pdated 'rom %,& - Al"a!s associated "ith a MSC
%&'
+,$ (& '1
*+,*
#uthen
&oc Up 2 .+,*
S. )#-0* (&'
(&'
S. )!E"
(oc"tion %re"
-,MN Area MSC>+,& Area
@ -aging is done in all cells o' the ,A "here the su scri er is currentl! located @)t can cross BSC oundaries( ,A design is ar itrar!( 0he idea is to have a small paging area that could accommodate the most num er o' su scri ers
-1 2 -1 4 -1 3 -1 1
MS MS
BSS BSS
MSC MSC
HLR HLR
1. channel assign(ent 4. location update re5uest 3. $e5uest su'scri'er identity 2. 1nswer su'scri'er identity 6. $e5uest su'scri'er data 8. Security procedures 8. update location 9. update H-$ 10. update ac+nowledge(ent 11. .ancel old location 14. location canceling accepted 7. 1nswer su'scri'er data
o'ile
o'ile !etwor+
MSISDN =
Countr! Code 7 8: (-hilippines) National $estination Code 7 C3C (Smart) Su scri er Num er 7 44<=<D3
%,&
S/S0! / S/ ,-$ 100$ESS 98:C3C44<=<D3 =3=<:<<344<=<D3 +,&3= SE$,/.ES ((((((
'$!
IMSI = M ! MN ! MSIN
%,& )n/uir!
o'ile .ountry .ode < 616 o'ile !etwor+ .ode < 03 o'ile Su'scri'er /dentification !u('er < 1432678
:ST!
MSISDN
MSC
#$!
@ -S0N routes the call to ESM net"or# @ EMSC anal!ses the received MS)S$N @ EMSC re/uests the %,& 'or routing in'ormation to #no" "here to route the call (%,& )n/uir!) @ %,& loo#s up its data ase 'or the corresponding /nternational o ile Su scri er /dentit! ()MS))
'$!
&e/uest 'or routing in'o
:ST!
MSISDN
MSC
#$!
MSC
#$!()
@ %,& ta#es the address o' the su scri er 'rom it6s data ase and sends a routing in'o re/uest to the target MSC>+,& @ 0arget MSC>+,& allocates a (MS&N)
MS"N =
! ND ! SN
'$!
MS&N to %,&
:ST!
MSC
#$!
MS&N
MSC
#$!()
@ 0arget MSC 'or"ards the MS&N to %,& @ %,& 'or"ards the MS&N to the originating MSC @ Originating MSC anal!ses the MS&N and routes it to the target MSC
PSTN.ori/in"te& c"ll
S$!
'$!
H-$ E!= S$! $e5uest S$!
MSC
#$!
BSC
MSC *ST+
#$!
+639192205071
'ello Bill ,
!etwor+
A Su scri er
-S0N
EMSC
%,&
MSC>+,&
Call set up (MS)S$N) Anal!1e num er Call set up (MS)S$N) MS)S$N )MS) MS&N MS&N Call set up (MS&N) -aging
Si(plified steps of a
EFC
EMSC
%,&
MSC
+,&
BSS
MS
3( Channel assignment 4( Securit! procedures :( Call set up G( Chec# services =( Call o# 8( Call is proceeding D( 0ra''ic channel allocated H( Set up the call C( Call set up complete 3<( Alert 33( B ans"ers
0"n&over
@ Hando>erI Changing the tra''ic channel that MS is using @ Hando>erI Occurs during the su scri er is ma#ing a call @ )n ESM, MS station helps the net"or# in doing handover ! sending signal measurement reports to its BSC @ 5ses the hard handover principle (release and connect)
0"n&over 1e"sons
Hando>er due to traffic reasons Jhen capacit! o' cells nears ma;imum, MS in the peripher! o' the cell ma! e handed over to neigh oring cell "ith lo"er tra''ic load( MSC starts the procedure Hando>er due to signal 5uality and strength Jhen the /ualit! or the strength o' the radio signal 'alls elo" certain parameters speci'ied in the BSC 0he BSC controlling the current cell ma#es the decision 0here are 'our t!pes o' this handover
Handover
1
&S.
T.
NSS
&TS
#ld .hannel
!ew .hannel
Inter
ell # Intra $S
1ir
Handover
1
&S.
T.
NSS
#ld .ell
&TS
&TS
!ew .ell
Inter
ell # Inter $S
1ir
Handover
1
&S.
T.
NSS
#ld .ell
&TS S.
,-$
&S. &TS
T.
!ew .ell
Inter MS Handover
1ir 1
NSS
&S. T. S.
,-$
#ld .ell
&TS
&S. &TS
T.
S.
,-$
!ew .ell
'nter.MSC 0"n&over
@ 0he source MSC is #no"n as Anchor MSC @ Call is routed 'rom source MSC to target MSC "ith the use o' %andover Num er, H#!( @ %andover num er has a similar structure to MS&N(
H%N =
! ND ! SN
MS
BSS old
MSC old
MSC ne"
BSS ne"
MS(a'ter %O)
3( Measurements reports 4( %andover re/uired :( &e/uest %ON G( &e/uest radio resources =( &adio resources reserved 8( -rovide %ON and target cell in'o D( Set up speech connection (%ON) H( %andover command C( %andover complete 3<( %andover complete 33( connect 34( &elease old connections
Ch"r/in/
/nstallation ?ee
Ch"r/in/
?actors affecting the price of the call @ 0!pe o' asic service @ $uration o' the call @ 0ime o' the call @ $estination o' the call @ Origin o' the Call @ 5se o' Net"or#s @ 0!pe o' the supplementar! service @ 5se o' radio resource @ &oaming leg
:ST!
G+,$
-,$
%&'
.0$
C!1 Tr"nsfer
Charging data records are stored in the MSC "here the! are collected K C$&s must e #ept at the 'irst MSC "hich manages the call( Jhen su''icient charging data records have een collected the! are trans'erred in one ul# to the Billing Center( Billing Center is responsi le 'or producing the ills 'or the su scri ers ased on the in'ormation contained in the Charging $ata &ecord :ST! G+,$ -,$
F(4= or Ethernet
&illing .enter
%&'
-&E-A)$ C%A&E)NE
,+,$ :ST! -,$
+,$
:repaid Ser>ers
%&'
Account Balance stored in O&AC,E -repaid tells ho" much to deduct SMS 0ransactions are also charged
-!AC$E
Securit1uthentication +eri'ication o' the su scri er .iphering Encr!ption o' the user speech in the Air )nter'ace / E/ .hec+ing +eri'ication o' the Mo ile E/uipment ! chec#ing the validit! o' the )nternational Mo ile E/uipment )dentit! ()ME)) ;ser .onfidentiality Avoidance o' the roadcast o' user6s )MS) in the air inter'ace
%uthentic"tion
Each su scri er has authentication #e!s, *i, stored in the Authentication center and S)M card( Comparison o' *i "ithout roadcasting it in the air inter'ace Authentication al"a!s per'ormed ! the +,& e'ore call esta lishment and location update(
(oc"tion of Securit%l/orith,s
Air A
BSS
&S. T.
NSS
#$
13 18
&TS
S.
,-$
E @ S/
16
16
13
18
'ME' Chec$in/
0he validit! o' a mo ile phone ma! e chec#ed to ensure its proper operation as "ell as presentation against stolen phones( 0he E/uipment )dentit! &egister, "hich is implemented as part o' the %,&, contains : listing o' )ME) - Jhite ,ist - Era! ,ist - Blac# ,ist
)ser Confi&enti"lit )MS) is a con'idential identit! o' the su scri er( A'ter a success'ul 'irst time location update, a mo ile su scri er is allocated a Te(porary o'ile Su'scri'er /dentity )T S/* 0he ne;t time a transaction et"een the ESM net"or# and the MS is initiated, the su scri er is identi'ied ! the use o' 0MS)(
ME
SIM
!A+/ 0i
A3 S!ES
C-M*A!I+.
Authentication
S!ES
A3
0i
Re&'e() o IMEI
EIR
IMEI Checkin"
Tra !"
ME
*ro+!de IMEI
Cipherin"
Encrpted pted /ata /ata A5 Encr
Tra !" A5
A8
0c
0c
A8
T#MA $%
T#MA $%
%uthentic"tion Tri*let
&andom Num er Eenerator
*i
#$
$1!0
13
S$ES
18
%c
Authentication 0riplets
$1!0
S$ES
%c
(&'
Authentication 0riplets
Services
Ser>ices
Teleser>ices
&earer Ser>ices
Cl"ssific"tion of Services
Teleser>icesI 0hese services
provide the su scri er "ith necessar! capa ilities including terminal e/uipment 'unctions to communicate "ith other su scri ers(
Teleser>ice &earer Ser>ice
0E &earer ser>icesIA
earer service o''er the asic technical capa ilit! 'or transmission o' inar! data et"een end to end terminals(
GS !etwor+
0E
Teleservices
Ser>ice 0escription GS
Speech )Telephony* Speech )E(ergency .alls* Short essage Ser>ice ) o'ile ter(inated* Short essage Ser>ice ) o'ile originated* Short essage Ser>ice ).ell &roadcast*
Specification .haracteristics .ode The (ost i(portant ser>ice for (o'ile T11 syste(s, nor(al speech ser>ice, including e(ergency calls
?or reception of short (essages ?or sending short (essages to another GS su'scri'er ?or sending short (essages to (ore than one recei>er si(ultaneously within a gi>en cell :resently not supported 'y !#%/1 ?or sending and recei>ing facsi(ile (essages
Group 3 ?acsi(ile trans(ission T71 )with alternate speech* Group 3 ?acsi(ile trans(ission T74
SMS+ MO "n& MT
1ir 1 !SS
S.
,-$
&SS S S- # S S- T
1 &SS
B0S
B0S
!SS
B0S
! S
Su**le,ent"r- Services
@ 1d>ice of .harge - 1#.
@ 1lternate -ine Ser>ice - 1-S )personal or 'usiness* @ &arring of all inco(ing calls - &1/. @ å of all inco(ing calls when roa(ing outside the H:- ! @ &arring of all inco(ing calls when a'road @ &arring of outgoing calls @ &arring of outgoing international calls eBcluding those directed to the H:- ! country @ .all forwarding on (o'ile su'scri'er 'usy - .?& @ .all forwarding on no answer - .?!1 @ .all forwarding unconditional - .?; @ .all Hold @ .all waiting - ." @ .alling line identification presentation - .-/: @ .alling line identification restriction - .-/$ @ .onference .all @ EBplicit .all
Signalling
Signalling #perations
Calling -art! &e/uest 'or service &e/uest address -rovide address E;change Called -art!
-rocess in'ormation and ma#e connection Alert called part! Called part! ans"er Conversation $isconnection
-e>el 3
M0-
-e>el 4 -e>el 1
0ransport o' Signalling Messages "ithin one net"or# $ata ,in# Control -h!sical Connections
M0-
,irtual .onnections
A
Signalling -oint Signalling -oint
B
$estination Signalling -oint
Signalling -oint
Signalling -oint
SSLD
&TS
SSLD
Su,,"r Signalling is the trans'er o' in'ormation et"een su scri er inter'ace points and the net"or# and et"een di''erent net"or# element to help esta lish a call( Signalling in'ormation is interchanged as standard sets o' messages "hich "as developed and standardi1ed into the present SSD( ESM needs non call related signalling "hich is possi le "ith SSD( 0he SSD used in -S0N net"or#s is not su''icient to 'ul'ill the signalling re/uirements o' ESM net"or#s , thus ne" protocols speci'ic to ESM "ere developed(
+ ;plin
S &TS
/CS (433
1710,1785 MH1805,1880 MH95 MH200/H(;(363 (;(368 (;(369 (;4964 (;4)63 (43)63 (43)68 (43)69 (4;264 (44363
M( M( M(
M( M( M(
M( M( M(
25MH-0200/H-1(89
Jide Coverage Better indoor penetration
75MH-0200/H-1:;9
%igher Capacit! in terms o' availa le channels ,ess prone to co-channel inter'erence
?0 1
?re5uency 0i>ision f1
.0 1
.ode 0i>ision
T0 1
0i>ision
Ti(e
xyz{|}~xyz{| zzzzzzz
+++ ;;;
f3
||||||||
$&S on'i(uration
'4
Nokia Im lementation
#$ (&'
#isitor $ocation !e"ister
)*' %&'
Equipment Identit !e"ister
Ater I%&
A I%&
+,$
To other networks
Transcoder (TCSM)
THE GS
!ET"#$%
%&'
.o-located
A I%&
Ater I%&
(&' +,$
To other networks
Transcoder (TCSM)
Short Messa"e Service Center (SMSC)
THE GS
!ET"#$%
)!#%/1 /(ple(entation*
Ne3t Ste*s
E$EE E-&S
%SCS$
T0 1 Ti(eslot
T0 1 ?ra(e
&TS
GP1S
0ransmission o' data in pac#et 'orm Achieve higher cost e''icienc! in data transmission compared to traditional circuit mode $!namic data transmission speed Mo ile can sta! connected to the net"or# all da! Charging per data
GP1S Net#or$
-S0N Net"or#
Short Message Service Centre
SMSC
%ome ,ocation &egister
MSC
%,&
B0S
BSC
-C5
SESN
CE )nternet
)nter-,MN Net"or#
BE
Border Eate"a! $omain Name S!stems
$NS
&outer
E!GE
5ses advance modulation techni/ue (EMS* to H-S*) &educe overhead that is used 'or error protection Still using the 4<<*h1 ESM channel and the current 're/uenc! and )ncrease data transmission speed >0S, (3G(G * ps -N up to D<* ps) Ena le mo ile users to retrieve data and handle multimedia services &e/uire minor changes in the net"or# hard"are and so't"are
3G Mobile S-ste,s
ain o'Eecti>es of / T-4000 .ull coverage and mo ilit! 'or 3GG* its>s, pre'era l! :HG* its>s ,imited coverage and mo ilit! 'or 4M its>s E''icient use o' radio spectrum compared "ith e;isting s!stems .le;i le architecture to allo" introduction o' ne" services
4 'ps
)M0-4<<<
382%'ps
ESM-E$EE
122%'ps
"ide 1reaCHigh
o'ility
3G Net#or$ %rchitecture
:ac+et Su'syste(
GGS!
GS o'ile GS &ase Station GS C; TS o'ile
SGS!
&S.
!SS S. H-$
; TS o'ile
; TS &ase Station
!&A
En&
%han" -ou