Académique Documents
Professionnel Documents
Culture Documents
Hi Dear Readers!
In this revision of the document, new data has been added with
white color of words and black shading to make the readers feel
comfortable with new information in the document without reading all
pages again. Further more, a chapter “GSM SUBSCRIBERS DATA” has been
added as Chapter # 6. I hope you will continue to enjoy the Document.
Chapter 1
INTRODUCTION TO GSM
1.1 Introduction
GSM is not only the acronym of Global System for Mobile Communication;
it stands for an extraordinary successful stage of development in the modern
information age. GSM stands for a new dimension for more than 50 million users
worldwide; it stands for more than 100 countries and above 220 network
operators; it stands for complexity; it stands for versatility. Wireless
communication has become possible with GSM in any town, any county, and
even on any continent of the world. [114]
The Europeans realized this early on, and in 1982 the Conference of
European Posts and Telegraphs (CEPT) formed a study group called the Groupe
Spécial Mobile (GSM) to study and develop a pan-European public land mobile
system. The proposed system had to meet certain criteria:
GSM is mainly used for speech communication, but its use for mobile data
communication is growing steadily. The key technologies used in GSM are SMS,
General Packet Radio Service (GPRS), and Wireless Application Protocol
(WAP).
Here I am eager to mention the words of Mr. Chunk Parish, Founding
Member and Chairman (1998-1999) WAP Forum; “WAP is a major step in
building the Wireless Internet, where people on-the-go can access the internet
through their wireless devices to get information such as e-mails, news
headlines, stock reports, map directions, and sports scores when they need it
and where they need.” [115]
distance between the uplink and downlink frequencies. A channel has two
of 270 kbps.
LPC is to reduce the bit rate. The LPC provides parameters for a filter that
mimics the vocal tract. The signal passes through this filter, leaving behind
[010]
Chapter 2
Location Area
Cell
2.1.1 Cell
Cell is the basic service area. The cell is the area given radio coverage by
one base transceiver station. The GSM network identifies each cell via the cell
global identity (CGI) number assigned to each cell.
The location area is a group of cells. It is the area in which the subscriber
is paged. Each LA is served by one or more base station controllers, yet only by
a single MSC. Each LA is assigned a location area identity (LAI) number.
An MSC/VLR service area represents the part of the GSM network that is
covered by one MSC and which is reachable, as it is registered in the VLR of the
MSC (see Figure).
The area covered by one network operator is called PLMN. A PLMN can
contain one or more MSCs. [013]
The solar or AC powered network station is called the Base Station (BS).
[109]
Cells are drawn in hexagonal shape because the hexagonal shaped cells
have no gaps or overlaps between them. It causes no interruption to the
communication of a mobile subscriber moving from one cell to another. It is
obvious from the figure that other shapes of the cells are leaving gaps where no
coverage is provided to the mobile users. On the other hand, there is no such
problem in hexagonal cells.
a) Macro Cells
Macro cells can be regarded as cells where the base station antenna is
installed on a mast or larger building structures that are taller than an average
roof-top level. [017]
A macro cell is a cell in a mobile phone network that provides radio
coverage served by a power cellular base station (tower). Generally, macro cells
provide coverage larger than micro cell such as rural areas or along highways.
The antennas for macro cells are mounted on ground-based masts, rooftops and
the other existing structures, at a height that provides a clear view over the
surrounding buildings and terrain. Macro cell base stations have power outputs of
typically tens of watts. [018], [019], [020]
b) Micro Cells
The antennas for micro cells are mounted at street level. Micro cell
antennas are smaller than macro cell antennas and when mounted on existing
structures can often be disguised as building features. Micro cells provide radio
coverage over distances up to, typically, between 300m and 1000m. Micro cell
base stations have lower output powers than macro cells, typically a few watts.
[022], [026]
c) Pico Cells
Pico cells are small cells whose diameter is only few dozen meters; they
are used mainly in indoor applications. It can cover e.g. a floor of
d) Umbrella Cells
A layer with micro cells is covered by at least one macro cell, and a micro
cell can in turn cover several pico cells, the covering cell is called an umbrella
cell. If there are very small cells and a user is crossing the cells very quickly, a
large number of handovers will occur among the different neighboring cells. The
power level inside an umbrella cell is increased compared to the micro cells with
which it is formed. This makes the mobile to stay in the same cell (umbrella cell)
causing the number of handovers to be decreased as well as the work to be
done by the network. [025], [026]
e) Selective Cells
The full coverage of the cells may not be required in all sorts of
applications, but cells with limited coverage are used with a particular shape.
These are named selective due to the selection of their shape with respect to the
coverage areas. For example, the cells used at the entrance of the tunnels are
selective cells because coverage of 120 degrees is used in them. [026]
2.2.3 Clusters
A cluster can contain all the frequencies of the mobile radio system.
Within a cluster, no frequency can be reused. The frequencies, however,
may be used at the earliest of the neighboring cluster.
The larger the cluster, the larger the values of frequency reuse factor ‘k’;
smaller the number of channels and the number of active subscribers per
cell.
the cells. However, the set of available frequencies is limited and that is why
there is a need for the reuse of the frequencies. [029]
A frequency reuse pattern is a configuration of N cells, N being the reuse
factor, in which each cell uses a unique set of frequencies. When the pattern is
repeated, the frequencies can be reused. There are several different patterns,
but only two are shown below to clarify the idea.
• The power level of the transmitter within the single cell must be limited in
order to reduce the interference with the transmitters of the neighboring cells.
The distance of about 2.5 times the diameter of a cell must be maintained
between transmitters of the neighboring cells to avoid any damage to the
system.
• Neighboring cells can not share the same channels. In order to reduce the
interference, the frequencies must be reused only within a certain pattern.
Chapter 3
HISTORY OF GSM
1985: West Germany, France and Italy signed an agreement for the
development of GSM. The United Kingdom joined in the following year, and the
group decided that digital technology would become the future of global wireless
communication. Digital technology offered an attractive combination of
performance and spectral efficiency. In addition, such a system would allow the
development of advanced features like speech security and data
communications. Digital also was compatible with Integrated Services Digital
Network (ISDN) technology, which was being developed by land-based.
1986: the GSM Permanent Nucleus held a series of validation trials in Paris.
They tested eight or nine different designs in the quest for an appropriate radio
path, because at the heart of developing a new digital standard was the
resolution of questions relating to reliability and error correction. One of the most
important conclusions from the early tests of the new GSM technology was that
the new standard should employ Time Division Multiple Access (TDMA)
technology. The choice was TDMA or FDMA. [032]
1991: The GSM 1800 standard was released. Commercial service was started in
mid1991.
1993: Australia becomes the first non-European country to sign the MoU. First
commercial DCS 1800 system was launched in United Kingdom (UK).
There were 36 GSM networks in 22 countries, with 25 additional countries having
already selected or considering GSM. [033] This is not only a European standard
– South Africa, Australia, and many Middle and Far East countries have chosen
GSM.
1994: By the beginning of 1994, there were 1.3 million subscribers worldwide.
[034] the acronym GSM now (aptly) stands for Global System for Mobile
telecommunications. [035]
1995: The specification for the Personal Communication Services (PCS) was
developed in the USA. This version of GSM operates at 1900MHz
1996: The first GSM 1900 systems become available. Those comply with the
PCS 1900 standard. [036]
Finally, the history of GSM is summarized in the form of a simple table
given below:
Chapter 4
GSM RADIO ASPECTS
MS
For the GSM-900 system, two frequency bands have been made available:
The 25 MHz bands are then divided into 124 pairs of frequency duplex
channels with 200 kHz carrier spacing using Frequency Division Multiple Access
(FDMA). Since it is not possible for a same cell to use two adjacent channels, the
channel spacing can be said to be 200 kHz interleaved.
One or more carrier frequencies are assigned to individual Base Station (BS)
and a technique known as Time Division Multiple Access (TDMA) is used to split
this 200 kHz radio channel into 8 time slots (which creates 8 logical channels). A
logical channel is therefore defined by its frequency and the TDMA frame time
slot number. By employing eight time slots, each channel transmits the digitized
speech in a series of short bursts: a GSM terminal is only ever transmitting for
one eighth of the time. [038]
Cellular radio as a network does not specify how the individual subscribers
have access to the network. The two main access methods are: analog and
digital.
a) Analog access
Analog systems use the familiar single channel per user concept, known
as Frequency Division Multiple Access (FDMA). World-wide there are up to six
incompatible analog cellular standards, such as NMT. The available spectrum is
divided into channels A, B, C, D, and so on. During the call, a single user will
occupy completely one channel of e.g. 25 kHz bandwidth irrespective whether
the modulation is analog or digital. The signaling over the network is digital, the
speech is modulated analog narrow-band FM
b) Digital access
• Better compatibility with the network supporting the cellular radio system
• Alternative access method to achieve a better spectral efficiency
Digital systems let each user have access to the frequency band for a short
time (traffic burst), during which time the user transmits data at a high rate.
GSM uses TDMA within a FDMA structure. As a result, different users can
transmit using the same frequency, but they can't transmit at the same time. A
25MHz frequency band is divided using an FDMA scheme into 124 one-way
carrier frequencies. Each base station is assigned one or more carriers to use in
its cell. A 200 kHz frequency band separates the carrier frequencies from each
other. Normally, a 25MHz band should be divisible into 125 carrier frequencies
but in GSM the 1st carrier frequency is used as a guard band between GSM and
other services that might be working on lower frequencies.
4.4 Bursts
• Normal burst
• Dummy burst
• Access burst
• Synchronization burst
• Frequency correction burst [041]
Figure 4.7: Organization of bursts, TDMA frames, and multiframes for speech
and data [046]
Examples of burst parts are: training sequence, encrypted bits, tail bits,
guard period and stealing flag bits.
a) Training sequence
A fixed bit pattern, called the TSC (training sequence code) is known by
both the MS and the BTS. It is used to train the MS in predicting and correcting
the signal distortions (due to Doppler and multipath effects) in the demodulation
process. The TSC has a 26, 41 or 64 bit pattern.
b) Encrypted bits
The encrypted bits represent the useful bits serving for speech, data
transmission, or signaling.
c) Tail bits
The tail bits (TB) at the beginning define ("flag") the start of a burst. The
tail bits at the end define the end of a burst.
d) Guard period
adjacent burst is not emitted. Switching off will reduce interference to other RF
channels.
The network has the option to use the information bits in the normal burst
to send signaling data as needed. By setting a flag, using the stealing flag bits,
the receiver can distinguish between traffic (user data) and signaling information.
The stealing flag bits indicate whether the adjacent 57 bits in the
associated data field contain speech/data information or are "stolen" from the
traffic channel for carrying pre-emptive FACCH (fast associated control channel)
signaling information. The FACCH is used for sending signaling data if the
capacity of the SACCH (slow associated control channel) is not sufficient. [043]
4.5. Channels
A channel relates to the recurrence of one burst in every frame. The
channel is characterized by both its frequency and its position within the TDMA
frame. This characterization is cyclical, and the channel pattern repeats every 3
hours.
There are two major categories of channels in GSM: traffic channels, and
control channels. Channels can also be classified as being dedicated or
common. Dedicated channels are assigned to a mobile station, while common
channels are used by idle mobile stations.
the mobile station does not need to transmit and receive at the same time. A full
rate traffic channel uses 1 time slot in each of the traffic frames in a multiframe.
Chapter 5
GSM ARCHITECTURE
• an antenna
• an amplifier
• a receiver
• a transmitter and
• similar hardware and software for sending and receiving signals and
converting between RF waves and audio signals [052]
The mobile station (MS) comprises all user equipment and software needed
for communication with a Wireless telephone network. MS refers to the Mobile
Phone i.e. the handset held by the users in the mobile network. This is the
terminology of 2G systems like GSM. In the 3G systems, MS (mobile station) is
now referred as User Equipment UE. The MS includes radio equipment and the
man machine interface (MMI) that a subscribe needs in order to access the
services provided by the GSM PLMN. MS can be installed in Vehicles or can be
portable or handheld stations. The MS may include provisions for data
communication as well as voice. A mobile transmits and receives message to
and from the GSM system over the air interface to establish and continue
connections through the system. [053], [064]
• Mobile Terminal (MT)- offers common functions that are used by all the
service the Mobile Station offers. It is equivalent to the network termination
of an ISDN access and is also the end-point of the radio interface.
• Terminal Equipment (TE) - is a peripheral device of the Mobile Station
and offers services to the user. It does not contain any functions specific in
GSM.
• Terminal Adapter (TA) - hides radio-specific characteristics.
• Subscriber Identity Module (SIM) - is a personalization of the Mobile
Station and stores user specific parameters (such as mobile number,
contacts etc). [054]
Just as the IMEI identities the mobile equipment, other numbers are used
to identity the mobile subscriber. Different subscriber identities are used in
different phases of call setup. The Mobile Subscriber ISDN Number (MSISDN) is
the number that the calling party dials in order to reach the subscriber. It is used
by the land network to route calls toward an appropriate MSC. The international
mobile subscribe identity (IMSI) is the primary function of the subscriber within
the mobile network and is permanently assigned to him.
The MS has two very important entities, each with its own identity:
a) Fixed Terminals
These MEs are installed in cars having the maximum power output of 20 W.
b) Portable Terminals
Portable terminals are also installed in the vehicles. Their maximum
allowed output power is 8 W.
c) Handheld terminals
The handheld terminals are most popular because of their smaller size
and weight, which are decreasing continuously. These terminals can emit up to 2
W of power. With evolution in technology, the maximum allowed power is
reduced to 0.8 W.
5.1.2.5 Mobile subscriber identities in GSM
It would be better to discuss some of the important subscriber identities in
the GSM, which make the use of this technology safer for every person whether
he/she is a subscriber of GSM or not.
1) International Mobile Subscriber Identity (IMSI)
An IMSI is assigned to each authorized GSM user. It consists of a mobile
country code (MCC), mobile network code (MNC) (to identify the PLMN), and a
PLMN unique mobile subscriber identification number (MSIN). The IMSI is the
only absolute identity that a subscriber has within the GSM system. The IMSI
consists of the MCC followed by the MNC and MSIN and shall not exceed 15
digits. It is used in the case of system-internal signaling transactions in order to
identify a subscriber. The first two digits of the MSIN identify the HLR where the
mobile subscriber is administrated. [069]
(such as traffic system disruption and malfunctioning of the system), the MSC
can direct individual TMSIs to provide the MSC with their IMSI.
The Base Station (BS) terminates the radio interface (Um) on the stationary
network side. The BS has a modular design and includes the:
In GSM, the Base Station System is a term given to a BSC (Base Station
Controller) and the BTS (Base Transceiver Station) associated with it. The
number of BTS associated with a BSC is dependent on the manufacturer.
Although not mandatory, through interpretation of the Abis interface standard
BTS and BSC employed within a BSS will always be supplied by the same
manufacturer. [072], [073]
a mobile phone and the network switching subsystem. The BSS carries out
transcoding of speech channels, allocation of radio channels to mobile phones,
paging, quality management of transmission and reception over the air interface
and many other tasks related to the radio network. [074]
The BSC is connected to the MSC on one side and to the BTS on the
other. The BSC performs the Radio Resource (RR) management for the cells
under its control. It assigns and releases frequencies and timeslots for all MSs in
its own area. The BSC performs the intercell handover for MSs moving between
BTS in its control. It also reallocates frequencies to the BTSs in its area to meet
locally heavy demands during peak hours or on special events. The BSC controls
the power transmission of both BSSs and MSs in its area. The minimum power
level for a mobile unit is broadcast over the BCCH.
The BSC provides the time and frequency synchronization reference
signals broadcast by its BTSs. The BSC also measures the time delay of
received MS signals relative to the BTS clock. If the received MS signal is not
centered in its assigned timeslot at the BTS, The BSC can direct the BTS to
notify the MS to advance the timing such that proper synchronization takes place.
The BSC may also perform traffic concentration to reduce the number of
transmission lines from the BSC to its BTSs. [074]
The databases for all the sites, including information such as carrier
frequencies, frequency hopping lists, power reduction levels, receiving levels for
cell border calculation, are stored in the BSC. This data is obtained directly from
radio planning engineering which involves modeling of the signal propagation as
well as traffic projections. [075], [076]
The packet control unit (PCU) is a late addition to the GSM standard. It
performs some of the processing tasks of the BSC, but for packet data. The
allocation of channels between voice and data is controlled by the base station,
but once a channel is allocated to the PCU, the PCU takes full control over that
channel.
The PCU can be built into the base station, built into the BSC or even, in
some proposed architectures, it can be at the SGSN site. In most of the cases,
the PCU is a separate node communicating extensively with the BSC on the
radio side and the SGSN on the Gb side.
The BTS handles the radio interface to the mobile station. The BTS is the
radio equipment (transceivers and antennas) needed to service each cell in the
network. A group of BTSs are controlled by a BSC.
There are two categorize in which, BTS may be arranged in the cells depending
upon the circumstances of the region in which they are to be used. The two
arrangements are shown in figure below.
Collocated BTS
Remote BTS
Star BTS
at MSC. The voice communication can be either at a full or half rate over logical
speech channel. In order to keep the mobile synchronized, BTS transmits
frequency and time synchronization signals over frequency correction channel
(FCCH and BCCH logical channels. The received signal from the mobile is
decoded, decrypted, and equalized for channel impairments.
Random access detection is made by BTS, which then sends the
message to BSC. The channel subsequent assignment is made by BSC. Timing
advance is determined by BTS. BTS signals the mobile for proper timing
adjustment. Uplink radio channel measurement corresponding to the downlink
measurements made by MS has to be made by BTS. [078], [079]
5.2.2.5 Sectorization
There are several BTS-BSC configurations: single site, single cell; single
site, multicell; and multisite, multicell. These configurations are chosen based on
the rural or urban application. These configurations make the GSM system
economical since the operation has options to adapt the best layout based on the
traffic requirement. Thus, in some sense, system optimization is possible by the
proper choice of the configuration.
These include omni-directional rural configuration where the BSC and
BTS are on the same site; chain and multidrop loop configuration in which
several BTSs are controlled by a single remote BSC with a chain or ring
connection topology; rural star configuration in which several BTSs are
connected by individual lines to the same BSC; and sectorized urban
configuration in which three BTSs share the same site and are controlled by
either a collocated or remote BSC. In rural areas, most BTSs are installed to
provide maximum coverage rather then maximum capacity.
The interface between the MSC and the BSS is a standardized SS7
interface (A-interface) that, as stated before, is fully defined in the GSM
recommendations. This allows the system operator to purchase switching
equipment from one supplier and radio equipment and the controller from
another. The interface between the BSC and a remote BTS likewise is a
standard the Abis. In splitting the BSS functions between BTS and BSC, the main
principle was that only such functions that had to reside close to the radio
transmitters/receivers should be placed in BTS. This will also help reduce the
complexity of the BTS.
transcoder to provide 64 Kbps channel within the BSS. Four traffic channels can
then be multiplexed on one 64-Kbps circuit. Thus, the TRAU output data rate is
64 Kbps. Then, up to 30 such 64-Kbps channels are multiplexed onto a 2.048
5.2.3.1 Um-interface
It is the air interface between the mobile station (MS) and the BTS. This
interface uses LAPDm protocol for signaling, to conduct call control,
measurement reporting, handover, power control, authentication, authorization,
location update and so on. Traffic and signaling are sent in bursts of 0.577 ms at
intervals of 4.615 ms, to form data blocks each 20 ms.
5.2.3.2 Abis-interface
It is the interface between the BTS and BSC, generally carried by a DS-1, ES-1,
or E1 TDM circuit. Uses TDM sub-channels for traffic (TCH), LAPD protocol for
BTS supervision and telecom signaling, and carries synchronization from the
BSC to the BTS and MS.
The Abis interface uses multiplexing (Mult) or rate adaptation (RA) on its
links. The first option means that four 16 kbit/s links are multiplexed into one 64
kbit/s channel. The latter option means that no multiplexing of the 16 kbit/s
channels takes place. [058]
5.2.3.3 A-interface
It is the interface between the BSC and MSC. It is used for carrying traffic
channels and the BSSAP user part of the SS7 stack. Although there are usually
transcoding units between BSC and MSC, the signaling communication takes
place between these two ending points and the transcoder unit doesn't touch the
SS7 information, only the voice or CS data are transcoded or rate adapted.
5.2.3.4 Ater-interface
It is the interface between the BSC and transcoder. It is a proprietary
interface whose name depends on the vendor (for example Ater by Nokia), it
carries the A interface information from the BSC leaving it untouched.
5.2.3.5 Gb-interface
It connects the BSS to the SGSN in the GPRS core network . [059]
All mobile phones manufactured today have both circuit and packet based
services, so most operators have a GPRS network in addition to the standard
GSM core network. [062]
SS7. An MSC includes the procedures for mobile registration and is generally co-
sited with a visitor location register (VLR) that is used to temporarily store
information relating to the mobile subscribers temporarily connected to that MSC.
The MSC performs the telephony switching functions of the system. It controls
calls to and from other telephone and data systems. It also performs such
functions as toll ticketing, network interfacing, common channel signaling, and
others.
• The home location register (HLR) for obtaining data about the SIM and mobile
services ISDN number (MSISDN; i.e., the telephone number).
• The UMTS terrestrial radio access network (UTRAN) which handles the radio
communication with 3G mobile phones.
• The visitor location register (VLR) for determining where other mobile
subscribers are located.
• Other MSCs for procedures such as handover.
a) Billing Center
Each MSC writes call accounting records to local disk memory. Billing
Center periodically polls the disk records of each MSC to collect the billing data
for the PLMN.
b) Service Center
The Service Center interfaces with the MSCs to provide special services,
such as the Short Message Service (SMS), to mobile subscribers in the PLMN.
The Billing Center and Service Center are not a basic part of the GSM system.
[083]
There are various different names for MSCs in different contexts which
reflects their complex role in the network, all of these terms though could refer to
the same MSC, but doing different things at different times.
The gateway MSC (G-MSC) is the MSC that determines which visited
MSC the subscriber who is being called is currently located. It also interfaces
with the PSTN. All mobile to mobile calls and PSTN to mobile calls are routed
through a G-MSC. The term is only valid in the context of one call since any MSC
may provide both the gateway function and the Visited MSC function; however,
some manufacturers design dedicated high capacity MSCs which do not have
any BSSs connected to them. These MSCs will then be the Gateway MSC for
many of the calls they handle.
3) Anchor MSC
The anchor MSC is the MSC from which a handover has been initiated.
The target MSC is the MSC toward which a Handover should take place. A
mobile switching centre server is a part of the redesigned MSC concept starting
from 3GPP Release 5. [084]
implement a variety of SMS services such as televoting and premium rate data
services (e.g., weather, traffic, sports, and news). [085]
The HLR stores details of every SIM card issued by the mobile phone operator.
Each SIM has a unique identifier called an IMSI which is the primary key to each
HLR record.
The next important items of data associated with the SIM are the
MSISDNs, which are the telephone numbers used by mobile phones to make
and receive calls. The primary MSISDN is the number used for making and
receiving voice calls and SMS, but it is possible for a SIM to have other
secondary MSISDNs associated with it for fax and data calls. Each MSISDN is
also a primary key to the HLR record. The HLR data is stored for as long as a
subscriber remains with the mobile phone operator.
The HLR is a system which directly receives and processes MAP transactions
and messages from elements in the GSM network, for example, the location
update messages received as mobile phones roam around.
The main function of the HLR is to manage the fact that SIMs and phones
move around a lot. The following procedures are implemented to deal with this:
The data stored in the VLR has either been received from the HLR, or
collected from the MS. In practice, for performance reasons, most vendors
integrate the VLR directly to the V-MSC and, where this is not done, the VLR is
very tightly linked with the MSC via a proprietary interface.
• The V-MSC to pass needed data for its procedures; e.g., authentication or
call setup.
• The HLR to request data for mobile phones attached to its serving area.
• Other VLRs to transfer temporary data concerning the mobile when they roam
into new VLR areas. For example, the temporal mobile subscriber identity (TMSI).
• To inform the HLR that a subscriber has arrived in the particular area covered
by the VLR.
• To track where the subscriber is within the VLR area (location area) when no
call is ongoing.
• To allow or disallow which services the subscriber may use.
• To allocate roaming numbers during the processing of incoming calls.
• To purge the subscriber record if a subscriber becomes inactive whilst in the
area of a VLR. The VLR deletes the subscriber's data after a fixed time period
of inactivity and informs the HLR (e.g., when the phone has been switched off
and left off or when the subscriber has moved to an area with no coverage for
a long time).
• To delete the subscriber record when a subscriber explicitly moves to
another, as instructed by the HLR. [086], [087], [088]
If the authentication fails, then no services are possible from that particular
combination of SIM card and mobile phone operator attempted. There is an
additional form of identification check performed on the serial number of the
mobile phone described in the EIR section below, but this is not relevant to the
AUC processing.
The AUC does not engage directly in the authentication process, but
instead generates data known as triplets for the MSC to use during the
procedure. The security of the process depends upon a shared secret between
the AUC and the SIM called the Ki. The Ki is securely burned into the SIM during
manufacture and is also securely replicated onto the AUC. This Ki is never
transmitted between the AUC and SIM, but is combined with the IMSI to produce
a challenge/response for identification purposes and an encryption key called Kc
for use in over the air communications. [088]
EIR is a database that stores the IMEI numbers for all registered ME units.
The IMEI uniquely identifies all registered ME. There is generally one EIR per
PLMN. It interfaces to the various HLR in the PLMN. The EIR keeps track of all
ME units in the PLMN. It maintains various lists of message. The database stores
the ME identification and has nothing do with subscriber who is receiving or
originating call. There are three classes of ME that are stored in the database,
and each group has different characteristics:
White List: contains those IMEIs that are known to have been assigned to valid
MS’s. This is the category of genuine equipment.
Black List: contains IMEIs of mobiles that have been reported stolen.
Gray List: contains IMEIs of mobiles that have problems (for example, faulty
software, and wrong make of the equipment). This list contains all MEs with
faults not important enough for barring. [088]
The OMC provides system change control for the software revisions and
configuration data bases in the network entities or uploaded to the OMC. The
OMC also keeps track of the different software versions running on different
subsystem of the GSM. [090], [091]
Chapter 6
GSM SUBSCRIBERS
DATA
Further data about the subscribers and their contractual agreement with
the service provider is tabulated on next page.
Restrictions)
5. Parameters for additional
services
6. Information on Subscriber’s
Equipment (if available)
7. Authentication Data (Subject to
Implementation)
Table 6.1: “Mobile Subscribers’ Data in HLR”
Chapter 7
GSM SERVICES
Telephony services are mainly voice services that provide subscribers with
the complete capability (including necessary terminal equipment) to
• Fax transmission
• Videotext access
• Fax mail —with this service, the subscriber can receive fax messages at
any fax machine. The messages are stored in a service center from which
they can be retrieved by the subscriber via a personal security code to the
desired fax number. [091], [92], [93], [097]
Components between the two TE (MS) makes the Bearer Services [115]
• Call forwarding —this service gives the subscriber the ability to forward
incoming calls to another number if the called mobile unit is not reachable,
if it is busy, if there is no reply, or if call forwarding is allowed
unconditionally.
• Call hold —this service enables the subscriber to interrupt an ongoing call
and then subsequently reestablish the call. The call hold service is only
applicable to normal telephony.
Note: Bearer and teleservices are carried under the umbrella term “telecommunication
services”.
Chapter 8
GSM FUNCTIONS
In this chapter, the description of the GSM network is focused on the different
functions to fulfill by the network and not on its physical components. In GSM,
five main functions can be defined:
• Transmission
8.2 Transmission
Transmission means sending and receiving of data and signaling bits. Not
all the components of the GSM network are strongly related with both types of
types of Tx. While the MSC, BTS and BSC, among others, are involved with data
and signaling, components such as HLR, VLR or EIR registers, are only
concerned with signaling. The GSM standard also provides separate facilities for
transmitting digital data. This allows a mobile phone to act like any other
computer on the Internet, sending and receiving data via the Internet Protocol.
[097]
8.3.1 Handoff
The user movements may result a change in the channel/cell, when the
quality of the communication is degrading; this is known as handoff. Handoffs
occur between:
To perform the handoff the mobile station controls continuously its own signal
strength and the signal strength of the neighboring cells. The list of cells that
must be monitored by the mobile station is given by the base station. Power
measurements allow deciding which the best cell is in order to maintain the
quality of the communication link. Two basic algorithms are used for handoffs:
The `power budget' algorithm: Here the handoff pre-empts the power
increase, to obtain a good SIR.
The different services to which the subscriber has access are also
checked. Next the security check is performed in the equipment identity (IMEI). If
the IMEI number of the mobile is authorized in the EIR, the mobile station is
allowed to connect the network. To assure user confidentiality, the user is
registered with a Temporary Mobile Subscriber Identity (TMSI) after its first
location update procedure. Enciphering is another option to guarantee a very
strong security. [100], [102]
• a country code
• a national destination code; this identifies the subscriber's operator
• a code mapping to the subscriber's HLR.
• The call is then passsed to the GMSC (if the call is originated from a
fixed network) that 'knows' the HLR corresponding to the particular
MSISDN number. The GMSC signals the HLR for call routing
information. The HLR requests this information from the subscriber's
current VLR. This VLR allocates temporarily a Mobile Station Roaming
Number (MSRN) for the call. The MSRN number is the information
returned by the HLR to the GMSC. It is latter that routes the call
through the MSRN number, to the subscriber's current MSC/VLR. In
the subscriber's current LA, the mobile is paged.
The OAM component allows the operator to monitor and control the
system as well as modify the configuration of the elements of the system. Not
only the OSS is part of the OAM, but also the BSS and NSS participate in
functions such as:
• Provide the operator with all the information it needs. This information is
forwarded to the OSS to control the network.
• Perform self-test tasks in addition to the OAM functions.
• Control of multiple BTSs by the BSS. [105]
When a mobile subscriber roams into a new location area (new VLR), the
VLR automatically determines that it must update the HLR with the new location
information, which it does using an SS7 Location Update Request Message. The
Location Update Message is routed to the HLR through the SS7 network, based
on the global title translation of the IMSI that is stored within the SCCP Called
Party Address portion of the message. The HLR responds with a message that
informs the VLR whether the subscriber should be provided service in the new
location.
When a user dials a GSM mobile subscriber's MSISDN, the PSTN routes
the call to the Home MSC based on the dialed telephone number. The MSC must
then query the HLR based on the MSISDN, to attain routing information required
to route the call to the subscribers' current location.
The MSC stores global title translation tables that are used to determine
the HLR associated with the MSISDN. When only one HLR exists, the translation
tables are trivial. When more than one HLR is used however, the translations
become extremely challenging; with one translation record per subscriber (see
the example below). Having determined the appropriate HLR address, the MSC
sends a Routing Information Request to it.
When the HLR receives the Routing Information Request, it maps the
MSISDN to the IMSI, and ascertains the subscribers' profile including the current
VLR at which the subscriber is registered. The HLR then queries the VLR for a
Mobile Station Roaming Number (MSRN). The MSRN is essentially an ISDN
telephone number at which the mobile subscriber can currently be reached. The
MSRN is a temporary number that is valid only for the duration of a single call.
The HLR generates a response message, which includes the MSRN, and
sends it back across the SS7 network to the MSC. Finally, the MSC attempts to
complete the call using the MSRN provided. [107]
Chapter 9
ADVANTAGES &
DISADVANTAGES OF
GSM
• GSM is mature; this maturity means a more stable network with robust
features
• Less signal deterioration inside buildings
• Ability to use repeaters
• Talk-time is generally higher in GSM phones due to the pulse nature of
transmission
• The availability of Subscriber Identity Modules allows users to switch
networks and handsets at will
• GSM covers virtually all parts of the world so international roaming is not a
problem.
• The subscriber can enjoy the broadest international coverage. It is
possible with the GSM roaming service. [110]
• Good coverage indoors on 850/900 MHz. Repeaters possible. 35 km hard limit.
• Very good due to simple protocol, good coverage and mature, power-efficient chipsets.
[111], [112]
Chapter 10
CONCLUSIONS
The services provided by the GSM are divided into three categories; the
teleservices, Bearer services, and supplementary services. Its functions include;
Transmission, Radio Resources Management (RRM), Mobility Management
(MM), Communication Management (CM), Operation, Administration and
Maintenance (OAM).
There are many advantages of GSM technology, but few of them are;
GSM more stable network with robust features, there is less signal deterioration
inside buildings etc., the availability of SIMs allows users to switch networks and
handsets at will, GSM covers virtually all parts of the world so international
roaming is not a problem, the subscriber can enjoy the broadest international
coverage. It is possible with the GSM roaming service, Very good due to simple
protocol, good coverage and mature, power-efficient chipsets.
Nothing in this world is ideal, drawbacks are always there. The
disadvantage associated with the GSM is that pulse nature of TDMA
transmission used interferes with some electronics, especially certain audio
amplifiers. GSM has a fixed maximum cell site range of 35 km, which is imposed
by technical limitations.
Overall, GSM is really a great and efficient technology bringing world
together and making every place as our homes due to a communication with
people anywhere anytime.
Appendix A
Although these technologies sound very intimidating, you can get a good
sense of how they work just by breaking down the title of each one. The first
word tells you what the access method is. The second word, division, lets you
know that it splits calls based on that access method.
FDMA
FDMA separates the spectrum into distinct voice channels by splitting it into
uniform chunks of bandwidth. To better understand FDMA, think of radio stations:
Each station sends its signal at a different frequency within the available band.
TDMA
TDMA is the access method used by the Electronics Industry Alliance and
the Telecommunications Industry Association for Interim Standard 54 (IS-54) and
Interim Standard 136 (IS-136). Using TDMA, a narrow band that is 30 kHz wide
and 6.7 milliseconds long is split time-wise into three time slots. Narrow band
means "channels" in the traditional sense. Each conversation gets the radio for
one-third of the time. This is possible because voice data that has been
converted to digital information is compressed so that it takes up significantly less
transmission space. Therefore, TDMA has three times the capacity of an analog
system using the same number of channels. TDMA systems operate in either the
800-MHz (IS-54) or 1900-MHz (IS-136) frequency bands.
Appendix B
Coverage
The most important factor is getting service in the areas you will be using
your phone. Upon viewing competitors' coverage maps you may discover that
only GSM or CDMA carriers offer cellular service in your area. If so, there is no
decision to be made, but most people will find that they do have a choice.
With the advent of cellular phones doing double and triple duty as
streaming video devices, podcast receivers and email devices, speed is
important to those who use the phone for more than making calls. CDMA has
been traditionally faster than GSM, though both technologies continue to rapidly
leapfrog along this path. Both boast "3G" standards, or 3rd generation
technologies.
GSM's answer is EDGE (Enhanced Data Rates for GSM Evolution), which
boasts data rates of up to 384 kbps with real world speeds reported closer to 70-
140 kbps. With added technologies still in the works that include UMTS
(Universal Mobile Telephone Standard) and HSDPA (High Speed Downlink
Packet Access), speeds reportedly increase to about 275—380 kbps. This
technology is also known as W-CDMA, but is incompatible with CDMA networks.
An EDGE-ready phone is required.
In the case of EVDO, theoretical high traffic can degrade speed and
performance, while the EDGE network is more susceptible to interference. Both
require being within close range of a cell to get the best speeds, while
performance decreases with distance.
In the United States only GSM phones use SIM cards. The removable SIM
card allows phones to be instantly activated, interchanged, swapped out and
upgraded, all without carrier intervention. The SIM itself is tied to the network,
rather than the actual phone. Phones that are card-enabled can be used with any
GSM carrier. The CDMA equivalent, a R-UIM card, is only available in parts of
Asia but remains on the horizon for the U.S. market. CDMA carriers in the U.S.
require proprietary handsets that are linked to one carrier only and are not card-
enabled.
To upgrade a CDMA phone, the carrier must deactivate the old phone
then activate the new one. The old phone becomes useless.
Roaming
For the most part, both networks have fairly concentrated coverage in
major cities and along major highways. GSM carriers, however, have roaming
contracts with other GSM carriers, allowing wider coverage of more rural areas,
generally speaking, often without roaming charges to the customer. CDMA
networks may not cover rural areas as well as GSM carriers, and though they
may contract with GSM cells for roaming in more rural areas, the charge to the
customer will generally be significantly higher.
International Roaming
If you need to make calls to other countries, a GSM carrier can offer
international roaming, as GSM networks dominate the world market. If you travel
to other countries you can even use your GSM cell phone abroad, providing it is
a quad-band phone (850/900/1800/1900 MHz). By purchasing a SIM card with
minutes and a local number in the country you are visiting, you can make calls
against the card to save yourself international roaming charges from your carrier
back home. CDMA phones that are not card-enabled do not have this capability.
Citations
001:
http://pt.com/page/tutorials/gsm-tutorial
002:
http://www.palowireless.com/gsm/tutorials.asp
003:
http://user.cs.tu-berlin.de/~jutta/gsm/js-intro.html
004:
www.hutchison-whampoa.com/eng/telecom/htil/htil.htm - 67k
005:
http://en.wikipedia.org/wiki/GSM_frequency_ranges
006:
www.hutchison-whampoa.com/eng/telecom/htil/htil.htm - 67k
007:
http://www.iec.org/online/tutorials/gsm/topic05.asp]
008:
http://www.telecomspace.com/gsm-specifications.html
009:
http://www.tutorialspoint.com/gsm/gsm_specification.htm
010:
http://www.visualtron.com/gsm_topic05.htm
011:
http://www.visualtron.com/gsm_topic04.htm
012:
http://www.cs.ucl.ac.uk/staff/t.pagtzis/wireless/gsm/arch.html
013:
www.tutorialspoint.com/gsm/gsm_architecture.htm
014:
http://www.sitefinder.ofcom.org.uk/jargon.htm]
015:
Javier Gozálvez Sempere, Research Engineer in Mobile Communications,
University of Strathclyde, Glasgow, Scotland
016:
http://paginas.fe.up.pt/~mleitao/CMOV/Tecnico/GSM_Sempere.html
017:
in.answers.yahoo.com/question/index?qid=20080824235013AA8MYFA - 24k -
018:
http://www.sitefinder.ofcom.org.uk/jargon.htm
019:
http://en.wikipedia.org/wiki/Macrocell#cite_note-0
020:
http://www.mpirical.com/companion/mpirical_companion.html#GSM/Macro_Cell.
htm
021:
http://en.wikipedia.org/wiki/Microcell
022:
http://www.sitefinder.ofcom.org.uk/jargon.htm
023:
in.answers.yahoo.com/question/index?qid=20080824235013AA8MYFA - 24k -
024:
http://www.sitefinder.ofcom.org.uk/jargon.htm
025:
in.answers.yahoo.com/question/index?qid=20080824235013AA8MYFA - 24k -
026:
http://www.cs.ucl.ac.uk/staff/t.pagtzis/wireless/gsm/cellular.html
027:
http://www.cs.ucl.ac.uk/staff/t.pagtzis/wireless/gsm/cellular.html
028:
http://www.gsmfavorites.com/documents/introduction/gsm/
029:
http://www.mobiledia.com/glossary/108.html
030:
http://www.telecomabc.nl/c/plaatjes/cel-cluster.gif
031:
http://wireless.per.nl/reference/chaptr04/cellplan/reuse.htm
032:
http://www.emory.edu/BUSINESS/et/P98/gsm/history.html
033:
C. Déchaux and R. Scheller. What are GSM and DCS. Electrical Communication,
2nd Quarter 1993.
034:
Torbjorn Nilsson. Toward a New Era in Mobile Communications
035:
http://user.cs.tu-berlin.de/~jutta/gsm/js-intro.html
036:
http://www.indiabroadband.net/mobile-phone-service-providers/16433-history-
gsm.html
037:
http://www.visualtron.com/gsm_topic01.htm
038:
http://www.tns.lcs.mit.edu/~turletti/gsm-overview/node4.html
039:
http://www.geocities.com/gsmmobilereport/gsmradiolink.htm
040:
http://www.geocities.com/gsmmobilereport/gsmradiolink.htm
041:
http://www.geocities.com/gsmmobilereport/gsmradiolink.htm
042:
http://www.privateline.com/PCS/GSM06.html
043:
http://www.geocities.com/gsmmobilereport/gsmradiolink.htm
044:
http://www.azizi.ca/gsm/ma/index.html
045:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html
046:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html
047:
http://www.hit.bme.hu/~mihaly/mobil.hir/gsmbase.pdf
048:
C. B. Southcott et al. Voice control of the pan-European digital mobile radio
system. In IEEE GLOBECOM 1989, November 1989.
049:
http://www.tns.lcs.mit.edu/~turletti/gsm-overview/node5.html
050:
Performance Enhancements in a Frequency Hopping GSM Network, By Thomas
Toftegaard Nielsen, Jeroen Wigard, Edition: illustrated, Published by Springer,
2000
051:
http://www.cs.ucl.ac.uk/staff/t.pagtzis/wireless/gsm/arch.html
052:
http://www.electronics-manufacturers.com/products/wireless-
communication/mobile-station/
053:
Hutchison Whampoa Limited Company manual
054:
http://en.wikipedia.org/wiki/Mobile_station
055:
santos.ee.ntu.edu.tw/mobile/2_2%20GSM.pdf
056:
Motorola Training manual
057:
http://www.radio-
electronics.com/info/cellulartelecomms/gsm_technical/gsm_interfaces.php
058:
http://www.mpirical.com/companion/mpirical_companion.html#GSM/AbisInterfac
e.htm
059:
http://en.wikipedia.org/wiki/Base_Station_Subsystem
060:
http://www.pulsewan.com/data101/gsm_basics.htm
061:
http://www.radio-
electronics.com/info/cellulartelecomms/gsm_technical/gsm_architecture.php
062:
http://en.wikipedia.org/wiki/GPRS_Core_Network
063:
www.tcil-india.com/new/new_site/white%20paper/RK-3%20GSM%20Network.ppt
064:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html
065:
http://www.tutorialspoint.com/gsm/gsm_mobile_station.htm
066:
http://www.pulsewan.com/data101/gsm_basics.htm
067:
Hutchison Whampoa Limited manual
068:
http://waridtel.net/?p=7
069:
http://www.mpirical.com/companion/mpirical_companion.html#Generic/IMSIIdenti
ty.htm
070:
http://en.wikipedia.org/wiki/IMEI
071:
http://www.gsm-security.net/faq/imei-international-mobile-equipment-identity-
gsm.shtml
072:
http://www.wicomtech.com/html/bss.asp
073:
http://www.mpirical.com/companion/mpirical_companion.html#GSM/BSS.htm
074:
http://en.wikipedia.org/wiki/Base_Station_Subsystem
075:
http://www.electronics-manufacturers.com/products/wireless-
communication/base-station-controller/
076:
http://www.tutorialspoint.com/gsm/gsm_base_station_subsystem.htm
077:
http://d.scribd.com/docs/1c3diyhjursdmjkxn406.ppt
078:
http://www.webschool.co.in/telecom/gsm/arch/functions_of_bts.php
079:
http://www.electronics-manufacturers.com/products/wireless-
communication/base-transceiver-station/
080:
http://www.scribd.com/doc/4757109/Gsm
081:
www.urtracked.com/gsm.htm
082:
http://en.wikipedia.org/wiki/File:Gsm_network.png
083:
www.geocities.com/.../architecture.htm
084:
http://en.wikipedia.org/wiki/GPRS_Core_Network
085:
Nokia SYSTRA Training Material
086:
http://www.m-indya.com/gsm/gsmarchitecture.php
087:
http://www.tutorialspoint.com/gsm/gsm_architecture.htm
088:
http://www.tutorialspoint.com/gsm/gsm_network_switching_subsystem.htm
089:
http://www.tutorialspoint.com/gsm/gsm_operation_support_subsystem.htm
090:
http://www.telecomspace.com/gsm.html
091:
http://www.tutorialspoint.com/gsm/gsm_network_switching_subsystem.htm
092:
http://e-articles.info/e/a/title/Features-and-Services-of-GSM/
093:
http://www.ewh.ieee.org/r10/bombay/news5/GSM.htm
094:
http://en.wikipedia.org/wiki/GSM_services
095:
http://www.visualtron.com/gsm_topic06.htm
096:
http://www.aws.cit.ie/personnel/dpesch/notes/msc_sw/GSM_services.pdf
097:
http://en.wikipedia.org/wiki/GSM_services
098:
http://en.wikipedia.org/wiki/Radio_resource_management
099:
http://en.wikipedia.org/wiki/Radio_resource_management
100:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html#5.2
101:
http://www.gsmfavorites.com/documents/introduction/gsm/
102:
http://www.pulsewan.com/data101/gsm_basics.htm#Mobility%20Management%
20
103:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html#5.2
104:
http://www.privateline.com/mt_gsmhistory/2006/01/communication_management
.html
105:
http://www.tns.lcs.mit.edu/~turletti/gsm-overview/node6.html
106:
http://ccnga.uwaterloo.ca/~jscouria/GSM/gsmreport.html
107:
http://pt.com/page/tutorials/gsm-tutorial
108:
http://www.azizi.ca/gsm/ma/index.html#ref2
109:
http://www.sitefinder.ofcom.org.uk/jargon.htm
110:
http://ezinearticles.com/?Several-Advantages-of-World-GSM-Cellular-
Phones&id=2024801
111:
http://en.wikipedia.org/wiki/Comparison_of_mobile_phone_standards
112:
http://in.answers.yahoo.com/question/index?qid=20070202053500AA6OrQt
113:
http://electronics.howstuffworks.com/cell-phone7.htm
114:
R. Steele, C.C. Lee, “GSM, cdmaOne and 3G Systems”, John Wiley & Sons Ltd.
2001.
115:
Jörg Eberspächer, Vögel, Bettsteller, “GSM: Switching, Services, and Protocols”,
John Wiley & Sons Ltd. 2003.