Académique Documents
Professionnel Documents
Culture Documents
Contents
GSM Overview Services System architecture GSM Channels Call establishment Handover Security Data services
HSCSD (High-Speed Circuit Switched Data) GPRS (General Packet Radio Service) EDGE (Enhanced Data rates for Global Evolution)
Almost all slides contain material from Schiller, J., Mobile Communications, Addison Wesley
GSM: Overview
Objective:
Seamless roaming within Europe(ETSI, European Telecommunications Standardization Institute)
formerly: Groupe Spciale Mobile (founded 1982), now: Global System for Mobile Communication Market share:
85% of global mobile subscribers use GSM and 3GSM (WCDMA) (March, 2007)
Salient features:
Roaming Security Better transmission quality Higher capacity Device independence (SIM)
128-251
0-124, 955-1023 124 channels +49 channels 512-885
824-849
876-915 890-915 880-915 1710-1785
869-894
921-960 935-960 925-960 1805-1880
512-810
1850-1910
1930-1990
876-915 876-880
921-960 921-925
- Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz - Please note: frequency ranges may vary depending on the country! - Channels at the lower/upper edge of a frequency band are typically not used
R, S
Um
(U, S, R)
Ingredients 2: Antennas
Ingredients 3: Infrastructure 1
Base Stations
Cabling
Microwave links
Ingredients 3: Infrastructure 2
Not visible, but comprise the major part of the network (also from an investment point of view)
Management
Data bases
components
radio cell
RSS
BTS
MS
MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register)
subsystems
MSC MSC signaling GMSC IWF O ISDN, PSTN PDN
NSS
VLR HLR
VLR
OSS
EIR
AUC
OMC
RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network
Components
MS (Mobile Station) BSS (Base Station Subsystem): consisting of
BTS (Base Transceiver Station): sender and receiver BSC (Base Station Controller): controlling several transceivers
Interfaces
A BSC
MSC
Um : radio interface Abis : standardized, open interface with 16 kbit/s user channels A: standardized, open interface with 64 kbit/s user channels
Mobile station
A mobile station (MS) comprises several functional groups
MT (Mobile Terminal):
offers common functions used by all services the MS offers corresponds to the network termination (NT) of an ISDN access end-point of the radio interface (Um) terminal adaptation, hides radio specific characteristics
TA (Terminal Adapter):
TE (Terminal Equipment):
peripheral device of the MS, offers services to a user does not contain GSM specific functions
TE R
TA S
MT
Um
Components
MSC (Mobile Services Switching Center): IWF (Interworking Functions) ISDN (Integrated Services Digital Network) PSTN (Public Switched Telephone Network) PSPDN (Packet Switched Public Data Net.) CSPDN (Circuit Switched Public Data Net.)
EIR SS7
HLR
Databases
HLR (Home Location Register) VLR (Visitor Location Register) EIR (Equipment Identity Register)
ISDN PSTN PSPDN CSPDN
Components
Mobile Services Switching Center (MSC) controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC Databases (important: scalability, high capacity, low delay)
Home Location Register (HLR) central master database containing user data, permanent and semipermanent data of all subscribers assigned to the HLR (one provider can have several HLRs) Visitor Location Register (VLR) local database for a subset of user data, including data about all user currently in the domain of the VLR
Functions of a MSC
Operation subsystem
The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems Components
Authentication Center (AUC)
generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system
GSM - TDMA/FDMA
935-960 MHz 124 channels (200 kHz) downlink
3 bits
57 bits
1 26 bits 1
57 bits
546.5 s 577 s
Some questions
Raw data rate per carrier? Data rate per carrier? Data rate per user (1 slot in a frame)? For higher data rate user, what can be done? Uplink and Downlink frequencies are 45 MHz apart, do we need a full duplex receiver? One frequency band might suffer in frequency selective fading, what to do? Answers: 270 Kbits/s (148 bits/546.5 s) 200 Kbits/s (114/(546.5 or 577 s)) 25 Kbits/s (excluding FEC ~ 22.8Kbits/s) Use multiple slots logical channels Uplink and downlink TDM channels are shifted by 3 slots Frequency hopping
Traffic channels
Full rate (TCH-F)
22.8 Kbits/s Standard voice codes, full rate is 13 Kbits/s Rest of the bits are used for error correction
Data transmission
TCH/F4.8 (4.8 Kbits/s) Why the data rate is low? TCH/F9.6 (9.6 Kbits/s) TCH/F14.4 (14.4 Kbits/s)
Control Channels
Broadcast channels (0th time slot)
Broadcast control channel
Cell/network ID Channel characteristics and availability
Synchronization channel
Correction of individual path delay
Control channels II
Dedicated control channels (any time slot except 0th)
Slow associated control channel
TTTTTTTTTTTTSTTTTTTTTTTTTS.
Forward channel: current control information (power level etc.) Reverse channel: received signal quality Also used for SMS
HLR
VLR
3 6
PSTN
8 9 14 15
MSC
GMSC
10
BSS
10 13 16
BSS
10
BSS
11
11 11 12 17
MS
11
VLR
3 4 6
GMSC
5
MSC
2 9
MS
1 10
BSS
GSM Operations
Security in GSM
Security services
access control/authentication
user SIM (Subscriber Identity Module): secret PIN (personal identification number) SIM network: challenge response method
confidentiality
voice and signaling encrypted on the wireless link (after successful authentication)
anonymity
temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission
secret: A3 and A8 available via the Internet network providers can use stronger mechanisms
GSM - authentication
A3
SRES* 32 bit SRES
A3
SIM 32 bit
MSC
SRES* =? SRES
SRES 32 bit
SRES
A8
cipher key Kc 64 bit
A8
Kc 64 bit
BSS
data
A5
encrypted data
SRES data MS A5
4 types of handover
1 MS 2 MS 3 MS 4 MS
BTS
BTS BSC
Handover decision
Average signal strength is used instead of instantaneous values HO_Margin or hysteresis level to reduce the pingpong effect
Disadvantages of GSM
There is no perfect system!! no end-to-end encryption of user data no full ISDN bandwidth of 64 kbit/s to the user, no transparent Bchannel reduced concentration while driving electromagnetic radiation abuse of private data possible roaming profiles accessible high complexity of the system several incompatibilities within the GSM standards
Good enough for SMS, fax, etc. but not enough for Internet and multimedia applications
Coding 1 slot schem e CS-1 CS-2 CS-3 CS-4 9.05 13.4 15.6 21.4
(bits)
(bits)
CS-1
184
40
228
456
CS-2
CS-3 CS-4
271
315 431
16
16 16
3
3 9
4
4 -
294
338 -
588
676 456
132
220 0
0.64
0.74 1
GPRS architecture
GPRS network elements
GSN (GPRS Support Nodes): GGSN and SGSN GGSN (Gateway GSN)
user addresses
MS
BSS
SGSN
GGSN
PDN
Um
Gb
Gn
Gi
MSC
HLR/ GR EIR
VLR
MSC/VLR:
optionally enhanced to coordinate GPRS and non-GPRS e.g. combined location updates, SGSN paging for GSM calls
GPRS operations II
User Registration associates the MS ID with the user address
In home area, HLR is enhanced to reference GPRS data Outside home area, dynamically allocated records are references in VLRs
Authentication - via GSM mobility management protocols Call Admission Control determines resources for QoS Routing is performed by the GSNs on a hop-by-hop basis, using the destination address
Routing tables are maintained by the GSNs using the GTP layer
3 bits
57 bits
1 26 bits 1
57 bits
546.5 s 577 s
Reference
Mobile communications by J. Schiller, Chapter 4