Documente Academic
Documente Profesional
Documente Cultură
INTRODUCTION
But what’s cellular?
MSC
BS
PSTN
HLR, VLR,
AC, EIR
What is GSM ?
GSM
formerly: Groupe Spéciale Mobile (founded 1982)
now: Global System for Mobile Communication
Pan-European standard (ETSI, European
Telecommunications Standardisation Institute)
simultaneous introduction of essential digital cellular
services in three phases (1991, 1994, 1996) by the
European telecommunication administrations,
seamless roaming within Europe possible
today many providers all over the world use GSM (more
than 130 countries in Asia, Africa, Europe, Australia,
America)
more than 100 million subscribers
Performance characteristics of GSM
Communication
mobile, wireless digital communication; support for voice and
data services
Total mobility
international access, chip-card enables use of access points
of different providers
Worldwide connectivity
one number, the network handles localization
High capacity
better frequency efficiency, smaller cells, more customers per
cell
High transmission quality
high audio quality
uninterrupted phone calls at higher speeds (e.g., from cars,
trains) – better handoffs and
Security functions
access control, authentication via chip-card and PIN
Disadvantages of GSM
GSM offers
several types of connections
voice connections, data connections, short message service
multi-service options (combination of basic services)
Three service domains
Bearer Services – interface to the physical medium (transparent for
example in the case of voice or non transparent for data services)
Telematic Services – services provided by the system to the end user
(e.g., voice, SMS, fax, etc.)
Supplementary Services – associated with the tele services: call
forwarding, redirection, etc.
bearer services
MS
transit source/
TE MT GSM-PLMN network destination TE
R, S Um (PSTN, ISDN) network (U, S, R)
tele services
ARCHITECTURE
Architecture of the GSM system
BSC
BSC
RSS
GSM: elements and interfaces
radio cell
BSS
MS MS
Um radio cell
RSS BTS MS
BTS
Abis
BSC BSC
A
MSC MSC
NSS signaling
VLR VLR
ISDN, PSTN
HLR GMSC
PDN
IWF
O
OSS
EIR AUC OMC
GSM System Architecture
GSM: system architecture
radio network and fixed
subsystem switching subsystem partner networks
MS MS
ISDN
PSTN
Um MSC
BTS Abis
BSC EIR
BTS
SS7
HLR
BTS VLR
BSC ISDN
BTS MSC PSTN
A
BSS IWF
PSPDN
CSPDN
System architecture: radio subsystem
radio network and switching Components
subsystem subsystem
MS (Mobile Station)
MS MS BSS (Base Station Subsystem):
consisting of
BTS (Base Transceiver Station):
Um sender and receiver
Abis BSC (Base Station Controller):
BTS controlling several transceivers
BSC MSC
BTS
Interfaces
Um : radio interface
Abis : standardized, open
interface with
16 kbit/s user channels
A
BTS A: standardized, open interface
BSC MSC
with
BTS
64 kbit/s user channels
BSS
System architecture: network and switching subsystem
network fixed partner
subsystem networks
Components
MSC (Mobile Services Switching Center):
ISDN IWF (Interworking Functions)
PSTN
MSC
ISDN (Integrated Services Digital Network)
PSTN (Public Switched Telephone Network)
EIR PSPDN (Packet Switched Public Data Net.)
CSPDN (Circuit Switched Public Data Net.)
SS7
HLR
Databases
HLR (Home Location Register)
VLR VLR (Visitor Location Register)
ISDN EIR (Equipment Identity Register)
MSC
PSTN
IWF
PSPDN
CSPDN
Radio subsystem
TE TA MT
Um
R S
GSM: cellular network
VLR contains
MSRN
TMSI
Location area where mobile station has
registered
Info for supplementary services (if any)
IMSI
HLR or global title
Local identity for mobile station (if any)
GSM Radio Interface - TDMA/FDMA
935-960 MHz
124 channels (200 kHz)
downlink
890-915 MHz
124 channels (200 kHz)
uplink
higher GSM frame structures
time
1 2 3 4 5 6 7 8
4.615 ms
superframe
0 1 2 ... 48 49 50
6.12 s
0 1 ... 24 25
multiframe
0 1 ... 24 25 120 ms
0 1 2 ... 48 49 50 235.4 ms
frame
0 1 ... 6 7 4.615 ms
slot
burst 577 µs
Mobile Terminated Call
1, 2: connection
request
VLR
3, 4: security
3 4
check 6 5
PSTN GMSC MSC
5-8: check 7 8
2 9
resources (free MS
1
BSS
circuit) 10
13 Kbps
22.8 Kbps
Interleaving De-interleaving
22.8 Kbps
33.6 Kbps
Ciphering De-ciphering
Conversation
45
HANDOFFS IN GSM
Handoffs
1
2 3 4
MS MS MS MS
MSC MSC
GSM handoffs
HO_MARGIN
MS MS
BTSold BTSnew
Handover procedure
HO decision
HO required HO request
resource allocation
ch. activation
HO complete HO complete
clear command clear command
clear complete clear complete
GSM Security
Security in GSM
Security services
access control/authentication
user SIM (Subscriber Identity Module): secret PIN (personal
identification number)
SIM network: challenge response method
confidentiality
voice and signaling encrypted on the wireless link (after successful
authentication)
anonymity
“secret”:
temporary identity TMSI
• A3 and A8
(Temporary Mobile Subscriber Identity) available via the
newly assigned at each new location update (LUP) Internet
encrypted transmission • network providers
can use stronger
3 algorithms specified in GSM mechanisms
A3 for authentication (“secret”, open interface)
A5 for encryption (standardized)
A8 for key generation (“secret”, open interface)
GSM Security
RAND
Ki RAND RAND Ki
A3 A3
SIM
SRES* 32 bit SRES 32 bit
SRES
MSC SRES* =? SRES SRES
32 bit
Anonymity of users
Supported by temporary mobile subscriber ID
(TMSI)
When registered, mobile station sends
globally-unique international mobile
subscriber ID (IMSI) to network
Network assigns TMSI for use during call -
IMSI is not sent over radio link
Only network and mobile station know true
identity
New TMSI is assigned when roam into new
area
GSM - key generation and encryption
RAND
Ki RAND RAND Ki
AC 128 bit 128 bit 128 bit 128 bit SIM
A8 A8
cipher Kc
key 64 bit Kc
64 bit
data encrypted SRES
data
BTS
data MS
A5 A5
Channels
65
Frequency bands
66
Frequency bands
One or more carrier frequencies are assigned to each BS
Eight time slots are grouped into a TDMA frame (120/26 ms, or
approx. 4.62 ms; 120 frames in a multiframe that is 26ms in
duration)
Time slot = 4.62/ 8 ms (or approx. 0.577 ms)
One physical channel is one time slot per TDMA frame.
67
Spectrum efficiency
68
Traffic frames & control frames
69
Delivery of a call to a GSM mobile station
Mobile Station Base Station
Initial Procedure
Conversation
70
Initial procedure in delivery of a call to
a GSM mobile station
Authentication response
CIPHERING MODE
Ciphering Mode ACK
setup
Call Confirmed
ALERTING
CONNECT
Assignment Command
72
Termination of the call (by MS)
Mobile Station How is the call terminated at MS? Base Station
Conversation
FACCH: “Disconnect”
FACCH: “Release”
73