* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Radio Interface
		                    
		                    
								Survey							
                            
		                
		                
                            
                            
								Document related concepts							
                        
                        
                    
						
						
							Transcript						
					
					Chapter 4: Telecommunication Systems 1600 Mobile phone subscribers worldwide approx. 1.7 bn 2009: >4 bn! 1400 Subscribers [million] 1200 GSM total 1000 TDMA total CDMA total PDC total 800 Analogue total W-CDMA 600 Total wireless Prediction (1998) 400 200 0 1996 1997 1998 1999 2000 2001 2002 2003 2004 year CT0/1 AMPS NMT CT2 IMT-FT DECT IS-136 TDMA D-AMPS TDMA FDMA Development of mobile telecommunication systems GSM PDC EDGE GPRS IMT-SC IS-136HS UWC-136 IMT-DS UTRA FDD / W-CDMA HSPA IMT-TC CDMA UTRA TDD / TD-CDMA IMT-TC TD-SCDMA 1G IS-95 cdmaOne cdma2000 1X 2G 2.5G IMT-MC cdma2000 1X EV-DO 1X EV-DV (3X) 3G What is GSM? The Global System for Mobile Communications is a digital cellular communications system. It was developed in order to create a common European mobile telephone standard but it has been rapidly accepted worldwide. GSM was designed to compatible with ISDN (integrated services digital network) services. It signifies an extremely successful technology and bearer for mobile communication system. GSM today Covers 71% of all the digital wireless market. What is GSM? People use it not only in business but also in everyday personal life. Its principle use it is for wireless telephony and messaging through SMS. It also supports facsimile and data communication. Due to its innovative technologies and strengths GSM rapidly became truly global. Many of the new standardization initiative came from outside Europe. What is GSM? Depending on locally available frequency bands, different air interfaces were defined. These are 900MHz, 1800MHz, and 1900MHz. However, architecture, protocols, signaling and roaming are identical in all networks independent of the operating frequency bands. GSM uses a combination of FDMA (frequency division multiple access) and TDMA ( Time division multiple access). Why GSM? GSM uses radio frequencies more effectively than the older system. The data transmission services and the quality of the speech are better than in analog system. There are two kinds of advanced security services available on the radio path : user identity and data confidentiality. New services and ISDN compatibility are offered. It makes international roaming possible. The big uniform market hardens the competitions and lowers the prices. Later on it also leads to lower system costs. History of GSM GSM is based on a set of standards, formulated in the early 1980s. In 1982 the conference of European posts and Telegraphs formed a study group called the Groupe Special Mobile (GSM) to study and develop a pan-European mobile system, which was later introduce as Global System for Mobile Communication. GSM Services   GSM offers  several types of connections  voice connections, data connections, short message service  multi-service options (combination of basic services) Three service domains  Bearer Services  Tele Services  Supplementary Services GSM Services (cont…) TE=Terminal MT=Mobile Termination PLMIN=public land mobile network PSTN=public switched telephone network ISDN=integrated services digital network bearer services MS TE MT R, S GSM-PLMN Um transit network (PSTN, ISDN) source/ destination network tele services Fig: Bearer and Tele services referene model TE (U, S, R) GSM Services: Tele Services   Telecommunication services that enable voice communication via mobile phones. All these basic services have to obey cellular functions, security measurements etc. Telephony Facsimile group 3 Emergency call Teletex Short message Services (SMS) Fax mail Voice mail Electronic mail GSM Services: Bearer Services A bearer service is used for transporting user data. Some of the bearer services are listed below: Asynchronous and Synchronous data, 3009600 bps. Alternate speech and data, 300-9600 bps. Asynchronous PAD (packet-switched access, 300-9600 bps. Synchronous dedicated packet data access, 2400-9600 bps. GSM Services: Supplementary Services Call Forwarding- the subscriber can forward incoming calls to another number if the called mobile is busy, unreachable or if there is no reply. Call Barring-There are different types of call barring services: Barring of all outgoing calls Barring of outgoing international calls Barring of all incoming calls Barring of incoming calls when roaming. Call hold-puts an active call on hold. GSM Services: Supplementary Services Call Waiting Closed user group, CUG-it corresponds to a group of users with limited possibilities of calling, locking of the mobile terminal (Incoming and outgoing calls) GSM Architecture The coverage area of a cellular system is partitioned into a number of smaller area or cells with each cell served by a Base Station (BS) for radio coverage. The base station are connected through fixed links to a mobile switching center (MSC), which is a local switching exchange with additional features to handle mobility management requirements of a cellular system. GSM Architecture MSCs also interconnect with the public switched telephone network (PSTN) because the majority of calls in a cellular mobile system either originate form or terminate at fixed network terminals. In the next slide figure a typical cellular system architecture/ GSM network architecture. GSM: elements and interfaces radio cell MS BSS MS Um radio cell MS BTS RSS BTS Abis BSC BSC A MSC NSS MSC VLR signaling VLR GMSC HLR IWF O OSS EIR AUC OMC ISDN, PSTN PDN GSM Architecture GSM system consist of three subsystems: Radio Subsystem (RSS) Network and Switching Subsystem (NSS) Operation Subsystem (OSS) GSM Architecture: Radio Subsystem (RSS) Mobile Station: Mobile station consist of two units: Mobile hand set is one of the most complicated GSM device. It provides user the access to the network. Subscribe identity module (SIM) is a removable module goes into the mobile handset. Each SIM has unique number called international mobile subscriber identity (IMSI). It has built in micro-computer & memory into it. GSM Architecture: Radio Subsystem (RSS) Base station subsystem (BSS): A GSM network comprises many BSS, each controlled by a base station controller (BSC). The BSS performs all function necessary to maintain radio connections to an MS, coding/decoding of voice, and rate adaptation to/from the wireless network part. Besides a BSC, the BSS contains several BTS. GSM Architecture: Radio Subsystem (RSS) Base transceiver station (BTS): BTS has set of transceiver to talk to MS. One BTS covers one or more than one cell. Capacity of BTS depends on no of transceivers. BTS is connected to BSC via A’bis interface. Transmission rate on A’bis is 2 Mbps. Interface between MS and BTS is called Um. Transmission rate on Um interface is 13 Kbps. Each transmission has 8 TDMA channels to carry voice & signaling. GSM Architecture: Radio Subsystem (RSS) Base station controller (BSC): BSC controls several BTSs. BSC manages channel allocation & handover of called from one BTS to another BTS. BSC is connected to MSC via A’ interface. Transmission rate on A I/F is 2 Mbps. Interface between BSC & BTS is called A’bis I/F. BSC has database for all of its BTS’s parameters. BSC provides path from MS to MSC. GSM Architecture: Network and Switching Subsystem (NSS) Mobile services switching center (MSC): MSC is hear of the entire network connecting fixed line network to mobile network. MSC manages all call related functions and billing information. MSC is connected to HLR & VLR for subscriber identification & routing incoming calls. MSC capacity is in terms of no of subscribers. MSC is connected to BSC at one end and fixed line network on other end. Call Detail Record (CDR) is generated for each & every call in the MSC. GSM Architecture: Network and Switching Subsystem (NSS) Home location register (HLR): All subscribers data is stored in HLR. It has permanent data base of all the registered subscribers. GSM Architecture: Network and Switching Subsystem (NSS) Visitor location register (VLR): Active subscriber is registered in VLR. It is a temporary data base of all the active subscribers. HLR validates subscriber before registration. MSC ask VLR before routing incoming call. GSM Architecture: Operation Subsystem (OSS) Operation and maintenance center (OMC): All the network elements are connected to OMC. OMC monitors health of all network elements & carries out maintenance operation, if required. OMC is linked to BTSs via parent BSC. OMC keeps records of all the faults occurred. OMC can also generate Traffic analysis reports. GSM Architecture: Operation Subsystem (OSS) Authentication center (AuC): Authentication is a process to verify the subscriber SIM. Secret data & verification algorithm are stored in to the AUC. AUC & HLR combined to authenticate the subscribers. Subscriber authentication can be done on every call if required. GSM Architecture: Operation Subsystem (OSS) Equipment identity register (EIR): The equipment identity register stores the international mobile equipment identity (IMEI) numbers for the entire network. IMEI enables the MSC in denitrifying the type of terminal, mobile equipment manufacturer, and model and helps the network in locating the device in case it is stolen or misplaced. The EIR contains three different types of lists: A Black list: includes mobile stations which have been reported stolen or are currently locked due to some reason. GSM Architecture: Operation Subsystem (OSS) Equipment identity register (EIR): A White list: which records all MSs that are valid and operating. A Grey list: including all those MSs that may not be functioning properly. According to category the MS can make calls or can be stopped from making calls. Radio Interface The radio interface is the interface between the mobile stations and the fixed infrastructure. It is one of the most important interfaces of the GSM system. One of the main objectives of GSM is roaming. Therefore, in order to obtain a complete compatibility between mobile stations and networks of different manufactures and operators, the radio interface must be completely defined. Radio Interface The spectrum efficiency depends on the radio interface and the transmission, more particularly in aspects as the capacity of the system and the techniques used in order to decrease the interface and to improve the frequency reuse scheme. The specification of the radio interface has then an important influence on the spectrum efficiency. Radio Interface Frequency allocation: Two frequency band of 25 MHz each one, have been allocated for the GSM system: The band 890-915 MHz has been allocated for the uplink direction (transmitting from the mobile station to the base station) The band 935-960 MHz has been allocated for the down link direction (transmitting from the base station to the mobile station) But not all the countries can use the whole GSM frequency band. Radio Interface Multiple Access Scheme: The multiple access scheme defines how different simultaneous communications, between different mobile stations situated in different cells, share the GSM radio spectrum. A mix of Frequency Division Multiple Access (FDMA) and Time Division Multiple Access (TDMA) combined with frequency hopping, has been adopted as the multiple access scheme for GSM. Radio Interface FDMA: Using FDMA, a frequency is assigned to a user. So the larger the number of users in a FDMA system the larger the number of available frequencies must be. The limited available radio spectrum and the fact that a user will not free its assigned frequency until he does not need it anymore, explain why the number of users in a FDMA system can be ‘quickly” limited. Radio Interface TDMA: On the other hand, TDMA allows several users to share the same channel. Each of the users, sharing the common channel, is assigned their own burst within a group of bursts called a frame. Usually TDMA is used with a FDMA structure. GSM - TDMA/FDMA 935-960 MHz 124 channels (200 kHz) downlink 890-915 MHz 124 channels (200 kHz) uplink higher GSM frame structures time GSM TDMA frame 1 2 3 4 5 6 7 8 4.615 ms GSM time-slot (normal burst) guard space tail 3 bits user data S Training S user data 57 bits 1 26 bits 1 57 bits guard tail space 3 546.5 µs 577 µs Radio Interface Data is transmitted in small portion is called bursts. Each carrier frequency is then divided in time using a TDMA scheme. This scheme splits the radio channel, with a width of 200KHz, into 8 burst. A burst is the unit of time in TDMA system, and its lasts approximately 0.577 ms. A TDMA frame is form with 8 bursts and lasts consequently, 4.615 ms. Each of the eight burst, that form a TDMA frame, are then assigned to a single user. Radio Interface: Channel Structure A channel corresponds to the recurrence of one burst every frame. It is defined by its frequency and the position of its corresponding burst within a TDMA frame. GSM in TDMA: Each carrier consists of eight time slots. In GSM there are Two types of Channels: Physical Channel: Logical Channel: Radio Interface: Channel Structure Physical Channel: A physical channel is a single slot on a single frequency. Thus there are eight physical channels per frequency pair of TDMA frame. The information within the physical channel is termed a burst. Radio Interface: Channel Structure Logical Channel: A logical channel is the content within a burst, e.g. Speech. Signalling or measurement, the way in which we organize these channels is partly dependent upon the application. But is dependent on whether the information is sent uplink or downlink or bi-direction. Radio Interface: Channel Structure Logical Channel: There are two type of logical channel: 1. The Traffic Channels used to transport speech and data information. 2. The Control Channels used for network management message and some channel maintenance tasks. Radio Interface: Channel Structure 1. Traffic Channels (TCH): Full-rate traffic channels (TCH/F) are defined using a group of 26 TDMA frame called a 26multiframe. The 26-multiframe lasts consequently 120 ms. In this 26-multiframe structure the traffic channels for the downlink and uplink are separated by 2 bursts. As a consequence, the mobiles will not need to transmit and receive at the same time which simplifies considerably the electronics of the system. Radio Interface: Channel Structure 1. Traffic Channels (TCH): The frame that form the 26-multiframe structure have different functions: 24 frames are reserved to traffic. 1 frame is used for the slow associated control channel (SACCH). The last frame is unused. This idle frame allows the mobile station to perform other functions, such as measuring the signal strength of neighboring cells. Radio Interface: Channel Structure 1. Traffic Channels (TCH): Half-rate traffic channels (TCH/H) which double the capacity of the system, are also grouped in a 26-multifram but the internal structure is different. Radio Interface: Channel Structure 2. Control Channels: according to their functions, four different classes of control channels are defined: 2.1 Broadcast channels (BCH). 2.2 Common control channels (CCCH). 2.3 Dedicated control channels (DCCH). 2.4 Associated control channels (ACCH). Radio Interface: Channel Structure 2.1 Broadcast channels (BCH): the broadcast channels are used, by the base station to provide the mobile station with the sufficient information. It needs to synchronize with the network. There are different types of BCH can be distinguished: FCCH (Frequency Correction Channel): it carries no real information. All bits are set to zero, which generates a pure sine wave in the modulator. Radio Interface: Channel Structure 2.1 Broadcast channels (BCH): FCCH (Frequency Correction Channel): It allows the mobile to tune its synthesizer roughly and indicates that on this frequency broadcast information is transmitted. SCH (Synchronization Channel): The SCH transmits the used for handover and the TDMA frame number which is used for ciphering. BCCH (Broadcast Control Channel): The BCCH contains cell specific information like cell ID, used frequency hopping sequences, adjacent cells etc. Radio Interface: Channel Structure 2.2 Common control channels (CCCH): The CCCH channels help to establish the calls from the mobile station or the network. There different types of CCCH can be defined: PCH (Paging Channel (Downlink)): This channel transmits the paging request for a mobile in case of an incoming call. Radio Interface: Channel Structure 2.2 Common control channels (CCCH): AGCH (Access Grant Channel (Downlink)): On this channel the mobile gets initial time advance and the information which signaling channel should be used. RACH (Random Access Channel (Uplink)): Only on this the mobile can access a cell. It contains an identifier of the mobile. Radio Interface: Channel Structure 2.3 Dedicated control channels (DCCH): The DCCH channels are used for message exchange between several mobiles or a mobile and the network. Two different types of DCCH can be defined: SDCCH (Stand alone dedicated control channel): This channel is bi-directional and is used for cell set up procedures such as authentication and it assigns a particular traffic channel to the mobile. Radio Interface: Channel Structure 2.3 Dedicated control channels (DCCH): SACCH (Slow associated control channel): A SACCH is associated with every SDCCH and every TCH too. During the call setup and a call in progress. The system has to know, if a handover is required the information pertaining to this are transmitted on this particular channel. It is also used to control the power of the MS and to maintain the correct timing alignment of a mobile moving within the cell. Radio Interface: Channel Structure 2.4 Associated control channels (ACCH): The Fast Associated control channels (FACCH) replace all or part of a traffic cannel when urgent signaling information must be transmitted. The FACCH channels carry the same information as the SDCCH channels. Radio Interface: Frame hierarchy In next slide figure, the pattern of 26 slots occurs in all TDMA frames with traffic channel (TCH). The combination of these frames is called traffic multiframe. the logical combination of 26 frames to a multiframe with a duration of 120 ms. This type of multiframe is used for traffic channel (TCH), slow associated dedicated control channel (SACCH), Fast Associated control channels (FACCH). Radio Interface: GSM hierarchy of frames hyperframe 0 1 2 2045 2046 2047 3 h 28 min 53.76 s ... superframe 0 1 0 2 ... 1 48 ... 49 24 50 6.12 s 25 multiframe 0 1 ... 0 1 24 2 120 ms 25 ... 48 49 50 235.4 ms frame 0 1 ... 6 7 4.615 ms slot burst 577 µs Radio Interface: Frame hierarchy TDMA frames containing data for the other logical channels are combined to a control multiframe. Control multiframe consist of 51 TDMA frames and have a duration of 235.4 ms. This logical frame hierarchy continues, combining 26 multiframe with 51 frames or 51 multiframe with 26 frames to form a superframe. Radio Interface: Frame hierarchy 2,048 super frames build a hyperframe with a duration of almost 3.5 hours. Altogether, 2,715,648 TDMA frames form hyperframe. GSM Protocols & Interfaces Next slide figure shows the signaling protocols between the MS and BTS, between the BTS and BSC, between the BSC and the MSC. These protocols between some interfaces presented. MS and BTS between Um interface used: The air interface is used for exchanges between a MS and a BSS. It is used for transmitting signaling further. GSM protocol layers for signaling Um Abis MS A BTS BSC CM CM MM MM Layer 3 RR RR’ Layer 2 MSC BTSM RR’ BTSM LAPDm LAPDm LAPD LAPD radio radio PCM PCM BSSAP BSSAP SS7 SS7 PCM PCM Layer 1 16/64 kbit/s 64 kbit/s / 2.048 Mbit/s GSM Protocols & Interfaces BTS and BSC between Abis interface used: This is a BSS internal interface linking the BSC and a BTS, and it has not been standardized. The Abis interface allows control of the radio equipment and radio frequency allocation in the BTS. GSM Protocols & Interfaces BSC and MSC between A interface used: The A interface linking the BSC and MSC. The A interface manages the allocation of suitable radio resources to the MSs and mobile management. GSM Protocols In GSM, there are different types of protocols used in different layers. These layers protocols function are describe bellow: Mobility Management (MM): The MM layer is in charge of maintain the location data, in addition to the authentication and ciphering procedures. GSM Protocols Communication Management (CM): The CM layer consists of setting up call at the users request. Its functions are : call control, which manages the supplementary services configuration, short message services which provides pointto-point short message services. GSM Protocols Radio Resource (RR): The RR management layer is in charge of establishing and maintaining a stable uninterrupted communication path between the MSC and MS over which signaling and user data can be covered. Handovers are part of the RR layer responsibility. Most of the functions are controlled by the BSC, BTS and MS though some are performed by the MSC. GSM Protocols Radio Resource’ (RR’): The RR’ layer is the part of the RR functionality which is managed by the BTS. Base Transceiver Station Management (BTSM) : The BTSM is responsible for transferring the RR information to the BSC. GSM Protocols Link access protocol for the ISDN D-channel (LAPD) : This is the ISDN LAPD protocol providing error-free transmission between the BSC and MSC. LAPDm: The layer two protocols are provided for by LAPDm over the air-interface. This protocol is a modified version of the LAPD protocol. GSM Protocols LAPDm: The main modification are due to the tight synchronization required in TDMA and bit error protection mechanism required over the air-interface. GSM Protocols Base Station System Application Part (BSSAP) : The BSSAP is split into two parts the Base station system management application part (BSSMAP) and the Direct transfer application part (DTAP). The message exchanges are handled by SS7. Messages which are not transparent to the BSC are carried by the BSSMAP, which supports all of the procedures between the MSC and the BSS that require interpretation and processing of information related to single calls and resource management. GSM Protocols Signaling Connection Control Part (SCCP): The SCCP from SS7. Message Transport Part (MTP): The MTP of SS7. What is SS7? Signaling system No. 7 (SS7) is used for signaling between an MSC and a BSC. This protocol also transfer all management information between MSCs, HLR, VLRs, AuC, EIR and MOC. Localization The localization is a process by which a mobile station is identified, authenticated and provided service by a mobile switching center through the base station controller and base Tran receiver either at the home location of the MS or at a visiting location. Mobile service providers, on the other hand will provide services to the user only after identifying the mobile station (MS) of the user and verifying the services subscribed to by the user or the services presently allowed to that MS. Localization Localization mechanism of the GSM system fulfils both the requirement. GSM distinguishes explicitly between the user and the equipment. It also distinguishes between the subscriber identity and the telephone number. GSM deals with many addresses and identifiers. Localization Mobile Subscriber ISDN Number (MSISDN): The MSISDN number is the real telephone number as is known to the external world. MSISDN number is public information. This is a number published and known to everybody. In GSM a mobile station can have multiple MSISDN number. When a subscriber send a Fax and Data. He/she is assigned a total of 3 numbers: one for voice call, one for fax call and another for data call. Localization The MSISDN categories follow the international ISDN (integrated system data network) numbering plan as following: Country code (CC): 1 to 3 decimal digits of country code National destination code (NDC): typically 2 to 3 decimal digit, Subscriber number (SN): maximum 10 decimal digit. In India a MSISDN number looks like 919845062050. In this number 91 is CC and 98 is NDC and 45062050 is the SN. Localization International Mobile Subscriber Identity (IMSI): When registered with a GSM operator each subscriber is assigned a unique identifier. The IMSIO is stored in the SIM card and secured by the operator. A mobile station can only be operated when it has a valid IMSI. The IMSI consists of several parts. Localization International Mobile Subscriber Identity (IMSI): These are: 3 decimal digits of mobile country code (MCC). For Indian MCC is 404. 2 decimal digit of mobile network code (MNC). This uniquely identifies a mobile operator within a country. For Airtel in Delhi this code is 10. Maximum 10 decimal digits of mobile subscriber identification number (MSIN). This is a unique number of the subscriber within the home network. Localization Temporary Mobile Subscriber Identity (TMSI): This a temporary identifier assigned by a serving VLR. It is used in place of the IMSI for identification and addressing of the mobile station. TMSI is assigned during the presence of the mobile station in a VLR. Thus, it is difficult to determine the identity of the subscriber by listening to the radio channel. Localization Temporary Mobile Subscriber Identity (TMSI): The TMSI is never stored in the HLR. However, it is stored in the SIM card. Together with the current location are, a TMSI allows a subscriber to be identify uniquely. Localization Mobile Station Roaming Number (MSRN): When a subscriber is roaming in another network a temporary ISDN number is assigned to the subscriber. This ISDN number is assigned by the local VLR in charge of the mobile station. The MSRN has the same structure as the MSISDN. Calling There are different methods and protocols are used for establishing connection and maintaining communication in calling to and from mobile devices in a GSM network. The various types of calls handled by a GSM network are: Mobile originated call (MOC) Mobile Terminated call (MTC) Calling : Mobile originated call (MOC) Initially when the user enters the called number and presses the send key. The MS establishes a signaling connection to the BSS on a radio channel. This may involve authentication and ciphering. Once this has been established the call setup procedures will take place according to the sequence show in the next slide figure. Calling: Mobile originated call (MOC) VLR 3 4 6 PSTN 5 GMSC 7 MSC 8 2 9 MS 1 10 BSS Calling : Mobile originated call (MOC) The MS sends the dialed number indicating service requested to the MSC (via BSS). The MSC checks from the VLR if the MS is allowed the requested service. If so, MSC asks the BSS to allocate necessary resource for the call. If the call is allowed, the MSC routes the call to the GMSC (Gateway MSC). The GMSC routes the call to the local exchange of called user via public switched telephone network (PSTN). Calling : Mobile originated call (MOC) The PSTN alert (applies ringing) the called terminal. Answer back (ring back tone) from the called terminal to PSTN. Answer back signal is routed back to the MS through the serving MSC which also completes the speech path to the MS. Calling: Mobile Terminated call (MTC) The sequence shown in next slide figure relates to a call originating in the PSTN and terminating at an MS in a GSM network. The PSTN user dials the MSISDN of the called user in GSM. Local route of PSTN the call to the GMSC of the called GSM user. The GMSC uses the dialed MSISDN to determine the serving HLR for the GSM user and interrogates it to attain the required routing number. Calling : Mobile Terminated call (MTC) HLR 4 5 3 6 calling station 1 PSTN 2 GMSC 10 7 VLR 8 9 14 15 MSC 10 13 16 10 BSS BSS BSS 11 11 11 11 12 17 MS Calling: Mobile Terminated call (MTC) The HLR requests the current serving VLR for the called MS for a MSRN (MS roaming number) so that the call can be routed to the correct MSC. The VLR passes the MSRN to the HLR. The HLR passes the MSRN to the GMSC. Using the MSRN the GMSC routes the call to the serving MSC. The MSC interrogates the VLR for the current location area identity (LAI) for the MS. The VLR provides the current location (LAI) for the MS. Calling: Mobile Terminated call (MTC) The MSC pages the MS via the appropriate BSS. The MS responds to the page and set up the necessary signaling links. When the BSS has established the necessary radio links, the MSC is in formed and the call is delivered to the MS. When the MS answers the call, the connection is completed to the calling PSTN user. MTC/MOC MS MTC BTS MS MOC BTS paging request channel request channel request immediate assignment immediate assignment paging response service request authentication request authentication request authentication response authentication response ciphering command ciphering command ciphering complete ciphering complete setup setup call confirmed call confirmed assignment command assignment command assignment complete assignment complete alerting alerting connect connect connect acknowledge connect acknowledge data/speech exchange data/speech exchange Handover Cellular systems require handover procedures, as single cells do not cover the whole service area, but, e.g. only up to 35 km around each antenna. The smaller the cell size and the faster the movement of a mobile station through the cells, the more handovers of ongoing calls are required. However a handover should not cause a cut-off also called call drop. Handover There are two basic reasons for a handover : The mobile station moves out of the range of a BTS or a certain antenna of a BTS respectively. Thus, the received signal level becomes lower continuously until it falls underneath the minimal requirement for communication. The wired infrastructure (MSC,BSC) may decide that the traffic in one cell is too high and shift some MS to other cells with a lower load. Thus handover may be due to load balancing. Handover In the next slide figure shows four possible handover scenarios in GSM. Intra-cell handover: Within a cell, narrow-band interference could make transmission at a certain frequency impossible. The BSC could then decide a change the carrier frequency (Scenario 1). In short, handover of channels in the same cell. 4 types of handover 1 MS BTS 2 3 4 MS MS MS BTS BTS BTS BSC BSC BSC MSC MSC Handover Inter-cell, intra-BSC handover: This is a typical handover scenario. This mobile station moves from one cell to another, but stays within the control of the same BSC. The BSC then performs a handover, assigns a new radio channel in the new radio channel in the new cell and releases the old one (Scenario 2). In short, handover of cells controlled by the same BSC. Handover Inter-BSC, intra-MSC handover: As a BSC only controls a limited number of cells, GSM also has to perform handovers between cells controlled by different BSCs. This handover then has to be controlled by the MSC (scenario 3). In short, handover of cells belonging to the same MSC but controlled by different BSCs. Handover Inter MSC handover: Finally, a handover could be required between two cells belonging to different MSCs. Now both MSCs perform the handover together (Scenario 4). In short, handover of cells controlled by different MSCs. Handover In order to provide all information necessary for a handover due to a weak link, MS and BTS both perform periodic measurements of the downlink and uplink quality respectively. The measurement reports are sent by the MS about every half-second and contain the quality of the current link used for transmission as well as the quality of certain channels in neighboring cells. Handover Next slide figure show the typical behavior of the received signal level while an MS moves away from one BTS (BTSold) closer to another one (BTSnew). In this case the handover decision does not depend on the actual value of the received signal level, but on the average value. Therefore, the BSC collects all values bit error rate and signal levels from uplink and downlink from BTS and MS and calculates average values. Handover decision receive level BTSold receive level BTSold HO_MARGIN MS MS BTSold BTSnew Handover These values are then compared to thresholds, i.e.., the handover margin (HO_MARGIN), which includes some hysterics to avoid a ping-pong effect. Still even with the HO_MARGIN, the ping-pong effect may occur in GSM- a value which is too high could cause a cut-off. Handover Next slide figure shows the typical signal flow during an inter-BSC, intra-MSC handover. The MS sends its periodic measurements reports, the BTSold forwards these reports to the BSCold together with its own measurements. based on these values and e.g., on current traffic conditions, the BSCold may decide to perform a handover and sends the message HO_required to the MSC. Handover procedure MS BTSold BSCold measurement measurement report result MSC HO decision HO required BSCnew BTSnew HO request resource allocation ch. activation HO command HO command HO command HO request ack ch. activation ack HO access Link establishment clear command clear command clear complete clear complete HO complete HO complete Handover The task of the MSC then comprises the request of the resources needed for the handover from the new BSC, BSCnew. This BSCnew checks if enough resources are available and activates a physical channel at the BTSnew to prepare for the arrival of the MS. The BTSnew acknowledges the successful channel activation, BSCnew acknowledges the handover request. The MS now breaks its old radio link and accesses the new BTS. Handover The next steps include the establishment of the link. Basically, the MS has then finished the handover, but it is furthermore important to release the resources at the old BSC and BTS and to signal the successful handover using the handover and clear complete messages as show in figure. Future handover scenarios would include seamless handover between different systems, e.g. from GSM to DECT (digital enhanced cordless telecommunication) or satellite-based services without interruption. Security GSM offers several security services using confidential information stored in the AuC and in the individual SIM. As stated above, the SIM stores personal, secret data and is protected with a PIN (Personal identity number) against unauthorized use. Security The security services offered by GSM are explained in the following: Access control and authentication: The first step includes the authentication of a valid user for the SIM. The user needs a secret PIN to access the SIM. The next step is the subscriber authentication. Security Confidentiality: All user-related data is encrypted. After authentication, BTS and MS apply encryption to voice, data and signaling. This confidentiality exists only between MS and BTS, but it does not exist end-to-end or within the whole fixed GSM/telephone network. Security Anonymity: To provide user anonymity, all data is encrypted before transmission, and user identifiers which would reveal an identity are not used over the air. Instead, GSM transmits a temporary identifier (TMSI-temporary mobile subscriber identity), which is newly assigned by the VLR after each location update. Additionally, the VLR can change the TMSI at any time. Authentication The operation and maintenance subsystem of the GSM network has an AuC for authenticating an MS. The AuC first authenticates the subscriber MS and only then does the MSC provide the switching service. Authentication algorithms like A3,A5,A8 use a random number sent by the AuC during the connection setup and an authentication key which is already saved in the SIM. Authentication algorithms used can differ for different mobile service providers. Authentication For authentication, the VLR sends the random value RAND to the SIM. Both sides, network and subscriber module, perform the same operation with RAND and the key ki, called A3. The MS sends back the SRES generated by the SIM, the VLR can now compare both values. If they are the same, the VLR accepts the subscriber, otherwise the subscriber is rejected. In the next slide show figure for subscriber authentication. GSM - authentication SIM mobile network Ki RAND 128 bit AC RAND 128 bit RAND Ki 128 bit 128 bit A3 A3 SIM SRES* 32 bit MSC SRES* =? SRES SRES SRES 32 bit Ki: individual subscriber authentication key 32 bit SRES SRES: signed response Encryption The BTS and the MS have to perform ciphering before call initiation or before connecting for receiving a call. The MS uses a cipher (encryption key) for encryption. The cipher is a result of performing mathematical operation on: (A) the cipher key saved in the SIM, and (B) the cipher number received from the BTS when the call setup is initiated. Encryption The BTS transmits the cipher number before a call is set up or transmitted. The encryption algorithm is identical for all mobile service providers. The random numbers used in authentication and ciphering processes are also known as challenge to the mobile station to generate the results of the algorithms and only if these results are correct, do the BTS and other units grant access to the challenged MS. Encryption After authentication, MS and BSS can start using encryption by applying the cipher key Kc. Kc is generated using the individual key ki and a random value by applying the algorithm A8. MS and BTS can now encrypt and decrypt data using the algorithm A5 and the cipher key Kc. GSM - key generation and encryption MS with SIM mobile network (BTS) Ki AC RAND 128 bit RAND 128 bit RAND 128 bit A8 cipher key BSS Ki 128 bit SIM A8 Kc 64 bit Kc 64 bit data A5 encrypted data SRES data MS A5 New data services The GSM system provides data rates of TCH/13.4, TCH/HS11.4, TCH/12.8, TCH/F14.4, TCH/F4.8, TCH/F9.6. These rates are good for transmission of voicedata but too low for high-speed data transfer. Speed enhancement is required for a GSM system to be able to provide data services such as transfer of large files and internet access. New data services New data services such as General packet radio service (GPRS) and high-speed circuit switched data (HSCSD) use different coding and multiplexing techniques to provide high transfer speeds to GSM users. The three major approaches to enhance transmission speed are as follows: Combining several slots in a packet-switched network. GPRS is an example this type of speed enhancement. New data services Combining several slots in a circuit-switched network. For example, HSCSD is an improvement on GSM as it combines several time-slots for high-speed transmission of circuitswitched data. Use of other technology such as digital enhanced cordless telecommunication system (DECT) which is used for short range communication. HSCSD High-speed Circuit Switched Data (HSCSD) is an innovation to use multiple time slots at the same time. HSCSD is a 2.5G, GSM phase 2 standard defined by the ETSI- European telecommunications standards institute. It is an enhancement of circuit-switched data (CSD), which is the original data transmission mechanism in GSM system. HSCSD Large parts of GSM transmission capacity were used up by error correction codes in the original CSD transmission. HSCSD, however, offers various levels of error correction that can be used in accordance with the quality of the radio link. As a result, so where CSD could transmit at only 9.6 kbps, the HSCSD data rates go up to 14.4 kbps. HSCSD can also use multiple time-slots at the same time. HSCSD Several GSM traffic channels can join to transmit data at high speed. In transmission of normal voice-data traffic, HSCSD given smaller latency to data as compared to GPRS. HSCSD offers better quality of service than GPRS due to the dedicated circuit-switched communication channels. However, HSCSD is less bandwidth efficient than GPRS. What is GPRS?  In early 2000, only a small portion of GSM subscribers used data services, because existing GSM systems do not support easy access, high data rate and attractive prices.  GSM operators must offer better services to simulate the demand.  The solution is the General Packet Radio Service (GPRS).  GPRS reuses the existing GSM infrastructure to provide end-to-end packet-switched services. What is GPRS?  Existing GSM networks use circuit-switched technology to transfer information between users.  However, GPRS uses packet switching which means there is no dedicated circuit assigned to the GPRS mobile phone.  Once the data has been sent, the resource can be re-allocated to other users for more efficient use of the network. What is GPRS?  By allowing information to be delivered more quickly and efficiently GPRS is relatively inexpensive mobile data service compared to Sort Message Services (SMS) and Circuit-Switched Data. Key Features of GPRS  GPRS have service and network features that make it an attractive mobile data communication service.  Some of the key services features are as follows: Bandwidth on demand for point-to-point transmission. Negotiated quality of services (QOS). Point-to-point and point-to-multipoint service. Multicast and group call services. Key Features of GPRS Value added services like broadcast information service (e.g. traffic report, stock prices) Design for easy internet access and WebBrowsing GPRS architecture and interfaces  GPRS technology brings many changes to the existing GSM network.  Most of the changes are improvements made by adding new blocks rather than by modifying existing resources.  A simplified view of this new hybrid network shows the elements introduced by GPRS.  In the next slide figure show a GPRS architecture and different types of interfaces used in that. GPRS architecture and interfaces SGSN Gn BSS MS SGSN PDN GGSN PCU Um Gb Gn HLR/ GR MSC VLR EIR Gi GPRS architecture and interfaces  Gateway GPRS support node (GGSN):  It is similar to the GSM gateway mobile switching center (GMSC) and provides a gateway between the GPRS network and the public packet data network (PDN) or other GPRS networks.  The GGSN provides authentication and location management functions, connects to the home location register (HLR) by means of the Gc interface and counts the number of packets transmitted for accurate subscriber billing. GPRS architecture and interfaces  Serving GPRS support node (SGSN):  It is like the GSM mobile switching center and visitor location register (MSC/VLR), controls the connection between the network and the mobile station (MS).  The SGSN provides session management and GPRS mobility management functions such as handovers and paging.  It attaches to the HLR via the Gr. GPRS architecture and interfaces  Packet Control Unit (PCU):  Which include converting packet data into a format that can be transferred over the air interface, managing radio resources and implementing quality of Service (QoS) measurements.  The signaling links between the GPRS nodes is defined by the GPRS specifications. GPRS architecture and interfaces  New physical interfaces include the Gb interface, which connects the SGSN to the PCU and is usually located in the base station subsystem (BSS).  The Gn interface which connects the GGSN and SGSN, and Gc, Gr and Gs interfaces, which carry SS7 base protocols. GPRS architecture and interfaces: GPRS mobile phone operation states  Mobile phones go through different states of communication.  For example, when a GSM phone comes onto a network, the phone enters an idle state in which it uses very few network resources.  When the user makes a call request or receives a call, however, the phone goes into the dedicated state in which it is assigned a continuous resource until the connection is terminated. GPRS architecture and interfaces: GPRS mobile phone operation states  GPRS mobile phones will also have defined states, which are described bellow:  GPRS Idle: it is the state in which the mobile phone comes onto the GSM network.  The phone receives circuit switched paging and behaves as a GSM phone.  Although it does not interact with the GPRS network in this state, it still possesses GPRS functionality. GPRS architecture and interfaces: GPRS mobile phone operation states  GPRS Ready: it is the state achieved when the GPRS mobile attached itself to the network.  In this state the mobile phone can activate a packet data protocol (PDP) context, which allows the phone to establish a packet transfer session with external data networks to transmit and receive data packets.  Once a PDP context is activated resource block are assigned to the session until data transfer causes for a specified period and the mobile phone moves into the standby state. GPRS architecture and interfaces: GPRS mobile phone operation states  GPRS Standby: it is a state in which the mobile is state in which the mobile is connected to the GPRS network, but no data transmission occurs.  If a data packet for the mobile arrives, the network will page the mobile, which in turn activates a PDP context session to the bring the mobile back to the ready state. GPRS architecture and interfaces: GPRS/GSM Mobile Classes  European telecommunications standards institute (ETSI) define three different classes of mobiles for the hybrid GPRS/GSM network:  Class A :  Class A mobiles can attach to the GPRS and GSM network simultaneously.  They can receive GSM voice/data/SMS calls and GPRS data calls. GPRS architecture and interfaces: GPRS/GSM Mobile Classes  For this to happen the mobiles must monitor both the GSM and GPRS networks for incoming calls.  Class A mobiles also can make and receive GPRS and GSM call simultaneously.  Operational requirements of this class include an additional receiver in the mobile phone for neighbor cell measurements. GPRS architecture and interfaces: GPRS/GSM Mobile Classes  Class B:  This class is similar to class A with the exception that class B mobile phones will not support simultaneous traffic.  If a GPRS call is ON, the phone cannot receive GSM calls and vice versa. GPRS architecture and interfaces: GPRS/GSM Mobile Classes  Class C:  This class of mobile phones will have both GSM and GPRS functionality but will attach to only one network at a time.  Thus, if the phone is attached to the GPRS network, it will be remove form the GSM network and will not be able to make or receive GSM calls.  Conversely, if it is attached to the GSM network, it will not be able to make or receive GPRS calls.  Today most manufacturers are building Class B phones. GPRS architecture and interfaces: The GPRS Attach Procedure  A GPRS attach is a GPRS mobility management (GMM) process that is always initiated by the mobile phone.  Depending on the settings of the mobile phone, the GPRS attach may be performed every time the phone is powered on or it may be initiated manually by the user.  This request for a GPRS attach is made to the SGSN in a process that is transparent to the BSS. GPRS architecture and interfaces: The GPRS Attach Procedure  First the mobile notifies the SGSN of its identity as an International Mobile subscriber Identity (IMSI) or packet temporary mobile subscriber identity (P-TMSI).  Then it sends its old routing area identification (RAI), class mark, and desired attach type.  The latter indicates to the SGSN whether the mobile wants to attach as a GPRS device, a GSM device, or both.  The SGSN will attach the mobile and inform the HLR if there has been a change in the RAI. GPRS architecture and interfaces: The GPRS Attach Procedure  If the desired attach type is both GPRS and GSM, the SGSN will also update the location with the VLR, provided that the Gs interface exists.  For this to occur, the mobile has a activate a communication session using PDP context. GPRS architecture and interfaces: PDP Context Activation  Packet Data Protocol context activates a packet communication session with the SGSN.  During the activation procedure, the mobile phone either provide a static IP address or requests a temporary one from the network.  It also specifies the access point name (APN) with which, it wants to communicate- for example, an Inter net address or an Internet service provider. GPRS architecture and interfaces: PDP Context Activation  The mobile request a desired quality of service (QoS) and a network service access point identifier (NSAPI).  Because a GPRS mobile can establish multiple PDP context session for different application, the NSAPI is used to identity the data packets for a specific application.  Upon receiving information from the mobile, the SGSN determines which GGSN is connected to the APN and forwards the request.  The SGSN also provides a negotiated QoS based on the user’s subscription information and the availability of services. GPRS architecture and interfaces: PDP Context Activation  If the mobile phone has a static IP address, the GGSN directly connects the mobile to the desired access point.  Otherwise, it obtains a temporary IP address from the APN.  The GGSN also provides some transaction identifiers for data communication between GGSN and SGSN.  Once the communication and activation procedure at the GGSN is successful, the appropriate data transfer information is forwarded to the mobile. GPRS protocol layer architecture  The GPRS data and signaling transmission plane consists of standard protocols such as IP and some new, GPRS-specific protocols.  There are different types of protocols under Gn, Gb, Um interfaces.  Next slide figure show a GPRS transmission plane protocol reference model. GPRS protocol layer architecture MS BSS Um SGSN Gb Gn GGSN apps. IP/X.25 IP/X.25 SNDCP LLC RLC MAC RLC MAC radio radio BSSGP FR GTP LLC GTP UDP/TCP UDP/TCP BSSGP IP IP FR L1/L2 L1/L2 SNDCP Gi GPRS protocol layer architecture : Gn interface Protocols  GPRS tunneling Protocols (GTP):  GTP receives IP datagram packets from the external network and tunnels them across the GPRS support nodes.  Because there will be multiple GGSN and SGSN interfaces, the GTP provides for every packet a tunnel identifier (TID) that identifies the destination and transaction to which the packet/datagram belongs.  Transactions are identified using logical identifiers as well as the International Mobile subscriber Identity (IMSI). GPRS protocol layer architecture : Gn interface Protocols  TCP/UDP:  It is consists of the transmission control protocol (TCP), which is used to transfer PDUs (protocol data units) across the Gn interface with reliability.  The user datagram protocol (UDP) is used across the Gn interface to carry the GTP-PDUs for all signaling information and user data that do not require reliability. GPRS protocol layer architecture : Gn interface Protocols  Internet protocol (IP):  It is used to route user data and signaling information across the Gn interface.  The IP datagram size will be limited to the physical layer-maximum transmission unit (MTU) capabilities.  An IP datagram can be as large as 65,535 octets, but if the physical layer MTU is less than this, fragmentation must be done. GPRS protocol layer architecture : Gn interface Protocols  The source gateway support node (GGSN or SGSN) has to first decide the MTU size and then carry out the fragmentation.  The IP addressing used will route the data across the Gn interface, including any intermediate GSNs (Gateway support nodes), to the GSN address at the final destination. GPRS protocol layer architecture : Gb interface Protocols  Sub network dependent Convergence protocol (SNDCP):  It is used between the SGSN and the mobile phone.  This protocol converts the network layer PDUs on the Gn interface into a format suitable for the underlying GPRS network architecture. GPRS protocol layer architecture : Gb interface Protocols  SNDCP performs a number of functions:  Multiplexing of N-PDUs from one or several network layer entities onto the appropriate LLC (Logical link control) connection.  Buffering of N-PDUs from the acknowledged service.  Compression and decompression of the protocol information and user data  Negotiation of the control parameters between SNDCP entities. GPRS protocol layer architecture : Gb interface Protocols  Logical link control (LLC):  This protocols provides a highly reliable, ciphered logical link between the SGSN and the mobile phone.  The LLC uses both acknowledged and unacknowledged modes of frame transmission depending buffering and information length based on the negotiated QoS delay class. GPRS protocol layer architecture : Gb interface Protocols  Base station system GPRS protocol (BSSGP):  It routes information between the SGSN and the BSS.  This protocol conveys QoS information but does not carry out any form of error correction.  Its primary function is to provide radio-related information for use by the radio link control (RLC) and medium access control (MAC) function on the air interface. GPRS protocol layer architecture : Gb interface Protocols  The LLC layer uses the services of the BSSGP from transfer.  The relay function at the BSS transfers LLC frames between the RLC/MAC layer and the BSSGP layer.  The BSSGP sends information to the network services layers to determine the transfer destination: BSSGP virtual connection identifier (BVCI): it is sent to the network services layer for routing signaling and data information to the correct peer function entities. Each BVCI between two peer entities is unique. GPRS protocol layer architecture : Gb interface Protocols Link selection parameter (LSP): It is used in conjunction with the BVCI to aid in selecting a physical link for the load-sharing process. Network service entity identifier (NSEI): Used at the BSS and the SGSN provides the network management functionality required for operation of the Gb interface. The NSEI together with the BVCI uniquely identifies a BSSGP virtual connection. GPRS protocol layer architecture : Gb interface Protocols  Network Service (NS):  This layer uses frame relay across the Gb interface and could be a point-to-point connection between the SGSN and the BSS or a frame relay network.  The NS layer uses a DLCI (data link connection identifier) look-up table to indicate the routing path between the SGSN and the BSS. GPRS protocol layer architecture : Gb interface Protocols  The initial value of the DLCI field is derived from the BVCI, NSEI and LSP supplied by the BSSGP layer.  This value changes as the frame passes through the frame relay network and reaches its final destination. GPRS protocol layer architecture : Um interface Protocols  Radio link control (RLC):  It is responsible for a number of functions: Transferring LLC-PDUs between the LLC layer and the MAC function Segmentation of LLC-PDUs into RLC data blocks and re-assembly of RLC data blocks to fit into TDMA frame blocks Segmentation and re-assembly of RLC/MAC control messages into RLC/MAC control block GPRS protocol layer architecture : Um interface Protocols Backward error correction for selective transmission of RLC data blocks.  The RLC segmentation function is a process of taking one or more LLC-PDUs and dividing them into smaller RLC blocks.  The LLC-PDUs are known collectively as a temporary block flow (TBF) and are allocated the resources of one or more packet data channels (PDCH). GPRS protocol layer architecture : Um interface Protocols  The TBF is temporary and is maintained only for the duration of data transfer.  Each TBF is assigned a temporary flow identity (TFI) by the network.  The RLC data blocks consist of an RLC header, an RLC data unit and spare bits.  The RLC data block along with a MAC header may be encoded using one of four defined coding schemes.  The coding scheme is critical in deciding the segmentation process. GPRS protocol layer architecture : Um interface Protocols  Medium access control (MAC):  It controls the access signaling across the air interface, including the management of shared transmission resources.  MAC achieves these functionalities by placing a header in front of the RLC header in the RLC/MAC data and control blocks.  The MAC header contains several elements some of which are direction-specific referring to the downlink or uplink. GPRS protocol layer architecture : Um interface Protocols  The key parameters of MAC header are:  Uplink status flag (USF) is sent in all downlink RLC/MAC blocks and indicates owner or use of the next uplink radio block on the same timeslot.  Relative reserved block period (RRBP) identifiers a single uplink block in which the mobile phone will transmit control information. GPRS protocol layer architecture : Um interface Protocols  Payload type (PT) the type of data contained in the remainder of the RLC/MAC block.  Countdown value (CV) is sent by the mobile to allow the network to calculate the number of RLC data blocks remaining in the current uplink TBF.
 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                            