Вы находитесь на странице: 1из 84

GSM Systems Training (SYSTRA)

Objectives

At the end of the module, participants will be able to:


Identify GSM sub-systems Describe GSM Authentication and Mobility Management processes Define common GSM terminology E plain basic call flow scenarios

Course Outline

GSM !ac"ground

E#olution $istory &ocation update Authentication ' Security issues (all flow scenarios (harging Ser#ices

%raffic and Mobility Management


!asic Signalling )* and %ransmission +,A

Introduction to GSM

The Evolution of the Mobile Phone 1G

1G is short for first-generation wireless telephone technology, cellphones. These are the analog cellphone standards that were introduced in the 1980s .

The Evolution of the Mobile Phone 3G 2G 2.5G

2G is short for secondgeneration wireless telephone technology; Uses digital signaling to connect the radio towers to the rest of the telephone system

2.5G services enable highspeed data transfer over upgraded existing 2G networ s.

!G provides the ability to transfer simultaneously both voice data " non-voice data

&ase Station Su'syste( )&SS*

!etwor+ Su'syste( )!SS*


Authentication Center

Air I%& Abis I%&

#$ (&'
#isitor $ocation !e"ister

)*' %&'
Equipment Identit !e"ister

Base Station Controller (BSC) Mobile Station

Ater I%&

A I%&

+,$

Mobile Switchin" Center

To other networks

Transcoder (TCSM)

Base Transceiver Station (BTS)

!etwor+ anage(ent Su'syste( )! S*

THE GS

!ET"#$%

NSS Functions
Air A
S.
,-$

S.
,-$

MS

BSS

NSS

H-$

O&M NMS
Call Control (End-to-End supervision, connect-supervise-terminate) Charging Mo ilit! Management Signalling "ith other net"or#s and the BSS Su scri er $ata %andling (&e'ers to su scri er data availa le in the net"or#, e(g( )MS), Authentication *e!s, temporar! data in the +,&s)

BSS Functions
T.

&adio -ath Control (.re/uencies to e used) B0S and 0C Control (O&M 'unctions)
T.

&S.

&TS

&S.

S!nchroni1ation (Master & Slave hierarch!, -rimar! &e'erence Cloc# (-&C) Air and A )nter'ace Signalling

&TS

Connection Esta lishment et"een MS and NSS Mo ilit! Management and Speech 0ranscoding Collection o' Statistical $ata

&TS

NMS OSS Functions

.ault Management Con'iguration Management -er'ormance Management

Traffic & Mobility Management

How does Mobile operator provide service to Subscriber ?

Where is the su

scri er2

Who is the su What does the su

scri er2

scri er "ants2

!"t"b"ses in GSM Net#or$


%&'

(&'

GSM !"t"b"ses
Su'scri'er /dentity odule )S/ *
- Su scri er )dentit! $ata (MS)S$N , )MS)) - Net"or# Authentication $ata (*i, Algorithm) - ,ocal Authentication $ata(-)N3,4,-5*3,4) - &egister $ata

Ho(e -ocation $egister )H-$*


- -ermanent $ata (M)N-)MS), Services) - &egular update o' su scri er6s current +,& (+,& A$$&ESS)

GSM !"t"b"ses
,isitor -ocation $egister ),-$*
- 0emporar! $ata (M)N-)MS) services, ,AC etc) - *ept as long as su scri er is "ithin it6s coverage area - 5pdated 'rom %,& - Al"a!s associated "ith a MSC

GSM %&&resses "n& '&entifiers


/ E/ 7 0AC(8) 9 .AC(4) 9 SN&(8) 9 S-(3)
0AC 7 0!pe Approval Code, )denti'ies the mo ile e/uipment .AC 7 .inal Assem l! Code, )denti'ies "hich assem l! series the mo ile elongs SN& 7 Serial Num er, )denti'ies the mo ile uni/uel! as one assem l! series S- 7 Spare, .or 'uture use

GSM %&&resses "n& '&entifiers


/ S/ 7 MCC 9 MNC 9 MS)N
MCC 7 Mo ile Countr! Code, : decimal places MNC 7 Mo ile Net"or# Code, 4 decimal places MS)N 7 Mo ile Su scri er )denti'ication Num er, ma;imum 3< decimal places

)MS) ma;imum length 7 3= digits

GSM %&&resses "n& '&entifiers


S/S0! 7 CC 9 N$C 9 MS)N
CC 7 Countr! Code, up to : decimal places N$C 7 National $estination Code, t!picall! 4-: decimal places SN 7 Su scri er Num er, ma;imum 3< decimal places

MS)S$N ma;imum length 7 3= decimal places > digits

GSM %&&resses "n& '&entifiers


S$! 7 CC 9 N$C 9 MS)N
CC 7 Countr! Code, up to : decimal places N$C 7 Net"or# Code, t!picall! 4-: decimal places SN 7 Su scri er Num er, t!picall! 3< decimal places

GSM %&&resses "n& '&entifiers


-1/ 7 CC 9 MNC 9 ,AC
CC 7 Countr! Code, up to : decimal places MNC 7 Mo ile Net"or# Code, 4 decimal places ,AC 7 ,ocation Area Code, ma;imum = decimal places ,AC (he; ) ? ....(he;) > 8==:= (dec)

(oc"tion )*&"te+ First Ti,e ()


%&' 0+,*,01 *+,* #ddress ,ub. 0ata 63+919+220xxxx 515+03+1234567890 services (&' vlr2

%&'
+,$ (& '1

&oc Up *+,* 'e/uest


+,$ (& '2

-,$1 -.,1 &#*1

*+,*

#uthen

&oc Up 2 .+,*

Generic (oc"tion )*&"te


@ 0he Mo ile Station continues to monitor the roadcast in'ormation @ )' the -ocation 1rea /dentit! (,A)) eing roadcast ! the net"or# is other the one stored in the S)M, the mo ile station starts the location update procedure
%&'

S. )#-0* (&'

(&'

S. )!E"

(oc"tion %re"
-,MN Area MSC>+,& Area

@ -aging is done in all cells o' the ,A "here the su scri er is currentl! located @)t can cross BSC oundaries( ,A design is ar itrar!( 0he idea is to have a small paging area that could accommodate the most num er o' su scri ers

-1 2 -1 4 -1 3 -1 1

Generic Location Update Procedure

MS MS

BSS BSS

MSC MSC

VLR VLRnew new VLR VLRold old

HLR HLR

1. channel assign(ent 4. location update re5uest 3. $e5uest su'scri'er identity 2. 1nswer su'scri'er identity 6. $e5uest su'scri'er data 8. Security procedures 8. update location 9. update H-$ 10. update ac+nowledge(ent 11. .ancel old location 14. location canceling accepted 7. 1nswer su'scri'er data

Other T-*es of (oc"tion )*&"te


:ower #n @ Also #no"n as A)MS) AttachB and location registration @ $one ever! time the mo ile is s"itched on :eriodic -ocation ;pdate @ -er'ormed a'ter a preset timer e;pires, since the last transaction "ith the net"or# @ 0imer value is dependent on the net"or# operator (de'ined in the BSC)

!ote9 -ocation update is always initiated 'y the station

o'ile

C"ll Setu*+ PSTN to Mobile


MSISDN
+639192205071 $ialed num er is o ile Su scri er )nternational /S0! !um er (MS)S$N)
! ND ! SN

o'ile !etwor+

MSISDN =

Countr! Code 7 8: (-hilippines) National $estination Code 7 C3C (Smart) Su scri er Num er 7 44<=<D3

%,&
S/S0! / S/ ,-$ 100$ESS 98:C3C44<=<D3 =3=<:<<344<=<D3 +,&3= SE$,/.ES ((((((

'$!
IMSI = M ! MN ! MSIN

%,& )n/uir!

o'ile .ountry .ode < 616 o'ile !etwor+ .ode < 03 o'ile Su'scri'er /dentification !u('er < 1432678

:ST!

MSISDN

MSC
#$!

@ -S0N routes the call to ESM net"or# @ EMSC anal!ses the received MS)S$N @ EMSC re/uests the %,& 'or routing in'ormation to #no" "here to route the call (%,& )n/uir!) @ %,& loo#s up its data ase 'or the corresponding /nternational o ile Su scri er /dentit! ()MS))

'$!
&e/uest 'or routing in'o

:ST!

MSISDN

MSC
#$!

MSC
#$!()

@ %,& ta#es the address o' the su scri er 'rom it6s data ase and sends a routing in'o re/uest to the target MSC>+,& @ 0arget MSC>+,& allocates a (MS&N)
MS"N =

o ile Su scri er $oaming !um er

! ND ! SN

'$!
MS&N to %,&

:ST!

MSC
#$!

MS&N

MSC
#$!()

@ 0arget MSC 'or"ards the MS&N to %,& @ %,& 'or"ards the MS&N to the originating MSC @ Originating MSC anal!ses the MS&N and routes it to the target MSC

PSTN.ori/in"te& c"ll
S$!

'$!
H-$ E!= S$! $e5uest S$!

MSC
#$!

BSC

MSC *ST+
#$!

+639192205071

'ello Bill ,

Si(plified steps of a call set up in GS

!etwor+

A Su scri er

-S0N

EMSC

%,&

MSC>+,&

Call set up (MS)S$N) Anal!1e num er Call set up (MS)S$N) MS)S$N )MS) MS&N MS&N Call set up (MS&N) -aging

Si(plified steps of a

o'ile #riginated call

EFC

EMSC

%,&

MSC

+,&

BSS

MS

3( Channel assignment 4( Securit! procedures :( Call set up G( Chec# services =( Call o# 8( Call is proceeding D( 0ra''ic channel allocated H( Set up the call C( Call set up complete 3<( Alert 33( B ans"ers

0"n&over
@ Hando>erI Changing the tra''ic channel that MS is using @ Hando>erI Occurs during the su scri er is ma#ing a call @ )n ESM, MS station helps the net"or# in doing handover ! sending signal measurement reports to its BSC @ 5ses the hard handover principle (release and connect)

0"n&over 1e"sons
Hando>er due to traffic reasons Jhen capacit! o' cells nears ma;imum, MS in the peripher! o' the cell ma! e handed over to neigh oring cell "ith lo"er tra''ic load( MSC starts the procedure Hando>er due to signal 5uality and strength Jhen the /ualit! or the strength o' the radio signal 'alls elo" certain parameters speci'ied in the BSC 0he BSC controlling the current cell ma#es the decision 0here are 'our t!pes o' this handover

Intra ell # Intra $S


1ir

Handover
1

&S.

T.

NSS
&TS

#ld .hannel

!ew .hannel

Inter

ell # Intra $S
1ir

Handover
1

&S.

T.

NSS
#ld .ell
&TS

&TS

!ew .ell

Inter

ell # Inter $S
1ir

Handover
1

&S.

T.

NSS
#ld .ell
&TS S.
,-$

&S. &TS

T.

!ew .ell

Inter MS Handover
1ir 1

NSS
&S. T. S.
,-$

#ld .ell

&TS

&S. &TS

T.

S.
,-$

!ew .ell

'nter.MSC 0"n&over
@ 0he source MSC is #no"n as Anchor MSC @ Call is routed 'rom source MSC to target MSC "ith the use o' %andover Num er, H#!( @ %andover num er has a similar structure to MS&N(

H%N =

! ND ! SN

MS

BSS old

MSC old

MSC ne"

BSS ne"

MS(a'ter %O)

3( Measurements reports 4( %andover re/uired :( &e/uest %ON G( &e/uest radio resources =( &adio resources reserved 8( -rovide %ON and target cell in'o D( Set up speech connection (%ON) H( %andover command C( %andover complete 3<( %andover complete 33( connect 34( &elease old connections

Ch"r/in/
/nstallation ?ee

$enting of the ser>ice

;se of the networ+

Jhat to charge2 $i''erent charging pac#ages

Ch"r/in/
?actors affecting the price of the call @ 0!pe o' asic service @ $uration o' the call @ 0ime o' the call @ $estination o' the call @ Origin o' the Call @ 5se o' Net"or#s @ 0!pe o' the supplementar! service @ 5se o' radio resource @ &oaming leg

Collection of Ch"r/in/ !"t"


Charging depends on man! 'actors 0he MSC to "hich handles the call collects all in'ormation "hich could e the asis 'or charging 0his collected in'ormation o' the call is stored in Charging $ata &ecords (C$&)

:ST!

G+,$

-,$

%&'

.0$

C!1 Tr"nsfer
Charging data records are stored in the MSC "here the! are collected K C$&s must e #ept at the 'irst MSC "hich manages the call( Jhen su''icient charging data records have een collected the! are trans'erred in one ul# to the Billing Center( Billing Center is responsi le 'or producing the ills 'or the su scri ers ased on the in'ormation contained in the Charging $ata &ecord :ST! G+,$ -,$

F(4= or Ethernet

&illing .enter

%&'

-&E-A)$ C%A&E)NE
,+,$ :ST! -,$

+,$

:repaid Ser>ers

%&'

Account Balance stored in O&AC,E -repaid tells ho" much to deduct SMS 0ransactions are also charged

-!AC$E

Securit1uthentication +eri'ication o' the su scri er .iphering Encr!ption o' the user speech in the Air )nter'ace / E/ .hec+ing +eri'ication o' the Mo ile E/uipment ! chec#ing the validit! o' the )nternational Mo ile E/uipment )dentit! ()ME)) ;ser .onfidentiality Avoidance o' the roadcast o' user6s )MS) in the air inter'ace

%uthentic"tion
Each su scri er has authentication #e!s, *i, stored in the Authentication center and S)M card( Comparison o' *i "ithout roadcasting it in the air inter'ace Authentication al"a!s per'ormed ! the +,& e'ore call esta lishment and location update(

(oc"tion of Securit%l/orith,s
Air A

BSS
&S. T.

NSS

#$
13 18

&TS

S.
,-$

E @ S/

16

16

13

18

'ME' Chec$in/
0he validit! o' a mo ile phone ma! e chec#ed to ensure its proper operation as "ell as presentation against stolen phones( 0he E/uipment )dentit! &egister, "hich is implemented as part o' the %,&, contains : listing o' )ME) - Jhite ,ist - Era! ,ist - Blac# ,ist

)ser Confi&enti"lit )MS) is a con'idential identit! o' the su scri er( A'ter a success'ul 'irst time location update, a mo ile su scri er is allocated a Te(porary o'ile Su'scri'er /dentity )T S/* 0he ne;t time a transaction et"een the ESM net"or# and the MS is initiated, the su scri er is identi'ied ! the use o' 0MS)(

G,+ ,ecurity +anagement


AC #$! BTS
Air Interface

ME

SIM

!A+/ 0i
A3 S!ES
C-M*A!I+.

Authentication

S!ES

A3

0i

Re&'e() o IMEI

EIR

IMEI Checkin"
Tra !"

ME
*ro+!de IMEI

Cipherin"
Encrpted pted /ata /ata A5 Encr

Tra !" A5

A8

0c

0c

A8

T#MA $%

T#MA $%

%uthentic"tion Tri*let
&andom Num er Eenerator

*i

#$
$1!0

13
S$ES

18
%c

Authentication 0riplets

$1!0

S$ES

%c

(&'

Authentication 0riplets

Services
Ser>ices

"hat are ser>icesA


A su scri er6s action "hich uses the 'acilities o' the ESM net"or#
&asic Ser>ices Supple(entary Ser>ices

Teleser>ices

&earer Ser>ices

Cl"ssific"tion of Services
Teleser>icesI 0hese services
provide the su scri er "ith necessar! capa ilities including terminal e/uipment 'unctions to communicate "ith other su scri ers(
Teleser>ice &earer Ser>ice

0E &earer ser>icesIA
earer service o''er the asic technical capa ilit! 'or transmission o' inar! data et"een end to end terminals(

GS !etwor+

Transit End !etwor+ !etwor+

0E

Teleservices
Ser>ice 0escription GS

Speech )Telephony* Speech )E(ergency .alls* Short essage Ser>ice ) o'ile ter(inated* Short essage Ser>ice ) o'ile originated* Short essage Ser>ice ).ell &roadcast*

Specification .haracteristics .ode The (ost i(portant ser>ice for (o'ile T11 syste(s, nor(al speech ser>ice, including e(ergency calls

T14 T41 T44 T43

E(ergency calls are auto(atically possi'le

?or reception of short (essages ?or sending short (essages to another GS su'scri'er ?or sending short (essages to (ore than one recei>er si(ultaneously within a gi>en cell :resently not supported 'y !#%/1 ?or sending and recei>ing facsi(ile (essages

Group 3 ?acsi(ile trans(ission T71 )with alternate speech* Group 3 ?acsi(ile trans(ission T74

SMS+ MO "n& MT
1ir 1 !SS
S.
,-$

&SS S S- # S S- T

Short Messa"e Service Center (SMSC)

SMS+ Cell Bro"&c"st


1ir
B0S

1 &SS

B0S

B0S

S S-.ell &roadcast &S.

!SS

B0S

! S

Su**le,ent"r- Services
@ 1d>ice of .harge - 1#.
@ 1lternate -ine Ser>ice - 1-S )personal or 'usiness* @ &arring of all inco(ing calls - &1/. @ &aring of all inco(ing calls when roa(ing outside the H:- ! @ &arring of all inco(ing calls when a'road @ &arring of outgoing calls @ &arring of outgoing international calls eBcluding those directed to the H:- ! country @ .all forwarding on (o'ile su'scri'er 'usy - .?& @ .all forwarding on no answer - .?!1 @ .all forwarding unconditional - .?; @ .all Hold @ .all waiting - ." @ .alling line identification presentation - .-/: @ .alling line identification restriction - .-/$ @ .onference .all @ EBplicit .all

Signalling

Signalling #perations
Calling -art! &e/uest 'or service &e/uest address -rovide address E;change Called -art!

-rocess in'ormation and ma#e connection Alert called part! Called part! ans"er Conversation $isconnection

SS8 - T;:C !;:C /S;:

T;: !;: /S;:

.all .ontrol essages

T;: !;: /S;:

-e>el 3

M0-

-e>el 4 -e>el 1

0ransport o' Signalling Messages "ithin one net"or# $ata ,in# Control -h!sical Connections

-e>el 3 -e>el 4 -e>el 1

M0-

,irtual .onnections

+irtual Connection using SCC-

A
Signalling -oint Signalling -oint

B
$estination Signalling -oint

Signalling -oint

Signalling -oint

Si/n"llin/ in GSM Net#or$


,A-$m ,A-$
&S. S.

SSLD

&TS

SSLD

-S0N > %,&6s > other MSC6s

Su,,"r Signalling is the trans'er o' in'ormation et"een su scri er inter'ace points and the net"or# and et"een di''erent net"or# element to help esta lish a call( Signalling in'ormation is interchanged as standard sets o' messages "hich "as developed and standardi1ed into the present SSD( ESM needs non call related signalling "hich is possi le "ith SSD( 0he SSD used in -S0N net"or#s is not su''icient to 'ul'ill the signalling re/uirements o' ESM net"or#s , thus ne" protocols speci'ic to ESM "ere developed(

RF ACCESS and Transmission

GSM Fre2uenc- %lloc"tion


ESM C<< 1plink HC< - C3= M%1 /ownlink C:= - C8< M%1 (34G channels) 3D3< - 3DH= M%1 3H<= - 3HH< M%1 (:DG channels) ESM 3H<< $CS ($igital Communication S!stem) ESM 3C<< 3H=< - 3C3< M%1 3C:< - 3CC< M%1 -CS (-ersonal Communication S!stem)
nlin+ 0ow

+ ;plin
S &TS

C"rrier Fre2uenc- 1"n/e


.SM 233
1plink /ownlink /uple5 /istance 890,915 MH935,960 MH.5 MH-

/CS (433
1710,1785 MH1805,1880 MH95 MH200/H(;(363 (;(368 (;(369 (;4964 (;4)63 (43)63 (43)68 (43)69 (4;264 (44363

Carrier Separation 200/HCarrier *airs 2'3l!n40downl!n45


42363 42368 42369 2(964 2()63 2:)63 2:)68 2:)69 2)264 2<363

M( M( M( +o6 o7 Channels !emarks

M( M( M(

M( M( M(

M( M( M(

25MH-0200/H-1(89
Jide Coverage Better indoor penetration

75MH-0200/H-1:;9
%igher Capacit! in terms o' availa le channels ,ess prone to co-channel inter'erence

?0 1
?re5uency 0i>ision f1

.0 1
.ode 0i>ision

T0 1
0i>ision

Ti(e

xxxxxx 444 4;+4;+


f4

xyz{|}~xyz{| zzzzzzz

+++ ;;;

f3

||||||||

$&S on'i(uration
'4

#(ni directional &TS '3, '4, ': '3

'3, '4 4 sectoriDed &TS '=, '8

':, 'G 3 sectoriDed &TS

Nokia Im lementation

&ase Station Su'syste( )&SS*

!etwor+ Su'syste( )!SS*


Authentication Center

Air I%& Abis I%&

#$ (&'
#isitor $ocation !e"ister

)*' %&'
Equipment Identit !e"ister

Base Station Controller (BSC) Mobile Station

Ater I%&

A I%&

+,$

Mobile Switchin" Center

To other networks

Transcoder (TCSM)

Base Transceiver Station (BTS)

!etwor+ anage(ent Su'syste( )! S*

THE GS

!ET"#$%

&ase Station Su'syste( )&SS*

!etwor+ Su'syste( )!SS* #$ )*'


'ome $ocation !e"ister

Air I%& Abis I%&

%&'

Base Station Controller (BSC) Mobile Station

.o-located
A I%&

Ater I%&

(&' +,$

Mobile Switchin" Center

To other networks

Transcoder (TCSM)
Short Messa"e Service Center (SMSC)

Base Transceiver Station (BTS)

!etwor+ anage(ent Su'syste( )! S*

THE GS

!ET"#$%

)!#%/1 /(ple(entation*

Ne3t Ste*s

Evolution o' ESM to the :rd Eeneration Mo ile S!stem

)rd Generation UM&S

E$EE E-&S

%SCS$

HS.S09 High Speed .ircuit Switched 0ata

T0 1 Ti(eslot

T0 1 ?ra(e

4H(H * its>s =D(8 * its>s

ultiple &urst fro( each (o'ile station

&TS

GP1S
0ransmission o' data in pac#et 'orm Achieve higher cost e''icienc! in data transmission compared to traditional circuit mode $!namic data transmission speed Mo ile can sta! connected to the net"or# all da! Charging per data

GP1S Net#or$
-S0N Net"or#
Short Message Service Centre

SMSC
%ome ,ocation &egister

MSC

SSD NJ Billing S!stem


Charging Eate"a!

%,&

B0S

BSC
-C5

Serving E-&S Support Node

SESN

CE )nternet

)ntegrated Net"or# Management

)nter-,MN Net"or#

BE
Border Eate"a! $omain Name S!stems

E-&S Bac# one )- Net"or# EESN


,egal )ntercept Eate"a! E-&S Support Node .ire"all

Corporate )ntranet Server ,ocal Area NJ

$NS

&outer

E!GE
5ses advance modulation techni/ue (EMS* to H-S*) &educe overhead that is used 'or error protection Still using the 4<<*h1 ESM channel and the current 're/uenc! and )ncrease data transmission speed >0S, (3G(G * ps -N up to D<* ps) Ena le mo ile users to retrieve data and handle multimedia services &e/uire minor changes in the net"or# hard"are and so't"are

4%P+ 4ireless %**lic"tion Protocol


0o ring internet content (do"n-si1ed version) to the MS6s JA- is glo al standard 'or all digital s!stems e(g(( ESM, C$MA, and :E s!stems JM, (Jireless Mar#up ,anguage) is the tag- ased displa! language used 'or JA- application and it is the do"n-si1ed variation o' %0M, providing navigation support, data input, h!perlin#s Still use the data connection at C(8* ps

3G Mobile S-ste,s
ain o'Eecti>es of / T-4000 .ull coverage and mo ilit! 'or 3GG* its>s, pre'era l! :HG* its>s ,imited coverage and mo ilit! 'or 4M its>s E''icient use o' radio spectrum compared "ith e;isting s!stems .le;i le architecture to allo" introduction o' ne" services
4 'ps

)M0-4<<<
382%'ps

ESM-E$EE
122%'ps

E>ol>ed 4nd Generation Syste(s )GS -HS.S0, G:$S*


10%'ps

4nd Generation Syste( Short 0istanceC-ow o'ility

"ide 1reaCHigh

o'ility

3G Net#or$ %rchitecture
:ac+et Su'syste(

GGS!
GS o'ile GS &ase Station GS C; TS o'ile

SGS!
&S.

!SS S. H-$

; TS o'ile

; TS &ase Station

$adio !etwor+ .ontroller

3G-/"; /! Ser>ice .ontrol :oint

!&A

En&
%han" -ou