03 2G-ws13

2G Mobile Communication Systems
 2G Review: GSM
 Services
 Architecture
 Protocols
 Call setup
 Mobility management
 Security
 HSCSD
 GPRS
 EDGE
References
Jochen Schiller: Mobile Communications (German and English), Addison-Wesley,
2000
(most of the material covered in this chapter is based on the book)
Michel Mouly, Marie-Bernadette Pautet: The GSM System for Mobile

Communications. Telecom Pub, Juni 1992
Jörg Eberspaecher, u. a.: GSM Switching, Services and Protocols. John Wiley and
Sons Ltd, 2001
Siegmund Redl, u. a.: GSM and Personal Communications Handbook. Artech

House, 1998
Gunnar Heine: GSM Networks: Protocols, Terminology, and Implementation.

Artech House Mobile Communications Library. Artech House Publishers, 1998
Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 2

Public Land Mobile Network (PLMN)
Definition:
a network established and operated by an administration to provide

land-based mobile telecommunications services to the public
a PLMN may be regarded as an extension of a network (e.g. an ISDN)
a PLMN consists of a collection of areas within a common numbering

plan (e.g. same National Destination Code) and a common routing plan
 PLMNs are independent telecommunications entities
Source: 3GPP 23.002-5.5.0

GSM: Mobile Services
GSM offers
 several types of connections
 voice connections
 data connections
 short message service
 multi-service options (combination of basic services)
Three service domains (a “mobile” model of ISDN)

 Bearer Services
 Teleservices
 Supplementary Services
bearer services
MS
transit source/
TE MT GSM-PLMN network destination TE
R, S Um (PSTN, ISDN) network (U, S, R)
teleservices
PLMN: Public Land Mobile Network MS: Mobile Station
PSTN: Public Switched Telephone Network MT: Mobile Termination (radio-specific part)
ISDN: Integrated Services Digital Network TE: Terminal
Bearer Services
Telecommunication services to transfer data between access points

Specification of services up to the terminal interface (OSI layers 1-3)
Different data rates for voice and data (original standard)
 data service (circuit switched)
 synchronous: 2.4, 4.8 or 9.6 kbit/s
 asynchronous: 300 - 1200 bit/s
 data service (packet switched) –> superseded by GPRS
 synchronous: 2.4, 4.8 or 9.6 kbit/s
 asynchronous: 300 - 9600 bit/s

Teleservices
Telecommunication services that enable voice communication via mobile phones
 mobile telephony
primary goal of GSM was to enable mobile telephony offering nearly ISDN
quality (bandwidth of 7 kHz);
 Today: Fullrate codec (FR–13kb/s), halfrate (HR-5.6kb/s), Enhanced Fullrate (EFR-
12.2kb/s)
 emergency number
common number throughout Europe (112); mandatory for all service providers;
free of charge; connection with the highest priority (preemption of other
connections possible)
 multinumbering
several ISDN phone numbers per user possible
Non-Voice Teleservices
 group 3 fax
 voice mailbox (implemented in the GSM network)
 Short Message Service (SMS)
alphanumeric data transmission to/from the mobile terminal using the signaling
channel, thus allowing simultaneous use of basic services and SMS

Supplementary services
Services in addition to the basic services

 cannot be offered stand-alone
 similar to ISDN services besides lower bandwidth due to the radio link
 may differ between different service providers, countries and protocol
versions
Important services
 call forwarding
 identification: forwarding of caller number
 suppression of number forwarding (CLIP, CLIR)
 automatic call-back
 conferencing with up to 7 participants
 locking of the mobile terminal (incoming or outgoing calls)
 ...

Architecture of the GSM system
GSM is a PLMN (Public Land Mobile Network)
 several providers setup mobile networks following the GSM standard
within each country
GSM system comprises 3 subsystems
 RSS (radio subsystem): covers all radio aspects
 MS (mobile station)
 BSS (base station subsystem) or RAN (radio access network)
 BTS (base transeiver station)
 BSC (base station controller)
 NSS (network and switching subsystem): call forwarding, handover,
switching
 MSC (mobile services switching center)
 LR (location register): HLR and VLR
 OSS (operation subsystem): management of the network
 OMC (operation and maintenance centre)
 AuC (authentication centre)
 EIR (equipment identity register)

GSM: overview
OMC, EIR,
AUC
HLR
GMSC
NSS fixed network
with OSS
VLR MSC MSC

VLR
BSC
BSC
RSS
BTS BTS
BTS  BSC: n:1 (tree)
BSC  MSC: n:1 (tree)
MSC – VLR: 1:1
MSC – MSC : meshed network

GSM: elements and interfaces
radio cell
BSS
MS MS
Um radio cell Um Interface (MS and BTS):

radio, air interface
RSS BTS MS
BTS
Abis Abis Interface (BTS and BSC)

BSC BSC
A A Interface (BSC and MSC)
MSC MSC
NSS
VLR VLR
signaling Interfaces B,...,H
ISDN, PSTN within NSS
(between MSC,
HLR GMSC
PDN
O
IWF
VLR and HLR)
OSS
EIR AUC OMC
Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 10 o

Radio subsystem
The Radio Subsystem (RSS) comprises the cellular mobile network up to
the switching centers
Components
 Base Station Subsystem (BSS)
 Base Transceiver Station (BTS)
 radio components including sender, receiver, antenna
 one BTS can cover several cells
 Base Station Controller (BSC)
 switching between BTSs,
 controlling BTSs,
 managing of network resources,
 mapping of radio channels (Um) onto terrestrial channels
(A interface)
BSS = BSC + sum(BTS) + interconnection
 Mobile Stations (MS)

Base Transceiver Station and Base Station Controller
Tasks of a BSS are distributed over BSC and BTS
 BTS comprises radio specific functions of lower layers (PHY, MAC)
 BSC manages and controls the radio channels in the BTS and terrestrial
channels to BTS and MSC
 Design Principle: “central intelligence” = BSC, “dumb radio station” = BTS
Functions BTS BSC
Management of radio channels X
Frequency hopping (FH) X X
Management of terrestrial channels X
Mapping of terrestrial onto radio channels X
Channel coding and decoding X
Rate adaptation X
Encryption and decryption X X
Paging X X
Uplink signal measurements X
Traffic measurement X
Authentication X
Location registry, location update X
Handover management X
GSM: cellular network
segmentation of the area into cells
possible radio coverage of the cell
idealized shape of the cell

cell
 use of several carrier frequencies

 not the same frequency in neighboring cells
 cell radius varies from some 100 m up to 35 km depending on
user density, geography, transceiver power etc.
 hexagonal shape of cells is idealized (cells overlap, shapes depend
on geography)
 if a mobile user changes cells
-> handover of the connection to the neighbor cell

GSM: Air Interface
FDMA (Frequency Division Multiple Access) / FDD (Frequency Division Duplex)
Uplink Downlink
890 MHz 915 MHz 935 MHz 960 MHz
... 123 124 ... 123 124
200 kHz frequency
TDMA (Time Division Multiple Access)

Downlink
1 2 3 4 5 6 7 8
Uplink
1 2 3 4 5 6 7 8
4,615 ms
= 1250 bit time

GSM: Voice Coding
Channel Modulation
Voice coding Framing
coding (GMSK)
114 bit/slot
114 + 42 bit
GSM TDMA frame

1 2 3 4 5 6 7 8
4.615 ms
GSM time-slot (normal burst)

guard guard
space tail user data S Training S user data tail space
3 bits 57 bits 1 26 bits 1 57 bits 3
546.5 µs
577 µs
Guard (8.25 bits): avoid overlap with other time slots (different time offset of neighboring slot)
Training sequence: select the best radio path in the receiver and train equalizer
Tail: needed to enhance receiver performance
Flag S: indication for user data or control data
GSM hierarchy of frames
hyperframe 0 1 2 ... 2045 2046 2047 3 h 28 min 53.76 s
0 1 2 ... 48 49 50
superframe 6.12 s
0 1 ... 24 25
traffic multiframe 0 1 ... 24 25 120 ms
control multiframe 0 1 2 ... 48 49 50 235.4 ms
frame 0 1 ... 6 7 4.615 ms

slot
burst 577 µs
traffic multiframe: 24 frames (22.8 kbps) used for traffic channel (user data), or fast signaling
1 frame (950 bps) used for slow signaling, 1 frame unused
Mobile station
Terminal for the use of GSM services

A mobile station (MS) comprises several functional groups
 MT (Mobile Termination):
 offers common functions used by all services the MS offers
 corresponds to the network termination (NT) of an ISDN access
 end-point of the radio interface (Um)
 TA (Terminal Adapter):
 terminal adaptation, hides radio specific characteristics
 TE (Terminal Equipment):
 peripheral device of the MS, offers services to a user
 does not contain GSM specific functions
 SIM (Subscriber Identity Module):
 personalization of the mobile terminal, stores user parameters, and
security algorithm
TE TA MT
Um
R S
Network and switching subsystem (NSS)
NSS is the main component of the public mobile network GSM

 switching, mobility management, interconnection to other networks,
system control
Components
 Mobile Services Switching Center (MSC)
controls all connections via a separated network to/from a mobile
terminal within the domain of the MSC - several BSC can belong to a
MSC
 Databases (important: scalability, high capacity, low delay)
 Home Location Register (HLR)
central master database containing user data, permanent and semi-
permanent data of all subscribers assigned to the HLR (one provider
can have several HLRs)
 Visitor Location Register (VLR)
local database for a subset of user data, including data about all
user currently in the domain of the VLR

Operation subsystem
The OSS (Operation Subsystem) enables centralized operation,
management, and maintenance of all GSM subsystems
Components
 Authentication Center (AUC)
 generates user-specific authentication parameters on request of a VLR
 authentication parameters used for authentication of mobile terminals
and encryption of user data on the air interface within the GSM system
 Equipment Identity Register (EIR)
 registers GSM mobile stations and user rights
 stolen or malfunctioning mobile stations can be locked and sometimes
even localized
 Operation and Maintenance Center (OMC)
 different control capabilities for the radio subsystem and the network
subsystem

Basic Functions in GSM Systems
 Connection Setup
 Handover
 Location management
 Roaming
 Authentication
Connection Setup & Radio Resource Assignment
BSC MSC
BS

Mobile Terminated Call (MTC)
1: calling a GSM subscriber
2: forwarding call to GMSC 4
3: signal call setup to HLR HLR
5
VLR
4, 5: request MSRN from VLR 3 6

8 9
14 15
6: forward responsible
MSC to GMSC calling PSTN GMSC
7
MSC
station
7: forward call to 1 2
current MSC 10 10 13 10
16
8, 9: get current status of MS
10, 11: paging of MS
BSS BSS BSS
11 11 11
12, 13: MS answers
14, 15: security checks 11 12
16, 17: set up connection 17
MS

Mobile Originated Call (MOC)
1, 2: connection request
3, 4: security check
5-8: check resources (free circuit)
9-10: set up call VLR
3 4
6 5
PSTN GMSC MSC
7 8
2 9
1
MS BSS
10

Handover
The problem:
Change the cell while
communicating
Reasons for handover:

 Quality of radio link cell 2
cell 1
deteriorates
 Communication in other cell
requires less radio resources
 Supported radius is
exceeded (e.g. Timing Link quality cell 1
advance in GSM) Handover margin
(avoid ping-pong
 Overload in current cell effect)
 Maintenance
cell 2
Link to cell 1 Link to cell 2 time

4 types of handover
1
2 3 4
MS MS MS MS
BTS BTS BTS BTS
BSC BSC BSC
(Anchor)
MSC
MSC
• intra-cell handover: reason: quality, interference

• inter-cell handover/intra BSS: within same BSS, handled by BSC (reason
mobility, receipt level, power budget, load) GMSC
• inter-cell handover/inter BSS: between BSC at the same MSC
• inter-cell handover/inter MSC: between BSC of different MSCs
(Anchor MSC: the initial MSC, which started the connection, keeps control)

GSM: Handover Principle
Before During After
X X X
BS BS BS BS BS BS
 “Hard” handover, “make before break”

 Mobile assisted handoff/handover (MOHA):
 MS sends regular measurement reports to network (own cell, neighbor cells, every 480 ms)
 Network (old BSC) decides upon handover (when, target cell)
 Network (old BSC) sets up new communication path
 Network (old BSC) instructs the MS to execute handover

Handover procedure (change of BSC)
„Make-before-break“ strategy
MS BTSold BSCold MSC BSCnew BTSnew

measurement measurement
report result
HO decision
HO required HO request
resource allocation
ch. activation
HO request ack ch. activation ack make

HO command HO command
HO command
HO access
Link establishment
HO complete HO complete
clear command clear command
break
clear complete clear complete

Security in GSM
Security service
 System was designed with a moderate level of security to authenticate the
subscriber using a pre-shared key and challenge-response.
 access control/authentication
 user  SIM (Subscriber Identity Module): secret PIN (personal identification
number)
 SIM  network: challenge response method
 no authentication of network!
 confidentiality
 voice and signaling encrypted on the wireless link (after successful authentication)
 anonymity
 temporary identity TMSI
(Temporary Mobile Subscriber Identity)
 newly assigned at each new location update
 encrypted transmission “secret”:
• A3 and A8
3 algorithms specified in GSM
available in the
 A3 for authentication (“secret”, open interface) Internet
 A5 for encryption (standardized) • network providers
 A8 for key generation (“secret”, open interface) can use stronger
mechanisms

GSM - authentication Challenge-Response:
• Authentication center provides RAND to Mobile
• AuC generates SRES using Ki of subscriber and
RAND via A3
Ki RAND
• Mobile (SIM) generates SRES using Ki and RAND
• Mobile transmits SRES to network (MSC)
128 bit 128 bit
AuC • network (MSC) compares received SRES with one
generated by AuC
A3
SRES* 32 bit RAND RAND Ki

mobile network
128 bit 128 bit
Authentication Request (RAND)
SIM
A3
SRES 32 bit
MSC Authentication Response (SRES 32 bit)

SRES* =? SRES SRES
Ki: individual subscriber authentication key SRES: signed response

GSM - key generation and encryption
Ciphering:
• Data sent on air interface ciphered for security
• A8 algorithm used to generate cipher key
• A5 algorithm used to cipher/decipher data
• Ciphering Key is never transmitted on air
MS with SIM
RAND
Ki RAND RAND Ki
AuC 128 bit 128 bit SIM
128 bit 128 bit
A8 A8
cipher Kc
key 64 bit mobile network (BTS) Kc
64 bit
data encrypted SRES
data
BTS data MS
A5 A5

2G+: GSM Evolution
Limits of GSM
 limited capacity at the air interface:
data transmission standardized with only 9.6 kbit/s

 advanced coding allows 14,4 kbit/s
 not enough for Internet and multimedia applications
=> EDGE
 inappropriateness for bursty and non-symmetrical data traffic
=> GPRS
Extensions
 HSCSD (High-Speed Circuit Switched Data)
 GPRS (General Packet Radio Service)
 EDGE (Enhanced Data Rate for GSM Evolution)
 EGPRS (EDGE und GPRS)
 GERAN (GSM Interface to UMTS)

HSCSD (High-Speed Circuit Switched Data)
 continuous use of multiple time slots for a single user

(on a single carrier frequency)
 asynchronous allocation of time slots between DL and UL
 gain: net data rate up to 115,2 kbps (allocation of all 8 traffic channels)
Downlink
1 2 3 4 5 6 7 8 1 2
Uplink
1 2 3 4 5 6 7 8 1 2
 mainly software update

 additional HW needed if more than 3 slots are used

GPRS (General Packet Radio Service)
 Introducing packet switching in the network

 Using shared radio channels for packet transmission over the air:
 multiplexing multiple MS on one time slot
 flexible (also multiple) allocation of timeslots to MS
(scheduling by PCU Packet Control Unit in BSC or BTS)
Multiplexing Multislot capability
TS
0 1 2 3 4 5 6 7 carrier 0 1 2 3 4 5 6 7
 using free slots only if data packets are ready to send

(e.g., 115 kbit/s using 8 slots temporarily)
 standardization 1998, introduction 2001
 advantage: first step towards UMTS, flexible data services

GPRS architecture and interfaces
connection-oriented
SGSN
packet switched core
Gn
PDN /
MS BSS SGSN GGSN
Internet
Um Gb Gn Gi
MSC HLR/
GR
VLR EIR

EDGE (Enhanced Data Rates for GSM Evolution)
Enhanced spectral efficiency depends on:
 Size of frequency band
 Duration of usage
Near-far problem
 Level of interference with others (power)
EDGE Technology:
 EDGE can carry data speeds up to 236.8 kbit/s for 4
timeslots (theoretical maximum is 473.6 kbit/s for 8 UE 1
timeslots)
 Adaptation of modulation depending
on quality of radio path
 GMSK (GSM standard – 1 bit per symbol)
 8-PSK (3 bits per symbol) NodeB
 Adaptation of coding scheme (redundancy) depending
on quality of radio path (9 coding schemes)
 Gain: data rate (gross) up to 69,2 kbps (compare to
22.8 kbps for GSM)
UE 2
 complex extension of GSM!

2G to 3G Evolution: GSM - GPRS - UMTS
Transmission
ATM based
Base station Base station ISDN
Base station MSC GMSC
controller
GSM Core
GSM (Circuit
RAN switched)
Base station
HLR
GSM AuC
EIR

2G to 3G Evolution: GSM - GPRS - UMTS
Transmission
ATM based
controller
GSM Core
GSM (Circuit
RAN switched)
Base station
HLR
AuC
EIR
GSM+GPRS
SGSN Inter-
net
GPRS Core GGSN
(Packet
Switched)

2G to 3G Evolution: GSM - GPRS – UMTS R99
Transmission
ATM based
controller
GSM Core
GSM (Circuit
RAN switched)
Base station
GSM+GPRS+UMTS R99 HLR

AuC
EIR
Base station
Base station SGSN Inter-
Radio network
controller net
GPRS Core GGSN
Base station UTRAN (Packet
Switched)

2G to 3G Evolution: GSM - GPRS - UMTS R5 - IMS
Base station Base station

Base station
controller
GERAN
GSM
Base station
RAN GERAN + UMTS R5 + IMS
Transmission
Base station IP based
Base station SGSN Inter-
Radio network
controller net
3G Core
GPRS Core GGSN
Base station UTRAN (Packet
Switched)

03 2G-ws13

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

03 2G-ws13

Загружено:

Авторское право:

Доступные форматы

2G Mobile Communication Systems

Michel Mouly, Marie-Bernadette Pautet: The GSM System for Mobile

Siegmund Redl, u. a.: GSM and Personal Communications Handbook. Artech

Gunnar Heine: GSM Networks: Protocols, Terminology, and Implementation.

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 2

a network established and operated by an administration to provide

a PLMN may be regarded as an extension of a network (e.g. an ISDN)

a PLMN consists of a collection of areas within a common numbering

 PLMNs are independent telecommunications entities

Source: 3GPP 23.002-5.5.0

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 3

Three service domains (a “mobile” model of ISDN)

Telecommunication services to transfer data between access points

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 5

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 6

Services in addition to the basic services

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 7

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 8

VLR MSC MSC

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 9

Um radio cell Um Interface (MS and BTS):

Abis Abis Interface (BTS and BSC)

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 10 o

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 11

segmentation of the area into cells

possible radio coverage of the cell

idealized shape of the cell

 use of several carrier frequencies

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 13

... 123 124 ... 123 124

200 kHz frequency

TDMA (Time Division Multiple Access)

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 14

GSM TDMA frame

GSM time-slot (normal burst)

traffic multiframe 0 1 ... 24 25 120 ms

control multiframe 0 1 2 ... 48 49 50 235.4 ms

frame 0 1 ... 6 7 4.615 ms

Terminal for the use of GSM services

NSS is the main component of the public mobile network GSM

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 18

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 19

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 21

4, 5: request MSRN from VLR 3 6

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 22

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 23

Reasons for handover:

Link to cell 1 Link to cell 2 time

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 24

BTS BTS BTS BTS

BSC BSC BSC

• intra-cell handover: reason: quality, interference

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 25

Before During After

 “Hard” handover, “make before break”

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 26

MS BTSold BSCold MSC BSCnew BTSnew

HO request ack ch. activation ack make

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 27

Cellular Communication Systems Andreas Mitschele-Thiel, Jens Mückenheim Oct-13 28

SRES* 32 bit RAND RAND Ki

MSC Authentication Response (SRES 32 bit)

Ki: individual subscriber authentication key SRES: signed response