Академический Документы
Профессиональный Документы
Культура Документы
Location management
Handover management
Originals by: Rashmi Nigalye, Mouloud Rahmani, Aruna Vegesana, Garima Mittal, Fall 2001 Prof. M. Veeraraghavan, Polytechnic University, New York
1
MSC: Mobile Switching Center BTS: Base Transceiver Station BSC: Base Station Controller
MSC region
BSC Location area
BSC
BTS BTS
MSC region
ISDN
GMSC
BSC
B,C
EIR
HLR AUC
VLR
3
Updating of location information in VLRs Storing routing information in HLRs Updating and supplementing user profiles in HLRs Handoff of connections between MSCs
4
MCC
MNC
MSIN
MCC: Country Code MNC: Mobile Network Code MSIN: Mobile Subscriber Identification Number
When subscribing for service with a network, subscriber receives (IMSI) and stores it in the SIM (Subscriber Identity Module) card. The HLR can be identified by a VLR/MSC from the IMSI.
6
Location management
Set of procedures to:
track a mobile user find the mobile user to deliver it calls
Current location of MS maintained by 2-level hierarchical strategy with HLRs and VLRs.
12
2.
MSRN GMSC
MSC/VLR
MSISDN
If MSRN is allocated to each subscriber visiting at an MSC, then the number of MSRNs required is large. If instead, an MSRN is allocated only when a call is to be established, then the number of MSRNs is roughly equal to number of circuits at MSC a much smaller number hence MSRNs typically allocated per call by 14 VLR/MSC
GMSC
LA 1
4 MSRN 2
ISDN
1
BSC BTS
7 TMSI
MSISDN
MSRN
MSC
7 TMSI 5 MSRN
MSC
HLR
LA 2
BSC
BTS
8 TMSI 7 TMSI
EIR
VLR
BTS
6 TMSI
AUC
15
MS
GMSC
5 2
HLR
3 6
VLR
Target MSC
VLR
Target MSC
GSM security
Authentication What signed response (SRES) are you able to derive from the input challenge RAND by applying the A3 algorithm with your personal key Ki (Ki is per subscriber)? Ki RAND (128bit) Ki RAND
A3 algorithm
A3 algorithm
SRES
MS
SRES
network
equal?
18
GSM security
Encryption Digital technology easy to encrypt voice data A5 derives a ciphering sequence of 114 bits for each burst independently XOR 114 bits of a radio burst with 114 bits of a ciphering sequence generated by A5
BTS
Kc
frame number
A5 algorithm
S1(114) deciphering S2(114) ciphering
A5 algorithm
S1 S2 deciphering
19
ciphering
Key management
Ciphering key Kc is generated using algorithm A8 in the same manner as SRES (from RAND and Ki) Each time a mobile station is authenticated the MS and network compute the ciphering key Kc by running algorithm A8 with the same inputs RAND and Ki as for SRES Ciphering with Kc applies only when the network knows the identity of the subscriber it is talking to. Bootstrap period during which network does not know who the subscriber is
Up to and including the first message carrying the nonambiguous subscriber identity is carried in the clear (unencrypted)
Protection: use TMSI instead of IMSI when possible TMSI should be exchanged during protected signaling (ciphered) procedures
20
Location registration
MS has to register with the PLMN to get communication services Registration is required for a change of PLMN MS has to report to current PLMN with its IMSI and receive new TMSI by executing Location Registration process. The TMSI is stored in SIM, so that even after power on or off, there is only normal Location Update. If the MS recognizes by reading the LAI broadcast on BCCH that it is in new LA, it performs Location Update to update the HLR records. Location update procedure could also be performed periodically, independent of the MS movement. The difference in Location Registration and Location Update is that in location update the MS has already been assigned a TMSI.
21
MS
IMSI Ki
BSS/MSC
Location registration
Upd Loc.Area (IMSI,LAI) Authenticate Aut.Par.Req Auth.Info.Req (IMSI) Auth.Info (IMSI,Kc, RAND,SRES)
VLR
HLR
AUC
Loc.Upd.Req (IMSI,LAI)
(IMSI)
Aut. Info. (IMSI,Kc, RAND,SRES)
(RAND)
A3 & A8
Kc SRES
(SRES)
Generate TMSI
Contd...
22
MS
BSS/MSC
VLR
Generate TMSI
HLR
AUC
Start Ciph.
(Kc) Forw. New TMSI Ciph.Mod.Com.
Kc
Message M
Ins.Subsc.Data
(IMSI) Subs.Dat.Ins.Ack Loc.Upd.Accept
(TMSI)
Loc.Upd.Accept
(IMSI)
A5
Kc(M)
Ciph.Mod.
Kc(M) Kc Kc(M)
A5
TMSI Realloc.Cmd. M
Loc.Upd.Accept
TMSI Realloc.Ack
can be combined
TMSI.Ack
23
MS
IMSI, TMSI Ki, Kc, LAI
BSS/MSC
Location update
VLR
HLR
AUC
Loc.Upd.Req (TMSI,LAI)
Authentication
Update Location (IMSI,MSRN) Generate TMSI
Start ciphering
(Kc)
Start ciphering.
MS
BSS/MSC
VLR
HLR
AUC
Start ciphering.
Forward new TMSI (TMSI) Loc. Upd. Acept (IMSI) Loc. Upd. Acept
TMSI Realloc. Cmd.
Auth. Info.
(IMSI,Kc, RAND,SRES)
25
Channels (time slots) in the same cell Cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC), Cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC), and Cells under the control of different MSCs.
26
27
Handover (MAHO)
Handovers are initiated by the BSS/MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.
28
Connection route
9
MSC-A
1
MSC-B
MSC-C
8
BSC
4 BTS 1 BTS 2 3
BSC
BSC
2 BTS 3
5 7 BTS 3
29
MSC-A
MSC-B
Allocate Handover number Handover report
VLR-B
Handover required
Perform Handover
Radio chan. Ack IAM ACM HA Indication Send End Signal ANS End of Call REL RLC End Signal Handover report
30
MS/BSS 2
HB Indication HB Confirm
MSC-A
MSC-B
MS/BSS 2
VLR-B
Handover report
End of Call
REL RLC
31
MSC-B
HA Request
MS
MSC-C
Perform Handover
VLR-C
Allocate Handover
Number Radio chan. Ack. Send Handover report
MSC-A
Perform subsequent Acknowledge
MSC-B
HA Indication
MS
MSC-C
Send End Signal ANS HB Confirm
MSC-B
End Signal
VLR-B
Handoff Report
REL RLC
33
Abbreviations
ISC: International switching center OMC: Operations and maintenance center GMSC: Gateway switching center MSC: Mobile switching center VLR: Visitor location register HLR: Home Location register EIR: Equipment Identification register AUC: Authentication center BSC: Base station controller BTS: Base transceiver station MS: Mobile subscriber TMSI: Temporary Mobile Subscriber Identity IMSI: International Mobile Subscriber Identity
34
References
The GSM Sytem for Mobile communications by Mouly & Pautet Wireless and Mobile Network Architectures by Yi-Bing Lin & Imrich Chlamtac Wireless Personal Communications Systems by Dr. Goodman GSM Switching, Services and Protocols by Jorg Eberspacher and Hans-Jorg Vogel
35