GSM - WordPress.com
Download
Report
Transcript GSM - WordPress.com
Global System for Mobile
Communication (GSM)
Also known as: "Global System for Mobile Communications", "Groupe
Special Mobile" to describe protocols for second generation (2G) digital
cellular networks circuit-switched network optimized for full duplex voice
telephony. It is used by mobile phones and a replacement for first
generation (1G) analog cellular networks.
GSM is a TDMA based wireless network technology developed in Europe
that is used throughout most of the world.
GSM phones make use of a SIM card to identify the user's account. The
use of the SIM card allows GSM network users to quickly move their
phone number from one GSM phone to another by simply moving the
SIM card.
Currently GSM networks operate on the 850MHz, 900MHz, 1800MHz,
and 1900MHz frequency bands.
Global System for Mobile Communication
(GSM)
Why GSM?
The GSM study group aimed to provide the followings through
the GSM:
Improved spectrum efficiency.
International roaming.
Low-cost mobile sets and base stations (BSs).
High-quality speech.
Compatibility with Integrated Services Digital Network (ISDN)
and other telephone company services.
Support for new service
GSM characteristics
previous standard in cellular communication were
restrictive
GSM – global digital standard for cellular phones that
offered roaming facility
first named Groupe Special Mobile and used in Europe;
then usage extended to other continents
GSM operate in frequency bands: 900MHz, 1800 MHz,
1900 MHz
GSM provides voice and data services
The GSM Architecture
SIM Subscriber Identity Module
HLR Home Location Register
MS Mobile Station
VLR Visitor Location Register
BTS Base Transceiver Station
EIR Equipment Identity Register
BSC Base Station Controller
AC Authentication Centre
MSC Mobile services Switching Centre
PSTN Public Switched Telecomm Network
VLR Visitor Location Register
ISDN Integrated Services Digital Network
PLMN Public land mobile Network
The GSM Architecture
The GSM Architecture-Working
The GSM network can be divided into three broad parts.
The Mobile Station is carried by the subscriber.
Base Station Subsystem controls the radio link with the Mobile
Station.
The Network Subsystem, the main part of which is the Mobile
services Switching Center, performs the switching of calls
between the mobile and other fixed or mobile network users, as
well as management of mobile services, such as authentication.
The Mobile Station and the Base Station Subsystem communicate
across the Um interface, also known as the air interface or radio
link.
The Base Station Subsystem communicates with the Mobile
service Switching Center across the A interface.
Subscriber Identity Module (SIM)
card
SIM – a memory card (integrated circuit) holding
identity information, phone book etc.
GSM system support SIM cards
other systems, like CDMA do not support SIM cards, but
have something similar called Re-Usable Identification
Module (RUIM)
International Mobile Equipment
Identity (IMEI) key
IMEI – a unique 15 digit number identifying each phone,
is incorporated in the cellular phone by the
manufacturer
IMEI ex.: 994456245689001
when a phone tries to access a network, the service
provider verifies its IMEI with a database of stolen
phone numbers; if it is found in the database, the
service provider denies the connection
the IMEI is located on a white sticker/label under the
battery, but it can also be displayed by typing *#06# on
the phone
International Mobile Subscriber
Identity (IMSI) key
IMSI – a 15-digit unique number provided by the
service provider and incorporated in the SIM card
which identifies the subscriber
IMSI enables a service provider to link a phone
number with a subscriber
first 3 digits of the IMSI are the country code
Temporary Mobile Subscriber Identity
(TMSI) key
TMSI – is a temporary number, shorter than the IMSI,
assigned by the service provider to the phone on a
temporary basis
TMSI key identifies the phone and its owner in the cell
it is located; when the phone moves to a different cell
it gets a new TMSI key
as TMSI keys are shorter than IMSI keys they are
more efficient to send
TMSI key are used for securing GSM networks
HLR, VLR and EIR registers
Home Location Register (HLR) - is a database maintained by the service
provider containing permanent data about each subscriber (i.e. location,
activity status, account status, call forwarding preference, caller
identification preference)
Visitor Location Register (VLR) – database that stores temporary data
about a subscriber; it is kept in the MSC of the of the area the
subscriber is located in; when the subscriber moves to a new area the
new MSC requests this VLR from the HLR of the old MSC
Equipment Identity Register (EIR) – database located near the MSC and
containing information identifying cell phones
Authentication Center (AuC)
1st level security mechanism for a GSM cellular network
is a database that stores the list of authorized subscribers
of a GSM network
it is linked to the MSC and checks the identity of each user
trying to connect
also provides encryption parameters to secure a call made
in the network
Mobile Station
The mobile station (MS) consists of the physical equipment, such as the
radio transceiver, display and digital signal processors, and a smart card
called the Subscriber Identity Module (SIM). The SIM provides personal
mobility, so that the user can have access to all subscribed services
irrespective of both the location of the terminal and the use of a specific
terminal. By inserting the SIM card into another GSM cellular phone,
the user is able to receive calls at that phone, make calls from that
phone, or receive other subscribed services.
The mobile equipment is uniquely identified by the International Mobile
Equipment Identity (IMEI). The SIM card contains the International
Mobile Subscriber Identity (IMSI), identifying the subscriber, a secret
key for authentication, and other user information. The IMEI and the
IMSI are independent, thereby providing personal mobility. The SIM
card may be protected against unauthorized use by a password or
personal identity number.
Base Station Subsystem
The Base Station Subsystem is composed of two parts, the Base
Transceiver Station (BTS) and the Base Station Controller (BSC). These
communicate across the specified bits interface, allowing (as in the rest
of the system) operation between components made by different
suppliers.
The Base Transceiver Station houses the radio transceivers that define a
cell and handles the radio-link protocols with the Mobile Station. In a
large urban area, there will potentially be a large number of BTSs
deployed. The requirements for a BTS are ruggedness, reliability,
portability, and minimum cost.
The Base Station Controller manages the radio resources for one or more
BTSs. It handles radio-channel setup, frequency hopping, and handovers,
as described below. The BSC is the connection between the mobile and
the Mobile service Switching Centre (MSC).
Network Substation
The central component of the Network Subsystem is the Mobile
services Switching Centre (MSC). It acts like a normal switching
node of the PSTN or ISDN, and in addition provides all the
functionality needed to handle a mobile subscriber, such as
registration, authentication, location updating, handovers, and
call routing to a roaming subscriber. These services are provided
in conjunction with several functional entities, which together
form the Network Subsystem. The MSC provides the connection
to the public fixed network (PSTN or ISDN), and signalling
between functional entities uses the ITU Signalling System
Number 7 (SS7), used in ISDN and widely used in current public
networks.
Network Substation (Cont..)
The Home Location Register (HLR) and Visitor Location
Register (VLR), together with the MSC, provide the call
routing and (possibly international) roaming capabilities of
GSM. The HLR contains all the administrative information
of each subscriber registered in the corresponding GSM
network, along with the current location of the mobile.
The current location of the mobile is in the form of a
Mobile Station Roaming Number (MSRN) which is a regular
ISDN number used to route a call to the MSC where the
mobile is currently located. There is logically one HLR per
GSM network, although it may be implemented as a
distributed database.
Network Substation (Cont..)
The
Visitor
Location
Register
contains
selected
administrative information from the HLR, necessary for call
control and provision of the subscribed services, for each
mobile currently located in the geographical area controlled
by the VLR. Although each functional entity can be
implemented as an independent unit, most manufacturers
of switching equipment implement one VLR together with
one MSC, so that the geographical area controlled by the
MSC corresponds to that controlled by the VLR, simplifying
the signalling required. Note that the MSC contains no
information about particular mobile stations - this
information is stored in the location registers.
GSM Access Scheme and Channel
Structure
GSM uses FDMA and TDMA to transmit voice and data
the uplink channel between the cell phone and the BTS uses
FDMA and a specific frequency band
the downlink channel between the BTS and the cell phone
uses a different frequency band and the TDMA technique
there is sufficient frequency separation between the uplink
freq. band and the downlink freq. band to avoid interference
each uplink and downlink frequency bands is further split up
as Control Channel (used to set up and manage calls) and
Traffic Channel (used to carry voice)
GSM uplink/downlink frequency
bands used
GSM Frequency
band
Uplink/BTS Transmit Downlink/BTS Receive
900 MHz
935-960 MHz
890-915 MHz
1800 MHz
1805-1880 MHz
1710-1785 MHz
1900 MHz
1930-1990 MHz
1850-1910 MHz
GSM uplink/downlink frequency
bands
uplink and downlink take place in different time slots
using TDMA
uplink and downlink channels have a bandwidth of 25
MHz
these channels are further split up in a 124 carrier
frequencies (1 control channels and the rest as traffic
channels); each carrier frequency is spaced 200 KHz
apart to avoid interference
these carrier frequencies are further devided by time
using TDMA and each time slot lasts for 0.577 ms.
GSM Control Channel
is used to communicate management data (setting up
calls, location) between BTS and the cell phone within a
GSM cell
only data is exchanged through the control channel (no
voice)
a specific frequency from the frequency band allocated to
a cell and a specific time slot are allocated for the control
channel (beacon frequency); a single control channel for a
cell
GSM control channels can have the following types:
broadcast channel
common control channel
dedicated control channel
Broadcast Channel
type of control channel used for the initial synchronization
between the cell phone and the BTS
is composed from:
Frequency Correction Channel (FCCH) – is composed from a
sequence of 148 zeros transmitted by the BTS
Synchronization Channel (SCH) – follows the FCCH and contains
BTS identification and location information
Broadcast Control Channel (BCCH) – contains the frequency
allocation information used by cell phones to adjust their
frequency to that of the network; is continuously broadcasted by
the BTS
Common Control Channels
type of control chan. used for call initiation
is composed of:
Paging Channel (PCH) – the BTS uses this channel to inform
the cell phone about an incoming call; the cell phone
periodically monitors this channel
Random Access Channel (RACH) – is an uplink channel used by
the cell phone to initiate a call; the cell phone uses this channel
only when required; if 2 phones try to access the RACH at the
same time, they cause interference and will wait a random time
before they try again; once a cell phone correctly accesses the
RACH, BTS send an acknowledgement
Access Grant Channel (AGCH) – channel used to set up a call;
once the cell phone has used PCH or RACH to receive or
initiate a call, it uses AGCH to communicate to the BTS
Initializing a call
1. when the cell phone is turned on it scans all the available frequencies for
the control channel
2. all the BTS in the area transmit the FCCH, SCH and BCCH that contain the
BTS identification and location
3. out of available beacon frequencies from the neighboring BTSs, the cell
phone chooses the strongest signal
4. based on the FCCH of the strongest signal, the cell phone tunes itself to the
frequency of the network
5. the phone send a registration request to the BTS
6. the BTS sends this registration request to the MSC via the BSC
7. the MSC queries the AUC and EIR databases and based on the reply it
authenticates the cell phone
8. the MSC also queries the HLR and VLR databases to check whether the cell
is in its home area or outside
9. if the cell phone is in its home area the MSC gets all the necessary
information from the HLR if it is not in its home area, the VLR gets the
information from the corresponding HLR via MSCs
10. then the cell phone is ready to receive or make calls.
Making a call
1. when thee phone needs to make a call it sends an access request
(containing phone identification, number) using RACH to the BTS; if
another cell phone tries to send an access request at the same time
the messages might get corrupted, in this case both cell phones
wait a random time interval before trying to send again
2. then the BTS authenticates the cell phone and sends an
acknowledgement to the cell phone
3. the BTS assigns a specific voice channel and time slot to the cell
phone and transmits the cell phone request to the MSC via BSC
4. the MSC queries HLR and VLR and based on the information
obtained it routes the call to the receiver’s BSC and BTS
5. the cell phone uses the voice channel and time slot assigned to it by
the BTS to communicate with the receiver
Receiving a call
1. when a request to deliver a call is made in the network, the MSC or
the receiver’s home area queries the HLR; if the cell phone is
located in its home area the call is transferred to the receiver; if the
cell phone is located outside its home area, the HLR maintains a
record of the VLR attached to the cell phone
2. based on this record, the MSC notes the location of the VLR and
indicated the corresponding BSC about the incoming call
3. the BSC routes the call to the particular BTS which uses the paging
channel to alert the phone
4. the receiver cell phone monitors the paging channel periodically and
once it receives the call alert from the BTS it responds to the BTS
5. the BTS communicates a channel and a time slot for the cell phone
to communicate
6. now the call is established
The Air-Interface of GSM
The Air-interface is the central interface of every mobile system and
typically the only one to which a customer is exposed. The physical
characteristics of the Air-interface are particularly important for the
quality and success of a new mobile standard. For some mobile systems,
only the Air-interface was specified in the beginning, like IS-95, the
standard for CDMA. Although different for GSM, the Air-interface still has
received special attention. Considering the small niches of available
frequency spectrum for new services, the efficiency of frequency usage
plays a crucial part. Such effi-ciency can be expressed as the quotient of
transmission rate (kilobits per second) over bandwidth (kilohertz). In
other words, how much traffic data can be squeezed into a given
frequency spectrum at what cost?
The Structure of the AirInterface in GSM
1.The FDMA/TDMA Scheme
1.The FDMA/TDMA Scheme
GSM utilizes a combination of frequency division multiple access (FDMA)
and time division multiple access (TDMA) on the Air-interface. That
results in a two-dimensional channel structure, which is presented in
Figure . Older standards of mobile systems use only FDMA (an example
for such a network is the C-Netz in Germany in the 450 MHz range). In
such a pure FDMA system, one specific frequency is allocated for every
user during a call. That quickly leads to overload situations in cases of
high demand. GSM took into account the overload problem, which
caused most mobile communications systems to fail sooner or later, by
defining a two-dimensional access scheme. In full rate configuration,
eight time slots (TSs) are mapped on every frequency; in a hal-frate
configuration there are 16 TSs per frequency.
2. Frame Hierarchy and Frame Numbers
In GSM, every impulse on frequency 1, as shown in Figure, is called a burst.
Therefore, every burst shown in Figure corresponds to a TS. Eight bursts or
TSs, numbered from 0 through 7, form a TDMA frame.
Transmitted
Power
Time
2. Frame Hierarchy and Frame Numbers
In a GSM system, every TDMA frame is assigned a fixed
number, which repeats itself in a time period of 3 hours, 28
minutes, 53 seconds, and 760 milliseconds. This time
period is referred to as hyper frame. Multiform and super
frame are layers of hierarchy that lie between the basic
TDMA frame and the hyper frame. Figure 7.3 presents the
various frame types, their periods, and other details, down
to the level of a single burst as the smallest unit.
3. Synchronization Between Uplink and
Downlink
For technical reasons, it is necessary that the MS and the BTS do not
transmit simultaneously. Therefore, the MS is transmitting three
timeslots after the BTS. The time between sending and receiving data
is used by the MS to perform various measurements on the signal
quality of the receivable neighbor cells.
GSM - Protocol Stack
The layered model of the GSM architecture integrates and links the peer-to-peer
communications between two different systems. The underlying layers satisfy the
services of the upper-layer protocols
GSM - Protocol Stack
The signalling protocol in GSM is structured into three general layers,
depending on the interface.
Layer 1: The physical layer, which uses the channel structures over the
air interface.
Layer 2: The data-link layer. Across the Um interface, the data-link layer
is a modified version of the Link access protocol for the D channel (LAPD) protocol used in ISDN, called Link access protocol on the Dm channel
(LAP-Dm). Across the A interface, the Message Transfer Part (MTP),
Layer 2 of SS7 is used.
Layer 3: The third layer of the GSM signaling protocol is divided into
three sublayers:
Radio Resource management (RR)
Mobility Management (MM) and
Connection Management (CM).
The MS to BTS Protocol
The RR layer oversees the establishment of a link, both radio and
fixed, between the MS and the MSC. The main functional components
involved are the MS, the BSS, and the MSC. The RR layer is concerned
with the management of an RR-session.
The MM layer is built on top of the RR layer and handles the functions
that arise from the mobility of the subscriber, as well as the
authentication and security aspects.
The CM layer is responsible for CC, supplementary service
management, and Short Message Service (SMS) management. Each of
these may be considered as a separate sublayer within the CM layer.
BSC Protocols
After the information is passed from the BTS to the BSC, a different set of
interfaces is used. The Abis interface is used between the BTS and BSC.
At this level, the radio resources at the lower portion of Layer 3 are
changed from the RR to the Base Transceiver Station Management
(BTSM). The BTS management layer is a relay function at the BTS to the
BSC.
The BSC still has some radio resource management in place
for the frequency coordination, frequency allocation, and the
management of the overall network layer for the Layer 2
interfaces.
MSC Protocols
At the MSC, the information is mapped across the A
interface to the MTP Layers 1 through 3 from the BSC.
Here, the equivalent set of radio resources is called the
BSS MAP. The BSS MAP/DTAP and the MM and CM are at
the upper layers of Layer 3 protocols.
Each user of a GSM MS is assigned a HLR that is used to
contain the user's location and subscribed services. A
separate register, the VLR, is used to track the location of a
user. As the users roam out of the area covered by the
HLR, the MS notifies a new VLR of its whereabouts.
Basic Mobility Management Requirements
Support all forms of mobility
Support mobility for all types of applications
real-time and non-real-time data, voice, and multimedia
applications
Support mobility across heterogeneous radio systems in the same
or different administrative domains
Support session (service) continuity
continue without significant interruptions as the user moves
about
Global roaming
the ability for a user to move into and use different operators’
networks
Basic Functional Components
Location management
a process that enables the network to determine a
mobile’s current location
i.e., the mobile’s current network attachment point
where the mobile can receive traffic from the network
Packet delivery to mobiles
a process whereby a network node, mobile terminal,
or end-user application uses location information to
deliver packets to a mobile terminal
Basic Functional Components (cont..)
Handoff and roaming
handoff (or handover)
a process in which a mobile terminal changes its
network attachment point
example: a mobile may be handed off from one wireless
base station (or access point) to another, or from one
router or switch to another
roaming
the ability for a user to move into and use different
operators’ networks
Network Signals
Network access control
a process used by a network provider to determine whether a
user is permitted to use a network and/or a specific service
provided by the network
main steps
authentication: verify the identity of user
authorization: determine whether a user should be
permitted to use a network or a network service
accounting: collect information on the resources used by a
user
Impact of Naming and Addressing on
Mobility Management
A name identifies a network entity, such as a user, a user
terminal, a network node, or a service
An address is a special identifier used by the network to
determine where traffic should be routed
A terminal’s address typically identifies a network
attachment point
a telephone number in a PSTN network
identifies a port on a PSTN switch rather than the telephone set
itself
an IP terminal’s IP address
identifies an attachment point to an IP network
Impact of Naming and Addressing on
Mobility Management(cont..)
Today’s networks, the name of a terminal is often tied with
the terminal’s address, example,
an IP terminal has traditionally been named by the Internet
Domain Name associated with the terminal’s IP address
mobile terminals that use multiple network addresses are
becoming increasingly popular, example,
a mobile terminal may have multiple radio interfaces
each radio interface may use a different type of radio
technology
each radio interface may need to have its own IP address
Impact of Naming and Addressing on
Mobility Management(cont..)
which domain name should be used as the terminal’s
name in this case?
solutions
make the IP terminal names independent of the
terminal’s addresses
e.g., IETF has defined Network Access Identifier
(NAI) that allows a terminal to be identified by a single
globally unique NAI regardless of how many IP
addresses this terminal may have
Impact of Naming and Addressing on
Mobility Management(cont..)
Traditional circuit-switched networks, such as the PSTN,
typically do not support user names
they assume a static mapping between a terminal and the user
responsible to pay for the services used by the terminal
Static mapping of users to terminals could lead to a range
of problems in a mobile network
mobile users often have to, or like to, use different types of
terminals in different locations depending on what types of
terminals are available or best fit their needs
this suggests that a mobile user’s name should not be statically
tied to a mobile terminal
Impact of Naming and Addressing
on Mobility Management(cont..)
Terminal-independent user names have become increasingly
common in mobile networks, example,
GSM
each subscriber is identified by a globally unique
International Mobile Subscriber Identity (IMSI) that is
independent of the terminal used by the user
a Subscriber Identity Module (SIM) carries a mobile’s
IMSI and can be ported from one mobile terminal to
another to allow a user to use different terminals and still
be recognized by the network as the same user
Impact of Naming and Addressing
on Mobility Management(cont..)
Today’s IP Networks, applications provide their own naming
schemes for users, example
e-mail users are identified by their e-mail addresses
SIP users are identified by their SIP URIs
the NAI may serve as a user’s globally unique and
terminal-independent user name
Location Management
Location update strategies
Location discovery (paging)
Interactions between location update and
paging
Location Update Strategies
When a mobile should perform location updates
and what location-related information the
mobile should send to the network?
update the mobile’s precise location every time the
mobile changes its network attachment points,
example, Mobile IP
knowing a mobile’s precise location allows the
network to deliver traffic to the mobile via unicast
Location Update
Strategies(cont..)
when mobiles change their network attachment points frequently,
maintaining precise locations of all mobiles could lead to heavy
location update traffic, which wastes limited radio bandwidth
to save scarce resources on the mobile and in the wireless network,
a network can group network attachment points into location areas
only keeps track of which location area each mobile is likely in
when the user and the network have no traffic to send to each other
the network tries to determine a mobile’s precise location only
when it needs to deliver user traffic to the mobile
Location Update
Time-based update
update periodically at a constant interval (called update
interval)
Movement-based update
update whenever it traverses a predefined number of
location areas, called movement threshold
most existing wireless networks (e.g., GSM, GPRS, 3GPP,
3GPP2) use movement-based location update strategy in
which the movement threshold is one
Distance-based update
Distance-based update
update whenever it has traveled a predefined distance
threshold from the location area in which it performed
its last location update
distance may be measured in many different ways, such
as physical distance, or cell distance (i.e., distance
measured in number of radio cells or location areas)
the physical distance-based strategy is used, for
example, as an option in 3GPP2