Transcript GSM
Cellular
Communications
1
Old days
• First telephone (photophone) – Alexander
Bell, 1880
• The first car mounted radio
telephone – 1921
Going further
• 1946 – First commercial mobile radiotelephone service by Bell and AT&T in Saint
Louis, USA. Half duplex (PTT)
• 1973 – First handheld cellular phone –
Motorola.
• First cellular net Bahrein 1978
But what’s cellular?
MSC
BS
PSTN
HLR, VLR,
AC, EIR
Cellular principles
• Frequency reuse – same frequency in
many cell sites
• Cellular expansion – easy to add new
cells
• Handover – moving between cells
• Roaming between networks
Cell of Cellular network
segmentation of the area into cells
possible radio coverage of the cell
cell
idealized shape of the cell
• Use of several carrier frequencies
• Not the same frequency in adjoining cells
• Cell sizes vary from some 100 m up to 35 km depending on
user density, geography, transceiver power etc.
• Hexagonal shape of cells is idealized (cells overlap, shapes
depend on geography)
• If a mobile user changes cells, handover of the connection to
the neighbor cell
6
Cell structure
• Implements space division multiplex
– base station covers a certain transmission area (cell)
• Mobile stations communicate only via the base
station
• Advantages of cell structures
–
–
–
–
higher capacity, higher number of users
less transmission power needed
more robust, decentralized
base station deals with interference, transmission area etc. locally
• Problems
– fixed network needed for the base stations
– handover (changing from one cell to another) necessary
– interference with other cells
3/28/2016
7
Frequency planning I
• Frequency reuse only with a certain distance
between the base stations
• Standard model using 7 frequencies: f
3
f5
f4
f2
f6
f1
• Fixed frequency assignment:
f3
f5
f4
f7
f1
f2
– certain frequencies are assigned to a certain cell
– problem: different traffic load in different cells
• Dynamic frequency assignment:
– base station chooses frequencies depending on the
frequencies already used in neighbor cells
– more capacity in cells with more traffic
– assignment can also be based on interference
measurements
3/28/2016
8
Frequency planning II
f3
f1
f2
f3
f2
f3
f1
f3
f1
f2
f3
f2
f3
f1
f3
f1
f2
3 cell cluster
f3
f2
f4
f3
f6
f5
f1
f2
f3
f6
f7
f5
f2
f4
f3
f7
f5
f1
f2
7 cell cluster
f2
f2
f2
f1 f
f1 f
f1 f
h
h
3
3
3
h1 2
h1 2
g2 h3 g2 h3 g2
g1
g1
g1
g3
g3
g3
3/28/2016
3 cell cluster
with 3 sector antennas
9
Evolution of Mobile Network
Future Network
Fourth Generation
Third Generation
Second Generation (Digital)
First Generation (Analog)
First Generation (1G)
•
•
•
•
1G: Analog [routines for sending voice]
All systems are incompatible
No international roaming
Little capacity – cannot accommodate
masses of subscribers
Second Generation (2G)
•
•
•
•
•
2G – digital [voice encoding]
Increased capacity
More security
Compatibility
Can use TDMA or CDMA for increasing
capacity
TDMA
• Time Division Multiple Access
• Each channel is divided into timeslots, each
conversation uses one timeslot.
• Many conversations are multiplexed into a
single channel.
• Used in GSM
CDMA
• Code Division Multiple Access
• All users share the same frequency all the
time!
• To pick out the signal of specific user, this
signal is modulated with a unique code
sequence.
Beyond 2G
• GPRS(114Kbps)
• EGDE(368Kbps)
• 3G(3.1Mbps)
• HSDPA(14Mbps)
• HSPA+(168Mbps)
• 4G/LTE(299.6Mbps)
3/28/2016
15
2.5 G
• 2.5 G – packet-switching
• Connection to the internet is paid by packets
and not by connection time.
• Connection to internet is cheaper and faster
[up to 56KBps]
• The service name is GPRS – General Packet
Radio Services
• Enhanced Data rates for GSM Evolution
(EDGE): 2.75G
Third Generation (3G)
•
•
•
•
Permanent web connection at 2Mbps
Internet, phone and media: 3 in 1
The standard based on GSM is called UMTS.
The EDGE standard is the development of
GSM towards 3G.
Use of Wideband CDMA: 3G
• High Speed Packet Access (HSPA) extends and improves the
performance of existing 3G
• The world's first commercial W-CDMA service, FOMA, was
launched by NTT DoCoMo in Japan in 2001.
• Most common deployment
– HSPA: upgrades to the original W-CDMA standard and
offers speeds of 14.4 Mbit/s (down) and 5.76 MBit/s up.
– HSPA+: further upgrade of HSPA, can provide theoretical
peak data rates up to 168 Mbit/s (downlink) and 22 Mbit/s
(uplink)
Fourth Generation (4G)
• 4G system provides mobile ultra-broadband
Internet access
• Through USB wireless modems, to laptops or
smartphones, etc.
• 4G applications include amended mobile web
access, IP telephony, gaming services, HD
mobile TV, video conferencing
• Two 4G systems are commercially deployed:
• Mobile WiMAX
• Long Term Evolution (LTE)
GSM
20
GSM Overview
• GSM stand for Global System for Mobile Communication
• The GSM makes use of narrowband Time Division Multiple
Access(TDMA) technique for transmitting signals.
• Ability to carry 64 kbps to 120 kbps of data rates.
• Presently GSM supports more than one billion mobile
subscribers in more than 210 countries throughout the world.
• The GSM provides basic to advanced voice and data services
including Roaming service.
21
Why GSM?
• Improved spectrum efficiency.
• International roaming.
• Low-cost mobile sets and base stations.
• High-quality speech.
• Compatibility with Integrated Services Digital Network (ISDN) and
other telephone company services.
• Support for new services.
Architecture of the GSM system
• GSM is a PLMN (Public Land Mobile Network)
– several providers setup mobile networks following the GSM
standard within each country
• GSM subsystems
• RSS (radio subsystem): covers all radio aspects
• NSS (network and switching subsystem): call forwarding,
handover, switching
• OSS (operation subsystem): management of the network
23
Interfaces in GSM Network
The interfaces defined sub-systems include:
’A’ interface between NSS and BSS
‘Abis’ interface between BSC and BTS (within the BSS)
‘Um’ air interface between the BSS and the MS
GSM Network Component Terminology
TRX – Transceiver
AuC – Authentication Center
MS – Mobile Station
EIR – Equipment Identity
Register
OMC – Operations and
Maintenance Center
PSTN – Public Switched
Telephone Network
BSS – Base Station Subsystem
BSC – Base Station Controller
HLR – Home Location Register
BTS – Base Transceiver Station
MSC – Mobile Switching Center
VLR – Visitor Location Register
Ingredients 1: Mobile Phones, PDAs...
The visible but smallest part of the network!
Consists of
Mobile Equipment (ME)
Subscriber Identity Module (SIM)
27
Ingredients 2: Antennas
Still visible – cause many discussions…
28
Ingredients 3: Infrastructure 1
Base Stations
Cabling
Microwave links
29
Base Station Subsystem (BSS)
Consist of
Base Transceiver Station (BTS):
- Encodes, encrypts, multiplexes, modulates and feeds the RF
signals to the antenna.
- Communicates with Mobile station and BSC
- Consists of Transceivers (TRX) units
Base Station Controller (BSC):
- Manages Radio resources for BTS
- Assigns Frequency and time slots for all MS’s in its area
- Handles call set up
- Handover for each MS
- It communicates with MSC and BTS
Ingredients 3: Infrastructure 2
Not visible, but
comprise the major part
of the network (also
from an investment
point of view…)
Management
Data bases
Switching units
Monitoring
31
Network Switching Subsystem(NSS)
Consist Of
- Mobile Switching Center (MSC):
Heart of the network which manages communication between
GSM and other networks
- Home Location Register (HLR):
Stores information about each subscriber and update the
information in HLR as soon as the subscriber leaves its current local
area.
- Visitor Location Register (VLR):
Controls mobiles roaming by updating VLR Database.
- Authentication Center (AUC)
Contains the algorithms for authentication and prevent fraud
operation.
- Equipment Identity Register (EIR)
Stores all devices identifications registered for this network
Call from Mobile Phone to PSTN
•
The MSC/VLR receives the message of a call request.
•
The MSC/VLR checks if the mobile station is authorized to access the network. If so,
the mobile station is activated. If the mobile station is not authorized, service will be
denied.
•
MSC/VLR analyzes the number and initiates a call setup with the PSTN.
•
MSC/VLR asks the corresponding BSC to allocate a traffic channel (a radio channel
and a time slot).
•
The BSC allocates the traffic channel and passes the information to the mobile station.
•
The called party answers the call and the conversation takes place.
•
The mobile station keeps on taking measurements of the radio channels in the present
cell and neighboring cells and passes the information to the BSC. The BSC decides if
handover is required, if so, a new traffic channel is allocated to the mobile station and
the handover is performed. If handover is not required, the mobile station continues to
transmit in the same frequency.
GSM Architecture
OMC, EIR,
AUC
HLR
NSS
with OSS
VLR
MSC
GMSC
VLR
fixed network
MSC
BSC
BSC
RSS
34
Call from PSTN to Mobile Phone
•
The Gateway MSC receives the call and queries the HLR for the information
needed to route the call to the serving MSC/VLR.
•
The GMSC routes the call to the MSC/VLR.
•
The MSC checks the VLR for the location area of the MS.
•
The MSC contacts the MS via the BSC through a broadcast message, that
is, through a paging request.
•
The MS responds to the page request.
•
The BSC allocates a traffic channel and sends a message to the MS to tune
to the channel. The MS generates a ringing signal and, after the subscriber
answers, the speech connection is established.
•
Handover, if required, takes place, as discussed in the earlier case.
GSM frequency bands
• GSM comes in three flavors(frequency
bands): 900, 1800, 1900 MHz.
• Voice is digitized using Full-Rate coding.
• 20 ms sample => 260 bits . 13 Kbps bitrate
GSM frequency bands (examples)
Type
Channels
Uplink [MHz]
Downlink [MHz]
GSM 850
128-251
824-849
869-894
GSM 900
0-124, 955-1023
876-915
921-960
classical
Extended
124 channels
+49 channels
890-915
880-915
935-960
925-960
GSM 1800
512-885
1710-1785
1805-1880
GSM 1900
512-810
1850-1910
1930-1990
GSM-R
955-1024, 0-124
876-915
921-960
exclusive
69 channels
876-880
921-925
- Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz)
- Please note: frequency ranges may vary depending on the country!
- Channels at the lower/upper edge of a frequency band are typically not used
37
GSM - TDMA/FDMA
935-960 MHz
124 channels (200 kHz)
downlink
890-915 MHz
124 channels (200 kHz)
uplink
higher GSM frame structures
time
GSM TDMA frame
1
2
3
4
5
6
7
8
4.615 ms
GSM time-slot (normal burst)
guard
space
tail
3 bits
user data
S Training S
user data
57 bits
1 26 bits 1
57 bits
guard
tail space
3
546.5 µs
577 µs
38
Sharing
• GSM uses TDMA and FDMA to let everybody
talk.
• FDMA: 25MHz freq. is divided into 124 carrier
frequencies. Each base station gets few of
those.
• TDMA: Each carrier frequency is divided into
bursts [0.577 ms]. 8 bursts are a frame.
Channels
• The physical channel in GSM is the timeslot.
• The logical channel is the information which
goes through the physical channel
• Both user data and signaling are logical
channels.
Traffic Channel
• User data is carried on the traffic channel
(TCH) , which is defined as 26 TDMA frames.
• There are lots of control channels for
signaling, base station to mobile, mobile to
base station (“aloha” to request network
access)
SS7
• Signaling protocol for networks
• Packet switching [like IP]
• For communication between HLR and VLR (allowing
roaming) and other advanced capabilities.
• GSM’s protocol which sits on top of SS7 is MAP –
mobile application part
Localizing and Calling
To locate an MS and to address it, several numbers are needed:
• Mobile station international ISDN number (MSISDN)
• International mobile subscriber identity (IMSI)
• Temporary mobile subscriber identity (TMSI)
• Mobile station roaming number (MSRN)
43
Mobile station international ISDN number
• Mobile Subscriber Integrated Services Digital NetworkNumber
• MSISDN is a number uniquely identifying a subscription in a
GSM or a UMTS mobile network.
• It is the telephone number to the SIM card in a mobile/cellular
phone.
• For a GSM user, Phone number is not associated with a
certain device but with the SIM, which is personalized for a
user
• MSISDN number (e.g., +49 179 1234567) consists of
• country code (CC): 49 for Germany
• national destination code (NDC): network provider 179
• subscriber number (SN): 1234567
44
International Mobile Subscriber Identity (IMSI)
GSM uses the IMSI for internal unique identification of a
subscriber. IMSI consists of a
• Mobile country Code (MCC) (e.g., 240 for Sweden)
• Mobile Network Code (MNC)
• Mobile Subscriber Identification Number (MSIN).
45
46
Temporary Mobile Subscriber Identity (TMSI)
To hide IMSI (which gives away the exact identity), GSM uses 4byte TMSI for local subscriber identification.
• TMSI is selected by the current VLR and is only valid
temporarily and within the location area of the VLR
• TMSI and LAI are sufficient to identify a user for an ongoing
communication; the IMSI is not needed).
• A VLR may change the TMSI periodically.
47
Mobile Station Roaming Number (MSRN)
Another temporary address that hides the identity and location of
a subscriber is MSRN.
• The VLR generates this address on request from the MSC,
and the address is also stored in the HLR.
• MSRN contains the current visitor country code (VCC), the
visitor national destination code (VNDC), the identification
of the current MSC together with the subscriber number.
• The MSRN helps the HLR to find a subscriber for an incoming
call.
48
Mobile Terminated Call
•
•
•
•
•
1: calling a GSM subscriber
2: forwarding call to GMSC
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
calling
station
MSC to GMSC
HLR
7: forward call to current MSC
8, 9: get current status of MS
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
16, 17: set up connection
5
3 6
1
PSTN
2
GMSC
10
•
•
•
•
•
•
4
7
VLR
8 9
14 15
MSC
10 13
16
10
BSS
BSS
BSS
11
11
11
11 12
17
MS
49
Mobile Originated Call
• 1, 2: connection
request
• 3, 4: security check
• 5-8: check resources
(free circuit)
• 9-10: set up call
VLR
3 4
6
PSTN
5
GMSC
7
MSC
8
2 9
MS
1
10
BSS
50
4 types of handover
1
MS
BTS
1.
2.
3.
4.
2
3
4
MS
MS
MS
BTS
BTS
BTS
BSC
BSC
BSC
MSC
MSC
Intra-cell
Inter-cell, intra-BSC
Inter-BSC, Intra-MSC
Inter-MSC
51
Handover decision
receive level
BTSold
receive level
BTSnew
HO_MARGIN
MS
MS
BTSold
BTSnew
52
Handover procedure
MS
BTSold
measurement
report
BSCold
MSC
BSCnew
BTSnew
measurement
result
HO decision
HO required
HO request
resource allocation
ch. activation
HO command
HO command
HO command
HO request ack ch. activation ack
HO access
Link establishment
clear command clear command
clear complete
HO complete
HO complete
clear complete
53
Security in GSM
• Security services
– access control/authentication
• user - SIM (Subscriber Identity Module): secret PIN (personal identification
number)
• SIM-network: challenge response method
– confidentiality
• voice and signaling encrypted on the wireless link (after successful authentication)
– anonymity
• temporary identity TMSI
• newly assigned at each new location update (LUP)
• encrypted transmission
• Three algorithms specified in GSM
– A3 for authentication (“secret”, open interface)
– A5 for encryption (standardized)
– A8 for key generation (“secret”, open interface)
“secret”:
• A3 and A8
available via the
Internet
• network providers
can use stronger
mechanisms
54
GSM - authentication
SIM
mobile network
Ki
RAND
128 bit
AC
RAND
128 bit
RAND
Ki
128 bit
128 bit
A3
A3
SIM
SRES* 32 bit
MSC
SRES* =? SRES
SRES
SRES
32 bit
Ki: individual subscriber authentication key
32 bit
SRES
SRES: signed response
55
GSM - key generation and encryption
MS with SIM
mobile network (BTS)
Ki
AC
RAND
128 bit
RAND
128 bit
RAND
128 bit
A8
cipher
key
BSS
Ki
128 bit
SIM
A8
Kc
64 bit
Kc
64 bit
data
A5
encrypted
data
SRES
data
MS
A5
56
GPRS
• GPRS attempts to reuse the existing GSM
network elements
• Also try to build a packet-based mobile
cellular network
• Deployment of GPRS requires the installation
of new core network elements
– Serving GPRS support node (SGSN)
– Gateway GPRS support node (GGSN)
3/28/2016
57
GSM Network Architecture For 2.5G
SGSN: Service GPRS Support Node
GGSN: Gateway GPRS Support Node
GPSR: Data services in GSM
• GPRS (General Packet Radio Service)
– packet switching
– using free slots only if data packets ready to send
(e.g., 50 kbit/s using 4 slots temporarily)
– standardization 1998, introduction 2001
– advantage: one step towards UMTS, more flexible
– disadvantage: more investment was needed (new hardware)
• GPRS network elements
– GSN (GPRS Support Nodes): GGSN and SGSN
– GGSN (Gateway GSN)
• interworking unit between GPRS and PDN (Packet Data Network)
– SGSN (Serving GSN)
• supports the MS (location, billing, security)
– GR (GPRS Register)
• user addresses
59
Gateway GPRS Support Node
• Acts as an interface and a router to external
networks.
• Contains routing information for GPRS
mobiles, which is used to tunnel packets
through the IP-based internal backbone to the
correct SGSN.
• Can also act as a packet filter for incoming
traffic.
3/28/2016
60
Serving GPRS support node
• Responsible for
– Authentication of GPRS mobiles
– Registration of mobiles in the network
– Mobility management
– Collecting information on charging for the
use of the air interface.
3/28/2016
61
Enhanced Data rates in GSM Environment
(EDGE)
• EDGE is enhancement of GPRS
• Improved data transmission rate as a backward
compatible extension to GSM
• Also considered as pre-3G technology
• EDGE delivers higher bit-rate per radio channel resulting
increased capacity and performance than GPRS
• Pick bit-rates up to 1Mbps
• Typical bit-rates 400 kbps
• Use high-order PSK or 8-phase shift keying
3G
Third Generation Mobile Communications
Technology (IMT-2000)
IMT-2000 standard developed by Third-Generation
Partnership Project (3GPP).
In Europe, 3G is called UMTS (Universal Mobile
Telecommunications System)
63
Why 3G?
In EDGE, Packet transfer air interface behaves like a
circuit switch call. Thus, Packet connection efficiency
was lost.
Same Network Standard for world wide.
Need a Faster Mobile Technology
3G increased bandwidth, up to
384 Kbps when a device is moving,
128 Kbps in a car &
2 Mbps in fixed applications
64
History of 3G
• Oct 2001: NTT DoCoMo in Japan branded FOMA, based on WCDMA
• January 2002, SK Telecom in South Korea on the CDMA2000
1xEV-DO based on CDMA
• March 2003, Europe(UK & Italy) 3 (Part of Hutchison Whampoa)
based on W-CDMA
• In USA, 1st 3G network was by Monet Mobile Networks & 2nd
was Oct 2003 Verizon Wireless both on CDMA2000 1x EV-DO
• In South Asia, August 2006, Dialog in Sri Lanka based on
CDMA
•
W-
In Oct 2012, Teletalk in Bangladesh based on W-CDMA
65
3G Features
•
Wireless voice call and SMS
•
Video calls
•
Video-conferencing
•
Enhanced audio and video streaming
•
Location-based services (GPS)
•
Mobile TV
•
HSPA(High Speed Packet Access)data transmission
• 14.4 Mbps on the downlink
• 5.8 Mbps on the uplink
66
Technologies of 3G
• W-CDMA :Wideband Code Division Multiple Access.
• CDMA 2000: Code Division Multiple Access.
• TD-SCDMA: Time-division Synchronous CDMA
• 3.5G/3.5G+ is enhancement to 3G.
•
High-Speed Downlink Packet Access (HSDPA)
•
High-Speed Packet Access(HSPA)
•
Evolved High-Speed Packet Access (HSPA+)
67
W-CDMA Network Architecture
RAN
(Radio Access
Network)
Mobile
Station
Node
B
(Core Network)
Packet switch domain
SGSN
GGSN
IMS
IP
Network
RNC
Radio Network
Controller
Mobile
Station
CN
Node
B
Circuit switch domain
MSC
GMSC
Circuit
Switched
Network
MSC: Mobile Switching Center
GMSC: Gateway Mobile Switching Center
SGSN: Service GPRS Support Node
GGSN: Gateway GPRS Support Node
IMS: IP Multimedia Subsystem
W-CDMA Network Architecture
There are 2 major parts to a W-CDMA mobile network:
Radio Access Network (RAN): This is a hierarchical
arrangement of cell towers and base stations.
Radio Network Controllers (RNC) :
Controls the Node B
Data encryption / decryption
Radio resource management and some of the mobility
management
Node B : Base station transceiver (transmitter and receiver)
Core Network (CN): The core network consists of all the switches,
routers, and other network components.
Circuit-switched networks: are used for phone calls
Packet-switched networks: handles data
CDMA2000 1xEV-DO (3G)
BSC: Base Station Controller
MSC: Mobile Switching Center
PSTN: Public Switched Telephone Network
PDSN: Packet Data Serving Node
70
3.5G (HSDPA)
High Speed Downlink Packet Access (HSDPA) is a 3.5 G
upgrade for existing WCDMA
Maximum downlink data rates to 14.4 Mbps
Reduces latency to 100ms from 180-200 ms
HSDPA introduces a new transport channel
High-Speed Downlink Shared channel (HS-DSC)
HSDPA other key features
Adaptive Modulation and Coding (AMC)
Hybrid Automatic Repeat Request (H-ARQ)
71
Comparison
Technology/
Features
2.5 G/2.5G+
3G/3.5G
Start
1985
1992
Deployment
1999/2003
2001/2008
Data Bandwidth
40-500kbps
2Mbps/14.4 Mbps
Bandwidth per Carrier
200kHz
5MHz
Standard
GPRS/EDGE
WCDMA/CDMA2000 1xEVDO
Technology
Digital Cellular Technology
Board Bandwidth CDMA, IP Technology
Service
Higher Capacity packet data
Integrated high quality audio, video and
data
Multiplexing
TDMA/CDMA
CDMA
Switching
Circuit for Network and air interface ;
Packet for Core Network
Circuit for air Interface;
Packet for all others.
Core Network
PSTN and Packet Network
Packet Network
Handoff
Horizontal
Horizontal
Security
A5/1
KASUMI
Data rate Comparison
73
Evolution towards 4G
74
4G
• 4G is also referred to as LTE (Long Term Evolution)
• Not a single technology or standard, rather a
collection of technologies and protocols
– aimed at creating fully packet-switched networks
• 4G networks are projected to provide speeds of 100
Mbps while moving and 1 Gbps while stationary.
75
Evolution in Network Structure
• 1G/2G: Circuit
switching only
• 2.5G/3G: Both circuit
switching and packet
switching
• 4G: Circuit switching
eliminated; packet
switch only (All-IP)
Source: LTE Network Evolution and Technology Overview, White Paper by Tektronix Communications, USA
76
LTE Architecture
Two networks:
•
•
Evolved UTRAN (EUTRAN)
Evolved Packet Core (EPC)
No circuit switching
element
Source: LTE Network Evolution and Technology Overview, White Paper by Tektronix Communications, USA
77
Evolution in Data Rate
1 Peak data rate for GSM/GPRS; 2 Peak data rate for HSPA+; 3 Peak data rate for LTE Advanced
78
Thank you
79