GSM standard (continued). Multiple Access Methods Frequency Division Multiple Access (FDMA)...
67
GSM standard (continued)
-
date post
18-Dec-2015 -
Category
Documents
-
view
217 -
download
2
Transcript of GSM standard (continued). Multiple Access Methods Frequency Division Multiple Access (FDMA)...
GSM standard (continued)
Multiple Access Methods
Frequency Division Multiple Access (FDMA)Frequency 1 ch
Frequency 2 ch
Frequency N ch
Time Division Multiple Access (TDMA)Time Time Time
Slot 1 Slot 2 Slot N
ch ch ch
Code Division Multiple Access (CDMA)Code Sequence 1 ch
Code Sequence 2 ch
Code Sequence N ch
MAC Alternatives - FDMA
Power
Frequency
Bandwidth
Centre Freq
Ch 3Ch 2 Ch 4 Ch 5 Ch 6Ch 1
Each Carrier Carries OneTraffic Channel
MAC Alternatives - TDMA
1 2 3 4 5 6 7 8 1 2 3 4 5 6
1 2 3 4 5 6 7 8 1 2 3 4 5 6
1 2 3 4 5 6 7 8 1 2 3 4 5 6
1 2 3 4 5 6 7 8 1 2 3 4 5 6
1 2 3 4 5 6 7 8 1 2 3 4 5 6
1 2 3 4 5 6 7 8 1 2 3 4 5 6
Freq
Time
Carrier 1
Carrier 2
Carrier 3
Carrier 4
Carrier 5
Carrier 6
Each Time-slot Carries One TrafficChannel
TDMA “Frame” Length
MAC Alternatives - CDMA
Code 1 Code 2 Code 3 Code 4
All Channels ShareSame RF Band
Ch 1 Ch 2 Ch 3 Ch 4
Power
Freq
Physical Channel Structure Used in P-GSM900
Frequency 1 ch ch
Slot 0 Slot 1
ch ch
Slot 7
Frequency 2 ch ch ch ch
Frequency 124 ch ch ch ch
Downlink
Frequency 1 ch ch
Slot 0 Slot 1
ch ch
Slot 7
Frequency 2 ch ch ch ch
Frequency 124 ch ch ch ch
Uplink
992 Duplex Physical Channels Available
Time Domain
ARFCN 1
FrequencyDomain
TDMA Operation in GSMFull Rate
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
Frame (Count) Frame (Count + 1)
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
Frame (Count) Frame (Count + 1)
MS7MS1
MS5MS0
BS
UPLINK
DOWNLINK
1 2 3 4 5 6 7 8
higher GSM frame structures
935-960 MHz124 channels (200 kHz)downlink
890-915 MHz124 channels (200 kHz)uplink
frequ
ency
time
GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs577 µs
tail user data TrainingSguardspace S user data tail
guardspace
3 bits 57 bits 26 bits 57 bits1 1 3
GSM - TDMA/FDMA
F1 F2 F1' F2'
Frequency
1
2
3
4
5
6
7
8
45 MHz
BS Transmission Band : 935 – 960 MHZ
MS Transmission Band : 890 – 915 MHZ
Channels for Two-Way Communications
Frequency Division Duplex
Uplink
Downlink
1 2 3
Uplink RF carrier channels
1 2 3
Downlink RF carrier channelsfrequency
Frequency separationbetween uplink and
downlink channel pairs
GSM Handover
FromFrequency 6 Time Slot 3
ToFrequency 9 Time Slot 7MSC
SubscriberSet
•Lanline switched at MSC
•Frequency and time slot changed at MS
MS
BSS
BSS
Mobile Terminated Call
PSTNcallingstation
GMSC
HLR VLR
BSSBSSBSS
MSC
MS
1 2
3
4
5
6
7
8 9
10
11 12
1316
10 10
11 11 11
14 15
17
•1: calling a GSM subscriber
•2: forwarding call to GMSC
•3: signal call setup to HLR
•4, 5: request MSRN from VLR
•6: forward responsible MSC to GMSC
•7: forward call to
current MSC
•8, 9: get current status of MS
•10, 11: paging of MS
•12, 13: MS answers
•14, 15: security checks
•16, 17: set up connection
Mobile Originated Call
PSTN GMSC
VLR
BSS
MSC
MS1
2
6 5
3 4
9
10
7 8
•1, 2: connection request•3, 4: security check•5-8: check resources
(free circuit)•9-10: set up call
MTC/MOCBTSMS
paging request
channel request
immediate assignment
paging response
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
BTSMS
channel request
immediate assignment
service request
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
MTC MOC
4 types of handover
MSC MSC
BSC BSCBSC
BTS BTS BTSBTS
MS MS MS MS
12 3 4
Handover decision
receive levelBTSold
receive levelBTSold
MS MS
HO_MARGIN
BTSold BTSnew
Handover procedure
HO access
BTSold BSCnew
measurementresult
BSCold
Link establishment
MSCMSmeasurementreport
HO decision
HO required
BTSnew
HO request
resource allocation
ch. activation
ch. activation ackHO request ackHO commandHO commandHO command
HO completeHO completeclear commandclear command
clear complete clear complete
Security in GSM• Security services
– access control/authentication user SIM (Subscriber Identity Module): secret PIN (personal identification number
– confidentiality• voice and signaling encrypted on the wireless link (after successful
authentication)– anonymity
temporary identity TMSI (Temporary Mobile Subscriber Identity)
• newly assigned at each new location update (LUP)• encrypted transmission
• 3 algorithms specified in GSM– A3 for authentication (“secret”, open interface)– A5 for encryption (standardized)– A8 for key generation (“secret”, open interface)
“secret”:• A3 and A8 available via the Internet• network providers can use stronger mechanisms
GSM - authentication
A3
RANDKi
128 bit 128 bit
SRES* 32 bit
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES32 bit
mobile network SIM
AC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
GSM - key generation and encryption
A8
RANDKi
128 bit 128 bit
Kc
64 bit
A8
RAND Ki
128 bit 128 bit
SRES
RAND
encrypteddata
mobile network (BTS) MS with SIM
AC
BSS
SIM
A5
Kc
64 bit
A5
MSdata data
cipherkey
Location Addresses in GSM
Location Areas and Cell Areas
Cell Global Identification Number
MCC MNC LAC CI
Location Area Identification (LAI)
AcronymsMCC - Mobile Country Code (Same as in the IMSI) –3 digits.MNC - Mobile Network Code (same as in the IMSI – 2 digits.LAC - Location Area Code used to identify a location area within a GSM PLMN – 2 octets.LAI - Location Area IdentificationCI - Cell Identity – 2 octets.
Registration Sequence
Sou
rce:
An
In
trod
uct
ion
to
GS
MR
edl,
Web
er a
nd
Oli
ph
ant
Paging a Mobile Station
BSS
BSS
BSS
BSS
BSS
PSTN- Location Area- Mobile ID
DN
DN
Location Area
Location Area
Mobile Switching Centre
Mobile Station
Mobile Station Identification Numbers Used in GSM
International Mobile Equipment Identity (IMEI)• Uniquely identifies mobile station equipment• Burnt in by the equipment manufacturer
TAC – Type Approval Code (6 digits)FAC – Final Assembly Code (2 digits)SNR – Serial Number (6 digits)SP – Spare (1 digit)
International Mobile Subscriber Identity (IMSI)• IMSI is assigned to a MS at subscription time• IMSI uniquely identifies a given MS• IMSI is transmitted over the radio path only when necessary
MCC – Mobile Country Code [3 digits] (home country)MNC – Mobile Network Code [2 digits] (home GSM PLMN)MSIN – Mobile Subscriber Identification Number (10 digits)NMSI – National Mobile Subscriber Identity
Temporary Mobile Subscriber Identity (TMSI) or (TIMSI)• TMSI is assigned to a MS by the VLR• TMSI uniquely identifies a MS within the area controlled by a given VLR
TMSI (32 bits max)
MCC MNC MSIN
IMSI (15 digits)
NMSI
TAC FAC SNR SP
IMEI (15 digits)
Subscriber Identity Module (SIM)
Contains:
• International Mobile Subscriber Identity (IMSI)
• Authentication key (Ki)
• Personal Identification Number (PIN)
• Subscriber information
• Access control class
• Cipher key (Kc)*
• Temporary Mobile Station Identification (TMSI)*
• Additional GSM services*
• Location Area Identity (LAI)*
• Forbidden Public Land Mobile Numbers (PLMNs)*
*Updateable by network
GSM Test SIM 2To
92316 005
Subscriber Identity Module (SIM)Hardware Spec
GSM Test SIM 2To
92316 005
Highly Secure Processor
Contact Type - Smart Card
Communication via serial IO
Data Rate 1MHz
Contains ROM, RAM and EPROM
SIM Security Functions• Pin Code to unlock the mobile station.
• 3 wrong attempts at PIN and SIM is blocked.
• SIM may be unblocked with PIN Unblock Code (PUK).
• 10 attempts at PUK and SIM is permanently disabled.
• Second PIN and second PUK available in Phase 2 to support Closed User Groups and Fixed Dial Numbers.
SIM and Phase 2+
• SIM Application Toolkit allows user applications (e.g. electronic banking) to be run on the SIM
Routing Calls Automatically
To Mobile Stations
MSC Directory Number Allocation
PSTN
MSC
MSC
LocalExchange
MSISDN
MSRN
Directory Number Spectrum in MSC
Trunks
Trunks
Used to reference home subscribers
Used to reference visiting subscribers
Land to Mobile Call RoutingMobile Located in Non-Home MSC Area
BSS 1
BSS 2
HomeMSC
BSS 1
BSS 2
VisitedMSC
HLR
VLR
PSTN
TMSI & LACMSRN
TMSIMSRN
MSRN
MSISDNMSISDN
MSISDN MSRN
TMSI
Signalling
Voice Path
1 2
5
3 4
6
7 8
9 10
Land to Mobile Call RoutingMobile in Home MSC Area
PSTN
VLR
HLR
Home
MSC
TMSI & LACMSRN
MSISDN MSRN
MSISDNBSS 1
BSS 2
TMSI
TMSI
MSISDN
Land to Mobile Call RoutingIntelligent PSTN Routing
PSTN
VLR
HLR
TMSI & LACMSRN
MSISDN
MSRN
MSISDN BSS 3
BSS 4
VisitedMSC
MSISDN
TMSI
TMSI
BSS 1
BSS 2
HomeMSC
Land to Mobile Call RoutingRouting Via a Gateway MSC
PSTN
VLR
HLR
TMSI & LACMSRN
MSISDN
MSRN
MSISDNBSS 1
BSS 2
VisitedMSC
MSISDN
TMSI
TMSI
BSS 1
BSS 2
HomeMSC
GatewayMSC
MSRN
Signalling
Voice Path
Dynamic Allocation of MSRN
VLR HLRHomeMSC
PSTN
Mobile Registers Update Location.No MSRN, use
LMSI
Subscriber Data
Need MSRNFor LMSI
MSRN
Need MSRNFor LMSI
MSRNMSRN
Get Route
MSRN
Get Route
Incoming Call
Incoming Call
Home GSM systemVisited GSM system Landline network
Location Updating
VLRHLR
MSC 2
VLR
BSCBSCBSC
MSC 1
Phases of a Location Update
• 1) Request for Service
• 2) Authentication*
• 3) Update Location Registers
• 4) Ciphering*
• 5) TMSI Reallocation
*Phase might not occur
Mobile Location Update: Request for Service
NewVLR
BMSCBSSMS
AUm
1
2
3
4
5
6
7
8
9
Channel Request (on RACH)
Dedicated Signalling ChannelAssignment (on AGCH)
Location Update RequestTMSI, LAI (on SDCCH)
Location Update Request
Location Update Request
Request IMSI
Request IMSI
IMSI Acknowledge
IMSI Acknowledge
Mobile Location Update : Authentication
10
11
12
13
14
15
16
17
HLRD
NewVLR
MSCMSB
Get AuthenticationParameters IMSI
Get AuthenticationParameters IMSI
AuthenticationParameters
AuthenticationParameters
Authenticate MobileStation
Authenticate ResponseSRES
AUC
RAND, SRES, Kc
RANDAuthenticate Mobile
Station RAND
Authenticate ResponseSRES
RAND, SRES, Kc
Mobile Location Update: Update Location
18
19
20
21
OldVLR
HLRNewVLR
D
Update LocationMSRN
Location UpdatedCustomer Profile
De-registerMobile Station
Mobile StationDe-registered
D
Mobile Location Update: Ciphering
NewVLR
BMSCBSSMS
AUm
22
23
24
25
26
Set Ciphering Kc
Encipher Command Kc
Cipher Mode Command
Cipher Mode Complete
Encipher Complete
Mobile Location Update: TMSI Reallocation
NewVLR
BMSCBSSMS
AUm
27
28
29
30
31
Location Update Acceptnew TMSI
Location Update Complete
Clear SignallingConnection
Release RadioSignalling Channel
32Clear Complete
Location Update Acceptnew TMSI
Mobile-to-Land
Call Scenario
Required Facilities for a Mobile-to-Land Call
1. Radio channel between Mobile Station and BTS selected by the BSC 2. BSC – BTS voice trunk selected by the BSC3. MSC – BSC voice trunk selected by the MSC4. MSC – PSTN voice trunk selected by the MSC5. Line from PSTN end switching office to Fixed Station (permanent link)
BSC - Base Station ControllerBTS - Base Transceiver Station MSC - Mobile Switching CentrePSTN - Public Switched Telephone Network
BTS
RadioChannel
Mobile StationBSC
MSC PSTN
BSCVoiceTrunk
VoiceTrunk to PSTN Line
MSCVoiceTrunk
Fixed PublicLand Network
Public LandMobile Network
Phases of a Mobile-to-Land Call• Request for Service
• Authentication*
• Ciphering*
• Equipment Validation*
• Call Set-up
• Handover(s)*
• Release
* Phase might not occur
Note: Detail for authentication and ciphering is not shown. It is the same as in the location registration update scenario.
Mobile-to-Land Call Request for Service
NewVLR
BMSCBSSMS
AUm
1
2
3
4
5
Channel Request
Dedicated SignallingChannel Assignment
Service Request TMSI, LAI
Service Request TMSI, LAI
Service Request TMSI, LAI
Mobile-to-Land Call Equipment Validation
6
7
8
9
EIRMSCMS
IMEI Request
IMEI Response
Check IMEI
IMEI Check Results
(IMEI)
Mobile-to-Land Call Set-up
VLR
BMSCBSSMS
AUm
10
11
12
13
14
Call Setup Request
Access Subscriber Data
Subscriber Data
Call Proceeding
Assign Trunk & RadioTrunk No.
15
16
17
Assign Radio Channel TCH
Radio Assignment Complete(on TCH)
Trunk & Radio AssignmentComplete TCH
Mobile-to-Land Call Set-upContinued
18
19
20
21
PSTNMSCMS
Network Set-up(Dialled DN, Trunk No.)
Network Alerting
Alerting
Connect (answer)
22
23
Connect
Connect Acknowledgement
Note: Network Set-up, Network Alerting and Connect are generic terms. For SS7, the network set-up message would be Initial Assignment Message (IAM).
Mobile-to-Land CallMobile Initiated Release
PSTNMSCBSSMSAUm
1
2
3
4
5
Disconnect
Network Release
Release
Release Complete
Clear Command
6
7
Channel Release
Clear Complete
Land-to-Mobile
Call Scenario
Phases of a Land-to-Mobile Call• Routing Analysis
• Paging
• Authentication*
• Ciphering*
• Equipment Validation*
• Call Set-up
• Handover(s)*
• Release
*Phase might not occur
Note:: Detail for authentication, ciphering and equipment validation is not shown. It is the same as in location registration update and mobile-to-land call scenarios.
Land-to-Mobile Call Routing Analysis
VLR
HLRMSC
PSTNC
1
2
3
4
5
Incoming Call MSISDN
Get Route MSISDN
Routing Information MSRN
Incoming Call MSRN
Perform Page
TMSI, LAI
B
Land-to-Mobile Call Paging
VLR
BMSCBSSMS
AUm
6
7
8
9
10
Perform Page TMSI
Page TMSI (on PCH)
Channel Request (on RACH)
Dedicated Signalling ChannelAssignment (on AGCH)
Page Response TMSI,LAI (on SDCH)
11
12
Page Response TMSI, LAI
Page Response TMSI, LAI
Land-to-Mobile Call Set-up
13
14
15
16
MSCBSSMS
Call Set-up
Call Set-up Confirm
Assign Trunk & RadioChannel TRUNK
Assign RadioChannel TCH
17
18
Radio Assignment Complete
Trunk & RadioAssignment Complete
U m A
Land-to-Mobile Call Set-upContinued
19
20
21
22
PSTNMSCMS
Mobile Alerting
Network Alerting
Connect (off-hook)
Connect
23Connect Acknowledge
Land-to-Mobile CallNetwork Initiated Call Release
PSTNMSCBSSMSAUm
1
2
3
4
5
Disconnect
Release
Release Complete
Clear Command
6
7
Channel Release
Clear Complete
Network Release
Mobile-to-Mobile
Call Scenario
Phases of a Mobile-to-Mobile Call
•Request for Service
• Authentication*
• Ciphering*
• Equipment Validation*
• Call Setup
• Routing Analysis
• Paging
• Authentication*
• Ciphering*
• Equipment Validation*
• Call Setup
• Handover(s)*
• Release
*Phase might not occur
•
Originating Mobile
Terminating Mobile
Mobile-to-Mobile Call Set-up & Release
BSSA’
MSCVLR
BSSMS-AA
Channel Request
MS-B
Um’Um
Service Request
Channel Request
Authentication
Ciphering
Equipment Validation
Paging and Response
Authentication
Ciphering
Equipment Validation
Call Set-up
Handover
Release
Call Set-up
Handover
Release
Routing AnalysisWith HLR
Handover Overview
Handover• Maintains Call Continuity.
• Controlled by BSS.
• Based on RF subsystem criteria or traffic loading considerations.
• Both MS and BTS provide RF link measurements to the handover process.
• Handover causes are prioritised:RXQUALRXLEVDISTANCEPOWER BUDGET
Handover TypesFour Levels
• within same Base Transceiver Station (Intra-BTS)
• between different BTSs served by same BSC (intra-BSS/inter-BTS)
• between different BSSs within same MSC (intra-MSC/inter-BSS)
• between different MSCs (inter-MSC)
Intra-BTS Handover
Global Cell Identification
BSC3BSC2BSC1
MSC B MSC A PSTN
234 01 100 53
234 01 100 54
234 01 100 55
234 01 100 51
234 01 100 52
234 01 089 20
234 01 089 21
234 01 089 22
234 01 100 50
CountryCode
NetworkCode
Location AreaCode
CellIdentity
Intra-BSS/Inter-BTS Handover
Location AreaCode
Global Cell Identification
BSC3BSC2BSC1
MSC B MSC A PSTN
234 01 100 53
234 01 100 54
234 01 100 55
234 01 100 51
234 01 100 52
234 01 089 20
234 01 089 21
234 01 089 22
234 01 100 50
CountryCode
NetworkCode
CellIdentity
Intra-MSC, Inter-BSS Handover
Global Cell Identification
BSC3BSC2BSC1
MSC B MSC A PSTN
234 01 100 53
234 01 100 54
234 01 100 55
234 01 100 51
234 01 100 52
234 01 089 20
234 01 089 21
234 01 089 22
234 01 100 50
CountryCode
NetworkCode
Location AreaCode
CellIdentity
Intra-BSC, Inter-BTS Handover
Global Cell Identification
BSC3BSC2BSC1
MSC B MSC A PSTN
234 01 100 53
234 01 100 54
234 01 100 55
234 01 100 51
234 01 100 52
234 01 089 20
234 01 089 21
234 01 089 22
234 01 100 50
CountryCode
NetworkCode
Location AreaCode
CellIdentity
