Wireless Telecommunication Systems

Hanna Kalosha kalosha@[Link]

Outline
Examlpe Coverage of GSM Networks T-Mobile (GSM-900/1800) Germany

Market GSM Overview Services Sub-systems Components DECT UMTS/IMT-2000

Hanna Kalosha

AT&T (GSM-850/1900) USA

February 27, 2006

How does it work?

How can the system locate a user? Why dont all phones ring at the same time? What happens if two users talk simultaneously? Why dont I get the bill from my neighbor? Why can an Australian use her phone in Ottawa? Why cant I simply overhear the neighbors communication? What are the key components of the mobile phone network?

February 27, 2006

Hanna Kalosha

GSM: Overview

GSM formerly: Groupe Spciale Mobile (founded 1982) now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European telecommunication administrations. Seamless roaming within Europe possible today many providers all over the world use GSM (more than 200 countries in Asia, Africa, Europe, Australia, America) more than 1.2 billion subscribers in more than 630 networks more than 75% of all digital mobile phones use GSM (74% total) over 200 million SMS per month in Germany, > 550 billion/year worldwide (> 10% of the revenues for many operators)
Hanna Kalosha

February 27, 2006

Performance characteristics of GSM

Communication mobile, wireless communication; support for voice and data services Total mobility international access, chip-card enables use of access points of different providers Worldwide connectivity one number, the network handles localization High capacity better frequency efficiency, smaller cells, more customers per cell High transmission quality high audio quality and reliability for wireless, uninterrupted phone calls at higher speeds (e.g., from cars, trains) Security functions access control, authentication via chip-card and PIN
Hanna Kalosha

February 27, 2006

Disadvantages of GSM

no end-to-end encryption of user data

reduced concentration while driving electromagnetic radiation abuse of private data possible roaming profiles accessible high complexity of the system several incompatibilities within the GSM standards
Hanna Kalosha

February 27, 2006

GSM: Mobile Services

GSM offers

several types of connections (voice connections, data connections, short message service) multi-service options (combination of basic services) Bearer Services Tele Services Supplementary Services
bearer services

Three service domains

MS

TE
R, S

MT
Um

GSM-PLMN

transit network (PSTN, ISDN) tele services

source/ destination network

TE
(U, S, R)

February 27, 2006

Hanna Kalosha

Bearer Services

Telecommunication services to transfer data between access points, i.e. all services that enable the transparent transmission of data between the interfaces to the network Specification of services up to the terminal interface Different data rates for voice and data (original standard) data service (circuit switched) synchronous: 2.4, 4.8 or 9.6 kbit/s asynchronous: 300 - 1200 bit/s data service (packet switched) synchronous: 2.4, 4.8 or 9.6 kbit/s asynchronous: 300 - 9600 bit/s Today: data rates of approx. 50 kbit/s possible

February 27, 2006

Hanna Kalosha

Tele Services

Offered services

mobile telephony Emergency number (112) Multinumbering

Additional services (non-voice teleservices)

group 3 fax voice mailbox electronic mail ... Short Message Service (SMS)
Hanna Kalosha

February 27, 2006

Supplementary services

Services in addition to the basic services, cannot be offered stand-alone Similar to ISDN services besides lower bandwidth due to the radio link May differ between different service providers, countries and protocol versions Important services identification: forwarding of caller number suppression of number forwarding automatic call-back conferencing with up to 7 participants locking of the mobile terminal (incoming or outgoing calls) ...
Hanna Kalosha

February 27, 2006

Architecture of the GSM system

GSM is a PLMN (Public Land Mobile Network)

several providers setup mobile networks following the GSM standard within each country components

MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register) RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network

subsystems

February 27, 2006

Hanna Kalosha

Ingredients
Mobile phones PDAs

Infrastructure

Monitoring Antennas

February 27, 2006

Hanna Kalosha

GSM: overview
OMC, EIR, AUC HLR NSS with OSS VLR MSC GMSC fixed network

VLR

MSC

BSC BSC RSS

February 27, 2006

Hanna Kalosha

GSM: elements and interfaces

radio cell MS Um RSS BTS MS BSS radio cell MS

BTS Abis BSC A MSC NSS MSC signaling GMSC IWF O OSS EIR AUC OMC ISDN, PSTN PDN BSC

VLR HLR

VLR

February 27, 2006

Hanna Kalosha

GSM: system architecture

radio subsystem MS network and switching subsystem MS MSC

fixed partner networks

ISDN PSTN Um BTS BTS SS7 Abis BSC EIR

HLR

BTS BTS BSS BSC A MSC IWF

VLR ISDN PSTN PSPDN CSPDN

February 27, 2006

Hanna Kalosha

Radio subsystem

The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers Components

Base Station Subsystem (BSS):

Base Transceiver Station (BTS): radio components including sender, receiver, antenna if directed antennas are used one BTS can cover several cells Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels (Um) onto terrestrial channels (A interface) BSS = BSC + sum(BTS) + interconnection

Mobile Stations (MS)

February 27, 2006

Hanna Kalosha

GSM: cellular network

possible radio coverage of the cell

cell

idealized shape of the cell

use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells handover of the connection to the neighbor cell
Hanna Kalosha

February 27, 2006

Network and switching subsystem

NSS is the main component of the public mobile network GSM

switching, mobility management, interconnection to other networks, system control Mobile Services Switching Center (MSC) controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC Databases (important: scalability, high capacity, low delay)

Components

Home Location Register (HLR) central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs) Visitor Location Register (VLR) local database for a subset of user data, including data about all user currently in the domain of the VLR
Hanna Kalosha

February 27, 2006

Operation subsystem

The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems Components Authentication Center (AUC)

generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption of user data on the air interface within the GSM system registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized different control capabilities for the radio subsystem and the network subsystem

Equipment Identity Register (EIR)

Operation and Maintenance Center (OMC)

February 27, 2006

Hanna Kalosha

GSM - TDMA/FDMA
935-960 MHz 124 channels (200 kHz) downlink 890-915 MHz 124 channels (200 kHz) uplink

higher GSM frame structures

time

GSM TDMA frame 1 2

8 4.615 ms

GSM time-slot (normal burst)

guard space tail user data S Training S user data guard tail space

3 bits

57 bits

1 26 bits 1

57 bits

546.5 s 577 s

February 27, 2006

Hanna Kalosha

Mobile Terminated Call

calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN from VLR 6: forward responsible MSC to GMSC calling 7: forward call to station 1 current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection

HLR

5
7

VLR

3 6
PSTN

8 9 14 15
MSC

GMSC

10
BSS

10 13 16
BSS

10
BSS

11

11 11 12 17
MS

11

February 27, 2006

Hanna Kalosha

Mobile Originated Call

1, 2: connection request 3, 4: security check 5-8: check resources (free circuit) 9-10: set up call
6
PSTN

VLR

3 4

5
GMSC MSC

8 2 9
MS

10

BSS

February 27, 2006

Hanna Kalosha

Security in GSM

Security services access control/authentication

user SIM (Subscriber Identity Module): secret PIN (personal identification number) SIM network: challenge response method voice and signaling encrypted on the wireless link (after successful authentication) temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update encrypted transmission secret:
A3 and A8 available via the Internet network providers can use stronger mechanisms

confidentiality

anonymity

3 algorithms specified in GSM A3 for authentication (open interface) A5 for encryption (standardized) A8 for key generation (open interface)
Hanna Kalosha

February 27, 2006

GSM subscriber authentication

mobile network Ki AC 128 bit RAND 128 bit RAND SIM RAND 128 bit Ki 128 bit

A3
SRES* 32 bit SRES

A3
SIM 32 bit

MSC

SRES* =? SRES

SRES 32 bit

SRES

Ki: individual subscriber authentication key

February 27, 2006

SRES: signed response

Hanna Kalosha

GSM - key generation and encryption

mobile network (BTS)

MS with SIM RAND

Ki
AC 128 bit

RAND
128 bit A8

RAND
128 bit A8

Ki
128 bit SIM

cipher key

Kc 64 bit data A5 encrypted data

Kc 64 bit SRES data MS A5

BSS

February 27, 2006

Hanna Kalosha

Data services in GSM I

Data transmission standardized with only 9.6 kbit/s advanced coding allows 14,4 kbit/s not enough for Internet and multimedia applications HSCSD (High-Speed Circuit Switched Data) mainly software update bundling of several time-slots to get higher AIUR (Air Interface User Rate) (e.g., 57.6 kbit/s using 4 slots, 14.4 each) advantage: ready to use, constant quality, simple disadvantage: channels blocked for voice transmission
Hanna Kalosha

February 27, 2006

Data services in GSM II

GPRS (General Packet Radio Service) packet switching using free slots only if data packets ready to send (e.g., 50 kbit/s using 4 slots temporarily) standardization 1998, introduction 2001 advantage: one step towards UMTS, more flexible disadvantage: more investment needed (new hardware) GPRS network elements GSN (GPRS Support Nodes): GGSN and SGSN GGSN (Gateway GPRS Support Nodes) interworking unit between GPRS and PDN (Packet Data Network) SGSN (Serving GSN) supports the MS (location, billing, security) GR (GPRS Register) user addresses
Hanna Kalosha

February 27, 2006

GPRS architecture and interfaces

SGSN Gn

MS

BSS

SGSN

GGSN

PDN

Um

Gb

Gn

Gi

MSC

HLR/ GR EIR

VLR

February 27, 2006

Hanna Kalosha

DECT

DECT (Digital European Cordless Telephone) standardized by ETSI (ETS 300.175-x) for cordless telephones standard describes air interface between base-station and mobile phone DECT has been renamed for international marketing reasons into Digital Enhanced Cordless Telecommunication Characteristics frequency: 1880-1990 MHz channels: 120 full duplex duplex mechanism: TDD (Time Division Duplex) with 10 ms frame length multplexing scheme: FDMA with 10 carrier frequencies, TDMA with 2x 12 slots modulation: digital, Gauian Minimum Shift Key (GMSK) power: 10 mW average (max. 250 mW) range: approx. 50 m in buildings, 300 m open space
Hanna Kalosha

February 27, 2006

UMTS and IMT-2000: 3G

Proposals for IMT-2000 (International Mobile Telecommunications) UWC-136, cdma2000, WP-CDMA UMTS (Universal Mobile Telecommunications System) from ETSI UMTS UTRA (was: UMTS, now: Universal Terrestrial Radio Access) enhancements of GSM

EDGE (Enhanced Data rates for GSM Evolution): GSM up to 384 kbit/s CAMEL (Customized Application for Mobile Enhanced Logic) VHE (virtual Home Environment)

fits into GMM (Global Multimedia Mobility) initiative from ETSI basic requirements

min. 144 kbit/s rural (goal: 384 kbit/s) min. 384 kbit/s suburban (goal: 512 kbit/s) up to 2 Mbit/s urban

February 27, 2006

Hanna Kalosha

Frequencies for IMT-2000

1850
ITU allocation (WRC 1992) Europe GSM DE 1800 CT GSM 1800

1900

1950

2000
MSS
T D D

2050

2100 2150
IMT-2000

2200
MSS

MHz

IMT-2000
T D D

UTRA MSS FDD

MSS

UTRA MSS FDD

IMT-2000 MSS

China
Japan

IMT-2000

PHS

cdma2000 MSS W-CDMA MSS

cdma2000 MSS W-CDMA MSS

North America 1850

PCS 1900 1950

rsv.

2000

2050

2100 2150

2200

MHz

February 27, 2006

Hanna Kalosha

IMT-2000 family
Interface for Internetworking

IMT-2000 Core Network ITU-T Initial UMTS (R99 w/ FDD)

GSM (MAP)

ANSI-41 (IS-634)

IP-Network

Flexible assignment of Core Network and Radio Access

IMT-DS IMT-2000 Radio Access ITU-R

(Direct Spread)

IMT-TC
(Time Code)

IMT-MC
(Multi Carrier)

IMT-SC
(Single Carrier)

IMT-FT
(Freq. Time)

UTRA FDD (W-CDMA) 3GPP

UTRA TDD (TD-CDMA); TD-SCDMA 3GPP

cdma2000 3GPP2

UWC-136 (EDGE) UWCC/3GPP

DECT ETSI

February 27, 2006

Hanna Kalosha

Questions and answers

Question 1: Which types of different services does GSM offer? Answer: Bearer services (telecommunication services to transfer data between access points) Tele services (telephony, emergency number, SMS) Supplementary services (identification, call redirection, call forwarding, call conferencing) Question 2: What is the main problem when transmitting data using wireless systems such as GSM that were made for voice transmission? Answer: The standard bandwidth available for data transmission is not sufficient for the requirements of todays computers Question 3: How can higher data rates be achieved in standard GSM? Answer: By bundling several traffic channels in HSCSD (high speed circuit switched data). By providing packet oriented data transmissions in GPRS (general packet radio service).
Hanna Kalosha

February 27, 2006

Sources

Chapter 4. Telecommunication Systems. Mobile Communications by J. Shiller, 2003 Technology Trends in Wirless Communications by R. Prasad, M. Ruggieri, 2003

[Link]

February 27, 2006

Hanna Kalosha