4 gsm operation
DESCRIPTION
GSM OperationTRANSCRIPT
Slide 1Cell
H
a
d
d
i
i
GSM Network Areas...
GSM Network Areas...
MSC/VLR Service Area :
MSC
H
a
d
d
i
i
Location Area :
MSC/VLR Service Area :
LUP
Paging
H
a
d
d
i
i
Cell :
LA . CGI)) .
(BSIC) .
CGI : Cell Global ID
H
a
d
d
i
i
MSISDN - Mobile subscriber International ISDN Number
International number for mobile subscriber that includes at most 15 digits
Mapping to Mobile Station Roaming Number (MSRN) by HLR
Country Code (CC( + National Destination Code (NDC( + Subscriber Number (SN(
Example: 98912347658
IMSI - International Mobile Subscriber Identity
International number that Uniquely Identifies the User (SIM Card) and is stored in SIM Card, HLR and VLR
unique 15 digits assigned
Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile Subscriber Identification Number (MSIN)
Example : 432111234567890
TMSI - Temporary Mobile Subscriber Identity
32-bit number assigned by VLR to uniquely identify a mobile station within a VLR’s area
32 Bits
May Be Changed Periodically
Hides The IMSI Over The Air Interface (Transmitted Instead Of IMSI)
MSRN - Mobile Station Roaming Number
Is used for routing
Generated By VLR For All Visiting Users (HLR asks VLR to assign this number for called party)
Helps HLR To Determine Current Location Area
Hides The IMSI Inside The Network
Visitor Country Code (VCC) + Visitor National Destination Code (VNDC) + Current MSC Code + Temporary Subscriber Number
Example : 989110100 to 989110107 for one MSC
H
a
d
d
i
i
PSTN
GMSC
HLR
MSC/VLR
Unique 15 digits assigned by equipment manufacturer
: (TYPE APPROVAL CODE) TAC
: (FINAL ASSEMBLY CODE) FAC
: (SERIAL NUNBER) SNR
: SP
357,087,008,609,717 (USSD= *#06#)
Cell Global Identity (CGI)
LA . CI LAI .
(LOCATION AREA IDENTITY) LAI
CGI=MCC+MNC+LAC+CI
Base Station Identity Code (BSIC)
.
(NATIONAL COUNTRY CODE) NCC
BSIC=NCC+BCC
Personal Identity Number ( PIN)
PIN SIM , , IMSI .
Location Area Identity( LAI)
.
Based on international ISDN numbering plan that is broadcast regularly by the BTS on broadcast channel
(MOBILE COUNTRY CODE) MCC
(MOBILE NETWORK CODE) MNC
(LOCATION AREA CODE) LAC
LAI=MCC+MNC+LAC
Location Updating…
Location updating is used to reduce the area over which paging must be undertaken in a cellular system.
The cellular coverage area is divided up into a number of location areas.
All cells broadcast the identity of their Location Area (LAI).
Each time a mobile station observes that it has moved into a new location area it informs the network by performing a location update; this enables the network to perform paging over a smaller area than would otherwise be necessary.
In the extreme case each cell could be a location area, the system would know very precisely where a mobile was but at the expense of a very high level of location update signalling. As a compromise location areas are generally defined as a group of cells.
H
a
d
d
i
i
BTS broadcasts Location Area Identification (LAI) on BCCH
SIM stores current LAI and TMSI
Events which determine a current location update
MS is switched on and current LAI equals stored LAI
a timer set by the network expires and MS reports position (TMSI may be updated and stored in SIM)
Events which determine a new location update
MS is switched on and current LAI differs from stored LAI
MS enters a new location area (TMSI and LAI are updated and stored in SIM)
H
a
d
d
i
i
Location Registration (Power On)
Location registration:
takes place when a mobile station is turned on.This is also known as IMSI Attach because as soon as the mobile station is switched on, it informs the Visitor Location Register(VLR)that it is now back in service and is able to receive calls.As a result of a successful registration,the network sends the mobile station two numbers that are stored in the SIM(Subscriber Identity Module)card of the mobile station.
Generic:
Every time the mobile receives data through the control channels,it reads the LAI and compares it with the LAI stored in its SIM card. A Generic location update is performed if they are different.The mobile starts a location Update process by accessing the MSC/VLR that sent the location data.
Periodic:
Periodic Location Update is carried out when the network does not receive any location update request from the mobile in a specified time.
Location Update (LU) ...
Need to page every cells (high cost).
Location updates for every cell crossing (high cost).
Need to page only one cell (low cost).
Partition the region into different location areas.
Location Updating…
Location update
Location update is performed when there is a boundary crossing.
How to determine the size of a LA?
H
a
d
d
i
i
H
a
d
d
i
i
Paging is a process of broadcasting a message which alerts a specific mobile to take some action, for example if there is an incoming call to be received.
If the system does not know the precise cell in which a mobile is located it must perform paging in a number of cells.
An extreme approach would be to undertake paging throughout the entire coverage area of a cellular system whenever a mobile is to be alerted; however, in anything but the smallest system this would be wasteful of valuable signalling capacity, particularly over the air interface.
The problem is addressed by the use of location areas and location updating.
Paging
H
a
d
d
i
i
Paging
H
a
d
d
i
i
GSM Call Delivery Procedure…
Calling MS sends a call initiation signal to MSC through BS.
MSC sends a location request to HLR of the called MS
HLR determines serving VLR of called MS and sends a route request message to it.
MSC allocates a temporary ID to MS and sends this ID to HLR
HLR forwards the ID to MSC of the calling MS
Calling MSC requests a call set up to the called MSC
Paging messages are sent to cells within the LA.
H
a
d
d
i
i
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
H
a
d
d
i
i
Handover…
Handover is the means of maintaining a call when a user moves outside the coverage area of the serving cell.
The call must be switched to an alternative cell to provide service, automatically and without loss of service.
Handover is a complex process requiring synchronisation of events between the mobile station and the network.
In particular, there is the need to route the call to the new cell before handover can be effected whilst maintaining the old connection until the new connection is known to have succeeded.
Handover is a time critical process requiring action to be taken before the existing radio link degrades to such an extent that the call is lost.
H
a
d
d
i
i
Handover…
H
a
d
d
i
i
BSC
BSC
BTS
BTS
H
a
d
d
i
i
Handover
BSC BTS MS Uplink Downlink Handover . Handover Handover :
HO because Interference (uplink or downlink)
HO because Uplink quality
HO because Downlink quality
HO because Uplink level
HO because Downlink level
HO because MS-BS distance
HO because Turn-around-corner MS
HO because Fast/Slow-moving MS
HO because Good C/I ratio
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink -85dbm Handover Inter-Cell Intra-Cell .
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink QUR QDR Handover QMRG Handover (Inter-cell Handover) .
QDR: Downlink Rx quality threshold
QUR: Uplink Rx quality threshold
QMRG: HO margin quality
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink LUR LDR Handover LMRG Handover (Inter-cell Handover) .
LDR: Downlink Rx Level threshold
LUR: Uplink Rx Level threshold
LMRG: HO margin Level
Handover Power Budge
PBGT Power Budget ) Uplink Downlink ) MS BTS Handover . PBGT n PMRG BSC Handover Power Budget . PMRG 6db BSC 6 SACCH MS ( 6*120mSec) PBGT 5 Handover ( MIH ) Handover Power budget .
Handover PBGT .
H
a
d
d
i
i
MS
B
S
C
BTS1
(900MHz)
BTS2
(900MHz)
7db>6db then Handover command To MS
Because Power Budget
Handover Umbrella
Handover Umbrella 1800 900 Handover 900 Upper layer 1800 Lower layer Handover Handover .
Handover BSC AUCL Handover . MS AUCL ( AUCL BTS ) Handover .
Handover Umbrella Dual band .
AUCL:HO level umbrella
Handover
. :
Handover
Handover
Handover Uplink Downlink rapid field drop Turn-around-corner MS
H
a
d
d
i
i
H
a
d
d
i
i
Ciphering
is used across the air interface to provide speech and signaling encryption. When the authentication procedure has been completed successfully ,the BTS and the mobile station are ready to start the ciphering procedure for signaling and speech/data transmission
Authentication
is a procedure used in checking the validity and integrity of subscriber data. With the help of authentication procedure the operator prevents the use of false SIM modules in the network. The authentication procedure is based on an identity key “Ki” ,that is issued to each subscriber when his data are established in the HLR. The authentication procedure verifies that the “Ki” is exactly the same on the subscriber side as on the network side. The Authentication Center generates information that can be used for all the security purpose during one transaction. This information is called an Authentication Triplet.
GSM Security (1)
SIM network: challenge - response method
confidentiality
voice and signaling encrypted on the wireless link (after successful authentication)
anonymity
newly assigned at each new location update
encrypted transmission
A3 for authentication (“secret”, open interface)
A5 for encryption (standardized)
GSM Security (1)
RAND
SRES
SRES (Signed Response) is a result that the algorithm A3 produces on the basis of certain source information
Kc
Kc is a ciphering key that A8 generates on the basis of certain source information.
GSM Security
Authentication
VLR . VLR HLR .
HLR AUC
AUC A3 Ki SRES .
AUC HLR (Ki,SRES,RAND) VLR .
VLR MSC RAND MS .
MS A3 Ki ( SIM ) SRES .
SRES MS MSC .
MSC
H
a
d
d
i
i
H
a
d
d
i
i
VLR Kc MSC
MSC ---- BSS
BSS ---- MS
MS
BSS MSC
H
a
d
d
i
i
H
a
d
d
i
i
GSM Network Areas...
GSM Network Areas...
MSC/VLR Service Area :
MSC
H
a
d
d
i
i
Location Area :
MSC/VLR Service Area :
LUP
Paging
H
a
d
d
i
i
Cell :
LA . CGI)) .
(BSIC) .
CGI : Cell Global ID
H
a
d
d
i
i
MSISDN - Mobile subscriber International ISDN Number
International number for mobile subscriber that includes at most 15 digits
Mapping to Mobile Station Roaming Number (MSRN) by HLR
Country Code (CC( + National Destination Code (NDC( + Subscriber Number (SN(
Example: 98912347658
IMSI - International Mobile Subscriber Identity
International number that Uniquely Identifies the User (SIM Card) and is stored in SIM Card, HLR and VLR
unique 15 digits assigned
Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile Subscriber Identification Number (MSIN)
Example : 432111234567890
TMSI - Temporary Mobile Subscriber Identity
32-bit number assigned by VLR to uniquely identify a mobile station within a VLR’s area
32 Bits
May Be Changed Periodically
Hides The IMSI Over The Air Interface (Transmitted Instead Of IMSI)
MSRN - Mobile Station Roaming Number
Is used for routing
Generated By VLR For All Visiting Users (HLR asks VLR to assign this number for called party)
Helps HLR To Determine Current Location Area
Hides The IMSI Inside The Network
Visitor Country Code (VCC) + Visitor National Destination Code (VNDC) + Current MSC Code + Temporary Subscriber Number
Example : 989110100 to 989110107 for one MSC
H
a
d
d
i
i
PSTN
GMSC
HLR
MSC/VLR
Unique 15 digits assigned by equipment manufacturer
: (TYPE APPROVAL CODE) TAC
: (FINAL ASSEMBLY CODE) FAC
: (SERIAL NUNBER) SNR
: SP
357,087,008,609,717 (USSD= *#06#)
Cell Global Identity (CGI)
LA . CI LAI .
(LOCATION AREA IDENTITY) LAI
CGI=MCC+MNC+LAC+CI
Base Station Identity Code (BSIC)
.
(NATIONAL COUNTRY CODE) NCC
BSIC=NCC+BCC
Personal Identity Number ( PIN)
PIN SIM , , IMSI .
Location Area Identity( LAI)
.
Based on international ISDN numbering plan that is broadcast regularly by the BTS on broadcast channel
(MOBILE COUNTRY CODE) MCC
(MOBILE NETWORK CODE) MNC
(LOCATION AREA CODE) LAC
LAI=MCC+MNC+LAC
Location Updating…
Location updating is used to reduce the area over which paging must be undertaken in a cellular system.
The cellular coverage area is divided up into a number of location areas.
All cells broadcast the identity of their Location Area (LAI).
Each time a mobile station observes that it has moved into a new location area it informs the network by performing a location update; this enables the network to perform paging over a smaller area than would otherwise be necessary.
In the extreme case each cell could be a location area, the system would know very precisely where a mobile was but at the expense of a very high level of location update signalling. As a compromise location areas are generally defined as a group of cells.
H
a
d
d
i
i
BTS broadcasts Location Area Identification (LAI) on BCCH
SIM stores current LAI and TMSI
Events which determine a current location update
MS is switched on and current LAI equals stored LAI
a timer set by the network expires and MS reports position (TMSI may be updated and stored in SIM)
Events which determine a new location update
MS is switched on and current LAI differs from stored LAI
MS enters a new location area (TMSI and LAI are updated and stored in SIM)
H
a
d
d
i
i
Location Registration (Power On)
Location registration:
takes place when a mobile station is turned on.This is also known as IMSI Attach because as soon as the mobile station is switched on, it informs the Visitor Location Register(VLR)that it is now back in service and is able to receive calls.As a result of a successful registration,the network sends the mobile station two numbers that are stored in the SIM(Subscriber Identity Module)card of the mobile station.
Generic:
Every time the mobile receives data through the control channels,it reads the LAI and compares it with the LAI stored in its SIM card. A Generic location update is performed if they are different.The mobile starts a location Update process by accessing the MSC/VLR that sent the location data.
Periodic:
Periodic Location Update is carried out when the network does not receive any location update request from the mobile in a specified time.
Location Update (LU) ...
Need to page every cells (high cost).
Location updates for every cell crossing (high cost).
Need to page only one cell (low cost).
Partition the region into different location areas.
Location Updating…
Location update
Location update is performed when there is a boundary crossing.
How to determine the size of a LA?
H
a
d
d
i
i
H
a
d
d
i
i
Paging is a process of broadcasting a message which alerts a specific mobile to take some action, for example if there is an incoming call to be received.
If the system does not know the precise cell in which a mobile is located it must perform paging in a number of cells.
An extreme approach would be to undertake paging throughout the entire coverage area of a cellular system whenever a mobile is to be alerted; however, in anything but the smallest system this would be wasteful of valuable signalling capacity, particularly over the air interface.
The problem is addressed by the use of location areas and location updating.
Paging
H
a
d
d
i
i
Paging
H
a
d
d
i
i
GSM Call Delivery Procedure…
Calling MS sends a call initiation signal to MSC through BS.
MSC sends a location request to HLR of the called MS
HLR determines serving VLR of called MS and sends a route request message to it.
MSC allocates a temporary ID to MS and sends this ID to HLR
HLR forwards the ID to MSC of the calling MS
Calling MSC requests a call set up to the called MSC
Paging messages are sent to cells within the LA.
H
a
d
d
i
i
3: signal call setup to HLR
4, 5: request MSRN from VLR
6: forward responsible
MSC to GMSC
10, 11: paging of MS
12, 13: MS answers
14, 15: security checks
H
a
d
d
i
i
Handover…
Handover is the means of maintaining a call when a user moves outside the coverage area of the serving cell.
The call must be switched to an alternative cell to provide service, automatically and without loss of service.
Handover is a complex process requiring synchronisation of events between the mobile station and the network.
In particular, there is the need to route the call to the new cell before handover can be effected whilst maintaining the old connection until the new connection is known to have succeeded.
Handover is a time critical process requiring action to be taken before the existing radio link degrades to such an extent that the call is lost.
H
a
d
d
i
i
Handover…
H
a
d
d
i
i
BSC
BSC
BTS
BTS
H
a
d
d
i
i
Handover
BSC BTS MS Uplink Downlink Handover . Handover Handover :
HO because Interference (uplink or downlink)
HO because Uplink quality
HO because Downlink quality
HO because Uplink level
HO because Downlink level
HO because MS-BS distance
HO because Turn-around-corner MS
HO because Fast/Slow-moving MS
HO because Good C/I ratio
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink -85dbm Handover Inter-Cell Intra-Cell .
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink QUR QDR Handover QMRG Handover (Inter-cell Handover) .
QDR: Downlink Rx quality threshold
QUR: Uplink Rx quality threshold
QMRG: HO margin quality
H
a
d
d
i
i
Handover Uplink Downlink
Uplink Downlink LUR LDR Handover LMRG Handover (Inter-cell Handover) .
LDR: Downlink Rx Level threshold
LUR: Uplink Rx Level threshold
LMRG: HO margin Level
Handover Power Budge
PBGT Power Budget ) Uplink Downlink ) MS BTS Handover . PBGT n PMRG BSC Handover Power Budget . PMRG 6db BSC 6 SACCH MS ( 6*120mSec) PBGT 5 Handover ( MIH ) Handover Power budget .
Handover PBGT .
H
a
d
d
i
i
MS
B
S
C
BTS1
(900MHz)
BTS2
(900MHz)
7db>6db then Handover command To MS
Because Power Budget
Handover Umbrella
Handover Umbrella 1800 900 Handover 900 Upper layer 1800 Lower layer Handover Handover .
Handover BSC AUCL Handover . MS AUCL ( AUCL BTS ) Handover .
Handover Umbrella Dual band .
AUCL:HO level umbrella
Handover
. :
Handover
Handover
Handover Uplink Downlink rapid field drop Turn-around-corner MS
H
a
d
d
i
i
H
a
d
d
i
i
Ciphering
is used across the air interface to provide speech and signaling encryption. When the authentication procedure has been completed successfully ,the BTS and the mobile station are ready to start the ciphering procedure for signaling and speech/data transmission
Authentication
is a procedure used in checking the validity and integrity of subscriber data. With the help of authentication procedure the operator prevents the use of false SIM modules in the network. The authentication procedure is based on an identity key “Ki” ,that is issued to each subscriber when his data are established in the HLR. The authentication procedure verifies that the “Ki” is exactly the same on the subscriber side as on the network side. The Authentication Center generates information that can be used for all the security purpose during one transaction. This information is called an Authentication Triplet.
GSM Security (1)
SIM network: challenge - response method
confidentiality
voice and signaling encrypted on the wireless link (after successful authentication)
anonymity
newly assigned at each new location update
encrypted transmission
A3 for authentication (“secret”, open interface)
A5 for encryption (standardized)
GSM Security (1)
RAND
SRES
SRES (Signed Response) is a result that the algorithm A3 produces on the basis of certain source information
Kc
Kc is a ciphering key that A8 generates on the basis of certain source information.
GSM Security
Authentication
VLR . VLR HLR .
HLR AUC
AUC A3 Ki SRES .
AUC HLR (Ki,SRES,RAND) VLR .
VLR MSC RAND MS .
MS A3 Ki ( SIM ) SRES .
SRES MS MSC .
MSC
H
a
d
d
i
i
H
a
d
d
i
i
VLR Kc MSC
MSC ---- BSS
BSS ---- MS
MS
BSS MSC
H
a
d
d
i
i