Gs March It Ecure

8/9/2019 Gs March It Ecure

1/46

GSM Architecture


2/46

2

GSM

Various subsystems1. Network Subsystem includes the equipments

and functions related to end-to-end call.

2. Radio Subsystem includes the equipments andfunctions related to the management of theconnections on the radio path.

3. Operations and Maintenance subsystemincludes the operation and maintenance of GSMequipment for the radio and network interface.


3/46

3

Network Architecture

BT

S

MSC VLR

HLR

PSTNISDN

Data

Networks

Air interface

OSS

B

T

S

B

T

S

MSC VLR

BSC

BSC


4/46

4

GSM

Network Structure

GSM Service Area

PLMN Service Area MSC Service Area

Location Area Cells


5/46

5

GSMPLMN Service Area

V

MSC

MSC

MSC

MSC

VLR

VLR

VLR

I II

IVIII

I


6/46

6

GSMMSC Service Area

MSC

VLRLA1

LA2

LA3

LA6

LA4 LA5


7/46

7

GSMCells

MSC

VLRLA1

LA2

LA3

LA6

LA4 LA5

C1C2 C3

C6 C5C4

C=CELL


8/46

8

GSMRelation between areas in GSM

Location AreaCell

Area served by a BTS

Location AreaMSC Service AreaPLMN Service Area

GSM Service Area


9/46

9

GSM

LA Coding

MCC

LAI

LACMNC

3 digit 3 digit 2 Octets


10/46

10

GSM

Functions of Mobile Station Voice and data transmission

Frequency and time synchronization

Monitoring of power and signal qualityof the surrounding cells

Provision of location updates even

during inactive state

Equalization of multi path distortions


11/46

11

GSMMobile Station

Portable, vehicle mounted, hand held MS identified by unique IMEI

Shall display at least last ten received, dialledand missed calls

Minimum talk time of 1hr 30 min. andstandby time of 80 hrs

160 characters long SMS


12/46

12

GSM

Mobile Station - Power LevelsPower

Class

Max. Peak

Power

Tolerance (dB)

Normal Extreme

1 20W

(43 dBm)

+/- 2 +/- 2.5

2 8W

(39 dBm)

+/- 2 +/- 2.5

3 5W

(37 dBm)

+/- 2 +/- 2.5

4 2W

(33 dBm)

+/- 2 +/- 2.5

5 0.8W

(29 dBm)

+/- 2 +/- 2.5


13/46

13

GSM

SIM Card

SIM Module

Unique Subscribers ID IMSI and ISDN PIN

Key Ki, Kc and A3,A5 and A8 algorithms

SIM has CPU, ROM, RAM and EPROM


14/46

14

GSM

Mobile Identification Numbers IMEI

MSISDN

IMSI

TMSI

MSRN


15/46

15

GSM

MSISDN Mobile Subscribers ISDN Number

The MSISDN is registered in the

telephone directory and used by the

calling party for dialing.

CC NDC SN

1 to 3 digits Variable Variable

MSISDN : not more than 15 digits

N(S)N


16/46

16

GSM

IMSI International mobile subscribers

Identity

The IMSI is an unique identity which is usedinternationally and used within the network toidentify the mobile subscribers.

The IMSI is stored on the subscriber identitymodule (SIM), the HLR, VLR and ACdatabase.


17/46

17

GSM

IMSI

MCC MNC MSIN

3 digits 3 digits Not more than 9 digits

NMSI

IMSI : Not more than 15 digits


18/46

18

GSM

TMSI Temporary Mobile subscribers

Identity The TMSI is an identity whichguarantees the integrity of the mobilesubscribers on the radio interface.

The VLR assigns a TMSI to each mobilesubscribers entering the VLR area.


19/46

19

GSM

MSRNMobile Station Roaming

Number

The MSRN is used in the GMSC to set up aconnection to the visited MSC/VLR.


20/46

20

GSM

IMEI International Mobile Equipment

Identity

The IMEI is an unique code allocated to eachmobile equipment. It is checked in the EIR.

IMEI check

y

White Listy Grey List

y Black List


21/46

21

RADIO SUB SYSTEM (RSS)RADIO SUB SYSTEM (RSS)

n BTS n BTS

BSC

BSC

BSC

MSC/VLR

RSS


22/46

22

GSMFUNCTION OF BTS -I

Encodes, encrypts, multiplexes, modulatesand feeds the RF signals to the antenna

Transcoding and rate adaption Functionality

Time and frequency synchronisation signalstransmission.

11 power classes from .01 watts (Micro cell)to 320 watts (Umbrella cell)


23/46

23

GSMFUNCTION OF BTS -II

Frequency hopping

Random access detection

Uplink radio channel measurements

BTS mainly consists of a set of transceivers(TRX). Can accommodate 1 to 7 TRX perSector


24/46

24

GSMFUNCTIONS OF BSC-I

It is connected to BTS and offloadsMSC

Radio resource management

Inter-cell handover

Reallocation of frequencies

Power control


25/46

25

GSMFUNCTIONS OF BSC-II

Time delay measurement of the receivedsignals from MS with respect to BTS clock.

Performs traffic concentration to reduce thenumber of lines from BSC to MSC.

Provide interface TCP/IP X.25 to the OMS


26/46

26

GSMFUNCTIONS OF BSC-III

BSC performs call processing

TRAU are generally located at the site of MSC.

BSC- BTS configurations as per requirement.

Data from OMC and can be down loaded to

BSC


27/46

27

GSM

MSC-BSS Configurations

BTSBTS

BTS

BTS BTS

BTS

A-bis

BSC

BSS

Configuration -6 Multi - cell site =multi--BTS site

Many single

cell sites

BSS

MSC

BTS

A

A

A

Single - cell site

Configuration -1

Multi - cell site (sector Cells

Configuration -5

MCC: Mobile Switching Centre

BSS: Base Station System

BSC: Base Station Controller

BTS: Base Transceiver Station

A-bis


28/46

28

Network and Switching

Subsystem (NSS)

MSC

(PSTN)

VLR

HLR AUC

EIR

D

C

SS7 Signalling

Traffic Path

F

(BSS)

A

E

Other

MSC


29/46

29

GSMMSC ( MOBILE SWITCHING CENTRE)

Manages communication between GSM &

other network

Call setup functions, basic switching are done

MSC takes into account the RR allocation in

addition to normal exchange functions

MSC does gateway function while its customersroams to other network by using HLR /VLR


30/46

30

GSM

MSC Functions - I Paging, specifically call handling

Location updation

Handover management

Billing for all subscribers based in its area

Reallocation of frequencies to BTSs in its area

to meet heavy demands


31/46

31

GSM

MSC Functions - II Echo canceller operation control

Signaling interface to databases like HLR, VLR.

Gateway to SMS between SMS centers andsubscribers

Handle interworking function while working asGMSC


32/46

32

GSMVISITOR LOCATION REGISTER (VLR)-I

It controls those mobiles roaming in its area.

VLR reduces the number of queries to HLR

One VLR may be incharge of one or more LA.

VLR is updated by HLR on entry of MS its area.

VLR assigns TMSI which keeps on changing.

IMSI detach and attach operation


33/46

33

GSMData in VLR IMSI & TMSI

MSISDN

MSRN.

Location Area

Supplementary service parameters

MS category Authentication Key


34/46

34

GSM

Home Location Register(HLR)-I

Reference store for subscribers parameters,numbers, authentication & Encryption values.

Current subscriber status and associated VLR.

Both VLR and HLR can be implemented in the

same equipment in an MSC.

one PLMN may contain one or several HLR.


35/46

35

GSMHome Location Register(HLR)-II

Permanent data in HLR Data stored is changed only by man-machine.

IMSI, MS-ISDN number.

Category of MS ( whether pay phone or not )

Roaming restriction ( allowed or not ).

Supplementary services like call forwarding


36/46

36

GSMHome Location Register(HLR)-III Temporary data in HLR The data changes from call to call & is dynamic

MSRN

RAND /SRES and Kc

VLR address , MSC address.

Messages waiting data used for SMS


37/46

37

GSMAUTHENTICATION CENTRE (AUC )-I

AUC is a separate entity and physicallyincluded in HLR

Protect against intruders in air interface

Authentication (Ki) and ciphering (Kc)key are stored in this data base.

Keys change randomly with each call

Keys are never transmitted to MS on air

Only calculated response are sent.


38/46

38

AUTHENTICATION & ENCRIPTION AUC

Database

Generation

of Random

Number

RANDRAND

IMSI1

IMSI3

IMSI2

ki1ki2

ki3

RANDSRESKc

Algorithm forCiphering

A8

Algorithm for

Authentication

A3

Kc

64 bits

SRES32 bits

HLR


39/46

39

GSMEQUIPMENT IDENTITY REGISTER ( EIR )

This data base stores IMEI for all registeredmobile equipments and is unique to every ME.

Only one EIR per PLMN.

White list : IMEI, assigned to valid ME.

Black list : IMEI reported stolen Gray list : IMEI having problems like faulty

software, wrong make of equipment etc.


40/46

40

The centralized operation of the various units inthe system and functions needed to maintain thesubsystems.

Dynamic monitoring and controlling of thenetwork

Separate OMC-S and OMC-R for NSS and RSS

Operations and Maintenance Centre

OMC

Operations and Maintenance Centre

OMC


41/46

41

functions

-O&M data function

-Configuration management

--Fault report and alarm handling

-Performance supervision/management

-Storage of system software and data

-Support GUI for operation and Maintenance

Functions Of OMCFunctions Of OMC


42/46

42

GSM

Security Management Four basic security services provided

by GSM

Anonymity : TMSI Assignment

Authentication

Encryption: PIN


43/46

43

GSM

Encryption Process

Encryption

ProcessKEY

Plain Text

Cipher-text

GSM


44/46

44

GSMGeneric Authentication

Process

A3 A3

Ki KiRAND

RAND

CompareSRES

SRES

Response

IMSIIMSI

Yes/No

Radio Path


45/46

45

AUTHENTICATION & ENCRIPTION AUC

Database

Generation

of Random

Number

RANDRAND

IMSI1

IMSI3

IMSI2ki1ki2

ki3

RANDSRESKc

Algorithm forCiphering

A8

Algorithm for

Authentication

A3

Kc

64 bits

SRES32 bits

HLR


46/46

46

AUTHENTICATION & ENCRIPTION

HLRSRES=

SRESc

A3Sim

Card

Key Pad

A8

Store

Kc

AccessGranted

RAND

Yes

MSC/VLRRAND Ki

SRESc

(128)

SRES

(32)

Kc

Cipher

Key Transfer Kc to

BTS

no

Documents

Gs March It Ecure