Upload
jonathan-strickland
View
224
Download
2
Tags:
Embed Size (px)
Citation preview
GSM Architecture
GSMVarious subsystems1. Network Subsystem includes the
equipments and functions related to end-to-end call.
2. Radio Subsystem includes the equipments and functions related to the management of the connections on the radio path.
3. Operations and Maintenance subsystem includes the operation and maintenance of GSM equipment for the radio and network interface.
Network Architecture
BTS
MSC VLR
HLR
PSTNISDN
DataNetworks
Air interface
OSS
BTS
BTS
MSC VLR
BSCBSC
1 MSC=16 BSC
1 BSC=1024 TRU
A Interface
A-bis interface
BSC:BASE STATION CONTROLLER, BTS: BASE TRANSRECEIVER STATION, OSS: OPERATION AND SUPPORT SUBSYSTEM.ss
GSMNetwork Structure• GSM Service Area: Total area served by the
combination of all member countries where a mobile can be served.
• PLMN Service Area:It is one N/W area. • MSC Service Area:There can many MSC/VLR
in one PLMN area.It is one Mobile Exch. Area.• GMSC: All I/C calls for PLMN N/W will be
routed through GMSC. In a GSM/PLMN N/W all mobile terminated calls will be routed to a Gateway MSC. Call connections between PLMNs , or to fixed N/Ws must be routed to a GMSC.The GMSC contains the Inter working functions to make these connections.
• Location Area• Cells
LOCATION AREA:There are several LA in a MSC/VLR combination A LA is a part of the MSC/VLR service area in which a MS may move freely without updating location information to the MSC/VLR exchange that control the LA. Within a LA a paging message is broadcast in order to find the called mobile subs. LA can be identified by system using the LAI.
CELL.A cell is an identity served by one BTS. The MS distinguishes between cells using the BASE STATION IDENTIFICATION CODE(BSIC) that the cell site broadcast over the air.
GSMPLMN Service Area
V
MSC
MSC
MSC
MSC
VLR
VLRVLR
I II
IVIII
I
GSMMSC Service Area
MSC
VLRLA1
LA2LA3
LA6LA4
LA5
GSMCells
MSC
VLR
LA1
LA2
LA3
LA6LA4
LA5
C1C2 C3
C6 C5C4
C=CELL
GSMRelation between areas in GSM
Location AreaCellArea served by a BTS
Location AreaMSC Service AreaPLMN Service Area
GSM Service Area
GSMLA Coding
MCC
LAI
LACMNC
3 digit 3 digit 2 Octets
MCC:Mobile country code, MNC: Mobile N/W Code,
LAC: Location Area code
GSMFunctions of Mobile Station• Voice and data transmission• Frequency and time synchronization• Monitoring of power and signal
quality of the surrounding cells • Provision of location updates even
during inactive state• Equalization of multi path distortions
GSMMobile Station
• Portable, vehicle mounted, hand held• MS identified by unique IMEI(International Mobile
Equipment Identity)
• Shall display at least last ten received, dialled and missed calls
• Minimum talk time of 1hr 30 min. and standby time of 80 hrs
• 160 characters long SMS
GSMMobile Station - Power Levels
PowerClass
Max. PeakPower
Tolerance (dB)Normal Extreme
1 20W(43 dBm)
+/- 2 +/- 2.5
2 8W(39 dBm)
+/- 2 +/- 2.5
3 5W(37 dBm)
+/- 2 +/- 2.5
4 2W(33 dBm)
+/- 2 +/- 2.5
5 0.8W(29 dBm)
+/- 2 +/- 2.5
Vehicle mounted
Mobile station Power adjustable in 2 db steps.down to 13 db(20mw) , under remote control from BTS .
BTS measure received power from MS (minimum) .
This is to minimize Co-channel Interference. Adjustment with 13 TDMA frame(60 ms).
The required power level is determined by BSC.
GSMSIM Card
• SIM Module• Unique Subscriber’s ID IMSI and ISDN• PIN( Personal Identification Number)
• Key Ki( Identification Key) , Kc and A3,A5 and A8 algorithms
• SIM has CPU, ROM, RAM and EPROM
GSMMobile Identification Numbers• IMEI• MSISDN• IMSI• TMSI• MSRN
GSMMSISDN• Mobile Subscriber’s ISDN
Number• The MSISDN is registered in the telephone directory and
used by the calling party for dialing.• MSISDN shall not exceed 15 digits.• NDS--National Significant Number---Give Routing
Information to reach HLR• N(S)N--National Significant Number
CC NDC SN
1 to 3 digits Variable Variable
MSISDN : not more than 15 digitsN(S)N
GSMIMSI• International mobile
subscriber’s Identity• The IMSI is an unique identity which is
used internationally and used within the network to identify the mobile subscribers.
• The IMSI is stored on the subscriber identity module (SIM), the HLR, VLR and AC database.
GSMIMSI
3 digits
MCC MNC MSIN
3 digits Not more than 9 digits
NMSI
IMSI : Not more than 15 digits
MCC--Mobile Country Code, MNC--Mobile N/W Code, MSIN--Mobile Station Identification Number
NMSI--National Mobile Station Identity,assigned by Individual Administration.
Mobile station Identification Number. It identifies the subs. In a PLMN. First 3 digit identifies the Logical HLR-id of Mobile subs.
GSM, TMSI • Temporary Mobile subscriber’s Identity• The TMSI is an identity which guarantees the
integrity of the mobile subscribers on the radio interface and protect the Subs. from being identified by those attempting to monitor the Radio CHL.
• The VLR assigns a TMSI to each mobile subscribers entering the VLR area.
• Assigned only after successful authentication.• TMSI has only local significance i.e. within VLR
& area controlled by the VLR• TMSI changes on location updation• TMSI is less than 8 digit
GSMMSRN
Mobile Station Roaming Number• The MSRN is used in the GMSC to set up a
connection to the visited MSC/VLR. • MSRN--is a temporary identity which is
assigned during the establishment of a call to a roaming subs.
CC NDS SN
CC--Country Code, NDC--National Destination Code, SN-- Subs. No.
GSMIMEI• International Mobile Equipment
Identity• The IMEI is an unique code allocated to
each mobile equipment. It is checked in the EIR.
• IMEI check White List Grey List Black List
RADIO SUB SYSTEM (RSS)RADIO SUB SYSTEM (RSS)
n BTS n BTS
BSC
BSC
BSC
MSC/VLR
RSSRSS
GSMFUNCTION OF BTS -I• Encodes, encrypts, multiplexes, modulates
and feeds the RF signals to the antenna
• Transcoding and rate adaption Functionality
• Time and frequency synchronisation signals transmission.
• 11 power classes from .01 watts to 320 watts
GSMFUNCTION OF BTS -II
• Frequency hopping
• Random access detection
• Uplink radio channel measurements
• BTS mainly consists of a set of transceivers (TRX).
FREQUENCY HOPPING
The Mobile Radio Channel is a Frequency selective Fading channel, slow hopping freq. Of a CHL.changes with every TDMA Frame. RATE--216.7 Hops/sec. It reduces the S/N ratio.
Base Band Hoping: It involves hopping between freq. On different transreceivers in a cell.
Synthesizer Hoping: Hopping from freq. To freq. On the same transreceiver in a cell.
TIMING ADVANCE
It It IiIt is a solution to time alignment. It works by instructing the mis aligned MS to transmit its burst earlier or later than it normally would.
Transmission would occur earlier or later related to previous position ,to reach its timeslot at the BTS in right time .
Max. bit times= 63. For 35 KM.
With extended range distances up 70 Km or even 121 Km can be handled, using 2 T/S.
GSMFUNCTIONS OF BSC-I
• It is connected to BTS and offloads MSC
• Radio resource management • Inter-cell handover • Reallocation of frequencies• Power control
GSMFUNCTIONS OF BSC-II
• Time delay measurement of the received signals from MS with respect to BTS clock.
• Performs traffic concentration to reduce the number of lines from BSC to MSC.
GSMMSC-BSS Configurations
BTSBTS
BTS
BTS BTS
BTS
A-bisBSC
BSS
Configuration -6 Multi - cell site = multi--BTS site
Many single cell sites
BSS
MSC
BTS
AA
A
Single - cell siteConfiguration -1
Multi - cell site (sector CellsConfiguration -5
MCC: Mobile Switching Centre
BSS: Base Station System
BSC: Base Station Controller
BTS: Base Transceiver Station
A-bis
Network and Switching Subsystem (NSS)
MSC
(PSTN)
VLR
HLR AUC
EIR
D
C
SS7 Signalling
Traffic Path
F
(BSS)
A
EOtherMSC
GSMMSC ( MOBILE SWITCHING CENTRE)• Manages communication between GSM &
other network • Call setup functions, basic switching are done• MSC takes into account the RR allocation in
addition to normal exchange functions• MSC does gateway function while its customers
roams to other network by using HLR /VLR
GSMMSC Functions - I• Paging, specifically call handling • Location updation• Handover management• Billing for all subscribers based in its area• Reallocation of frequencies to BTSs in its area
to meet heavy demands
GSMMSC Functions - II• Echo canceller operation control
• Signaling interface to databases like HLR, VLR.
• Gateway to SMS between SMS centers and subscribers
• Handle interworking function while working as GMSC
INTERWORKING FUNCTION
-It provide the Interfacing Capability to Data N/Ws.
-IMF. A part of MSC, provides the subscriber with access to data rate and protocol conversion facilities so that data can be transmitted between GSM Data Terminal Equipment ( DTE ) and a land line DTE.
GSMVISITOR LOCATION REGISTER (VLR)-I
• It controls those mobiles roaming in its area.
• VLR reduces the number of queries to HLR
• One VLR may be incharge of one or more LA.
• VLR is updated by HLR on entry of MS its area.
• VLR assigns TMSI which keeps on changing.
• IMSI detach and attach operation
GSMData in VLR• IMSI & TMSI• MSISDN • MSRN.• Location Area• Supplementary service parameters• MS category• Authentication Key
GSM Home Location Register(HLR)-I
• Reference store for subscriber’s parameters, numbers, authentication & Encryption values.
• Current subscriber status and associated VLR.
• Both VLR and HLR can be implemented in the same equipment in an MSC.
• one PLMN may contain one or several HLR.
GSM Home Location Register(HLR)-II
• Permanent data in HLR• Data stored is changed only by man-
machine.
• IMSI, MS-ISDN number.
• Category of MS ( whether pay phone or not )
• Roaming restriction ( allowed or not ).
• Supplementary services like call forwarding
GSM Home Location
Register(HLR)-III• Temporary data in HLR• The data changes from call to call & is
dynamic
• MSRN
• RAND /SRES and Kc
• VLR address , MSC address.
• Messages waiting data used for SMS
GSMAUTHENTICATION CENTRE (AUC )-I• AUC is a separate entity and physically
included in HLR
• Protect against intruders in air interface
• Authentication (Ki) and ciphering (Kc) key are stored in this data base.
• Keys change randomly with each call
• Keys are never transmitted to MS on air Only calculated response are sent.
AUTHENTICATION & ENCRIPTION
• AUCDatabase
Generation of Random
NumberRAND RAND
IMSI1
IMSI3
IMSI2
ki1
ki2
ki3
RANDSRESKc
Algorithm forCiphering
A8
Algorithm for AuthenticationA3
Kc
64 bits
SRES32 bits
HLR
GSMEQUIPMENT IDENTITY REGISTER ( EIR )
• This data base stores IMEI for all registered mobile equipments and is unique to every ME.
• Only one EIR per PLMN.
• White list : IMEI, assigned to valid ME.• Black list : IMEI reported stolen• Gray list : IMEI having problems like faulty
software, wrong make of equipment etc.
The centralized operation of the various units in the system and functions needed to maintain the subsystems.
Dynamic monitoring and controlling of the network
Operations and Maintenance Centre OMC
Operations and Maintenance Centre OMC
functions -O&M data function
-Configuration management
--Fault report and alarm handling
-Performance supervision/management
-Storage of system software and data
Functions Of OMC Functions Of OMC
GSMSecurity Management• Four basic security services
provided by GSM • Anonymity : TMSI Assignment• Authentication• Encryption: • PIN
ENCRIPTION/CIPHERING
To encode the burst so that it can not be interpreted by any other device than the receiver. The ciphering algorithm in GSM is called A5 algorithm. It does not bits to burst, meaning that the I/P and O/P to the ciphering process is the same as the I/P: 456 bits per sec.
GSMEncryption Process
Encryption Process
KEY
Plain Text
Cipher-text
GSMGeneric Authentication Process
A3 A3
Ki KiRAND
RAND
CompareSRES
SRES
Response
IMSIIMSI
Yes/No
Radio Path
Authentication
• Authentication is used to check the validity of a mobile subscriber.
At MS At N/W
KiRAND( 128 bits )
Ki
A3 A3
SRES SRES
( 32 bits )=?
AUTHENTICATION
• RAND ( 128 bits ):Random Number
• SRES ( 32 bits) :Signed Response
• Kc ( 64 bits ) : Ciphering Key
- Ki is stored in SIM and HLR.
• Ki ( 128 bits) : Identification Key - Purpose : Ki is used to calculate SRES and Kc.
- Ki is never transmitted over signaling network.
- Purpose : Kc is used to encrypt data over radio interface.
- Purpose : RAND is used to calculate SRES and Kc.
Ciphering
• Ciphering is used to encrypt data on radio interface.
Frame No. (22 bits )
A5
Information Bits ( 114 bits )
CIPHERING
Kc generation is done at the time of Authentication.
RAND Ki
Kc ( 64 bits)
A8
Ciphering Stream
XORCiphered Bits
1. To check identity provided by the MS.
The purpose of authentication procedure is two fold :
2. To supply n/w parameters to MS to calculate Kc.
• Authentication procedure is always initiated and controlled by the n/w.
TIME
MS N/W
Authentication Request
Authentication Response
Authentication Reject
AUTHENTICATION PROCEDURE
Authentication Procedure-I
Authentication done on each location update and for each new service.but not always,decided by Operator
Authentication Procedure -II
-When to start Authentication ?
-N/W decides to initiate authentication in the following scenarios:
A. If CKCN( Ciphering Key Seq. No.) in any initial message from MS does not match with that stored at self end.
B. After some predetermined number of accesses to the N/W
Authentication Procedure-III
1. N/W initiates authentication by sending Authentication Request message to the MS
2. Authentication Response by the MS
--MS calculates SRES and Kc after getting RAND from AUTHENTICATION REQUEST MESSAGE .
-It stores Kc and CKSN (from message) into SIM.
-It sends SRES to the N/W.
3.Authentication Response Processing at N/W
- N/W compares SRES received from MS and that stored at self end.
Authentication Procedure
- If mismatch occures, N/W sends Authentication Reject message to MS and cleans up all MM( Mobility & Management ) connections.
-If it matches then N/W proceeds for further activities.
4.Authentication Reject message at MS
- Ms sets update status in MS to ROAMING NOT ALLOWED.
-deletes TMSI, LAI and CKSN from SIM.
-considers SIM as invalid until MS switched off or SIM removed.
Authentication Procedure-V
- At n/w side, authentication procedure requires authentication triplets.
Authentication Triplets :
-RAND ( 128 bits ).
- Authentication triplets contains
- SRES ( 32 bits ). - Kc ( 64 bits ). - The network can have more than one triplets.
- The operator can allow reuse of triplets.
- The index of currently used triplet is called CKSN ( Ciphering Key Sequence Number ).