Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
2G Mobile Communication Systems 2G Review: GSM
Services Architecture Protocols Call setup Mobility management Security
HSCSD
GPRS
EDGE
Cellular Communication Systems 2Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM: Mobile ServicesGSM offers several types of communications
voice connections data connections short message service
multi-service options (combination of basic services)Three service domains (a “mobile” model of ISDN) Bearer Services (E2E data, L3 SAP) Teleservices (application-specific: telephony, emergency calls, fax, voicebox, SMS) Supplementary Services
GSM-PLMNtransit
network(PSTN, ISDN)
source/destination
networkTE TE
R, S (U, S, R)Um
MT
MS
PLMN: Public Land Mobile NetworkPSTN: Public Switched Telephone NetworkISDN: Integrated Services Digital Network
MS: Mobile StationMT: Mobile Termination (radio-specific part)TE: Terminal
bearer services
teleservices
Cellular Communication Systems 3Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
TeleservicesTelecommunication services that enable voice communication via mobile phones mobile telephony
primary goal of GSM was to enable mobile telephony offering nearly ISDN quality (bandwidth of 7 kHz); Today: Fullrate codec (FR–13kb/s), halfrate (HR-5.6kb/s), Enhanced Fullrate (EFR-
12.2kb/s) emergency number
common number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible)
multinumberingseveral ISDN phone numbers per user possible
Non-Voice Teleservices group 3 fax voice mailbox (implemented in the GSM network) Short Message Service (SMS)
alphanumeric data transmission to/from the mobile terminal using the signaling channel, thus allowing simultaneous use of basic services and SMS
Cellular Communication Systems 4Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Supplementary services
Services in addition to the basic services cannot be offered stand-alone similar to ISDN services besides lower bandwidth due to the radio link may differ between different service providers, countries and protocol
versions
Important services call forwarding identification: forwarding of caller number suppression of number forwarding (CLIP, CLIR) automatic call-back conferencing with up to 7 participants locking of the mobile terminal (incoming or outgoing calls) ...
Cellular Communication Systems 5Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM network architecture
fixed network
BSC
BSC
MSC MSC
GMSC
OMC, EIR, AUC
VLR
HLRNSSwith OSS
RSS
VLR
BTS BTSBTS BSC: n:1 (tree)BSC MSC: n:1 (tree)MSC – VLR: 1:1MSC – MSC: meshed network
Cellular Communication Systems 6Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM network elements GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard
within each country
GSM system comprises 3 subsystems RSS (radio subsystem): covers all radio aspects MS (mobile station) BSS (base station subsystem) or GSM RAN (radio access network) BTS (base transeiver station) BSC (base station controller)
NSS (network and switching subsystem): call forwarding, handover, switching MSC (mobile services switching center) LR (location register): HLR and VLR
OSS (operation subsystem): management of the network AuC (authentication centre) EIR (equipment identity register) OMC (operation and maintenance centre)
CN (core network)
Cellular Communication Systems 7Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Radio subsystemThe Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers
Components Base Station Subsystem (BSS) or RAN Base Transceiver Station (BTS) radio components including sender, receiver, antenna one BTS can cover several cells
Base Station Controller (BSC) switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels (Um) onto terrestrial channels
(A interface)BSS = BSC + sum(BTS) + interconnection
Mobile Stations (MS)
Cellular Communication Systems 8Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Base Transceiver Station and Base Station Controller
Tasks of a BSS are distributed over BSC and BTS BTS comprises radio specific functions of lower layers (PHY, MAC) BSC manages and controls the radio channels in the BTS and terrestrial
channels to BTS and MSC Design Principle: “central intelligence” = BSC, “dumb radio station” = BTS
Functions BTS BSCManagement of radio channels XFrequency hopping (FH) X XManagement of terrestrial channels XMapping of terrestrial onto radio channels XChannel coding and decoding XRate adaptation XEncryption and decryption X XPaging X XUplink signal measurements XTraffic measurement XAuthentication XLocation registry, location update XHandover management X
Cellular Communication Systems 9Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
possible radio coverage of the cell
idealized shape of the cellcell
segmentation of the area into cells
GSM: cellular network
use of several carrier frequencies not the same frequency in neighboring cells cell radius varies from some 100 m up to 35 km depending on
user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend
on geography) if a mobile user changes cells
-> handover of the connection to the neighbor cell
Cellular Communication Systems 10Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM: Air InterfaceFDMA (Frequency Division Multiple Access) / FDD (Frequency Division Duplex)
123124. . .
890 MHz 915 MHz
123124. . .
935 MHz 960 MHz
200 kHz
Uplink Downlink
frequency
TDMA (Time Division Multiple Access)
time
Downlink
87654321
4,615 ms = 1250 bit
Uplink
87654321
Cellular Communication Systems 11Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Framing Modulation(GMSK)
GSM: Voice Coding
Voice coding Channelcoding Framing Modulation
(GMSK)
114 bit/slot114 + 42 bit
Guard (8.25 bits): avoid overlap with other time slots (different time offset of neighboring slot)Training sequence: select the best radio path in the receiver and train equalizerTail: needed to enhance receiver performanceFlag S: indication for user data or control data
1 2 3 4 5 6 7 8GSM TDMA frame
GSM time-slot (normal burst)
4.615 ms
546.5 µs577 µs
tail user data TrainingSguardspace S user data tail
guardspace
3 bits 57 bits 26 bits 57 bits1 1 3
Cellular Communication Systems 12Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Network and switching subsystem (NSS)
NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks,
system controlComponents Mobile Services Switching Center (MSC)
controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC
Databases (important: scalability, high capacity, low delay) Home Location Register (HLR)
central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs)
Visitor Location Register (VLR)local database for a subset of user data, including data about all user currently in the domain of the VLR
Cellular Communication Systems 13Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Operation subsystem (OSS)
OSS enables centralized operation, management, and maintenance of all GSM subsystems
Components Authentication Center (AUC) generates user-specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals
and encryption of user data on the air interface within the GSM system Equipment Identity Register (EIR) registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes
even localized Operation and Maintenance Center (OMC) different control capabilities for the radio subsystem and the network
subsystem
Basic Functions in GSM Systems
Connection Setup Handover Location management Roaming Authentication
Cellular Communication Systems 15Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Connection Setup & Radio Resource Assignment
BSBSC MSC
Cellular Communication Systems 16Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Mobile Terminated Call (MTC)
PSTNcallingstation GMSC
HLR VLR
BSSBSSBSS
MSC
MS
1 2
3
4
5
6
7
8 9
10
11 12
1316
10 10
11 11 11
14 15
17
1: calling a GSM subscriber2: forwarding call to GMSC3: signal call setup to HLR4, 5: request MSRN from VLR6: forward responsible
MSC to GMSC7: forward call to
current MSC8, 9: get current status of MS10, 11: paging of MS12, 13: MS answers14, 15: security checks16, 17: set up connection
Cellular Communication Systems 17Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Mobile Originated Call (MOC)
PSTN GMSC
VLR
BSS
MSC
MS1
2
6 5
3 4
9
10
7 8
1, 2: connection request3, 4: security check5-8: check resources (free circuit)9-10: set up call
Cellular Communication Systems 18Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
HandoverThe problem:
Change the cell while communicating
Reasons for handover: Quality of radio link
deteriorates Communication in other cell
requires less radio resources Supported radius is
exceeded (e.g. Timing advance in GSM)
Overload in current cell Maintenance
Link
qua
lity
Link to cell 1 Link to cell 2 time
cell 1
cell 2
Handover margin (avoid ping-pong effect)
cell 1 cell 2
Cellular Communication Systems 19Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
4 types of handover
(Anchor)MSC MSC
BSC BSCBSC
BTS BTS BTSBTS
MS MS MS MS
12 3 4
• intra-cell handover: within same BTS, handled by BSC • inter-cell handover/intra BSS: within same BSS, handled by BSC• inter-cell handover/inter BSS: between BSCs at the same MSC• inter-cell handover/inter MSC: between BSCs of different MSCs(Anchor MSC: the initial MSC, which started the connection, keeps control)
GMSC
Cellular Communication Systems 20Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
X
BSBS
Before
X
BSBS
During
X
BSBS
After
GSM: Handover Principle
“Hard” handover, “make before break” Mobile assisted handoff/handover (MOHA):
MS sends regular measurement reports to network (own cell, neighbor cells, every 480 ms) Network (old BSC) decides upon handover (when, target cell) Network (old BSC) sets up new communication path Network (old BSC) instructs the MS to execute handover
Cellular Communication Systems 21Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Handover procedure (change of BSC)
HO access
BTSold BSCnew
measurementresult
BSCold
Link establishment
MSCMSmeasurementreport
HO decisionHO required
BTSnew
HO request
resource allocationch. activation
ch. activation ackHO request ackHO commandHO commandHO command
HO completeHO completeclear commandclear command
clear complete clear complete
„Make-before-break“ strategy
make
break
Cellular Communication Systems 22Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
Security in GSMSecurity service System was designed with a moderate level of security to authenticate the
subscriber using a pre-shared key and challenge-response. access control/authentication
user SIM (Subscriber Identity Module): secret PIN (personal identification number)
SIM network: challenge response method no authentication of network!
confidentiality voice and signaling encrypted on the wireless link (after successful authentication)
anonymity temporary identity TMSI
(Temporary Mobile Subscriber Identity) newly assigned at each new location update encrypted transmission
3 algorithms specified in GSM A3 for authentication (“secret”, open interface) A5 for encryption (standardized) A8 for key generation (“secret”, open interface)
“secret”:• A3 and A8
available in the Internet
• network providers can use stronger mechanisms
Cellular Communication Systems 23Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM - authentication
A3
RANDKi
128 bit 128 bit
RAND
SRES* =? SRES
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES
Authentication Request (RAND)
Authentication Response (SRES 32 bit)
mobile network
AuC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
SRES* 32 bit
Challenge-Response:• Authentication center provides RAND to Mobile• AuC generates SRES using Ki of subscriber and
RAND via A3• Mobile (SIM) generates SRES using Ki and RAND• Mobile transmits SRES to network (MSC)• network (MSC) compares received SRES with one
generated by AuC
Cellular Communication Systems 24Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GSM - key generation and encryption
A8
RANDKi
128 bit 128 bit
Kc64 bit
A8
RAND Ki
128 bit 128 bit
SRES
RAND
encrypteddata
mobile network (BTS)
MS with SIM
AuC
BTS
SIM
A5
Kc64 bit
A5MS
data data
cipherkey
Ciphering:• Data sent on air interface ciphered for security• A8 algorithm used to generate cipher key• A5 algorithm used to cipher/decipher data• Ciphering Key is never transmitted on air
Cellular Communication Systems 25Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
2G+: GSM Evolution
Limits of GSM limited capacity at the air interface:
data transmission standardized with only 9.6 kbit/s advanced coding allows 14,4 kbit/s not enough for web browsing and multimedia applications => EDGE
inappropriateness for bursty and non-symmetrical data traffic => GPRS
Extensions HSCSD (High-Speed Circuit Switched Data) GPRS (General Packet Radio Service) EDGE (Enhanced Data Rate for GSM Evolution) EGPRS (EDGE und GPRS) GERAN (GSM Interface to UMTS)
Cellular Communication Systems 26Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
HSCSD (High-Speed Circuit Switched Data)
continuous use of multiple time slots for a single user(on a single carrier frequency)
asynchronous allocation of time slots between DL and UL
gain: net data rate up to 115,2 kbps (allocation of all 8 traffic channels)
mainly software update
additional HW needed if more than 3 slots are used
Uplink
Downlink71 2 3 84 5 6 1 2
71 2 3 84 5 6 1 2
Cellular Communication Systems 27Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
GPRS (General Packet Radio Service)
Introducing packet switching in the network Using shared radio channels for packet transmission over the air: multiplexing multiple MSs on a single time slot allocation of multiple timeslots to a single MS
using free slots only if data packets are ready to send (e.g., 115 kbit/s using 8 slots temporarily)
adaptive coding (FEC) schemes (9-21 kbps)
⇒ first step towards flexible data services and adaptation of radio link to channelconditions
carrierTS0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
Multiplexing Multislot capability
Cellular Communication Systems 28Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
connection-orientedpacket switched core
GPRS architecture and interfaces
MS BSS GGSNSGSN
MSC
Um
EIR
HLR/GR
VLR
PDN /Internet
Gb Gn Gi
SGSN
Gn
Legend:SGSN: Serving GPRS Support NodeGGSN: Gatway GPRS Support NodePDN: Packet Data Network
Cellular Communication Systems 29Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
EDGE (Enhanced Data Rates for GSM Evolution)Enhanced spectral efficiency depends on: Size of frequency band Duration of usage Level of interference with others (power)
EDGE Technology: EDGE can carry data speeds up to 236.8 kbit/s for 4
timeslots (theoretical maximum is 473.6 kbit/s for 8 timeslots)
Adaptation of modulation dependingon quality of radio path GMSK (GSM standard – 1 bit per symbol) 8-PSK (3 bits per symbol)
Adaptation of coding scheme (redundancy) dependingon quality of radio path (9 coding schemes)
Gain: data rate (gross) up to 69,2 kbps (compare to22.8 kbps for GSM)
complex extension of GSM!
NodeB
UE 1
UE 2
Near-far problem
Cellular Communication Systems 30Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
2G to 3G Evolution: GSM - GPRS - UMTS
GSMRAN
Base stationBase stationcontroller
Base station
Base station
MSC
ISDN
GSM Core (Circuit switched)
HLRAuCEIR
GMSC
TransmissionATM based
GSM
Cellular Communication Systems 31Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
2G to 3G Evolution: GSM - GPRS - UMTS
GPRS Core (PacketSwitched)
SGSN
GGSN
Inter-net
GSMRAN
Base stationBase stationcontroller
Base station
Base station
MSC
ISDN
GSM Core (Circuit switched)
HLRAuCEIR
GMSC
TransmissionATM based
GSM+GPRS
Cellular Communication Systems 32Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
2G to 3G Evolution: GSM – GPRS - UMTS R99
GPRS Core (PacketSwitched)
SGSN
GGSN
Inter-net
GSMRAN
Base stationBase stationcontroller
Base station
Base station
UTRAN
Radio networkcontroller
Base station Base station
Base station
MSC
ISDN
GSM Core (Circuit switched)
HLRAuCEIR
GMSC
TransmissionATM based
GSM+GPRS+UMTS R99
Cellular Communication Systems 33Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
2G to 3G Evolution: GSM - GPRS - UMTS R5 - IMS
GPRS Core (PacketSwitched)
SGSN
GGSN
Inter-net
GSMRAN
Base stationBase stationcontroller
Base station
Base station
UTRAN
Radio networkcontroller
Base station Base station
Base station
TransmissionIP based
3G Core
GERANGERAN + UMTS R5 + IMS
Cellular Communication Systems 34Andreas Mitschele-Thiel, Jens Mückenheim Oct-16
ReferencesJochen Schiller: Mobile Communications (German and English), Addison-Wesley,
2000(most of the material covered in this chapter is based on the book)
Michel Mouly, Marie-Bernadette Pautet: The GSM System for Mobile Communications. Telecom Pub, Juni 1992
Jörg Eberspaecher, u. a.: GSM Switching, Services and Protocols. John Wiley and Sons Ltd, 2001
Siegmund Redl, u. a.: GSM and Personal Communications Handbook. Artech House, 1998
Gunnar Heine: GSM Networks: Protocols, Terminology, and Implementation. Artech House Mobile Communications Library. Artech House Publishers, 1998