Mobile Communications

Similar documents
GSM. Course requirements: Understanding Telecommunications book by Ericsson (Part D PLMN) + supporting material (= these slides) GPRS

GSM System Overview. Ph.D. Phone Lin.

WIRELESS SYSTEM AND NETWORKING

GPRS System Architecture

10 Call Set-up. Objectives After this chapter the student will: be able to describe the activities in the network during a call set-up.

UNIT-5. GSM System Operations (Traffic Cases) Registration, call setup, and location updating. Call setup. Interrogation phase

Chapter 1 : Historical Background of Mobile Communications Early Systems (World War II)

Cellular Mobile Systems and Services (TCOM1010) GSM Architecture

Chapter 3 GSM and Similar Architectures

GSM System Protocol Architecture

Pertemuan 7 GSM Network. DAHLAN ABDULLAH

Internal. GSM Fundamentals.

General Packet Radio Service (GPRS) 13 年 5 月 17 日星期五

Communication Networks 2 Signaling 2 (Mobile)

UMTS System Architecture and Protocol Architecture

UMTS Addresses and Identities Mobility and Session Management

Introduction to Mobile Computing

GPRS and UMTS T

FROM GSM TO LTE-ADVANCED: AN INTRODUCTION TO MOBILE NETWORKS AND MOBILE BROADBAND 2. GENERAL PACKET RADIO SERVICE (GPRS) AND EDGE

Section 4 GSM Signaling BSSMAP

GSM Hacking. Wireless Mobile Phone Communication 30 th January 2014 UNRESTRICTED EXTERNAL

Information Technology Mobile Computing Module: GSM Handovers

GSM and Similar Architectures Lesson 13 GPRS

Cellular Communication

Basics of GSM in depth

TELE4652 Mobile and Satellite Communication Systems

Mobility and Security Management in the GSM System

Security of Cellular Networks: Man-in-the Middle Attacks

EUROPEAN ETS TELECOMMUNICATION November 1996 STANDARD

3GPP TS V8.0.0 ( )

TELE COMMUNICATIONS Objective Introduction Global System for Mobile Communication (GSM):

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017

Lecture overview. Modifications and derivatives of GSM Data transmission in GSM: HSCSD GPRS part one EDGE

End-to-end IP Service Quality and Mobility - Lecture #5 -

COMP327 Mobile Computing Session: Lecture Set 5 - Wireless Communication Part 2

Nexus8610 Traffic Simulation System. Intersystem Handover Simulation. White Paper

UNIK4230: Mobile Communications Spring Semester, Per Hj. Lehne

ETSI TS V7.1.0 ( )

Abbreviations. Coding Scheme

3G TS V3.1.0 ( )

New service standardisation approach

E2-E3: CONSUMER MOBILITY. CHAPTER-5 CDMA x OVERVIEW (Date of Creation: )

TECHNICAL BRIEFING: MOBILE ACCESS TO THE INTERNET. Bornholm, October 2003

Advanced Computer Networks Exercise Session 4. Qin Yin Spring Semester 2013

3GPP TS V9.4.0 ( )

ETSI TS V6.4.0 ( )

TS V6.0.1 ( )

Last time?! Block 3: Lecture 1! Wireless networks! Ingredients 2: Antennas! Ingredients 1: Mobile Phones, PDAs & Co.! 20/05/14. Part 3: lecture 3!

Please refer to the usage guidelines at or alternatively contact

5. Functions and Procedures within GPRS

TS-3GA (R99)v3.6.0 Serving GPRS Support Node SGSN - Visitors Location Register (VLR); Gs Interface Layer 3 Specification

Signaling System 7 (SS7) By : Ali Mustafa

ETSI TS V5.0.0 ( )

A. Attempt any THREE of the following: 12

Chapter 2 The 3G Mobile Communications

Configuring GPRS Tunneling Protocol Support

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 ISSN

Signaling Protocol Structure in GSM

JP-3GA (R99) Network Architecture

Threat patterns in GSM system. Basic threat patterns:

ETSI TS V4.0.0 ( )

Mobile Security Fall 2013

Communication Systems for the Mobile Information Society

Rab Nawaz Jadoon. Cellular Systems - II DCS. Assistant Professor. Department of Computer Science. COMSATS Institute of Information Technology

ETSI TS V4.0.1 ( )

Part IV: GPRS Interfaces

ETSI TS V ( )

ETSI TS V ( )

3G TS V3.6.0 ( )

CHAPTER 4 SYSTEM IMPLEMENTATION 4.1 INTRODUCTION

Wireless Communications

Trillium 3G Wireless Software

Understand iwag Solution for 3G Mobile Data

GPRS for Mobile Internet

ETSI TS V ( )

System Architecture Evolution

Wireless Communication Systems. Lesson Outline

ETSI TS V5.3.0 ( )

POWER-ON AND POWER-OFF PROCEDURES

Wireless and Mobile Network Architecture

Mobile Security / /

GSM Mobility Management

Hands-On Modern Mobile and Long Term Evolution LTE

Publication of specifications for the mobile network interfaces offered by Wind

COPYRIGHTED MATERIAL. Global System for Mobile Communications (GSM) 1.1 Circuit-Switched Data Transmission

GPRS security. Helsinki University of Technology S Security of Communication Protocols

ETSI TS V3.6.0 ( )

3GPP TS V8.4.0 ( )

Mobile Security Fall 2012

Routing in Mobile Networks

GSM version Overall Description of the General Packet Radio Service (GPRS) Radio Interface Stage 2

Telecommunication Services Engineering Lab

ETSI TS V8.0.1 ( )

EUROPEAN ETS TELECOMMUNICATION July 1998 STANDARD

ETSI TS V ( )

Understanding Carrier Wireless Systems

GPRS Submitted in partial fulfillment of the requirement for the award of degree Of Bachelor of Technology in Mechanical

ETSI TS V6.5.0 ( )

E1-E2 UPGRADATION COURSE CONSUMER MOBILITY. 3G Concept

Mobile Security / /

Transcription:

Mobile Communications 3GPP Public Land Mobile Networks: GSM, GPRS Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto 1

What is the architecture of the GSM network network elements, interfaces, addresses, logical channels, protocol stack? How are calls processed - Mobile Terminated Call, Mobile Initiated Call? How was GSM modified to support data transfer in GPRS? What is the Attach procedure? What is a PDP context? What is the protocol stack of GPRS? 2

GSM 3

Acknowledgment This set of slides includes material (slides) from book Jochen Schiller, Mobile Communications 4

GSM - Overview Formerly: Groupe Spéciale Mobile (founded 1982) Now: Global System for Mobile Communication Pan-European telecom standard ETSI: European Telecommunications Standardisation Institute Seamless roaming within Europe possible Many telecom providers all over the world 5

Services provided by GSM Basic services voice services, short message service, data services Additional services emergency number, group 3 fax Supplementary services» identification: forwarding of caller number» automatic call-back 6

GSM Architecture Public Land Mobile Network (PLMN) MS radio cell MS BSS RSS: Radio SubSystem BTS radio cell MS BTS BSC BSC MSC MSC NSS: Network SubSystem VLR HLR VLR GMSC IWF signaling ISDN, PSTN PDN OSS: Operation SubSystem EIR AuC OMC 7

GSM Architecture Radio Subsystem (RSS) MS - Mobile Station Mobile terminal equipment radio cell MS MS BSS radio cell BTS - Base Transceiver Station Transmitter, receiver and antennas RSS BSC BTS BSC MS BTS BSC - Base Station Controller control of several BTS and MS VLR MSC HLR VLR MSC GMSC IWF signaling ISDN, PSTN PDN EIR AuC OMC BSS Base Station Subsystem BSC MS BSC BTS 8

GSM Architecture Network Subsystem (NSS) Data circuit switching, mobility management Interconnection to other networks, system control MSC - Mobile Switching Centre: circuit switching HLR - Home Location Register: associated to a PLMN (telecom operator) VLR - Visitor Location Register: associated to a MSC GMSC - Gateway MSC: provides interconnection to other networks HLR GMSC fixed network VLR MSC MSC VLR BSC BSC 9

GSM Architecture Operation Subsystem (OSS) Centralized operation, management and maintenance of GSM system OMC - Operation and Management Control of the radio and network subsystems AuC - Authentication Centre Executes security functions and contains security data EIR - Equipment Identity Register Registration and information on Mobile Stations OMC AuC EIR Network HLR MSC Element 10

Mobile Addresses IMSI - International Mobile Subscriber Identity» uniquely identifies the user; stored in the SIM card» composed by Mobile Country Code (MCC) + Mobile Network Code (MNC) + Mobile Subscriber Identification Number (MSIN) MSISDN - Mobile Subscriber Integrated Services Digital Network Number» the telephone number» associated to the service» stored in the SIM card MSRN - Mobile Station Roaming Number» a temporary location dependent ISDN number; generated by local VLR for each mobile station in its area» calls are routed to the MS by using the MSRN» The MSRN has same structure as the MSISDN Country Code of visited network (CC) + National Destination Code (NDC) of visited network + Subscriber Number (SN) in current mobile network TMSI - Temporary Mobile Subscriber Identity» 32 bits» local number allocated by VLR; may be changed periodically» hides the IMSI over the air interface; transmitted instead of IMSI 11

Base Transceiver Station, Base Station Controller BTS executes radio related functions BSC» switching center for radio channels - switches calls from MSC to BTS» executes radio control functions Functions BTS BSC Management of radio channels X Radio channel coding and decoding X Uplink signal measurements X Traffic measurement X Authentication X Location registry, location update X Handover management X BSC BTS MS 12

Mobile Switching Center Switching of 64 kbit/s channels Paging and call forwarding Location registration and forwarding of location information Generation/ forwarding of accounting and billing information 13

Home Location Register (HLR) Central master database» data from every user that has subscribed the operator» one database per operator» may be replicated HLR contains» Subscriber data IMSI - International Mobile Subscriber Identity List of subscribed services with parameters and restrictions» Location data current MSC/VLR address 14

Visitor Location Register (VLR) Local database» data on all users currently in the domain of the VLR» VLR is associated to a MSC For each user, VLR has information on» Subscriber identity IMSI - International Mobile Subscriber Identity» Temporary addresses MSRN - Mobile Station Roaming Number TMSI - Temporary Mobile Subscriber Identity» Temporary location LAI - Location Area Identification 15

GSM FDD, TDMA/FDMA Duplex: FDD Multiple Access: TDMA+FDMA 935-960 MHz 124 channels (200 khz) downlink 890-915 MHz 124 channels (200 khz) uplink FDMA channels time TDMA frame 0 1 2 3 4 5 6 7 4.615 ms time-slot (normal burst) tail user data S training S user data tail guard space 3 bits 57 bits 1 26 bits 1 57 bits 3 bits 8.25 bits Radio interface bit rate 156.25 bits/0.5769 ms= 270.8 kbit/s 148 bits / 0.5465 ms 156.25 bits / 0.5769 ms 16

Burst Structures Normal Burst: normal data transmission TB CD S TS S CD TB GP 3 57 1 26 1 57 3 8.25 Trainin Sequence - allows estimation of propagation characteristics (including multipath), in order to set up the equaliser parameters Stealing flags - indicate that a burst normally assigned to traffic is stolen for signalling Guard Period - avoids overlapping between bursts Tail Bits - assist receiver equalisation (set to 0) Coded Data - user data transmission Access Burst: MS first time access TB SS CD TB GP 8 41 36 3 68.25 Synchronisation Sequence - long training sequence Guard Period - long period since Coded Data - channel or time advance is not yet defined handover access request 17

Stand-alone Dedicated Control Channel Slow Associated Control Channel Fast Associated Control Channel TrafficChannels Full-rate TrafficChannels Half-rate Frequency Correction Channel Synchronization Channel Broadcast Control Channel Random Access Channel Access Grant Channel Paging Channel Logical Channels TCH Traffic Channels CCH Control Channels Full-rate TCH/F Half-rate TCH/H BCH Broadcast Channels CCCH Common Control Channels DCCH Dedicated Control Channels FCCH SCH BCCH RACH AGCH PCH ACCH Associated Control Channels SDCCH SACCH FACCH Uplink channel: MS transmits Downlink channel: BTS transmits Bi-direccional channel: both transmit 18

Logical Channels Channel Direction Application Allocation TCH Traffic Channels TCH/H TCH/F BTS MS User data Allocated by network on demand by MS FCCH Carrier synchronization BCH Broadcast Channels SCH BCCH BTS MS Frame synchronisation General network information Cell information (present and adjacent) Permanent CCCH Common Control Channels RACH AGCH PCH BTS MS BTS MS Request SDCCH for signalling Request TCH for handover Confirmation of SDCCH or TCH request Allert MS to a call originated in the network Multiple access with slotted Alhoa contention between MS Permanent DCCH Dedicated Control Channels SDCCH SACCH FACCH BTS MS Registration / location updating Call control procedures Control information between MS and BTS during the progress of a call or call set up Exchange of time critical control information during the progress of a call Allocated by network on demand Associated to a specific TCH or SDCCH Allocated by network or MS (*) (*) Fast allocation by setting S bit; bits are stolen from TCH 19

Transmit Time Advance Principle of operation» correct timing of uplink bursts are required to avoid overlapping at BTS» different path delays (MS-BTS distances) must be compensated» distant MS should transmit in advance so that its slot becomes time-aligned at BTS» transmission from the MS may be advanced 0-63 bits under BTS control» maximum cell radius is approximately 35 km Initial ranging» Access Burst is transmitted without time advance» BTS measures path delay and sends required time advance on SACCH Then, MS introduces time advance on all bursts and uses Normal Bursts Adaptive control» BTS monitors burst and measures delays» if path delay varies a new time advance is signalled on SACCH TB SS CD TB GP 8 41 36 3 68.25 20

Transmission Power Mobile station power classes GSM 900 GSM 1800 8 W 39 dbm vehicular 4 W 36 dbm vehicular 5 W 37 dbm portable 1 W 30 dbm portable 2 W 33 dbm portable 0.25 W 24 dbm portable 0.8 W 29 dbm portable usual classes 21

Power Control Implemented on uplink and downlink Objective: lowest power level which provides desired quality (BER) Procedure» MS measures power received and BER and sends result on SACCH» BTS sends new power level on SACCH, if and when necessary Control range GSM 900 5-39 dbm GSM 1800 0-36 dbm Comments effective maxima depend on cell size and MS capability control steps of 2 db Channels with no power control - use maximum power for the cell» downlink BCH and CCCH: power set by BTS» uplink RACH BCCH broadcasts maximum power level for the cell MS uses this value to set RACH transmission power 22

GSM Protocol Layers for Signaling U m A bis A MS BTS BSC MSC CM CM MM MM RR LAPD m RR LAPD m LAPD BTSM RR BTSM LAPD BSSAP SS7 BSSAP SS7 radio radio PCM PCM PCM PCM 16/64 kbit/s 64 kbit/s / 2048 kbit/s 23

GSM Protocol Layers for Signaling CM (Connection Management)» call control, short message service and supplementary service MM (Mobility Management)» registration, authentication, location and handover management U m A bis A MS BTS BSC MSC RR (Radio Resource Management)» setup, maintenance and release of radio channels» control of radio transmission quality CM MM RR LAPD m radio RR LAPD m radio LAPD PCM BTSM RR BTSM LAPD PCM BSSAP SS7 PCM CM MM BSSAP SS7 PCM 16/64 kbit/s 64 kbit/s / 2048 kbit/s LAPDm ( Link Access Protocol D-channel modified)» modified version of ISDN LAPD protocol 24

Security in GSM Security services» Access control / Authentication User s SIM (Subscriber Identity Module) contains K i, the subscriber secret authentication key» Confidentiality voice and signaling are encrypted on the wireless link» Anonymity TMSI - Temporary Mobile Subscriber Identity newly assigned at each new location update 3 algorithms specified in GSM» A3 for authentication» A5 for encryption» A8 for key generation

GSM - Authentication mobile network SIM K i RAND RAND RAND K i AuC 128 bit 128 bit 128 bit 128 bit A3 SRES* 32 bit SRES A3 32 bit SIM MSC SRES* =? SRES SRES 32 bit SRES K i : individual subscriber authentication key SRES: signed response

GSM K c Key Generation and Encryption mobile network (BTS) MS with SIM K i RAND RAND RAND K i AuC 128 bit 128 bit 128 bit 128 bit SIM A8 A8 cipher key K c 64 bit K c 64 bit BTS A5 data encrypted data SRES data A5 MS

Mobile Terminated Call 1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: get routing info (MSRN) from VLR 6: forward routing info to GMSC 7: route call to current MSC calling station 8, 9: get current status of MS (LAI + TMSI) 10, 11: paging of MS in location area 12, 13: MS answers paging and authentication request 14, 15: security checks PSTN 1 2 HLR GMSC BSS 4 5 BSS VLR 3 6 15 8 9 14 7 10 MSC 10 13 10 16 11 12 17 MS BSS 11 11 11 16, 17: set up connection 28

Mobile Terminated Call Channel activity at radio interface BTS MS BCCH System parameters and other overhead idle updated incoming call successful access PCH AGCH Paging message to specified TMSI Channel request RACH Assign stand alone dedicated control channel announced TMSI matches stored value successful paging Paging acknowledge SDCCH send RAND calculate SRES / K c SDCCH Authentication request calculate SRES / K c SRES confirmed SDCCH Authentication response Request to transmit in cipher mode SDCCH send SRES switch to cipher mode Acknowledge cipher mode request SDCCH 29

Mobile Terminated Call Channel activity at radio interface (cont.) BTS SDCCH Setup message for incoming call SDCCH Assign traffic channel and release SDCCH Acknowledge channel assignment FACCH FACCH Alerting mobile MS switch signaling to FACCH using assigned TCH generate ringing sound Connect FACCH mobile off-hook switch to traffic channel FACCH Connect acknowledge switch to traffic channel TCH data flow remote party on-hook FACCH Disconnect Release FACCH FACCH Release complete FACCH Release traffic channel idle updated 30

Mobile Originated Call 1, 2: connection and authentication request 3, 4: security check 5-8: check resources (obatain circuit) 9-10: set up call PSTN 6 5 GMSC 7 8 MS 1 10 HLR 3 4 MSC 2 9 BSS 31

Mobile Originated Call Channel activity at radio interface BTS MS BCCH System parameters and other overhead idle updated successful access AGCH Channel request RACH Assign stand alone dedicated control channel number dialed Call establishment request SDCCH send RAND calculate SRES / K c SDCCH Authentication request calculate SRES / K c SRES confirmed SDCCH Authentication response Request to transmit in cipher mode SDCCH send SRES switch to cipher mode Acknowledge cipher mode request SDCCH 32

Mobile Originated Call Channel activity at radio interface BTS Setup message for outgoing call SDCCH SDCCH Assign traffic channel and release SDCCH Acknowledge channel assignment FACCH MS switch signaling to FACCH using assigned TCH remote party ringing remote party off-hook switch to traffic channel FACCH Alerting remote party FACCH Connect Connect acknowledge FACCH ringing tone switch to traffic channel TCH data flow Disconnect FACCH mobile on-hook FACCH Release FACCH Release traffic channel Release complete FACCH idle updated 33

GPRS General Packet Radio Service 34

GPRS - General Packet Radio Service Adds packet switching to GSM data transferred as packets Simplifies access to Internet Improves network efficiency 35

GPRS Architecture 36

GPRS Architecture Addition of 2 new network elements: SGSN, GGSN SGSN: Serving GPRS Support Node» Authentication» Packet switch» Control of the logical link» Mobility management» Traffic accounting GGSN: Gateway GPRS Support Node» Router for the IPv4/IPv6 Internet xgsns network elements» Interconnected by common packet network (eg. IP over Ethernet)» Tunnels established between SGSN and GGSN GTP (GPRS Tunneling Protocol) 37

Terminal Attachment to GPRS Before using GPRS» terminal must perform Attach procedure During Attach» Network verifies if user is subscribed» Subscriber profile transferred from HLR to SGSN» Temporary packet identifier assigned to subscriber: P-TMSI GPRS Attach may be combined with GSM attach 38

MS UTRAN new SGSN old SGSN GGSN HLR 1. Attach Request 3. Identity Request 3. Identity Response 4. Authentication 5. IMEI Check 8. Attach Accept 9. Attach Complete C1 2. Identification Request 2. Identification Response 6a. Update Location 6d. Insert Subscriber Data 6b. Cancel Location 6c. Cancel Location Ack 6e. Insert Subscriber Data Ack 6f. Update Location Ack 7a. Location Update Request 7h. Location Update Accept 10. TMSI Reallocation Complete EIR new MSC/VLR Combined GSM/GPRS Attach 7b. Update Location 7c. Cancel Location 7d. Cancel Location Ack 7e. Insert Subscriber Data 7f. Insert Subscriber Data Ack 7g. Update Location Ack old MSC/VLR 39

PDP Context Establishment of a packet session (after successful Attach procedure)» Terminal obtains IP address» PDP context is defined and stored and MS, SGSN and GGSN PDP context contains» Type of external packet network (e.g. IPv4 or IPv6)» Address assigned to the MS (e.g. IPv4 address)» GGSN address (default gateway) GGSN makes the association between IMSI and IP addresses Context created terminal reachable data can be transferred 40

Air Interface Same as GSM 41

Logical Channels Data channel» PDTCH: Packet Data Traffic CHannel; used to transfer data packets Control channels» Common PBCCH: Packet Broadcast Control Channel; BSS MS network organization; relationship between logical and physical channels PRACH: Packet Random Access Channel; used by MS to request PDTCH PAGCH: Packet Access Grant Channel; used by BSS to grant PDTCH to MS PPCH: Packet Paging Channel; used by BSS to locate terminal» Dedicated PACCH: Packet Associated Control CHannel channel associated to a PDTCH If control channels, P???, are unavailable GSM control channels are used 42

RLC Data Transference Uplink and Downlink 43

Protocol Architecture Data Plane 44

Protocol Architecture Data Plane PDP Context GTP - GPRS Tunneling Protocol» Tunnel; transports IP packets» Used at the networks backbone» GTP packets transported over UDP/IP SNDCP - Subnetwork Dependent Convergence Protocol» Packet transference between MS e SSGN» Header compression, data protection 45

Protocol Architecture Data Plane LLC (MS-SSGN) RLC MAC Logical link connection between MS and SSGN; based on LAPDm (GSM) In order delivery, flow control Acknowledge and not-acknowledge services Reliable link between MS and BSS Segments and reassembles LLC frames into RLC blocks ARQ of blocks Based on slotted Aloha Logical channels PLL+RLF (Physical Link Layer) Provide physical channel for data Error detection, FEC Modulation; same used in GSM 46

Protocol Architecture Control Plane 47

Interconnection to an IP Network 48

Homework 1. Review slides 2. Read from Schiller, Chap. 4.1 GSM and GPRS 3. Read from Agilent Technologies, Understanding General Packet Service (GPRS), Application Note 1377 4. Answer questions at moodle 49

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback