Anda di halaman 1dari 53

GSM

Global System for Mobile Communication

2000 SASKEN All Rights Reserved

What are the types in GSM Network?

GSM-900 (Channels 125 operating band 900Mhz carrier spacing 200khz spacing 45Mhz) GSM -1800 (Channels 374 spacing 95Mhz)

2000 SASKEN All Rights Reserved

GSM in comparison with other Standards


GSM gives mobility without any loss in Audio quality

Encryption techniques used gives high security in the air


Interface and also use of SIM.

Variable Power (Power budgeting- extend battery life) Minimum Interference.

SMS (Short Message Services)


Emergency Calls CELL Broadcast

2000 SASKEN All Rights Reserved

GSM Concepts - Cellular Structure

2 2 7 1 6 4 3 6 5 7 1

Cellular Networking technology that breaks geographic area into cells shaped like honey comb Cell Area of coverage provided by one or more Radio terminals

2000 SASKEN All Rights Reserved

GSM System specifications


Frequency band Uplink 890 MHz-915 MHz Downlink 935 MHz-960MHz Duplex distance 45MHz Carrier separation 200KHz Modulation GMSK Air transmission rate 270Kbps Access method FDMA/TDMA Speech Coder RPE-LTP-LPC (Regular pulse excitation -Long Term predictive -linear predictive Coder)

2000 SASKEN All Rights Reserved

Transmission Direction
Uplink Transmission Transmission from Mobile to Radio Terminal Down Link Transmission Transmission from Radio Terminal to Mobile Uplink and Downlink channels separated by 45 MHz

2000 SASKEN All Rights Reserved

Access Techniques
Uplink 890 MHz to 915 MHz Down Link 935 MHz to 960 MHz 25 MHz divided into 125 channels of 200 KHz bandwidth

UP

890.0

890.2

890.4

914.8

915.0

DOWN 935.0

935.2

935.4

959.8

960.0

2000 SASKEN All Rights Reserved

Access Techniques
Time Division Multiple Access Each carrier frequency subdivided in time domain into 8 time slots Each mobile transmits data in a frequency, in its particular time slot - Burst period = 0.577 milli secs. 8 time slots called a TDMA frame. Period is .577 * 8 = 4.616 milli secs
0.577 ms 0 1 2 3 4.616 ms 4 5 6 7

2000 SASKEN All Rights Reserved

Radio Channel Allocation

2000 SASKEN All Rights Reserved

Transmission on the radio channels


A timeslot has a duration of .577 seconds 8 timeslots(8 x 0.577 = 4.62 ms) form a TDMA frame If a mobile is assigned one TS it transmits only in this time slot and stays idle for the other 7 with its transmitter off. The start on the uplink is delayed from downlink by 3 TS periods One TS = duration of 156.25 bits, and its physical contents is called a burst
Downlink 0
BTS > MS

3 0

4 1

5 2

6 3

7 4

0 5

1 6

2 7

3 0

4 1

5 2

6 3

7 4 5 6 7

Uplink
MS > BTS

Offset

2000 SASKEN All Rights Reserved

Power Control

BTS commands MS at different distances to use different power levels so that the power arriving at the BTSs Rx is approximately the same for each TS - Reduce interference - Longer battery life

2000 SASKEN All Rights Reserved

GSM - Network Structure


MS Um BTS BSC Abis A MS BTS Abis A EIR MSC PSTN GMSC AuC MSC VLR HLR

BSC

Um
BTS VLR OMC Server

2000 SASKEN All Rights Reserved

GSM Network

SS External PSTN & PDN N/W VLR

AUC HLR MSC EIR

Switching System
OMC

MS Mobile Station BTS Base transceiver System BSC Base Station Controller BSS BSC MSC Mobile Switching Center HLR Home Location Register BTS VLR Visitor Location Register EIR Equipment Identity Register MS AUC Authentication Center OMC Operation And Maintenance Center

Base Station System

2000 SASKEN All Rights Reserved

Mobile Station (MS)

Hand portable unit

Frequency and Time Synchronization


Voice encoding and transmission Voice encryption/decryption functions Power measurements of adjacent cells Display of short messages International Mobile Equipment Identifier (IMEI)

2000 SASKEN All Rights Reserved

Subscriber Identity Module (SIM)


Portable Smart Card with memory (ROM-6KB to 16KB-A3/A8
algorithm, RAM- 128KB TO 256KB, EEPROM- 3KB to 8KB )

Static Information
International Mobile Subscriber Identity(IMSI) (MCC + MNC+MSIN Personal Identification Number (PIN)* Authentication Key (Ki)

Dynamic Information
Temporary Mobile Subscriber Identity(TMSI) Location Area Identity (LAI)

Phone memories, billing information


Ability to store Short Messages received

2000 SASKEN All Rights Reserved

Base Transceiver Station (BTS)


Consists of one or more radio terminals for
transmission and reception

Each Radio terminal represents an RF Channel TRX and MS communicates over Um interface Voice encryption/decryption

Signal processing functions of the radio interface


Uplink Radio channel power measurements

2000 SASKEN All Rights Reserved

Base Station Controller (BSC)


External Interfaces
Abis interface towards the BTS A interface towards the MSC

Monitors and controls several BTSs Management of channels on the radio interface

Alarm Handling from the external interfaces


Performs inter-cell Handover Switching from Abis link to the A link Interface to OMC for BSS Management

2000 SASKEN All Rights Reserved

Gateway Mobile Services Switching Center (GMSC)


Interface of the cellular network to PSTN Routes calls between PLMN and PSTN Queries HLR when calls come from PSTN to mobile
user

Inter-BSC Handover Performs call switching Paging

Billing

2000 SASKEN All Rights Reserved

Home Location Register (HLR)


Stores user data of all Subscribers related to the
GMSC

International Mobile Subscriber Identity(IMSI) Users telephone number (MS ISDN) Subscription information and services

VLR address
Reference to Authentication center for key (Ki)

Referred when call comes from public land network.

2000 SASKEN All Rights Reserved

Visitor Location Register (VLR)

Identity of Mobile Subscriber

Copy of subscriber data from HLR


Generates and allocates a Temporary Mobile
Subscriber Identity(TMSI)

Location Area Code


Provides necessary data when mobile originates
call

2000 SASKEN All Rights Reserved

Authentication Center (AuC)


Stores Subscriber authentication data called Ki, a
copy of which is also stored in in the SIM card

Generates security related parameters to authorize a


subscriber (SRES-Signed RESponse)

Generates unique data pattern called Cipher key


(Kc) for user data encryption

Provides triplets - RAND, SRES & Kc, to the HLR on


request.

2000 SASKEN All Rights Reserved

Security - Authentication
MS
Ki RAND

A3
SRES
MS BTS AuC

RAND SRES SRES Auth Result

Authentication center provides RAND to Mobile AuC generates SRES using Ki of subscriber and RAND Mobile generates SRES using Ki and RAND Mobile transmits SRES to BTS BTS compares received SRES with one generated by AuC

2000 SASKEN All Rights Reserved

Security - Ciphering
MS
Ki RAND

A8

Kc MS Kc

Um interface Network Kc Ciphered Data

Data

A5

Data

A5

Data sent on air interface ciphered for security A5 and A8 algorithms used to cipher data Ciphering Key is never transmitted on air

2000 SASKEN All Rights Reserved

EIR (Equipment Identity Register)


EIR is a database that contains a list of all valid
mobile station equipment within the network, where each mobile station is identified by its International Mobile Equipment Identity(IMEI).

EIR has three databases.,


White list - For all known,good IMEIs Black list - For all bad or stolen handsets Grey list - For handsets/IMEIs that are uncertain

2000 SASKEN All Rights Reserved

OMC
Fault and Alarm Management
In case of fault, the operator can execute tests and diagnostics and change the states of the network element. The operator can initiate traffic control.

Configuration and Operations Management


A new software version can be loaded and run at right network element by the OMC. Installation of new BTSs / BSC.

Performance Management
The operator can schedule the collection of data from a certain network element.

Security Management

2000 SASKEN All Rights Reserved

What is happening to my speech ?


13 Kbps coded to 22.8 kbps send on Um

BTS
From 22.8 decode to 13 kbps 13 kbps speech data 3 kbps TRAU

2.048 mbps 16Kbps 64Kbps 16Kbps

2.048 mbps

BSC
0 1 2 3 4 31

64Kbps

1 2 3 4

31

From 16 kbps , 3kbps TRAU removed 13 kbps to 64 kbps

TRAU

2.048 mbps 16Kbps 64Kbps

1 2 3 4

31

MSC

2000 SASKEN All Rights Reserved

Channel concept
Physical channel:
One timeslot of a TDMA-frame on one carrier is referred to as a physical channel. There are 8 physical channels per carrier in GSM, channel 0 to 7(timeslot 0-7)

Logical channel:
A great variety of information must be transmitted between BTS and the MS,for e.g.user data and control signaling.Depending on the kind of information transmitted we refer to different logical channels.These logical channels are mapped on physical channel.

2000 SASKEN All Rights Reserved

Logical channels Logical channels

Control channels

Traffic channels Full rate

BCH

CCCH

DCCH

Half rate

FCCH SCH BCCH

PCH AGCH RACH SDCCH SACCH FACCH

2000 SASKEN All Rights Reserved

Control channels: Broadcast channels BCH


BCH Allotted one ARFCN & is ON all the time in every cell. Present in TS0 and other 7 TS used by TCH.

FCCH - Frequency correction channel


To make sure this is the BCCH carrier. Allow the MS to synchronize to the frequency. Carries a 142 bit zero sequence and repeats once in every 10 frames

on the BCH.

Synchronization Channel-SCH
This is used by the MS to synchronize to the TDMA frame structure

within the particular cell. Listening to the SCH the MS receives the TDMA frame number and also the BSIC ( in the coded part- 39 bits). Repeats once in every 10 frames.

2000 SASKEN All Rights Reserved

Control channels Broadcast channels BCH


Broadcast Control Channel-BCCH
The last information the MS must receive in order to receive

calls or make calls is some information concerning the cell. This is BCCH. This include the information of Max power allowed in the cell. List of channels in use in the cell. BCCH carriers for the neighboring cells,Location Area Identity etc. BCCH occupies 4 frames (normal bursts) on BCH and repeats once every Multiframe. This is transmitted Downlink point to multipoint.

2000 SASKEN All Rights Reserved

Control Channels: Common Control Channels (CCCH)

CCCH- Shares TS-0 with BCH on a Multiframe.


Paging Channel-PCH

The information on this channel is a paging message including the MSs identity(IMSI/TMSI).This is transmitted on Downlink, point-to-multipoint.

Random access channel-RACH

When the mobile realizes it is paged it answers by requesting a signaling channel (SDCCH) on RACH. RACH is also used by the MS if it wants to originate a call. Initially MS doesnt know the path delay (timing advance), hence uses a short burst (with a large guard period = 68.25 bits).

MS sends normal burst only after getting the timing advance info on the SDCCH.
It is transmitted in Uplink point to point.

2000 SASKEN All Rights Reserved

Control Channels: Common Control Channels (CCCH)

Access Grant Channel-AGCH


On request for a signaling channel by MS the network assigns a signaling channel(SDCCH) on AGCH. AGCH is transmitted on the downlink point to point

2000 SASKEN All Rights Reserved

Control Channels Dedicated Control Channels (DCCH)

Stand alone dedicated control channel(SDCCH)


AGCH assigns SDCCH as signaling channel on request by MS.The MS is informed about which frequency(ARFCN) & timeslot to use for traffic. Used for authentication of MS by the network. The MS communicates with the BSS and MSC over SDCCH until a TCH is assigned. This is used both sides, up and Downlink point-point.

2000 SASKEN All Rights Reserved

Control Channels Dedicated Control Channels (DCCH)


Slow associated control channel-SACCH
Average signal strengths(RXLev) and quality of service (RXQual) of the serving base station and of the neighboring cells is sent on SACCH (on uplink). Mobile receives information like what TX power it has to transmit and the timing advance. It is associated with TCH or SDCCH

Fast associated control channel-FACCH


This channel is used by BTS to command a handover. Whenever a call is to be transferred from one cell to another cell this channel is used in stealing mode.

2000 SASKEN All Rights Reserved

Traffic Channels-TCH
TCH carries the voice data.
Two blocks of 57 bits contain voice data in the normal burst.

One TCH is allocated for every active call.


Full rate traffic channel occupies one physical channel(one TS on a carrier) and carries voice data at 13kbps

Two half rate (6.5kbps) TCHs can share one physical


channel.

2000 SASKEN All Rights Reserved

Burst

The information format transmitted during one


timeslot in the TDMA frame is called a burst.

Different types of bursts:


Normal Burst

Random Access Burst


Frequency Correction Burst Synchronization Burst

2000 SASKEN All Rights Reserved

Normal Burst
156.25 bits 0.577 ms

T Coded Data 3 57

S T. Seq. 1 26

S Coded Data T GP 1 57 3 8.25

Tail Bit(T) :Used as Guard Time Coded Data :It is the Data part associated with the burst Stealing Flag :This indicates whether the burst is carrying Signaling data (FACCH) or user info (TCH). Training Seq. :This is a fixed bit sequence known both to the BTS & the MS.This takes care of the signal deterioration.

2000 SASKEN All Rights Reserved

156.25 bits 0.577 ms

T 3

Training Sequence 41

Coded Data 36

T 3

GP 68.25

Random Access Burst


156.25 bits 0.577 ms

T 3

Fixed Bit Sequence 142

T 3

GP 8.25

Freq. Correc. Burst


156.25 bits 0.577 ms

T Coded Data Training Sequence Coded 39 64 Data 39 3 Synchronization Burst

T GP 3 8.25

2000 SASKEN All Rights Reserved

Handover
Means to continue a call even a mobile crosses the
border of one cell to another

Procedure which made the mobile station really roam Handover causes
RxLev (Signal strength , uplink or downlink)

RxQual
O & M intervention Timing Advance

Traffic or Load balancing

2000 SASKEN All Rights Reserved

Handover Types
Internal Handover (Intra-BSS)
Within same base station - intra cell Between different base stations - inter cell

External Handover (Inter-BSS)


Within same MSC -intra MS Between different MSCs - inter-MSC

2000 SASKEN All Rights Reserved

Handover Types
MSC BSC GMSC

BSC

C-3
BSC MSC

C-4

C-1

C-2

BSC

2000 SASKEN All Rights Reserved

Intra BSC handover


HO required Activate TCH(facch) with HoRef#

HO performed

BSC

Acknowledges and alloctes TCH (facch) if 1. Check for HO passed 2. Channel avail in new BTS

BTS 2

Periodic Measurement Reports (SACCH)

Periodic Measurement Reports

MS tunes into new frequency and TS and sends HO message to new BTS (facch)
Receives new BTS data(FACCH)

HO cmd with HoRef#

Release TCH

Cell 2
Periodic Measurement Reports (SACCH)

BTS 1

Cell 1

2000 SASKEN All Rights Reserved

GSM Identifiers-Subscriber Identities - MSISDN


The MSISDN is a GSM directory number which
uniquely identifies a mobile subscription in the Public Switched Telephone Network (PSTN).

Calls will be routed from the PSTN and other


networks based on the Mobile Subscribers MSISDN number.

MSISDN = CC + NDC + SN
CC= Country Code (91) NDC= National Destination Code(98370) SN= Subscriber Number (12345)

2000 SASKEN All Rights Reserved

International Mobile Subscriber Identity [IMSI]


A subscriber is always identified within the GSM
network by the IMSI This is used for all signaling in the PLMN. It is stored in the Subscriber Identity Module(SIM), in the HLR and in the VLR. The IMSI consists of three different parts.

IMSI= MCC + MNC + MSIN digits)+(maximum 11 digits)


MCC = Mobile Country Code MNC = Mobile Network Code MSIN = Mobile Station Identification Number

(Maximum of 15 digits)=(3 digits)+(1-2

2000 SASKEN All Rights Reserved

Temporary Mobile Subscriber Identity [TMSI]


The TMSI is used for the subscribers
confidentiality.

It should be combined with the LAI to uniquely


identify a MS.

Since the TMSI has only local significance (that is,


within the MSC/VLR area), the structure may be chosen by each administration.
The TMSI should not consist of more than four octets.

2000 SASKEN All Rights Reserved

Mobile Station Roaming Number[MSRN]


HLR knows in what Service area the subscriber is located. In order to provide a temporary number to be used for routing, the HLR requests the current MSC/VLR to allocate a Mobile Station Roaming Number(MSRN) to the called subscriber and to return it. At reception of the MSRN, HLR sends it to the MSC, which now can route the call to the VLR where the called subscriber is currently registered.

2000 SASKEN All Rights Reserved

International Mobile Equmt. Identity [IMEI]


The IMEI is used for equipment identification. An
IMEI uniquely identifies a mobile station as a piece or assembly of equipment.

IMEI = TAC + FAC + SNR + sp


TAC= Type Approval Code (6 digits),determined by GSM body

FAC= Final Assembly Code (2 digits), identifies the manufacturer


SNR= Serial Number (6 digits), uniquely identifying all equipment within each TAC and FAC

sp

= Spare for future use (1 digit)

2000 SASKEN All Rights Reserved

Location Area Identity


LAI identifies a location area which is a group of cells. It is transmitted in the BCCH. When the MS moves into another LA (detected by monitoring
LAI transmitted on the BCCH) it must perform a LU.

LAI = MCC + MNC + LAC


MCC= Mobile Country Code(3 digits), identifies the country MNC= Mobile Network Code(1-2 digits), identifies the GSM PLMN LAC= Location Area Code, identifies a location area within a GSM PLMN network. The maximum length of LAC is 16 bits, enabling 65536 different location areas to be defined in one GSM PLMN.

2000 SASKEN All Rights Reserved

2000 SASKEN All Rights Reserved

MS registration in network
MS scans complete GSM frequency band for highest
power

Tunes to highest powered frequency and looks for


FCCH. Synchronizes in frequency domain

Get training sequence from SCH which follows


FCCH. Synchronizes in time domain.

Accesses BCCH for network id, location area and


frequencies of the neighboring cells

2000 SASKEN All Rights Reserved

MS Location Update (registration)


MS BTS BSC (G)MSC VLR HLR

Action

Channel Request (RACH) Channel Assignment (AGCH)


TMSI + old LAI

Location Update Request (SDCCH) Authentication Request (SDCCH) Authentication Response (SDCCH)

Comparison of Authentication params


Accept LUP and allocTMSI (SDCCH) Ack of LUP and TMSI (SDCCH) Entry of new area and identity into VLR and HLR Channel Release (SDCCH)

2000 SASKEN All Rights Reserved

MS

Mobile Originated Call


BTS BSC VLR HLR

MS BTS
Authentication response (SDCCH)

AuC GMSC

EIR
Authentication request (SDCCH)

MSC PSTN
Ring alert Speech path enabled Called Sub answers

Req for dedicated channel BSC Authentication response Allocates SDCCH using the AGCH (SDCCH) for signaling (RACH) BTS
SDCCH released TCH assigned Ring Sends callFACCH requestGive SDCCH tone over set-up including Call set-up forwarded Ring tone ceases over FACCH Release SDCCH Activate TCH dialled digits on SDCCH to BSC

Connect Assigns TCH Req Assn complete message Call set-up forwarded to MSC

2000 SASKEN All Rights Reserved

Mobile Terminated Call


MS Paging Assignment CMD (=TCH) on SDCCH BTSTMSI Paged on PCH BSC HLR

VLR
Query for VLR info Reply (MSRN) EIR

MS

* MS Allocate tunes Page RESP on SDCCH Ch. REQ SDCCH * Phone overRACH rings ( AGCH overTMSI + LAI) BTS

Connect traffic Ch.to trunk GMSC frees SDCCH Query VLR Page RES Page for LAC and Paging Assign. REQ TMSI the area (+TMSI) Route to MSC Network Alerting MSC
BSC

AuC

PSTN

BTS Land to Mobile call (MSISDN)

Authentication and Ciphering procedure done as seen in Location Updation

2000 SASKEN All Rights Reserved

Anda mungkin juga menyukai