Internal Only
Agenda
GPRS EDGE
Security in GPRS
Internal Only
GPRS
(General Packet Radio Service)
Internal Only
Agenda
General GPRS GPRS Network GPRS Roaming
Security in GPRS
Internal Only
General GPRS
Internal Only
100 90 80 70 60 50 40 30 20 10 0 9.6kbps (Today) CS-1 14.4kbps CS-2 HSCSD 38.4-64kbps GPRS 115kbps EDGE 384kbps Technology
Higher Bandwidth!
Internal Only
GPRS Network
Internal Only
BSC
MSC/VLR
Gs
MAP Gr (MAP)
HLR IP Network
Gi (IP)
BTS data for the radio interface and PS data descrimination and channel allocation interface is reused
Gd (MAP)
lPacket
Gb
Gc
lCS
lSlot
lExisting A
SGSN
Gn
GGSN
Gn
BSC
lGPRS
SMS-GMSC SMS-IWMSC
Backbone Network IP
MS
Mobility Management lGb Frame Relay lAllocation of PDCH in cells lHandling of GPRS Paging lBroadcast GPRS information
HLR
Internal Only
lGPRS lMaps
subscription and routing information subscriber to one or more GGSNs SGSN at attach and detach
BSC
MSC/VLR
Gs
MAP Gr (MAP)
HLR
lUpdate
Gb
Gc Gi (IP)
IP Network
MS
SMS-GMSC SMS-IWMSC
SGSN
Gd (MAP) Gn
GGSN
Gi (X.25) Gn
MSC
lLocation
info from
SGSN lCS paging request to SGSN lSignalling coordination for class A/B mobile (Gs)
Backbone Network IP
X.25 Network
SMS-SC SS7/MAP based SMS is delivered over GPRS for GPRS attached terminals
Internal Only
SMS-G/IW MSC
Gd (MAP)
BSC
MSC/VLR
Gr (MAP) Gs (BSSAP+)
Gb
Charging can be done at SGSN or GGSN or both for data volume and / or SGSN MS for PDP context duration
Gi (IP)
GGSN
Gn Gi (IP)
Gn
Mediation
Types of CDRs in GPRS S-CDR : radio n/w related (fm SGSN) G-CDR : for External n/w usage (fm GGSN) M-CDR : related to MM activities (fm SGSN) 2 CDRs related to usage of SMS with GPRS (fm SGSN)
Internal Only
BSC
Gd (MAP)
MSC/VLR
Gr (MAP) Gs (BSSAP+)
Gb
SGSN MS
Gn
Gi (IP)
GGSN
Gn Gi (IP)
Mediation
Billing Gateway Functions interface between GSNs and existing billing systems Matching & Filtering of CDRs per PDP context basis Rating : can put price tag to GPRS CDRs, partly or fully Can convert volume based CDRs into time based CDRs for billing systems Storing : (i) Stores security the CDRs till a session ends (ii) The matched CDRs are stored till billing system needs them for processing
Internal Only
GPRS Interfaces
Ericsson Ericsson BSS BSS
G b A
SMS-GMSC SMS-IWMSC
Gd (MAP)
MSC/VLR
Gs
Gr (MAP)
HLR
Gc (MAP) Gi (IP)
MS
A
SGSN
Gb Gn
GGSN
Gi (IP) Gn Ga
BGW
MS
Internal Only
SOG AUC
SGSN
GGSN
BG
Backbone Backbone Network Network
Authentication and Ciphering Req. Authentication and Ciphering Response Create PDP context Request Create PDP context Response
Internal Only
Mobile Terminals
Class A mode of operation: Attached both to CS and PS Simultaneous Circuit (CS) and Packet-Switched (PS) services Class B mode of operation: Attached both to CS and PS. Automatic choice of service, CS or PS, but only one at a time Class C mode of operation: Can be attached to either CS or PS service
Internal Only
GPRS Roaming
Internal Only
PLMN Roaming
HPLMN
DN DN S S SGS SGS N N APN available in Home PLMN only GGS GGS N N
ISP
DN DN UPLMN
MS
VPLMN
Internal Only
ISP Roaming
HPLMN
SGS SGS N N APN available in Visited PLMN DN DN S S
MS
GGS GGS N N
VPLMN
GGS GGS N N
ISP
Internal Only
BSS
SGS SGS N N
HLR
GGS GGS N N
Gb
ISP
HPLMN1
BSS HLR MS HPLMN4
Internal Only
HPLMN1
SGS SGS N N
Normal GSM Roaming APNs are same as GGSN is common CDRs generated in Visited SGSN Gn
GGS GGS N N
ISP
SGS SGS N N
HPLMN2
Internal Only
GR X
DN S DN S
GR X
DN S VPLMN2 - INT DNS
Internal Only
Roaming Billing
TAP - Records (Transferred Account Procedure)
Existing methods of TAP exchanges shall be used TAP File Spec 3 required - GPRS enhancements like: data volume, IP address, APN, etc.
Different concepts to existing TAP Record Procedures
Partial Records Generated + Data volume counts CDRs from HGGSN and VSGSN - different records from different networks for the same connection
Internal Only
Internal Only
Operator
GRX
Internal Only
Threat:
Denial of Service from invalid or flood of GTP traffic Undesirable GTP messages
Solution:
GTP traffic management prevents the GSNs from being overwhelmed GTP packet sanity check in firewall prevents GSNs from having to try to process malformed GTP packets GTP stateful inspection prevents GSNs from having to process GTP packets which dont make sense because of no PDP context or wrong PDP context state GTP policies which determine which GTP messages should be allowed
Internal Only
Threat:
GTP traffic from a non-roaming partner can kill a MS session or hijack a session GTP traffic spoofed to appear from a valid roaming partner
Solution:
GTP security policies block traffic from non-roaming partners High performance IPSec tunnels across GRX can be used to maintain confidentiality and integrity of GTP and prevent GTP from being spoofed
Internal Only
Threat:
A subscribers Internet connection may be flooded by incoming traffic The Gi Internet connection may be flooded Hackers may attack subscribers with malicious traffic
Solution:
Firewall traffic management protects the Gi Internet connection for subscribers and the PLMN as a whole Firewall can protect against many common attacks
Internal Only
EDGE
(Enhanced Data rates for GSM Evolution)
Internal Only
Agenda
General EDGE EDGE Network
Security in GPRS
Internal Only
GPRS Evolution
- The Way to UMTS BTS SMS-G/IW MSC MSC/VLR
HLR
SOG AUC
MS
BSC
MS
SGSN
GGSN
MS
U T R A N
R R N N C C R R N N C C
BG
Backbone Backbone Network Network
PTM-SC
Internal Only
384 kbps
115 kbps
EDGE
GPRS
Internal Only
The Abbreviation
GPRS = General Packet Radio System
Internal Only
kbps 60 50 40
59.2
44.8
30 20 10 0
CS1 CS2 CS3 CS4
12.0 8.0 8.4 20.0 14.4 11.2 14.8 17.6 22.4
29.6
MCS1
MCS2
MCS3
MCS4
MCS7
MCS8
MCS5
MCS6
GPRS
EGPRS
GMSK modulation
8PSK modulation
MCS9
Internal Only
Internal Only
Network modification !
Internet GPRS
MS
GPRS Protocol
SGS SGSN N
GGS GGSN N
PCU
EDGE
MS
EDGE Protocol
No changes
Internal Only
EDGE ...
is easy to implement increases both capacity and performance in GPRS networks
Internal Only
Questions ?
Thank You !!