Digital Cellular System and GSM

GSM Overview
– Architecture
– Channels
– Signaling

Maria Leonora Guico

Tcom 126 2nd Sem Lecture 2
Digital Cellular Telephone System
• Inherent advantages over analog systems
are:
– Better utilization of bandwidth
– More privacy
– Incorporation of error detection and correction
• Uses digital modulation
GSM Overview
• Global System for Mobile Communications,
is a digital cellular communications system

• GSM provides:
•Digital Transmission
•ISDN (Integrated Services Digital
network) compatibility
•Worldwide roaming in other GSM networks
•Provides a model for 3G Cellular systems
Characteristics of GSM Standard
 Fully digital system using 900,1800, 1900 MHz
frequency band.
 TDMA over radio carriers (200 KHz carrier spacing).
 8 full rate or 16 half rate TDMA channels per carrier.
 User/terminal authentication for fraud control.
 Encryption of speech and data transmission over the
radio path.
 Full international roaming capability.
 Low speed data services (up to 9.6 Kbps).
 Compatibility with ISDN.
 Support of Short Message Service (SMS).
Advantages of GSM over Analog system
 Capacity increases
 Reduced RF transmission power and longer battery
life.
 International roaming capability.
 Better security against fraud (through terminal
validation and user authentication).
 Encryption capability for information security and
privacy.
 Compatibility with ISDN, leading to wider range of
services
Nomenclature
MS (Mobile Station) = ME (Mobile Equipment ) +SIM
(Subscriber Identity Module)
BSS (Base Station Subsystem) = BTS (Base
Transceiver Station) + BSC (Base Station Controller)
NSS (Network Switching Subsystem)
NMS (Network Management Subsystem)
MSC (Mobile Switching Center): telephony switching
function and authentication of user
GSM Architecture
GSM system consists of three interconnected sub-systems:

 Base Station Subsystem (BSS)

 Mobile station (MS)
 Base Transceiver Station (BTS)
 Base Station Controllers (BSC)

 Network Switching Subsystem (NSS)

 Mobile Switching Center (MSC)
 Home Location Register (HLR)
 Visitor Location Register (VLR)
 Authentication center (AUC)

 Operation Support Subsystem or Network Management

System (NMS)
 Operation Maintenance Centers
 GSM architecture

• The BTS provides last mile connection to the MS and communication is

between the BTS and MS
• BSCs connect the MS to the NSS
• Handover between BTS within same BSC is handled by the BSC
 GSM Architecture
Mobile Stations Base Station Network Subscriber and terminal
Subsystem Management equipment databases

OMC
BTS
Exchange
System
VLR
BTS BSC MSC
HLR AUC

BTS EIR
 Mobile Station (MS)

The Mobile Station is made up of two entities:

1. Mobile Equipment (ME)

2. Subscriber Identity Module (SIM)
Mobile Station (MS)
Mobile Equipment

 Portable, vehicle mounted, hand held device

 Uniquely identified by an IMEI (International Mobile
Equipment Identity)
 Voice and data transmission (A5 encryption
algorithm)
 Monitoring power and signal quality of surrounding
cells for optimum handover
 Power level : 0.8W – 20 W
 160 character long SMS
Mobile Station (MS) cont.
Subscriber Identity Module (SIM)
 Smart card contains the International Mobile
Subscriber Identity (IMSI)
 Allows user to send and receive calls and receive
other subscribed services
 Encoded network identification details
- Keys Ki, Kc and A3 and A8 algorithms
- A3 algorithm for authentication
- A8 algorithm for key generation
 Protected by a password or PIN
 Can be moved from phone to phone – contains key
information to activate the phone
Terms Defined
Ki - 128-bit Individual Subscriber Authentication Secret key
shared between the Mobile Station (MS) and the Home
Location Register (HLR) of the subscriber’s home network.
Kc - 64-bit ciphering key used as a Session Key for
encryption of the over-the-air channel. Kc is generated by
the Mobile Station from the random challenge presented
by the GSM network and the Ki from the SIM utilizing the
A8 algorithm.

RAND - 128-bit random challenge generated by the HLR

SRES - 32-bit Signed Response generated by the MS and
the MSC.
 Base Station Subsystem (BSS)
Base Station Subsystem is composed of two parts that
communicate across the standardized Abis interface
allowing operation between components made by different
suppliers

1. Base Transceiver Station (BTS)

2. Base Station Controller (BSC)
Base Station Subsystem (BSS)
Base Transceiver Station (BTS):

 Encodes, encrypts, multiplexes, modulates and

feeds the RF signals to the antenna.
 Frequency hopping
 Communicates with Mobile station and BSC
 Consists of Transceiver (TRX) units
Base Station Subsystem (BSS)
Base Station Controller (BSC)

 Manages Radio resources for BTS

 Assigns Frequency and time slots for all MSs in its
area
 Handles call set up
 Transcoding and rate adaptation functionality
 Handover for each MS
 Radio Power control
 It communicates with MSC and BTS
Network Switching Subsystem(NSS)
Mobile Switching Center (MSC)

 Heart of the network

 Manages communication between GSM and other
networks
 Call setup function and basic switching
 Call routing
 Billing information and collection
 Mobility management
- Registration
- Location Updating
- Inter BSS and inter MSC call handoff
 MSC does gateway function while its customer roams
to other network by using HLR/VLR.
 Network Switching Subsystem(NSS)
 Home Location Registers (HLR)
- permanent database about mobile subscribers in a large
service area(generally one per GSM network operator)
- database contains IMSI, MSISDN (mobile subscriber
international ISDN number),prepaid/postpaid,roaming
restrictions, supplementary services.
 Visitor Location Registers (VLR)
- Temporary database which updates whenever new MS
enters its area, by HLR database
- Controls those mobiles roaming in its area
- Reduces number of queries to HLR
- Database contains IMSI,TMSI,MSISDN,MSRN (mobile
subscriber roaming number),Location Area,
authentication key
 Network Switching Subsystem(NSS)
 Authentication Center (AUC)
- Protects against intruders in air interface
- Maintains authentication keys and algorithms and provides
security triplets ( RAND,SRES,Kc)
- Generally associated with HLR

 Equipment Identity Register (EIR)

- Database that is used to track handsets using the IMEI
(International Mobile Equipment Identity)
- Made up of three sub-classes: The White List, The Black List and
the Gray List
- Only one EIR per PLMN
GSM
 GSM comes in three flavors(frequency bands):
900, 1800, 1900 MHz.
 Voice is digitized using Full-Rate coding
 Digital speech coding
 13 Kbps bitrate
Frequency Bands
 Standard or primary GSM 900 Band, P-GSM:
 890 - 915 MHz: mobile transmit, base receive
 935 - 960 MHz: base transmit, mobile receive
 Extended GSM 900 Band, E-GSM (includes
Standard GSM 900 band):
 880 - 915 MHz: mobile transmit, base receive
 925 - 960 MHz: base transmit, mobile receive
 DCS 1 800 Band:
 1 710 - 1 785 MHz: mobile transmit, base receive
 1 805 - 1 880 MHz: base transmit, mobile receive
GSM 900
 Frequency band is 25 MHz:
 890-915MHz (mobile transmit)
 935-960MHz (base transmit)
 Each band is subdivided into 124 carrier
frequencies spaced 200 kHz apart, using FDMA
techniques
 Each of these carrier frequencies is further
subdivided into time slots using TDMA with 8 time
slots
 One radio channel can support 8 'full rate' traffic
 Extended GSM 900 Band and DCS
1800 Frequency Band
 The frequency range is divided into two sub-bands:
 UPLINK (UL) for radio transmission between MS and BTS
 DOWNLINK (DL) for radio transmission between BTS and
MS
Access Methods (Overview)
 Frequency Division Multiple Access
(FDMA) – every channel is assigned to a
specific frequency
 Time Division Multiple Access (TDMA) –
dividing the frequency into multiple time
slots so that multiple users can access the
same frequency at the same time.
 Code Division Multiple Access (CDMA) –
identifies each conversation uniquely by
codes rather than frequency or slice of time.
Access Methods
TDMA
 Time Division Multiple Access
 Each channel is divided into timeslots, each
conversation uses one timeslot.
 Many conversations are multiplexed into a single
channel.
CDMA
 Code Division Multiple Access
 All users share the same frequency all the time
 To pick out the signal of specific user, this signal
is modulated with a unique code sequence.
 Sharing
 GSM uses TDMA and FDMA to let everybody talk.
 FDMA: 25MHz bandwidth is divided into 124 carrier
spaced 200 kHz apart
 TDMA: Each carrier frequency is divided into bursts [0.577
ms]. Eight (8) burst periods are grouped into a TDMA
frame
Channels
 The physical channel in GSM is the timeslot.
 The logical channel is the information which goes
through the physical channel
 Both user data and signaling are logical channels.
Physical Channel
 Similar to the PCM30 system (1 link with 32
channels), 1 RFC consists of 8 channels.
Several mobile subscribers can therefore access
one RFC at the same time.
 One physical channel is one burst period per
TDMA frame
Physical Channel
 A physical channel is defined by a specific carrier
pair (i.e. by an RFC) and by the time slot number in
the TDMA frame.
 Per radio transmission direction
(UPLINK/DOWNLINK), 124/174 RFC (GSM/E-GSM)
with 8 channels each are available = 992/1392
physical channels (GSM/E-GSM) in total.
GSM-Frame Structure
GSM-Framing Scheme (Traffic
Channels)
TDMA Frame Structure
1 TDMA Frame = 8 TDMA time slots
Traffic Channel Burst = 148 bits
TDMA Frame Structure
Tail Bits - Each burst leaves 3 bits on each end in which no data is
transmitted. This is designed to compensate for the time it takes for the
power to rise up to its peak during a transmission. The bits at the end
compensate for the powering down at the end of the transmission.

Data Bits - There are two data payloads of 57 bits each.

Stealing Flags - Indicates whether the burst is being used for

voice/data (set to "0") or if the burst is being "stolen" by the FACCH to
be used for signalling (set to "1").

Training Sequence - The training sequence bits are used to overcome

multi-path fading and propagation effects through a method called
equalization.
Logical Channels
 On every physical channel, a number of logical
channels are mapped.
 Each logical channel is used for a specific
purpose.
 11 Logical Channels in the GSM system:
 2 for traffic - carry voice and data
 9 for control signaling
 set up and maintain calls
 establish relationship between mobile unit and nearest BS
Signaling & Connection Control
 Setup channels set aside for call setup & handoff
 Mobile unit selects setup channel with strongest signal &
monitors this channel
 Incoming call to mobile unit
 MSC sends call request to all BSSs
 BSSs broadcast request on all setup channels
 Mobile unit replies on reverse setup channel
 BSS forwards reply to MSC
 BSS assigns forward & reverse voice channels
 BSS informs mobile to use these
 Mobile phone rings
SS7
 Signaling protocol for networks
 Packet – switching [like IP]
 GSM uses SS7 for communication between HLR
and VLR (allowing roaming) and other advanced
capabilities.
 GSM’s protocol which sits on top of SS7 is MAP –
mobile application part
 SS7 Signaling protocol
 ISUP (ISDN User Call-related No call-related
Part): used to setup signaling signaling
and release calls MAP
 MTP (MESSAGE ISUP TCAP
TRANSFER PART):
three levels SCCP
corresponding to MTP3
the OSI physical MTP2
layer, data link layer MTP1
and network layer.
 SS7 Signaling protocol
• MAP (Mobile Application Part): Call-related No call-related
used for signaling related to a signaling signaling
number of services
• TCAP (TRANSACTION MAP
CAPABILITIES APPLICATION
PART): provides the capability to ISUP TCAP
exchange information between
applications using non-circuit SCCP
related signaling
• SCCP (SIGNALING
MTP3
CONNECTION CONTROL MTP2
PART): realize both
connectionless and connection
MTP1
oriented network service