GB_BT01_E1_0 GSM Basics

Course Objectives:
Aware of the Development Background of GSM technology Grasp GSM Network structure and Features State GSM main interfaces Aware GSM common Events Describe basic calling process

Contents
1 GSM Basic......................................................................................................................................................1 1.1 2G Mobile Communication Technology Evolution......................................................................................1 1.2 Mobile Communication Technology Development Trend...........................................................................5 1.3 GSM History..................................................................................................................................................6 1.4 GSM Features.................................................................................................................................................7 1.5 GSM Specifications.......................................................................................................................................8 1.6 GSM Network Structure................................................................................................................................9 1.7 GSM Protocol Platform...............................................................................................................................12 1.8 Available GSM Services..............................................................................................................................15 1.8.1 Telecommunications Services Provided by the GSM................................................................15 1.8.2 Supplementary Services of the GSM System.............................................................................16 1.9 Operation Band............................................................................................................................................17 2 GSM Events..................................................................................................................................................20 2.1 Status of Mobile Subscriber.........................................................................................................................20 2.1.1 Attach Flag upon MS Power-on..................................................................................................20 2.1.2 Detach upon MS Power-off.........................................................................................................21 2.1.3 MS Busy.......................................................................................................................................21 2.1.4 Periodical Registration.................................................................................................................21 2.2 Location Update...........................................................................................................................................21 2.2.1 Normal Location Update ............................................................................................................22 2.2.2 Periodical Location Update.........................................................................................................22 2.2.3 IMSI Attach..................................................................................................................................22 2.3 Handover......................................................................................................................................................22
i

2.3.1 Purpose of Handover....................................................................................................................22 2.3.2 Classification of Handover..........................................................................................................23 2.4 Cell selection and Reselection.....................................................................................................................23 2.4.1 Cell selection................................................................................................................................23 2.4.2 Cell reselection.............................................................................................................................24 2.5 Authentication ............................................................................................................................................24 2.6 Encryption ...................................................................................................................................................25 3 GSM basic calling process...........................................................................................................................28 3.1 Initialization..................................................................................................................................................28 3.2 Location update............................................................................................................................................29 3.3 Outgoing call flow from MS to PSTN .......................................................................................................29 3.4 Incoming Call Flow from PSTN to MS......................................................................................................30 3.5 Call Flow Between Two Mobile Subscribers ............................................................................................31

ii

1 GSM Basic
1.1 2G Mobile Communication Technology Evolution
Brief History of Evolution The outline of GSM history is shown below: 1979 - Europe wide frequency band reserved for cellular 1982 - Groupe Spcial Mobile (GSM) created within CEPT 1986 Eight proposals put forward by European countries after extensive research and experiments accepted in Paris 1988 - ETSI took over GSM Committee 1990 - The phase 1 GSM recommendations frozen 1991 - GSM Committee renamed Special Mobile Group and GSM renamed as Global System for Mobile Communication 1992 - GSM launched for commercial operations 1993 Major part of GSM phase 2 standard completed 1994 A new research phase (Phase 2+) added to improve GSM for mobile data services Mobile Communication during 1920 ~ 1940 In 1920, mobile communication system was first used by military while in 1940s; it was put in use for civil purpose. Mobile communication started flourishing in recent decade. Its development phases are as follows: First generation (1G) mobile communication system Second generation (2G) mobile communication system Third generation (3G) mobile communication system

GB_BT01_E1_0 GSM Basics

1G during 1980s Since 1980's, 1G analog mobile communication system adopts cellular networking technology. Till 1982 Cellular Systems were exclusively Analog Radio Technology. At the end of 1980s Analog System was unable to meet continuing demands due to: Severely confined spectrum allocations Interference in multipath fading environment Incompatibility among various analog systems Inability to substantially reduce the cost of mobile terminals and infrastructure required Easy to eavesdrop and misuse the subscribers account

Standards of First Generation Different standards of first generation are shown in Table 1.1-1.
Table 1.1-1 Different Standards of First Generation Standard Advanced Mobile Phone System (AMPS) Nordic Mobile Telephone System450/900 (NMT-450/900) Total Access Communication System (TACS) North (Scandinavian) U.K. Origin North America Europe Frequency Band 800 MHz 450 & 900 MHz 900 MHz

2G during 1990s During 1990s, Digital mobile communication system characterized by digital transmission, Time Division Multiple Access (TDMA), and narrowband Code Division Multiple Access (CDMA) were developed. Standards of Second Generation Different standards of second generation are: GSM CDMA IS95 Personal Digital Cellular (PDC)

Advantages of 2G
2

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

Compared with 1G mobile communication system, 2G mobile communication system has the following advantages: Provides high spectrum utilization and large system capacity. Provides diversified services (voice services and low-rate circuit-switched data services). Enables automatic roaming. Provides better voice quality. Provides good security. Can be interconnected with ISDN and PSTN.

Basic structure of GSM network is shown in Fig 1.1-1.

Fig 1.1-1 Basic Structure of GSM Network

Discrepancies of 2G 2G mobile communication system has the following discrepancies: Provides low-rate data services only and cannot support multi-media service. For example, Internet data access speed of GSM MS can reach 9.6 kbps theoretically.
3

Different 2G mobile communication systems in the world use different

GB_BT01_E1_0 GSM Basics

frequencies, therefore it is difficult to implement global roaming. Internet, E-business, and multi-media communication is developing very rapidly. Failing to provide strong support to data communication has already constrained the development of 2G system. Demand for higher data rate and more diversified services leads to evolution from 2G to 3G. Fig 1.1-2 shows the evolution process.

IS-95 CDMA

IS-95-B

IS-2000 MC WCDMA ARIB WCDMA

PDC

GSM

HSCSD GPRS IS-136+ IS-136HS

IMT-2000
EDGE UWC-136 UTRA WCDMA

IS-136

2G

2.5G

2.75G

3G

Fig 1.1-2 Evolution from 2G to 3G

GSM 2.5G GSM system (2.5G) Phase2 and Phase2+ were then developed, adopting high-rate adaptive coding solution. GPRS provides the data rate up to 171 kbps. Two high-rate data service options are: High Speed Circuit Switched Data (HSCSD) based on high-speed data bit rate and circuit switching General Packet Radio Service (GPRS) based on packet switched data

GSM 2.75G Enhanced Data Rates for GSM Evolution (EDGE) developed by the European Telecommunications Standards Institute (ETSI) adopts 8-PSK (Phase Shift Keying) modulation. It supports data rate up to 384 kbps theoretically. EDGE is more advanced than GPRS. However, EDGE cannot provide rate up to 2 Mbps as 3G system does. Therefore EDGE is often called 2.75G.
4

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

1.2 Mobile Communication Technology Development Trend

3G Research during 1980s 3G research, development, and establishment started in mid 1980s. IMT-2000 International Mobile Telecommunication 2000 (IMT-2000) established by International Telecommunications Union (ITU) introduces 3G. IMT-2000 introduces: Mobile data service and some fixed high-speed data services through one or more radio channels Fixed network platform A global standard IMT-2000 services, which are compatible with other fixed network services High quality Use of common band in the world Small terminals used in the world Global roaming Multi-media services and terminals Higher frequency utilization Flexibility for development to the next generation High-speed hierarchical data rate Rate up to 2 Mbps while stationary Rate up to 384 kbps during walking speed Rate up to 144 kbps while in vehicle Instead of having pure technology, communication system is currently developing into a mode featuring the combination of services and technology. Communication technology is estimated to undergo the largest change in future. It is strategic transition from voice services to data services from the aspect of
5

GB_BT01_E1_0 GSM Basics

market application and service demand. This change has deeply influenced the development trend of communication technology. 4G Services Some researchers and telecom operators describe fourth-generation (4G) mobile communication system as a new world better than 3G, which can provide: Many unimaginable applications Over 100 Mbps data transmission rate, which is 10,000 times of current MSs and 50 times of 3G MSs High-performance multi-media contents Service as a personal identification device through ID application Service for high-resolution movies and TV programs, acting as bridge of combined broadcast and new telecommunication infrastructure Some services such as 4G wireless instant connections, are cheaper than 3G services.

1.3 GSM History

Because analog mobile communication system had limited expansion capability, Global System for Mobile Communication (GSM) was developed on demand for capacity expansion which achieved global success. It operates at 900 MHz band within European countries. GSM Development process is as follows: 1982: Conference of European Posts and Telegraphs (CEPT) formed a study group called the Group Special Mobile (GSM) to study and develop 2G mobile communication system. 1986: Eight proposals put forward by European countries after massive research and experiments were accepted in Paris, and on-site experiments were performed. 1987: After on-site test, demonstration, and comparison, GSM member countries have reached an agreement that digital system adopts narrowband Time Division Multiple Access (TDMA), Regular Pulse Excitation-Long Term Prediction (RPELTP), voice coding, and Gaussian Minimum Shift Keying (GMSK) modulation. 1998: Eighteen European countries reached GSM Memorandum of Understanding
6

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

(MOU). 1989: GSM took effect. 1991: First GSM network was deployed in Europe. 1992: GSM standard was frozen. 1993: Major part of GSM phase II standard was completed. 1994: A new research phase (Phase 2+) was added to further improvement of GSM as a platform of mobile data services.

1.4 GSM Features

GSM system has the following features: High Spectrum efficiency GSM system features high spectrum efficiency due to the high-efficient modulator, channel coding, interleaving, balancing, and voice coding technologies adopted. Large capacity Volumetric efficiency (number of channels/cell/MHz) of GSM system is three to five times higher than that of Total Access Communication System (TACS). High voice quality Digital transmission technologies and GSM specifications, voice quality is irrelevant with radio transmission quality. Open interfaces epic GSM standard provides open air interface, also open interfaces between networks and those between network entities, such as A interface and Abis interface. High security MS identification code encryption makes eavesdropper unable to determine the MS number, ensuring subscribers location security. Voice encryption, signaling data, and identification codes make the eavesdropper unable to receive the communication contents. Interconnection with Integrated Services Digital Network (ISDN) and PSTN.
7

GB_BT01_E1_0 GSM Basics

GSM can interconnect with other networks through current standard interfaces, such as Integrated Service User Part (ISUP) or Telephone User Part (TUP). Roaming function GSM supports roaming by introducing Subscriber Identity Module (SIM) card that separates subscriber from the terminal equipment. Diversified services GSM provides diversified services, tele-services, bearer services, and supplementary services. Inter-cell handover During conversation, MS continues to report the detailed radio environment of local cell and neighboring cells to serving base station. If inter-cell handover is required, MS sends a handover request to serving base station.

1.5 GSM Specifications

European Telecommunications Standards Institute (ETSI) initiated and made GSM standard. ETSI developed GSM in several phases and set up more Special Mobile Groups (SMG) to make the related GSM standard. GSM detailed specifications conform on functions and interfaces only, not on hardware. Purpose is to reduce the restriction on designers, enabling the operators to purchase equipment from different manufacturers. GSM technical specifications consist of 12 fields: Field 1: General Field 2: Services Field 3: Network Functions Field 4: MS-BS Interfaces and Protocols Field 5: Physical Layer on Radio Path Field 6: Speech Coding Field 7: MS Terminal Adaptor
8

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

Field 8: BS-MSC Interface Field 9: Network Inter-working Field 10: Service Inter-working Field 11: Equipment and Model Acceptance Specification Field 12: Operation and Maintenance

1.6 GSM Network Structure

Fig 1.6-3 shows the basic GSM network structure.
AU C SM C PSTN ISDN PD N GM SC

H LR

BTS M S BTS MS BSC TRAU M SC /VLR

Traffic& Signaling Signaling

IW F

EIR

Fig 1.6-3 GSM Network Structure

GSM system consists of: Network Subsystem (NSS) Base Station Subsystem (BSS) Operation and Maintenance Subsystem (OMS) Mobile Station (MS)

Network Switching Subsystem NSS is the core element of network switching which interfaces with subscriber services
9

GB_BT01_E1_0 GSM Basics

for voice and data. NSS Main components are: Mobile Switching Centre (MSC) Home Location Register (HLR) Visitor Location Register (VLR) Equipment Identification Register (EIR) Authentication Centre (AUC) Short Message Centre (SMC)

Home Location Register - HLR is a central database of a system. HLR stores all the information related to subscribers, including the roaming authority, basic services, supplementary services, and current location information. It provides routing information for MSC for call setup. HLR may cover several MSC service areas or even the whole PLMN. Visitor Location Register - VLR stores all subscriber information in its coverage area and provides call setup conditions for the registered mobile subscribers. As a dynamic database, VLR must exchange large volume of data with HLR to ensure data validity. When an MS leaves the controlling area of a VLR, it registers in another VLR. The original VLR deletes the temporary records of that subscriber. VLR integrated within MSC. Equipment Identification Register - EIR stores the parameters related to MS. It can identify, monitor, and block the MS. ERI preventing unauthorized MS from accessing the network. Authentication Centre - AUC is a strictly protected database that stores subscriber authentication information and encryption parameters. AUC integrated with HLR physically. Base Station Subsystem BSS serves as a bridge between NSS and MS. It performs radio channel management and wireless reception and transmission. Base Station Controller (BSC) and Base Transceiver Station (BTS) are main components of BSS. Base Station Controller - Located between MSC and BTS, it controls and manages more than one BTS. It performs radio channel assignments. BTS and MS transmit power control, and inter-cell handover. BSC is also small a switch that converge and connects
10

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

local network with the MSC through A interface. Abis interface connects BTS to BSC. Base Transceiver Station - BTS is wireless transceiving equipment controlled by the BSC in BSS. BTS carries radio transmission. It performs wired-related wireless conversion, radio diversity, radio channel encryption, and hopping. Um interface connects BTS to MS. Transcoding and Rate Adaptation Unit - TRAU Located between BSC and MSC, TRAU transcodes between 16 kbps RPE-LTP codes and 64 kbps A law PCM codes. Operation and Maintenance Subsystem OMS is operation & maintenance part of GSM. Functional units in GSM are connected to OMS internal networks. OMS monitors various functional units in GSM network, submits status report, and performs fault diagnosis. OMS consists of two parts: OMC System (OMC-S) and OMC-Radio (OMC-R). The OMC-S performs operation and NSS maintenance, while OMC-R performs operation and BSS maintenance. Mobile Station MS is subscriber equipment in GSM, it can be vehicle installed or hand portable. MS consists of mobile equipment and SIM. Mobile equipment processes voice signals, receives and transmits radio signals. SIM stores all information required for identifying a subscriber and security information, preventing unauthorized subscribers. Mobile equipment cannot access GSM network without a SIM card. Network Service Area GSM service area refers to the total area covered by networks of all GSM operators. Network consists of several MSC service areas, each of which consists of several cells. Logically, several cells form a location area (LA). MSC Service Area - A Public Land Mobile Network (PLMN) includes multiple MSC service areas. MSC service area refers to the MSC coverage area, that is, the total area covered by BTS under control of BSC connected to MSC. All MSs in the service area table register in local VLR. Therefore, in actual network, MSC is always integrated with VLR as a node.
11

GB_BT01_E1_0 GSM Basics

Location Area - Each MSC/VLR service area includes multiple of LAs. MS can move freely without performing location update in LA. Hence, LA is the paging area of a broadcast paging message. An LA belongs to one MSC/VLR only, that is, LA cannot cross MSC/VLR. The system can identify different LA via LA Identity (LAI). Cell - LA contains several cells. Each cell has a unique Cell Global Identification (CGI), which indicates a basic radio coverage area in a network. Fig 1.6-4shows the relationship among different coverage areas in a GSM network.

GSM service area The total network coverage provided by all GSM operators PLMN service area The network coverage provided by a GSM operator MSC service area The area controlled by an MSC Location area An area for location update and paging Cell A service area provided by a specific BTS
Fig 1.6-4 Relationship among Coverage Areas in a GSM Network

1.7 GSM Protocol Platform

GSM technical specifications make clear and normative definition of interfaces and protocols between subsystems and various functional entities. Interface refers to the point where two adjacent entities are connected. Protocol defines the rules for information exchange at the connection point. GSM Interfaces Fig 1.7-5 shows the GSM interfaces.

12

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.
G VLR Sm Um Abis A B D MS BTS BSC MSC E C HLR F EIR VLR

MSC

Fig 1.7-5 shows the GSM interfaces.

Sm Interface: Man-machine interface implemented in MS. It is an interface between subscribers and PLMN. MS consists of keyboard, LCD, and SIM card. Um Interface: Radio interface between MS and BTS. It is an important interface in PLMN. Digital mobile communication network has different radio interface as compared to analogue mobile communication network. A Interface: It is an interface between BSC and MSC. Base station management information, call processing interface, mobility management information, and specific communication information are transferred through A interface. Abis Interface: It is an interface between BSC and BTS. Supports all services provided to subscribers. Also supports the control of BTS radio equipment and management of radio resources assigned. B Interface: It is an interface between MSC and VLR. VLR is a database locating and managing MS when MS roams in the related MSC control area. MSC can query the current location of MS from VLR and update MS location. When subscriber uses a special supplementary service or changes a relevant service, MSC notifies the VLR. Sometime VLR also updates information in HLR. C Interface: It is an interface between MSC and HLR. C interface transfers management and route selection information. When a call finishes, MSC sends the billing information to HLR. When PSTN cannot get location information of a mobile subscriber, the related GMSC queries HLR of the subscriber to obtain the roaming number of the called MS, and then transfers it to the PSTN. D Interface: It is an interface between HLR and VLR. Exchanges MS location
13

GB_BT01_E1_0 GSM Basics

information and subscriber management information. To enable a mobile subscriber to originate or receive calls in the whole service area, data must be exchanged between HLR and VLR. VLR notifies HLR about the current location of MS belonging to HLR, and then provides MS roaming number. HLR sends VLR all the data required to support the services of the MS. When an MS roams to the service area of another VLR, HLR notifies the previous VLR to delete the relevant MS information. When MS uses supplementary services, or some parameters are changed, D interface is also used to exchange the related information. E Interface: It is an Interface between MSCs. It exchanges the handover information between two MSCs. When MS in a conversation moves from one MSC service area to another MSC service area, inter-cell handover occurs to maintain the conversation. At that time, related MSCs exchange the handover information through E interface. F Interface: It is an interface between MSC and EIR. It exchanges the MS management information, such as IMEI, between MSC and EIR. G Interface: It is an interface between VLRs. When MS uses a Temporary Mobile Subscriber Identity (TMSI) to register with a new VLR, the relevant information is exchanged between VLRs through G interface. This interface also searches IMSI of the subscriber from VLR that registers TMSI. GSM Protocol Structure and OSI 2G cellular mobile network GSM adopts Open System Interconnection (OSI) model to define its protocol structure. Fig 1.7-6 shows GSM interface protocol model, which defines the interfaces and protocols between MS and MSC.

Um interface CM MM RRM RRM

Abis interface

A interface CM MM RRM SCCP RRM SCCP MTP 64 kbit/s MSC

LAPD m Radio MS

LAPD m Radio BTS

LAPD 64 kbit/s

LAPD 64 kbit/s BSC

MTP 64 kbit/s

Fig 1.7-6 GSM Interface Protocol Model 14

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

OSI reference model is a hierarchical structure. According to the hierarchy concept, communication process can be divided into several logical layers from lowest to highest layer. In different systems, the entities in the same layer that exchange information for the same purpose are called peer entities. Entities in adjacent layers interact with each other through the common layer. The lower layers provide services to higher layers. The services provided by layer N is a combination of the services and functions provided by the layers below it. First layer of Um interface protocol is physical layer, which is marked as L1 and it is a lowest layer. L1 provides basic radio channels for the information transmission of higher layers. Second layer L2 is data link layer, which is marked as LAPDm. It covers various data transmission structures and controls data transmission. Application layer is the third highest layer L3. It covers various messages and programs, and controls services. L3 includes Radio Resource Management (RRM), Mobility Management (MM) and Call connection Management (CM). Abis interface protocol is slightly different from Um interface protocol. Its physical layer is 64 kbps land line, and link layer is LAPD. First layer of A interface protocol is 64 kbps land line, and second layer is the Message Transfer Part (MTP), which is part of Common Channel Signalling7 (CCS7) network. MTP consists of many network protocols and centralizes all link layer protocols. Signaling connection control part (SCCP) and MTP together represent a network layer protocol on A interface. In BSC both MM and CM are transparently transmitted

1.8 Available GSM Services

1.8.1 Telecommunications Services Provided by the GSM
1. 1)
15

Circuit Services Voice Service Full-rate voice service Half-rate voice service

GB_BT01_E1_0 GSM Basics

2) 2. 1) 2)

Enhanced full-rate voice service Data service 14.4Kbit/s full-rate data service 9.6Kbit/s full-rate data service 4.8Kbit/s full-rate data service 2.4Kbit/s full-rate data service SMS services(support Chinese short messages) Point-to-point short message service Point-to-point short message service with the mobile user serving as called Point-to-point short message service with the mobile user serving as caller Cell Broadcast Short Message Cell broadcast service originated from the SMS center or the OMC-R.

3. 1) 2)

Packet Services GPRS service EDGE service At present, the point-to-point interactive telecom services are supported, including:

Access to the database: Allocate service to users as needed, e.g. Internet, and provide storing and forwarding, as well as information processing for user-to-user communications.

Session service: Provide bi-directional user-to-user and port-to-port real time information communication, e.g. Internet Telnet service.

Tele-action service: Applicable to small-volume data processing services, credit card confirmations, lottery transactions, electronic monitoring, remote meter reading (water, electricity and gas), monitoring systems, and so on.

1.8.2 Supplementary Services of the GSM System

GSM supplementary services are diversified, including: Call Forwarding Unconditional: forward all incoming calls to the number specified by
16

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

the subscriber. Barring: barring of outgoing/coming calls. Call Waiting: When a call is connected for a subscriber, indication of a new coming call is given to the subscriber. The subscriber can accept, reject or ignore the waiting call. Call Hold: A subscriber can suspend the connected call to do other things. Multiparty Service: A simultaneous communication with up to six parties is allowed. Closed User Group: The subscribers of CUG are restricted from outgoing and incoming calls, but they can normally communicate with each other. Hot Billing: The network generates an instant call billing message from the billing manager. It is applicable to leased phone service, including all kinds of call modes. Bills are generated and presented to the subscriber immediately after the call is ended.

1.9 Operation Band

1. Working band Currently, the GSM communication system works at 900 MHz, extended 900 MHz and 1800 MHz, or 1900 MHz band in some countries. 1) 900 MHz band Uplink (MS transmitting and BS receiving) frequency range: 890 MHz ~ 915 MHz Downlink (BS transmitting and MS receiving) frequency range: 935 MHz ~ 960MHz 2) Extended 900 MHz band Uplink (MS transmitting and BS receiving) frequency range: 880 MHz ~ 915 MHz Downlink (BS transmitting and MS receiving) frequency range: 925 MHz ~ 960 MHz 3) 1,800 MHz band Uplink (MS transmitting and BS receiving) frequency range: 1,710 MHz ~ 1,785 MHz
17

GB_BT01_E1_0 GSM Basics

Downlink (BS transmitting and MS receiving) frequency range: 1,805 MHz ~ 1,880 MHz 4) 1,900 MHz band Uplink (MS transmitting and BS receiving) frequency range: 1,850 MHz ~ 1,910 MHz Downlink (BS transmitting and MS receiving) frequency range: 1,930 MHz ~ 1,990 MHz 2. Channel interval The interval between two adjacent channels in any band is 200 kHz. 3. Channel configuration All channels are configured with the same interval. 1) 900 MHz band The channel numbers are in the range of 1 ~ 124. There are 124 frequency bands in all. The relationship between a channel number and nominal central frequency of a frequency band is illustrated as follows: Fu (n) = 890 + 0.2 n-512 (MHz), uplink Fd (n) = Fu (n) + 45 (MHz), downlink Where, 1 n 124, n is a channel number, or an Absolute Radio Frequency Channel Number (ARFCN). 2) Extended 900MHz band The channel numbers are in the range of 0 ~ 124 and 975 ~ 1023. There are 174 frequency bands in all. The relationship between a channel number and nominal central frequency of a frequency band is illustrated as follows: Fu (n) = 890 + 0.2 n (MHz), 0 n 124 Fu (n) = 890 + 0.2 (n-1024) (MHz), 975 n 1023 Fd (n) = Fu (n) + 45 (MHz) 3) 1,800 MHz band
18

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

The channel numbers are in the range of 512 ~ 885. There are 374 frequency bands in all. The relationship between a channel number and nominal central frequency of a frequency band is illustrated as follows: Fu (n) = 1710.2 + 0.2 (n-512) (MHz) Fd (n) = Fu (n) + 95 (MHz) 512 n 885 4) 1,900 MHz band The channel numbers are in the range of 512 ~ 811. There are 300 frequency bands in all. The relationship between a channel number and nominal central frequency of a frequency band is illustrated as follows: Fu (n) = 1850.2 + 0.2 (n-512) (MHz) Fd (n) = Fu (n) + 80 (MHz) 512 n 811 4. 1) Duplex transceiving interval 900 MHz band The duplex transceiving interval is 45 MHz. 2) Extended 900 MHz band The duplex transceiving interval is 45MHz. 3) 1,800 MHz band The duplex transceiving interval is 95 MHz. 4) 1,900 MHz band The duplex transceiving interval is 80 MHz.

19

2 GSM Events
2.1 Status of Mobile Subscriber
Mobile subscriber is generally in one of the following three states: MS power-on (idle), MS power-off, and MS busy. Thus, the network needs to process these states accordingly.

2.1.1 Attach Flag upon MS Power-on

IMSI attach is divided into three cases: 1. If the MS is powered on for the first time, The SIM card does not store the LAI. MS sends a Location Update Request to the MSC, notifying the GSM system that this is a new subscriber in this location area. MSC sends a Location Update Request to the HLR according to the IMSI number sent by this subscriber. HLR records the number of the MSC sending the request and the corresponding VLR number, and returns a Location Update Accepted message to the MSC. By now, MSC has been activated and it will add an Attach flag to the IMSI of the subscriber in the VLR. Then it sends a Location Update Acknowledgement message to the MS. The SIM card of the MS records the LAI. 2. If the MS is not powered on for the first time, instead the MS is powered off and then powered on again, and if the LAI received by the MS is inconsistent with that stored in the SIM card, the MS sends a Location Update Request to the MSC. The VLR must judge whether the original LAI is in its own service area. If yes, MSC only needs to replace the original LAI in the SIM card of the subscriber with the new LAI. If no, MSC sends a Location Update Request to the HLR according to the information in the IMSI of the subscriber. HLR records the number of MSC sending the request in the database and returns a Location Update Accepted message. Then MSC adds an Attach flag to the IMSI of the subscriber and returns the Location Update Acknowledgement message to the MS. MS replaces the original LAI on the SIM card with the new LAI. 3. If the MS is powered on again, and the LAI received is consistent with the
20

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

original LAI stored in the SIM card. VLR only adds Attach flag to this subscriber.

2.1.2 Detach upon MS Power-off

After the MS is powered off, the MS sends a Detach Request to the MSC. After the MSC receives the request, it informs VLR to add the Detach flag to IMSI of this MS. At this time, HLR does not receive the notice indicating that this subscriber is detached from the network. After this subscriber is paged, the HLR requests the MSRN from the MSC/VLR. At this time, the VLR informs the HLR that this MS is powered off.

2.1.3 MS Busy
In this case, the MS is allocated with a traffic channel to transmit the voice or data and the IMSI of the subscriber is marked as Busy.

2.1.4 Periodical Registration

When the MS sends the IMSI Detach message to the network, it is possible that the GSM system cannot decode properly due to the poor radio quality or other reasons and still believes that MS is in Attach status. Or when the MS is powered on but has roamed beyond the service coverage, i.e., a blind area, the GSM system does not know it and still believes that the MS is in Attach status. In both cases, if the subscriber is paged, the system will keep sending paging messages, wasting radio resources. To solve the above problems, the measure of forced registration is taken in the GSM system: The MS must make registration at a regular interval. This is called periodical location update. If the GSM system does not receive the periodical registration information of the MS, the VLR where the MS resides records the Implicit Detach status of the MS. When the correct periodical registration information is received again, the status is changed into Attach status.

2.2 Location Update

When the MS changes the location area, it finds out that the LAI in its SIM card is inconsistent with the LAI received. Thus, it registers the location information. This flow is called location update. Location update is originated by the MS. There are three type of location update:
21

Normal Location Update.

GB_BT01_E1_0 GSM Basics

Periodical Location Update IMSI Attach.

2.2.1 Normal Location Update

When the MS roams to a new location area, it finds out that the LAI in its SIM card is inconsistent with the LAI received. Thus, it originates a Location Update Request to the current MSC/VLR If the new LAI and old LAI below to same MSC/VLR, Location Update just renew LAI in VLR. If not, the new MSC/VLR should require MS data from its HLR, HLR send back MS data to new MSC/VLR and inform old MSC/VLR to delete MS record at the same time. MS register its LAI in new MSC/VLR, HLR save the new MSC/VLR number.

2.2.2 Periodical Location Update

When MS make periodical register to MSC, periodical location update happens

2.2.3 IMSI Attach

When MS Power On, it will start a location update process to MSC/VLR, the location update process is same as that in normal location update.

2.3 Handover
When a mobile subscriber who is engaged in a conversation moves from one BSS to another, handover function ensures that the link set up for this mobile subscriber is not interrupted. Whether to perform handover is determined by the BSS. When the BSS finds out that the communication quality of the current radio link degrades, it performs different types of handover according to the actual situation. MSS can also request the handover according to the traffic information.

2.3.1 Purpose of Handover

1. 2. 3. 4. 5. Save the calls in progressbad quality) Cell-boundary handing over to improve ongoing calls (weak signal) Intra-cell hand-over reducing interference within a cell (severe interference) Directed Retry increase call completion success rate Compelled hand-over to balance traffic distribution of inter-cells.
22

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

2.3.2 Classification of Handover

According to the scope of handover , it can be divided into the following types 1. 2. 3. 4. Intra-cell hand-over Inter-cell hand-over Inter-BSC hand-over of same MSC Inter-MSCs hand-over

According to the synchronous relationship between MS and BTS when handover happens, there are three type of handover: 1. Synchronous: MS use the same TA both in destination and target cell. This usually applies to hand-over of same cell or different sectors within the same cell. This is the hand-over with highest speed. 2. Asynchronous: MS dont know the TA to be used in target cell. When either of the two cells doesnt synchronize with BSC, this mode should be used. The handover speed is low. 3. Pseudo-synchronous: MS is able to calculate out the TA it should use in the target cell. When both cells have synchronized with BSC, this mode may be used. The hand-over speed is fast.

2.4 Cell selection and Reselection

2.4.1 Cell selection
After a MS is turned on, it will attempt to contact a common GSM PLMN, so the MS will select an appropriate cell, and extract from it the parameters of the control channel and the prerequisite system information. Such a selection process is referred to as cell selection. The quality of a radio channel is an important factor of cell selection. The GSM specification defines the path loss criterion C1, and such appropriate cell must ensure that C1>0. The C1 is calculated according to the following formula: C1=RXLEV-RXLEV_ACCESS_MIN-MAX((MS_TXPWR_MAX_CCH-P), 0) Where: The RXLEV is the average reception level.
23

GB_BT01_E1_0 GSM Basics

The RXLEV_ACCESS_MIN is the minimum level at which the MS is allowed to access. The MS_TXPWR_MAX_CCH is the maximum power level of the CCH. The P is the maximum transmitted power of the MS. MAX (X, Y) = X; If X Y. MAX (X, Y) = Y; If Y X. After the MS selects a cell, it will stay in the selected cell if no major changes have occurred to various conditions.

2.4.2 Cell reselection

After a MS selects a cell, the MS will stay in the selected cell as long as no major changes occur to various conditions. At the same time, the MS starts to measure the signal level of the BCCH carrier of the adjacent cells, records the six adjacent cells with the highest signal levels, and extracts from them the various system messages and control messages of each adjacent cell. When the appropriate conditions are met, the MS will switch from the current cell to another cell, a process known as cell reselection. Such appropriate conditions include multiple factors, including cell priority, and whether the cell is prohibited from access. Among them, an important factor is the quality of the radio channel. When the signal quality of the adjacent cell exceeds that of the current cell, cell reselection is triggered. For cell reselection, the channel quality criterion is determined by the C2 parameter, which is calculated according to the following formula:

2.5 Authentication
Fig. 2.5-1 shows the authentication process, where RAND is the question asked by the network side and only the legal subscriber can give the correct answer SRES. RAND is generated by the random number generator of the AUC on the network side. It is 128 bits in length. The value of RAND is obtained in a random manner from the range of 0~21281. SRES is called a signed response. It is obtained through the calculation of subscribers unique key parameter Ki. It is 32 bits in length. Ki is stored in the SIM card and AUC in a very confidential way. Even the subscribers do not know their own Ki. Ki can be of any format and any length.
24

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

A3 algorithm is the authentication algorithm determined by the carrier. It is also confidential. The only restriction of the A3 algorithm is the length of the input parameter (RAND is 128 bits in length) and the size of the output parameter (SRES must be 32 bits).

Mobile Terminal

Network

Ki

Random number generator RAND Ki

A3 algorithm

A3 algorithm

SRES' SRES

Fig. 2.5-1 Authentication Process

2.6 Encryption
In the GSM, the position of encryption and decryption over the transmission link allows the transmitting data in all dedicated modes to use the same protection method. The transmitting method can be the subscriber information (such as voice and data), subscriber-specific signaling (such as message carrying the called number), or even the system-specific signaling (such as the message carrying radio measurement result for the handover). Encryption and decryption are the exclusive or operation (this algorithm is called the A5 algorithm) of 114 radio burst pulse code bits and one 114-bit encryption sequence generated by a special algorithm. To obtain each burst encryption sequence, A5 calculates on two inputs: One is the frame number and the other is the key (Kc) agreed upon by the MS and network, as shown in Fig. 2.6-2. Two different sequences are used over the uplink and downlink. For each burst, one sequence is used for the encryption inside the MS and meanwhile used as the decryption sequence in BTS. The other
25

GB_BT01_E1_0 GSM Basics

sequence is used for the encryption of BTS and meanwhile used as the decryption sequence in MS.

Frame No. Kc (64-bit) (22-bit)

Frame No. Kc (64-bit) (22-bit)

A5
S1 (114-bit) S2 (114-bit) S1 (114-bit)

A5
S2 (114-bit)

MS
Fig. 2.6-2 Encryption Algorithm

BTS

1.

Frame number: Frame number is encoded into a serials of three values, which are 22 bits in total. Frame number of each burst varies with the type of radio channel. Each burst dedicated for communication on the same direction uses different encryption sequence.

2.

A5 algorithm A5 algorithm must be defined in the global range. This algorithm can be describes into the two 114-bit sequence black boxes generated by a 22-bit parameter (frame number) and a 64-bit parameter (Kc).

3.

Kc Before the encryption, Kc must be agreed upon by both the MS and network. In the GSM, the Kc is calculated during the authentication and then stored in the SIM card permanently. On the network side, this potential key is also stored in the visited MSC/VLR and ready for use in the encryption. The algorithm that uses the RAND (same with the one used for authentication) and Ki to calculate the Kc is called A8 algorithm. Like the A3 algorithm that calculate the SRES using RAND and Ki, the A8 algorithm also needs to be
26

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

determined by the carrier. Fig. 2.6-3 shows how the Kc is calculated.

Mobile Terminal

Network Random number generator Ki

Ki

RAND

A8 algorithm

A8 algorithm

Kc

Kc

Fig. 2.6-3 Kc Calculation Method

27

3 GSM basic calling process

Though basically similar, the call process of mobile subscribers and that of ordinary fixed subscribers are different in the following aspects: Before a mobile subscriber originates a call, he should first input the number, ensure that no modification is needed, and then send the call. Before the number is sent out and the call is connected, there is some additional information that should be transferred between mobile stations (MS) and the network. Such operations are automatically performed by the equipment, with no need for user interference, but it results in a certain delay.

3.1 Initialization
Initialization is a random access process. It starts from MS which sends a channel request message on RACH. After receiving this message, BTS notifies BSC, and attaches BTSs estimation of the transmission delay (TA) from this MS to BTS and the cause for the current access. BSC will select an idle and dedicated channel SDCCH to notify BTS to activate it according to the access cause and the current information. Access causes mainly include: location updating; response to a paging call; and subscriber service application, such as a call, sending one short message. After BTS completes the activiation of the designated channel, BSC sends the immediate allocation message on AGCH via BTS, including the description of the SDCCH channel assigned by BSC to MS, TA, the maximum initialization transmission power and the access random reference value. When MS correctly receives its initialized allocation, it will, according to channel description, adjust itself to this channel, set up a signaling transmission link, and send the first initialized message on the dedicated channel, including subscribers identification number (such as IMSI), cause for the current access, registration, and authentication. If BSC has no idle channels to allocate, BSC will send to MS the immediate allocation rejected message.
28

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

3.2 Location update

(1) MS moves from one area (belonging to the coverage of MSC-B) to another area (belonging to the coverage of MSC-A). (2) By detecting the broadcasting information sent persistently by the base station BS, MS finds out that the newly received location area identification is different from the currently used location area identification. (3)(4) MS sends the location updating request with the message of Im here via this base station to MSC-A. (5) MSC-A sends the location updating message that contains the MSC-A identifier and MS identification number to HLR (the authentication or encryption calculation process will start from here, though not shown in the diagram). (6) HLR sends back the response message, including all the related subscriber data. (7)(8) Subscriber data registration in the visited VLR. (9) Sending related location updating response message via the base station to MS (if TMSI is re-assigned, it is sent together to MS). (10) Notifying the original VLR to delete subscriber data related to this MS.

3.3 Outgoing call flow from MS to PSTN

(1) Within the service cell, once the mobile subscriber dials, the mobile station will request the base station for the random access channel. (2) The setup process to set up signaling connection between the mobile station MS and
29

GB_BT01_E1_0 GSM Basics

the mobile service switching center MSC. (3) Authentication of the mobile stations identification number; if encryption is needed, then it sets the encryption mode and enter the call setup starting phase. (4) Service channel allocation (5) Adopting the No.7 signaling user part ISUP/TUP to set up a channel from the fixed network (ISDN/PSTN) to the called subscriber, send ringing to the called subscriber, and send back the call connection acknowledgment signal to the mobile station. (6)The called subscriber offhooks to reply, in which case a response (connection) message is sent to the mobile station, thus entering the ultimate call session phase.

3.4 Incoming Call Flow from PSTN to MS

(1) Through the No.7 signaling user part ISUP/TUP to enter MSC(GMSC) and receive a call from the fixed network (ISDN/PSTN). (2) GMSC requests HLR for the MSC address (i.e., MSRN) visited by the related called mobile subscriber. (3) HLR requests the visited VLR to assign MSRN which is assigned and notified by VLR to HLR in each call. (4) After GMSC obtains MSRN from HLR, it can re-search for routes to set up connection to the visited MSC. (5)(6) The visited MSC obtains related subscriber data from VLR.
30

Error! Use the Home tab to apply 1 to the text that you want to appear here. Error! Use the Home tab to apply 1 to the text that you want to appear here.

(7)(8) MSC sends paging messages to the mobile station through all base stations( BS) in the location area. (9)(10) The mobile station of the called mobile subscriber sends back the paging response messages, then carries out the same steps of (1), (2), (3), (4) as shown in the above outgoing call flow till the mobile station rings, then sends back the call connection acknowledgment signal (omitted in the diagram) to the calling subscriber. (11) The mobile subscriber offhooks to answer, thus the response (connection) message is sent back to the fixed network to signal calling and called parties enter final call session.

3.5 Call Flow Between Two Mobile Subscribers

MS1 is served by MSC1/VLR1, and MS2 is served by MSC2/VLR2 and belongs to HLR/AUC. 1. 2. MS1 dials the phone number of MS2. BSS informs MSC1 of the call. MSC2 analyzes the phone number of MS2, finds out the home HLR of MSC2 and sends the route application to HLR. 3. HLR queries the current location information of MS2 and obtains the MSC2/VLR2 that serves the MS2. HLR requests the route information from the
31

GB_BT01_E1_0 GSM Basics

MSC2/VLR2. 4. MSC2/VLR2 allocates the route information, that is, MSRN and submits the MSRN to the HLR. 5. 6. 7. 8. 9. HLR sends the MSRN to the MSC1. MSC2 sets up the call with MSC2 according to the MSRN. MSC2/VLR2 sends the paging message to MS2. MSC2/VLR2 receives the message, indicating the access of MS2 is allowed. The call between MSC2 and MSC1 is set up.

10. MSC1 sends the successful connection signal to MS1. MS1 and MS2 can talk over the phone. Fig. 3.5-4 shows the call flow.

Fig. 3.5-4 Call Flow

32