Communication Networks
Chapter 7 – Public Land Mobile Networks
Communication Networks - 8. Public Land Mobile Networks 303
Overview
1. Fundamentals
2. Global System for Mobile Communications (GSM)
3. General Packet Radio Service (GPRS)
4. Wireless Application Protocol (WAP)
5. Universal Mobile Telecommunication System (UMTS)
6. High Speed Packet Access (HSPA)
7. Long Term Evolution (LTE)
8. 5G / IMT 2020
Communication Networks - 8. Public Land Mobile Networks 304
8.1 Fundamentals of PLMN
Fundamentals
• Public Land Mobile Network (PLMN) Infrastructure Network administered by one provider
Globally unique identifier (also named PLMN) comprising of− Mobile Country Code (MCC) – e.g. Germany: MCC 262− Mobile Network Code (MNC) – e.g. Vodafone in Germany: MNC 02
Network organized inRadio Subsystem including the air interface between mobile device and radio base station (usually wireline) Switching Core Network to forward information between the base
stations or between base station and gateway to a different networkNetwork Control Center for network management and security
Communication Networks - 8. Public Land Mobile Networks 305
Cell-based Structure
Communication Networks - 8. Public Land Mobile Networks 306
8.1 Fundamentals of PLMN
Hexagonal (idealized) shape(cell usually overlap unregularly)
UMTS Network Coverage in Germany
Communication Networks - 8. Public Land Mobile Networks 307
8.1 Fundamentals
http://www.umts-netzabdeckung.com/files/2012/04/4-netze-umts-2-1024x355.jpg
LTE Network Coverage in Germany
Communication Networks - 8. Public Land Mobile Networks 308
8.1 Fundamentals
LTE coverage of Telekom, Vodafone and o2source: teltarif.de
Cell-based Structure – Comparison
Advantages• Limited transmission power and latency due
to smaller distance between mobile end device and base station
• Energy efficiency• Different cell diameters depending on
expected traffic volume (town center vs. Thuringian Forest)
• Reuse of frequencies in remote cells• Increase of simultaneous users (space
multiplex)
Disadvantages• Request for localization mechanism of mobile
devices for incoming call• Need for handover mechanism when mobile
user changes cell • Sustainable planning of cell structure required
considering the considering the following aspects: Expected number of users Effects caused by environment (buildings,
landscape, trees,…) Economy
Communication Networks - 8. Public Land Mobile Networks 309
8.1 Fundamentals
8.1 Fundamentals
Radio Interface
• Licensed frequency bands exclusive use of radio resources• Duplex communication Frequency Division Duplex (FDD): different frequency bands for Uplink and Downlink Time Division Duplex (TDD): different time slots for Uplink and Downlink Combination of FDD and TDD
• Multiplexing of different users in a cell Time multiplex (TDMA) Frequency multiplex (FDMA) Code multiplex (CDMA)
• Different channels for user data and signaling
Communication Networks - 8. Public Land Mobile Networks 310
8.1 Fundamentals
Localisation
• Identifying mobile device by its unique address, e.g. phone number No hint to the current position of the mobile device Provider might also not be known because of number portability
• Mapping of phone number to unique subscriber ID required,which also contains the ID of the provider
• Retrieval of the current position of the device in a (central) data base,which needs to be up-to-date all the time Signaling of mobile device required whenever it changes its position
• Granularity of localization: coverage of the border switch (to avoid too much signaling traffic) Paging of end device required
• Security hazard by overhearing signaling messages Tracking of the end device possible Anonymization of signaling packets
Communication Networks - 8. Public Land Mobile Networks 311
8.1 Fundamentals
Handover / Handoff
• Change of cell / of radio channel at the air interface because of the mobility of the device because of the current network load because of interferences on the currently used channel
• Goal: no interruption of ongoing communication• Three phases:
(1) Diagnosing the necessity of a handovermeasuring channel parameters and handover decision
(2) Identifying and reserving the new channel(3) Switching to the new channel and releasing the old one
• Types of handover (related to phase 3): Hard Handover – bidirectional user data transfer with a single base station at a time Soft Handover – bidirectional user data transfer with several base stations in parallel
Communication Networks - 8. Public Land Mobile Networks 312
Forms of Handover
• Network Controlled Handover Channel measurement in the network Handover decision on the network
side• Network Assisted Handover Channel measurement on both sides
(mobile device and network) Measurement report from the
network to the mobile device Handover decision on the mobile
device
• Mobile Assisted Handover Channel measurement on both sides
(mobile device and network) Measurement report from the mobile
device to the network Handover decision on the network
side• Mobile Controlled Handover Channel measurement on the mobile
device only Handover decision on the mobile
device
Communication Networks - 8. Public Land Mobile Networks 313
8.1 Fundamentals
8.1 Fundamentals
Handover Decision
• Different handover procedures: Horizontal Handover changing the channel within the same networking technology (e.g. LTE) Vertical Handover changing the network channel and the network technology (e.g. LTE WLAN)
• Different parameters to be considered: Channel characteristics (usually to be determined on both sides)
Received Signal Strength (RSS), Signal-to-Noise Ratio (SNR), Bit Error Rate (BER), …
Quality of Service (QoS) characteristics Delay, jitter, throughput, type and number of running applications, number of handovers (Ping Pong effect), …
Parameters on the provider side Current load, load balancing, …
User preferences Costs, preferred provider, …
• Multi-dimensional problem Multi Criteria Decision Making
Communication Networks - 8. Public Land Mobile Networks 314
8.1 Fundamentals
Roaming
• Utilizing communication services not provided by thenetwork provider the user is subscribed to
• Example: Accessibility on the mobile phone in a foreign country worldwide reachability through a unique phone number
• Mutual roaming agreements between two providers• Foreign network must contribute to the localization
of the user / end device• Usually special roaming fees – abandoned in Europe in 2017
Communication Networks - 8. Public Land Mobile Networks 315
8.1 Fundamentals
Security Hazards
• Confidentiality of the radio channel Encryption required
• Authentication When logging in When signaling a new position When paging During handover
• Prohibition of tracking users Anonymization
Communication Networks - 8. Public Land Mobile Networks 316
Network
Simplified Reference Model for Mobile Networks
Communication Networks - 8. Public Land Mobile Networks 317
8.1 Fundamentals
Application
Transport
Network
Data Link
Physical
Medium
Data Link
Physical
Application
Transport
Network
Data Link
Physical
Data Link
Physical
Network
Radio
Aspects of Mobile Communciations
Communication Networks - 8. Public Land Mobile Networks 318
8.1 Fundamentals
Application Layer Localisation of Services New Applications (e.g. Multimedia) Adaptive Applications
Transport Layer Congestion and Flow Control Quality of Service
Network Layer Addressing Routing Localisation of End Devices Handover
Data Link Layer Authentication Multiplexing Medium Access Control
Physical Layer En-/Decryption Modulation Interferences Attenuation
8.1 Fundamentals
Signal Propagation (I)
• Transmission Range Communication possible Low error rate
• Signal Detection Range Detection of signals possible,
but no decoding of signals No communication possible
• Interference Range Signal cannot be detected Signal is part of background noise
Communication Networks - 8. Public Land Mobile Networks 319
Distance
Sender
Transmission
Detection
Interference
8.1 Fundamentals
Signal Propagation (II)
• Free-space propagation in general in a straight line (like light)• Received power decreases with 1/d² (d = distance sender receiver)• Received power additionally affected by Free-space loss (frequency-dependent) Shadowing by obstacles Reflection at surfaces Scattering at small obstacles Diffraction at sharp edges
Communication Networks - 8. Public Land Mobile Networks 320Reflection Scattering DiffractionShadowing
8.1 Fundamentals
Multi Path Propagation
• Signal is received multiple times on different paths due to reflection, scattering anddiffraction
• Time Dispersion: Signal is dispersed in time Interference with neighbor symbols
• Direct and phase-delayed signal components are received Attenuation according to phasing
Communication Networks - 8. Public Land Mobile Networks 321
Sent Signal
Received Signal
8.2 GSM
GSM: Overview
• GSM formerly: Groupe Spéciale Mobile (founded 1982) now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the
European telecommunication administrations (Germany: D1 and D2) seamless roaming within Europe possible
• Today many providers all over the world use GSM (219 countries in Asia, Africa, Europe, Australia, America) more than 4.2 billion subscribers in more than 700 networks more than 75% of all digital mobile phones use GSM over 29 billion SMS in Germany in 2008, (> 10% of the revenues for many operators)
[be aware: these are only rough numbers…] See e.g. www.gsmworld.com/newsroom/market-data/index.htm
Communication Networks - 8. Public Land Mobile Networks 322
Mobile Phone Subscribers Worldwide
Communication Networks - 8. Public Land Mobile Networks 323
8.2 GSM
year
Subs
crib
ers
[mill
ion]
0
200
400
600
800
1000
1200
1400
1600
1996 1997 1998 1999 2000 2001 2002 2003 2004
approx. 1.7 bn
GSM totalTDMA totalCDMA totalPDC totalAnalogue totalW-CDMATotal wirelessPrediction (1998) 2009:
>4 bn!
GSM Subscribers by Region
Communication Networks - 8. Public Land Mobile Networks 324
8.2 GSM
8.2 GSM
Performance Characteristics of GSM
• Communication mobile, wireless communication; support for voice and data services
• Total mobility international access, chip-card enables use of access points of different providers
• Worldwide connectivity one number, the network handles localization
• High capacity better frequency efficiency, smaller cells, more customers per cell
• High transmission quality high audio quality and reliability for wireless, uninterrupted phone calls at higher speeds
(e.g., from cars, trains)• Security functions
access control, authentication via chip-card and PIN
Communication Networks - 8. Public Land Mobile Networks 325
8.2 GSM
Disadvantages of GSM
• There is no perfect system!! no end-to-end encryption of user data
no full ISDN bandwidth of 64 kbit/s to the user, no transparent ISDN-B-channel
• reduced concentration while driving
• electromagnetic radiation
• abuse of private data possible
• roaming profiles accessible
• high complexity of the system
• several incompatibilities within the GSM standards
Communication Networks - 8. Public Land Mobile Networks 326
8.2 GSM
GSM: Mobile Services
• GSM offers several types of connections: voice connections, data connections, short message service multi-service options (combination of basic services)
• Three service domains Bearer Services Telematic Services Supplementary Services
Communication Networks - 8. Public Land Mobile Networks 327
GSM-PLMNtransit
network(PSTN, ISDN)
source/destination
networkTE TE
bearer services
tele services
R, S (U, S, R)Um
MT
MS
8.2 GSM
Bearer Services
• Telecommunication services to transfer data between access points
• Specification of services up to the terminal interface (OSI layers 1-3)
• Different data rates for voice and data (original standard) data service (circuit switched)
synchronous: 2.4, 4.8 or 9.6 kbit/s
asynchronous: 300 - 1200 bit/s
data service (packet switched) synchronous: 2.4, 4.8 or 9.6 kbit/s
asynchronous: 300 - 9600 bit/s
• Today: data rates of approx. 50 kbit/s possible – will be covered later! (even more with new modulation)
Communication Networks - 8. Public Land Mobile Networks 328
8.2 GSM
Tele Services (I)
• Telecommunication services that enable voice communication via mobile phones• All these basic services have to obey cellular functions, security measurements etc.• Offered services Mobile telephony
primary goal of GSM was to enable mobile telephony offering the traditional bandwidth of 3.1 kHz Emergency number
common number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible) Multinumbering
several phone numbers per user possible
Communication Networks - 8. Public Land Mobile Networks 329
8.2 GSM
Tele Services (II)
• Additional services
Non-Voice-Teleservices
group 3 fax
voice mailbox (implemented in the fixed network supporting the mobile terminals)
electronic mail (MHS, Message Handling System, implemented in the fixed network)
...
Short Message Service (SMS)alphanumeric data transmission to/from the mobile terminal (160 characters) using the signaling channel, thus allowing simultaneous use of basic services and SMS(almost ignored in the beginning, later on the most successful add-on!)
Communication Networks - 8. Public Land Mobile Networks 330
8.2 GSM
Supplementary Services
• Services in addition to the basic services, cannot be offered stand-alone
• Similar to ISDN services besides lower bandwidth due to the radio link
• May differ between different service providers, countries and protocol versions
• Important services identification: forwarding of caller number
suppression of number forwarding
automatic call-back
conferencing with up to 7 participants
locking of the mobile terminal (incoming or outgoing calls)
...
Communication Networks - 8. Public Land Mobile Networks 331
8.2 GSM
Architecture of the GSM System
• GSM is a PLMN (Public Land Mobile Network) Several providers setup mobile networks following the GSM standard within each
country Components
MS (mobile station)BS (base station)MSC (mobile (services) switching center) LR (location register)
SubsystemsRSS (radio subsystem): covers all radio aspectsNSS (network and switching subsystem): call forwarding, handover, switchingOSS (operation subsystem): management of the network
Communication Networks - 8. Public Land Mobile Networks 332
Ingredients 1: Mobile Phones, PDAs & Co.
Communication Networks - 8. Public Land Mobile Networks 333
8.2 GSM
The visible but smallestpart of the network!
Ingredients 2: Antennas
Communication Networks - 8. Public Land Mobile Networks 334
8.2 GSM
Still visible – cause many discussions…
Ingredients 3: Infrastructure 1
Communication Networks - 8. Public Land Mobile Networks 335
8.2 GSM
Base Stations
Cabling
Microwave links
Ingredients 3: Infrastructure 2
Communication Networks - 8. Public Land Mobile Networks 336
8.2 GSM
Switching units
Data bases
Management
Monitoring
Not „visible“, but comprise the major part of the network (also from an investment point of view…)
GSM: OverviewOMC Operations and Maintenance
CenterEIR Equipment Identity RegisterAUC Authentication CenterHLR Home Location RegisterVLR Visitor Location RegisterMSC Mobile Services Switching CenterGMSC Gateway MSCBSC Base Station ControlerRSS Radio SubsystemNSS Network and Switching SubsystemOSS Operation Subsystem
Communication Networks - 8. Public Land Mobile Networks 337
8.2 GSM
fixed network
BSC
BSC
MSC MSC
GMSC
OMC, EIR, AUC
VLR
HLRNSSwithOSS
RSS
VLR
GSM: Elements and InterfacesMS Mobile Station
BTS Base Transceiver Station
PSTN Public Switched Telephone Network
PDN Packet Data Network
IWF Interworking Function
Interfaces:
- Abis
- A
- O
Communication Networks - 8. Public Land Mobile Networks 338
8.2 GSM
NSS
MS MS
BTS
BSC
GMSCIWF
OMC
BTS
BSC
MSC MSC
Abis
Um
EIR
HLRVLR VLR
A
BSS
PDNISDN, PSTN
RSS
radio cell
radio cellMS
AUCOSS
signaling
O
GSM: System ArchitectureSS7 Signalling System No. 7
Communication Networks - 8. Public Land Mobile Networks 339
8.2 GSM
Um
Abis
ABSS
radiosubsystem
MS MS
BTSBSC
BTS
BTSBSC
BTS
network andswitching subsystem
MSC
MSC
fixedpartner networks
IWFISDNPSTN
PSPDNCSPDN
SS7
EIR
HLR
VLR
ISDNPSTN
8.2 GSM
System Architecture: Radio Subsystem
• Components MS (Mobile Station) BSS (Base Station Subsystem):
consisting ofBTS (Base Transceiver Station): sender and receiverBSC (Base Station Controller): controlling several
transceivers
• Interfaces Um : radio interface Abis : standardized, open interface with
16 kbit/s user channels A: standardized, open interface with
64 kbit/s user channelsCommunication Networks - 8. Public Land Mobile Networks 340
Um
Abis
A
BSS
radiosubsystem
network and switchingsubsystem
MS MS
BTSBSC MSC
BTS
BTSBSC
BTSMSC
8.2 GSM
System Architecture: Network and Switching Subsystem
• Components• MSC (Mobile Services Switching Center)• IWF (Interworking Functions)• ISDN (Integrated Services Digital Network)• PSTN (Public Switched Telephone Network)• PSPDN (Packet Switched Public Data Network)• CSPDN (Circuit Switched Public Data Network)
• Databases• HLR (Home Location Register)• VLR (Visitor Location Register)• EIR (Equipment Identity Register)
Communication Networks - 8. Public Land Mobile Networks 341
networksubsystem
MSC
MSC
fixed partnernetworks
IWF
ISDNPSTNPSPDNCSPDN
SS7
EIR
HLR
VLR
ISDNPSTN
8.2 GSM
Radio Subsystem
• The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers
• Components Base Station Subsystem (BSS):
Base Transceiver Station (BTS): radio components including sender, receiver, antenna if directed antennas are used one BTS can cover several cells
Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels (Um) onto terrestrial channels (A interface)
BSS = BSC + sum(BTS) + interconnection
Mobile Stations (MS)
Communication Networks - 8. Public Land Mobile Networks 342
8.2 GSM
GSM: Cellular Network
• Use of several carrier frequencies• Not the same frequency in adjoining cells• Cell sizes vary from some 100 m up to 35 km
depending on user density, geography, transceiver power etc.• Hexagonal shape of cells is idealized (cells overlap, shapes depend on geography)• If a mobile user changes cells, handover of the connection to the neighbor cell
Communication Networks - 8. Public Land Mobile Networks 343
possible radio coverage of the cell
idealized shape of the cellcell
segmentation of the area into cells
8.2 GSM
GSM Frequency Bands (Examples)
Type Channels Uplink [MHz] Downlink [MHz]
GSM 850 128-251 824-849 869-894
GSM 900classicalextended
0-124, 955-1023124 channels+49 channels
876-915890-915880-915
921-960935-960925-960
GSM 1800 512-885 1710-1785 1805-1880GSM 1900 512-810 1850-1910 1930-1990
GSM-Rexclusive
955-1024, 0-12469 channels
876-915876-880
921-960921-925
Communication Networks - 8. Public Land Mobile Networks 344
- Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz)- Please note: frequency ranges may vary depending on the country!- Channels at the lower/upper edge of a frequency band are typically not used
Example Coverage of GSM NetworksSee www.gsmworld.com
Communication Networks - 8. Public Land Mobile Networks 345
8.2 GSM
T-Mobile (GSM-900/1800) Germany O2 (GSM-1800) Germany
AT&T (GSM-850/1900) USA Vodacom (GSM-900) South Africa
Coverage Close to IlmenauSee www.gsmworld.com
Communication Networks - 8. Public Land Mobile Networks 346
8.2 GSM
e-plus (GSM-1800)
D1 (GSM-900) around Ilmenau
O2 (GSM-1800)
Vodafone D2 (GSM-900)
8.2 GSM
Base Transceiver Station and Base Station Controller
• Tasks of a BSS are distributed over BSC and BTS
• BTS comprises radio specific functions
• BSC is the switching center for radio channels
Communication Networks - 8. Public Land Mobile Networks 347
Functions BTS BSCManagement of radio channels XFrequency hopping (FH) X XManagement of terrestrial channels XMapping of terrestrial onto radio channels XChannel coding and decoding XRate adaptation XEncryption and decryption X XPaging X XUplink signal measurements XTraffic measurement XAuthentication XLocation registry, location update XHandover management X
8.2 GSM
Mobile Station
• Terminal for the use of GSM services• A mobile station (MS) comprises several
functional groups MT (Mobile Terminal):
offers common functions used by all services the MS offers corresponds to the network termination (NT) of an ISDN access end-point of the radio interface (Um)
TA (Terminal Adapter): terminal adaptation, hides radio specific characteristics
TE (Terminal Equipment): peripheral device of the MS, offers services to a user does not contain GSM specific functions
SIM (Subscriber Identity Module): personalization of the mobile terminal, stores user parameters
Communication Networks - 8. Public Land Mobile Networks 348
R S UmTE TA MT
8.2 GSM
Network and Switching Subsystem
• NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks, system control
• Components Mobile Services Switching Center (MSC)
controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC
Databases (important: scalability, high capacity, low delay) Home Location Register (HLR)
central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs)
Visitor Location Register (VLR)local database for a subset of user data, including data about all user currently in the domain of the VLR
Communication Networks - 8. Public Land Mobile Networks 349
8.2 GSM
Mobile Services Switching Center• The MSC (mobile services switching center) plays a central role in GSM
switching functions additional functions for mobility support management of network resources interworking functions via Gateway MSC (GMSC) integration of several databases
• Functions of a MSC specific functions for paging and call forwarding termination of SS7 (signaling system no. 7) mobility specific signaling location registration and forwarding of location information provision of new services (fax, data calls) support of short message service (SMS) generation and forwarding of accounting and billing information
Communication Networks - 8. Public Land Mobile Networks 350
8.2 GSM
Operation Subsystem
• The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems
• Components Authentication Center (AUC)
generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption
of user data on the air interface within the GSM system Equipment Identity Register (EIR)
registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized
Operation and Maintenance Center (OMC)different control capabilities for the radio subsystem and the network subsystem
Communication Networks - 8. Public Land Mobile Networks 351
GSM - TDMA/FDMA
Communication Networks - 8. Public Land Mobile Networks 352
8.2 GSM
935 -960 MHz, 124 Channels à 200 kHz, Downlink
890 -915 MHz, 124 Channels à 200 kHz, Uplink
time
frequency
1 2 3 4 5 6 7 84.615 ms
Tail User Data S Training S User Data TailGuardSpace15.25 µs
GuardSpace15.25 µs
3 bits 57 bits 1 bit 26 bits 1 bit 57 bits 3 bits
GSM time slot (normal burst)
577 µs
GSM Hierarchy of Frames
Communication Networks - 8. Public Land Mobile Networks 353
8.2 GSM
0 1 2 2045 2046 2047...
hyperframe
0 1 2 48 49 50...
0 1 24 25...
superframe
0 1 24 25...
0 1 2 48 49 50...
0 1 6 7...
multiframe
frame
burstslot
577 µs
4.615 ms
120 ms
235.4 ms
6.12 s
3 h 28 min 53.76 s
GSM Protocol Layers for Signaling
Communication Networks - 8. Public Land Mobile Networks 354
8.2 GSM
CM
MM
RR
LAPDm
Radio
LAPDm
Radio
RR’ BTSM
CM
LAPD
PCM
RR’BTSM
16/64 kbit/s
Um Abis A
64 kbit/s /2.048 Mbit/s
MS BTS BSC MSC
BSSAP
LAPD
PCM
SS7
PCM
MM
BSSAP
SS7
PCM
8.2 GSM
Mobile Terminated Call (MTC)
• 1: calling a GSM subscriber• 2: forwarding call to GMSC• 3: signal call setup to HLR• 4, 5: request MSRN from VLR• 6: forward responsible MSC to GMSC• 7: forward call to current MSC• 8, 9: get current status of MS• 10, 11: paging of MS• 12, 13: MS answers• 14, 15: security checks• 16, 17: set up connection
Communication Networks - 8. Public Land Mobile Networks 355
PSTN2
3
45
67
8 9
10
11 12
131610 10
14 15
17
CallingStation
1
HLR VLR
MS
BSS
GMSC MSC
BSSBSS
8.2 GSM
Mobile Originated Call (MOC)
• 1, 2: connection request• 3, 4: security check• 5-8: check resources (free circuit)• 9-10: set up call
Communication Networks - 8. Public Land Mobile Networks 356
PSTN
1
2
6 53 4
9
10
7 8
VLR
MS
GMSC MSC
BSS
MTC/MOCMTC Mobile Terminated Call
MOC Mobile Originated Call
Communication Networks - 8. Public Land Mobile Networks 357
8.2 GSM
BTSMS
paging request
channel request
immediate assignment
paging response
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
MS channel request
immediate assignment
service request
authentication request
authentication response
ciphering command
ciphering complete
setup
call confirmed
assignment command
assignment complete
alerting
connect
connect acknowledge
data/speech exchange
MTC MOC
BTS
Four Types of Handover
Communication Networks - 8. Public Land Mobile Networks 358
82. GSM
MSC MSC
BSC BSCBSC
BTS BTS BTSBTS
MS MS MS MS
12 3 4
8.2 GSM
Handover Decision
Communication Networks - 8. Public Land Mobile Networks 359
Received Signal StrengthBTSold
Received Signal StrengthBTSnew
MS MS
HO_MARGIN
BTSold BTSnew
Handover to BTSnew
Handover Procedure
Communication Networks - 8. Public Land Mobile Networks 360
8.2 GSM
HO access
BTSold BSCnew
measurementresult
BSCold
Link establishment
MSCMSmeasurementreport
HO decisionHO required
BTSnew
HO request
resource allocationch. activation
ch. activation ackHO request ackHO commandHO commandHO command
HO completeHO completeclear commandclear command
clear complete clear complete
8.2 GSM
Security in GSM
• Security services Access Control/Authentication
user → SIM (Subscriber Identity Module): secret PIN (Personal Identification Number) SIM → network: challenge response method
Confidentiality voice and signaling encrypted on the wireless link (after successful authentication)
Anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission
• Three algorithms specified in GSM A3 for authentication (“secret”, open interface) A5 for encryption (standardized) A8 for key generation (“secret”, open interface)
Communication Networks - 8. Public Land Mobile Networks 361
“secret”:• A3 and A8 available via
Internet• Network providers can use
stronger mechanisms
GSM - Authentication
Communication Networks - 8. Public Land Mobile Networks 362
8.2 GSM
A3
RANDKi
128 bit 128 bit
SRES* 32 bit
A3
RAND Ki
128 bit 128 bit
SRES 32 bit
SRES* =? SRES SRES
RAND
SRES32 bit
mobile network SIM
AC
MSC
SIM
Ki: individual subscriber authentication key SRES: signed response
GSM - Key Generation and Encryption
Communication Networks - 8. Public Land Mobile Networks 363
8.2 GSM
A8
RANDKi
128 bit 128 bit
Kc64 bit
A8
RAND Ki
128 bit 128 bit
SRES
RAND
encrypteddata
mobile network (BTS) MS with SIM
AUC
BSS
SIM
A5
Kc64 bit
A5MS
data data
cipherKey Kc