Communication Networksmidas1.e-technik.tu-ilmenau.de/~webkn/Webdaten/Lehre/WS2019... ·...

Communication Networks

Chapter 7 – Public Land Mobile Networks

Communication Networks - 8. Public Land Mobile Networks 303

Overview

1. Fundamentals

2. Global System for Mobile Communications (GSM)

3. General Packet Radio Service (GPRS)

4. Wireless Application Protocol (WAP)

5. Universal Mobile Telecommunication System (UMTS)

6. High Speed Packet Access (HSPA)

7. Long Term Evolution (LTE)

8. 5G / IMT 2020


8.1 Fundamentals of PLMN

Fundamentals

• Public Land Mobile Network (PLMN) Infrastructure Network administered by one provider

Globally unique identifier (also named PLMN) comprising of− Mobile Country Code (MCC) – e.g. Germany: MCC 262− Mobile Network Code (MNC) – e.g. Vodafone in Germany: MNC 02

Network organized inRadio Subsystem including the air interface between mobile device and radio base station (usually wireline) Switching Core Network to forward information between the base

stations or between base station and gateway to a different networkNetwork Control Center for network management and security


Cell-based Structure


8.1 Fundamentals of PLMN

Hexagonal (idealized) shape(cell usually overlap unregularly)

UMTS Network Coverage in Germany


8.1 Fundamentals

http://www.umts-netzabdeckung.com/files/2012/04/4-netze-umts-2-1024x355.jpg

LTE Network Coverage in Germany


8.1 Fundamentals

LTE coverage of Telekom, Vodafone and o2source: teltarif.de

Cell-based Structure – Comparison

Advantages• Limited transmission power and latency due

to smaller distance between mobile end device and base station

• Energy efficiency• Different cell diameters depending on

expected traffic volume (town center vs. Thuringian Forest)

• Reuse of frequencies in remote cells• Increase of simultaneous users (space

multiplex)

Disadvantages• Request for localization mechanism of mobile

devices for incoming call• Need for handover mechanism when mobile

user changes cell • Sustainable planning of cell structure required

considering the considering the following aspects: Expected number of users Effects caused by environment (buildings,

landscape, trees,…) Economy


8.1 Fundamentals

8.1 Fundamentals

Radio Interface

• Licensed frequency bands exclusive use of radio resources• Duplex communication Frequency Division Duplex (FDD): different frequency bands for Uplink and Downlink Time Division Duplex (TDD): different time slots for Uplink and Downlink Combination of FDD and TDD

• Multiplexing of different users in a cell Time multiplex (TDMA) Frequency multiplex (FDMA) Code multiplex (CDMA)

• Different channels for user data and signaling


8.1 Fundamentals

Localisation

• Identifying mobile device by its unique address, e.g. phone number No hint to the current position of the mobile device Provider might also not be known because of number portability

• Mapping of phone number to unique subscriber ID required,which also contains the ID of the provider

• Retrieval of the current position of the device in a (central) data base,which needs to be up-to-date all the time Signaling of mobile device required whenever it changes its position

• Granularity of localization: coverage of the border switch (to avoid too much signaling traffic) Paging of end device required

• Security hazard by overhearing signaling messages Tracking of the end device possible Anonymization of signaling packets


8.1 Fundamentals

Handover / Handoff

• Change of cell / of radio channel at the air interface because of the mobility of the device because of the current network load because of interferences on the currently used channel

• Goal: no interruption of ongoing communication• Three phases:

(1) Diagnosing the necessity of a handovermeasuring channel parameters and handover decision

(2) Identifying and reserving the new channel(3) Switching to the new channel and releasing the old one

• Types of handover (related to phase 3): Hard Handover – bidirectional user data transfer with a single base station at a time Soft Handover – bidirectional user data transfer with several base stations in parallel


Forms of Handover

• Network Controlled Handover Channel measurement in the network Handover decision on the network

side• Network Assisted Handover Channel measurement on both sides

(mobile device and network) Measurement report from the

network to the mobile device Handover decision on the mobile

device

• Mobile Assisted Handover Channel measurement on both sides

(mobile device and network) Measurement report from the mobile

device to the network Handover decision on the network

side• Mobile Controlled Handover Channel measurement on the mobile

device only Handover decision on the mobile

device


8.1 Fundamentals

8.1 Fundamentals

Handover Decision

• Different handover procedures: Horizontal Handover changing the channel within the same networking technology (e.g. LTE) Vertical Handover changing the network channel and the network technology (e.g. LTE WLAN)

• Different parameters to be considered: Channel characteristics (usually to be determined on both sides)

Received Signal Strength (RSS), Signal-to-Noise Ratio (SNR), Bit Error Rate (BER), …

Quality of Service (QoS) characteristics Delay, jitter, throughput, type and number of running applications, number of handovers (Ping Pong effect), …

Parameters on the provider side Current load, load balancing, …

User preferences Costs, preferred provider, …

• Multi-dimensional problem Multi Criteria Decision Making


8.1 Fundamentals

Roaming

• Utilizing communication services not provided by thenetwork provider the user is subscribed to

• Example: Accessibility on the mobile phone in a foreign country worldwide reachability through a unique phone number

• Mutual roaming agreements between two providers• Foreign network must contribute to the localization

of the user / end device• Usually special roaming fees – abandoned in Europe in 2017


8.1 Fundamentals

Security Hazards

• Confidentiality of the radio channel Encryption required

• Authentication When logging in When signaling a new position When paging During handover

• Prohibition of tracking users Anonymization


Network

Simplified Reference Model for Mobile Networks


8.1 Fundamentals

Application

Transport

Network

Data Link

Physical

Medium

Data Link

Physical

Application

Transport

Network

Data Link

Physical

Data Link

Physical

Network

Radio

Aspects of Mobile Communciations


8.1 Fundamentals

Application Layer Localisation of Services New Applications (e.g. Multimedia) Adaptive Applications

Transport Layer Congestion and Flow Control Quality of Service

Network Layer Addressing Routing Localisation of End Devices Handover

Data Link Layer Authentication Multiplexing Medium Access Control

Physical Layer En-/Decryption Modulation Interferences Attenuation

8.1 Fundamentals

Signal Propagation (I)

• Transmission Range Communication possible Low error rate

• Signal Detection Range Detection of signals possible,

but no decoding of signals No communication possible

• Interference Range Signal cannot be detected Signal is part of background noise


Distance

Sender

Transmission

Detection

Interference

8.1 Fundamentals

Signal Propagation (II)

• Free-space propagation in general in a straight line (like light)• Received power decreases with 1/d² (d = distance sender receiver)• Received power additionally affected by Free-space loss (frequency-dependent) Shadowing by obstacles Reflection at surfaces Scattering at small obstacles Diffraction at sharp edges

Communication Networks - 8. Public Land Mobile Networks 320Reflection Scattering DiffractionShadowing

8.1 Fundamentals

Multi Path Propagation

• Signal is received multiple times on different paths due to reflection, scattering anddiffraction

• Time Dispersion: Signal is dispersed in time Interference with neighbor symbols

• Direct and phase-delayed signal components are received Attenuation according to phasing


Sent Signal

Received Signal

8.2 GSM

GSM: Overview

• GSM formerly: Groupe Spéciale Mobile (founded 1982) now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the

European telecommunication administrations (Germany: D1 and D2) seamless roaming within Europe possible

• Today many providers all over the world use GSM (219 countries in Asia, Africa, Europe, Australia, America) more than 4.2 billion subscribers in more than 700 networks more than 75% of all digital mobile phones use GSM over 29 billion SMS in Germany in 2008, (> 10% of the revenues for many operators)

[be aware: these are only rough numbers…] See e.g. www.gsmworld.com/newsroom/market-data/index.htm


http://www.gsmworld.com/newsroom/market-data/index.htm

Mobile Phone Subscribers Worldwide


8.2 GSM

year

Subs

crib

ers

[mill

ion]

0

200

400

600

800

1000

1200

1400

1600

1996 1997 1998 1999 2000 2001 2002 2003 2004

approx. 1.7 bn

GSM totalTDMA totalCDMA totalPDC totalAnalogue totalW-CDMATotal wirelessPrediction (1998) 2009:

>4 bn!

GSM Subscribers by Region


8.2 GSM

8.2 GSM

Performance Characteristics of GSM

• Communication mobile, wireless communication; support for voice and data services

• Total mobility international access, chip-card enables use of access points of different providers

• Worldwide connectivity one number, the network handles localization

• High capacity better frequency efficiency, smaller cells, more customers per cell

• High transmission quality high audio quality and reliability for wireless, uninterrupted phone calls at higher speeds

(e.g., from cars, trains)• Security functions

access control, authentication via chip-card and PIN


8.2 GSM

Disadvantages of GSM

• There is no perfect system!! no end-to-end encryption of user data

no full ISDN bandwidth of 64 kbit/s to the user, no transparent ISDN-B-channel

• reduced concentration while driving

• electromagnetic radiation

• abuse of private data possible

• roaming profiles accessible

• high complexity of the system

• several incompatibilities within the GSM standards


8.2 GSM

GSM: Mobile Services

• GSM offers several types of connections: voice connections, data connections, short message service multi-service options (combination of basic services)

• Three service domains Bearer Services Telematic Services Supplementary Services


GSM-PLMNtransit

network(PSTN, ISDN)

source/destination

networkTE TE

bearer services

tele services

R, S (U, S, R)Um

MT

MS

8.2 GSM

Bearer Services

• Telecommunication services to transfer data between access points

• Specification of services up to the terminal interface (OSI layers 1-3)

• Different data rates for voice and data (original standard) data service (circuit switched)

synchronous: 2.4, 4.8 or 9.6 kbit/s

asynchronous: 300 - 1200 bit/s

data service (packet switched) synchronous: 2.4, 4.8 or 9.6 kbit/s

asynchronous: 300 - 9600 bit/s

• Today: data rates of approx. 50 kbit/s possible – will be covered later! (even more with new modulation)


8.2 GSM

Tele Services (I)

• Telecommunication services that enable voice communication via mobile phones• All these basic services have to obey cellular functions, security measurements etc.• Offered services Mobile telephony

primary goal of GSM was to enable mobile telephony offering the traditional bandwidth of 3.1 kHz Emergency number

common number throughout Europe (112); mandatory for all service providers; free of charge; connection with the highest priority (preemption of other connections possible) Multinumbering

several phone numbers per user possible


8.2 GSM

Tele Services (II)

• Additional services

Non-Voice-Teleservices

group 3 fax

voice mailbox (implemented in the fixed network supporting the mobile terminals)

electronic mail (MHS, Message Handling System, implemented in the fixed network)

...

Short Message Service (SMS)alphanumeric data transmission to/from the mobile terminal (160 characters) using the signaling channel, thus allowing simultaneous use of basic services and SMS(almost ignored in the beginning, later on the most successful add-on!)


8.2 GSM

Supplementary Services

• Services in addition to the basic services, cannot be offered stand-alone

• Similar to ISDN services besides lower bandwidth due to the radio link

• May differ between different service providers, countries and protocol versions

• Important services identification: forwarding of caller number

suppression of number forwarding

automatic call-back

conferencing with up to 7 participants

locking of the mobile terminal (incoming or outgoing calls)

...


8.2 GSM

Architecture of the GSM System

• GSM is a PLMN (Public Land Mobile Network) Several providers setup mobile networks following the GSM standard within each

country Components

MS (mobile station)BS (base station)MSC (mobile (services) switching center) LR (location register)

SubsystemsRSS (radio subsystem): covers all radio aspectsNSS (network and switching subsystem): call forwarding, handover, switchingOSS (operation subsystem): management of the network


Ingredients 1: Mobile Phones, PDAs & Co.


8.2 GSM

The visible but smallestpart of the network!

Ingredients 2: Antennas


8.2 GSM

Still visible – cause many discussions…

Ingredients 3: Infrastructure 1


8.2 GSM

Base Stations

Cabling

Microwave links

Ingredients 3: Infrastructure 2


8.2 GSM

Switching units

Data bases

Management

Monitoring

Not „visible“, but comprise the major part of the network (also from an investment point of view…)

GSM: OverviewOMC Operations and Maintenance

CenterEIR Equipment Identity RegisterAUC Authentication CenterHLR Home Location RegisterVLR Visitor Location RegisterMSC Mobile Services Switching CenterGMSC Gateway MSCBSC Base Station ControlerRSS Radio SubsystemNSS Network and Switching SubsystemOSS Operation Subsystem


8.2 GSM

fixed network

BSC

BSC

MSC MSC

GMSC

OMC, EIR, AUC

VLR

HLRNSSwithOSS

RSS

VLR

GSM: Elements and InterfacesMS Mobile Station

BTS Base Transceiver Station

PSTN Public Switched Telephone Network

PDN Packet Data Network

IWF Interworking Function

Interfaces:

- Abis

- A

- O


8.2 GSM

NSS

MS MS

BTS

BSC

GMSCIWF

OMC

BTS

BSC

MSC MSC

Abis

Um

EIR

HLRVLR VLR

A

BSS

PDNISDN, PSTN

RSS

radio cell

radio cellMS

AUCOSS

signaling

O

GSM: System ArchitectureSS7 Signalling System No. 7


8.2 GSM

Um

Abis

ABSS

radiosubsystem

MS MS

BTSBSC

BTS

BTSBSC

BTS

network andswitching subsystem

MSC

MSC

fixedpartner networks

IWFISDNPSTN

PSPDNCSPDN

SS7

EIR

HLR

VLR

ISDNPSTN

8.2 GSM

System Architecture: Radio Subsystem

• Components MS (Mobile Station) BSS (Base Station Subsystem):

consisting ofBTS (Base Transceiver Station): sender and receiverBSC (Base Station Controller): controlling several

transceivers

• Interfaces Um : radio interface Abis : standardized, open interface with

16 kbit/s user channels A: standardized, open interface with

64 kbit/s user channelsCommunication Networks - 8. Public Land Mobile Networks 340

Um

Abis

A

BSS

radiosubsystem

network and switchingsubsystem

MS MS

BTSBSC MSC

BTS

BTSBSC

BTSMSC

8.2 GSM

System Architecture: Network and Switching Subsystem

• Components• MSC (Mobile Services Switching Center)• IWF (Interworking Functions)• ISDN (Integrated Services Digital Network)• PSTN (Public Switched Telephone Network)• PSPDN (Packet Switched Public Data Network)• CSPDN (Circuit Switched Public Data Network)

• Databases• HLR (Home Location Register)• VLR (Visitor Location Register)• EIR (Equipment Identity Register)


networksubsystem

MSC

MSC

fixed partnernetworks

IWF

ISDNPSTNPSPDNCSPDN

SS7

EIR

HLR

VLR

ISDNPSTN

8.2 GSM

Radio Subsystem

• The Radio Subsystem (RSS) comprises the cellular mobile network up to the switching centers

• Components Base Station Subsystem (BSS):

Base Transceiver Station (BTS): radio components including sender, receiver, antenna if directed antennas are used one BTS can cover several cells

Base Station Controller (BSC): switching between BTSs, controlling BTSs, managing of network resources, mapping of radio channels (Um) onto terrestrial channels (A interface)

BSS = BSC + sum(BTS) + interconnection

Mobile Stations (MS)


8.2 GSM

GSM: Cellular Network

• Use of several carrier frequencies• Not the same frequency in adjoining cells• Cell sizes vary from some 100 m up to 35 km

depending on user density, geography, transceiver power etc.• Hexagonal shape of cells is idealized (cells overlap, shapes depend on geography)• If a mobile user changes cells, handover of the connection to the neighbor cell


possible radio coverage of the cell

idealized shape of the cellcell

segmentation of the area into cells

8.2 GSM

GSM Frequency Bands (Examples)

Type Channels Uplink [MHz] Downlink [MHz]

GSM 850 128-251 824-849 869-894

GSM 900classicalextended

0-124, 955-1023124 channels+49 channels

876-915890-915880-915

921-960935-960925-960

GSM 1800 512-885 1710-1785 1805-1880GSM 1900 512-810 1850-1910 1930-1990

GSM-Rexclusive

955-1024, 0-12469 channels

876-915876-880

921-960921-925


- Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz)- Please note: frequency ranges may vary depending on the country!- Channels at the lower/upper edge of a frequency band are typically not used

Example Coverage of GSM NetworksSee www.gsmworld.com


8.2 GSM

T-Mobile (GSM-900/1800) Germany O2 (GSM-1800) Germany

AT&T (GSM-850/1900) USA Vodacom (GSM-900) South Africa

Coverage Close to IlmenauSee www.gsmworld.com


8.2 GSM

e-plus (GSM-1800)

D1 (GSM-900) around Ilmenau

O2 (GSM-1800)

Vodafone D2 (GSM-900)

8.2 GSM

Base Transceiver Station and Base Station Controller

• Tasks of a BSS are distributed over BSC and BTS

• BTS comprises radio specific functions

• BSC is the switching center for radio channels


Functions BTS BSCManagement of radio channels XFrequency hopping (FH) X XManagement of terrestrial channels XMapping of terrestrial onto radio channels XChannel coding and decoding XRate adaptation XEncryption and decryption X XPaging X XUplink signal measurements XTraffic measurement XAuthentication XLocation registry, location update XHandover management X

8.2 GSM

Mobile Station

• Terminal for the use of GSM services• A mobile station (MS) comprises several

functional groups MT (Mobile Terminal):

offers common functions used by all services the MS offers corresponds to the network termination (NT) of an ISDN access end-point of the radio interface (Um)

TA (Terminal Adapter): terminal adaptation, hides radio specific characteristics

TE (Terminal Equipment): peripheral device of the MS, offers services to a user does not contain GSM specific functions

SIM (Subscriber Identity Module): personalization of the mobile terminal, stores user parameters


R S UmTE TA MT

8.2 GSM

Network and Switching Subsystem

• NSS is the main component of the public mobile network GSM switching, mobility management, interconnection to other networks, system control

• Components Mobile Services Switching Center (MSC)

controls all connections via a separated network to/from a mobile terminal within the domain of the MSC - several BSC can belong to a MSC

Databases (important: scalability, high capacity, low delay) Home Location Register (HLR)

central master database containing user data, permanent and semi-permanent data of all subscribers assigned to the HLR (one provider can have several HLRs)

Visitor Location Register (VLR)local database for a subset of user data, including data about all user currently in the domain of the VLR


8.2 GSM

Mobile Services Switching Center• The MSC (mobile services switching center) plays a central role in GSM

switching functions additional functions for mobility support management of network resources interworking functions via Gateway MSC (GMSC) integration of several databases

• Functions of a MSC specific functions for paging and call forwarding termination of SS7 (signaling system no. 7) mobility specific signaling location registration and forwarding of location information provision of new services (fax, data calls) support of short message service (SMS) generation and forwarding of accounting and billing information


8.2 GSM

Operation Subsystem

• The OSS (Operation Subsystem) enables centralized operation, management, and maintenance of all GSM subsystems

• Components Authentication Center (AUC)

generates user specific authentication parameters on request of a VLR authentication parameters used for authentication of mobile terminals and encryption

of user data on the air interface within the GSM system Equipment Identity Register (EIR)

registers GSM mobile stations and user rights stolen or malfunctioning mobile stations can be locked and sometimes even localized

Operation and Maintenance Center (OMC)different control capabilities for the radio subsystem and the network subsystem


GSM - TDMA/FDMA


8.2 GSM

935 -960 MHz, 124 Channels à 200 kHz, Downlink

890 -915 MHz, 124 Channels à 200 kHz, Uplink

time

frequency

1 2 3 4 5 6 7 84.615 ms

Tail User Data S Training S User Data TailGuardSpace15.25 µs

GuardSpace15.25 µs

3 bits 57 bits 1 bit 26 bits 1 bit 57 bits 3 bits

GSM time slot (normal burst)

577 µs

GSM Hierarchy of Frames


8.2 GSM

0 1 2 2045 2046 2047...

hyperframe

0 1 2 48 49 50...

0 1 24 25...

superframe

0 1 24 25...

0 1 2 48 49 50...

0 1 6 7...

multiframe

frame

burstslot

577 µs

4.615 ms

120 ms

235.4 ms

6.12 s

3 h 28 min 53.76 s

GSM Protocol Layers for Signaling


8.2 GSM

CM

MM

RR

LAPDm

Radio

LAPDm

Radio

RR’ BTSM

CM

LAPD

PCM

RR’BTSM

16/64 kbit/s

Um Abis A

64 kbit/s /2.048 Mbit/s

MS BTS BSC MSC

BSSAP

LAPD

PCM

SS7

PCM

MM

BSSAP

SS7

PCM

8.2 GSM

Mobile Terminated Call (MTC)

• 1: calling a GSM subscriber• 2: forwarding call to GMSC• 3: signal call setup to HLR• 4, 5: request MSRN from VLR• 6: forward responsible MSC to GMSC• 7: forward call to current MSC• 8, 9: get current status of MS• 10, 11: paging of MS• 12, 13: MS answers• 14, 15: security checks• 16, 17: set up connection


PSTN2

3

45

67

8 9

10

11 12

131610 10

14 15

17

CallingStation

1

HLR VLR

MS

BSS

GMSC MSC

BSSBSS

8.2 GSM

Mobile Originated Call (MOC)

• 1, 2: connection request• 3, 4: security check• 5-8: check resources (free circuit)• 9-10: set up call


PSTN

1

2

6 53 4

9

10

7 8

VLR

MS

GMSC MSC

BSS

MTC/MOCMTC Mobile Terminated Call

MOC Mobile Originated Call


8.2 GSM

BTSMS

paging request

channel request

immediate assignment

paging response

authentication request

authentication response

ciphering command

ciphering complete

setup

call confirmed

assignment command

assignment complete

alerting

connect

connect acknowledge

data/speech exchange

MS channel request

immediate assignment

service request

authentication request

authentication response

ciphering command

ciphering complete

setup

call confirmed

assignment command

assignment complete

alerting

connect

connect acknowledge

data/speech exchange

MTC MOC

BTS

Four Types of Handover


82. GSM

MSC MSC

BSC BSCBSC

BTS BTS BTSBTS

MS MS MS MS

12 3 4

8.2 GSM

Handover Decision


Received Signal StrengthBTSold

Received Signal StrengthBTSnew

MS MS

HO_MARGIN

BTSold BTSnew

Handover to BTSnew

Handover Procedure


8.2 GSM

HO access

BTSold BSCnew

measurementresult

BSCold

Link establishment

MSCMSmeasurementreport

HO decisionHO required

BTSnew

HO request

resource allocationch. activation

ch. activation ackHO request ackHO commandHO commandHO command

HO completeHO completeclear commandclear command

clear complete clear complete

8.2 GSM

Security in GSM

• Security services Access Control/Authentication

user → SIM (Subscriber Identity Module): secret PIN (Personal Identification Number) SIM → network: challenge response method

Confidentiality voice and signaling encrypted on the wireless link (after successful authentication)

Anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission

• Three algorithms specified in GSM A3 for authentication (“secret”, open interface) A5 for encryption (standardized) A8 for key generation (“secret”, open interface)


“secret”:• A3 and A8 available via

Internet• Network providers can use

stronger mechanisms

GSM - Authentication


8.2 GSM

A3

RANDKi

128 bit 128 bit

SRES* 32 bit

A3

RAND Ki

128 bit 128 bit

SRES 32 bit

SRES* =? SRES SRES

RAND

SRES32 bit

mobile network SIM

AC

MSC

SIM

Ki: individual subscriber authentication key SRES: signed response

GSM - Key Generation and Encryption


8.2 GSM

A8

RANDKi

128 bit 128 bit

Kc64 bit

A8

RAND Ki

128 bit 128 bit

SRES

RAND

encrypteddata

mobile network (BTS) MS with SIM

AUC

BSS

SIM

A5

Kc64 bit

A5MS

data data

cipherKey Kc

Date post:	16-Apr-2020
Category:	Documents
Upload:	others
View:	8 times
Download:	0 times

Communication Networksmidas1.e-technik.tu-ilmenau.de/~webkn/Webdaten/Lehre/WS2019... ·...

Documents