8/10/2019 Cellular Communication Ppt
1/48
Cellular Communication
Vidya Sagar
8/10/2019 Cellular Communication Ppt
2/48
Evolution to cellular networks
communication anytime, anywhere radio communication was invented by Nokola Tesla and Guglielmo
Marconi: in 1893, Nikola Tesla made the first public demonstration ofwireless (radio) telegraphy; Guglielmo Marconi conducted long ditance(over see) telegraphy 1897
in 1940 the first walkie-talkie was used by the US military
in 1947, John Bardeen and Walter Brattain from AT&Ts Bell Labs inventedthe transistor (semiconductor device used to amplify and switch electronicsignals)
AT&T introduced commercial radio comm.: car phonetwo way radio linkto the local phone network
in 1979 the first commercial cellular phone service was launched by theNordic Mobile Telephone (in Finland, Sweden, Norway, Denmark).
8/10/2019 Cellular Communication Ppt
3/48
Cellular systems generations 1G (first generation)voice-oriented systems based on
analog technology; ex.: Advanced Mobile Phone Systems(AMPS) and cordless systems
2G (second generation) - voice-oriented systems basedon digital technology; more efficient and used lessspectrum than 1G; ex.: Global System for Mobile (GSM)and US Time Division Multiple Access (US-TDMA)
3G (third generation)high-speed voice-oriented
systems integrated with data services; ex.: GeneralPacket Radio Service (GPRS), Code Division MultipleAccess (CDMA)
4G (fourth generation)still experimental, not deployedyet; based on Internet protocol networks and will providevoice, data and multimedia service to subscribers
8/10/2019 Cellular Communication Ppt
4/48
Frequency reuse is a method used by service providers to improve the
efficiency of a cellular network and to serve millions ofsubscribers using a limited radio spectrum
is based on the fact that after a distance a radio wavegets attenuated and the signal falls bellow a pointwhere it can no longer be used or cause anyinterference
a transmitter transmitting in a specific frequency rangewill have only a limited coverage area
beyond this coverage area, that frequency can bereused by another transmitter
8/10/2019 Cellular Communication Ppt
5/48
Network Cells the entire network coverage area is divided into cells
based on the principle of frequency reuse
a cell = basic geographical unit of a cellular network; isthe area around an antenna where a specific frequencyrange is used; is represented graphically as a hexagonalshape, but in reality it is irregular in shape
when a subscriber moves to another cell, the antenna ofthe new cell takes over the signal transmission
a cluster is a group of adiacent cells, usually 7 cells; nofrequency reuse is done within a cluster
the frequency spectrum is divided into subbands andeach subband is used within one cell of the cluster
in heavy traffic zones cells are smaller, while in isolatedzones cells are larger
8/10/2019 Cellular Communication Ppt
6/48
Network cells (2)
8/10/2019 Cellular Communication Ppt
7/48
Types of cells macrocelltheir coverage is large (aprox. 6 miles in
diameter); used in remote areas, high-powertransmitters and receivers are used
microcelltheir coverage is small (half a mile indiameter) and are used in urban zones; low-poweredtransmitters and receivers are used to avoidinterference with cells in another clusters
picocellcovers areas such as building or a tunnel
8/10/2019 Cellular Communication Ppt
8/48
Other cellular concepts handover = moving a call from one zone (from the
transmitter-receiver from one zone) to another zonedue to subscribers mobility
roaming = allowing the subscriber to send/receivecalls outside the service providers coverage area
8/10/2019 Cellular Communication Ppt
9/48
Multiple access schemes
Frequency Division Multiple
Access
- when the subscriber entersanother cell a unique frequency isassigned to him; used in analogsystems
Time Division Multiple Access
- each subscriber is assigned a timeslot to send/receive a data burst; isused in digital systems
Code Division Multiple Access
- each subscriber is assigned a codewhich is used to multiply the signalsent or received by the subscriber
8/10/2019 Cellular Communication Ppt
10/48
The control channel this channel is used by a cellular phone to indicate its
presence before a frequency/time slot/code isallocated to him
8/10/2019 Cellular Communication Ppt
11/48
Cellular services voice communication
Short Messaging Service (SMS)
Multimedia Messaging Service (MMS) Global Positioning System (GPS)
Wireless Application Protocol (WAP)to access theInternet
8/10/2019 Cellular Communication Ppt
12/48
Cellular network components
8/10/2019 Cellular Communication Ppt
13/48
Cellular network components (2) BTS (Base Transceiver Station)main component of a
cell and it connects the subscribers to the cellularnetwork; for transmission/reception of information it
uses several antennas spread across the cell BSC (Basic Station Controller)it is an interface
between BTSs and it is linked to BTSs by cable ormicrowave links; it routes calls between BTSs; it is also
connected to the MSC MSC (Mobile Switching Center)the coordinator of a
cellular network, it is connected to several BSCs, itroutes calls between BSCs; links the cellular networkwith other networks like PSTN through fiber optics,microwave or copper cable
8/10/2019 Cellular Communication Ppt
14/48
Components of a cellular phone
(MSUMobile Subscriber Unit) radio transceiverlow power radio transmitter and
receiver
antenna, usually located inside the phone
control circuitryformats the data sent to and fromthe BTS; controls signal transmission and reception
man-machine interfaceconsists from a keypad and a
display; is managed by the control circuitry
Subscriber Identity Module (SIM)integrated circuitcard that stores the identity information of subscriber
battery, usually Li-ion, the power unit of the phone
8/10/2019 Cellular Communication Ppt
15/48
Setting up a call process when powered on, the phone does not have a frequency/
time slot/ode assigned to it yet; so it scans for the controlchannel of the BTS and picks the strongest signal
then it sends a message (including its identificationnumber) to the BTS to indicate its presence
the BTS sends an acknowledgement message back to thecell phone
the phone then registers with the BTS and informs theBTS of its exact location
after the phone is registered to the BTS, the BTS assigns achannel to the phone and the phone is ready to receive or
make calls
8/10/2019 Cellular Communication Ppt
16/48
Making a call process the subscriber dials the receivers number and sends it to
the BTS
the BTS sends to its BSC the ID, location and number of
the caller and also the number of the receiver the BSC forwards this information to its MSC
the MSC routes the call to the receivers MSC which isthen sent to the receivers BSC and then to its BTS
the communication with the receivers cell phone isestablished
8/10/2019 Cellular Communication Ppt
17/48
Receiving a call process when the receiver phone is in an idle state it listens for
the control channel of its BTS
if there is an incoming call the BSC and BTS sends a
message to the cells in the area where the receiversphone is located
the phone monitors its message and compares thenumber from the message with its own
if the numbers matches the cell phone sends anacknowledgement to the BTS
after authentication, the communication is establishedbetween the caller and the receiver
8/10/2019 Cellular Communication Ppt
18/48
Global System for Mobile
Communication (GSM)
8/10/2019 Cellular Communication Ppt
19/48
GSM characteristics previous standard in cellular communication were
restrictive
GSMglobal digital standard for cellular phones thatoffered roaming facility
first named Groupe Special Mobile and used in Europe;then usage extended to other continents
GSM operate in frequency bands: 900MHz, 1800 MHz,1900 MHz
GSM provides voice and data services
8/10/2019 Cellular Communication Ppt
20/48
Subscriber Identity Module (SIM)
card SIMa memory card (integrated circuit) holding
identity information, phone book etc.
GSM system support SIM cards
other systems, like CDMA do not support SIM cards, buthave something similar called Re-Usable IdentificationModule (RUIM)
8/10/2019 Cellular Communication Ppt
21/48
International Mobile Equipment
Identity (IMEI) key IMEIa unique 15 digit number identifying each phone,
is incorporated in the cellular phone by themanufacturer
IMEI ex.: 994456245689001 when a phone tries to access a network, the service
provider verifies its IMEI with a database of stolenphone numbers; if it is found in the database, the
service provider denies the connection the IMEI is located on a white sticker/label under the
battery, but it can also be displayed by typing *#06# onthe phone
8/10/2019 Cellular Communication Ppt
22/48
International Mobile Subscriber
Identity (IMSI) key IMSIa 15-digit unique number provided by the
service provider and incorporated in the SIM cardwhich identifies the subscriber
IMSI enables a service provider to link a phonenumber with a subscriber
first 3 digits of the IMSI are the country code
8/10/2019 Cellular Communication Ppt
23/48
Temporary Mobile Subscriber Identity
(TMSI) key TMSIis a temporary number, shorter than the IMSI,
assigned by the service provider to the phone on atemporary basis
TMSI key identifies the phone and its owner in the cellit is located; when the phone moves to a different cellit gets a new TMSI key
as TMSI keys are shorter than IMSI keys they are
more efficient to send
TMSI key are used for securing GSM networks
8/10/2019 Cellular Communication Ppt
24/48
GSM architecture
8/10/2019 Cellular Communication Ppt
25/48
Base Station Subsystem (BSS)
8/10/2019 Cellular Communication Ppt
26/48
HLR, VLR and EIR registers Home Location Register (HLR) - is a database
maintained by the service provider containingpermanent data about each subscriber (i.e. location,
activity status, account status, call forwardingpreference, caller identification preference)
Visitor Location Register (VLR)database that storestemporary data about a subscriber; it is kept in the MSC
of the of the area the subscriber is located in; when thesubscriber moves to a new area the new MSC requeststhis VLR from the HLR of the old MSC
Equipment Identity Register (EIR)database locatednear the MSC and containing information identifying cellphones
8/10/2019 Cellular Communication Ppt
27/48
Authentication Center (AuC) 1stlevel security mechanism for a GSM cellular network
is a database that stores the list of authorizedsubscribers of a GSM network
it is linked to the MSC and checks the identity of eachuser trying to connect
also provides encryption parameters to secure a callmade in the network
8/10/2019 Cellular Communication Ppt
28/48
GSM Mobile Switching Center (MSC) is a switching center of the GSM network; coordinates BSCs
linked to it
8/10/2019 Cellular Communication Ppt
29/48
GSM Channels
8/10/2019 Cellular Communication Ppt
30/48
GSM Access Scheme and Channel
Structure GSM uses FDMA and TDMA to transmit voice and data
the uplink channel between the cell phone and the BTSuses FDMA and a specific frequency band
the downlink channel between the BTS and the cellphone uses a different frequency band and the TDMAtechnique
there is sufficient frequency separation between theuplink freq. band and the downlink freq. band to avoidinterference
each uplink and downlink frequency bands is furthersplit up as Control Channel (used to set up and manage
calls) and Traffic Channel (used to carry voice)
8/10/2019 Cellular Communication Ppt
31/48
GSM uplink/downlink frequency
bands used
GSM Frequencyband
Uplink/BTS Transmit Downlink/BTS Receive
900 MHz 935-960 MHz 890-915 MHz
1800 MHz 1805-1880 MHz 1710-1785 MHz
1900 MHz 1930-1990 MHz 1850-1910 MHz
8/10/2019 Cellular Communication Ppt
32/48
GSM uplink/downlink frequency
bands uplink and downlink take place in different time slots
using TDMA
uplink and downlink channels have a bandwidth of 25MHz
these channels are further split up in a 124 carrierfrequencies (1 control channels and the rest as trafficchannels); each carrier frequency is spaced 200 KHz
apart to avoid interference
these carrier frequencies are further devided by timeusing TDMA and each time slot lasts for 0.577 ms.
8/10/2019 Cellular Communication Ppt
33/48
GSM Control Channel is used to communicate management data (setting up
calls, location) between BTS and the cell phone within aGSM cell
only data is exchanged through the control channel (novoice)
a specific frequency from the frequency band allocatedto a cell and a specific time slot are allocated for thecontrol channel (beacon frequency); a single control
channel for a cell GSM control channels can have the following types:
broadcast channel
common control channel
dedicated control channel
8/10/2019 Cellular Communication Ppt
34/48
Broadcast Channel type of control channel used for the initial synchronization
between the cell phone and the BTS
is composed from:
Frequency Correction Channel (FCCH)is composed from asequence of 148 zeros transmitted by the BTS
Synchronization Channel (SCH)follows the FCCH and containsBTS identification and location information
Broadcast Control Channel (BCCH)contains the frequency
allocation information used by cell phones to adjust theirfrequency to that of the network; is continuously broadcasted bythe BTS
8/10/2019 Cellular Communication Ppt
35/48
Common Control Channels type of control chan. used for call initiation
is composed of:
Paging Channel (PCH)the BTS uses this channel to informthe cell phone about an incoming call; the cell phoneperiodically monitors this channel
Random Access Channel (RACH)is an uplink channel used bythe cell phone to initiate a call; the cell phone uses this channelonly when required; if 2 phones try to access the RACH at thesame time, they cause interference and will wait a random timebefore they try again; once a cell phone correctly accesses theRACH, BTS send an acknowledgement
Access Grant Channel (AGCH)channel used to set up a call;once the cell phone has used PCH or RACH to receive orinitiate a call, it uses AGCH to communicate to the BTS
8/10/2019 Cellular Communication Ppt
36/48
Dedicated Control Channels control channel sed to manage calls
is comprised from:
Standalone Dedicated Control Channel (SDCCH)used alongwith SACCH to send and receive messages; relays signallinginformation
Slow Associated Control Channel (SACCH)on the downlinkBTS broadcasts messages of the beacon frequency ofneighboring cells to the cell phones; on the uplink BTS receivesacknowledgement messages from the cell phone
Fast Associated Control Channel (FACCH)used to transmitunscheduled urgent messages; FACCH is faster than SACCH as itcan carry 50 messages per second, while SACCH an caryy only4.
8/10/2019 Cellular Communication Ppt
37/48
Traffic Channel is used to carry voice data
based on the TDMA the traffic (voice channel) is dividedin 8 different time slots numbered from 0 to 7
the BTS sends signals to a particular cell phone in aspecific time slot (from those 8 time slots) and the cellphone replies in a different time slot
8/10/2019 Cellular Communication Ppt
38/48
GSM Call Processing
8/10/2019 Cellular Communication Ppt
39/48
Initializing a call1. when the cell phone is turned on it scans all the available frequencies forthe control channel
2. all the BTS in the area transmit the FCCH, SCH and BCCH that contain theBTS identification and location
3. out of available beacon frequencies from the neighboring BTSs, the cell
phone chooses the strongest signal4. based on the FCCH of the strongest signal, the cell phone tunes itself to the
frequency of the network
5. the phone send a registration request to the BTS
6. the BTS sends this registration request to the MSC via the BSC
7. the MSC queries the AUC and EIR databases and based on the reply itauthenticates the cell phone
8. the MSC also queries the HLR and VLR databases to check whether the cellis in its home area or outside
9. if the cell phone is in its home area the MSC gets all the necessaryinformation from the HLR if it is not in its home area, the VLR gets the
information from the corresponding HLR via MSCs10. then the cell phone is ready to receive or make calls.
8/10/2019 Cellular Communication Ppt
40/48
Initializing a call (2)
8/10/2019 Cellular Communication Ppt
41/48
Making a call1. when thee phone needs to make a call it sends an access request(containing phone identification, number) using RACH to the BTS; ifanother cell phone tries to send an access request at the same timethe messages might get corrupted, in this case both cell phones
wait a random time interval before trying to send again2. then the BTS authenticates the cell phone and sends an
acknowledgement to the cell phone
3. the BTS assigns a specific voice channel and time slot to the cellphone and transmits the cell phone request to the MSC via BSC
4. the MSC queries HLR and VLR and based on the informationobtained it routes the call to the receivers BSC and BTS
5. the cell phone uses the voice channel and time slot assigned to it bythe BTS to communicate with the receiver
8/10/2019 Cellular Communication Ppt
42/48
Making a call (2)
8/10/2019 Cellular Communication Ppt
43/48
Receiving a call1. when a request to deliver a call is made in the network, the MSC orthe receivers home area queries the HLR; if the cell phone islocated in its home area the call is transferred to the receiver; if thecell phone is located outside its home area, the HLR maintains arecord of the VLR attached to the cell phone
2. based on this record, the MSC notes the location of the VLR andindicated the corresponding BSC about the incoming call
3. the BSC routes the call to the particular BTS which uses the pagingchannel to alert the phone
4. the receiver cell phone monitors the paging channel periodically andonce it receives the call alert from the BTS it responds to the BTS
5. the BTS communicates a channel and a time slot for the cell phoneto communicate
6. now the call is established
8/10/2019 Cellular Communication Ppt
44/48
Receiving a call (2)
8/10/2019 Cellular Communication Ppt
45/48
GSM Security Personal Identification Number (PIN)
User Authentication
TMSI-based Security
8/10/2019 Cellular Communication Ppt
46/48
Personal Identification Number (PIN) the PIN is stored on the SIM card of the cell phone
when the cell phone is turned on, the SIM checks thePIN; in case of 3 consecutive faulty PIN inputs a PUK
(Personal Unblocking Key) is asked for in case of 10 faulty PUK inputs, the SIM is locked and
the subscriber must ask a new SIM
this security measure is within the cell phone and the
service provider is not involved
8/10/2019 Cellular Communication Ppt
47/48
User Authentication a mechanism for encrypting messages in a GSM
network
the network sends random data to the cell phone(RAND)
each cell phone is allocated a secret key (KI)
using RAND and KI and the A3 encryption algorithm thecell phone generates a signed result (SRES) which isthen sent to the network
a similar process takes place in the network whichgenerates a signed result specific to the cell phone
the network compares its SRES with the SRESgenerated by the phone and in case of a match the cell
phone is connected to the network
8/10/2019 Cellular Communication Ppt
48/48
TMSI-Key Based Security is most used in a GSM cellular network a TMSI key provides a temporary identification to a cell
phone and is provided by the network upon
authentication a TMSI key keeps changing according to the location of
the cell phone this way preventing unauthorized accessto a channel and preventing intruder from tracinglocation
the mapping between IMSI and TMSI keys is handled bythe VLR
ISMI are used only when the SIM is used for the firsttime