GSM

From Wikipedia, the free encyclopedia

For other uses, see GSM (disambiguation).

The GSM logo is used to identify compatible handsets and equipment

GSM (Global System for Mobile Communications, originally Groupe Spcial Mobile), is a standard set developed by the European Telecommunications Standards Institute (ETSI) to describe technologies for second generation (2G) digital cellular networks. Developed as a replacement for first generation (1G) analog cellular networks, the GSM standard originally described a digital, circuit switched network optimized for full duplex voice telephony. The standard was expanded over time to include first circuit switched data transport, then packet data transport via GPRS(General Packet Radio Services). Packet data transmission speeds were later increased via EDGE (Enhanced Data rates for GSM Evolution) referred as EGPRS. The GSM standard is more improved after the development of third generation (3G) UMTS standard developed by the 3GPP. GSM networks will evolve further as they begin to incorporate fourth generation (4G) LTE Advanced standards. "GSM" is a trademark owned by the GSM Association.
Contents
[hide]

o o o o o o o

1 History 2 Technical details 2.1 GSM carrier frequencies 2.2 Voice codecs 2.3 Network structure 2.4 Subscriber Identity Module (SIM) 2.5 Phone locking 2.6 GSM service security 3 Standards information 4 GSM open-source software 4.1 Issues with patents and open source

5 See also 6 References 7 Further reading

8 External links

[edit]History

Early European analog cellular networks employed an uncoordinated mix of technologies and protocols that varied from country to country, preventing interoperability of subscriber equipment and increasing complexity for equipment manufacturers who had to contend with varying standards from a fragmented market. The work to develop a European standard for digital cellular voice telephony began in 1982 when the European Conference of Postal and Telecommunications Administrations (CEPT) created the Groupe Spcial Mobile committee and provided a permanent group of technical support personnel, based in Paris. In 1987, 15 representatives from 13 European countries signed a memorandum of understanding to develop and deploy a common cellular telephone system across Europe. The foresight of deciding to develop a continental standard paid off, eventually resulting in a unified, open, standard-based network larger than that in the United States. [1][2]
[3][4]

France and Germany signed a joint development agreement in 1984 and were joined by Italy and the UK in 1986. In 1986 the European Commission proposed to reserve the 900 MHz spectrum band for GSM. By 1987, basic parameters of the GSM standard had been agreed upon and 15 representatives from 13 European nations signed a memorandum of understanding in Copenhagen, committing to deploy GSM. In 1989, the Groupe Spcial Mobile committee was transferred from CEPT to the European Telecommunications Standards Institute (ETSI).[3] Phase I of the GSM specifications were published in 1990. The historic world's first GSM call was made by the Finnish prime minister Harri Holkeri to Kaarina Suonio (mayor in city of Tampere) on 1 July 1991. The first network was built by Telenokia and Siemens and operated by Radiolinja.[5] In 1992, the first short messaging service (SMS or "text message") message was sent and Vodafone UK and Telecom Finland signed the first international roaming agreement. Work had begun in 1991 to expand the GSM standard to the 1800 MHz frequency band and the first 1800 MHz network became operational in the UK in 1993. Also in 1993, Telecom Australia became the first network operator to deploy a GSM network outside of Europe and the first practical hand-held GSM mobile phone became available. In 1995, fax, data and SMS messaging services became commercially operational, the first 1900 MHz GSM network in the world became operational in the United States and GSM subscribers worldwide exceeded 10 million. In this same year, the GSM Association was formed. Pre-paid GSM SIM cards were launched in 1996 and worldwide GSM subscribers passed 100 million in 1998.[3]

In 2000, the first commercial GPRS services were launched and the first GPRS compatible handsets became available for sale. In 2001 the first UMTS (W-CDMA) network was launched and worldwide GSM subscribers exceeded 500 million. In 2002 the first multimedia messaging services (MMS) were introduced and the first GSM network in the 800 MHz frequency band became operational. EDGE services first became operational in a network in 2003 and the number of worldwide GSM subscribers exceeded 1 billion in 2004.[3] By 2005, GSM networks accounted for more than 75% of the worldwide cellular network market, serving 1.5 billion subscribers. In 2005, the first HSDPA capable network also became operational. The first HSUPA network was launched in 2007 and worldwide GSM subscribers exceeded two billion in 2008.[3] The GSM Association estimates that technologies defined in the GSM standard serve 80% of the global mobile market, encompassing more than 5 billion people across more than 212 countries and territories, making GSM the most ubiquitous of the many standards for cellular networks.[6] Macau decided to fade out GSM network in July 2012 (only roaming service is kept), making it the first region to decommission GSM network.[7]
[edit]Technical

details

GSM cell site antennas in the Deutsches Museum, Munich, Germany

GSM is a cellular network, which means that cell phones connect to it by searching for cells in the immediate vicinity. There are five different cell sizes in a GSM networkmacro, micro, pico, femto and umbrella cells. The coverage area of each cell varies according to the implementation environment. Macro cells can be regarded as cells where the base station antenna is installed on a mast or a building above average roof top level. Micro cells are cells whose antenna height is under average roof top level; they are typically used in urban areas.

Picocells are small cells whose coverage diameter is a few dozen metres; they are mainly used indoors. Femtocells are cells designed for use in residential or small business environments and connect to the service providers network via a broadband internet connection. Umbrella cells are used to cover shadowed regions of smaller cells and fill in gaps in coverage between those cells. Cell horizontal radius varies depending on antenna height, antenna gain and propagation conditions from a couple of hundred metres to several tens of kilometres. The longest distance the GSM specification supports in practical use is 35 kilometres (22 mi). There are also several implementations of the concept of an extended cell,[8] where the cell radius could be double or even more, depending on the antenna system, the type of terrain and the timing advance. Indoor coverage is also supported by GSM and may be achieved by using an indoor picocell base station, or an indoor repeater with distributed indoor antennas fed through power splitters, to deliver the radio signals from an antenna outdoors to the separate indoor distributed antenna system. These are typically deployed when a lot of call capacity is needed indoors; for example, in shopping centers or airports. However, this is not a prerequisite, since indoor coverage is also provided by in-building penetration of the radio signals from any nearby cell. The modulation used in GSM is Gaussian minimum-shift keying (GMSK), a kind of continuous-phase frequency shift keying. In GMSK, the signal to be modulated onto the carrier is first smoothed with a Gaussian low-pass filter prior to being fed to a frequency modulator, which greatly reduces the interference to neighboring channels (adjacent-channel interference).
[edit]GSM

carrier frequencies

Main article: GSM frequency bands GSM networks operate in a number of different carrier frequency ranges (separated into GSM frequency ranges for 2G and UMTS frequency bands for 3G), with most 2G GSM networks operating in the 900 MHz or 1800 MHz bands. Where these bands were already allocated, the 850 MHz and 1900 MHz bands were used instead (for example in Canada and the United States). In rare cases the 400 and 450 MHz frequency bands are assigned in some countries because they were previously used for first-generation systems. Most 3G networks in Europe operate in the 2100 MHz frequency band. Regardless of the frequency selected by an operator, it is divided into timeslots for individual phones to use. This allows eight full-rate or sixteen half-rate speech channels per radio frequency. These eight radio timeslots (or eight burst periods) are grouped into a TDMA frame. Half rate channels use alternate frames in the same timeslot. The channel data rate for all 8 channels is 270.833 kbit/s, and the frame duration is 4.615 ms. The transmission power in the handset is limited to a maximum of 2 watts in GSM850/900 and 1 watt in GSM1800/1900.

[edit]Voice

codecs

GSM has used a variety of voice codecs to squeeze 3.1 kHz audio into between 6.5 and 13 kbit/s. Originally, two codecs, named after the types of data channel they were allocated, were used, called Half Rate (6.5 kbit/s) and Full Rate (13 kbit/s). These used a system based upon linear predictive coding (LPC). In addition to being efficient with bitrates, these codecs also made it easier to identify more important parts of the audio, allowing the air interface layer to prioritize and better protect these parts of the signal. GSM was further enhanced in 1997[9] with the Enhanced Full Rate (EFR) codec, a 12.2 kbit/s codec that uses a full rate channel. Finally, with the development of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband, which is high quality and robust against interference when used on full rate channels, and less robust but still relatively high quality when used in good radio conditions on half-rate channels.
[edit]Network

structure

The structure of a GSM network

The network is structured into a number of discrete sections:

The Base Station Subsystem (the base stations and their controllers). The Network and Switching Subsystem (the part of the network most similar to a fixed network). This is

sometimes also just called the core network.

The GPRS Core Network (the optional part which allows packet based Internet connections). The Operations support system (OSS) for maintenance of the network.

[edit]Subscriber

Identity Module (SIM)

Main article: Subscriber Identity Module

One of the key features of GSM is the Subscriber Identity Module, commonly known as a SIM card. The SIM is a detachable smart card containing the user's subscription information and phone book. This allows the user to retain his or her information after switching handsets. Alternatively, the user can also change operators while retaining the handset simply by changing the SIM. Some operators will block this by allowing the phone to use only a single SIM, or only a SIM issued by them; this practice is known as SIM locking.
[edit]Phone

locking

Main article: SIM lock Sometimes mobile network operators restrict handsets that they sell for use with their own network. This is called locking and is implemented by a software feature of the phone. Because the purchase price of the mobile phone to the consumer may be subsidized with revenue from subscriptions, operators must recoup this investment before a subscriber terminates service. A subscriber may usually contact the provider to remove the lock for a fee, utilize private services to remove the lock, or make use of free or fee-based software and websites to unlock the handset themselves. In some countries (e.g., Bangladesh, Brazil, Chile, Hong Kong, India, Lebanon, Malaysia, Pakistan, Singapore) all phones are sold unlocked. In others (e.g., Finland, Singapore) it is unlawful for operators to offer any form of subsidy on a phone's price. [10]
[edit]GSM

service security

See also: UMTS security GSM was designed with a moderate level of service security. The system was designed to authenticate the subscriber using a pre-shared key and challenge-response. Communications between the subscriber and the base station can be encrypted. The development of UMTS introduces an optional Universal Subscriber Identity Module (USIM), that uses a longer authentication key to give greater security, as well as mutually authenticating the network and the user whereas GSM only authenticates the user to the network (and not vice versa). The security model therefore offers confidentiality and authentication, but limited authorization capabilities, and no non-repudiation. GSM uses several cryptographic algorithms for security. The A5/1, A5/2 and A5/3 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in real-time with a ciphertext-only attack, and in January 2007, The Hacker's Choice started the A5/1 cracking project with plans to use FPGAs that allow A5/1 to be broken with a rainbow table attack.[11]The system supports multiple algorithms so operators may replace that cipher with a stronger one.

On 28 December 2009 German computer engineer Karsten Nohl announced that he had cracked the A5/1 cipher.[12] According to Nohl, he developed a number of rainbow tables (static values which reduce the time needed to carry out an attack) and have found new sources for known plaintext attacks. He also said that it is possible to build "a full GSM interceptor ... from open source components" but that they had not done so because of legal concerns.[13] An update by Nancy Owano on 27 Dec 2011 on PhysOrg.com quotes Nohl as a "security expert", and details these concerns: Nohl said that he was able to intercept voice and text conversations by impersonating another user to listen to their voice mails or make calls or send text messages. Even more troubling was that he was able to pull this off using a seven-year-old Motorola cellphone and decryption software available free off the Internet. [14] GSM was also mentioned in a Reuters story "Hackers say to publish emails stolen from Stratfor" on Yahoo! News.[15] New attacks have been observed that take advantage of poor security implementations, architecture and development for smart phone applications. Some wiretapping and eavesdropping techniques hijack[16] the audio input and output providing an opportunity for a 3rd party to listen in to the conversation. At present such attacks often come in the form of a Trojan, malware or a virus and might be detected by security software. [citation needed]
[original research?]

GSM uses General Packet Radio Service (GPRS) for data transmissions like browsing the web. The most commonly deployed GPRS ciphers were publicly broken in 2011, and the evidence indicates that they were once again intentionally left weak by the mobile industry designers.[17] The researchers revealed flaws in the commonly used GEA/1 and GEA/2 ciphers and published the open source "gprsdecode" software for sniffing GPRS networks. They also noted that some carriers don't encrypt the data at all (i.e. using GEA/0) in order to detect the use of traffic or protocols they don't like, e.g. Skype, leaving their customers unprotected. GEA/3 seems to remain relatively hard to break and is said to be in use on some more modern networks. If used with USIM to prevent connections to fake base stations and downgrade attacks, users will be protected in the medium term, though migration to 128-bit GEA/4 is still recommended. Since GEA/0, GEA/1 and GEA/2 are widely deployed, applications should use SSL/TLS for sensitive data, as they would on wi-fi networks.
[edit]Standards

information

The GSM systems and services are described in a set of standards governed by ETSI, where a full list is maintained.[18]
[edit]GSM

open-source software

Several open-source software projects exist that provide certain GSM features:

gsmd daemon by Openmoko[19] OpenBTS develops a Base transceiver station The GSM Software Project aims to build a GSM analyzer for less than $1000[20] OsmocomBB developers intend to replace the proprietary baseband GSM stack with a free software

implementation[21]
[edit]Issues

with patents and open source

Patents remain a problem for any open-source GSM implementation, because it is not possible for GNU or any other free software distributor to guarantee immunity from all lawsuits by the patent holders against the users. Furthermore new features are being added to the standard all the time which means they have patent protection for a number of years.[citation needed] The original GSM implementations from 1991 are now entirely free of patent encumbrances and it is expected that OpenBTS will be able to implement features of that initial specification without limit and that as patents subsequently expire, those features can be added into the open source version. As of 2011, there have been no law suits against users of OpenBTS over GSM use.[citation needed]

Global System for Mobile Communications (GSM)

Services and Architecture
If your work involves (or is likely to involve) some form of wireless public communications, you are likely to encounter the GSM standards. Initially developed to support a standardized approach to digital cellular communications in Europe, the "Global System for Mobile Communications" (GSM) protocols are rapidly being adopted to the next generation of wireless telecommunications systems, Personal Communication Systems (PCS) and global Low Earth Orbit (LEO) satellite communication systems. In the US, its main competition appears to be the cellular TDMA systems based on the IS-54 standards. Since the GSM systems consist of a wide range of components, standards, and protocols. The GSM and its companion standard DCS1800 (for the UK, where the 900 MHz frequencies are not available for GSM) have been developed over the last decade to allow cellular communications systems to move beyond the limitations posed by the older analog systems. Analog system capacities are

being stressed with more users that can be effectively supported by the available frequency allocations. Compatibility between types of systems had been limited, if non-existent. By using digital encoding techniques, more users can share the same frequencies than had been available in the analog systems. As compared to the digital cellular systems in the US (CDMA [IS-95] and TDMA [IS-54]), the GSM market has had impressive success. Estimates of the numbers of telephones run from 7.5 million GSM phones to .5 million IS54 phones to .3 million for IS95. GSM has gained in acceptance from its initial beginnings in Europe to other parts of the world including Australia, New Zealand, countries in the Middle East and the far east. Beyond its use in cellular frequencies (900 MHz for GSM, 1800 MHz for DCS1800), portions of the GSM signaling protocols are finding their way into the newly developing PCS and LEO Satellite communications systems. While the frequencies and link characteristics of these systems differ from the standard GSM air interface, all of these systems must deal with users roaming from one cell (or satellite beam) to another, and bridge services to public communication networks including the Public Switched Telephone Network (PSTN), and public data networks (PDN).

Digital Transmission Enables Delivery of a Rich Set of Services

As a digital network that has many parallels to the Integrated Services Digital Network (ISDN), GSM offers a rich set of services that include voice, circuit switched data, packet data, and fax, all of which are afforded a level of privacy not available through the analog cellular networks. To remain consistent with existing cellular and PSTN systems, GSM also supports a range of supplementary services, such as call barring, call forwarding, call waiting, and advice of charge. The ability to provide these services introduces a new level of complexity. With all information being transferred over the air interface at 13 kbps transcoding schemes and format translation services must be provided by the GSM network components. Voice information is digitized using the Regular Pulse Excitation-Long Term Prediction algorithm that removes enough redundancy from the voice signal to transmit it over the 13 kbps channel; this is translated to PCM and ADPCM by the GSM switching network for transmission over the PSTN. Mobility also presents a unique set of challenges; users may roam into areas supported by other carriers. Algorithms and protocols have been designed to locate users and handle charging while users are visiting areas away from home. Data formats and control signals are transferred between the switching systems and mobile subscriber equipment.

An additional benefit of digital transmission is security. Where the analog systems are able to provide extremely limited protection against eavesdropping and false call origination, GSM has features to address each of these. Users can be authenticated on the basis of information contained in their SIM. The radio path is also encrypted to provide additional confidentiality.

Several Components Must Communicate Within the System

The GSM architecture includes several subsystems:

the Mobile Station (MS) -- These digital telephones include vehicle, portable and hand-held terminals. A device called the Subscriber Identity Module (SIM) that is basically a smart-card provides custom information about users such as the services they've subscribed to and their identification in the network the Base Station Sub-System (BSS) -- The BSS is the collection of devices that support the switching networks radio interface. Major components of the BSS include the Base Transceiver Station (BTS) that consists of the radio modems and antenna equipment, and the Base Station Controller (BSC) that manages the radio activities of several BTS and connects to a single NSS. In OSI terms, the BTS provides the physical interface to the MS where the BSC is responsible for the link layer services to the MS. Logically the transcoding equipment is in the BTS, however, an additional component, the Transcoder/Rate Adapter Unit (TRAU) can also provide signal transcoding services. the Network and Switching Sub-System (NSS) -- The NSS provides the switching between the GSM subsystem and external networks along with the databases used for additional subscriber and mobility management. Major components in the NSS include the Mobile Services Switching Center (MSC), Home and Visiting Location Registers (HLR, VLR). The HLR and VLR databases are interconnected through the telecomm standard Signaling System 7 (SS7) control network. the Operation Sub-System (OSS) -- The OSS provides the support functions responsible for the management of network maintenance and services. Components of the OSS are responsible for network operation and maintenance, mobile equipment management, and subscription management and charging.

Figure 1 - Major GSM Components

Layered Protocols Include Both New (Air Interface) and Old (SS7) Components
As one might suspect, this collection of components and services requires the use of several protocols to control calls, transfer information, and provide overall system management. From the perspective of the MS, there are four layers for communication:

the RF interface to the BTS the radio resource management (RR) layer to the BSC mobility management (MM) communications management (CM) to the MSC VLR

Additional protocols are used to provide control services that are managed between the system switching and management components. The transmission channel between the MS and the BTS is the one component that is unique to GSM cellular networks, modified to operate on different frequencies in the case of PCS and replaced in its entirety in the case of

satellite communications systems. The interface between the MS and the BTS consists of a frequency-hopped TDMA channel that is divided in several subchannels, some of which are used for the transmission of user information, the remainder of which are used by the assorted control protocols. To increase battery life and to decrease interference between stations operating in adjacent cell-sites, both the MS and the BTS transmitters automatically adapt their transmission power. Several channels are used in the air interface:

FCCH - the frequency correction channel - provides frequency synchronization information in a burst SCH - Synchronization Channel - shortly following the FCCH burst (8 bits later), provides a reference to all slots on a given frequency PAGCH - Paging and Access Grant Channel used for the transmission of paging information requesting the setup of a call to a MS. RACH - Random Access Channel - an inbound channel used by the MS to request connections from the ground network. Since this is used for the first access attempt by users of the network, a random access scheme is used to aid in avoiding collisions. CBCH - Cell Broadcast Channel - used for infrequent transmission of broadcasts by the ground network. BCCH - Broadcast Control Channel - provides access status information to the MS. The information provided on this channel is used by the MS to determine whether or not to request a transition to a new cell FACCH - Fast Associated Control Channel for the control of handovers TCH/F - Traffic Channel, Full Rate for speech at 13 kbps or data at 12, 6, or 3.6 kbps TCH/H - Traffic Channel, Half Rate for speech at 7 kbps, or data at 6 or 3.6 kbps

Slow frequency hopping is employed on the traffic channels that are centered at 200 kHz intervals between 890 and 915 MHz and 935 and 960 MHz. Through slow frequency hopping, frequency diversity is obtained thereby improving the overall signal quality by not dwelling on noisy channels. Each transmission burst is completed prior to switching frequencies. The radio resource (RR) protocols are responsible for the allocation and reallocation of traffic channels between the MS and the BTS. These services include controlling the initial access to the system, paging for Mobile terminated calls, handover of calls between cell sites, power control, and call termination. The RR protocols provide the procedures for the use, allocation, reallocation, and release of the GSM channels.

Mobility Management
One of the major features used in all classes of GSM networks (cellular, PCS and Satellite) is the ability to support roaming users. Through the control signaling network, the MSCs interact to locate and connect to users throughout the network. "Location Registers" are included in the MSC databases to assist in the role of determining how, and whether connections are to be made to roaming users. Each user of a GSM MS is assigned a Home Location Register (HLR) that is used to contain the user's location and subscribed services. A separate register, the Visitor Location Register (VLR) is used to track the location of a user. As the users roam out of the area covered by the HLR, the MS notifies a new VLR of its whereabouts. The VLR in turn uses the control network (that happens to be based on SS7) to signal the HLR of the MS's new location. Through this information, mobile terminated (MT) calls can be routed to the user by the location information contained in the user's HLR.

Communication Management Features Support Call Control and Supplementary Services

The communication management layer provides three primary classes of services, call control, supplementary services, and the short message service. Call control services are responsible for routing the calls, determining who is responsible for the call charges, and the organization that is to receive payment. Supplementary services include call forwarding, barring, and passwords for security. Finally, the communication management layer includes services to handle short message services, that are more efficiently handled through packet oriented transfers than the traditional circuit switched connections supported by the mainstream GSM system.

Source Encoding and Interwork Functions Support Interoperability With Public Networks
With a data transfer rate that is unique to GSM and too limited to send the typical 8 kHz sampling of the 3 kHz spectrum, functions are included in the system to transcode voice signals into narrowband digital information. In addition, data services that support interoperability with standard modems are provided so that mobile users can communicate with users connected to the public networks. Voice services are compressed for transmission over the air interface and converted to either PCM or ADPCM formats for transmission over the synchronous network. Circuit switched data and fax information is

transmitted over the GSM network in a digital form and converted to the appropriate modulation schemes for communication with existing systems. Packet data is supported through use of the GSM circuits providing access to terrestrial hub equipment. As the growth of wireless communications continues, the use and range of services addressed by GSM are likely to grow. Interoperability between PCS, cellular, and satellite systems can be more readily accomplished. Many of the LEO satellite systems are proposing the development of dual GSM/LEO terminals that can provide users with ubiquitous coverage. With the current activity in distribution of the PCS frequencies for major US markets, GSM will become a major force in the US telecomm market. By providing a standard for wireless communication that has been accepted in many areas of the world, users benefit from the ability to be reached regardless of their location.

The IMEI number

The GSM IMEI (International Mobile Equipment Identity) numbering system is a 15 digit unqiue code that is used to identify the GSM/DCS/PCS phone to a GSM/DCS/PCS network. When a phone is switched on, its unqiue IMEI number is transmitted and checked against a database of blacklisted or greylisted phones in the network's EIR (Equipment ID Register). This EIR determines whether the phone can log onto the network to initiate and receive calls. You can display your phone's IMEI number by typing *#06# on the keypad. This code works on most phones. If the EIR and IMEI numbers match, the networks can do a number of things. They can for example greylist or blacklist a phone:

Greylisting will allow the phone to be used, but it can be tracked to see who has it (via the SIM info). Blacklisting bars the phone from being used on any network where there is an EIR match.