1.

INTRODUCTION
The Global System for Mobile communications (GSM) is the world’s dominant wireless
technology. This is a world-wide standard for digital cellular telephony, or as most people know
them Digital Mobile Telephones. GSM was created by the Europeans, and originally meant
"Groupe Special Mobile", but this didn't translate well, so the now common more globally
appealing name was adopted. GSM is a published standard by ETSI, and has now enjoys
widespread implementation in Europe, Asia, and increasingly America.

There are many arguments about the relative merits of analogue versus digital, but for my
mind it comes down to this: Analogue sounds better and goes further, Digital doesn't sound as
good, but does a whole lot more. Check out the links page for sites that have some good
discussion on the Digital versus Analog debate. Examples of what digital can do that analogue
doesn't are fax send & receive, data calls, and messaging.

Throughout the evolution of cellular telecommunications, various systems have been

developed without the benefit of standardized specifications. This presented many problems
directly related to compatibility, especially with the development of digital radio technology. The
GSM standard is intended to address these problems. From 1982 to 1985 discussions were held
to decide between building an analog or digital system. After multiple field tests, a digital system
was adopted for GSM. The next task was to decide between a narrow or broadband solution. In
May 1987, the narrowband time division multiple access (TDMA) solution was chosen.

1|Page
 2. HISTORY
The idea of the first cellular network was brainstormed in 1947. It was intended to be used
for military purposes as a way of supplying troops with more advanced forms of
communications. From 1947 till about 1979 several different forms of broadcasting technology
emerged. The United States began to develop the AMPS (Advanced Mobile Phone Service)
network, while European countries were developing their own forms of communication.

But the Europeans quickly realized the disadvantages of each European country operating on
their mobile network. It prevents cell phone use from country to country within Europe. With the
emerging European Union and high travel volume between countries in Europe this was seen as
a problem. Rectifying the situation the Conference of European Posts and Telegraphs (CEPT)
assembled a research group with intentions of researching the mobile phone system in Europe.
This group was called Group Spécial Mobile (GSM).

For the next ten years the GSM group outlined standards, researched technology and
designed a way to implement a pan-European mobile phone network. In 1989 work done by the
GSM group was transferred to the European Telecommunication Standards Institute (ETSI). The
name GSM was transposed to name the type of service invented. The acronym GSM had been
changed from Group Spécial Mobile to Global Systems Mobile Telecommunications.

By April of 1991 commercial service of the GSM network had begun. Just a year and half
later in 1993 there were already 36 GSM networks in over 22 countries. Several other countries
were on the rise to adopt this new mobile phone network and participate in what was becoming a
worldwide standard. At the same time, GSM also became widely used in the Middle East, South
Africa and Australia.

While the European Union had developed a sophisticated digital cell phone system, the
United States was still operating primarily on the old, analog AMPS network and TDMA. In the
end of October 2001, Cingular was the first to announce their switch to the 3G GSM network.
This involved switching more then 22 million customers from TDMA to GSM. In 2005 Cingular
stopped new phone activation on the TDMA network and began only selling GSM service.

Most of the world external to the United States uses GSM technology. However, operate on
different frequencies then the United States GSM phones. There are five major GSM frequencies
that have become standard worldwide. They include GSM-900, GSM-1800, GSM-850, GSM-
1900 and GSM-400.

GSM-900 and GSM-1800 are standards used mostly worldwide. It is the frequency European
phones operate on as well as most of Asia and Australia. GSM-850 and GSM-1900 are primarily
United States frequencies. They are also the standard for Canada GSM service and countries in
Latin and South America. GSM-400 is the least popular of the bunch and is rarely used. It is an
older frequency that was used in Russia and Europe before GSM-900 and GSM-1800 became
available. There is not many networks currently operating at this frequency.

2|Page
 3. GSM NETWORK ARCHITECTURE
A GSM network is composed of several functional entities, whose functions and
interfaces are specified. Figure 1 below shows the layout of a generic GSM network.

Fig.1. General Architecture of a GSM Network

The GSM network can be divided into three broad parts. The Mobile Station is carried by
the subscriber. The Base Station Subsystem controls the radio link with the Mobile Station. The
Network Subsystem, the main part of which is the Mobile services Switching Center (MSC),
performs the switching of calls between the mobile users, and between mobile and fixed network
users. The Mobile Station and the Base Station Subsystem communicate across the Um interface,
also known as the air interface or radio link. The Base Station Subsystem communicates with the
Mobile services Switching Center across the A interface.

3.1. MOBILE STATION

The mobile station (MS) consists of the mobile equipment (the terminal) and a smart card
called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the
user can have access to subscribed services irrespective of a specific terminal. By inserting the
SIM card into another GSM terminal, the user is able to receive calls at that terminal, make calls
from that terminal, and receive other subscribed services.

The mobile equipment is uniquely identified by the International Mobile Equipment

Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI) used
to identify the subscriber to the system, a secret key for authentication, and other information.
The IMEI and the IMSI are independent, thereby allowing personal mobility. The SIM card may
be protected against unauthorized use by a password or personal identity number.

3|Page
 The Mobile Station and the Base Tranceiver Station communicate across the air interface,
Um. This interface uses LAPDm protocol for signaling, to conduct call control, measurement
reporting, Handover, Power control, Authentication, Authorization, Location Update and so on.
Traffic and Signaling are sent in bursts of 0.577 ms at intervals of 4.615 ms, to form data blocks
each 20 ms.

3.2. BASE STATION SUBSYSTEM

The Base Station Subsystem (BSS) is the section of a traditional cellular telephone network
which is responsible for handling traffic and signaling between a mobile phone and the Network
Switching Subsystem. The BSS carries out the transcoding of speech channels, allocation of
radio channels to mobile phones, paging, quality management of transmission and reception over
the air interface and many other tasks related to the radio network. The Base Station Subsystem
is composed of two parts, the Base Transceiver Station (BTS) and the Base Station Controller
(BSC). These communicate across the standardized Abis interface. The Abis interface is
generally carried by a DS-1, ES-1, or E1 TDM circuit. Uses TDM subchannels for traffic (TCH),
LAPD protocol for BTS supervision and telecom signaling, and carries synchronization from the
BSC to the BTS and MS. The Base Station Control and the Message Switching Center
communicate across the A interface. It is used for carrying Traffic channels and the BSSAP user
part of the SS7 stack. Although there are usually transcoding units between BSC and MSC, the
signaling communication takes place between these two ending points and the transcoder unit
doesn't touch the SS7 information, only the voice or CS data are transcoded or rate adapted.

3.2.1 BASE TRANSCEIVER STATION

The Base Transceiver Station, or BTS, contains the equipment for transmitting and receiving
of radio signals (transceivers), antennas, and equipment for encrypting and decrypting
communications with the Base Station Controller (BSC). Typically a BTS will have several
transceivers (TRXs) which allow it to serve several different frequencies and different sectors of
the cell. The BTSs are equipped with radios that are able to modulate layer 1 of interface Um; for
GSM 2G+ the modulation type is GMSK, while for EDGE-enabled networks it is GMSK and 8-
PSK.

A TRX transmits and receives according to the GSM standards, which specify eight TDMA
timeslots per radio frequency. A TRX may lose some of this capacity as some information is
required to be broadcast to handsets in the area that the BTS serves. This information allows the
handsets to identify the network and gain access to it. This signaling makes use of a channel
known as the BCCH (Broadcast Control Channel).

3.2.2 BASE STATION CONTROL

The Base Station Controller (BSC) provides, classically, the intelligence behind the BTSs. It
provides all the control functions and physical links between the MSC and BTS. The BSC
provides functions such as handover, cell configuration data, and control of radio frequency (RF)
power levels in Base Transceiver Stations. A key function of the BSC is to act as a concentrator

4|Page
where many different low capacity connections to BTSs become reduced to a smaller number of
connections towards the Mobile Switching Center (MSC).

3.3. NETWORK SWITCHING SUBSYTEM

The first subsystem of the GSM Network is the Network Switching Subsystem (NSS).
Network Switching Subsystem, or NSS, is the component of a GSM system that carries out
switching functions and manages the communications between mobile phones and the Public
Switched Telephone Network. It is also responsible for the subscriber data handling, charging
and control of calls. It is owned and deployed by mobile phone operators and allows mobile
phones to communicate with each other and telephones in the wider telecommunications
network. The architecture closely resembles a telephone exchange, but there are additional
functions which are needed because the phones are not fixed in one location.

The Network Switching Subsystem, also referred to as the GSM core network, usually
refers to the circuit-switched core network, used for traditional GSM services such as voice calls,
SMS, and Circuit Switched Data calls. There is also an overlay architecture on the GSM core
network to provide packet-switched data services and is known as the GPRS core network. This
allows mobile phones to have access to services such as WAP, MMS, and Internet access.

All mobile phones manufactured today have both circuit and packet based services, so
most operators have a GPRS network in addition to the standard GSM core network.

3.3.1 MESSAGE SWITCHING CENTER

The central component of the Network Subsystem is the Mobile services Switching
Center (MSC). It acts like a normal switching node of the Public Switched Telephone Network
(PSTN) or International Switched Data Network (ISDN), and additionally provides all the
functionality needed to handle a mobile subscriber, such as registration, authentication, location
updating, handovers, and call routing to a roaming subscriber. The MSC provides the connection
to the fixed networks (such as the PSTN or ISDN). Signaling between functional entities in the
Network Subsystem uses Signaling System Number 7 (SS7), used for trunk signaling in ISDN
and widely used in current public networks. The Signaling System Number 7 will be discussed in
Section 4.

3.3.2 HOME LOCATION REGISTER

The Home Location Register or HLR is a central database that contains details of each
mobile phone subscriber that is authorized to use the GSM core network. There is one logical
HLR per PLMN, although there may be multiple physical platforms.

The HLR stores details of every SIM card issued by the mobile phone operator. Each SIM has a
unique identifier called an IMSI which is the primary key to each HLR record. The next
important items of data associated with the SIM are the MSISDNs, which are the telephone
numbers used by mobile phones to make and receive calls. The primary MSISDN is the number
used for making and receiving voice calls and SMS, but it is possible for a SIM to have other

5|Page
secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a primary
key to the HLR record.

3.3.3 VISITOR LOCATION REGISTER

The Visitor Location Register or VLR is a temporary database of the subscribers who
have roamed into the particular area which it serves. Each Base Station in the network is served
by exactly one VLR; hence a subscriber cannot be present in more than one VLR at a time.

The data stored in the VLR has either been received from the HLR, or collected from the
MS. In practice, for performance reasons, most vendors integrate the VLR directly to the V-MSC
and, where this is not done, the VLR is very tightly linked with the MSC via a proprietary
interface.

3.3.4 EQUIPMENT IDENTITY REGISTER

The EIR (Equipment Identity Register) is often integrated to the HLR. The EIR keeps a
list of mobile phones through their IMEI which are to be banned from the network or monitored.
This is designed to allow tracking of stolen mobile phones. In theory all data about all stolen
mobile phones should be distributed to all EIRs in the world through a Central EIR. It is clear,
however, that there are some countries where this is not in operation. The EIR data does not have
to change in real time, which means that this function can be less distributed than the function of
the HLR.

3.3.5 AUTHENTICATION CENTRE

The Authentication Centre or AUC is a function to authenticate each SIM card that
attempts to connect to the GSM core network. Once the authentication is successful, the HLR is
allowed to manage the SIM and services described above. An encryption key is also generated
that is subsequently used to encrypt all wireless communications between the mobile phone and
the GSM core network.

If the authentication fails, then no services are possible from that particular combination
of SIM card and mobile phone operator attempted.

The AUC does not engage directly in the authentication process, but instead generates
data known as triplets for the MSC to use during the procedure. The security of the process
depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely
burned into the SIM during manufacture and is also securely replicated onto the AUC. This Ki is
never transmitted between the AUC and SIM, but is combined with the IMSI to produce a
challenge/response for identification purposes and an encryption key called Kc for use in over
the air communications.

6|Page
3.4. OPERATION SUPPORT SUBSYSTEM (OSS)

The Operations and Maintenance Center (OMC) is connected to all equipment in the
switching system and to the Base Station Control as shown in Figure 2 below. The
implementation of OMC is called the operation and support system (OSS).

Fig.2. Illustration of the Operations and Maintenance Center (OMC)

The OSS is the functional entity from which the network operator monitors and controls
the system. The purpose of OSS is to offer the customer cost-effective support for centralized,
regional and local operational and maintenance activities that are required for a GSM network.
An important function of OSS is to provide a network overview and support the maintenance
activities of different operation and maintenance organizations.

Here are some of the OMC functions:

• Administration and commercial operation (subscription, end terminals, charging and

statistics).
• Security Management.
• Network configuration, Operation and Performance Management.
• Maintenance Tasks.

7|Page
 4. GSM NETWORK AREAS

The GSM network is made up of geographical areas. As shown in Figure 3, these areas
include cells, location areas (LAs), MSC/VLR service areas, and public land mobile network
(PLMN) areas.

Fig.3. GSM Network geographical areas

The cell is the area given radio coverage by one base transceiver station. The GSM network
identifies each cell via the cell global identity (CGI) number assigned to each cell. The location
area is a group of cells. It is the area in which the subscriber is paged. Each LA is served by one
or more base station controllers, yet only by a single MSC as shown in Figure 4. Each LA is
assigned a location area identity (LAI) number.

Fig.4. Illustration of the Location Areas (LA)

An MSC/VLR service area represents the part of the GSM network that is covered by one
MSC and which is reachable since it is registered in the VLR of the MSC as shown in Figure 5.
The PLMN service area is an area served by one network operator

8|Page
Fig.5. Illustration of the MSC/VLR Service Areas

9|Page
 5. KEY GSM NETWORK FEATURES
5.1. Radio Link Aspects

The International Telecommunication Union (ITU), which manages the international

allocation of radio spectrum (among many other functions), allocated the bands 890-915 MHz
for the uplink (mobile station to base station) and 935-960 MHz for the downlink (base station to
mobile station) for mobile networks in Europe. Since this range was already being used in the
early 1980s by the analog systems of the day, the CEPT had the foresight to reserve the top 10
MHz of each band for the GSM network that was still being developed. Eventually, GSM will be
allocated the entire 2x25 MHz bandwidth.

5.2. Multiple Access and Channel Structure

Since radio spectrum is a limited resource shared by all users, a method must be devised to
divide up the bandwidth among as many users as possible. The method chosen by GSM is a
combination of Time- and Frequency-Division Multiple Access (TDMA/FDMA). The FDMA
part involves the division by frequency of the (maximum) 25 MHz bandwidth into 124 carrier
frequencies spaced 200 kHz apart. One or more carrier frequencies are assigned to each base
station. Each of these carrier frequencies is then divided in time, using a TDMA scheme. The
fundamental unit of time in this TDMA scheme is called a burst period and it lasts 15/26 ms (or
approx. 0.577 ms). Eight burst periods are grouped into a TDMA frame (120/26 ms, or approx.
4.615 ms), which forms the basic unit for the definition of logical channels. One physical
channel is one burst period per TDMA frame.

Channels are defined by the number and position of their corresponding burst periods. All
these definitions are cyclic, and the entire pattern repeats approximately every 3 hours. Channels
can be divided into dedicated channels, which are allocated to a mobile station, and common
channels, which are used by mobile stations in idle mode.

5.2.1. Traffic Channels

A traffic channel (TCH) is used to carry speech and data traffic. Traffic channels are defined
using a 26-frame multiframe, or group of 26 TDMA frames. The length of a 26-frame multiframe
is 120 ms, which is how the length of a burst period is defined (120 ms divided by 26 frames
divided by 8 burst periods per frame). Out of the 26 frames, 24 are used for traffic, 1 is used for
the Slow Associated Control Channel (SACCH) and 1 is currently unused (see Figure 2). TCHs
for the uplink and downlink are separated in time by 3 burst periods, so that the mobile station
does not have to transmit and receive simultaneously, thus simplifying the electronics.

In addition to these full-rate TCHs, there are also half-rate TCHs defined, although they are
not yet implemented. Half-rate TCHs will effectively double the capacity of a system once half-
rate speech coders are specified (i.e., speech coding at around 7 kbps, instead of 13 kbps).
Eighth-rate TCHs are also specified, and are used for signalling. In the recommendations, they
are called Stand-alone Dedicated Control Channels (SDCCH).

10 | P a g e
 Fig.6. Organization of bursts, TDMA frames, and multiframes for speech and data
5.2.2. Control Channels

Common channels can be accessed both by idle mode and dedicated mode mobiles. The
common channels are used by idle mode mobiles to exchange the signalling information required
to change to dedicated mode. Mobiles already in dedicated mode monitor the surrounding base
stations for handover and other information. The common channels are defined within a 51-
frame multiframe, so that dedicated mobiles using the 26-frame multiframe TCH structure can
still monitor control channels. The common channels include:

5.2.2.1. Broadcast Control Channel (BCCH)

Continually broadcasts, on the downlink, information including base station identity,

frequency allocations, and frequency-hopping sequences.

5.2.2.2. Frequency Correction Channel (FCCH) and Synchronisation Channel (SCH)

Used to synchronise the mobile to the time slot structure of a cell by defining the boundaries of
burst periods, and the time slot numbering. Every cell in a GSM network broadcasts exactly one
FCCH and one SCH, which are by definition on time slot number 0 (within a TDMA frame).

5.2.2.3. Random Access Channel (RACH)

Slotted Aloha channel used by the mobile to request access to the network.

5.2.2.4. Paging Channel (PCH)

Used to alert the mobile station of an incoming call.

11 | P a g e
 5.2.2.5. Access Grant Channel (AGCH)

Used to allocate an SDCCH to a mobile for signalling (in order to obtain a dedicated channel),
following a request on the RACH.

5.3. Burst Structure

There are four different types of bursts used for transmission in GSM. The normal burst is
used to carry data and most signalling. It has a total length of 156.25 bits, made up of two 57 bit
information bits, a 26 bit training sequence used for equalization, 1 stealing bit for each
information block (used for FACCH), 3 tail bits at each end, and an 8.25 bit guard sequence, as
shown in Figure 2. The 156.25 bits are transmitted in 0.577 ms, giving a gross bit rate of 270.833
kbps.

The F burst, used on the FCCH, and the S burst, used on the SCH, have the same length as a
normal burst, but a different internal structure, which differentiates them from normal bursts
(thus allowing synchronization). The access burst is shorter than the normal burst, and is used
only on the RACH.

5.4. Speech Coding

GSM is a digital system, so speech which is inherently analog, has to be digitized. The
method employed by ISDN, and by current telephone systems for multiplexing voice lines over
high speed trunks and optical fiber lines, is Pulse Coded Modulation (PCM). The output stream
from PCM is 64 kbps, too high a rate to be feasible over a radio link. The 64 kbps signal,
although simple to implement, contains much redundancy. The GSM group studied several
speech coding algorithms on the basis of subjective speech quality and complexity (which is
related to cost, processing delay, and power consumption once implemented) before arriving at
the choice of a Regular Pulse Excited -- Linear Predictive Coder (RPE--LPC) with a Long Term
Predictor loop. Basically, information from previous samples, which does not change very
quickly, is used to predict the current sample. The coefficients of the linear combination of the
previous samples, plus an encoded form of the residual, the difference between the predicted and
actual sample, represent the signal. Speech is divided into 20 millisecond samples, each of which
is encoded as 260 bits, giving a total bit rate of 13 kbps. This is the so-called Full-Rate speech
coding. Recently, an Enhanced Full-Rate (EFR) speech coding algorithm has been implemented
by some North American GSM1900 operators. This is said to provide improved speech quality
using the existing 13 kbps bit rate.

5.5. Channel Coding and Modulation

Because of natural and man-made electromagnetic interference, the encoded speech or data
signal transmitted over the radio interface must be protected from errors. GSM uses
convolutional encoding and block interleaving to achieve this protection. The exact algorithms
used differ for speech and for different data rates. The method used for speech blocks will be
described below.

12 | P a g e
 Recall that the speech codec produces a 260 bit block for every 20 ms speech sample. From
subjective testing, it was found that some bits of this block were more important for perceived
speech quality than others. The bits are thus divided into three classes:

• Class Ia 50 bits - most sensitive to bit errors

• Class Ib 132 bits - moderately sensitive to bit errors
• Class II 78 bits - least sensitive to bit errors

Class Ia bits have a 3 bit Cyclic Redundancy Code added for error detection. If an error is
detected, the frame is judged too damaged to be comprehensible and it is discarded. It is replaced
by a slightly attenuated version of the previous correctly received frame. These 53 bits, together
with the 132 Class Ib bits and a 4 bit tail sequence (a total of 189 bits), are input into a 1/2 rate
convolutional encoder of constraint length 4. Each input bit is encoded as two output bits, based
on a combination of the previous 4 input bits. The convolutional encoder thus outputs 378 bits, to
which are added the 78 remaining Class II bits, which are unprotected. Thus every 20 ms speech
sample is encoded as 456 bits, giving a bit rate of 22.8 kbps.

To further protect against the burst errors common to the radio interface, each sample is
interleaved. The 456 bits output by the convolutional encoder are divided into 8 blocks of 57
bits, and these blocks are transmitted in eight consecutive time-slot bursts. Since each time-slot
burst can carry two 57 bit blocks, each burst carries traffic from two different speech samples.

Recall that each time-slot burst is transmitted at a gross bit rate of 270.833 kbps. This digital
signal is modulated onto the analog carrier frequency using Gaussian-filtered Minimum Shift
Keying (GMSK). GMSK was selected over other modulation schemes as a compromise between
spectral efficiency, complexity of the transmitter, and limited spurious emissions. The
complexity of the transmitter is related to power consumption, which should be minimized for
the mobile station. The spurious radio emissions, outside of the allotted bandwidth, must be
strictly controlled so as to limit adjacent channel interference, and allow for the co-existence of
GSM and the older analog systems (at least for the time being).

5.6. Multipath Equalization

At the 900 MHz range, radio waves bounce off everything - buildings, hills, cars, airplanes,
etc. Thus many reflected signals, each with a different phase, can reach an antenna. Equalization
is used to extract the desired signal from the unwanted reflections. It works by finding out how a
known transmitted signal is modified by multipath fading, and constructing an inverse filter to
extract the rest of the desired signal. This known signal is the 26-bit training sequence
transmitted in the middle of every time-slot burst. The actual implementation of the equalizer is
not specified in the GSM specifications.

5.7. Frequency Hopping

The mobile station already has to be frequency agile, meaning it can move between a transmit,
receive, and monitor time slot within one TDMA frame, which normally are on different
frequencies. GSM makes use of this inherent frequency agility to implement slow frequency

13 | P a g e
hopping, where the mobile and BTS transmit each TDMA frame on a different carrier frequency.
The frequency hopping algorithm is broadcast on the Broadcast Control Channel. Since
multipath fading is dependent on carrier frequency, slow frequency hopping helps alleviate the
problem. In addition, co-channel interference is in effect randomized.

5.8. Discontinuous Transmission

Minimizing co-channel interference is a goal in any cellular system, since it allows better
service for a given cell size, or the use of smaller cells, thus increasing the overall capacity of the
system. Discontinuous transmission (DTX) is a method that takes advantage of the fact that a
person speaks less that 40 percent of the time in normal conversation , by turning the transmitter
off during silence periods. An added benefit of DTX is that power is conserved at the mobile
unit.

The most important component of DTX is, of course, Voice Activity Detection. It must
distinguish between voice and noise inputs, a task that is not as trivial as it appears, considering
background noise. If a voice signal is misinterpreted as noise, the transmitter is turned off and a
very annoying effect called clipping is heard at the receiving end. If, on the other hand, noise is
misinterpreted as a voice signal too often, the efficiency of DTX is dramatically decreased.
Another factor to consider is that when the transmitter is turned off, there is total silence heard at
the receiving end, due to the digital nature of GSM. To assure the receiver that the connection is
not dead, comfort noise is created at the receiving end by trying to match the characteristics of
the transmitting end's background noise.

5.9. Discontinuous Reception

Another method used to conserve power at the mobile station is discontinuous reception. The
paging channel, used by the base station to signal an incoming call, is structured into sub-
channels. Each mobile station needs to listen only to its own sub-channel. In the time between
successive paging sub-channels, the mobile can go into sleep mode, when almost no power is
used.

5.10. Power Control

There are five classes of mobile stations defined, according to their peak transmitter power,
rated at 20, 8, 5, 2, and 0.8 watts. To minimize co-channel interference and to conserve power,
both the mobiles and the Base Transceiver Stations operate at the lowest power level that will
maintain an acceptable signal quality. Power levels can be stepped up or down in steps of 2 dB
from the peak power for the class down to a minimum of 13 dBm (20 milliwatts).

The mobile station measures the signal strength or signal quality (based on the Bit Error
Ratio), and passes the information to the Base Station Controller, which ultimately decides if and
when the power level should be changed. Power control should be handled carefully, since there
is the possibility of instability.

14 | P a g e
 6. GSM SUBSCRIBER SERVICES
There are two basic types of services offered through GSM. The first type is the teleservices
which offers telephony and the second type is the bearer services which offers data transmission.
Telephony services are mainly voice services that provide subscribers with the complete
capability which includes the necessary terminal equipment to communicate with other
subscribers. Data services provide the capacity necessary to transmit appropriate data signals
between two access points providing an interface to the network. In addition to telephony, the
following are subscriber services that are supported by the GSM Network:

• Dual-Tone Multi-Frequency
• Facsimile Group III
• Short Message Services
• Cell Broadcast
• Voice Mail
• Fax Mail
• Supplementary Services:
o Call Forwarding
o Barring of Outgoing Calls
o Barring of Incoming Calls
o Advice of Charge
o Call Hold
o Call Waiting
o Multi-Party Service
o Calling Line Identification Presentation/Restriction.
o Closed User Groups

15 | P a g e
 7. GSM CORE NETWORK EVOLUTIONARY
PATH
6.1. Implementing GPRS along with the existing GSM architecture

Basically GPRS can be introduced mainly as a software upgrade to existing stations,

which often can be done remotely from a central maintenance point because there wasn’t much
change in the network hardware. This software enables voice and data users to share the base
stations resource and the same air interface.

Fig.6. The integration of GPRS elements with GSM elements

In GSM, the interface is standardized to help connectivity between multiple base stations
and a BSC. This interface can remain unchanged when GPRS is introduced in order to make the
transition as smooth as possible. The data being transferred consists of both GPRS packet data
and GSM data because these components share the same air interface. In order to achieve
efficient packet data usage, different core networks are required and these concepts can be seen
in Figure 6 above.

1) The existing GSM core network for circuit-switched data.

2) New GPRS core network for packet data.

The BSC must divide the different data flows and direct them to the right network. This
additional functionality requires new hardware at the BSC: the Packet Control Unit (PCU). The
PCU separates packet data and circuit-switched data when it is received from the MS and
multiplexes the different data streams from circuit-switched and packet-switched core networks
into regular streams that go down to the cells. The PCU is an autonomous unit and could be
physically separated from the BSC. The BSC also needs a software upgrade for GPRS in order to
16 | P a g e
handle the new logical packet data. Therefore, most of the new functionalities added to the GPRS
air interface are implemented in the BSC. One BSC is connected to several base stations, one
MSC and one Serving GPRS Support Node (SGSN).

7.1.1 The GPRS core network

The GPRS core network consists of two main components (nodes). These two components
are integrated in the existing GSM network: the Serving GPRS Support Node (SGSN) and the
Gateway GPRS Network Node (GGSN), which together are called the GSN nodes. The
integration of the GPRS core network and an existing GSM network is shown in Figure 7 below.

Fig.7. The GPRS core components integrated with GSM components

To connect these new nodes to the radio network, a new open interface should be used.
This new interface is called Gb. Gb is a high-speed Frame-Relay link that is based on E1 or T1
connections. The connection between different GSN nodes and other components of the core
network is called the GPRS backbone (can be seen in figure 3). The backbone is a regular IP
network that has access routers, firewalls and so on. The backbone can also be used to connect to
other GPRS systems. Usually, the backbone is also connected to the operator's billing system via
a billing gateway.

The SGSN is the main component which enables the mobility of GPRS users. When
connected to a GPRS network, The MS has a logical connection to its SGSN through which it
can perform delivery between different cells without any change in the logical connection. The
SGSN keeps track of which BSC to use when sending packets to a MS originating from outside
networks. Its functionality is similar to a regular IP router, but it has an added functionality for
handling mobile network issues.

If the user moves from one SGSN service area to another SGSN service area, an inter-
SGSN delivery can be performed. Most of the time, the user won't notice the delivery although

17 | P a g e
the packets that were currently buffered in the old SGSN might be discarded and re-sent by using
higher layers.
The characteristics of a radio link are very different from those of a fixed link and bits
over the air are more likely to be lost and as a result some additional functionality is needed.
When a MS is connected to a site on the internet, for example, the majority of data loss occurs
over the wireless link, and handling that with higher level protocols such as TCP would be
wasteful. It is preferred, in our case, to have a quick retransmission protocol that only covers the
wireless part and hides the loss from TCP, enabling it to fulfill its original task. For that goal we
have the RLC protocol which operates within the MS and the base station and resends data that
was lost over the air. The Logical Link Control (LLC) protocol which is located between the MS
and the SGSN can be configured to perform similar functionality.

The GGSN is actually a combined gateway, a firewall and an IP router. The GGSN
handles interfaces to external IP networks, internet service providers (ISPs), routers, and other
close nodes. From the external networks point of view, the GGSN appears as a gateway that can
route packets to the users within its domain. The GGSN keeps track of the SGSN to which a
specified MS is connected and forwards packets to it. The SGSN and GGSN can either be
located together in a compact GSN (CGSN) solution or placed far from each other and connected
via the backbone as seen in Figure 7.

The backbone can be shared with other operators. Thus, the GPRS Tunneling Protocol
(GTP) is used for management (will be elaborated later on). Packets that travel over the GPRS
backbone have a stack with IP and TCP at two levels (as detailed in the protocol stack section).
This is inefficient, but it makes communication secure and easier to implement.

7.1.2 The New Interfaces

The GPRS backbone will enable point-to-point calls, inter-working with the BSS, HLR,
MSC, GMSC and the internet. New interfaces have been developed for GPRS. These interfaces
are labeled with Gx in their names where x stands for a variety of interfaces as can be seen in
figure 4.

Fig.8. GPRS new interfaces

18 | P a g e
 The Gn and Gp interfaces are defined between two SGSNs. This enables the SGSNs to
exchange user profiles when a mobile station moves from one SGSN area to another. The Gi
interface connects the PLMN with external private or public PDNs, such as the Internet or
corporate intranets. There is a support for interfaces to IP (IPv4 and IPv6) and X.25 networks.

The HLR stores the current SGSN address, the user profile and the PDP address for each
GPRS user in the PLMN. The Gr interface is used to exchange this information between SGSN
and HLR. For example, the SGSN informs the HLR about the current location of the MS. When
the MS registers with a new SGSN, the HLR sends the user profile to the new SGSN. The
signaling path between GGSN and HLR (Gc interface) might be used by the GGSN to query a
user's location and profile in order to update its location register.

Furthermore, the MSC/VLR may be extended with functions that allow efficient
coordination between packet switched (GPRS) and circuit switched (conventional GSM)
services. Paging requests of circuit switched GSM calls can be performed via the SGSN. For this
purpose, the Gs interface connects the data bases of SGSN and MSC/VLR. To exchange SMS
messages via GPRS, the Gd interface is used. It interconnects the SGSN with the SMS gateway
MSC (SMS-GMSC).

19 | P a g e
 8. REFERENCES

Architecture of the GSM network. Mobile is Good. 28 April 2008.

<http://www.mobileisgood.com/ArchitectureOfTheGSMNetwork.php>

GSM Architecture. Argos Press. 28 April 2008.

<http://www.argospress.com/Resources/gsm/gsmarchit.htm>

GSM Phone Information Network. GSM Phone. 28 April 2008.

<http://www.gsmphone.us/network.html>

Introduction to GSM Networks. Wiley. 29 April 2008.

<http://media.wiley.com/product_data/excerpt/49/04700169/0470016949.pdf>

History of GSM and More. LD Post. 29 April 2008. <http://www.ldpost.com/telecom-

articles/History-of-GSM-and-More.html>

Network Architecture. 06 February 2003. Radio Corp. 29 April 2008.

<http://www2.rad.com/networks/2003/gprs/arch_nw.htm>

GSM Security network. GSM Security. 29 April 2008. <http://www.gsm-security.net/faq/gsm-

network.shtml>

Global System for Mobile Communication (GSM). 29 May 2008.

<http://www.rjl.com.au/doctype/documents_public/GSM%20tutorial.pdf>

Introduction to GSM, the Global System for Mobile Communication. GSM Favourites. 29 May
2008. <http://www.gsmfavorites.com/documents/introduction/mobile/>

GSM – Architecture. Tutorials Point. 1 May 2008.

<http://www.tutorialspoint.com/gsm/gsm_architecture.htm>

GSM - The Mobile Station. Tutorials Point. 1 May 2008.

<http://www.tutorialspoint.com/gsm/gsm_mobile_station.htm>

GSM - The Base Station Subsystem (BSS). Tutorials Point. 1 May 2008.
<http://www.tutorialspoint.com/gsm/gsm_base_station_subsystem.htm>

The Network Switching Subsystem (NSS). Tutorials Point. 1 May 2008.

<http://www.tutorialspoint.com/gsm/gsm_network_switching_subsystem.htm>

20 | P a g e
The Operation Support Subsystem(OSS). Tutorials Point. 1 May 2008.
<http://www.tutorialspoint.com/gsm/gsm_operation_support_subsystem.htm>

21 | P a g e