Presentation Objectives

Introduction to GSM
Learning about GSM Network Architecture

Network components Radio Interface Cell structure Frequency re-use and tri-sector antenna

Learning about GSM Operational Principles

Call delivery Location Updating Speech and Data transmission

Understanding of GSM Localization Recognizing the Services provided by GSM Understanding of GSM Security Issues

Conclusions
1

Introduction to GSM
The most popular 2G cellular standard developed to cater voice services and data delivery using digital modulation.
Development background:
Developed by Groupe Spciale Mobile (founded 1982) which was an initiative of CEPT (Conference of European Post and Telecommunication). In 1989, ETSI (European Telecommunications Standards Institute) took the control of GSM and defined new acronym Global System for Mobile Communications. Commercial use has been started since 1991.

Features of GSM Standards:

Supports international roaming and handheld terminals. Good subjective speech quality and wide-range of new services.

Low cost (?).

Compatible with other systems, say ISDN and PSTN.

In March 2005, Around 1.3 billions subscribers in more than 135 countries (more than 70% world market) used GSM. Among them 43% users are from Europe and 40% users are from Asia specific region.
2

Mobile Terminal (MT)

Base Transceiver System (BTS)

Network Components: GSM Architecture

Base Station

There are three main components of GSM networks:

Controller (BSC)

Mobile Terminal (MT)

Base Station (BS)

Mobile equipment for transmitting and receiving signals. Subscriber Identity Module (SIM) for storing necessary permanent and temporary data. Base Transceiver System (BTS) for

PSTN
VLR HLR AuC

Base Station (BS)

transmitting and receiving signals; and manipulating signals such as encoding/decoding, encrypting, multiplexing and modulating.

EIR

Mobile Switching Centre (MSC)

Other GSM

Base station Controller (BSC) for assigning and managing resources, controlling handoff and power level, etc. Manage communications, mobility, and billing information.

Wireless Connection
P2P Wireless or optic fiber connection

Mobile Switching Centre (MSC)

Home Location Register (HLR): central master database for users under the MSC. Visitor location Register (VLR): Local database for the users currently under the domain of MSC.

Authentication Center (AuC): Authenticate mobile terminals and encrypt user data.
Equipment Identity Register (EIR): register MTs and locked stolen or malfunctioning MTs.
3

Radio Interface: GSM Architecture

Most GSM Networks operate at 900 MHz and/or 1800MHz,

850 MHz and/or 1900MHz in Parts of Americas (including USA and Canada).

900 MHz Frequency Band

Uplink

TDMA Frame:

Each frame contains 8 time slots. Channel data rate: 270.833 kbps Frame duration: 4.615 mS

Downlink
960MHz Uplink

890MHz 915MHz Downlink

935MHz

There are two types of logical channels:

Traffic channels

124 carriers 124 carriers Each Carrier has 200KHz Frequency band

Signaling Channels for broadcasting, common control, and dedicated control.

TDMA divides each RF channel (i.e., carrier) to 8 voice Channel

t1 t2 t3 t4 t5 t6 t7 t8

Time slot duration 577 s

Time-slots
4

Cell Structure: GSM Architecture

Cell is a area covered by one BS. Depending on the sizes, there are four types of cells: GSM Network Areas
Public Land Mobile Network
(one operators network) (Covered by one MSC)

Macro-cell: 5-35 km radius. For rural or suburban areas.

Micro-cell: 1-5 km radius. Used in town or urban areas.

Pico-cell: radius <100 meters. For a campus area. Umbrella-cell: Fill-up the gaps between two cells or cover shadow areas of a cell.
In building communications Suburban

MSC/VLR Service Area Location Area

(one MSC covers several location areas)

Cell
(Covered by one BS)

Macrocell

Urban

Micro-cell

Pico-cell

Cell radius varies depending on antenna height, antenna gain, and condition of propagation.

Cell Representation
R R

GSM supports the longest distance up to 35 km, because,

Timing limitations: Longer distance takes more propagation time. So, utilization decreases with the increase is guard time between two time-slots. Interference: More noises are added and signal is attenuated with the increase in distance, requiring more power level. Limiting User: Longer cell radius reduces number of users.
5

Ideal cells
R = Radius of cell

Fictitious cells

Frequency re-use: GSM Architecture

For the purpose of filtering a given frequency used by a cell, a distance should be maintained between two cells using same frequency. For reusing frequency, cells are divided into clusters (each having K cells) so that a frequency band is used by only one cell of a cluster.

The Cell Structure for K = 7

7

Tri-Sector Antenna

D
7 6

6 1 5 4 2

2 3 7 6 2 1 5 4 3

1
5 4 3

Used for 1 cell:

Used for 3 cells

Cell Splitting

Distance,D 3K R 3 7 R 4.58 R
R = Radius of the cell.

Impacts of reducing cell-radius or splitting cells:

Increase cellular systems capacity. Decrease transmission power in BS and MT

Call delivery: GSM Operational Principles

MT
1. Call Request 10. Reply 9. Reply

Call delivery Steps:

BS
2. Call Request

7. Forward
information

8. Send Request
to called MSC

3. Location
Request HLR

MSC

1-2. Send call request from calling MT to MSC via BS. 3. MSC determines the address of HLR of the called MT and sends location request message. 4-5. HLR determines the serving VLR of the called MT and send route request message. VLR then send the message to the MSC serving the MT. 6. MSC allocates a TLDN to the MT and reply to HLR with TLDN.

4. Route
Request
VLR

7. HLR forward information to the MSC of the calling MT. 8. Calling MSC requests a call set up to the called MSC through SS7 networks.

HLR

TLDN: Temporary local

directory number.

MSC
5. Route
Request

4. Route
VLR Request

Location Updating: GSM Operational Principles

MT
1. Location Update

BS
2. Location
Update

Location Updating Steps:

1-2: When the MT enters a new LA, Location update message is sent to MSC via BS. 3: MSC launches a registration query to VLR and VLR updates the records. 4: If new LA belongs to a different VLR, the new VLR determines the address of HLR of the MT from mobile identification number (MIN).

3. Registration
query VLR

MSC

5. Registration Acknowledgement

sends location registration message to HLR.

4. Location Registration 6. Registration

Cancellation HLR VLR

5: HLR authenticates the MT and records information of new VLR of the MT.

7. Cancellation Acknowledgement If VLR Changes.

old

6-7: HLR sends a registration cancellation message to old VLR. Old VLR then remove records and returns a cancellation acknowledgement message to the HLR.

Speech and Data Transmission: GSM Operation

10101
10101

Input Speech

Speech encoder

Data encryption

Data Modulator

Add-on module in standard GSM handset

Speech encoder

PSTN to GSM

Base station subsystem

64-bit PCM waveform

GSM to PSTN

Speech decoder

Base station subsystem

10101

10101

Data demodulator

Data decryption

Speech Decoder

Output Speech

Add-on module in standard GSM handset

GSM uses Gaussian-Filtered Minimum shift Keying (GMSK) Modulation.

GSM Localization
GSM localization is the use of GSM mobile phones to determine the location of the user.
Location of an MT can be determined using Time of Arrival (TOA), Time difference of Arrival (TDOA), and Angle of Arrival (AOA) measures.

Location measurement from TDOA

1. measure |R2-R1| = c(t2-t1) and |R3-R1| = c(t3-t1) and plot them. 2. Two hyperbolas will be found. Position of MT is the crossing point of hyperbolas at R1 distance from BS1.
BS3 R3

Location measurement from TOA

BS1

R1 R2 BS2

BS2 R2 R1 BS1 R3 BS3 1. TOAs t1, t2, t3 from signal strength.

Location measurement from AOA

are measured
1. Angles can be measured by MT and sent to the respective BS. 2. Crossing point of tangent brown at BSs is the position of the MT.
2 2 1 1

2. measure base station distances as R1= ct1, R2= ct2,and R3=ct3, where c is light speed. 3. Circles are formed with radius R1, R2, and R3. 4. Intersection point is the position of MT.

However, GPS is the most popular way of geolocating an MT precisely within 50 meters.
10

GSM Services
GSM network Provides three types of services:

Tele Services: Normal voice calls.

Voice conversation
Emergency services

Bearer Services: data services.

Short message services (SMS), Videotex, teletex, and advanced message handling services.

Supplementary Services:

call forwarding and call barring, Calling/connected line identification presentation and restriction Malicious call identification Multi-party services (i.e., tele-conferencing), etc.

11

GSM Security Issues

GSM provides security in three areas:

Data and signaling confidentiality

Authentication of a user Confidentiality of a user

Data and signaling confidentiality: transmit Cipher-text

A5/1, A5/2, and A5/3 ciphering algorithms

are used. A8 algorithm is used to generate key for ciphering algorithms.

Authentication Procedure: when a connection is attempted.

Network
1. Identity (initial message) TMSI

MT

SIM

2. Authentication Request (RAND)

3. Run GSM (A3) Algorithm (RAND) 4. Response (SRES)

5. Authentication Response (SRES)

Network compares the SRES with its own SRES. If Authentication fails network may choose to repeat with International Mobile Subscriber Identity (IMSI).
TMSI: Temporary mobile subscriber identity SRES: Signed Response. SIM: Subscriber Identity Module.

User confidentiality is maintain by protecting SIM using a PIN and PUK (PIN unlock) code. If invalid PIN code is entered for a given time, PUK code should be collected from the operator. Using invalid PUK several times damage the SIM permanently.
12

Conclusions

GSM extended circuit-switching through introducing TDMA and Digital Technology.

GSM introduces multimedia services for the first time. Digital services of GSM networks enable tremendous growth of mobile communications.

People are now expecting wireless worldwide connectivity of their laptops and powerful handheld devices.

GSM provides moderate level of security.

Safe for general personal use, but not secure for top organizations like Government spy

agencies.

Capacity is the main limitation of GSM networks. GSM cannot support the todays demand of wireless multimedia services.
2.5G General Packet Radio Service (GPRS) and 3G CDMA2000 are now being used in some

areas to get more capacity.

Indeed ! GSM makes the world a global village !

13