GSM Architecture

Lesson 2

Topics

interWAVE

COMMUNICATIONS

Geographical Network Structures

The Mobile Station
The Base Station Subsystem
Base Transceiver Station
Base Station Controller
The Network Subsystem
Mobile Switching Center
Data Bases
Security Functions
Non-voice Functions
Operation and Maintenance Centers
2

GSM Structure

Every telephone network needs a structure to be able to

route calls to the right MSC and to the right subscriber. In
a GSM/DCS network, structure is even more essential as the
subscribers are mobile, and could be virtually anywhere in
the world.
PLMN

MSC

MSC

MSC

VLR

MSC/VLR

BSC

LA

Cell

LA
LA
interWAVE

COMMUNICATIONS

BSC

Pubilc Land Mobile Network(PLMN)

First, a GSM PLMN is a complete GSM network belonging to one operator.

Some countries have several GSM PLMNs (compare PSTN)
The GSM PLMN is the complete GSM network belonging to one operator.
Some countries have several GSM PLMNs.
A PLMN is uniquely identified by its mobile country code(MCC) and mobile
network code(MNC). The MCC identifies the country and the MNC identifies
a PLMN within the country.

GSM/PLMN

GMSC

GMSC
other PLMN

ISDN

PSTN
interWAVE

COMMUNICATIONS

Gateway MSC

A gateway between the GSM/DCS and other

networks is necessary. A call to a subscriber in
the GSM/DCS network, will first be routed to the
GMSC.
The GMSC is responsible for finding out in what
part of the GSM/DCS network the MS is by
questioning HLR and also for routing of the call.

HLR
HLR

GMSC
MSC

MSC

MSC

MSC
MSC
interWAVE

COMMUNICATIONS

MSC/VLR Service Area

First, a GSM PLMN network is divided into one or more MSC/VLR service
areas.
An MSC service area represents the part of the network that is covered by one
MSC.
The service area is the part of the network that is defined as an area in which a
MS is reachable, due to the fact that the MS is registered in a VLR.

Usually the MSC /VLR are implemented in the same node

MSC

b
VLR

MSC

VLR

COMMUNICATIONS

GMSC

MSC

MSC

VLR

interWAVE

VLR

GSM PLMN

Location Area Identity(LAI)

This uniquely identifies a GSM location area.

Each MSC/VLR Service Area is divided into a number of location areas, which helps the
MSC/VLR to track the location of the MS. A location area is the area where a paging message is
broadcasted in order to locate a MS.
The location area format is: LAI = MCC + MNC + LAC ( the location area code(LAC) identifies a
location area within a PLMN)
The location area can have several cells, and one or more BSC, But it belongs to only one
MSC/VLR
A BSC can also have several LACs

GMSC
MSC

VLR

MSC
VLR

LA 3

LA 2
MSC

LA 4
interWAVE

COMMUNICATIONS

VLR

LA 1
7

Cell

Each location area is divided into a number of cells. A cell is the

geographical area covered by one Base Transceiver Station (BTS).
There are different types of cells, depending on size: Macrocells,
microcells, and picocells. There also could be several BSCs serving
the cells, but all connected to the same MSC/VLR.

LAC are split into cells by the compromise of paging load and
location update load
The MS distinguishes between cells using the same carrier frequencies
by the use of BSICs.

MSC

VLR

BSC

BTS

interWAVE

COMMUNICATIONS

Cell
11

BTS

Cell
12

LAI 1

Cell / Location Areas

MSC

VLR

A-Interface

BSC

BSC

BSC

Abis Interface

BTS

Cell
11

BTS

Cell
12

LAC # 1
interWAVE

COMMUNICATIONS

BTS

Cell
21

LAC # 2

BTS

Cell
31

BTS

Cell
32

BTS

Cell
33

LAC # 3
9

GSM Service Areas

GSM Service Area
PLMN

all member countries

Complete GSM/DCS/PCS network of one operator in one country

possible for 2 or 3 PLMNs per country
1 HLR database per PLMN

MSC Serving Area

Area controlled by one MSC

VLR assigned per/MSC
Exchange for one large area (metro / suburban)
possible multiple MSC per PLMN

Location Area

Several LA per metropolitan area

MS location updates if moves out of LA
Possible of several cells per LA
BTS (cell)
Smallest geographical entity
One or more cells within a BTS
10s of meters to tens of km

interWAVE

COMMUNICATIONS

10

Topics

interWAVE

COMMUNICATIONS

Geographical Network Structures

The Mobile Station
The Base Station Subsystem
Base Transceiver Station
Base Station Controller
The Network Subsystem
Mobile Switching Center
Data Bases
Security Functions
Non-voice Functions
Operation and Maintenance Centers
11

GSM Main Components

interWAVE

COMMUNICATIONS

12

MS - Mobile Station

Mobile Equipment - The MS is made up of

SIM
and the "Mobile Equipment" (ME).

The SIM, "Subscriber Identity Module", a separate

physical entity that contains all information regarding the
subscriber. The SIM is an IC Card, or a "Smart Card".
Without the SIM, the Mobile Equipment cannot be used in
the GSM/DCS network, except for emergency calls. The
SIM can be put into a different "Mobile Equipment",
whereby all calls are routed to that "Mobile Equipment".
The "Mobile Equipment" is a physical piece of hardware
enabling radio communication with the system.

interWAVE

COMMUNICATIONS

13

MS - Mobile Station

interWAVE

COMMUNICATIONS

ME

Mobile Equipment

Portable radio that can be used in any

GSM system.
vehicle mounted
portable
handheld

14

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any GSM

system.
Power Classes (up to 15 power control levels)

Class
1
2
3
4
5

GSM900
8W(39dBm)
5W (37 dBm)
2W (33 dBm)
0.8W 5W (37 dBm)

DCS1800

PCS1900

1W(30dBm)
.25W (24 dBm)
4W (36 dBm)

1W(30dBm)
.25W (24 dBm)
2W (33 dBm)

+ / - 2db (nominal)
interWAVE

COMMUNICATIONS

15

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any

GSM system.
Power Classes
Radio interface

Frequency(MHz)
GSM
Uplink(TX)
890 - 915
Downlink(RX) 935 - 960

interWAVE

COMMUNICATIONS

EGSM DCS1800 PCS1900

880 - 915 1710 - 1785 1850 - 1910
925 - 960 1805 -1880 1930 - 1990

16

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any

GSM system.
Power Classes
Radio interface
Encryption module for security
A5/1
A5/2
up to 7 algorithms

interWAVE

COMMUNICATIONS

17

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any

GSM system.
Power Classes
Radio interface
Encryption module for security
Full rate & Enhanced Full rate
Services
voice and data

interWAVE

COMMUNICATIONS

18

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any GSM

system.
Power Classes
Radio interface
Encryption module for security
Full Rate Services
Mobile Termination
MT0 : speech/data
MT1 : 2B+D interface to ISDN terminal
MT3 : CCITT X & V interface

interWAVE

COMMUNICATIONS

19

MS - Mobile Station

ME

Mobile Equipment

Portable radio that can be used in any

GSM system.
Power Classes
Radio interface
Encryption module for security
Full/Half Rate Services
Mobile Termination
Unique IMEI - International Mobile
Equipment Identity number - identifies
the ME

interWAVE

COMMUNICATIONS

20

MS - Mobile Station

interWAVE

COMMUNICATIONS

ME
SIM

Subscriber Identity
Module

21

MS - Mobile Station

interWAVE

COMMUNICATIONS

ME
SIM

Subscriber Identity Module

ID -1 SIM (credit card)
Plug-in SIM (cut-out)
Processor
Fixed (permenant) storage
User (temporary) storage

22

MS - Mobile Station

ME
SIM

Subscriber Identity Module

Personal identity for making and receiving
calls

Stores subscriber personal identity,

security information, short messages,
and dialing lists

interWAVE

COMMUNICATIONS

IMSI, TMSI
cipher key & sequence no.
admin. & location info
language preference
PINs, phone lists
dialled, missed #
23

MS - Mobile Station

ME
SIM

interWAVE

COMMUNICATIONS

Subscriber Identity Module

Personal identity for making and
receiving calls
Stores subscriber personal identity,
security information, short messages,
and dialing lists

Authentication & encryption

algorithms
authenticate algorithm (A3)
session key algorithm (A8)
Ki, Kc - Keys
24

MS - Mobile Station

ME
SIM

Subscriber Identity Module

Personal identity for making and
receiving calls
Stores subscriber personal identity,
security information, short messages,
and dialing lists
Authentication & encryption algorithms

Other Features:

interWAVE

COMMUNICATIONS

Protected by user PIN codes

Terminal / device independent
Single point of billing
Global roaming
25

MS Identification Numbers
Mobile Station ISDN Number (MSISDN)

The MSISDN is a number which uniquely identifies a mobile telephone

subscriber in the PSTN numbering plan. It is composed of the following
numbers:

MSISDN = CC + NDC + SN

CC = Country Code
NDC = National Destination code
SN = Subscriber Number

A National Destination code is allocated to each GSM PLMN. In some

countries more than one NDC may be required

interWAVE

COMMUNICATIONS

26

MS Identification Numbers
International Mobile Subscriber Identity (IMSI)

This uniquely identifies a mobile station in an GSM network. It will be stored in the MS
SIM(permanent memory), HLR and in the VLR. The user does not need to keep track of this
number as it is used by the system itself. The IMSI format is:

IMSI = MCC + MNC + MSIN

MCC = Mobile Country Code

MNC = Mobile Network Code
MSIN = Mobile Station Identification Number

Temporary Mobile Subscriber Identity (TMSI)

interWAVE

This 32 bit binary number is used instead of the IMSI which identifes the MS within one location
area. For subscriber confidentiality, the TMSI can be changed an infinite number of times by
command of the MSC/VLR.
TMSI is temporary identification, and is usually changed by the network when the MS enters a new
location area.
LAI and TMSI are stored in temporary SIM memory

COMMUNICATIONS

27

MS Identification Numbers
International Mobile Equipment Identity (IMEI)

Used to identify the mobile equipment. Each mobile equipment

unit has its unique IMEI. The IMEI consists of the following:

TAC = Type Approval Code

FAC = Final Assembly Code
SNR = Serial Number
sp = future use

Mobile Station Roaming Number (MSRN)

interWAVE

This is a number temporarily used for routing to the MSC/VLR at

which the MS is registered. It is allocated by that MSC /VLR and
sent via the HLR to the GMSC to route the incoming call to that
MSC/VLR

COMMUNICATIONS

28

TheStation
Mobile Station
and Numbering
Mobile
+ Numbering
=
Subscriber

+
SIM Card

IMSI = International Mobile Subscriber Identity

Unique identification of the subscriber
(Stored in HLR and SIM, used by the system)
ki = Secret Authentication Key
(Stored in AuC and SIM)

Mobile Equipment
IMEI =
International Mobile Equipment Identity
Uniquely identifies the handset
(stored in ME and EIR)

TMSI = Temporary Mobile Subscriber identity

Allocated by the VLR and sent to the HLR.
Used on the air interface for security purposes.
+ Other information
(e.g. Authentication Algorithms, Cipher Key,
PIN Number etc.)
Mobile Station
MSISDN = Mobile Station ISDN Number.
Subscribers mobile phone number (Stored in HLR and related to the IMSI)
interWAVE

COMMUNICATIONS

29

MS - Mobile Station

ME
SIM
Other equipment

interWAVE

COMMUNICATIONS

Data/FAX card
data interface
Battery pack
Car adaptor
Hands Free

30

Topics

interWAVE

COMMUNICATIONS

Geographical Network Structures

The Mobile Station
The Base Station Subsystem
Base Transceiver Station
Base Station Controller
The Network Subsystem
Mobile Switching Center
Data Bases
Security Functions
Non-voice Functions
Operation and Maintenance Centers
31

BSS Main Components

interWAVE

COMMUNICATIONS

32

The BSS

interWAVE

The Base Station System is the function used to give radio

coverage for one particular or a number of cells. Radio
traffic passes between the BSS and the Mobile Stations,
the radio uplink (mobile station to PLMN) and downlink
(vice versa), to provide communication.
The BSS is broken down into two functional units a Base
Station controller (BSC) and a Base Station transceiver
(BTS). A third part, Operations & Maintenance Center for
the radio (OMC-R) configures, monitors, and maintains all
BSS operations.
the Transcoder (TRAU) is also associated with the BSS.

COMMUNICATIONS

33

Base Station Subsystem (BSS)

Um Interface

Abis Interface

A Interface

Channel Management

Configuration of radio channels

Channel selection, allocation, release

Blocking indication

Monitoring of idle channels

Radio Interface Encryption

Establish radio link to MS

TRX

paging

BTS
16Kb/s BSC

MSC

Transcoder

16Kb/s

64Kb/s

E1/T1
TRX

BTS

interWAVE

COMMUNICATIONS

BSS

channel

allocation
channel assignment
Maintain radio link to MS
measurement of RF
link
performs handover

Power allocation
Digital Signal Processing

Transcoding and rate

adaption

Channel coding and decoding

34

Transmission Network Topology

BTS

Star

BTS

BSC
BTS

BTS

Daisy Chain/Tree
BSC
BTS

interWAVE

COMMUNICATIONS

BTS

BTS
35

BSS - Base Station Subsystem

BTS - Base
Transceiver Station

Contains radio transmission

and receiving devices (TRX)
to stay in touch with the MS
Control(BCF)
Ant.

BSC

Signal
Processing

Transmit
Receive

TRX

Power

interWAVE

COMMUNICATIONS

Synchronization

36

BSS - Base Station Subsystem

interWAVE

BTS - Base
Transceiver Station

COMMUNICATIONS

Contains radio transmission

and receiving devices (TRX)
to stay in touch with the MS
Defines cell boundaries and
coverage

37

BSS - Base Station Subsystem

BTS - Base
Transceiver Station

Contains radio transmission

and receiving devices (TRX)
to stay in touch with the MS
Defines cell boundaries and
coverage
Channel coding & interleaving

interWAVE

COMMUNICATIONS

Protection against channel

impairments
DSP intensive

38

BSS - Base Station Subsystem

BTS - Base
Transceiver Station

Contains radio transmission

and receiving devices (TRX)
to stay in touch with the MS
Defines cell boundaries and
coverage
Channel coding & interleaving
Controls other key GSM
features:

interWAVE

COMMUNICATIONS

Encryption
Frequency hopping
Dynamic power control

39

BSS - Base Station Subsystem

BTS - Base
Transceiver Station

Contains radio transmission

and receiving devices (TRX)
to stay in touch with the MS
Defines cell boundaries and
coverage
Channel coding & interleaving
Controls other key GSM
features
BTS Types:

interWAVE

COMMUNICATIONS

Macro, Micro, Pico

Indoor/Outdoor

40

BTS - Base Transceiver Station

The BTS maximum output power , measured at the antenna

connector(after all stages of combining), shall be, according to its
class, as defined in the following tables (per GSM spec 05.08):

GSM900
DCS1800/ PCS1900
TRX Power Max Output TRX Power Max Output
Class
Power(Watts)
Power (Watts)
Class
1
320
20 - 40
1
2
160
10 - 20
2
3
80
5 - 10
3
4
40
2.5 - 5
4
5
20
6
10
GSM900 micro BTS
7
5
TRX Power Max Output
8
2.5
Class
Power(Watts)
M1
> .08 - .25
M2
> .03 - .08
M3
> . 01 - .03
interWAVE

COMMUNICATIONS

DCS1800/PCS1900
micro BTS
TRX Power Max Output
Class
Power(Watts)
M1
> .5 - 1.6
M2
> .16 - .5
M3
> .05 - .16
41

BSS Identification

Cell Group Identity (CGI) - is used for cell identification within a location
area. This is done by adding a Cell Identity (CI) to the location area identity

CGI = MCC + MNC + LAC + CI

CI = Cell Identity, identifies a cell within a location area

Base Station Identity Code (BSIC) - BSIC allows a mobile station to

distinguish between different neighboring base stations

BSIC = NCC + BCC

NCC = Network Color Code, identifies the GSM PLMN. NCC is used to distinguish
between operators on each side of the border.
NCC = Operator ID + Country ID ( a definition of NCC for all member countries is
given in the GSM recommendations)
BCC = Base Color Code, identifies the base station

Location Area Identity (LAI) - is used for location updating of mobile

suubscribers

interWAVE

COMMUNICATIONS

LAI consists of the following:

MCC = Mobile Country code
MNC = Mobile Network code, identifies the GSM PLMN in that country
LAC = Location Area Code, identifies a location area within a PLMN (group of
cells)
42

BSS - Base Station Subsystem

BTS - Base
Transceiver Station
BSC - Base Station
Controller

Transmission
Network

interWAVE

COMMUNICATIONS

Radio
Channel

The brains of the BSS

Responsible for:
Transmission network
management
Radio channel management
Radio network management
BTS control

Radio
Network

BTS
Control
43

BSS - Base Station Subsystem

BTS - Base
Transceiver Station
BSC - Base Station
Controller

Transmission
Network

interWAVE

COMMUNICATIONS

Radio
Channel

Transmission Network management

switches 64kbps & 16kbps timeslots

PCM management
Can provide: Transcoder & Rate
Adaptation (TRAU)

Radio
Network

BTS
Control
44

TRAU

Transcodes the speech bit rate from 64kbps (the speech form in normal
telecommunications) to 13 kbps ( the speech form in the GSM system)
Data Rate Adaptation.
takes synchronous/asynchronous data (300 to 9600 bps) rates and produce an
intermediate data rate of 16kbps to be sent over the air
The intermediate data rate is adapted to 64kbps in the BSC
The signaling information transferred between the BSC and BTS, together with
the speech is called in-band signaling. Types of inband signaling:
channel mode type (speech, data, OAM frames)
SID - Silence Discriptor indiction (speech mode, DTX)
BFI - Bad Frame Indicator (speech mode)
Voice
A-Law
64Kbps
PCM from
network
Data

interWAVE

COMMUNICATIONS

Full Rate Speech

Compression
&
Encoding
Data
Rate
Adaptation

13.2Kbps

16Kbps
Formatting

2.8 Kbps
In-band signaling

16Kbps
multiple
16Kbps
channels to BTS

45

Transmission Network Management

TRAU at BSC

MSC

MSC

64 kbps

64 kbps

TRAU

BSC TRAU

16 kbps

16 kbps

BTS

BTS
BTS

compressed speech
interWAVE

COMMUNICATIONS

TRAU at MSC

BSC

BSC

16 kbps

16 kbps

BTS

BTS

compressed speech
46

BSS - Base Station Subsystem

Radio channel management:

BTS - Base
Transceiver Station
BSC - Base Station
Controller

Transmission
Network

interWAVE

COMMUNICATIONS

Radio
Channel

channel allocation
channel assignment
channel supervision
channel release
handover control
paging requests
SMS transmission
administrate the transmission of:
system information
frequency hopping sequence
MS/ BTS power control

Radio
Network

BTS
Control
47

BSS - Base Station Subsystem

BTS - Base
Transceiver Station
BSC - Base Station
Controller

Transmission
Network
interWAVE

COMMUNICATIONS

Radio
Channel

Radio Network management - The

BSCadministratesthecelldescription
data,suchas;

identities and type of cell,

the configuration of frequencies and output
power of the TRXs in the BTSs.

As part of radio management the BSC

sends lists to the MSs, containing
information of what neighboring cells
that the MSs should perform
measurements on.

Radio
Network

BTS
Control
48

BSS - Base Station Subsystem

BTS - Base
Transceiver Station
BSC - Base Station
Controller

Transmission
Network

interWAVE

COMMUNICATIONS

Radio
Channel

BTS Control -
BTS supervision
BTS maintenance
alarms & statistics
software loading
Themessagesconcerningthe
controlaresentonthesignalling
linksbetweentheBSCandthe
BTSs

Radio
Network

BTS
Control
49

BSS - Base Station Subsystem

interWAVE

BTS - Base
Transceiver Station
BSC - Base Station
Controller
OMC-R - Operations
Management Center
- Radio

COMMUNICATIONS

Network Management of the BSS

Graphical User Interface
System initialization
System (re)-configuration
Fault detection and notification
Performance management
Security management
Administration and user services
Software download for upgrades
OMC-R can be on the same
platform as the OMC-S (OSS)

50

Topics

interWAVE

COMMUNICATIONS

Geograhical Network Structures

The Mobile Station
The Base Station Subsystem
Base Transceiver Station
Base Station Controller
The Network Subsystem
Mobile Switching Center
Data Bases
Security Functions
Non-voice Functions
Operation and Maintenance Centers
51

NSS Main Components

interWAVE

COMMUNICATIONS

52

NSS - Network Subsystem

MSC - Mobile
Services Switching
Center

Switches calls between wireless

users and PSTN

Manages subscriber mobility

COMMUNICATIONS

establish, maintain communications link

privacy over the air

Connected to databases in order to

maintain contact with network
subscribers

interWAVE

paging, call setup, supervision

authentication, identification

subscriber data
updating registers

53

Mobile Switching Center

Billing
Functions

BSS

GSM
Applications

Three functional management groups within the MSC:

interWAVE

COMMUNICATIONS

Gateway
Function

PSTN, ISDN, PLMN

Services (v-mail)
Other GSM nodes
HLR
AUC
EIR
IWF
SMS

Connection Management
Mobility Management
BSS Control
54

MS-Management in MSC

Connection
Management

interWAVE

COMMUNICATIONS

Call Control and signalling

Trunk signaling
Short Message Service
Supplementary Service
Echo cancelation
DTMF Tone Generation
Billing Information

55

MS-Management in MSC

interWAVE

Connection
Management
Mobility
Management

COMMUNICATIONS

authentication
ciphering
location update
HLR/VLR

56

MS-Management in MSC

Connection
Management
Mobility Management
BSS Control

interWAVE

COMMUNICATIONS

initiates paging
initiates traffic channel
assignment
responds to handover
requests from BSS
Manages connections to
BSS
PCM trunks to BSS
lookup location area (from
VLR) to serving BSC

57

NSS - Network Subsystem

MSC - Mobile
Services Switching
Center
Databases

interWAVE

COMMUNICATIONS

HLR - Home Location

Register
VLR - Visitor Location
Register

58

NSS Data Bases : HLR

HLR - Home Location Register
Contains data for every mobile subscriber registered in the HLR

Permanent (i.e. subscription options - only changed by service provider)

Temporary (i.e. VLR number the MS is currently registered)

Data is accessed by using the IMSI or the MSISDN.

Stores all mobility data
VLR #, MSC # continually updated as subscriber moves around the
network.
Roaming restrictions indicator (roaming allowed/not allowed) is set in the
HLR depending on location updating info.
Subscriber restrictions defines the area(s) the subscriber has access to (i.e.
all GSM PLMNs, regional restricted).

interWAVE

COMMUNICATIONS

59

NSS Data Bases : VLR

VLR - Visitor Location Register
This is a regional database that is usually placed with an
MSC. This data base stores information about all the
subscribers that are registered (visiting) in that MSC service
area at the moment. The information includes a more
detailed description of which Location area the MS is
located.

interWAVE

COMMUNICATIONS

60

HLR
HLR
Home Location Register (HLR)

VLR
Visiting Location Register (VLR)

(semi-permanent)
Logically one per Mobile Network

(transient)
Usually one per Mobile Switch Center

Contains Permanent Subscriber Data:

Contains temporary Subscriber Data for

mobile stations currently within the VLR
service area:

International mobile station identity

Service subscription information
Service restrictions
Supplementary services
Location information: which MSC is the
subscriber at right now. Allows routing of
calls to the subscriber.
Administration of subscriber configuration

interWAVE

COMMUNICATIONS

Features currently activated

Temporary mobile Subscriber Identity
(TMSI)
Location information (which location
area the subscriber is in)
Allocates MSRNs for Incoming call setup

61

NSS - Network Subsystem

interWAVE

MSC - Mobile
Services Switching
Center
Databases
Security Functions

COMMUNICATIONS

AuC - Authentication Center

EIR - Equipment Identity Register

62

Authentication Center - AuC

interWAVE

COMMUNICATIONS

Database that protects against unauthorized access and protects the

privacy of the users
It maintains the algorithms used for authentication and encryption
keys
Stores the authentication key (Ki) of each subscriber(only changed
by the service provider)
May be integrated with the HLR or standalone
All MSs can be asked to go through an authentication procedure
before they are allowed to do anything in the system. All necessary
means for authentication are found in the SIM-card
Access to this data base is usually restricted !

63

NSS Security : Authentication Parameters

Database
IMSI

Ki

Random number
generation

Network
Ki

MS

=
?
Algorithm A3
Auth. Response
Generation

SRES

Ki

Algorithm A3
Auth. Response
Generation

RAND
RAND

Ki = Mobile Authentication Key (128 bits)

SRES = Signed Response (32 bits long)

RAND = Random Number (128 bits long)

GSM authentication algorithm has two inputs: a random number (RAND) and an individual
subscriber authentiction Ki. The Ki is stored in the SIM of the MS and network and never
transmitted.

interWAVE

COMMUNICATIONS

The results of the algorithm is the SRES and the cipher Kc (for Encryption) . The network starts the
authentication process by sending an Auth. request which includes a RAND value. The MS will
64
return with an Auth. Response which includes SRES, If the SRESs match the network considers the

NSS Security: Encryption

interWAVE

One of the feature of GSM is protection of the user information

against eavesdropping. This is accomplished by ciphering the
information before transmitting it.
The MSC is in control of this process, first by performing
authentication and then selecting encrypted operation which will then
select the cipher mode (A5/1 or A5/0) and starts the ciphering process
to the Mobile Station and BTS through call messaging.

COMMUNICATIONS

65

Encryption
Database
IMSI

Ki

Ki

Algorithm A8
Session Key
Generation

TDMA
frame number

Kc

Random number
generation

A/5
algorithm
RAND

RAND
114 bits plain text
data block

114 bits
cipher block

ciphertext

Ki = Mobile Authentication Key (128 bits)

RAND = Random Number (128 bits)
Kc = Session Key (64 bits)
interWAVE

COMMUNICATIONS

66

NSS Security : EIR

EIR - Equipment Identity Register

This data base stores information about the pieces of

mobile equipment (i.e. the hardware). It can keep track
of information such as stolen equipment, non-type
approved equipment, etc. While the AUC is concerned
with the SIM, the EIR is concerned with the mobile
equipment
White List
IMEI

interWAVE

COMMUNICATIONS

Black List
Barred IMEI

67

NSS - Network Subsystem

MSC - Mobile
Services Switching
Center
Databases
Security Functions
Non-voice Functions

interWAVE

COMMUNICATIONS

SMS Center
Inter Working Function

68

NSS Non-voice Functions

Short Message Service

InterWorking Functions

interWAVE

SMS Center available to deliver alpha/numeric messages

point to point messages, up to 160 characters/message
mobile terminated and originated (two-way messaging)
mobile idle or active
Cell Broadcast capability

COMMUNICATIONS

Rate Adaptation and Access protocol for data services

69

InterWorking Function

PSTN

IWF
16kbps

To BSS

TRAU

64kbps

Modems
MSC
64kbps

interWAVE

COMMUNICATIONS

RA

RLP

synchronous/asynchronous data (300 to 9600 bps)

The BTS will produce data rate of 16kbps
The intermediate data rate is adapted to 64kbps in the Transcoder Rate
Adaption Unit (TRAU)
After switching the 64kbps data rate is adapted (RA) in the IWF to the
rate required by the selected modem
The modem will produce the correct data format for interworking with the
PSTN
The Radio Link Protocol (RLP) is used between the IWF and the MS
when Non transparent services are selected
70

NSS - Network Subsystem

interWAVE

MSC - Mobile
Services Switching
Center
Databases
Security Functions
Non-voice Functions
OMC-S

COMMUNICATIONS

NSS configuration
Fault management
Software version
management
Performance management
Subscriber management

71

OSS - Operations Subsystem

MOM - Manager Of
Managers

interWAVE

COMMUNICATIONS

Operations and
Maintenance Center
management
Subsystem configuration
and management
Performance management
Fault management
Security management

72

MOM
WAN/LAN
Q3

Q3

OMC-R
OMC-R

Q3

OMC-S
OMC-S

BSS

OMC-R
OMC-R

MSC

COMMUNICATIONS

BTS

Billing
System

BTS
BTS
BTS

BSC

BSC

BTS
BTS

interWAVE

OMC-S
OMC-S

MSC
BSC
BSC

BTS
BTS

Q3

BTS
BTS

BTS

73

Functions Supported
Using the system components described previously it is
possible to carry out the following functions:
Location Registration.

The Mobile Stations is capable of monitoring surrounding BTS

broadcasts. When registering the supporting MSC forwards the new location of the Mobile
Station to the HLR. The HLR can then delete the old location information from the previous
VLR/MSC. The Mobile subscription data is downloaded to the new VLR
Mobile Terminated calls. The HLR is used to determine the location of the subscriber. The
call is then routed to the MSC supporting the subscribers. This MSC then pages the MS using
the BSS network

Mobile Originated calls. The supporting MSC is used to route the calls into the fixed
network, after validating the user with the VLR data

Handover of the Mobile station to maintain the connection. When established in a call the
Mobile Station reports signal strength measurements to the BSS. The BSS then determines
when the mobile should be handed over to a new cell. The handover can be performed by the
BSS or MSC

interWAVE

COMMUNICATIONS

74

GSM Nodes : Summary

Mobile Station
Base Station Subsystem

Network Subsystem

interWAVE

COMMUNICATIONS

Base Transceiver Station

Base Station Controller
Mobile Switching Center
Data Bases
Security Functions
OMC-S
Non-voice Functions

Operation and Maintenance Centers

75