GSM, HSCSD,GPRS
-
Upload
emna-hachicha -
Category
Documents
-
view
250 -
download
0
Transcript of GSM, HSCSD,GPRS
-
7/30/2019 GSM, HSCSD,GPRS
1/33
GSM (Global System for Mobile
Communications) andExtensions
Mobile Communication and Mobile Computing
Prof. Dr. Alexander Schill
http://www.rn.inf.tu-dresden.de
Department of Computer Science Institute for System Architecture, Chair for Computer Networks
http://www.rn.inf.tu-dresden.de/http://www.rn.inf.tu-dresden.de/http://www.rn.inf.tu-dresden.de/http://www.rn.inf.tu-dresden.de/ -
7/30/2019 GSM, HSCSD,GPRS
2/33
GSM: Properties
cellular radio network (2nd Generation)
digital transmission, integrated data communication
roaming (mobility between different network operators)
good transmission quality (error detection and -
correction) scalable (large number of participants possible)
security mechanisms (authentication, authorization,encryption)
good resource use (frequency and time division
multiplex)
integration with fixed telephone network
standard (ETSI, European Telecommunications
Standards Institute) 2
-
7/30/2019 GSM, HSCSD,GPRS
3/33
GSM: Structure
3
AuC Authentication CenterBSS Base Station SubsystemBSC Base Station ControllerBTS Base Transceiver Station
EIR Equipment Identity Register
HLR Home Location Register
Fixednetwork Switching Subsystems
VLR
Radio Subsystems
HLR AuC EIR
(G)MSC
OMC
BTS
BTSBSC
BSS
MS
MS
Network Management
Call Management
Datanetworks
PSTN
MS
MS Mobile Station(G)SMC (Gateway) Mobile Switching CenterOMC Operation and Maintenance CenterPSTN Public Switched Telephone NetworkVLR Visitor Location Register
-
7/30/2019 GSM, HSCSD,GPRS
4/33
GSM: Structure
Operation and Maintenance Center (OMC)
logical, central structure with HLR, AuC und EIR
Authentication Center (AuC)
authentication, storage of symmetrical keys, generationof encryption keys
Equipment Identity Register (EIR) storage of device attributes of allowed, faulty and blocked
devices (white, gray, black list)
Mobile Switching Center (MSC)
networking center, partially with gateways to other
networks, assigned to one VLR each Base Station Subsystem (BSS): technical radio center
Base Station Controller (BSC): control center
Base Transceiver Station (BTS): radio tower / antenna
4
-
7/30/2019 GSM, HSCSD,GPRS
5/33
GSM: Protocols, incoming call
5
VLR
BSS
BSS MSC GMSC
HLRBSS
BSS
(4)
(2)(4)
(5)
(3)
(10)
(6)
(11)
(7)(8)
(8)
(9)
(12)
(8)
(1)
(12)
(9)
(8)PSTN/ISDN
(1) Call from fixed network was switched via GMSC(2) GMSC finds out HLR from phone number
(3) HLR checks whether participant is authorized for correspondingservice and asks for MSRN at the responsible VLR
(4) MSRN will be returned to GMSC,
can now contact responsible MSC
-
7/30/2019 GSM, HSCSD,GPRS
6/33
GSM: Protocols, incoming call
6
VLR
BSS
BSS MSC GMSC
HLRBSS
BSS
(4)
(2)(4)
(5)
(3)
(10)
(6)
(11)
(7)(8)
(12)
(1)
(12)
(9)
(8)PSTN/ISDN
(5) GMSC transmits call to current MSC
(6) Ask for the state of the mobile station
(7) Information whether end terminal is active
(8) Call to all cells of the Location Area (LA)
(9) Answer from end terminal
(10 - 12) Security check and connection setup
(8)
(9)
(8)
-
7/30/2019 GSM, HSCSD,GPRS
7/33
GSM: Protocols, outgoing call
7
(1) Connectionrequest (viarandomaccesschannel,possiblecollisionhandling)
(2) TransferbyBSS
(3-4) Authorizationcontrol
(5) Switchingofthecallrequesttofixednetwork
-
7/30/2019 GSM, HSCSD,GPRS
8/33
Radio structure
8
1 TDMA-Slot, 144 Bit in 4,615 ms
8 TDMA-channels, together 271 kBit/s includingerror protection information
124 radio frequency channels (carrier), each 200 kHz
2 frequency bands, each 25 MHz, divided into radio cells
890
935
915 MHz
960 MHz
downlink
uplink
One or several carrier frequencies per BSC
Physical channels defined by number and position of time slots
-
7/30/2019 GSM, HSCSD,GPRS
9/33
GSM: channel structure
Traffic Channel
Full-rate codec (13 kbit/s; differential encoding)
Half-rate codec: more efficient speech encoding at 7kbit/s (two phone calls per time slot can be encoded)
Paging Channel
Signalize incoming calls (BSC to MS)
(Broadcast) Control Channel
Allocation of identity, frequency order etc. (BSC to MS)
Monitoring of BSCs for recognition of handover
Random Access Channel
Control of channel entry with Aloha-procedure forcollision handling between competing participants(MS to BSC)
9
-
7/30/2019 GSM, HSCSD,GPRS
10/33
Databases
Home Location Register (HLR), stores data of participantswhich are registered in an HLR-area
Semi-permanent data: Call number (Mobile Subscriber International ISDN Number) - MSISDN,
e.g. +49/171/333 4444 (country, network, number)
Identity (International Mobile Subscriber Identity) - IMSI: MCC = Mobile
Country Code (262 for .de) + MNC = Mobile Network Code (01-T-Mobile,02-Vodafone, 03-eplus, 07-O2) + MSIN = Mobile Subscriber IdentificationNumber
Personal data (name, address, mode of payment)
Service profile (call transfer, roaming-limits etc.)
Temporary data:
MSRN (Mobile Subscriber Roaming Number) (country, network, MSC)
VLR-address, MSC-address
Authentication Sets of AuC (RAND (128 Bit), SRES (128 Bit), KC (64Bit))
Billing data
10
-
7/30/2019 GSM, HSCSD,GPRS
11/33
Databases
Visitor Location Register (VLR)
local database of each MSC with following data:
IMSI, MSISDN
Service profile
Billing and accounting information
TMSI (Temporary Mobile Subscriber Identity) -pseudonym for data security
MSRN
LAI (Location Area Identity)
MSC-address, HLR-address
11
-
7/30/2019 GSM, HSCSD,GPRS
12/33
Location Area: Concept
12
MSC-area
HLR
VLR
Location
areaadvantage of the architecture:Location Update in case of limited
mobility only at VLR, rarely at(perhaps very remote) HLR
-
7/30/2019 GSM, HSCSD,GPRS
13/33
Localization with GSM
13
participant callnumber in HLR
country code
Networkprovider
Internal area
+49 (0)177-26 32311
LA 5
LA 3 LA 2
LA 3
0x62F220 01E5e.g.
VLR 10 VLR 9
IMSI LA 2
HLR 1
32311 VLR 9 IMSI
-
7/30/2019 GSM, HSCSD,GPRS
14/33
Data transmission
Each GSM-channel configurable as data channel
Kinds of channels: non-transparent (repeat of faulty data frames; very low error
rate, but also very low throughput below 10 kbit/s) transparent (only very simple forward error correction;
slightly higher data rate; error rate 10-3 up to 10-4) in practice, only faster extensions like GPRS, UMTS and LTE
are used (explained later) Speech channels have higher priority than data channels
Short-Message-Service (SMS) connectionless transmission (up to 160 Byte) on signaling
channel
Cell Broadcast (CB) connectionless transmission (up to 80 Byte) on signaling
channel to all participants in one cell or location area, e.g. forlocation based services; further refinement: triangulation-based location check like in global positioning system (GPS)
14
-
7/30/2019 GSM, HSCSD,GPRS
15/33
Data transmission - structure
15
MSCBSC
BTS
IWF
Modem
PSTN
Internet
Modem
TA
ISDN
IWF - Inter Working Function
TA - Terminal Adapter
-
7/30/2019 GSM, HSCSD,GPRS
16/33
Security aspects:Subscriber Identity Module (SIM)
Chip-card (Smart Cart) to personalize a mobile subscriber(MS):
IMSI (International Mobile Subscriber Identity)
symmetric key Ki of participant, stored also at AuC
algorithm A3 for Challenge-Response-Authentication algorithm A8 for key generation of Kc for content data
algorithm A5 for encryption
PIN (Personal Identification Number) for access control
Temporary data:
TMSI (Temporary Mobile Subscriber Identity) -pseudonym
LAI (Location Area Identification)
Encryption key Kc
16
-
7/30/2019 GSM, HSCSD,GPRS
17/33
Security aspects: Authentication
17
MSC, VLR, AuCMS
Authentication Request
RAND (128 Bit)
Random numbergenerator
A3
SRES
SRES (Signed Response; 32 Bit)
A3
Authentication Response=
Location Registration
Location Update with VLR-change
Call setup (in both directions)
SMS (Short Message Service)
128 Bit
iK
iK
-
7/30/2019 GSM, HSCSD,GPRS
18/33
Security aspects: Session Key
18
Network
MS
Authentication Request
RAND (128 Bit)
A8
A8
64 Bit or 128Bit
c
K Keygeneration:AlgorithmA8
StoredonSIMandinAuC onewayfunctionparameterizedwithKi
noglobalstandard,candifferbetweencountries
canbedeterminedbynetworkoperator
Interfacesarestandardized
iK
Random numbergenerator
cK
iK
-
7/30/2019 GSM, HSCSD,GPRS
19/33
-
7/30/2019 GSM, HSCSD,GPRS
20/33
GSM-Security: assessment
low key length Ki with max. 128 Bit (could be hacked by
using Brute Force Attack in less than an hour using aregular computers as documented recently again)
key generation and -administration not controlled by theparticipants (symmetric: network operator knows allkeys)
cryptographic methods secret, so they were not wellexamined (but A5/3 and other enhancements open now)
no mutual authentication; attacker can pretend a GSM-Net
no end-to-end encryption or end-to-end authentication
20
-
7/30/2019 GSM, HSCSD,GPRS
21/33
HSCSD: High Speed Circuit Switched Data
GSM extension for higher data rates
parallel usage of several time slots (TS) of one frequencyon Um (air interface)
channel bundling with asymmetric transmission
(1 TS Uplink / 3 TS or 4 TS Downlink)
Data rates up to 4 * 14,4 kbit/s = 57,6 kbit/s
(theoretically 8 time slots, but limited bundling inpractice)
21
-
7/30/2019 GSM, HSCSD,GPRS
22/33
HSCSD: structure
22
BTS
IWF - Inter Working Function
TA - Terminal Adapter
n time slots of eachTDMA frame
(theoretically max. 8)
MSCBSC IWF
Modem
PSTN
Internet
Modem
TA
ISDN
-
7/30/2019 GSM, HSCSD,GPRS
23/33
HSCSD: changes
23
Um Abis A
MSCBSCBTS
n time slots ofeach TDMA frame
(theoretically max. 8)
certain changes are necessary at the component
several changes of the software/firmware
minimal changes of the software/firmware
multiplex of the timeslots on each 64 kBit/s
channel
-
7/30/2019 GSM, HSCSD,GPRS
24/33
HSCSD radio interface
parallel usage of several time slots limited to onefrequency, in half-duplex mode due to technicallimitations of the end devices
Cost factor limits number of used TS to (2+2) or (1+3,uplink, downlink); (1+4) with improved timing
24
Required time for setting toreceiving mode
7654321076543210
4321076543210765
Required time for setting to
transmission mode
Required time for signal strength measure and setting toreceiving mode
MS RECEIVE
MS TRANSMIT
MSMONITOR
-
7/30/2019 GSM, HSCSD,GPRS
25/33
Assessment of HSCSD
+ existing network structure and accounting model
maintained; only small changes were necessary+ HSCSD is still circuit switched
+ has defined QoS-settings (data rate, delay)
one logical channel will be established on all interfacesfor the time of the connection (inefficient)
badly suited for burst-like traffic (Internet) or Flat Ratebilling (Logistics)
Only limited international acceptance (Roaming!)
also uses more resources on the radio interface
problems with handover into a new cell
25
-
7/30/2019 GSM, HSCSD,GPRS
26/33
GPRS: General Packet Radio Service
GSM extension based on packet switching service
(end-to-end) and channel bundling based on multipletime slots
Data rates up to 171,2 kbit/s (theoretical) in practicehowever similar to HSCSD
Effective and flexible administration of the radiointerface; adaptive channel encoding
Internetworking with IP networks standardized
Dynamic sharing of resources with classical GSM
speech services
Advantage: Billing and Accounting according to datavolume
26
-
7/30/2019 GSM, HSCSD,GPRS
27/33
GPRS: Structure
27
MSCBSC
BTSInternet
HLR
GSM
GPRS BackboneFrame Relay / ATM
GGSN
GGSNSGSN
BorderGateway
GPRS Netsother
operators
other packetswitchingnetworks
SGSN - Serving GPRS Support Node
GGSN - Gateway GPRS Support Node
signalization data
user data
-
7/30/2019 GSM, HSCSD,GPRS
28/33
GPRS: Changes
28
GMSC
Circuit switched traffic
HLR/AuCGPRS register
MAP
MAPA
GGSN
Abis
Gb
GnGi
other packetswitchednetworks
publicfixed networks
Packet switchedtraffic
Gs
Um
n time slots (TS) perTDMA frame
(theoretically max. 8)per packet!
modified network components
new components or extensively modified components
Existing components
PCU - Packet Control Unit
SGSN
MSC
BSCBTS
PCU
-
7/30/2019 GSM, HSCSD,GPRS
29/33
MAPSignalization(SGSN)
MAPSignalization
(GGSN)
Tasks: SGSN, GGSN
29
SGSN:
- packet delivery- mobility management- session management- QoS- Security- Billing
External Data Domain
Intranet
SGSN
HLR
Internet
BSSPCU
BSSPCU
BSSPCU
Client
GGSN
Client
Server
SGSN, GGSN:- Routing and Signalization- Mapping to PDP (Packet Data Protocol)- Address conversion (IP to GSM)- Resource management
SGSN
-
7/30/2019 GSM, HSCSD,GPRS
30/33
Quality of Service
QoS profile agrees service parameters inside the whole
network for the duration of PDP (Packet Data Protocol)context (session):
temporary address (IP) for mobile station
tunneling information, among others GGSN, which is used foraccess to corresponding packet switched network
type of the connection
QoS profile
QoS profile commits:
precedence class, priority against other services (high,normal, low)
packet delay class, times valid for traffic inside the GPRSnetwork
reliability class
peak throughput class
mean throughput class30
-
7/30/2019 GSM, HSCSD,GPRS
31/33
Quality of Service: Examples
31
Packetdelayclasses
Errorclasses
GPRSdatarates
(only CS-1 and CS-2 comprise reasonable error correction
and are relevant in practice)
Coding # of timeslotsScheme 1 2 3 4 5 6 7 8
CS-1 9,05 18,1 27,15 36,2 45,25 54,3 63,35 72,4
CS-2 13,4 26,8 40,2 53,6 67 80,4 93,8 107,2
CS-3 15,6 31,2 46,8 62,4 78 93,6 109,2 124,8
CS-4 21,4 42,8 64,2 85,6 107 128,4 149,8 171,2
Probability forClass Lost packet Duplicated p. Out of Sequence p. Corrupted p.
1 10-9 10-9 10-9 10-9
2 10-4 10-5 10-5 10-6
3 10-2 10-5 10-5 10-2
Size: 128 octets Size: 1024 octets
Class Mean Delay 95% Delay Mean Delay 95% Delay1 (predicitive) < 0,5 s < 1,5 s < 2 s < 7 s
2 (predicitive) < 5 s < 25 s < 15 s < 75 s
3 (predicitive) < 50 s < 250 s < 75 s < 375 s
4 (best effort) Best effort
-
7/30/2019 GSM, HSCSD,GPRS
32/33
Assessment of GPRS
+ An up to four times higher data rate in comparison to
ordinary GSM data services
+ better resource management through packet switchedservice
+ always on data service (email, etc.)
+ GPRS is a more suitable carrier for the mobile Internet
- IP-derivate, no true service guarantees (QoS)
- GPRS does not provide the data rates that advertisinghas sometimes promised, therefore most operators
migrated to UMTS and LTE where possible, e.g. in urbanareas
32
-
7/30/2019 GSM, HSCSD,GPRS
33/33
Some further readings
ETSI standards (GSM etc.) in general:
www.etsi.org
GSM, HSCSD, GPRS: good overviews onwww.wikipedia.org
GPRS tutorial:
www.telecomspace.com/datatech-gprs.html SMS tutorial:
www.developershome.com/sms/
33