Lecture Overview

Data in Wireless Cellular Systems: GSM and GPRS

Security in GSM Security services

access control/authentication SIM (Subscriber Identity Module): secret PIN

(personal identification number) confidentiality

voice and signaling encrypted on the wireless link (after successful authentication)

anonymity temporary identity TMSI

(Temporary Mobile Subscriber Identity) newly assigned at each new location update

(LUP) encrypted transmission

3 algorithms specified in GSM A3 for authentication (“secret”, open

interface) A5 for encryption (standardized) A8 for key generation (“secret”, open

interface)

“secret”:• A3 and A8 available via the Internet• network providers can use stronger mechanisms

GSM - Authentication

A3

RANDKi

128 bit 128 bit

SRES* 32 bit

A3

RAND Ki

128 bit 128 bit

SRES 32 bit

SRES* =? SRES SRES

RAND

SRES32 bit

mobile network SIM

AC

MSC

SIM

Ki: individual subscriber authentication key SRES: signed response

GSM - Key Generation and Encryption

A8

RANDKi

128 bit 128 bit

Kc

64 bit

A8

RAND Ki

128 bit 128 bit

SRES

RAND

encrypteddata

mobile network (BTS) MS with SIM

AC

BTS

SIM

A5

Kc

64 bit

A5MS

data data

cipherkey

GSM: Security equipment identity checking

Equipment Identity Register (EIR) maintains database related to mobile equipment (hardware) identified by International Mobile Equipment Identity (IMEI)

IMEI consists of Type Approval Code (granted when mobile station type passes type approval testing to ensure mobile station behaves properly), Final Assembly Code (indicating manufacturing plant), and the equipment serial number

EIR stores three lists of IMEIs white list contains ranges of IMEIs of type approved

mobile stations black list contains IMEIs which are stolen or

malfunctioning, and are subsequently barred gray list contains IMEIs which should be supervised

for possible malfunctions

GSM Voice and Data Architecture: Note here PSTN should be connected to SS7 network not directly connected to MSC/VLR

Data Services in GSM

Data transmission standardized with only 9.6 kbit/s

advanced coding allows 14.4 kbit/s not enough for Internet and multimedia

applications HSCSD (High-Speed Circuit Switched Data)

already standardized bundling of several time-slots to get higher AIUR

(Air Interface User Rate)(e.g., 57.6 kbit/s using 4 slots, 14.4 each)

advantage: ready to use, constant quality, simple

disadvantage: channels blocked for voice transmission

GSM Data Properties Circuit-switched operation

uplink and downlink channels allocated for a user for entire call period

busy user uses only one direction of link (typically), so 50% of resources are wasted

user pays for the connection time, not for the amount of data

bad connections - more retransmissions - make more money for operator

pay even if no data is transmitted connection establishment time: 20-25

seconds bad for short-lived transactions

capacity: 9.6 kbps (channel coding designed for worst-case radio situation)

connections: to any modem service in PSTN

GSM Data Properties: Evaluation

Circuit-switched data is good for cases when continuous data flow is needed/required

Billing is based on time, not amount of data Limited number of mobiles can be supported

per carrier (8 channels) Circuit-switched data is not optimal for

packet-based protocols such as IP bursty traffic unbalanced traffic (using mainly one channel

direction) Packet switched service is needed for GSM GPRS standardization was started

GPRS

General Packet Radio Service GPRS, 2.5

generation wireless systems

GPRS architecture stands for General Packet Radio Service. GPRS is packet switched network

developed as the extension of the GSM network.

MS, BSS, MSC/VLR and HLR in the GSM network are modified for GPRS (e.g. HLR is enhanced with GPRS subscriber info.)

one step ahead of HSCSD (High Speed Circuit Switched Data), and a step towards third-generation (3G) networks.

GPRS GPRS is a packet-switching technology for GSM

networks. Information sent on a GPRS network is split into separate "packets" before it is transmitted and reassembled at the receiving end.

One of the advantages of GPRS is its ability to provide instant connection where information can be sent and received immediately. Unlike the current GSM network where you have to "dial up" and wait for a connection to be established, GPRS allows users to be "always connected" to the network.

GPRS Cont Theoretically, a GPRS connection can

provide a data transmission speed of up to 171.2Kbps (approximately three times that of a fixed-line 56K dial-up) if all eight time slots are used.

GPRS's rival, HSCSD, can achieve up to 57.6Kbps.

it is unlikely that network operators will let a single user use up all the time slots (8 x 21.4 Kbps)

A comparison of data transfer speed (in Kbps)

56K dial up

GSM HSCSD (max speed)

GPRS (Max speed)

GPRS (Realistic speed)

56 9.6 56K 171. 2 43 to 56

What GPRS can do for you? GPRS allows you to have an "always on"

connection to the network. Anyone who needs wireless mobile data

access will benefit from GPRS With GPRS, you can access your email, browse

the Internet, transfer/share documents, and

remotely access your office's Local Area (LAN). Even home automation is possible when

household appliances are equipped with Internet Protocol (IP)!

Modem Modem

Email Server

Auth. Server

InternetGSM PSTN

User

Email via GSM

Email via GPRSEmail Server

GPRS

User

Auth. Server

Internet

Authenticated path to Email server

Virtual GPRS Data Tunnel

Architecture - GSM with GPRS

SGSNSGSN

GPRS GPRS RegisterRegisterH/VLRH/VLR

GGSNGGSN

SGSNSGSN

MSCMSC

BTSBTS BSCBSC

GMSCGMSC

Peer Elements

CircuitCircuitSwitchedSwitchedTrafficTraffic

PacketPacketTrafficTraffic

HLR/AUCHLR/AUCGPRSGPRS

RegisterRegister

A-bis

PCUPCUGb

Gi

Gn

MAP

MAP‘A’

GGSNGGSN

PSTNPSTN

Public Public Switched Switched

Packet NetworkPacket Network

GPRS Architecture Elements

E- Commerce Over GPRS

Corporate / OperatorApplications

VPNe-mailCost controlIntranet

Dual-slot mobile phones(SIM Toolkit)

Retailers

Loyalty CardsBankingShoppingPromotions

Financial / Banking

FinanceBankingOn-line transactionsClearing House

Certificate Authority

MerchantTransactions

MobileTransactions

Application Providers

ContentNewsWeatherSport

GPRS Charging Requirements

Serving GPRSSupport Node(SGSN)

BSCBTSUm

GPRSbackbonenetwork

(IP based)

Charging Gateway (CG)

dataflowdataflow

charginginfo flowcharginginfo flow

Billing System

Gateway GPRSSupport Node(GGSN) Gi

Gn

Gb

Single access point to the billing systemPre-processing charging data to reduce the load on the network billing system Future-proof for hot-billing and pre-paid Reliable storage for CDRsEasy charging data error detection

GPRS Architecture: Services

Packet-based access to data networks Internet (IPv4, IPv6) X.25 Private/public networks

Fast carrier of SMSs Security (operator, user, identity,

data) Mobility management

GPRS Architecture and Interfaces

MS BSS GGSNSGSN

MSC

Um

EIR

HLR/GR

VLR

PDN

Gb Gn Gi

SGSN

Gn

GPRS Protocol Stack

apps.

IP/X.25

LLC

GTP

MAC

radio

MAC

radioFR

RLC BSSGP

IP/X.25

FR

Um Gb Gn

L1/L2 L1/L2

MS BSS SGSN GGSN

UDP/TCP

Gi

SNDCP

RLC BSSGP IP IP

LLC UDP/TCP

SNDCP GTP

SNDCP: SUBNETWORK DEPENDENT CONVERGENCE PROTOCOL LLC: LOGICAL LINK PROTOCOL

RLC:RADIO LINK CONTROL BSSGP: BSS GPRS PROTOCOL FR:FRAME RELAY GTP: GPRS TUNNELING PROTOCOL

GPRS Radio Link Protocols:FYI

GPRS Radio Interface

Logical channels: packet common control channels (PCCCH)

packet random access channel (PRACH) packet paging channel (PAGCH) packet access grant channel (PAGCH) packet notification channel (PNCH)

packet broadcast control channel (PBCCH) packet data traffic channel (PDTCH)

data rates 9.05 to 21.4 kbps, depending on channel coding

packet associated control channel (PACCH) Physical channels:

PDTCH is mapped to one physical channel dynamic or permanent channel allocation for GPRS

possible if no PCCCH possible, MSs park on CCCH (common

control channel)

Logical Channels in GPRS

Logical Channels in GPRS … Cont Uplink

channel allocation (one or two steps)

GPRS: New Radio Interfaces

GPRS can use various radio interfaces: DECT, EDGE, UMTS, IEEE 802.11, IrDA (infrared)

Radio should: operate using packet mode provide identifier of the downlink packets provide reasonable residual error rates

Wish list for radio services: fast channel allocation and release battery saving mechanism (sleep mode) adaptive coding (depending on radio quality) just one (efficient) paging channel that can be

listened to also when transferring data

GPRS Evolution GPRS is standardized in SMG (Specilized

Mobile Group) in ETSI (see also http://www.etsi.fr, http://www.wapinsight.com/what_is_gprs.htm

Standard was approved March/June 1998 changes are still expected

Some issues delayed for later consideration testing (type approval), charging, ….

GPRS phase 1: Release 97 basic set of GPRS functionality optional features

2G → 3G Evolution & Convergence

IMT DSIMT DS

GPRSGPRS EDGEEDGEGSMGSM

cdmaOnecdmaOne 1xRTT1xRTT

1xEV1xEV

cdma2000

IS41 Core NetworkIS41 Core Network

GSM MAPGSM MAP

Core NetworkCore Network

IMT MCIMT MC

W-CDMAC-EDGEC-EDGETDMATDMA

Hig

h-P

acket T

ech

nolo

gy

IP C

ore

Netw

ork

20042001

Benefits of Globally Harmonized 3G Networks Increased 3G penetration and usage Manufacturers’ development costs spread out

across a larger installed base Ability for customers to roam with their services

across regions, countries and systems Increased ability of the Information Technology,

Internet and Personal Computer industries to provide mobile applications, solutions and subscriber devices

Smooth and compatible evolution path from existing 2G infrastructures

UMTS and IMT-2000

Proposals for IMT-2000 (International Mobile Telecommunications)UWC-136, cdma2000, WP-CDMA, TD-SCDMA

UMTS (Universal Mobile Telecommunications System) from ETSI

Communication Anywhere-Anytime-Anytype

IMT-2000 Vision

The ITU has set down the minimum requirements to be an IMT-2000 system. We're talking about 144 Kb/s in your macrocells. A macrocell can be

anything up to 10 kilometers, and that would be your vehicular speeds.

If you are in a pedestrian environment, then you can get up to 384 Kb/s and again we're shrinking the cell to enable us to get up to those higher data rates, something less than 300 meters.

If you want to get up to 2 Mb/s, you need to shrink the cell, even though seeming to be very, very close to the cell to enable those higher data rates. And so here we're talking about very small cells, picocells, very, very close. Your use is going to be very, very close to the base station to enable those data rates.

Cellular/PCS Data Speed Evolution (to IMT-2000)

Low Speed Data Medium Speed Data High Speed Data

8Kbps ~ 14.4Kbps 32Kbps ~ 64Kbps 144Kbps ~ 384Kbps

Text data, Graphic

Remote Login, E-mail, Text modeInternet

Graphic, Image

Internet, Internet VOD

Image,Video

Multimedia,VOD,

Now ~ 1999 ~2000 (IMT-2000)

will reach to the IMT-2000 grade, Data Service Applications will be completely matured be- fore the Commercial Deployment of the IMT-2000 system.

IMT-2000 Vision

• High-speed Internet

• M-commerce

• Video-phone & multimedia

UMTS

UMTSUTRA (was: UMTS, now: Universal Terrestrial Radio Access)

enhancements of GSM EDGE (Enhanced Data rates for GSM Evolution): GSM up to 384 kbit/s CAMEL (Customized Application for Mobile Enhanced Logic) VHE (virtual Home Environment)

fits into GMM (Global Multimedia Mobility) initiative from ETSI

requirements min. 144 kbit/s rural (goal: 384 kbit/s) min. 384 kbit/s suburban (goal: 512 kbit/s) up to 2 Mbit/s urban

Licensing Example: UMTS in Germany, 18. August 2000

Sum:

50.81 b

illion €

UTRA-FDD: Uplink 1920-1980 MHz Downlink 2110-2170 MHz duplex spacing 190 MHz 12 channels, each 5 MHz

UTRA-TDD: 1900-1920 MHz, 2010-2025 MHz; 5 MHz channels

Coverage: 25% of the population until 12/2003, 50% until 12/2005

types of trafficConversational class (voice, video telephony, video

gaming)

Streaming class (multimedia, video on demand, webcast)

Interactive class (web browsing, network gaming, database access)

Background class (email, SMS, downloading)

UMTS Architecture

service objectives

support Universal Personal Telecommunications (UPT), fixed network service for personal mobility, allowing registration and

deregistration at any terminal support wide range of terminal type broad range of customizable telecommunication services

up to 2 Mbps operation in, and roaming between, different operating

environments - sparse, rural, suburban, urban

– indoor/outdoor– residential/business– pedestrian/vehicular

service objectives (2)

Combine range of existing wireless systems (cellular, cordless, mobile data, paging) to share infrastructure costs and harmonize services

Allow flexible and rapid creation of new services

Efficient usage of spectrum resources

Three major 3G terrestrial Standardcdma2000 A Wideband CDMA technology backward

compatible with cdmaOne (IS-95 based) systemsW-CDMA A Wideband CDMA Technology backward compatible

with GSMUWC-136 A Wideband TDMA technology backward compatible

with IS-54 /IS-136

Key Technology concept in 3G(1)

Broadband: Generally, compares bandwidth relative to narrowband or wideband. For example, video is considered to be broadband relative to voice . In telecommunications transmission systems, any transmission system that operates at rates greater than the primary rate of 1.5 Mb/s in the U.S. or 2.0 Mb/s internationally. (However, many consider 1.5-45 Mb/s to be wideband, and consider broadband as being 45 Mb/s and greater.)

Key Technology concept in 3G(2)

Packet Vs CirsuitA packet mode is when I share my RF resource as opposed to

a circuit-switched mode, which is one that's dedicated to me A block or grouping of data (PDU) usually defined at Layer 3

that is treated as a single unit within a communication network. Normally ranges from 10 bytes to several thousand bytes in size, and contains a header with certain control information. Connectionless protocols (such as IP) generally refer to packets as datagrams. The header of the datagram will contain the address of the desired destination.

In connection-oriented protocols (such as X.25), information is switched to the proper destination. In order to uniquely associate the transmitted information with the appropriate virtual connection, the header of each packet contains a unique (to that physical interface) virtual connection identifier.

Circuit and Packet Mode

a circuit mode access and a packet mode access. In a circuit mode, for example in a voice call, I have a dedicated channel

for the duration of my call. When sending data in a circuit mode connection, data can be sent whenever we want. Because that channel is dedicated to us, no one else is using it. So we do not need approval to transmit data.

Compare that now with a packet mode. A packet mode is when we are sharing our RF resource; sharing a channel. So we're going to take turns in using the channel. If we're in a shared environment and we're taking turns, we need something to tell us when it's our turn: When is it your turn, when is it my turn, to use our shared channel? And for that we're going to use the MAC protocol. The Medium Access Control protocol is going to say, "It's your turn to use it. Now you stop; now it's my turn to use it." And this is what's new when we start looking at 3G.

So when we talk about cdma2000 and UWC-136, we're talking about a packet mode introducing the MAC protocol. We also talk about that in W-CDMA; but notice that part of GPRS in GSM—GPRS is also a packet mode of operation and also includes the MAC protocol.

UMTS Interacting Domain

A UMTS network consist of three interacting domains:Core Network CN:The main function of the core network is to provide switching,

routing and transit for user traffic. Core network also contains the databases and network management functions.

UMTS Terrestrial Radio Access Network (UTRAN) and User Equipment (UE).

UMTS Architecture

UMTS Architecture

The basic Core Network architecture for UMTS is based on GSM network with GPRS

The UTRAN provides the air interface access method for User Equipment.

Base Station is referred as Node-B and control equipment for Node-B's is called Radio Network Controller (RNC).

System Areas

UMTS systems (including satellite)

Public Land Mobile Network (PLMN)

MSC/VLR or SGSN

Location Area

Routing Area (PS domain) UTRAN Registration Area (PS domain) Cell

Sub cell

Core Network The Core Network is divided in circuit switched and packet

switched domains.Circuit switched elements are Mobile services Switching Centre (MSC), Visitor

location register (VLR), and Gateway MSC packet switched elements are Serving GPRS Support Node (SGSN) and Gateway

GPRS Support Node (GGSN). Some network elements, like EIR HLR and AUC, are shared by both domains.

The Asynchronous Transfer Mode (ATM) is defined for UMTS core transmission. ATM Adaptation Layer type 2 (AAL2) handles circuit switched connection and packet connection protocol AAL5 is designed for data delivery.

The architecture of the Core Network may change when new services and features are introduced. Number Portability DataBase (NPDB) will be used to enable user to change the network while keeping their old phone number. Gateway Location Register (GLR) may be used to optimize the subscriber handling between network boundaries. MSC, VLR and SGSN can merge to become a UMTS MSC.

Radio Access

Wide band CDMA technology was selected to for UTRAN air interface WCDMA has two basic modes of operation: Frequency Division Duplex (FDD) and Time Division Duplex (TDD)

The functions of Node-B (Base Station) are:Air interface Transmission / ReceptionModulation / DemodulationCDMA Physical Channel codingError HandingClosed loop power control

The functions of RNC are

Admission control

Congestion control

System information broadcasting

Radio channel encryption

Handover

Radio network configuration

Channel quality measurements

Radio carrier control

Radio resource control

Data transmission over the radio interface

Outer loop power control (FDD and TDD)

Channel coding

Access control

User Equipment

The UMTS standard does not restrict functionality of the UE in any way UMTS identity types are taken directly from GSM specifications

International Mobile Subscriber Identity (IMSI)Temporary Mobile Subscriber Identity (TMSI)Packet Temporary Mobile Subscriber Identity (P-TMSI)Temporary Logical Link Identity (TLLI)Mobile station ISDN (MSISDN)International Mobile Station Equipment Identity (IMEI)International Mobile Station Equipment Identity and Software Number (IMEISV

3G and LAN Data Speed

UMTS Services

UMTS offers teleservices (like speech or SMS) and bearer services, which provide the capability for information transfer between access points. It is possible to negotiate and renegotiate the characteristics of a bearer service at session or connection establishment and during ongoing session or connection. Both connection oriented and connectionless services are offered for Point-to-Point and Point-to-Multipoint communication

Offered data rate targets are:144 kbits/s satellite and rural outdoor

384 kbits/s urban outdoor

2048 kbits/s indoor and low range outdoor.

UTRAN architecture

UTRAN comprises several RNSs

Node B can support FDD or TDD or both

RNC is responsible for handover decisions requiring signalingto the UE

Cell offers FDD or TDD

RNC: Radio Network Controller

RNS: Radio Network SubsystemNode B

Node B

RNC

Iub

Node B

UE1

RNS

CN

Node B

Node B

RNC

Iub

Node B

RNS

Iur

Node B

UE2

UE3

Iu

Core network: protocols

MSC

RNS

SGSN GGSN

GMSC

HLR

VLR

RNS

Layer 1: PDH, SDH, SONET

Layer 2: ATM

Layer 3: IPGPRS backbone (IP)

SS 7

GSM-CSbackbone

PSTN/ISDN

PDN (X.25),Internet (IP)

UTRAN CN

Core network: architecture

BTS

Node B

BSC

Abis

BTS

BSS

MSC

Node B

Node B

RNC

Iub

Node BRNS

Node BSGSN GGSN

GMSC

HLR

VLR

IuPS

IuCS

Iu

CN

EIR

GnGi

PSTN

AuC

GR

Core network

The Core Network (CN) and thus the Interface Iu, are separated into two logical domains:

Circuit Switched Domain (CSD)Circuit switched service incl. signaling

Resource reservation at connection setup

GSM components (MSC, GMSC, VLR)

IuCS

Packet Switched Domain (PSD)GPRS components (SGSN, GGSN)

IuPS

Release 99 uses the GSM/GPRS network and adds a new radio access!Helps to save a lot of money …

Much faster deployment

Not as flexible as newer releases (5, 6)

UMTS protocol stacks

apps. &protocols

MAC

radio

MAC

radio

RLC SAR

UuIuCSUE UTRAN 3G

MSC

RLC

AAL2

ATM

AAL2

ATM

SAR

apps. &protocols

MAC

radio

MAC

radio

PDCP GTP

Uu IuPSUE UTRAN 3GSGSN

RLC

AAL5

ATM

AAL5

ATM

UDP/IP

PDCP

RLC UDP/IP UDP/IP

Gn

GTP GTP

L2

L1

UDP/IP

L2

L1

GTP

3GGGSN

IP, PPP,…

IP, PPP,…

IP tunnel

Circuitswitched

Packetswitched

UMTS services (originally)

Data transmission service profiles

Virtual Home Environment (VHE)Enables access to personalized data independent of location, access

network, and device

Network operators may offer new services without changing the network

Service providers may offer services based on components which allow the automatic adaptation to new networks and devices

Integration of existing IN services

Circuit switched16 kbit/sVoice

SMS, E-MailPacket switched14.4 kbit/sSimple Messaging

Circuit switched14.4 kbit/sSwitched Data

asymmetrical, MM, downloadsCircuit switched384 kbit/sMedium MM

Low coverage, max. 6 km/hPacket switched2 Mbit/sHigh MM

Bidirectional, video telephoneCircuit switched128 kbit/sHigh Interactive MM

Transport modeBandwidthService Profile