1 | 52 communication systems 12 th lecture chair of communication systems department of applied...
Post on 18-Dec-2015
215 views
TRANSCRIPT
1 | 52
Communication Systems12th lecture
Chair of Communication SystemsDepartment of Applied Sciences
University of Freiburg2008
2 | 52
Communication SystemsLast lecture – GSM, BSS, SIM
Last call: End of registration period for the exam in Communication Systems is the 27th June both for Master and Bachelor studentsType of exam for Masters depends on the number of students (by now we expext around 15 participants)
Master most probably will be oral exam (of 30 minutes) Bachelor is oral exam
6th exercise sheet was handed out at the practical course on Tuesday, please fetch one here or get it from the lectures home page (due for the 4th July)
3 | 52
Communication SystemsLast lecture – GSM, BSS, SIM
GSM – Global System for Mobile communication is a worldwide standard
GSM introduces a park of abbreviations :-)
Defines a network infrastructure including Base Station Subsystem BSS, containing the BTS (Base Transceiver Stations) communicating over the air interface with the Mobile Stations (MS, consisting of Mobile Equipment (ME) and SIM)
SIM is the Subscriber Identity Module which keeps at least the following data: IMSI (International Mobile Subscriber Identity), IMSI (International Mobile Subscriber Identity) – both 15-digit, temporarily TMSI and MSRN (Mobile Station Roaming Number)
The card is an external hardware module which may store user data like received SMS or phone book entries
4 | 52
Communication SystemsLast lecture – GSM, logical structure of the network
5 | 52
Communication SystemsLast lecture – GSM, logical structure of the network
The network subsystem contains the (G)MSC, (Gateway) Mobile Switching Centers
In the Home Location, Visitor Location Registers user data (MSISDN, configuration, ...) is kept permanently or temporarily
The Authentication Center (AUC) handles the user authentication and cryptographic routines
GSM has some shortcomings in security: User authenticates itself to the server, network but not vice-versa to the user
“IMSI catchers” may grab MS and reroute connection
Hardware for air sniffing - http://www.ettus.com (USRP - Universal Software Radio Peripheral, planned as a group project)
GSM decoding - http://wiki.thc.org/gsm/decode
Eavesdropping is possible because of leaked crypto algorithms and unencrypted network links (setup and call destruction, paging ... are not encrypted, ...)
6 | 52
Communication SystemsLast lecture – GSM, logical structure of the network
Operation & Maintenance Subsystem (OSS) is the whole systems management layer
Network measurement and control functions, network administration
Security Management, e.g. Equipment Identity Register (EIR) management
7 | 52
Communication SystemsPlan for this lecture
Data Services on top of GSM networks SMS – the most expensive 140Bytes ever
HSCSD as a typical phone network inspired data service
GPRS – an extension to existing GSM infrastructure to provide packet orientated services while optimizing the use of the air interface
EDGE - Enhanced Data Rates for GSM Evolution
MMS the SMS successor using the GPRS backend to offer advanced messaging services to subscribers
WAP – a protocol to bring Internet (like) services to the mobile device
8 | 52
Communication SystemsGSM and data services
GSM was the first fully digital wireless telephony network Structure of logical channels offers more than just voice
First very popular data communication was the Short Message Service (the most expensive bytes of the communication era :-))
Defined already in the GSM phase 1, first SMS was sent in 1992
Defined to inform users on incoming messages on their voice box, there was no idea to charge for it initially
SMS is store-and-forward service A designated SMS service center (SMS-SC) stores the messages –
there is no 1:1 communication between end user devices
9 | 52
Communication SystemsGSM and SMS
SMS widespread and used for many applications 1:1 message exchange between subscribers traditional informing the subscriber on received messages on
his box, it is possible to overwrite already received messages with updates: “you have 2 new messages” with e.g. “you have 4 new messages”
traditional information services: From the provider, subscribed services like soccer results, stock quotes or just error messages from important servers
M-Commerce to pay services with the bill issued by the mobile provider
authentication – request a one time password
10 | 52
Communication SystemsGSM and SMS
For the transfer over the wireless interface SMS uses the packet orientated, reliable Short Message Transfer Protocol (SM-TP) if there is no active voice communication a separate SDCCH
is used no reservation of a traffic channel is needed
11 | 52
Communication SystemsGSM and SMS
during voice session the SM-TP is multiplexed into the SACCH, enabling the MS to receive messages during other active connections
within the core network the MAP (Mobile Application Part) and SS7 is used
SMS allow 160 characters of a 7-bit alphabet (thus 140 Byte message size) possible to allow interpretation as binary data (logo and such
stuff, ...), but not really standardized until EMS PDU (Protocol Description Unit) describes type, encoding and
length of the message It is possible to stipulate that SMS content is directly passed to
the SIM (for logo, device settings etc.)
12 | 52
Communication SystemsGSM and EMS
EMS introduced around turn of century and available on all mobile phones by now allows the transfer of formatted text, sounds of up to 80 notes,
pictures of 16x16 or 32x32 pixels monochrome and concatenation of pictures for “animation”
vCard and vCalendar data implemented through simple chaining of SMSes, thus avoiding
dedicated transport channel MMS is discussed a little bit later, because of totally different
approach
13 | 52
Communication SystemsGSM and IP data services
GSM can be used to offer pervasive data services (was much more interesting in the pre WLAN era)
Voice is encoded as digital data stream, thus GSM is able to offer other data services to its users too
14 | 52
Communication SystemsGSM and IP data services
The “age” of GSM is detectable in the early definition of data services
the rather old standard from the end of the 80s offers just 9,6kbit/s (netto data rate of a full traffic channel (TCH))
with advanced channel coding 14,4kbit/s are possible
but that is ridiculous for todays modern Internet web content and multimedia applications
In the process of improving GSM the so called High-Speed Circuit Switched Data (HSCSD) was introduced
15 | 52
Communication SystemsGSM - HSCSD
HSCSD combines several time slots to achieve higher bandwidth on the mobile interface
4 channels of 14,4kbit/s add up to 57,6kbit/s
rather simple in setup, predictable quality But: high demands on resources
infrequent used data channels blocked for voice traffic of other users, thus the cell capacity is reduced
so one data service user equals to four mobile voice users – imagine on the charges needed to compensate
Thus HSCSD is standardized for a while now, but not every network provider offers this service (only D2 and E+ in Germany)
Sinking importance due the growth of UMTS and EDGE service
16 | 52
Communication SystemsGSM – HSCSD data rates
HSCSD data services are charged not for amount of data transferred, but connect time
Data rates depend on the available traffic channel types (half rate/full rate, advanced coding channel)
data rate TCH/H4.8 TCH/F9,6 TCH/F14,44,8kbit/s 19,6kbit/s 2 114,4kbit/s 3 119,2kbit/s 4 228,8kbit/s 3 238,4kbit/s 443,2kbit/s 357,6kbit/s 4
17 | 52
Communication SystemsGSM – GPRS
Primary GSM data services follow the circuit switching network model and reserve resources in advance – acceptable for voice but not for IP
Extension to GSM introduced in GSM phase 2 - GPRS Started in 1999 packet orientated approach to data switching allocation of channels request-driven – thus up to 115kbit/s
would be possible when using 8 time slots disadvantage – infrastructure has to be extended significantly,
new components are to be installed in BSS (Base Station Subsystem)
18 | 52
Communication SystemsGSM – GPRS
Bandwidth of 53,6 kbit/s (4 full rate traffic channels à 13,4 kbit/s), up to 107,2 kbit/s with 8 channels
GPRS usually operates asynchronous with more bandwidth for down than for upstream
Capabilities of a mobile device are expressed in class number, e.g.
Class 8 devices are able to use up to four down- and one upstream channel
Class 10 devices handle four down- and two upstream channels
Advantage of GPRS over HSCSD – more flexible, development into direction of UMTS network
19 | 52
Communication SystemsGSM – GPRS
GPRS bases on an additional infrastructure: GSN – GPRS Support Nodes as an extension to GSM
20 | 52
Communication SystemsGPRS components and interfaces
SGSN – serving GSN to support the MSC for localization, billing and security
GGSN – gateway GSN is the gateway to the packet data network – usually the Internet
GR – GPRS register to support the HLR (home location register), used for user address mapping
Between the different components interfaces are defined G
b between BSS and SGSN and G
n between the different GSNs, G
i
is the Internet gateway
GPRS defines a complete protocol architecture for the transport of packetized data and allow handover between different BTS, MSC/SGNS
21 | 52
Communication SystemsGPRS sessions
For every session a PDP (Packet Data Protocol) context is generated and stored in GGSN, it consists of
type (usually IP v4)
address of the MS (normally the IP address), which allows mapping of PDP address to GSM address
QoS parameters
address of access point to external networks (GGSN) Session setup is comparable to setup of mobile originated voice
calls Channels have to be activated and the authentication procedure
to be passed
22 | 52
Communication SystemsGPRS sessions
After the session setup as shown below: SGSN encapsulates the IP packet and routes it over the
GPRS backbone with the help of the PDP context defined
23 | 52
Communication SystemsGPRS sessions
depending on the routing decision the packet leaves the GPRS network on a designated GGSN as a normal Internet routeable IP packet
at this point normally NAT/IP masquerading takes place (most GPRS providers offer only addresses from the “private” IP ranges to mobile subscribers
the packet reaches the destination machine with standard IP routing
The destination machine (usually) answers the request from the MS and sends a packet back to the GGSN the GGSN looks up the position of the MS, encapsulates the
packet and routes the packet within the GPRS backbone to the SGSN
24 | 52
Communication SystemsGPRS components and interfaces
the SGSN decapsulates the packet and hands it over to the BSS for delivery to the MS
25 | 52
Communication SystemsGPRS services and QoS
GPRS offers several services Point-to-Point connection orientated network service (PTP-CONS),
which keeps connections open even when cell handovers occur
Point-to-Point connectionless network service (PTP-CLNS), similar to UDP in the IP world, no handovers are required, provided
Point-to-Multipoint is planned in Phase 2 and offers group communication (conferences, ..., comparable to IP multicast)
QoS profiles could be requested by the user
26 | 52
Communication SystemsGPRS services and QoS
Three QoS profiles available: low, medium, high
They define: reliability class loss probability of standard data units (SDU) ranges from 10-9 in
class 1 to 10-2 in class 3, same for corrupt SDU probability duplicate and out of sequence packet probability ranges from 10-
9 in class 1 to 10-5 in class 3 delay class
delays range from 0.5s in best up to 250s in worst class and user data throughput class
No idea if really in use or theoretical option like QoS fields in IP header, of course the enforcement of classes is much easier than in the IP world
27 | 52
Communication SystemsGSM data services and devices
The GPRS or HSCSD data rate is comarable to traditional wired modem connections
You might end up with download rates up to 5-6kByte/s, the upload is often much slower
GSM, GPRS is not able to cope with fast movement of the MS very well
The round trip times of packets are rather awful: a small ping packet can take around 600-1000ms to travel (lot of protocols, stacks and devices are included)
Useable for traditional asynchronous services like email and web (at least for low footprint sites), but not for interactive, high traffic services, like TV, video conferences, ...
Thus upgrade – EDGE (Enhanced Data Rates for GSM Evolution)
28 | 52
Communication SystemsNext Generation GPRS - EDGE
EDGE/EGPRS implemented as enhancement for 2G and 2.5G GSM and GPRS networks for relatively easy upgrade
Implementation started 2003 (first in the U.S.) Problematic for some carriers because of direct competition to the
expensive (license wise) UMTS Superset to GPRS to function on any network with GPRS
no changes in core networks needed – all changes are made to physical and data link layer only (OSI 1&2 layers)
base stations (BS) and base station controllers (BSC) have to be modified for EDGE compatible transceiver units
requires new mobile terminal (MT) hardware and software for decode/encode the new modulation and coding schemes
Additionally to Gaussian minimum-shift keying (GMSK) higher-order PSK/8 phase shift keying (8PSK) for the upper five of its nine modulation and coding schemes used
29 | 52
Communication SystemsEDGE – coding and data rates
EDGE produces a 3-bit word for every change in carrier phase and thus effectively triples the gross data rate
Like GPRS rate adaptation algorithms used for modulation and coding scheme to match the radio channel quality
Implements Incremental Redundancy - sending more redundant information instead of resending disturbed packets
Increases probability of correct decoding and thus produces more robustness of data transmission
EDGE carries up to 236.8kbit/s for 4 timeslots, theoretical maximum is 473.6kbit/s for 8 timeslots in packet mode
Because of physical layer enhancements HSCSD data rates increased too
30 | 52
Communication SystemsEDGE – coding and data rates
Further speedups - EDGE Evolution Latencies reduced by lowering the Transmission Time Interval by
half (from 20ms to 10ms)
Bit rates increased up to 1MBit/s peak rate, while latencies down to 100ms
using dual carriers higher symbol rate higher-order modulation (32QAM and 16QAM instead of 8-PSK) turbo codes to improve error correction
signal quality improved using dual antennas
31 | 52
Communication SystemsGPRS and enhanced mobile data services
The introduction of “high bandwidth” data services allows more than SMS or EMS services Mobile service providers have to find additional way to earn
revenues from their networks in a market environment with sinking fees they can charge for voice services
SMS was a really successful offering, so a successor was defined
MMS is the abbreviation for Multimedia Messaging Service Defined by several organizations for GSM and UMTS
networks Common standard for the mobile phones of different vendors
32 | 52
Communication SystemsGPRS and enhanced mobile data services
MMS allows the addressing via MSISDN (persistent telephone number of the mobile
subscriber) Or just an email address defined in RFC822 IP should be supported in near future
MMS is able to handle Formatted text, different fonts and text encodings Voice encoded with Adaptive Multi Rate codec (as used with
UMTS) Graphics in several formats
33 | 52
Communication SystemsGPRS and enhanced mobile data services
MMS uses a container format for the multimedia content SMIL (Synchronized Multimedia Integration Language), XML based,
which defines several modules for layout, timing, synchronization (of graphics, animation, text and speech or sound ...)
WML (Wireless Markup Language) for the presentation like in WAP browser
A MMS Center (MMS-C) or MMS relay/server handles the messages basically in a similar way like SMS
Store-and-forward architecture which sends and receives messages to and from a mobile subscriber
34 | 52
Communication SystemsGPRS and enhanced mobile data services
MMS Center may exchange data with external (MMS, email, FAX, value-added services) servers
It looks up user settings and preferences from the Home Location Register (HLR)
35 | 52
Communication SystemsGPRS and enhanced mobile data services
MMS data exchange is handled directly over GPRS Using e.g. IP/TCP/HTTP Or indirectly linking in a WAP gateway before then using
HTTP The MMS relay/server may transform data format into mail
format or vice versa So the same service is charged differently (GPRS data
services uses simply another Access Point (AP) than MMS) ... as long as the user can be maked to believe ...
Some years ago German computer magazine “ct” demonstrated a charge free data connection over the MMS gateways within the GPRS backbone
36 | 52
Communication SystemsGPRS, HSCSD and WAP
The Wireless Application Protocol was defined to bring Internet like services to the mobile platform GPRS data rate is rather restricted as usually the display and
compute power of the MS is Thus a specific protocol was defined by Ericsson, Motorola,
Nokia & Unwired Planet in 1997 WAP 1.0 was released in 1998, but nobody really used it (to
expensive for to restricted services offered) The initial standard was extended to WAP version 1.1, 1.2,
1.2.1 (not really compatible and available on every mobile device)
After long series of failures WAP 2.0 was defined in 2001 integrating well defined and agreed upon Internet standards
37 | 52
Communication SystemsGPRS, HSCSD and WAP
Two types of services are defined: traditional web like and push service
38 | 52
Communication SystemsGPRS, HSCSD and WAP
Data reduction is handled by the use of optimized protocols The Internet protocols are translated into their counterparts in the
WAP standard via translation tables:
HTTP-Header: Accept: application/vnd.wap.wmlc
WSP-Header: 0x80,0x94
HTTP-Header: Accept-Language: en;q=0.7
WSP-Header: 0x83,0x02,0x99,0x47
HTTP-Header: Accept-Language: en,sv
WSP-Header: 0x83,0x99,0x83,0xF0
39 | 52
Communication SystemsGPRS, HSCSD and WAP
Hash tables translated each WSP header into its HTTP counterpart
A designated gateway is needed as translation device
40 | 52
Communication SystemsWAP 1.X helper protocols
Of course the webserver has to offer WAP user agent (UA), the so called Wireless Application Environment (WAE) optimized content try out the www.google.de or www.bahn.de with a WAP UA to
see two good examples The OSI session layer is presented by WSP, the Wireless
Session Protocol, a transaction layer by WTP (Wireless Transaction Protocol)
A security layer is provided with WTLS, the Wireless Transport Layer Security (thus a secure connection of a WAP UA and a secure website may consist of two parts with unpacking at the WAP gateway)
The transport layer is handled by Wireless Datagram Protocol (WDP)
41 | 52
Communication SystemsWAP 1.X helper protocols
We see: A whole new protocol stack was invented to translate the existing protocols in optimized ones in mobile phone networks
The reduction rate compared to the existing internet protocols is rather good
When connections get faster and devices get better displays nobody cares so much
The whole design was rather complex, error prone and the gateway software proprietary
There are only few content providers (of course the mobile providers with their “community portals”) which made bigger investments (for a rather small user group) and thus use of the technology
By now no much specific WAP/Internet offers of any provider left
42 | 52
Communication SystemsWAP 2.0 standard
WAP 2.0 simply replaces the complex architecture with a WAP proxy which is mostly HTTP compatible
The standard protocol methods like GET, POST, CONNECT, HEAD & OPTIONS are supported
Content is formatted with WAP optimized style sheets
43 | 52
Communication SystemsWAP 2.0, GPRS and cool add-on packages
Thus the mobile service provider offered a HTTP like service over their GPRS infrastructure (history by now, but still available in other coutries like Greece, but nice example for protocol stacking)
Trying to push the mobile Internet special tariffs were introduced (understanding pricing in mobile communication is as easy as understanding the German tax system)
O2 (aka viag interkom) offers a WAP package for just 5EUR flat compared to a GPRS MB charged significantly more
Of course they use another AP than for normal GPRS (same like with MMS)
Of course other protocols than WAP are forbidden to use (but how to distinguish?)
44 | 52
Communication SystemsWAP 2.0, GPRS and cool add-on packages
OpenVPN is an open source VPN software which is able to offer services over HTTP CONNECT proxies
Invented to get a pass-through on rather restricted firewalls
The OpenVPN has just to present the correct UA identifier the provider expects to see
45 | 52
Communication SystemsWAP 2.0, GPRS and cool addon packages
Even normal web traffic can pass the provider proxy, if the correct identifier string is presented, e.g.
Mozilla/1.22 (compatible; MSIE 5.01; PalmOS 3.0 EudoraWeb 2.1
Profile: http://wap.sonyericsson.com/UAprof/P800R102.xml
The Internet forums are full of discussions on pass through, lists of allowed user agents are easily available
Disclaimer: Use this information for demonstrations on suboptimal firewall setup and offered services issues only
Setup was developed and proved as a “Studienarbeit” at the professorship (will be published in Linux Magazine soon)
46 | 52
Communication SystemsGSM data services and devices
Each modern mobile phone can be used as a “modem” to connect TE (any Terminal Endpoint) to the wireless data service
Term “modem” is not correct, because the digital data stream has not to be modulated onto an analogous signal
Other devices like CardBus, PCMCIA, PCIe cards available too
Pictures are older examples :)
47 | 52
Communication SystemsGSM data services and devices
Older phones or PCMCIA, CardBus cards may not offer HSCSD and newer services classes for GPRS/EDGE
But device handling is rather similar to traditional modem or ISDN dial-in connections
A “hayes” compatible AT command set is used to setup and close the data connection, there are GSM specific commands to enter the PIN (for enabling the access to the SIM card plugged into PCMCIA) or to get information on signal strength
When the connection is established the PPP (Point-to-Point protocol) is used to pass IP and DNS configuration
48 | 52
Communication SystemsGSM data services and devices
Snippet from a Linux GPRS modem call script
... SAY „\ndefining PDP context...\n" \
OK 'AT&F' \
OK 'ATV1E0S0=0&D2&C1' \
OK AT+CMEE=1 \
OK 'AT+cgdcont=1,"IP","wap.viaginterkom.de"' \
OK-AT-OK ATD*99***# \
SAY "\nwaiting for connect...\n"
... Specific AP is choosen (here wap.viaginterkom.de)
49 | 52
Communication SystemsGSM data services and devices
The “dial” command does not use a typical telephone number (to reach a certain service) but addresses a stored profile in the mobile phone for the GPRS/EDGE access
Connect: ppp0 <--> /dev/rfcomm1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71179e05> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <pcomp> <accomp> <auth pap>]
No auth is possible
sent [LCP ConfRej id=0x1 <auth pap>]
rcvd [LCP ConfRej id=0x1 <magic 0x71179e05>]
sent [LCP ConfReq id=0x2 <asyncmap 0x0> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfAck id=0x2 <asyncmap 0x0> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <pcomp> <accomp>]
...
50 | 52
Communication SystemsGSM data services and devices
...
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
rcvd [LCP ProtRej id=0x4 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
rcvd [IPCP ConfReq id=0x1 <addr 10.49.48.62>]
sent [IPCP ConfAck id=0x1 <addr 10.49.48.62>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [IPCP ConfNak id=0x2 <addr 10.45.48.63>]
...
local IP address 10.49.48.66
remote IP address 10.49.48.67
Thus the IP setup is easily compatible to known PPP implementation
51 | 52
Communication SystemsFuture of mobile communication
GSM is a technology defined in the end of the 80th
Even with enhancements like EDGE the Bandwidth Packet delays for data services Security
... 2G is not state-of-the-art any more ... Some of the shortcomings were seen in the 90th and the definition
of a third generation (3G) real global mobile network started Planned: Worldwide standard to include countries like U.S. and
Japan with different technology 2G networks Next lecture: On UMTS
52 | 52
Communication SystemsGPRS, WAP literature
Text books (german language): Jochen Schiller, Mobilkommunikation Bernhard Walke, Mobilfunknetze und ihre Protokolle,
Grundlagen GSM, UMTS, ... Check the last communication systems lecture of 2006 for more
literature hints:
http://www.ks.uni-freiburg.de/php_veranstaltungsdetail.php?id=11 Next lectures: 1st July and 4th July Next (practical) exercises: 8th, 11th July (seminar room -114 in the
computer center)