1

GLOBAL SYSTEM FOR MOBILE COMMUNICATION (GSM) AND INFORMATION SECURITY

A Summer Training Report

Submitted in the partial fulfilment of the requirement for the course

BACHELOR OF TECHNOLOGY In

Electrical and Electronics Engineering (Session 2010-2014)

Submitted By: ABHISHEK SHARMA

10BEE1009

2

TABLE OF CONTENTS

S.NO. CHAPTER PAGENO. 1. ACKNOWLEDGEMENT 3

2. ABOUT NSN 4

3. WIRELESS SERVICES 6

4. BACKGROUND OF THE GSM SYSTEM 9

5. GSM CHARACTERISTICS 11

6. OVERVIEW OF THE INTERFACES 14

7. THE GSM RADIO LINK 15

8. TIME DIVISION MULTIPLE ACCESS 17

9. MODULATIONS 18

10. SIM CARD 21

11. MOBILITY MANAGEMENT 22

12. TYPES OF IDENTIFICATION NUMBERS 27

13. CALL MANAGEMENT 28

14. GSM SYSTEM SERVICES 29

15. CALL OFFERING SERVICES 31

16. MULTIPARTY SUPPLEMENTARY SERVICES 32

17. COMMUNITY OF INTEREST SUPPLEMENTARY SERVICES 32

18. CHARGING SUPPLEMENTARY SERVICES 33

19. INTERWORKING CLASSIFICATIONS 33

20. GSM ARCHITECTURE 35

21. GSM NETWORK STRUCTURE 35

22. NETWORK COMPONENTS OF THE RADIO SUBSYSTEM (RSS) 36

23. AUTHENTICATIONS IN GSM 37

24. HANDOVER 38

25. LOCATION UPDATING AND CALL ROUTING 38

26. VALUE ADDED SERVICES 39

27. REFERENCES 40

3

ACKNOWLEDGEMENT

I am grateful to Nokia Siemens Network for providing me this opportunity to undergo a

training program in GLOBAL SYSTEM FOR MOBILE COMMUNICATION (GSM)

AND INFORMATION SECURITY and help me learn the processes which takes place in

the company. This is a part of my B.Tech curriculum at VIT University, Chennai as well as a

valuable addition to my knowledge. I would especially pay my vote of thanks to all the staff

of NSN for easing me through the training process and help me to distend my knowledge. I

would also like to thank my professors who always motivated me to stay focused and to

improve with every step.

I am also very thankful to my parents for their valuable support and vital motivation.

PLACE: Jaipur ABHISHEK SHARMA

DATE: July 3rd, 2013

4

ABOUT NSN

Nokia Siemens Networks. For a world in motion™

Nokia Siemens Networks is a multinational data networking and telecommunications

Equipment Company headquartered in Espoo, Finland and a joint venture

between Nokia of Finland and Siemens of Germany. Nokia Siemens Networks has

operations in around 150 countries. In 2013, Nokia acquired 100% of the company, with a

buy-out of Siemens AG.The company was created as the result of a joint venture

between Siemens Communications division (minus its Enterprise business unit) and Nokia's

Network Business Group. The formation of the company was publicly announced on 19 June

2006.

Nokia Siemens Networks operates in more than 150 countries worldwide and has about

58,000 employees. Most of those employees work in one of the six central hubs around the

world, Espoo in Finland, Munich in Germany, Wrocław in Poland, Chennai and Bangalore in I

ndia, Guangdong in China and Lisbon in Portugal. Its major manufacturing sites are

in Chennai in India, China, Oulu in Finland and in Berlin, Germany.

Business

Communication for service providers

Customer care support

Device management

Fixed-mobile convergence

Hosting

Integrated provisioning

Inventory management

IPTV

Mobile backhaul

Mobile TV

Outsourcing

Unified charging and billing

WCDMA frequency reframing

Optical multiplexers (optical networks division sold to Marlin Equity Partners operating as Coriant since May 2013).

5

Public and corporate

Air and maritime

Government

Railway

As the world’s specialist in mobile broadband, NSN helps customers to enable the end users to do more than ever before with the world’s most efficient mobile networks, the intelligence to maximize their value and the services to make it all work together.

From the first ever call on GSM, to the first call on LTE, NSN operates at the forefront of each generation of mobile technology. Their global experts invent the new capabilities needed in the networks. The company provides the world’s most efficient mobile networks, the intelligence to maximize the value of those networks, and the services to make it all work together seamlessly.

With an unswerving focus on quality, efficiency and reliability they help to meet mobile customers’ demands for universal content and connectivity more efficiently and effectively. Together, they deliver the innovations in mobile technology that enable people and businesses everywhere to do more than ever before.

6

WIRELESS SERVICES

This century has seen the development of a public wire line network that allows reliable and affordable communication of voice and low-rate data around the globe. The goal of wireless communication is to allow the user access to the capabilities of the global network at any time without regard to location or mobility.

Different types of wireless services exist:

· Cordless telephone The basic cordless telephone (for example, CT0, CT1) provides a wireless counterpart to the standard telephone. The handset typically operates within 50 to 100 m of the user's base station, which is connected to the public switched telephone network (PSTN).

· Cordless systems With the advent of digital cordless telephony, cordless systems with enhanced functionality (DECT, PHS) have been developed that can support higher data rates and more sophisticated applications such as use of multiple handsets with one home base station. Cordless Telephone-2, also a digital cordless system, has less functionality as DECT or PHS, the user is not capable of moving out of his home base station range and roam in the public network as is possible with PHS (future enhancement for DECT). To setup a call in the public network the user needs to be in the area of special base stations. An example is public access Tele-point systems (Green point).

· Wireless PBX Wireless private branch exchanges have similar functions as PHS and DECT but limited to the premises of the PBX owner.

· Cellular systems Analog Cellular systems (for example, AMPS,TACS and NMT) and Digital Cellular systems (for example, GSM and CDMA IS-95) currently are limited to voice and low-speed data within areas covered by base stations.

· Airphone Airphone is used in airplanes where the calls are initiated from.

· Paging Paging covers all public messaging services. Radio messaging services offer the possibility of transmitting short messages in one direction to a specific user whose location is unknown. The message may be limited to a tone signal or may consist of alphanumeric characters.

7

· Mobile satellite service

There are some situations in which providing radio coverage with cellular like terrestrial wireless networks is either not economically viable (such as in remote, sparsely-populated areas), or physically impractical (such as over large bodies of water). In these cases, mobile satellite services (MSS) could fulfill the gap, allowing complete global coverage. Spectrum has been designated by the ITU for MSS, and there are many MSS systems in various stages of concept, design and operation.

Wireless systems evolution

The evolution of wireless systems takes place in three generations: · Generation 1: Analog wireless systems · Generation 2: Digital wireless systems

8

· Generation 3: Integration of all kinds of wireless systems into one universal mobile telecommunication system

Generation 1 systems: Cellular system design was pioneered during the '70s by Bell Laboratories in the United States, and the initial realization was known as AMPS (Advanced Mobile Phone Service). The AMPS cellular service has been available in the United States to the public since 1983. Systems similar to AMPS were soon deployed internationally.

Generation 2 systems: The development of low-rate digital speech coding techniques and the continuous increase in the device density of integrated circuits have made completely digital second-generation systems viable. Digital systems can support more users per base station per MHz of spectrum than analog systems, allowing wireless system operators to provide service in high density areas more economically.

To meet the growing need to increase cellular capacity in high-density areas, different standardization bodies developed their own standard:

· The Electronic Industries Association (EIA) and the Telecommunications Industry Association (TIA) in the USA adopted the IS-54 standard (DAMPS) and later on the CDMA IS-95 standard. · The European Telecommunications Standards Institute (ETSI) adopted the GSM standard.

Generation 3 systems: Work is continuing in the European research consortium, RACE, and in ETSI towards developing UMTS (Universal Mobile Telecommunication System) on a joint European basis. At the same time, the ITU is working globally towards IMT-2000 (International Mobile Telecommunications-2000) with mutual agreement and information exchange. Technically, these systems by offering bandwidths of more than 2 Mbit/s, open new possibilities for additional services in mobile communication networks, such as full motion picture transmission.

9

BACKGROUND OF THE GSM SYSTEM

· GSM established: The large number of different analog systems used in Europe did not represent an ideal situation from a subscriber point of view. Along with the need to accommodate an increasing number of users and to establish compatibility with the evolution of the fixed network towards digital systems, this led the Conference Europeans des Posts et Telecommunications (CEPT) to establish a "Grouped Special Mobile" in 1982. The work of that group became the GSM system (now "Global System for Mobile communications").

· GSM group task: Task of the group was to develop a uniform standard for digital mobile radio in Europe. The result was a standard for narrowband (i.e., 200-kHz bandwidth) digital voice transmission in the 900-MHz band. A Memorandum Of Understanding, pertaining to the construction of a digital mobile radio system, was signed by representatives of the telecommunication administrations in 14 European countries in 1987. These signatories, together with various European manufacturers, committed themselves to commence service in the relevant networks, or to guarantee the supply of the necessary infrastructure by mid-1991. The GSM standard is now under the control of the European Telecommunications Standards Institute (ETSI). Originally specified as a pan-European digital cellular standard, GSM has spread much further afield. GSM networks are now operational in Europe, the Middle East, Africa, the Asia-Pacific region.

· GSM-900 and GSM-1800 standards: Even before the first GSM networks came into operation in 1992, it was clear that the extra capacity of GSM would still not be sufficient to meet the demand for mobile telephone services. As a result, a further set of frequencies - 75 MHz in the 1800 MHz band - were allocated for digital mobile telephone services in Europe. This was three times the bandwidth allocated for GSM (25 MHz in the 900 MHz band). A new standard, called GSM-1800 (Digital Cellular System), was specified for the new frequencies. GSM-1800 uses virtually all the GSM specifications - which means that GSM network components can be used in GSM-1800 networks. Only the radio base transceiver stations, and the mobile phones themselves, need a different specification.

1982 CEPT adopts WARC 79 recommendation allocating 890-915 MHz and 935-960 MHz for land mobile GSM created to set standard

1985 EEC supports GSM standards throughout community

1987 Digital technology standards set for TDMA, speech coding, channel coding, and modulation method Telecommunication carriers from 14 European countries sign Memorandum of Understanding (MOU) and agree to install systems in 1991

1988 Industrial development started

1989 Acceptance of GSM-1800 system, with GSM as standard

1991 First systems deployed (July)

1992 First GSM terminals receive interim type approval

1993 First GSM-1800 network launched

1995 First GSM-1900 network in US & Canada

10

OBJECTIVES OF THE GSM SYSTEM

·Common radio spectrum in all countries: As a pan-European standard, GSM required the availability of common radio spectrum in all countries, and the European Commission issued a directive which required member states to reserve frequencies in the 900 MHz band for GSM.

· Integrated European system with international roaming: GSM would allow users to roam between GSM networks in different countries, using the same phone and phone number to make and receive calls wherever they went. This contrasted with the existing situation, where different analog networks, using different standards, were operating in each country.

· Create large single market: The GSM standard had the aim of creating a large single market for mobile telephone networks, and for the phones themselves. This would stimulate the European telecommunications industry, promoting open competition between suppliers, and driving down prices.

· Increase available cellular radio capacity: The digital GSM technology is at least three times more efficient in its use of radio spectrum than analog networks; and so it can accommodate at least three times as many users. As analog cellular networks began to grow beyond all expectations during the late 1980s, the need for the extra capacity of GSM became all the more urgent.

· Standardization of network components and network interfaces: For the network operators, one important aspect of the GSM standard was that it standardized the components of the network, and the interfaces between them. Most analog networks were completely proprietary systems - all the components, such as switching systems, radio base stations and network management systems - had to be bought from one supplier in order to work properly as a network. GSM would allow operators to shop around for different components in the network, knowing that there would be no compatibility problems.

· Better security functions: Being digital, and making use of advanced encryption techniques, means that GSM is very well protected against eavesdropping - a significant worry for many business users of analog cellular networks.

· Compatibility with evolution of fixed digital networks: A number of supplementary telephone services were included in the GSM standard. Those, which are currently available, or being implemented in most networks include call forwarding, charge advice, call barring and conference calls.

· Accommodate new services: The GSM standard also supports services such as the Short Message Service (SMS), which allows short text messages to be sent to mobile phones. Data and fax transmission, at

11

speeds up to 9.6kb/s, is available, allowing GSM phone users to link their phones to portable computers in order to send and receive faxes and data files, as with a normal fixed computer and modem.

GSM CHARACTERISTICS

Overview technical characteristics:

Main technical characteristics of the GSM system are: · Radio frequency spectrum used: - for P-GSM-900: 890 - 915 MHz and 935 - 960 MHz - for E-GSM: 880 - 915 MHz and 925 - 960 MHz - for R-GSM: 876 - 915 MHz and 921 - 960 MHz - for GSM-1800: 1710 - 1785 MHz and 1805 - 1880 MHz. The GSM Standards E-GSM and R-GSM bands include the primary frequencies. It depends on the current radio frequency spectrum usage in a specific area whether the extension can be used.

· Use of FDD (Frequency Division Duplexing), FDMA (Frequency Division Multiple Access) and TDMA (Time Division Multiple Access) techniques · Digital cellular system

GSM radio frequency spectrum: In the frequency range specified for GSM-900 System mobile radio networks, 124 frequency channels with a bandwidth of 200 KHz are available for both the uplink and downlink direction. The uplink (mobile station to BTS) uses the frequencies between 890 MHz and 915 MHz and the downlink (BTS to mobile station) uses the frequencies between 935 MHz and 960 MHz The duplex spacing, the spacing between the uplink and downlink channel, is 45 MHz The E-GSM band adds 50 frequency channels and the R-GSM another 20 frequency channels to the spectrum. For the specific channel number to frequency mapping refer to the table on the next page. In the frequency range specified for GSM-1800 System mobile radio networks, 374 frequency channels with a bandwidth of 200 KHz are available for both the uplink and downlink direction. The uplink uses the frequencies between 1710 MHz and 1785 MHz and the downlink uses the frequencies between 1805 MHz and 1880 MHz the duplex spacing is 95 MHz

Multiple access techniques: In cellular and cordless terminology the three main types of multiple access used to divide the radio frequency spectrum between the cell site radios and the mobile stations are: · Frequency Division Multiple Access (FDMA):

12

Each call is carried on a separate frequency channel. · Time Division Multiple Access (TDMA): Each frequency channel is further divided into a set of timeslots; each timeslot carries the data of a voice call. · Code Division Multiple Access (CDMA): A spread-spectrum technology is used, in which the radio signals associated with a call are spread across a single broad frequency spectrum (1.25 MHz). Each call in the spectrum is differentiated from other calls in that spectrum by assigning a unique code to each call's signal. At the receiving end (mobile station or cell site), the specific call's signal is isolated by decoding the full received signal using the code assigned to that call's signal.

Multiplexing techniques: The two multiplexing techniques used in cellular and cordless terminology are:

· Frequency Division Duplexing (FDD) In FDD two symmetric frequency bands are used, one containing the uplink channels and the other the downlink channels.

· Time Division Duplexing (TDD) TDD means that the uplink of the voice call is time multiplexed on the same frequency channel as the downlink of the voice call.

Techniques used in GSM: In the GSM system, TDMA in combination with FDMA is used; the usage of each radio channel is partitioned into multiple (eight) timeslots, and each user is assigned a specific frequency/ timeslot combination. Thus, only a single mobile is using a given frequency/timeslot combination at any particular time. Also the FDD technique is in use, that is two symmetric frequency band, one band containing the uplink channels and the other the downlink channels.

Analog cellular systems - AMPS: In the AMPS system, FDD in combination with FDMA is used. A total of 50 MHz in the bands 824-849 MHz and 869-894 MHz is allocated to cellular mobile radio. This spectrum is divided into 832 frequency channels, each 30 kHz wide. Frequency modulation (FM) is used for speech channels, and Frequency Shift Keying (FSK) for signalling channels. This way of sharing spectrum is called Frequency Division Multiple Access (FDMA).

13

Digital Cellular Systems - IS-95: The EAI/TIA IS-95 standard is based on the CDMA system. In CDMA a spread spectrum technology is used, in which the radio signals associated with a call are spread across a single broad frequency spectrum (1.25 MHz). Each call in the spectrum is differentiated from other calls in that spectrum by assigning a unique code to each call's signal. At the receiving end (mobile station or cell site), the specific call's signal is isolated by decoding the full received signal using the code assigned to that call's signal. All other noises or signals with calls that do not match the assigned code are ignored.

The CDMA frequency access method allows the service provider to reuse the same frequencies in adjacent cells. This is because an assigned code is used to decipher the signals, therefore signals in the same frequency but with a different code appear as noise to the receiving end. Reuse of the same frequency in adjacent cells, along with other reasons, allows CDMA to provide a capacity improvement over the FDMA and TDMA access methods. Though FDMA and TDMA do allow radio frequencies to be reused, the separation between cells containing the same frequency must be far enough so that co frequency interference can be kept below acceptable levels most of the time. Frequencies are organized into cell clusters for TDMA and FDMA and their sizes are determined by the number of cells per cluster and the radius per cell. With CDMA the service provider can reuse all frequencies (in the spread spectrum mode) in all cells. Another major benefit of a CDMA system is the ability of a CDMA Mobile Station to communicate to more than one Cell at one time during a call. This functionality, known as a Soft-Handoff, provides a seamless uninterrupted call while the Mobile Station moves between Cells.

14

OVERVIEW OF THE GSM INTERFACES

For the connection of the different nodes in the GSM network, different interfaces are defined in the GSM specifications.

· Air interface or Um-interface The Air Interface is the interface between the BTS (Base Transceiver Station) and the MS (Mobile Station). The air interface is required for supporting: - Universal use of any compatible mobile station in a GSM network - A maximum spectral efficiency

· Abis-interface The Abis-interface is the interface between the BSC (Base Station Controller) and the BTS. The interface comprises traffic and control channels. Functions implemented at the Abis-interface are: - Voice-data traffic exchange - Signalling exchange between the BSC and the BTS - Transporting synchronization information from the BSC to the BTS

· A-interface The A-interface is the interface between the BSC and the MSC.

· Proprietary M-interface In the GSM network implementation of Lucent Technologies, the BSC includes the TRAU (Transcoder/Rate Adapter Unit). The TRAU adapts the transmission bit rate of the A-interface (64 Kbit/s) to the Abis-interface (16 Kbit/s). The interface between the physical BSC and the TRAU is known as the M-interface.

15

THE GSM RADIO LINK

The air interface Um is the interface between the BTS (Base Transceiver Station) and the moving MS (Mobile Station). The air interface utilizes a radio wave which is subject to attenuation, reflections, Doppler shift, and interference from other transmitters. These effects will cause loss of signal strength and distortion, which will impact the quality of the individual radio link and the voice channel. To cope with the harsh conditions of the VHF/UHF (Very High Frequency/Ultra High Frequency) cellular land-mobile radio environment, and given the required high spectral efficiency, GSM makes use of an efficient and protective signal processing. In addition, proper cellular RF design must ensure that sufficient radio coverage is provided in the area.

Aspects of Radio Propagation

Types of signal strength variations:

· Macroscopic variations: Macroscopic variations are due to local mean, long term, or log-normal fading. Its variation

16

is due to the terrain contour between the BTS and the MS. The fading effect is caused by shadowing and diffraction (bending) of the radio waves.

· Microscopic variations: Microscopic variations are due to multipath, short-term, or Rayleigh fading. It is caused by the fact that as the MS moves, radio waves from many different reflection paths will be received.

DIGITAL TDMA IMPLEMENTATION

Advantages of digital transmission: The analog cellular system is known as the first-generation system. Second generation cellular systems are digital. GSM systems are second-generation systems.

The digital transmission over the air interface Um has a number of advantages over analog transmission: · Better speech quality · Speech privacy and security (improved through encryption) · High spectral efficiency (traffic density per MHz bandwidth, due to extensive frequency reuse) · Better resistance to interference (also by frequency hopping) · Data services and ISDN compatibility

· Efficient use of battery power by RF power control.

Access methods

Cellular radio as a network does not specify how the individual subscribers have access to the network. The two main access methods are: analog and digital.

Analog access

Analog systems use the familiar single channel per user concept, known as Frequency Division Multiple Access (FDMA). World-wide there are up to six incompatible analog cellular standards, such as NMT. The available spectrum is divided into channels A,B,C,D, and so on. During the call, a single user will occupy completely one channel of e.g. 25 kHz bandwidth irrespective whether the modulation is analog or digital. The signalling over the network is digital, the speech is modulated analog narrow-band FM

Digital access

The aim of digital network is to have: · Better compatibility with the network supporting the cellular radio system · Alternative access method to achieve a better spectral efficiency.

Digital systems let each user have access to the frequency band for a short time (traffic burst), during which time the user transmits data at a high rate.

17

TIME DIVISION MULTIPLE ACCESS

Time Division Multiple Access (TDMA) is used in GSM-900 and GSM-1800 digital cellular radio. In TDMA, the user's frequency allocation is shared with other users (seven in case of GSM) who have time slots allocated at other times. Hence, there are eight physical channels per frequency carrier.

In fact, the GSM system uses a mix of: · TDMA (time slots on one carrier) and · FDMA (a number of carriers within the band), although frequency hopping makes the FDMA somewhat more complex.

From Source Data to Digital Radio Transmission:

Transmitting/ receiving processes:

There are two major processes involved in transmitting and receiving information over a digital radio link: coding and modulation.

Coding Coding is the information processing that involves preparing the basic data signals so that they are protected and put in a form that the radio link can handle.

The coding includes:

· Speech coding or transcoding · Channel coding

18

· Bit interleaving · Encryption · Multiplexing

The first step is performed in the STF (and MS), while the remaining steps are performed in the BTS (and MS). The decoding process follows these steps in the reverse order.

MODULATION

Modulation is the processing that involves the physical preparation of the signal so that the information can be transported on a RF carrier.

The demodulation process retrieves the information from the RF carrier.

Time Slot Data Bursts:

GSM radio transmission is accomplished by sending data in bursts. The burst is the physical content of a time slot. Each burst consists of 148 usable bits of 3.69 msec each. Between the bursts there is a guard period of 30.5 msec (= 8.25 bit) to distinguish the consecutive bursts. Hence, each time slot interval has a fixed length of 156.25 bits or 15/26 ms. The actual burst varies in length, depending on the type of burst. The different parts in a burst have special functions. Note that the number of bits used for a particular function may vary with the type of burst.

Examples of burst parts are: training sequence, encrypted bits, tail bits, guard period and stealing flag bits.

Training sequence

A fixed bit pattern, called the TSC (training sequence code) is known by both the MS and the BTS. It is used to train the MS in predicting and correcting the signal distortions (due to Doppler and multipath effects) in the demodulation process. The TSC has either a 26, 41 or 64 bit pattern.

Encrypted bits

The encrypted bits represent the useful bits serving for speech, data transmission, or signalling.

Tail bits

The tail bits (TB) at the beginning define ("flag") the start of a burst. The tail bits at the end define the end of a burst.

Guard period

The guard period (GP) between two consecutive bursts is necessary for:

19

· Switching the transmitter on and off. The transmitted amplitude is ramped up from zero to a constant value over the useful period of a burst and then ramped down to zero again. This is always required for the MS, and the BTS may do so if the adjacent burst is not emitted. Switching off will reduce interference to other RF channels. · Timing advance

Stealing flag bits

The network has the option to use the information bits in the normal burst to send signalling data as needed. By setting a flag, using the stealing flag bits, the receiver can distinguish between traffic (user data) and signalling information.

The stealing flag bits indicate whether the adjacent 57 bits in the associated data field contain speech/data information or are "stolen" from the traffic channel for carrying pre-emptive FACCH (fast associated control channel) signalling information. The FACCH is used for sending signalling data if the capacity of the SACCH (slow associated control channel) is not sufficient.

Burst types

The different types of bursts are defined in GSM: · Normal burst · Dummy burst · Access burst · Synchronization burst · Frequency correction burst.

Time Alignment

Problem Because of the time division multiplexing scheme used on the radio path, the BTS receives signals from different mobile stations very close to each other. However, when a mobile station is far from the BTS, the BTS must deal with the propagation delay. It is essential that the burst received at the BTS fits correctly into the time slot. Otherwise, the bursts from the mobile stations using adjacent time slots could overlap, resulting in a poor transmission or even in a loss of communication.

Solution: timing advance In order to solve the problem of the propagation delay, a compensation mechanism is necessary in the mobile station; the mobile station is able to advance its transmission time by a time known as the timing advance.

Time alignment definition Time alignment is the process of transmitting early the bursts to the BTS (the timing advance) to compensate for the propagation delay. Once a connection has been established, the BTS continuously measures the time offset between its own burst schedule and the reception schedule of the mobile station burst. Based on these measurements, the BTS is able to provide the mobile station with the

20

required timing advance via the SACCH. Note that the timing advance is derived from the distance measurement which is also used in the handover process. The BTS sends to each mobile station a timing advance parameter according to the perceived timing advance. Each mobile station advances its timing by this amount, with the result that signals from different mobile stations arriving at the BTS are compensated for propagation delay.

Time alignment process

The RF communication experiences a propagation delay over the distance between the BTS and the MS. This is described in GSM. In order to synchronize the MS to the BTS, a timing advance is used to align the time slots arriving at the BTS receiver:

1. The BTS measures the reception time of the incoming MS burst. 2. The BTS requests the MS to advance its transmission to compensate for the delay over the distance. A 6-bit number indicates how many bits the MS must advance its transmission. This time advance is Ta 3. The time advance value can have a value between 0 and 63 bit lengths, which corresponds to a delay of between 0 and 233 ms. 4. This leads to a maximum mobile range of 35 km, which is rather determined by the Ta than by the signal strength.

Modulation

Methods of modulation: · ASK (Amplitude Shift Keying) · FSK (Frequency Shift Keying) · PSK (Phase Shift Keying)

Amplitude Shift Keying Amplitude Shift Keying (ASK) is the oldest form of radio modulation, having its beginnings in the early days of radio in the form of sending dots and dashes in what was called Morse Code signalling. This was known as wireless telegraphy and is still used in radio today. This form of modulation can also be used to send binary (via on-off keying) or M-ary (via multilevel ASK) digits in digital radio communications. However, it is not used in mobile radio because of its susceptibility to interference and noise.

Frequency Shift Keying Frequency Shift Keying (FSK) is a form of modulation that varies the radio carrier's transmitted phase. FSK is used in many "analog" cellular systems as the means of sending control data across the radio link, either on separate control radio channels, or on traffic radio channels using pre-emptive signalling (known as blank-and-burst) or out-of-band signalling on a subcarrier. FSK can be multilevel (i.e., M-ary).

Phase Shift Keying Phase Shift Keying (PSK) and Frequency Shift Keying (FSK) are related forms of modulation that vary the radio carrier's transmitted phase. PSK can also be multilevel (i.e., M-ary).

21

Modulation processing in GSM GSM uses a form of phase modulation known as Gaussian filtered Minimum Shift Keying (GMSK). This method shows good spectrum efficiency and requires a reasonable demodulation complexity.

1. In this method, the input bit stream is differentially encoded. 2. The encoded signal is passed to a filter which has a Gaussian impulse response

function. The filtered bit waveform shows smooth transitions resulting in a narrow occupied frequency spectrum. (Steep phase jumps would require more bandwidth).

3. The Gaussian filtered waveform is then applied to a phase modulator which produces a phase +or-90 C shift for each differential bit value.

This form of modulation was chosen to allow a constant envelope (amplitude) modulator to be used. Thus, non-linear RF power amplifiers can be used in both base and mobile radio equipment

SIM Card

GSM subscribers are provided with a SIM (subscriber identity module) card with its unique identification at the very beginning of the service. By divorcing the subscriber ID from the equipment ID, the subscriber may never own the GSM mobile equipment set. The subscriber is identified in the system when he inserts the SIM card in the mobile equipment. This provides an enormous amount of flexibility to the subscribers since they can now use any GSM-specified mobile equipment. Thus with a SIM card the idea of “Personalize” the equipment currently in use and the respective information used by the network (location information) needs to be updated. The smart card SIM is portable between Mobile Equipment (ME) units. The user only needs to take his smart card on a trip. He can then rent a ME unit at the destination, even in another country, and insert his own SIM. Any calls he makes will be charged to his home GSM account. Also, the GSM system will be able to reach him at the ME unit he is currently using. This is the main advantage of GSM over CDMA.

The SIM is a removable, the size of a credit card, and contains an integrated circuit chip

with a microprocessor, random access memory (RAM), and read only memory (ROM). The subscriber inserts it in the MS unit when he or she wants to use the MS to make or receive a call. As stated, a SIM also comes in a modular from that can be mounted in the subscriber’s equipment.

When a mobile subscriber wants to use the system, he or she mounts their SIM card and

provide their Personal Identification Number (PIN), which is compared with a PIN stored within the SIM. If the user enters three incorrect PIN codes, the SIM is disabled. The service provider if requested by the subscriber can also permanently bypass the PIN. Disabling the PIN code simplifies the call setup but reduces the protection of the user’s account in the event of a stolen SIM.

22

MOBILITY MANAGEMENT

In order to make a mobile terminated call the GSM network should know the location of

the MS, despite of its movement. For this purpose the MS periodically reports its location to the network using the Location Update procedure. The Location Update procedure is performed: · When the MS has been switched off and wants to become active, or · When it is active but not involved in a call, and it moves from one location area to another, or · After a regular time interval.

Network Attachment Network attachment is the process of selecting an appropriate cell (radio frequency) by the mobile station to provide the available services, and making its location known to the network. The process starts when the mobile station is switched on, and ends when the mobile station enters the idle mode. In idle mode the mobile station does not have a traffic channel allocated to make or receive a call, but the Public Land Mobile Network (PLMN) is aware of the existence of the mobile station within the chosen cell.

23

Network attachment process

The network attachment process consists of the following tasks:

· Cell identification When a mobile station is switched on, it attempts to make contact with a GSM PLMN by performing the following actions: Ø Measure the BCCH channels Ø Search for a suitable cell The mobile station measures the signal strength of the BCCH (Broadcast Control Channel) channels received. It stores in list information about 30 of these BCCH channels, such as the signal strength and the frequency corresponding to these BCCH channels.

· PLMN selection A suitable PLMN is chosen.

· Cell selection Cell selection is the process of selecting an appropriate cell (radio frequency) by the mobile station to provide the available services.

· Location update In order to initiate a call or to receive a call, the mobile station tunes to the control channel (BCCH plus CCCH) of the chosen cell. Then, it registers its presence in this cell (registration process) by means of a location updating procedure.

No suitable cell found If the mobile station is unable to find a suitable cell to access, it attempts to access a cell irrespective of the PLMN identity, and enters a "limited service" state in which it can only attempt to make emergency calls.

PLMN selection mechanism The particular PLMN to be contacted can be selected either in one of the following modes: · Automatic mode In automatic mode, the mobile station will choose which PLMNs to try all by itself. The automatic mode is based on the existence of the preferred list, which is stored in a non-volatile memory in the SIM. This list includes a number of PLMN identities in order of preference and is under control of the user. The most preferred is usually the home PLMN. The list is filled in by the user through a mechanism to be specified by the mobile station manufacturer. · Manual mode In manual mode, the user is presented a list containing all found PLMNs. The user chooses one of the PLMNs from the list. Cell selection criteria The mobile station attempts to find a suitable cell by passing through the list in descending order of received signal strength; the first BCCH channel which satisfies a set of requirements is selected. The requirements that a cell must satisfy before a mobile station can provide service from it, are:

24

· It should be a cell of the selected PLMN The mobile station checks whether the cell is part of the selected PLMN. · It should not be "barred" The PLMN operator may decide not to allow mobile stations to access certain cells. These cells may, for example, only be used for handover traffic. Barred cell information is broadcast on the BCCH to instruct mobile stations not to access these cells. · The radio path loss between the mobile station and the selected BTS must be below a threshold set by the PLMN operator

PLMN area A Public-Land-Mobile-Network (PLMN) area is the geographical area in which a particular PLMN operator provides land mobile communication services to the public. From any position within a PLMN area, the mobile user can set up calls to another user of the same network, or to a user of another network. The other network may be a fixed network, another GSM PLMN, or another type of PLMN. Other network users, and users of other networks, can also call a mobile user who is active in the PLMN area. When there are several PLMN operators, the geographical areas covered by their networks may overlap. National borders normally limit the extent of a PLMN area.

Location area identity Every radio transmitter in the PLMN broadcasts, via a control channel, a Location Area Identity (LAI) code to identify the location area that it serves. When an MS is not engaged in a call, it automatically scans the control channel broadcasts transmitted by the base stations in the locality and selects the channel that is delivering the strongest signal. The LAI code broadcast by the selected channel identifies the location area in which the MS is currently situated. This LAI code is stored in the Subscriber Identity Module (SIM) of the mobile equipment. As the MS moves through the network area the signal received from the selected control channel gradually diminishes in strength until it is no longer the strongest. At this point the MS re-tunes to the channel that has become dominant and examines the LAI code that it is broadcasting. If the received LAI code differs from that stored on the SIM, then the MS has entered another location area and initiates a location update procedure to report the change to the MSC. At the end of the procedure the LAI code in the SIM is also updated. Location area identity format

A Location Area Identity (LAI) code identifies the location area in a PLMN. The LAI code has three components:

· Mobile Country Code (MCC) The MCC is a 3-digit code that uniquely identifies the country of domicile of the mobile subscriber (for example, Germany is 262, and Brunei is 528). It is assigned by the ITU-T.

· Mobile Network Code (MNC) The MNC is a 2-digit code that identifies the home GSM PLMN of the mobile subscriber. If more than one GSM PLMN exists in a country, a unique MNC is assigned to each of them. The government of each country assigns it.

25

· Location Area Code (LAC) The LAC component identifies a location area within a PLMN; it has a fixed length of 2 octets and can be coded using hexadecimal representation. An operator assigns it.

Location Registration Two databases are used by Location Management to store MS location related data:

· Visitor Location Register A VLR contains a data record for each of the MS that are currently operating in its area. Each record contains a set of subscriber identity codes, related subscription information, and a Location Area Identity (LAI) code. This information is used by the MSC when handling calls to or from an MS in the area. When an MS moves from one area to another, the responsibility for its supervision passes from one VLR to another. A new data record is created by the VLR that has adopted the MS, and the old record is deleted.

· Home Location Register The HLR contains information relevant to mobile subscribers who are fee-paying customers of the organization that operates the PLMN. Two types of information are stored in the HLR: Ø Subscription information The subscription information includes the identity code and directory number allocated to the subscriber, the type of service(s) provided, and any related restrictions. Ø Location information The location information includes the address of the VLR in the area where the subscriber's MS is currently located, and the address of the associated MSC. The location information enables incoming calls to be routed to the MS. The absence this information indicates that the MS is inactive and cannot be reached. When an MS moves from one VLR area to another, the location information in the HLR is updated with the new VLR and MSC addresses. The VLR then creates a new entry for the

26

MS, using subscription data copied from the HLR. Provided that an inter working agreement exists between the network operators concerned, data transactions can cross both network and national boundaries.

TYPES OF IDENTIFICATION NUMBERS

During the performance of the Location Update procedure and the processing of a mobile call different types of numbers are used

· Mobile Station ISDN Number (MSISDN) · Mobile Subscriber Roaming Number (MSRN) · International Mobile Subscriber Identity (IMSI) · Temporary Mobile Subscriber Identity (TMSI) · Local Mobile Station Identity (LMSI)

Mobile Station ISDN Number The MSISDN is the directory number allocated to the mobile subscriber. It is dialled to make a telephone call to the mobile subscriber.

The number consists of Country Code (CC) of the country in which the mobile station is registered (for example, Germany is 49, and Brunei is 673), followed by national mobile number which consists of Network Destination Code (NDC) and Subscriber Number (SN). A Network Destination Code is allocated to each GSM PLMN.

The composition of the MSISDN is such that it can be used as a global title address in the Signalling Connection Control Part (SCCP) for routing messages to the HLR of the mobile subscriber.

Mobile Station Roaming Number MSRN is the number required by the gateway MSC to route an incoming call to a MS that is not currently under the gateway's control.

Using the MSISDN a mobile-terminated call is routed to the gateway MSC. Based on this MSISDN, the gateway MSC requests for a MSRN to route the call to the current visited MSC.

International Mobile Subscriber Identity A MS is identified by its IMSI. The IMSI is embodied in the SIM of the mobile equipment. The MS provides it anytime it accesses the network. An IMSI code has three components:

· Mobile Country Code (MCC) The MCC component of the IMSI has the same meaning and format as those of the LAI. It is assigned by the ITU-T.

· Mobile Network Code (MNC) The MCC component of the IMSI has the same meaning and format as those of the LAI. The government of each country assigns it.

27

· Mobile Subscriber Identification Number (MSIN) The MSIN is a code that identifies the mobile subscriber within a GSM PLMN. An operator assigns it. The overall number of digits in an IMSI code does not exceed 15.

Temporary Mobile Subscriber Identity The TMSI is an identity alias which is used instead of the IMSI when possible. The use of a TMSI ensures that the true identity of the mobile subscriber remains confidential by eliminating the need to transfer an IMSI code enciphered over a radio link.

A VLR allocates a unique TMSI code to each mobile subscriber that is operating in its area. This code, which is only valid within the area supervised by the VLR, is used to identify the subscriber in messages to and from the MS. When a change of location area also involves a change of VLR area, a new TMSI code is allocated and communicated to the MS. The MS stores the TMSI on its SIM.

Local Mobile Station Identity The LMSI is temporary subscriber data. Note that the use of the LMSI is optional. In order to speed up the search for subscriber data in the VLR a supplementary Local Mobile Station Identity (LMSI) can be defined. The LMSI is allocated by the VLR at location updating and is sent to the HLR together with the IMSI. The HLR makes no use of it but includes it together with the IMSI in all messages sent to the VLR concerning that MS.

CALL MANAGEMENT

The procedures, which are performed during the different phases of a call in a in a GSM network:

· Call establishment

· Call in active phase

· Call release

The procedures are explained using call scenarios of the following basic call types:

· Mobile-to-land call

· Land-to-mobile call

· Mobile-to-mobile call

28

GSM SYSTEM SERVICES

Telecommunication Services

· Bearer services: Bearer services are telecommunication services providing the capability of transmission of signals between access points (called user-network interfaces in ISDN). The bearer services describe what the network can offer (e.g. speech, data and fax). · Teleservices Teleservices are telecommunication services including terminal equipment functions, which provide communication between users according to protocols established by agreement between network operators. The teleservices are user end-to-end services (e.g. emergency call and short message service). · Supplementary services Supplementary Services modify or supplement a basic telecommunication service. Consequently, they cannot be offered to a customer as a stand-alone service. They must be offered together or in association with a basic telecommunication service. The same supplementary service may be applicable to a number of telecommunication services. Most supplementary services are directly inherited from a fixed network, with minor modifications (when needed) to adapt to mobility. Examples of supplementary services are calling line identification and call waiting.

Types of teleservices: Currently three types of categories of teleservices are distinguished: Speech Transmission, Short Message Service and Facsimile Transmission.

Speech transmission: There are two speech transmission teleservices:

· Teleservice 11 - Telephony This service provides the transmission of speech information and audible tones of the PSTN/ISDN. Transparency for telephone signalling tones is provided.

· Teleservice 12 - Emergency Calls The standardized access method throughout all GSM PLMNs is mandatory. In addition national emergency call numbers of PSTN/ISDN must be usable from a mobile station.

Short Message Service Short Message Service (SMS) provides a means of sending messages of limited size to and from GSM MSs without the use of a voice channel. The provision of SMS makes use of a Service Center (SC), which acts as a store and forward center for short messages. The SC is considered to be outside of the PLMN. Three types of SMS are available: SMS MT/PP, SMS MO/PP and SMS CB.

· SMS MT/PP Teleservice 21 - SMS MT/PP (Mobile Terminating Point to Point) is a Point-to-Point service

29

that allows a short data message to be terminated to an MS. The originator of the short message can either be another mobile subscriber or a subscriber from a fixed network. In the latter case this is only possible if both ends support an application for this purpose.

· SMS-MO/PP Teleservice 22 - SMS MO/PP (Mobile Originating Point to Point) is a Point-to-Point service that allows a short data message to be originated by an MS. The recipient of the short message can either be another mobile subscriber or a subscriber from a fixed network. This service provides the transmission of short message from a mobile station to an SMS SC.

The point-to-point services provided by GSM are similar to paging, but with many enhancements. For instance the network is informed whether the message has been received or not by the mobile station; messages can thus be kept in the network in case of delivery failure and be sent again when conditions improve. On the MS side the last received messages can be stored in a non-volatile memory. The message text is limited to a length of 160 characters.

· SMS-CB Teleservice 23 - SMS CB (Cell Broadcast) is a teleservice that allows a number of unacknowledged general messages to be broadcast to all receivers within a particular area. Unlike the SMS-MO and SMS-MT services, the SMS-CB service can be received only on an idle MS. The Cell Broadcast (CB) messages are broadcast on the Cell Broadcast Channel (CBCH). The maximum length of each CB message is 93characters.

Supplementary Services Both the mobile subscriber and network to control Supplementary Services can perform administrative functions. These functions include:

Supplementary services management: Both the mobile subscriber and network to control Supplementary Services can perform administrative functions. These functions include:

Ø Provisioning. The service provider makes a service available for a subscriber.

Ø Invoking. The service required is invoked by the subscriber (for example by pressing a specific button) or automatically by the network or terminal as a result of a particular condition (e.g. calling number identification for each incoming call).

Line Identification Services:

· Calling line identification presentation (CLIP) The CLIP service allows the called party to receive the line identity of the calling party. The network delivers the calling line identity to the called party at call set-up time, regardless of the terminal capacity to handle the information. The CLIP service may not be applicable if at least one of the two parties is not an ISDN or GSM PLMN subscriber (depends on national network specific rules).

30

· Calling line identification restriction (CLIR) The CLIR service enables the calling party to restrict presentation of its line identity to the called party. For inter-network calls, when the CLIR service is invoked, the originating network provides the destination network with a notification that the line identity of the calling party is not allowed to be presented to the called party.

Normally CLIR takes precedence over CLIP. However, depending on national regulations, some networks may define categories of subscribers that have the ability to override the presentation restriction (CLIR) and have the calling line identity presented (e.g. the police).

· Connected line identification presentation (COLP) The COLP service allows the calling party to receive the line identity of the connected party. This service is not a dialling check, but the calling subscriber receives the full connected line identity as used in a full ISDN/GSM environment, i.e. including all the information necessary to unambiguously identity the connected party. The network delivers the connected line identity to the calling party regardless of the terminal capability to handle the information. · Connected line identification restriction (COLR) The COLR service allows the connected party to prevent presentation of its line identity to the calling party. The network automatically invokes the COLR service for each incoming call at set- up phase. When the COLR service is invoked, the destination network provides the originating network with a notification that the line identity of the connected party is not allowed to be presented to the calling party. This also applies to inter-network calls. Normally COLR takes precedence over COLP. However, depending on national regulations, some networks may define categories of subscribers that have the ability to override the presentation restriction (COLR) and have the connected line identity presented (e.g. the police).

CALL OFFERING SERVICES

· Call forwarding unconditional (CFU) This service permits a called mobile subscriber to have the network send all incoming calls (or just those associated with a specific basic service group), addressed to its directory number, to another directory number. The ability of the served mobile subscriber (i.e. the `forwarding subscriber' or the `called subscriber') to originate calls is unaffected. If this service is activated, calls are forwarded no matter what the condition of the termination.

· Call forwarding on mobile subscriber busy (CFB) This service permits a called mobile subscriber to have the network send all incoming calls (or just those associated with a specific basic service group) that reach a busy signal, to another directory number.

· Call forwarding on mobile subscriber not reachable (CFNRc) This service permits a called mobile subscriber to have the network send all incoming calls (or just those associated with a specific Basic Service group), addressed to her directory number, but which is not reachable, to another directory number.

31

The ability of the served mobile subscriber to originate calls is unaffected. Call origination is affected if only the MS is de-registered, if there is radio congestion, or if the MS is being out of radio coverage. If this service is activated, a call is forwarded only if the MS is not reachable.

Call Completion Services

· Call waiting (CW) The Call Waiting Service permits a mobile subscriber to be notified of an incoming call (as per basic call procedures), while the traffic channel is not available for the incoming call and the mobile subscriber is engaged in an active or held call. Subsequently, the subscriber can either accept, reject, or ignore the incoming call. The time the network will wait for a response of the mobile subscriber to the waiting call can be set to between 0.5 and 2 minutes, at the service provider's discretion.

· Call holding (HOLD) The Call Holding Service allows a served mobile subscriber, who is provisioned with this supplementary service, to interrupt communication on an existing active call and then subsequently, if desired, re-establish communication. The traffic channel remains assigned to the mobile subscriber after the communication is interrupted to allow the origination or possible termination of other calls. The served mobile subscriber can only have one call on hold at a time.

If the served mobile subscriber has a call on hold and is not connected to an active call, she can either retrieve or disconnect the held call, or set up another call. She cannot receive a call, except when using the Call Waiting (CW) service. If the served mobile subscriber is connected to an active call and has another call on hold, the subscriber can alternate between the two calls, or disconnect the active call, the held call, or both calls. Again no new call can be accepted, except when using the CW service.

MULTIPARTY SUPPLEMENTARY SERVICES

· Multi party service (MPTY) This service provides a mobile subscriber with the ability to have a multi connection call, i.e. a simultaneous communication with more than one party.

A pre-condition for the MPTY service is that the served mobile subscriber is in control of one active call and one call on hold, both calls having been answered. In this situation the served mobile subscriber can request the network to begin the MPTY service. Once a MPTY call is active, remote parties may be added, disconnected or separated.

During a multi-party call, the served mobile subscriber is able to: · Put the connection to multi-party on hold. The served mobile subscriber may make a new call (to a potential participant) or process a Call Waiting request. While the multi-party call is on hold, the remote parties in that call can still communicate with each other. · Add another party, to which a private communication has been established previously (see

32

above). By again invoking the MPTY service, the network joins the active call and the MPTY call on hold together, resulting in an active multi-party call again. · Separate a remote party. Explicitly choose one remote party to have a private conversation with. This results in that remote party being removed from the multi-party call which is placed on hold, and the conversation between the served mobile subscriber and the designated remote party being a normal active call. Again, while on hold, the participants of the MPTY call can still communicate with each other. The separated party can be added again to the MPTY call or released. · Disconnect the entire MPTY call or disconnect remote parties on a one at a time basis.

COMMUNITY OF INTEREST SUPPLEMENTARY SERVICES

· Closed user group service (CUG) The CUG service enables subscribers, connected to a PLMN and possibly also other networks, to form closed user groups (CUGs) to and from which access is restricted. A specific user may be a member of one or more CUGs. Members of a specific CUG can communicate among each other but not, in general, with users outside the group. The ability to set up emergency calls remains unaffected. CUG subscribers can originate calls outside the group and/or to receive calls from outside the group. CUG subscribers can restrict originating calls to other members of the CUG, or receiving calls from other members of the CUG. Each subscriber may be a member of different CUGs.

The user can choose one of the following subscription options for each basic service group applied to the CUG service. Each option may be provisioned on a per basic service group basis, or for all basic services: · CUG calls only · CUG with incoming access, i.e. can also receive calls, which are not subject to CUG restrictions · CUG with outgoing access, i.e. can also make calls, which are not subject to CUG restrictions · CUG with incoming and outgoing access A user may subscribe to one of two additional restrictions applying for each particular CUG: · Incoming calls barred within a CUG · Outgoing calls barred within a CUG

CHARGING SUPPLEMENTARY SERVICES

· Advice of charge (information) (AOCI) This service permits the mobile station to display an accurate estimate of the size of the bill, which will eventually be levied in the Home PLMN (HPLMN).

· Advice of charge (charging) (AOCC) This service allows the mobile subscriber to indicate the charge that will be made for the use of telecommunication services. It is intended for applications where the user is generally not the subscriber but is known to the subscriber, and where the user pays the subscriber,

33

rather than the Service Provider. The charge information is based as closely as possible on the charge that will be levied on the subscriber's bill in the Home PLMN (HPLMN).

Call Restriction Services

· Call restriction services The Call Restriction supplementary services allow the possibility for a mobile subscriber to bar certain categories of outgoing or incoming calls at the subscriber's access. The group of Call Restriction Services includes two supplementary services:

Ø Barring outgoing calls Ø Barring incoming calls

Types of calls barred The mobile subscriber can select the categories of calls to be barred. The following categories are defined: Ø All outgoing calls (BAOC) Ø Outgoing international calls (BOIC) Ø Outgoing international calls except those directed to the home PLMN country (BOIC- exHC) Ø All incoming calls (BAIC) Ø Incoming calls when roaming outside the home PLMN country (BIC-Roam)

Interworking Function (IWF):

· Manages communication between GSM and other networks · May be implemented in MSC and MS · basically consists of transmission adaptation and protocol adaptation equipment · its role depends on type of user data and type of "other" network

The interface with external networks outside GSM may require a gateway for adaptation, the so-called Interworking Functions (IWF). The role of IWF may be more or less substantial depending on the type of user data and the network it interfaces with. It adapts the GSM transmission peculiarities to those of the partner network.

The term interworking describes interactions between networks, between end systems, or between parts, with the aim of providing an end-to-end communication. The interactions required rely on functions, which include converting physical and electrical states and mapping protocols, called Interworking Functions (IWFs).

IWF consists of transmission and protocol adaptation equipment. It enables interconnection with networks such as PSPDN (Packet Switched Public Data Network) or CSPDN (Circuit Switched Public Data Network), but it also exists when the partner network is simply a PSTN (Public Switched Telephone Network) or the ISDN (Integrated Services Digital Network). Interworking functions may be implemented together with the Mobile-services Switching Center (MSC) function, or they may be performed by separate equipment. On the user side the IWF function is normally built in into the mobile station.

34

Interworking classifications Four levels of interworking are required in a GSM network:

· Network interworking, required whenever a PLMN and a non-PLMN together are involved in providing and end-to-end connection.

· Service interworking, required when the Teleservices at the calling and called terminals are different. An example is the GSM Teleservice 61 and 62 interworking with standard facsimile group 3 service.

· Signalling interworking. Existing call control signalling procedures are used between the PLMN and other types of network (e.g. Signalling System No. 7 (SS7) and ISDN User Part (ISUP)).

· Supplementary service interworking. Not every GSM supplementary service may be used in combination with each PSTN/ISDN service.

GSM ARCHITECTURE

INTRODUCTION:

A GSM system is basically designed as a combination of three major subsystems: the network (switching) subsystem (SSS), the radio subsystem (RSS), and the operation and maintenance subsystem (OMS).

In order to ensure that network operators will have several sources of cellular

infrastructure equipment, GSM decided to specify not only the air interface, but also the main interfaces that identify different parts. There are three dominant interfaces, namely, an interface between MSC and the BSC (An interface), BSC and Base Transceiver Station (BTS) (Abis interface), and an Um interface between the BTS and MS.

GSM NETWORK STRUCTURE

Every telephone network needs a well-designed structure in order to route incoming

called to the correct exchange and finally to the called subscriber. In a mobile network, this structure is of great importance because of the mobility of all its subscribers. In the GSM system, the network is divided into the following partitioned areas:

GSM service area

35

PLMN service area MSC service area Location area Cells

The GSM service is the total area served by the combination of all member countries where

a mobile can be serviced. The next level is the PLMN service area. There can be several within a country, based on its size. The links between a GSM/PLMN network and other PSTN, ISDN, or PLMN network will be on the level of international or national transit exchange. All incoming calls for a GSM/PLMN network will be routed to a gateway MSC. A gateway MSC works as an incoming transit exchange for the GSM/PLMN. In a GSM/PLMN network, all mobile-terminated calls will be routed to a gateway MSC. Call connections between PLMNs, or to fixed networks, must be routed through certain designated MSCs called a gateway MSC. The gateway MSC contains the interworking functions to make these connections. They also route incoming calls to the proper MSC within the network. The next level of division is the MSC/VLR service area. In one PLMN there can be several MSC/VLR service areas. MSC/VLR is a role controller of calls within its jurisdiction.

In order to route a call to a mobile subscriber, the path through links to the MSC in the MSC area where the subscriber is currently located is required. The mobile location can be uniquely identified since the MS is registered in a VLR, which is generally associated with an MSC. The next division level is that of the LA’s within a MSC/VLR combination. There are several LA’s within one MSc/VLR combination. A LA is a part of the MSC/VLR service area in which a MS may move freely without updating location information to the MSC/VLR exchange that control the LA. Within a LA a paging message is broadcast in order to find the called mobile subscriber. The LA can be identified by the system using the Location Area Identity (LAI). The LA is used by the GSM system to search for a subscriber in an active state. Lastly, a LA is divided into many cells. A cell is an identity served by one BTS. The MS distinguishes between cells using the Base Station Identification code (BSIC) that the cell site broadcast over the air.

NETWORK COMPONENTS OF THE RADIO SUBSYSTEM (RSS)

The Radio Subsystem (RSS) consists of:

Mobile Equipment (ME) Base Station (BS) Radio Interface (Um)

The Base Station (BS) terminates the radio interface (Um) on the stationary network side. The BS has a modular design and includes the:

36

Base Transceiver Station (BTS) Base Station Controller (BSC) Transcoding and Rate Adaptation Unit (TRAU)

A BSC can control several BTS. Every BSC contained in the network controls one BSS. The interface between BSC and BTS is called Abis - interface. The BSC, the TRAU and BTS form a unit, which is called Base Station System (BSS) in the GSM terminology.

AUTHENTICATION IN GSM Encryption:

Since radio communications can be intercepted by practically anyone in the immediate surroundings, protection against eavesdropping is an important service in a mobile network.

The best solution is an encrypted air interface, for both traffic and control channels. Since encryption of voice requires digital coding, it cannot be used in analog mobile networks. Control channels can, in principle, be encrypted in both analog and digital systems, but encryption is more common in mobile networks that use digital control channels, such as GSM and D-AMPS.

In GSM, voice is encrypted as follows: In addition to SRES, the AUC calculates an encryption key (Kc) based on Ki and RAND. This key is stored in the HLR together with RAND and SRES. In connection with authentication, the mobile calculates a Kc value based on the RAND value received from the MSC and on the Ki value stored in the mobile. If the result of the authentication is approved, the MSC will store the encryption key in the base station (via the BSC) for use in encryption/decryption operations. The BSC then sends a "test signal" (encryption mode command) to the mobile. In response, the mobile should generate an encrypted signal (encryption mode complete) which - if the BSC can interpret it - permits continued signalling and communication. All signals, including voice signals, are encrypted. Equipment identification The purpose of equipment identification is to ensure that no stolen or otherwise unauthorized mobiles are used in the network. To this end, every mobile is provided with a tamper-proof equipment number in the manufacturing process, in GSM an international mobile equipment identity (IMEI). During the set-up phase, the MSC can request this number from the mobile and then send it on for checking in the network element called EIR (in GSM). If the number is barred or unknown, the set-up attempt is rejected. Subscriber identity confidentiality Subscriber identity confidentiality means that the operator tries to protect the user's telephone number (the IMSI) from unauthorized tapping. A temporary mobile subscriber number (TMSI in GSM) is used in the dialogue between the mobile and the network, except

37

for the first contact attempt in a set-up phase. The MSC gives the mobile a random TMSI for each set-up.

HANDOVER

Handover, or handoff as it is called in North America, is the switching of an on-going call to a different channel or cell. There are four different types of handover in the GSM system, which involve transferring a call between

Channels (time slots) in the same cell,

Cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC),

Cells under the control of different BSCs, but belonging to the same Mobile services Switching Centre (MSC), and

Cells under the control of different MSCs.

The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signalling bandwidth, they are managed by the BSC without involving the Mobile service Switching Centre (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. Note that call control, such as provision of supplementary services and requests for further handoffs, is handled by the original MSC.

Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighbouring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, and is used by the handover algorithm. The algorithm, for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells. The 'minimum acceptable performance' algorithm [Bal91] gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and

more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell.

The 'power budget' method [Bal91] uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated.

38

Intra –MSC Handover

1. The MS determines that a handover is required, it sends the Measurement Report

message to the serving BSS. This message contains the signal strength measurements. 2. The serving BSS sends a Handover Request message to the MSC. This message contains a

rank-ordered list of the target BSSs that are qualified to receive the call. 3. The MSC reviews the global cell identity associated with the best candidate to determine if

one of the BSSs that it controls is responsible for the cell area. In this scenario the MSC determines that the cell area is associated with the target BSS. To perform an intra-MSC handover, two resources are required: a trunk between the MSC and the target BSS and a radio TCH in the new cell area. The MSC reserves a rank and sends a Handover Request message to the target BSS. This message includes the desired cell area for handover, the identity of the MSC-BSS trunk that was reserved, and the encryption key ( ).

4. The target BSS selects and reserves the appropriate resources to support the handover pending the connection execution. The target BSS sends a Handover Request Acknowledgment to the MSC. The message contains the new radio channel identification.

5. The MSC sends the Handover Command message to the serving BSS. In this message the new radio channel identification supplied by the target BSS is included.

6. The serving BSS forwards the Handover Command message t o the MS. 7. The MS retunes to the new radio channel and sends the Handover Access message to the

target BSS on the new radio channel.

8. The target BSS sends the Physical Information message to the MS. 9. The target BSS informs the MSC when it begins detecting the MS handing over with the

Handover Detected message. 10. The target BSS and the MS exchange messages to synchronize/align the Ms’s transmission in

the proper time slot. On the completion, the MS sends the Handover Completed message to the target BSS.

11. The MSC sends a Release message to other serving BSS to release the old radio TCH. 12. At this point, the serving BSS releases all resources with the MS and sends the Release

Complete message to the MSC.

LOCATION UPDATING AND CALL ROUTING

The MSC provides the interface between the GSM mobile network and the public fixed network. From the fixed network's point of view, the MSC is just another switching node. However, switching is a little more complicated in a mobile network since the MSC has to know where the mobile is currently roaming - and in GSM it could even be roaming in another country. The way GSM accomplishes location updating and call routing to the mobile is by using two location registers: the Home Location Register (HLR) and the Visitor Location Register (VLR).

Location updating is initiated by the mobile when, by monitoring the Broadcast Control Channel, it notices that the location area broadcast is not the same as the one previously stored in the mobile's memory. An update request and the IMSI or previous TMSI is sent to the new VLR via the new MSC. A Mobile Station Roaming Number (MSRN) is allocated and

39

sent to the mobile's HLR (which always keeps the most current location) by the new VLR. The MSRN is a regular telephone number that routes the call to the new VLR and is subsequently translated to the TMSI of the mobile. The HLR sends back the necessary call -control parameters, and also sends a cancel message to the old VLR, so that the previous MSRN can be reallocated. Finally, a new TMSI is allocated and sent to the mobile, to identify it in future paging or call initiation requests.

With the above location updating procedure, call routing to a roaming mobile is easily performed. The most general case is where a call from a fixed network (Public Switched Telecommunications Network or Integrated Services Digital Network) is placed to a mobile subscriber. Using the Mobile Subscriber's telephone number (MSISDN, the ISDN numbering plan), the call is routed through the fixed land network to a gateway MSC for the GSM network (an MSC that interfaces with the fixed land network, thus requiring an echo canceller). The gateway MSC uses the MSISDN to query the Home Location Register, which returns the current roaming number (MSRN). The MSRN is used by the gateway MSC to route the call to the current MSC (which is usually coupled with the VLR). The VLR then converts the roaming number to the mobile's TMSI, and the cells under the control of the current BSC to inform the mobile broadcast a paging call.

VALUE ADDED SERVICES Call waiting:

With Call Waiting on a Hutch phone, you can receive and hold an incoming call when you are already talking to another person. When this service is activated, the network notifies you of a new incoming call while you have a call in progress, which means that if another person tries calling you midway through a conversation, he/she will hear a message informing him/her that your line is busy, while you will hear beeps at intervals.

Call Divert: In case you are busy in a meeting, or if your cell phone is switched off, you can forward incoming calls to a landline or another mobile phone - where someone can receive messages on your behalf. You can also forward an incoming call while speaking to someone. Voice response services: By using these services one can access information, download ringtones and logos, and more. For this one has to just dial and speak on a no. for the desired service. With Hutch World, one can enjoy a host of GPRS-based services exclusively on Hutch GPRS phone. From astrology to photo messaging, gaming, chat, news and even internet access.

40

Mail: One can now send an SMS - without even using a mobile phone, from wherever they are. All they need to do is type in their message and send it as e-mail. Roaming: Roaming is defined as the ability for a cellular customer to automatically make & receive voice calls, send & receive data, or access other services when travelling outside the geographical coverage area of the home network, by means of using a visited network. If the visited network is in the same country as the home network, this is known as National Roaming. If the visited network is outside the home country, this is known as International Roaming (the term Global Roaming has also been used). If the visited network operates on a different technical standard than the home network, this is known as Inter-standard roaming. GSM Roaming, which involves roaming between GSM networks, offers the convenience of a single number, a single bill and a single phone with worldwide access to over 205 countries. The convenience of GSM Roaming has been a key driver behind the global success of the GSM Platform.GSM Coverage Maps is a unique resource containing information supplied and approved by the members of the GSM Association. Network, Services and Roaming information are continually updated to reflect the evolving situation worldwide. Interactive coverage maps, updated quarterly, allow you to navigate to see where exactly you can

REFERENCES

1) Nokia Siemens networks.(n.d.). Retrieved from http://www.nokiasiemensnetworks.com/ 2) Introduction to cellular and gsm communications.(n.d.). Retrieved from http://www.gsmfavorites.com/documents/introduction/