aircom gsm training manual

Copyright 2002 AIRCOM International Ltd All rights reserved

AIRCOM Training is committed to providing our customers with quality instructor led Telecommunications Training. This documentation is protected by copyright. No part of the contents of this documentation may be reproduced in any form, or by any means, without the prior written consent of AIRCOM International. Document Number: P/TR/003/K011/4.4 This manual prepared by: AIRCOM International

Grosvenor House 65-71 London Road Redhill, Surrey RH1 1LQ ENGLAND Telephone: +44 (0) 1737 775700 Support Hotline: +44 (0) 1737 775777 Fax: +44 (0) 1737 775770 Web: http://www.aircom.co.uk

GSM TECHNOLOGY FOR ENGINEERS

GSM Technology for Engineers © AIRCOM International 2002 i

Table of Contents 1. Introduction to Cellular Systems

1.1 Introduction ...........................................................................................................1 1.2 Cellular Radio ........................................................................................................2 1.3 1st Generation Cellular Systems..............................................................................3 1.4 2nd Generation Cellular Systems .............................................................................5 1.5 GSM Development and Characteristics...................................................................7 1.6 Cellular Systems Subscriber Distribution .................................................................8 1.7 2.5G Characteristics ..............................................................................................9

2. Architecture Overview 2.1 Introduction .........................................................................................................11 2.2 GSM Identifiers ....................................................................................................12 2.3 General Architecture Overview .............................................................................13 2.4 The GSM Mobile Station (MS)..............................................................................14 2.5 The Base Station Subsystem (BSS). .....................................................................16 2.6 The Network Switching Subsystem (NSS) .............................................................17 2.7 GSM Interfaces....................................................................................................22 Self-Assessment Exerecises ................................................................................27

3. GSM Services 3.1 Introduction ........................................................................................................29 3.2 GSM Bearer Services...........................................................................................30 3.3 Teleservices ........................................................................................................32 3.4 Supplementary Services.......................................................................................33 3.5 Circuit-Switched Data (CSD) Services ...................................................................34 3.6 Short Message Service .......................................................................................35 3.7 USSD Data Services ............................................................................................37 Self-Assessment Exerecises ................................................................................41

4. The Air Interface 4.1 Introduction .........................................................................................................43 4.2 GSM Frequency Spectrum Allocation ....................................................................44 4.3 GSM Multiple Access Techniques .........................................................................50 4.4 GSM Air Interface Channels .................................................................................52 4.5 Frames and Multiframes .......................................................................................56 Self-Assessment Exercises ..................................................................................63

5. Protocols 5.1 Introduction .........................................................................................................65 5.2 The ISO 7-Layer OSI Model .................................................................................66 5.3 GSM Protocols Overview .....................................................................................67 5.4 GSM Transmission Protocols................................................................................69 5.5 GSM Signalling Protocols .....................................................................................71 5.6 GSM Air (Um) Interface Protocols .........................................................................73 5.7 GSM A-bis Interface Protocols ..............................................................................75 5.8 The GSM A Interface Protocols.............................................................................78

6. Speech and Channel Coding 6.1 Introduction .........................................................................................................79 6.2 Speech Coding Techniques ..................................................................................80 6.3 GSM Speech Coding ..........................................................................................81 6.4 Channel Coding Techniques .................................................................................83 6.5 GSM Channel Coding. .........................................................................................88 6.6 Interleaving..........................................................................................................89 6.7 Radio Burst Multiplexing…… .............. ………………………………………………..91 6.8 Summary of Coding Processes ………… ……………………………………………95 6.9 Radio Interface Modulation…..…………… ……………………………………………95

ii GSM Technology for Engineers © AIRCOM International 2002

7. Mobility Management 7.1 Introduction .........................................................................................................99 7.2 Mobility Management Procedures ....................................................................... 100 7.3 Network Areas ................................................................................................... 101 7.4 Mobility States ................................................................................................... 103 7.5 IMSI Attach/Detach............................................................................................ 104 7.6 Location Updating .............................................................................................. 107 7.7 Roaming ........................................................................................................... 109 7.8 TMSI Reallocation ............................................................................................. 110

8. Radio Resource Management 8.1 Introduction ....................................................................................................... 113 8.2 Radio Resource Connection Setup ..................................................................... 114 8.3 Cell Selection and Reselection ........................................................................... 115 8.4 Handovers......................................................................................................... 118

9. Call Management 9.1 Introduction ....................................................................................................... 123 9.2 Mobile Originated Calls ...................................................................................... 124 9.3 Mobile Terminated Calls..................................................................................... 125 9.4 Call Routing Examples ....................................................................................... 127 9.5 Echo Cancelling................................................................................................. 129 Self-Assessment Exercises ................................................................................ 131

10. GSM Security 10.1 Introduction ..................................................................................................... 133 10.2 Purposes of GSM Security................................................................................ 134 10.3 User Identity Confidentiality .............................................................................. 134 10.4 Authentication.................................................................................................. 135 10.5 User Data Confidentiality - Encryption ............................................................... 138 10.6 Signalling Data Confidentiality........................................................................... 140 Self-Assessment Exercises .............................................................................. 143

11. Billing Procedures Overview 11.1 Introduction ..................................................................................................... 145 11.2 Billing Principles............................................................................................... 146 11.3 Description of Call Components ........................................................................ 146 11.4 Charge Advice Information (CAI)....................................................................... 148 11.5 Advice of Charge (AoC) Calculations................................................................. 149 11.6 Call Detail Records .......................................................................................... 151 11.7 The Transferred Account Procedure (TAP) ........................................................ 152

12. GSM Evolution 12.1 Introduction ..................................................................................................... 155 12.2 High Speed Circuit Switched Data (HSCSD) ...................................................... 156 12.3 General Packet Radio Service (GPRS).............................................................. 157 12.4 Enhanced Data for nGSM Evolution (EDGE) ..................................................... 159

Appendix A - Solutions to Self Assessment Exercises Appendix B - Glossary of Terms

GSM Technology for Engineers © AIRCOM International 2002 iii

Course Objectives and Structure

Course ObjectivesCourse Objectives• Be familiar with the development of 2G mobile systems

• Describe the architecture of a GSM network

• Appreciate the main services provided within a GSM network

• Understand the various facets of the GSM air interface including, Access structures, frequency allocations, physical and logical channels

• Appreciate GSM transmission and signalling protocols

• Describe the methods of speech and error coding on the air interface

• Understand the principals mobility management

• Understand the principles of radio resource management

• Describe the processes involved in connection management

• Appreciate the security measures implemented by GSM

• Understand GSM mechanisms for customer billing

• Be familiar with the future evolution of GSM including 2G+ technologies

• Describe the evolution of GSM towards 3G systems

Day 1

1. Introduction to Cellular Systems

2. Architecture Overview

3. Services

4. The Air Interface

5. GSM Protocols

6. Speech and Channel Coding

Course OutlineCourse Outline

Day 2

7. Radio Resource Management

8. Mobility Management

9. Connection Management

10. Security

11. Billing Procedures Overview

12. GSM Evolution

iv GSM Technology for Engineers

© AIRCOM International 2002

Intentional Blank Page


GSM Technology for Engineers © AIRCOM International 2002 1

1. Introduction to Cellular Systems _________________________________________________________________________________

This section reviews the characteristics of first and second generation cellular systems and is followed by an overview of the functional blocks of GSM architecture, and its functional entities. Topics covered include:

• Cellular Radio • 1st generation cellular characteristics and systems • 2nd generation cellular characteristics and non-GSM systems • GSM development and characteristics • Worldwide roll-out of cellular systems and subscriber distribution

1.1 Introduction


2 GSM Technology for Engineers


_________________________________________________________________________________

Paging Control Centre

Paging Area

Paging Area

Mobile Radio NetworksMobile Radio Networks

• There are three major types of terrestrial mobile communications technologies:

PSTN

Cordless

• Cordless Communication:Users are provided limited mobility from a dedicated base station

• Paging:Brief numeric, alphanumeric or voice messages are sent to the subscriber typically using simultaneous broadcasting.

• Cellular:Users are provided wide area mobility from multiple base stations with handover permitted

MSC

Cellular

Cellular Radio Network CharacteristicsCellular Radio Network Characteristics

• Mobile Radio Network based on cellular structure for areas coverage

• Frequency reuse required due to limited frequency availability (frequency re-use patterns)

• Mobility between cell areas possible (handover)

1.2 Cellular Radio



Cellular GenerationsCellular Generations

The significant stages in the evolution of cellular radio systems is referred to in terms of generations:

• 1st Generation or 1G

• 2nd Generation or 2G• 2.5G

• 3rd Generation or 3G

• 4th Generation or 4Gtime

Data rate

Progress of data rates with time and generation

1978 1992 2000 2002 ?

_________________________________________________________________________________

1st Generation Cellular Characteristics1st Generation Cellular Characteristics

• Widespread Introduction in early 1980s

• Analogue modulation

• Frequency Division Multiple Access

• Voice traffic only

• No inter-network roaming possible

• Insecure air interface

The 1st Generation of Cellular Technology makes use of analogue modulation techniques such as FM

1.3 1st Generation Cellular Systems




In early networks, the emphasis was to provide radio coverage with little consideration for the number of calls to be carried. As the subscriber base grew, the need to provide greater traffic capacity had to be addressed.

1st Generation Standards1st Generation Standards

• AMPS (Analogue Advanced Mobile Phone System)• North American Standard in cellular band (800MHz)

• TACS (Total Access Communications System)• UK originated Standard based on AMPS in 900MHz band

• NMT (Nordic Mobile Telephony System)• Scandinavian Standard in 450MHz and 900MHz bands

• C-450• German Standard in 450MHz band

• JTACS (Japanese Total Access Communications System)• Japanese Standard in 900MHz band

Analogue/AMPS

Nokia 252

1st Generation Planning1st Generation Planning

• Macrocellular• High sites for coverage driven planning

• Antennas above roof height

• Frequency planning required• For networks with more cells than frequencies

these must be planned

• Large cell size • Order 30km

• Hard handover• Mobile only ever connected to a single cell

• Hexagonal Grid Representation The above diagram shows how different

frequencies are used in different cells in a cellular network

F2

F1

F4

F5

F3



The First Generation

The First Generation -- ProblemsProblems

• Problems with the analog systems included:• Limited capacity – could not cope with increase in subscribers

• Bulky equipment

• Poor reliability

• Lack of security – air interface analogue signals could be intercepted

• Incompatibility between systems in different countries - no roaming

• To improve on the analog systems, the European Conference of Posts and Telecommunications Administrations (CEPT) established ‘Groupe SpecialeMobile’ (GSM) to set a new standard

• The system developed became the Global System for Mobile Communications (also GSM)

Digital systems offer considerable advantages in terms of capacity and security and introduce new possibilities for data traffic.

2nd Generation Characteristics2nd Generation Characteristics

• Widespread Introduction in 1990’s

• Uses digital modulation

• Variety of multiple access strategies

• More efficient use of radio spectrum

• Voice and low rate circuit switched data

• International roaming capability

• Secure air interface

• Compatibility with ISDN

000110100110

1110

0100

1111

000

0010010111100111100010110000010010

0

1.4 2nd Generation Cellular Systems




While first generation systems used a cellular structure and frequency re-use patterns, digital systems developed this concept to include multi-layer cellular patterns (microcells and macrocells). The greater immunity to interference inherent in digital transmission allowed tighter frequency re-use patterns to be implemented.

cdmaOnecdmaOne CharacteristicsCharacteristics

• First networks in 1996

• Derived from Qualcomm IS-95 air interface

• Largely American subscriber base with some Asian networks

• Code Division Multiple Access• The closest 2nd generation standard to

many of the 3rd generation standards

• ANSI-41 core network• Chip rate of 1.2288Mcps

cdmaOne phones

DD--AMPS/PDC CharacteristicsAMPS/PDC Characteristics

• TDMA (D-AMPS)• North American TDMA/FDMA based

standard based upon AMPS

• Predominantly used in North and South America

• ANSI-41 Core Network

• Planning Similar to GSM

• PDC• Japanese TDMA/FDMA based

standard

• Predominantly used in Asia

• Planning Similar to GSM

TDMA and PDC phones



Originally GSM referred to the European working party set up to establish a new standard (‘Groupe Speciale Mobile’) but was later amended to reflect a more global application (Global System for Mobile communications).

Cellular StructureCellular Structure

• The aim of a cellular system is to make best use of the available frequencies (spectrum)

• The cellular structure allows the re-use of frequencies across the network

• Planning the pattern of this frequency re-use is a key part of the system design

• Hexagonal pattern best represents interlocking grid of cells

GSM PlanningGSM Planning

• Key Network planning parameters• Coverage – getting a usable radio signal to all areas in the

network

• Capacity – handling the call traffic generated by the subscribers • Quality – low interference, few calls dropped etc.

• Optional parameters requiring planning• Hierarchical Cell Structures (macrocell/microcell)• Frequency Hopping

• Discontinuous Transmission

• Power Control

• Subscriber/traffic analysis• Capacity limited by number of TRX’s

Cellular networks can use microcells to provide additional capacity

F2

F1

F4

F5

F3

1.5 GSM Development and Characteristics




Worldwide Mobile Communications SystemsWorldwide Mobile Communications Systems

Subscribers (x million)

Source:Wideband CDMA for 3rd Generation Mobile Communications, Artech House, 1998

0100200300400500600700

1991

1993

1995

1997

1999

2001

Second Generation - DAMPS

Second Generation - PDC

Second Generation - GSM

Second Generation - cdmaOne

First Generation - Analogue

Worldwide Mobile Subscriber DistributionWorldwide Mobile Subscriber Distribution

Source: Third Generation Mobile Communications Artech House, 2000

Subscribers (x million)

0

500

1000

1500

2000

1995 2000 2005 2010

European Union Countries

North America

Asia Pacific

Rest of World

1.6 Cellular Systems Subscriber Distribution



2.5G Characteristics2.5G Characteristics

• Available now...

• Digital modulation

• Voice and intermediate rate circuit/packet switched data

• 2G technology roaming

• Secure air interface

• Based upon existing dominant 2G standards such as GSM and cdmaOne

• Enhanced data rates

1.7 2.5G Characteristics




SummarySummary

This Section has covered:

• Cellular Radio in context with other wireless systems

• Cellular Radio Characteristics• 1st Generation Cellular Systems• 2nd Generation Cellular Systems• GSM-specific Characteristics• Cellular User Distribution

• 2.5 G Characteristics




_________________________________________________________________________________

This section of the course provides an overview of the GSM network architecture. This includes a brief explanation of the different network subsystems and a description of the functionality of the elements within each of the se subsystems. Topics include:

• A General architecture overview • The Mobile Station (MS) Subsystem and Elements • The Base Station Subsystem (BSS) and Elements • The Network Subsystem (NSS) and Elements • Introduction to network interfaces

2.1 Introduction




________________________________________________________________________________

GSM IdentifiersGSM Identifiers

• IMEI – International Mobile Equipment Identifier

• IMSI – International Mobile Subscriber Identifier

• TMSI –Temporary Mobile Subscriber Identity

• MSISDN – Mobile Subscriber ISDN number

• MSRN – Mobile Station Roaming Number

• LAI – Location Area Identity

• CI – Cell Identifier

• BSIC – Base Station Identity Code

2.2.1 IMEI – INTERNATIONAL MOBILE EQUIPMENT IDENTIFIER. The IMEI is an internationally-unique serial number allocated to the MS hardware at the time of manufacture. It is registered by the network operator and (optionally) stored in the AuC for validation purposes. 2.2.2 IMSI – INTERNATIONAL MOBILE SUBSCRIBER IDENTIFIER When a subscriber registers with a network operator, a unique subscriber IMSI identifier is issued and stored in the SIM of the MS. An MS can only function fully if it is operated with a valid SIM inserted into an <MS with a valid IMEI. 2.2.3 TMSI –TEMPORARY MOBILE SUBSCRIBER IDENTITY A TMSI is used to protect the true identity (IMSI) of a subscriber. It is issued by and stored within a VLR (not in the HLR) when an IMSI attach takes place or a Location Area (LA) update takes place. At the MS it is stored in the MS’s SIM. The issued TMSI only has validity within a specific LA. 2.2.4 MSISDN – MOBILE SUBSCRIBER ISDN NUMBER The MSISDN represents the ‘true’ or ‘dialled’ number associated with the subscriber. It is assigned to the subscriber by the network operator at registration and is stored in the SIM. It is possible for an MS to hold multiple MSISDNs, each associated with a different service.

2.2 GSM Identifiers



2.2.5 MSRN – MOBILE STATION ROAMING NUMBER The MSRN is a temporary, location-dependant ISDN number issued by the parent VLR to all MSs within its area of responsibility. It is stored in the VLR and associated HLR but not in the MS. The MSRN is used by the VLR-associated MSC for call routing within the MSC/VLR service area. 2.2.6 LAI – LOCATION AREA IDENTITY Each Location Area within the PLMN has an associated internationally-unique identifier (LAI). The LAI is broadcast regularly by BTSs on the Broadcast Control Channel (BCCH), thus uniquely identifying each cell with an associated LA. The purpose of LAs is covered later in this course. 2.2.7 CI – CELL IDENTIFIER The CI an identifier assigned to each cell within a network. However, the CI is only unique within a specific Location Area. When combined with the internationally unique LAI for its associated LA, the Global Cell Identity (GCI) is produced which is also internationally unique. 2.2.8 BSIC – BASE STATION IDENTITY CODE Each BTS is issued with a unique identity, the BSIC and is used to distinguish neighbouring BTSs.

_________________________________________________________________________________

GSM Architecture OverviewGSM Architecture Overview

BTSBTS BSCBSC

HLRHLR

MSCMSC AuCAuC

EIREIR

PSTNPSTN

TRXTRX

Air Interface Air Interface (Um)(Um)

BSSBSS

OMCOMC

A Interface A Interface AbisAbis Interface Interface

MSMS

MSMS

MSMS

VLRVLR

NSSNSS

2.3 General Architecture Overview




A GSM network is made up of three subsystems:

• The Mobile Station (MS) • The Base Station Sub-system (BSS) – comprising a BSC and several BTSs • The Network and Switching Sub-system (NSS) – comprising an MSC and associated

registers The interfaces defined between each of these sub systems include:

• 'A' interface between NSS and BSS • 'Abis' interface between BSC and BTS (within the BSS) • 'Um' air interface between the BSS and the MS

Abbreviations: MSC – Mobile Switching Centre BSS – Base Station Sub-system BSC – Base Station Controller HLR – Home Location Register BTS – Base Transceiver Station VLR – Visitor Location Register TRX – Transceiver AuC – Authentication Centre MS – Mobile Station EIR – Equipment Identity Register OMC – Operations and Maintenance Centre PSTN – Public Switched Telephone Network

_________________________________________________________________________________

The Mobile Station (MS) consists of the physical equipment used by a PLMN subscriber to connect to the network. It comprises the Mobile Equipment (ME) and the Subscriber Identity Module (SIM). The ME forms part of the Mobile Termination (MT) which, depending on the application and services, may also include various types of Terminal Equipment (TE) and associated Terminal Adapter (TA).

GSM Mobile Terminal (MT)GSM Mobile Terminal (MT)

TETE MSMS

Mobile Terminal (MT)Mobile Terminal (MT)

TE - Terminal EquipmentTA - Terminal AdaptorMS - Mobile StationME - Mobile EquipmentSIM - Subscriber Identity Module

Base StationBase StationSubsystemSubsystem

S S UUmmInterfaceInterface

GSM Core GSM Core NetworkNetwork

AAInterfaceInterface

MEMESIMSIM

T A

Reference PointsReference Points

R R

2.4 The GSM Mobile Station (MS)



The two parts of the mobile station allow a distinction between the actual equipment and the subscriber who is using it. The IMSI identifies the subscriber within the GSM network while the MS ISDN is the actual telephone number a caller (possibly in another network) uses to reach that person.

The Mobile Station (MS)The Mobile Station (MS)

• The mobile station consists of:• mobile equipment (ME)

• subscriber identity module (SIM)

• The SIM stores permanent and temporary data about the mobile, the subscriber and the network, including:

• The International Mobile Subscribers Identity (IMSI)• MS ISDN number of subscriber

• Authentication key (Ki) and algorithms for authentication check

• The mobile equipment has a unique International Mobile Equipment Identity (IMEI), which is used by the EIR

Security is provided by the use of an authentication key (explained later in this section) and by the transmission of a temporary subscriber identity (TMSI) across the radio interface where possible to avoid using the permanent IMSI identity.

Mobile Station Power ClassesMobile Station Power Classes

36 (4W)480DCS class 3

24 (.25W)30DCS class 2

30 (1W)120DCS class 1

29 (0.8W)96GSM class 5

33 (2W)240GSM class 4



dBmPower mW

Full RateMS Class

Power ( mW) = Nominal maximum mean power output (milliwatts)

GSM class 1 – deleted under GSM Phase 2 Specification

Source: ETSI GSM 02.06 (Version 4.5.2)Power (dBm) = Maximum power output in dBm (+watts)




The IMEI may be used to block certain types of equipment from accessing the network if they are unsuitable and also to check for stolen equipment.

A number of GSM terminal types are defined within the GSM Specification. They are distinguished primarily by their power output rating. Mobile terminals are only specified for GSM classes 3 and 4 and DCS classes 1 and 2. The other classes are intended for static or vehicle-mounted installations

_________________________________________________________________________________

The Base Station System (BSS) is the system of base station equipments (transceivers, controllers, etc) which is viewed by the MSC through a single A-interface as being the entity responsible for communicating with Mobile Stations in a certain area. The radio equipment of a BSS may support one or more cells. A BSS may consist of one or more base stations, where an A-bis-interface is implemented. The BSS consists of one Base Station Controller (BSC) and one or more Base Transceiver Station (BTS).

The Base Station SubThe Base Station Sub--System (BSS)System (BSS)• The BSS comprises:

• Base Station Controller (BSC) • One or more Base Transceiver Stations (BTSs)

• The purpose of the BTS is to:• provide radio access to the mobile stations• manage the radio access aspects of the system

• BTS contains: • Radio Transmitter/Receiver (TRX)• Signal processing and control equipment• Antennas and feeder cables

• The BSC:• allocates a channel for the duration of a call • maintains the call:

• monitors quality• controls the power transmitted by the BTS or MS• generates a handover to another cell when required

• Siting of the BTS is crucial to the provision of acceptable radio coverage

BSCBSC

BTS

BTS

BTS

BSSBSS

BTS

A Base Station Controller (BSC) is a network component in the PLMN with the functions for control of one or more BTS. A Base Transceiver Station (BTS) is a network component which serves one cell.

2.5 The Base Station Subsystem (BSS)



BSS Network TopologiesBSS Network Topologies

• Chain: cheap, easy to implement• One link failure isolates several BTSs

• Ring: Redundancy gives some protection if a link fails

• More difficult to roll-out and extend

• ring must be closed

• Star: most popular configuration for first GSM systems

• Expensive as each BTS has its own link

• One link failure always results in loss of BTS

BSC

BSC

BSC

Base stations are linked to the parent BSC in one of several standard network topologies. The actual physical link may be microwave, optical fibre or cable. Planning of these links may be done using a tool such as Connect

2.6.1 NSS OVERVIEW

Network Switching System (NSS)Network Switching System (NSS)

• Key elements of the NSS:

• Mobile Switching Centre (MSC) with:• Visitor Location Register (VLR)• Home Location Register (HLR) with:

• Authentication Centre (AuC)

• Equipment Identity Register (EIR)• Gateway MSC (GMSC)

• These elements are interconnected by means of an SS7 network

EIR

PSTN/ISDN

SS7 Network

MSC

VLR

HLR

AuC

GMSC

2.6 The Network Switching Subsystem (NSS)




The NSS combines the call routing switches (MSCs and GMSC) with database registers required to keep track of subscribers’ movements and use of the system. Call routing between MSCs is taken via existing PSTN or ISDN networks. Signalling between the registers uses Signalling System No. 7 protocol.

2.6.2 THE MOBILE SWITCHING CENTRE (MSC)

The Mobile-services Switching Centre is an exchange which performs all the switching and signalling functions for mobile stations located in a geographical area designated as the MSC area. The main difference between a MSC and an exchange in a fixed network is that the MSC has to take into account the impact of the allocation of radio resources and the mobile nature of the subscribers and has to perform in addition, at least the following procedures:

• procedures required for location registration (details in GSM 03.12); • procedures required for handover (details in GSM 03.09).

Mobile Switching Centre (MSC)Mobile Switching Centre (MSC)

Functions of the MSC:

• Switching calls, controlling calls and logging calls

• Interface with PSTN, ISDN, PSPDN

• Mobility management over the radio network and other networks

• Radio Resource management - handovers between BSCs

• Billing Information

MSC

VLR

2.6.3 THE VISITOR LOCATION REGISTER (VLR) A Visitor Location Register is a database serving temporary subscribers within an MSC area. Each MSC in the network has an associated VLR but a VLR may serve many MSCs. A mobile station roaming in an MSC area is controlled by the VLR associated with that MSC. When a Mobile Station (MS) enters a new location area it starts a registration procedure. The MSC in charge of that area notices this registration and transfers the identity of the location area where the MS is situated to the VLR. If this MS is no yet registered, the VLR and the HLR exchange information to allow the proper handling of calls involving the MS.



Visitor Location Register (VLR)Visitor Location Register (VLR)

• Each MSC has a VLR

• VLR stores data temporarily for mobiles served by the MSC

• Information stored includes:• IMSI

• MSISDN

• MSRN

• TMSI

• LAI• Supplementary service parameters

MSC

VLR

The VLR contains also the information needed to handle the calls set-up or received by the MSs registered in its data base. The following elements are included:

• the International Mobile Subscriber Identity (IMSI); • the Mobile Station International ISDN number (MSISDN); • the Mobile Station Roaming Number (MSRN) • the Temporary Mobile Station Identity (TMSI), if applicable; • the Local Mobile Station Identity (LMSI), if used; • the location area where the mobile station has been registered. This data item will be

used to call the station.

2.6.4 THE HOME LOCATION REGISTER (HLR) The HLR is a database in charge of the management of mobile subscribers. A PLMN may contain one or several physical HLRs depending on the number of mobile subscribers, the capacity of the equipment and the organization of the network. However, even if the HLR comprises geographically separated hardware, it logically forms a single virtual database. Two kinds of information are stored there:

• the subscription information; • location information enabling the charging and routing of calls towards the MSC

where the MS is located (e.g. the MS Roaming Number, the VLR address, the MSC address, the Local MS Identity).

Two types of number are attached to each mobile subscription and are stored in the HLR:

• the International Mobile Station Identity (IMSI); • one or more Mobile Station International ISDN number(s) (MSISDN).




Home Location Register (HLR)Home Location Register (HLR)

• Stores details of all subscribers in the network , such as:• Subscription information

• Location information: mobile station roaming number, VLR, MSC

• International Mobile Subscriber Identity (IMSI)• MS ISDN number

• Tele-service and bearer service subscription information

• Service restrictions

• Supplementary services

• Together with the AuC, the HLR checks the validity and service profile of subscribers

HLR

AuC

The IMSI or the MSISDN may be used as a key to access the information in the database for a mobile subscription.

HLR ImplementationHLR Implementation

• One HLR in a network

• May be split regionally

• Stores details of several thousand subscribers

• Stand alone computer - no switching capabilities

• May be located anywhere on the SS7 network

• Combined with AuC

HLR

AuC



The data base can also contain other information such as: • teleservices and bearer services subscription information; • service restrictions (e.g. roaming limitation); • supplementary services; the HLR contains the parameters attached to these services.

Supplementary services parameters need not all be stored in the HLR. However, it is considered safer to store all subscription parameters in the HLR even when some are stored in a subscriber card.

The organization of the subscriber data is outlined in the ETSI GSM 03.08 Recommendation. Notice that the VLR stores the current Location Area of the subscriber, while the HLR stores the MSC/VLR they are currently under. This information is used to page the subscriber when they have an incoming call.

2.6.5 THE AUTHENTICATION CENTRE (AuC) The Authentication Centre (AuC) is associated with an HLR, and stores an identity key for each mobile subscriber registered with the associated HLR. This key is used to generate:

• data which are used to authenticate the IMSI; • a key used to cipher communication over the radio path between the mobile station

and the network. The procedures used for authentication and ciphering are described more fully in the security section of this course and in the ETSI GSM 03.20 recommendation. 2.6.6 THE GATEWAY MOBILE SWITCHING CENTRE (GMSC)

Gateway Mobile Switching Centre (GMSC)Gateway Mobile Switching Centre (GMSC)

• A Gateway Mobile Switching Centre (GMSC) is a device which routes traffic entering a mobile network to the correct destination

• The GMSC accesses the network’s HLR to find the location of the required mobile subscriber

• A particular MSC can be assigned to act as a GMSC

• The operator may decide to assign more than one GMSC

GMSC




The GMSC routes calls out of the network and is the point of access for calls entering the network from outside.

If a network, delivering a call to the PLMN cannot interrogate the HLR directly, the call is routed to an MSC. This MSC will interrogate the appropriate HLR and then route the call to the MSC to which the mobile station is affiliated. The MSC which performs the routing function to the actual location of the MS is called the Gateway MSC (GMSC). The choice of which MSCs can act as Gateway MSCs is for the operator to decide (i.e. all MSCs or some designated MSCs). 2.6.7 THE EQUIPMENT IDENTITY REGISTER

Equipment Identity Register (EIR)Equipment Identity Register (EIR)

• EIR is a database that stores a unique InternationalMobile Equipment Identity (IMEI) number for each item of mobile equipment

• The EIR controls access to the network by returning the status of amobile in response to an IMEI query

• Possible status levels are:• White-listed The terminal is allowed to connect to the network.

• Grey-listed The terminal is under observation by the network for possible problems.

• Black-listed The terminal has either been reported stolen, or is not a type approved for a GSM network.

The terminal is not allowed to connect to the network.

EIR

The EIR contains one or several databases which store(s) the IMEIs used in the GSM system. The mobile equipment may be classified as "white listed", "grey listed" and "black listed" and therefore may be stored in three separate lists. An IMEI may also be unknown to the EIR. The EIR contains, as a minimum, a "white list" (Equipment classified as "white listed"). There is an optional implementation that may be used by the operator to control access to the network by certain types of equipment or to monitor lost or stolen handsets.



________________________________________________________________________________

AuCAuC

GSM Network InterfacesGSM Network Interfaces

BTSBTS BSCBSC

HLRHLR

MSCMSC

EIREIR

TRXTRX

BSSBSSMSMS

MSMS

MSMSVLRVLR

NSSNSS

CC

DD

FF

HHBB

AA

UUmm

AAbisbis

2.7.1 THE A (MSC-BSS) INTERFACE

The interface between the MSC and its BSS is specified in the 08-series of GSM Technical Specifications. The BSS-MSC interface is used to carry information concerning:

• BSS management; • call handling; • mobility management.

2.7.2 THE Abis (BSC-BTS) INTERFACE

When the BSS consists of a Base Station Controller (BSC) and one or more Base Transceiver Stations (BTS), this interface is used between the BSC and BTS to support the services offered to the GSM users and subscribers. The interface also allows control of the radio equipment and radio frequency allocation in the BTS. This interface is specified in the 08.5x-series of GSM Technical Specifications. 2.7.3 THE B (MSC-VLR) INTERFACE The VLR is the location and management data base for the mobile subscribers roaming in the area controlled by the associated MSC(s). Whenever the MSC needs data related to a given mobile station currently located in its area, it interrogates the VLR. When a mobile station initiates a location updating procedure with an MSC, the MSC informs its VLR which stores the relevant information.

2.7 GSM Interfaces




This procedure occurs whenever an MS roams to another location area. Also, when a subscriber activates a specific supplementary service or modifies some data attached to a service, the MSC informs (via the VLR) the HLR which stores these modifications and updates the VLR if required. 2.7.4 THE C (MSC-HLR) INTERFACE The Gateway MSC must interrogate the HLR of the required subscriber to obtain routing information for a call or a short message directed to that subscriber. 2.7.5 THE D (HLR-VLR) INTERFACE This interface is used to exchange the data related to the location of the mobile station and to the management of the subscriber. The main service provided to the mobile subscriber is the capability to set up or to receive calls within the whole service area. To support this, the location registers have to exchange data. The VLR informs the HLR of the location of a mobile station managed by the latter and provides it (either at location updating or at call set-up) with the roaming number of that station. The HLR sends to the VLR all the data needed to support the service to the mobile subscriber. The HLR then instructs the previous VLR to cancel the location registration of this subscriber. Exchanges of data may occur when the mobile subscriber requires a particular service, when he wants to change some data attached to his subscription or when some parameters of the subscription are modified by administrative means. 2.7.6 THE E (MSC-MSC) INTERFACE When a mobile station moves from one MSC area to another during a call, a handover procedure has to be performed in order to continue the communication. For that purpose the MSCs have to exchange data to initiate and then to realize the operation. After the handover operation has been completed, the MSCs will exchange information to transfer A-interface signalling as necessary. When a short message is to be transferred between a Mobile Station and Short Message Service Centre (SC), in either direction, this interface is used to transfer the message between the MSC serving the Mobile Station and the MSC which acts as the interface to the SC. 2.7.7 THE F (MSC-EIR) INTERFACE This interface is used between MSC and EIR to exchange data, in order that the EIR can verify the status of the IMEI retrieved from the Mobile Station. 2.7.8 THE G (VLR-VLR) INTERFACE When a mobile subscriber moves from a VLR area to another Location Registration procedure will happen. This procedure may include the retrieval of the IMSI and authentication parameters from the old VLR.



2.7.9 THE H (HLR-AuC) INTERFACE When an HLR receives a request for authentication and ciphering data for a Mobile Subscriber and it does not hold the requested data, the HLR requests the data from the AuC. The protocol used to transfer the data over this interface is not standardized. 2.7.10 THE Um (MS-BTS) INTERFACE The interface between the MS and the BSS is specified in the 04- and 05-series of GSM Technical Specifications.

SummarySummary

BTSBTS BSCBSC

HLRHLR

MSCMSC

AuCAuC

EIREIRPSTNPSTN

TRXTRX

Air Interface Air Interface (Um)(Um)

BSSBSS

OMCOMCA Interface A Interface AbisAbis Interface Interface

MSMS

MSMS

MSMS

VLRVLR

This section has covered:

• General GSM Architecture Overview

• GSM Network Components including

• The Mobile Station

• The Base Station Subsystem

• The Network Subsystem

• GSM Network Interfaces Overview

• The Base Station Sub-system

• The Network Switching System



Section 2 Self-Assessment Exercises Exercise 2.1 – GSM Architecture The following exercises tests your understanding of GSM architecture as applied to a small network. Here is a screen shot from Asset showing the site database of a small network:

Sites 22 and 23 are connected in a star configuration to the BSC. Sites 25, 26 and 27 are connected in a chain. Draw a full architecture diagram for this network, showing all BSS and NSS elements and their connections.

3. GSM Services


3. GSM Services

_____________________________________________________________________

The services offered by GSM are based on those of the fixed-line ISDN services and are therefore, as with ISDN, the GSM services are divided into three categories

• Bearer Services • Teleservices • Supplementary Services

In addition, this section will look at the current (2G) data services offered by GSM including:

• Circuit Switched Data (CSD) • Unstructured Supplementary Service Data (USSD) • Short Message Service (SMS)

Each of these services will be described in this section of the course

3.1 Introduction

3. GSM Services



GSM ServicesGSM Services

GSM Network Transit Network Terminating Network

Teleservices

PLMN Section Section outside PLMN

Bearer Services

TE

TE

IWF

TE

Bearer services provide the transmission capability between various elements of the overall transmission path. These bearer services carrying end-to-end teleservices. The Interworking Functions (IWF) are required to provide the mapping of GSM PLMN services to fixed (e.g. PSTN/ISDN) services. As teleservices are end-to-end, they are generally transparent to the IWF.

_____________________________________________________________________

GSM Bearer Services

GSM Bearer Services

• Bearer Services represent layers 1-3 of the OSI Model• Transparently transports application data between TEs

• Bearer Services are uniquely numbered (BSxx)

• Data transfer bearer services currently defined for GSM include:• Asynchronous circuit-switched data (BS 21-26)

• Synchronous circuit-switched data (BS 31-34)• PAD access (BS 41-46)

• Packet data (BS 51-53)

• Alternate speech and data (BS 61)

• Speech followed by Data (BS 81)

3.2 GSM Bearer Services

3. GSM Services


GSM bearer services refer to those services provided to transport binary data across the GSM network. They represent the functionality of layers 1 to 3 of the OSI 7-layer model. Both circuit switched (BS21-34) and packet switched (BS 41-53) data bearer services are supported. The packet data services are in the form of asynchronous access to PADs (BS41-44) or as direct synchronous packet access (BS 51-53). Two modes of bearer services are offered; Transparent (T) or Non-Transparent (NT). The transparent mode services provide a circuit-switched connection between the TE and the IWF module. They are generally constant bit rate and are only forward error protected (FEC). Non-transparent mode services are protected by level 2 error protection over the air interface using a Radio Link Protocol (RLP). This protocol terminated at the MSC and uses backward (ARQ) error protection. Non-transparent mode operation generally offers a more reliable transmission path but at lower potential data rates than transparent mode services.

GSM Bearer Service CharacteristicsGSM Bearer Service Characteristics

• Each Bearer Service is uniquely identified by its characteristics which include:

• Service Type (data, PAD, packet etc)

• Structure (asynch, synch)• Bit Rate (300-14400 bps)

• Mode (transparent, non-transparent)

• Transmission (Unrestricted Data Information (UDI) or 3.1kHz)

Bearer services 21-53 are further categorised into Unrestricted Digital Information (UDI) or 3.1kHz. The distinction is only important when operating outside the PLMN i.e. what type of Interworking functions needs to be implemented. The distinction is whether the data should be handled as the equivalent of 3.1kHz bandwidth audio signals over a modem or raw data over a digital link. The last two categories of bearer services shown in the diagram above refer to services which enable switching between voice and data during a session. BS 61 refers to the ability change between voice and data at will during a session (‘alternate voice and data’). BS 81 refers to the ability to initiate a call in voice and then switch to data (‘speech followed by data’)

3. GSM Services



_____________________________________________________________________

GSM defines a number of teleservices for use over the bearer services. These teleservices are generally end-to-end user applications and are therefore transparent to their transporting bearer services.

GSM TeleservicesGSM Teleservices

• Teleservices are end-to-end subscriber services

• Each teleservice is uniquely defined by a TS number (TS xx)

• Teleservices currently defined for GSM include:• Speech (TS 11-12)

• Short Message Service - SMS (TS 21-23)

• Message Handling Systems - MHSs (TS 31)• Videotext (TS 41-43)

• Teletext (TS 51)

• Fax (TS 61-62)

Speech TeleservicesSpeech Teleservices

Two categories of Speech Teleservices:• Standard telephone services (TS 11)

• Transmission of speech information and fixed network signalling tones• Transmission can be mobile originated as well as mobile terminated

• Emergency Service (TS12)• Provides standard access to the emergency services irrespective of the country

in which the call is made• Mandatory in GSM networks• May be initiated from a mobile without a SIM • Emergency calls can override any locked state the phone may be in• Uses a standard access to the emergency call (112) as well as the national

emergency call code• If the national emergency code is used the SIM must be present

3.3 Teleservices

3. GSM Services


The teleservices introduced as part of Phase 1 GSM included: • Full rate speech • Emergency (speech) calls • SMS P-P and SMS Cell Broadcast (SMSCB) • Telefax • Voice/Fax mail

Phase 2 GSM provided the following additional teleservices:

• Half-rate speech • Improvements to SMS • Group 3 fax capability

_____________________________________________________________________

A supplementary service modifies or supplements a basic teleservice. Consequently, it cannot be offered to a customer as a stand alone service, only in association with a basic teleservice. The same supplementary service may be applicable to a number of teleservices.

Supplementary ServicesSupplementary Services

• Correspond to ISDN supplementary services

• Are used only in connection with a teleservice• Examples of supplementary services include:

• Call forwarding

• Call Barring (incoming/outgoing calls)

• Call hold - interrupting a call - normal telephony only

• Call waiting - notification of new incoming call during another call• Multi-party service - simultaneous conversation between 3 - 6 subscribers

• Calling line identification (CLI) - presentation of callers number

• Closed user groups - group of users who can only call each other and certain specified numbers

• Advice of charge - estimates of billing data

3.4 Supplementary Services

3. GSM Services



Supplementary Service Groups

Supplementary Service Group GSM Specification Call Deflection 02.72 Number Identifier 02.81 Call Offering 02.82 Call Completion 02.83 Multi-party 02.84 Commonality 02.85 User-to-user 02.87 Charging 02.86 Call Restriction 02.88 Precedence & Pre-emption 02.67 Call Transfer 02.91

_____________________________________________________________________

Circuit switched data falls within the Bearer Services category and more specifically to services (BS 21-26). Both asynchronous (BS 21-26) and synchronous (BS 31-34) options are available and each data rate (other than 1200bps synch) can operate in transparent or non -transparent mode (see Section 3.2 above for further explanation).

Circuit Switched DataCircuit Switched Data

• Two modes defined:• Non-Transparent (error correction + flow control)

• Transparent (no error protection and flow control)

• PSTN access (V.32)

• ISDN access (V.110)

• Session-oriented

• Limited to 9k6 (phase 1) or 14k4 (phase 2) per timeslot

3.5 Circuit Switched Data (CSD) Service

3. GSM Services


Circuit Switched Data ServicesCircuit Switched Data Services

T or NT960034

T or NT480033

T or NT240032

T120031Synch

T or NT960026

T or NT480025

T or NT240024

T or NT1200/7523

T or NT120022

T or NT30021Asynch

ModeBit RateBS no.Structure

T = Transparent ModeNT = Non-transparent Mode

_____________________________________________________________________

SMS is a service that allows subscribers to send short messages (up to 160 characters) to other mobile subscribers. Rather than having to set up a call on a traffic channel, SMS uses spare capacity on the Standalone Dedicated Control Channel (SDCCH).

Short Message Service (SMS) Short Message Service (SMS)

• Categorised under GSM as a Teleservice

• Text-based messaging

• Uses GSM signalling channels (SDCCH) .

• 160-character messages

• Uses store-and-forward packet switching protocol

• Three SMS Teleservice types defined:

• TS 21 – Mobile terminated point-to-point messaging

• TS 22 – Mobile originated point-to-point messaging

• TS 23 – Short Message cell broadcast (SMSCB)

3.6 Short Message Service (SMS)

3. GSM Services



SMS is classified as a GSM Teleservice and three SMS teleservices (TS21-23) have been defined:

• TS 21 – Mobile terminated point-to-point messaging. A mobile can terminate an SMS message either from another MS or from the fixed network.

• TS 22 – Mobile originated point-to-point messaging. A mobile can send a message

either to another MS or into the fixed network (as an Email for example).

• TS23 – SMS Cell Broadcast (SMSCB). A more recent variation of SMS is SMSCB. SMSCB messages are generally broadcast only in a specific network region. An MS cannot initiate such a message and does not acknowledge receipt of one. Only MSs in idle mode can receive SMSCB messages. These messages differ from standard SMS messages in that they are only 92 characters long. However, procedures exist to concatenate up to 15 SMSCB messages using a special reassembly mechanism.

In order to implement SMS, a network operator must establish a SMS Service Centre which receives and processes SMS messages in a store-and-forward mode. Messages can be initiated in the fixed or mobile network and delivered to either the fixed or mobile network.

SMS ArchitectureSMS Architecture

SME

SME

SME

SME

SMSCSMC

GMSC SS7 NetworkSS7 Network

HLRHLR VLRVLR

MSC BSSBSS

Short Messaging Entities Short messaging entity (SME) is an entity which may receive or send short messages. The SME may be located in the fixed network, a mobile station, or another service centre. Short Message Service Centre Short message service centre (SMSC) is responsible for the relaying and store-and-forwarding of a short message between an SME and mobile station.

3. GSM Services


SMS Gateway Mobile Switching Centre The SMS–gateway mobile switching centre (SMS–GMSC) is an MSC capable of receiving a short message from an SMSC, interrogating a home location register (HLR) for routing information, and delivering the short message to the visited MSC of the recipient mobile station. The SMS interworking MSC (SMS–IWMSC) is an MSC capable of receiving a short message from the mobile network and submitting it to the appropriate SMSC. The SMS–GMSC/SMS–IWMSC are typically integrated with the SMSC. Home Location Register The HLR is a database used for permanent storage and management of subscriptions and service profiles. Upon interrogation by the SMSC, the HLR provides the routing information for the indicated subscriber. The HLR also informs the SMSC, which has previously initiated unsuccessful short message delivery attempts to a specific mobile station, that the mobile station is now recognized by the mobile network to be accessible. Mobile Switching Centre The MSC performs the switching functions of the system and controls calls to and from other telephone and data systems. Visitor Location Register The visitor location register (VLR) is a database that contains temporary information about subscribers. This information is needed by the MSC to service visiting subscribers. The Base Station System All radio-related functions are performed in the base-station system (BSS). The BSS consists of base-station controllers (BSCs) and the base-transceiver stations (BTSs), and its primary responsibility is to transmit voice and data traffic between the mobile stations. The Mobile Station The mobile station (MS) is the wireless terminal capable of receiving and originating short messages as well as voice calls. The wireless network signalling infrastructure is based on signalling system 7 (SS7). SMS makes use of the mobile application part (MAP), which defines the methods and mechanisms of communication in wireless networks, and uses the services of the SS7 transaction capabilities application part (TCAP). An SMS service layer makes use of the MAP signalling capabilities and enables the transfer of short messages between the peer entities.

_____________________________________________________________________

Unstructured Supplementary Services Data (USSD) is a means of transmitting information or instructions over a GSM network. USSD has some similarities with SMS since both use the GSM network's signalling path (the SDCCH). Unlike SMS, USSD is not a store and forward service and is session-oriented such that when a user accesses a USSD service, a session is established and the radio connection stays open until the user, application, or time out releases it. This has more in common with Data than SMS. USSD text messages can be up to 182 characters in length.

3.7 USSD Data Services

3. GSM Services



USSD is defined within the GSM standard in the documents GSM 02.90 (USSD Stage 1) and GSM 03.90 (USSD Stage 2). In USSD Stage 1, the interactions are initiated by the mobile phone. In USSD Stage 2, the application can also initiate USSD-based transactions.

Unstructured Supplementary Service Data (USSD) Unstructured Supplementary Service Data (USSD)

• Text-based messaging Service

• Uses GSM Signalling channels (SDCCH) .

• 182-character messages

• Session-oriented.

• No Store-and-Forward

Comparison of USSD and SMS Comparison of USSD and SMS

• USSD Advantages:• Up to seven times faster than SMS• Longer character messages than SMS (182 compared to 160)• Works on all existing GSM terminals• Supported by SIM Toolkit and WAP• Stage 2 can provide WAP-like features (on existing handsets)

• USSD Disadvantages:• No Store-and-Forward.• Additional loading on signalling channels• Session-oriented (Traffic loading and costs compared to SMS).• Stage 1 implementation not intuitive

3. GSM Services


Inadequacies Of Current Data ServicesInadequacies Of Current Data Services

• Slow data rates 9.6Kbps

• Large bills for passing data due to continuous call connection (CSD)

• Limited size of SMS/USSD messages

SummarySummary

This section has covered the following topics:

• Bearer Services

• Teleservices

• Supplementary Services

• Data Services (CSD, USSD, SMS)

3. GSM Services




3. GSM Services


Section 3 Self-Assessment Exercises Exercise 3.1 – SMS vs USSD Describe the advantages and disadvantages when comparing SMS and USSD data capabilities. Exercise 3.2 – GSM Services 1. Describe briefly the three categories of services offered by GSM. 2. Describe briefly the basic data services offered by GSM Phase 1.

3. GSM Services






4. The Air Interface _____________________________________________________________________

The ‘Air Interface’ refers to the interface between a mobile terminal and the base station to which it is affiliated. This interface takes the form of a radio path through the air, hence the term ‘Air’ interface. In this section of the course the following air-interface-related topics are covered:

• GSM Frequency Spectrum Allocation • Radio Access Methods • GSM Air Interface channels and frames

4.1 Introduction




_____________________________________________________________________

Spectrum for Mobile CommunicationSpectrum for Mobile Communication

VHF 30 MHz - 300 MHz

UHF 300 MHz - 3 GHz

SHF 3 GHz - 30 GHz

• Radio Spectrum is a limited resource• For mobile communication we are using following ranges:

The whole radio spectrum is divided for convenience into bands such as VHF, UHF and so on. The range of the spectrum used by GSM is in the UHF band.

Frequency AllocationFrequency Allocation

• Authority to use a frequency is given under certain conditions such as:

• Location• Power levels • Modulation types• Bandwidth

• Regulatory bodies deal with this allocation in different parts of the world:

• International Telecommunications Union (ITU)• European Telecommunications Standards Institute (ETSI)• Radiocommunications Agency (RA) in the UK

4.2 GSM Frequency Spectrum Allocation



A major initial financial outlay for network operators is to acquire a licence to use a particular bandwidth of radio spectrum. The method of allocation differs from country to country, but may be by auction or direct choice of operators by the government organisation responsible.

4.2.1 PRIMARY GSM SPECTRUM

PP--GSM Spectrum (Primary GSM)GSM Spectrum (Primary GSM)

Uplink Downlink

890 915 935 960 MHz

Duplex spacing = 45 MHz

Guard Band100 kHz wide

Channel Numbers (n) (ARFCN)200 kHz spacing

Range of ARFCN:1 - 124

1 nGuard Band100 kHz wide

Fu(n)

2 3 4

GSM uses Frequency Division Duplexing (FDD) where the uplink and downlink of each channel operates on a different frequency. Therefore, two frequency bands were allocated to GSM, 20 MHz apart. The following frequency bands were initially allocated to GSM (now known as Primary GSM):

Uplink sub band: 890 MHz to 915 MHz Downlink sub band: 935 MHz to 960 MHz

Each band is divided into a number of carriers, with each carrier having a 200kHz Bandwidth. Therefore 124 carriers were available within each of the up and down link bands (allowing for guard bands). The channel pair allocation has been arranged such that the two frequencies comprising a channel pair are 45Mhz apart Each frequency pair is identified by an ‘Absolute Radio Frequency Carrier Number ‘ (ARFCN)’.




Up and downlink channel frequencies can be calculated as follows:

Uplink frequencies: Fu(n) = 890 + 0.2 n (1 <= n <= 124) Downlink frequencies: Fd(n) = Fu(n) + 45

4.2.2 EXTENDED PRIMARY GSM (E-GSM) SPECTRUM

EE--GSM Spectrum (Extended GSM)GSM Spectrum (Extended GSM)

Uplink Downlink

880 915 925 960 MHz




Range of ARFCN:1 – 124975 - 1023 1 n


Fu(n)

2 3 4

E-GSM allocated an additional 10MHz of bandwidth at the bottom end of each of the up and down link frequency bands. The new frequency bands are:


This resulted in the following:

• An extra 50 carrier pairs (10MHz / 200kHz channels) • A reduction in bandwidth isolation between up and down link frequency bands from

20MHz to 10MHz • An increase in size of up and down link frequency bands from 25Mhz to 35MHz • Assignment of new ARFCN in the range 975-1023 • The P-GSM ARFCN 0 now reverts from a guard band to a valid ARFCN

E-GSM up and downlink channel frequencies can be calculated as follows: Uplink frequencies: Fu(n) = 890 + 0.2 n (0 <= n <= 124) Fu(n) = 890 + 0.2 (n – 1024) (975 <= n <= 1023) Downlink frequencies: Fd(n) = Fu(n) + 45



4.2.3 DCS-1800 SPECTRUM

DCS DCS -- 1800 Spectrum1800 Spectrum

Uplink Downlink

1710 1785 1805 1880 MHz






Fu(n)

2 3 4

Digital Communication System (DCS) – 1800 introduced a further 1800 MHz spectrum range for GSM. The characteristics of radio frequencies in this range are such that DCS-1800 is typically used for smaller microcells overlaid over existing GSM-900 macrocells. The up and down link bands are 75MHz each and have a 20MHz separation in the following ranges:


Each band is divided into 200kHz carriers, as with GSM -900. Therefore 374 carriers are available within each of the up and down link bands (allowing for guard bands). Channel numbers are in the range 512-885 (ARFCNs). The channel pair allocation has been arranged such that the two frequencies comprising a channel pair are 95Mhz apart. DCS-1800 up and downlink channel frequencies can be calculated as follows: Uplink frequencies: Fu(n) = 1710.2 + 0.2 (n – 512) (512 <= n <= 885) Downlink frequencies: Fd(n) = Fu(n) + 95




1800 MHz Utilization in UK1800 MHz Utilization in UK

The present distribution of frequencies among UK operator is:

DECT: Digital Enhanced Cordless Telecommunications

Vodafone/Cellnet

1710 1721.5 17851781.5

MHz

One 2 One

DE

CT

1805 1816.5 18801876.5

MHz

Uplink

Downlink

One 2 One

Orange

1751.5

1846.5

This spectrum diagram shows the way in which the 1800 MHz band is currently distributed among operators in the UK. Note the uplink and downlink sub bands are shown on the one diagram.

4.2.4 PCS-1900 SPECTRUM

PCS PCS -- 1900 Spectrum1900 Spectrum

Uplink Downlink

1850 1910 1930 1990 MHz






Fu(n)

2 3 4



Personal Communication System (PCS) – 1900 MHz is used in USA and Central America to provide a service similar to GSM. The 1900MHz frequency band was selected due to a shortage of available 1800 band frequencies in the USA. The up and down link bands are 60MHz each and have a 20MHz separation in the following ranges: PCS-1900 frequency bands are:


Each band is divided into 200kHz carriers, as with GSM. Therefore 299 carriers are available within each of the up and down link bands (allowing for guard bands). Channel numbers are in the range 512-810 (ARFCNs).

The PCs-1900 channel pair allocation has been arranged such that the two frequencies comprising a channel pair are 80Mhz apart. PCS-1900 up and downlink channel frequencies can be calculated as follows:

Uplink frequencies: Fu(n) = 1850.2 + 0.2 (n – 512) (512 <= n <= 810) Downlink frequencies: Fd(n) = Fu(n) + 80

4.2.5 GSM-450 SPECTRUM

The GSM-450 standard has grown from a study undertaken to evaluate a digital standard to replace the widespread analogue NMT-450 systems. The 450MHz band has a number of advantages over existing GSM bands, not least of which is the increased coverage per cell (up to 120km) and hence a lower cell count. It can also provide valuable additional capacity

GSM GSM -- 450 Spectrum450 Spectrum

Uplink Downlink

450.4 457.6 460.4 467.6 MHz





Fu(n)

2 3 4




GSM GSM –– 450 (Extended) Spectrum450 (Extended) Spectrum

Uplink Downlink

478.8 486 488.8 496 MHz





Fu(n)

2 3 4

_____________________________________________________________________

Multiple Access TechniquesMultiple Access Techniques

• Purpose: to allow several users to share the resources of the air interface in one cell

• Methods:• FDMA - Frequency Division Multiple Access

• TDMA - Time Division Multiple Access

• CDMA - Code Division Multiple Access

4.3 GSM Multiple Access Techniques



Multiple access techniques are essential to allow more efficient use of the radio spectrum. 1 st generation systems used only FDMA so that a complete radio carrier was allocated to a user throughout their call. This made poor use of the spectrum, but was all that was possible with an analogue system.

Frequency Division Multiple Access (FDMA) Frequency Division Multiple Access (FDMA)

• Divide available frequency spectruminto channels each of the same bandwidth

• Channel separation achieved by filters:• Good selectivity

• Guard bands between channels

• Signalling channel required to allocate a traffic channel to a user

• Only one user per frequency channel at any time

• Used in analog systems, such as AMPS, TACS

• Limitations on:

• frequency re-use

• number of subscribers per area

channel bandwidth

User 1

User 2

User 3

User 4

User 5

Freq

uenc

y

Time

Time Division Multiple Access (TDMA)Time Division Multiple Access (TDMA)

• Access to available spectrum is limited to timeslots

• User is allocated the spectrum for the duration of one timeslot• Timeslots are repeated in frames

Fre

qu

ency

TimeFrame Timeslot

Use

r 1

Use

r 2

Use

r 3

Use

r 4

Use

r 5

Use

r 6

Use

r 7

Use

r 1

Use

r 2

Use

r 3

Use

r 4

Use

r 5

Use

r 6

Use

r 7

Sig

nal

ling

Sig

nal

ling




TDMA became possible with digital systems such as GSM in which the data stream could be divided into bursts and allocated to a timeslot. By sharing access to the spectrum, the traffic capacity of the system is enhanced. GSM uses both FDMA to provide carriers and TDMA to share access to the carriers.

_____________________________________________________________________

GSM ChannelsGSM Channels

GSM defines two fundamental channel types:

• Physical Channels:

• the individual channels carried by a radio frequency carrier

• Each carrier comprises 8 time-separated channels

• Logical Channels:

• time-dependant virtual channels carried on a single physical channel

• one physical channel may support one or multiple logical channels

GSM Physical ChannelsGSM Physical Channels

• GSM employs both FDMA and TDMA at the Air Interface

• Each BTS may comprise a number of TRXs, with the carrier of each TRX operating on a different frequency (FDM)

• Each GSM carrier supports 8 time-separated physical channels (TDMA)

• Each physical channel is allocated to a specific timeslot on the carrier

• A group of 8 timeslots on a carrier is known as a TDMA frame

0 1 2 3 4 5 6 7

4.615 ms

timeslot = 0.577 ms

1 frame period

4.4 GSM Air Interface Channels



One burst of data (0.577 ms or 156.25 bit periods) is a physical channel. This is used via multiframe structures to provide all the logical channels required.

GSM Logical ChannelsGSM Logical Channels

TCHTCH

TrafficTraffic

TCH/HTCH/H

TCH/FTCH/F

CCCHCCCH

ControlControl

BCHBCH DCCHDCCH

FCCHFCCH

SCHSCH

BCCHBCCH

PCHPCH

RACHRACH

AGCHAGCH

CBCHCBCH

NCHNCH

SDCCHSDCCH

SACCHSACCH

FACCHFACCH

• Two types of logical channel are defined; traffic and control channels

• Each is further sub-divided as shown:

The naming of the GSM logical channels is as follows: TCH Traffic Channels TCH/F Traffic Channel (full rate) (U/D) TCH/H Traffic Channel (half rate) (U/D) BCH Broadcast Channels FCCH Frequency Correction Channel (D) SCH Synchronisation Channel (D) BCCH Broadcast Control Channel (D) CCCH Common Control Channels PCH Paging Channel (D) RACH Random Access Channel (U) AGCH Access Grant Channel (D) CBCH Cell Broadcast Channel (D) NCH Notification Channel (D) DCCH Dedicated Control Channels SDCCH Stand alone Dedicated Control Channel (U/D) SACCH Slow Associated Control Channel (U/D) FACCH Fast Associated Control Channel (U/D) U = Uplink D = Downlink




The purpose of these channels is outlined in the following slides.

Traffic Channels (TCH)Traffic Channels (TCH)

• One physical channel (1 timeslot) can support:• 1 TCH/F or 2 TCH/H

• TCH/F: 13 kb/s voice or 9.6 kb/s data

• TCH/H: 6.5 kb/s voice or 4.8 kb/s data

0 1 2 3 4 5 6 7

5 6 7 0 1 2 3 4

BTS transmits:

MS transmits:

Uplink / Downlink SynchronisationThe MS transmit burst is delayed by 3 timeslots after the BTS burst.. This delay allows enables:

• Use of the same UL and DL timeslot number in TDMA frame

• Avoids simultaneous Tx/Rx requirement

• Allows for timing advance (TA)• Allows time to switch between Tx and Rx

Full Rate traffic channels (TCH/F) and Enhanced Full Rate (EFR) traffic channels are allocated dedicated physical channels in form of one timeslot allocated per TDMA frame. If Half Rate Traffic Channels are implemented, two traffic channels are allocated to single physical channel with a proportional reduction in available bit rate per traffic channel as shown above. A three timeslot delay exists between downlink and uplink TDMA frames. The purpose of this delay is:

• To enable the same timeslot to be used for the both up and down link within the same TDMA frame without the requirement for simultaneous transmit and receive.

• Allows Timing Advance to be implemented which can reduce the 3-timeslot delay. • To provide time for the MS to switch between transmit and receive modes.



Broadcast Channels (BCH)Broadcast Channels (BCH)

• FCCH: Frequency control channel sends the MS a burst of all ‘0’ bits which acts as a beacon and allows MS to fine tune to the downlink frequency and time-synchronise.

• SCH: Synchronisation channel enables TDMA-Frame number synchronisation by sending the absolute value of the frame number (FN), together with the BTS’s BSIC

• BCCH: Broadcast Control Channel sends network-specific information such as radio resource management and control messages, Location Area Code etc.

BCH channels are all downlink and are allocated to timeslot zero. BCH channels include:

Common Control Channels (CCCH) Common Control Channels (CCCH)

CCCH contains all point to multi-point downlink channels (BTS to

several MSs) and the uplink Random Access Channel:

• RACH: Random Access Channel is sent by the MS to request a resources from the network e.g. an SDCCH channel for call setup.

• AGCH: Access Grant Channel is used to allocate a dedicated channel (SDCCH) to the mobile.

• PCH: Paging Channel sends paging signal to inform mobile of a call.

• CBCH: Cell Broadcast Channel is an optional GSM Phase II implementations for SMS broadcast messages, for example road traffic reports or network engineering messages.

• NCH: Used for GSM Phase II voice services such as Voice Broadcast Service (VBS) or Voice Group Calling Service (VGCS).




Dedicated Control Channels (DCCH)Dedicated Control Channels (DCCH)

• SDCCH: Standalone Dedicated Channel is used for call set up, location updating and also SMS

• SACCH: Slow Associated Control Channel is used for link measurements and signalling during a call

• FACCH: Fast Associated Control Channel is used (when needed) for signalling during a call, mainly for delivering handover messages and for acknowledgement when a TCH is assigned

DCCH comprise the following bi-directional (uplink / downlink) point to point control channels:

_____________________________________________________________________

4.5.1 LOGICAL CHANNEL CONCEPT

Logical ChannelsLogical Channels

• Multiframes provide a way of mapping the logical channels on to the physical channels (timeslots)

• A logical channel is a series of consecutive instances of a particular timeslot

• A multiframe is a repeating combination of logical channels

0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 70 1 2 3 4 5 6 7

1 1 1 1Logical Channel

TDMA FrameTime TDMA FrameTDMA Frame

4.5 Frames and Multiframes



The term ‘logical’ channel is used because the traffic and signalling channels do not have exclusive use of a physical resource i.e. the carrier frequency (unlike 1st Generation cellular systems). Multiframes allow one timeslot allocation (physical channel) to be used for a variety of purposes (logical channels) by multiplexing the logical channels onto the timeslot. 4.5.2 MULTIFRAME CONCEPT The term ‘multiframe ’ is used to describe a repeating pattern of TDMA frame timeslots transmitted in sequence on a physical channel. When a user is allocated a timeslot within a TDMA frame for a voice traffic call, he generally has exclusive use of that timeslot (full rate traffic) for the duration of the call. Therefore, every 8th timeslot (one TS per TDMA frame) the user transmits a burst of in data. However, after 12 bursts have been sent, a SACCH logical channel burst is inserted and after another 12 traffic burst have been sent an idle burst is inserted. This pattern then repeats itself over the next 26 bursts and continues to do so until the call is terminated 4.5.3 TRAFFIC CHANNEL(TCH) MULTIFRAMES This repeating pattern of 26 traffic channel bursts is known as a traffic channel ‘multiframe’ as illustrated below:

Traffic Channel MultiframeTraffic Channel Multiframe

• The TCH multiframe consists of 26 timeslots.

• This multiframe maps the following logical channels:

• TCH Multiframe structure:

•TCH•SACCH•FACCH

T = TCH S = SACCH I = Idle

FACCH is not allocated slots in the multiframe. It steals TCH slots when required.

T TT T T T T T T T T T T T T T T T IT T T T T

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 24 2516 17 18 19 20 21 22 23

TS




4.5.3.1 TCH Multiframe Time Duration Notice that a multiframe always refers to a set of instances of the same timeslot within a TDMA frame, therefore each ov the above timeslots occur 4.615mS apart (the duration of a TDMA frame). Therefore, the time duration for a multiframe is calculated as the length of the multiframe (in timeslots) x 4.615mS. In addition to TCH and SACCH timeslots, the traffic channel can also carry FACCH information. The FACCH is unique amongst logical channels in that it does not have a dedicated timeslot for transmission.

4.5.3.2 TCH Multiframe SACCH Function

During a call the MS is continually monitoring power levels from neighbouring base stations. It does this in the time intervals between its allocated transmission timeslot. Once, during each traffic channel multiframe, there is an uplink SACCH burst which is used to send a report on these measurements to the current serving base station. The BTS uses the downlink SACCH burst to send power control and other call-control signals to the mobile.

4.5.3.3 TCH Multiframe Idle Channel Function

The idle slot (TS 25 in the multiframe) occurs to allow for half rate TCH/H operation in which two mobiles would share the multiframe and sets of reports would need to be sent to the base station. Slot 25 would then be a second SACCH burst. 4.5.3.4 TCH Multiframe FACCH Function The FACCH is used for purposes that require instant access such as a handover command message from the base station. When this is needed, FACCH uses a TCH burst and sets a ‘stealing flag’ in the burst to show that it is not a traffic channel burst. 4.5.4 CONTROL CHANNEL MULTIFRAMES 4.5.4.1 BCCH Carriers Although a cell can contain multiple carriers (frequencies), every cell must have at least one TS of one of its carriers dedicated to control functions. This physical control channel transports a number of logical signalling channels multiplexed together. The most important of these logical signalling channels is the BCCH as it carries network configuration information. It is for this reason that the carrier containing this control channel (and therefore the BCCH logical channel) is often referred to as the ‘BCCH Carrier’.



4.5.4.2 Control Channel Multiframe Structures

Control Channel MultiframeControl Channel Multiframe

• The control channel multiframe is formed of 51 timeslots

• CCH multiframe maps the following logical channels:Downlink:

• FCCH• SCH• BCCH• CCCH (combination of PCH and AGCH)

Uplink:• RACH

0 1 42-45 46-49 5032-35 36-39 40 4122-25 26-29 30 3112-15 16-19 20 212-5 6-9 10 11

RACH

Uplink

Downlink F = FCCH S = SCH I = Idle

S BCCHF CCCH S CCCHF CCCH S CCCHF CCCH S CCCHF CCCH S CCCHF CCCH I

Control channel multiframes are inherently more complex than TCH multiframes as they carry multiple logical signalling channels multiplexed onto a single physical channel (TS0). The logical channels that are transported on the control, channel are organised such that the control channel sequence repeats every 51 occurrences of TS0 in consecutive TDMA frames as shown above. 4.5.4.3 Combined and Non-Combined CC Multiframes The CCCH are general signalling blocks (each of 4 TSs) that are allocated to specific signalling channels depending on the signalling capacity requirements. This includes SDCCH, SACCH AGCH and PCH allocation. When the signalling capacity requirements are calculated, it may be determined that the capacity available on a single control channel is not sufficient. In such cases, additional physical channels are allocated to signalling. When multiple physical signalling channels are required they are always allocated on the BCCH carrier using TS 2 4 or 6 (in addition to TS0) . Where this is the case, the multiple signalling channels are arranged in either combined or non -combined formats as shown below. Therefore the structure of the signalling channel multiframe may vary depending on the signalling capacity requirements.




• In a non combined multiframe, up to 7 of the 9 blocks may be reserved for AGCH:

Multiple Signalling Channel ConfigurationsMultiple Signalling Channel Configurations

• In a combined multiframe, up to 2 of the 3 blocks may be reserved for AGCH:

• Additional CCCH capacity can be provided on other timeslots (TS 2,4 or 6) of the BCCH carrier if required

• The number of AGCH blocks reserved is indicated to the MS in the system information messages that the MS reads on the BCCH

S BCCHF CCCH S CCCHF CCCH S CCCHF CCCH S CCCHF CCCH S CCCHF CCCH I

S BCCHF CCCH S CCCHF CCCH SSDCCH

0F SF SF ISDCCH

1SDCCH

2SDCCH

3SACCH

0SACCH

1

4.5.5 GSM MULTIFRAME HIERARCHICAL STRUCTURE

Frame HierarchyFrame Hierarchy

0 1 2 3 4 5 6 7

1 timeslot = 0.577 ms

1 frame = 8 timeslots = 4.615 ms

= 26 TCH Frames (= 120 ms)or51 BCCH Frames (= 235 ms)

= 26 BCCH Multiframes (= 6.12s)or 51 TCH Multiframes (= 6.12s)

= 2048 Superframes(= 3 hr 28 min 53.76 s)

Multiframe:

Superframe:

Hyperframe:



4.5.5.1 Superframes The primary purpose of the superframe layer is to provide a point at which both TCH and CC multiframes are synchronised. Therefore, 51 TCH multiframes of 26 TS each are grouped together and 25 CC multiframes of 51 TS are grouped together. IN both cases the time duration of a superframe is 26x51 TS = 6.12 seconds. 4.5.5.2 Hyperframes The synchronisation channel (SCH) transmits a TDMA frame number (FN) which enables a mobile to synchronise with the base station at TDMA-frame level. The FN is a 22 bit number which resets after each hyperframe, i.e. after 2048 x 26 x 51 = 2715648 TDMA frames.




SummarySummary

In this section we have looked at:

• GSM Frequency Allocation

• Multiple Access Techniques

• Air Interface Channels:

• Physical Channels

• Logical Channels

• Frames and Multiframes



Section 4 Self-Assessment Exercises Exercise 4.1 – Radio Spectrum Allocation 1. The diagram shows the spectrum for E-GSM Calculate the up and down link frequencies for ARFCNs 0, 124, 975 and 1023. Mark these carriers on the diagram. 2. An operator using DCS-1800 is allocated ARFCNs 601 to 625 inclusive. Calculate the highest and lowest frequencies used for the uplink.

880 915 925 960

5. GSM Protocols


5. GSM Protocols

_____________________________________________________________________

ProtocolsProtocols

• Protocols are needed whenever systems pass information from one to another

• A protocol is just a set of rules that both sides agree on so that meaningful communication can take place

?

5.1 Introduction

5. GSM Protocols



_____________________________________________________________________

Development of the Open Standards Interconnection (OSI) reference model was started in 1983 by an number of major computer and telecommunications companies. It was eventually adopted as an international standard by the International Standards Organisation (ISO) and is currently embodied within the ITU-TS X.200 Recommendation. The model comprises 7 layers which define various functions involved in establishing and servicing end-to-end communications circuits across a network. These 7 layers are generally viewed in two blocks;

• Application Functional Layers. These are layers 4-7 of the OSI Model and relate to the end-to-end functions between two or more users at the periphery of a network.

• Network Functional Layers. These are layers 1-3 of the OSI Model and refer to the

functions required to transport data across a network.

ISO 7ISO 7--Layer OSI reference ModelLayer OSI reference Model

APPLICATION

PRESENTATION

SESSION

TRANSPORT

NETWORK

DATA LINK

PHYSICAL

7

6

5

4

3

2

1

EndEnd --toto--end message transferend message transfer

Network routing, addressing, call managementNetwork routing, addressing, call management

Data link control (framing, error control)Data link control (framing, error control)

Mechanical and electrical interfacingMechanical and electrical interfacing

Application entity dialogue and synchronisationApplication entity dialogue and synchronisation

Syntax and data representation managementSyntax and data representation management

File transfer, access managementFile transfer, access management

Layer 7: The application layer...This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.) Layer 6: The presentation layer...This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). This layer is sometimes called the syntax layer.

5.2 The ISO 7-Layer OSI Model

5. GSM Protocols


Layer 5: The session layer...This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination. Layer 4: The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer. Layer 3: The network layer...This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding. Layer 2: The data-link layer...This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer...This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.

_____________________________________________________________________

Within a GSM network, different protocols are needed to enable the flow of data and signalling between different GSM subsystems. The following diagram shows the interfaces that link the different GSM subsystems and the protocols used to communicate on each interface.

GSM Protocol LayersGSM Protocol Layers• GSM protocols are basically divided into three layers:

• Layer 1: Physical layer• Enables physical transmission (TDMA, FDMA, etc.)• Assessment of channel quality• Definition of physical links (e.g radio, PCM30 ISDN etc)• Error detection (based on line coding)

• Layer 2: Data link layer• Multiplexing of one or more layer 2 connections on control/signalling

channels• Error detection (based on HDLC)• Flow control• Transmission quality assurance• Routing

• Layer 3: Network Layer• Connection management• Management of location data• Subscriber identification• Management of Services

5.3 GSM Protocols Overview

5. GSM Protocols



As GSM is a transport network, it is primarily only the lower 3 layers of the OSI Model that are defined in the GSM Recommendations. As GSM is predominantly a transport network it is less concerned with the end-to-end user application layer (layers 4-7). Therefore this section of the course notes looks specifically at the protocols used within GSM at layers 1-3. 5.3.1 LAYER 1 SERVICES The Physical Layer (Layer 1) contains all the functions necessary for the transmission of bit streams over the physical medium. It provides a transport service for the GSM logical channels. Services offered at Layer 1 include:

• Access Capabilities. Layer 1 carries out the cell selection functions for MSs in idle mode, in cooperation with the Layer 3 Radio Resource (RR) functions.

• Error Detection . Forward and backward error correction is implemented at layer 1 (see section on speech coding for details). Errored frames are not passed to Level 2 for processing.

• Encryption. Data encryption is also implemented at Layer 1 (see section on GSM security for details).

5.3.2 LAYER 2 SERVICES Here, the LAPDm protocol is used (similar to ISDN LAPD). LAPDm has the following functions:

• Connectionless transfer on point-to-point and point-to-multipoint signalling channels, • Setup and take-down of layer 2 connections on point-to-point signalling channels, • Connection-oriented transfer with retention of the transmission sequence, error

detection and error correction. 5.3.3 LAYER 3 SERVICES Layer 3 contains the following sublayers which control signalling channel functions (BCH, CCCH and DCCH):

• Radio resource management (RR). The role of the RR management layer is to establish and release stable connection between mobile stations (MS) and an MSC for the duration of a call, and to maintain it despite user movements. The following functions are performed by the MSC:

• Cell selection, • Handover, • Allocation and take-down of point-to-point channels, • Monitoring and forwarding of radio connections, • Introduction of encryption, • Change in transmission mode.

• Mobility management (MM). Mobility Management handles the control functions

required for mobility including: • Authentication • Assignment of TMSI • Management of subscriber location.

5. GSM Protocols


• Connection management (CM) is used to set up, maintain and clear call connections. It comprises three subgroups:

• Call control (CC) - manages call connections, • Supplementary service support (SS) - handles special services, • Short message service support (SMS) - transfers brief texts.

Neither the BTS nor the BSC interpret CM and MM messages. They are simply exchanged between the MSC and the MS using the Direct Transfer Application Part (DTAP) protocol on the A interface (see below). RR messages are mapped to or from the Base Station System Application Part (BSSAP) for exchange with the MS.

_____________________________________________________________________

Transmission protocols relate to the physical transportation of raw data across the GSM network and the various protocols associated with this function

FEC

Cipher

TDMA

FDMA

UUmmAAbisbis AA

GSM CoreGSM Core

NetworkNetworkPSTNPSTNMSC

BTS

BTS

BSC

GSM Transmission Protocol StackGSM Transmission Protocol Stack(TRAU at MSC)(TRAU at MSC)

TRAU

GSM VOICE

D-ch

FEC

Cipher

TDMA

FDMA

D-ch D-ch D-ch

GSM Voice

Sub-channel

ISDN Voice

channel

G.703Local Interface13kbps 16kbps 16kbps 64kbps

At the transmission level, the physical layer produces user channels each comprising 13kbps of user data. However, in order to adapt top the frailties of the radio interface additional overheads are included for forward error detection and correction (FEC). In addition the transmission layer control encryption as well as the air interface FDMA/TDMA access procedures (see Section 4 of these course notes for more details).

5.4 GSM Transmission Protocols

5. GSM Protocols



At some stage the 13kbps channels must be converted into 64kbps for transportation across the PSTN. This function is carried out by a network element known as the Transcoder and Rate Adaption Unit (TRAU). The primary function of the TRAU is to convert 16kps (inc signalling) GSM speech channels to 64kbps PCM channels in the uplink direction and the reverse in the downlink direction. The reason this process is necessary is because MSCs only switch at the 64kbps channel level. Therefore, when making a MS-to-MS call, the originating channel has to be converted from 16kbps to 64kbps, switched by the MSC and then converted back to 16kbps for onward transmission to the destination MS. The rate conversion is carried out using A-law coding. Technically, the TRAU can be physically located in the BTS, BSC or MSC and hence leads to a variety of installation configurations.

TRAU ConfigurationsTRAU Configurations

BTS SiteBTS Site BSC SiteBSC Site MSC SiteMSC Site

TRAU

BTS SiteBTS Site

CCU

CCU

BSC SiteBSC Site MSC SiteMSC Site

BTS SiteBTS Site

CCU

CCU

BSC SiteBSC Site MSC SiteMSC Site

AA

BB

CC

AAbisbisUUmm AA

MSC NodeMSC Node BSC NodeBSC NodeCCU Channel Coding UnitChannel Coding Unit

TRAU

TRAU

16kbps16kbps

16kbps16kbps

16kbps16kbps 16kbps16kbps

64kbps64kbps

64kbps64kbps

64kbps64kbps

64kbps64kbps

16kbps16kbps

CCU

CCU

If the TRAU is installed at the BTS, each 16kbps GSM channel would need to be mapped to its own 64kbps PCM channel. This results in 75% of the transmission bandwidth being wasted across both the Abis (BTS-BSC) and A (BSC-MSC) interface. However, if the TRAU is placed at the MSC, as is generally the case in current networks, a multiplexer can be placed at the BTS which enables 4 x 16kbps GSM channels to be multiplexed onto one 64kbps PCM channel, using 4 x 16kbps ISDN D-channels. In this configuration, only at arrival at the MSC is the 16-64kbps channel conversion necessary, thereby maximising the efficient usage of the transmission medium by increasing the GSM channel throughput per PCM 2048 bearer from 30 to 120 channels. Also, by centralising the TRAU function at the MSC, the number of TRAUs deployed across the network is significantly reduced.

5. GSM Protocols


G.703 The TRAU converts the GSM channels into ISDN D-channels in accordance with the G.703 Recommendation. This Recommendation specifies physical and electrical characteristics of the interfaces at hierarchical bit rates that are described in Recommendation G.702. The interfaces are defined in terms of general characteristics, specifications at the output ports and input ports and/or cross-connect points, earthing of outer conductor or screen and coding rules etc.

_____________________________________________________________________

CM

MM

RR

LAPDm

TDMA

MS

RR

LAPDm

TDMA

BTSM

LAPD

G.703

BTSM

LAPD

G.703

BSSMAPDTAP

BSSMAPDTAP

CM

MM

Layer 1

Layer 2

Layer 3

UUmmAAbisbis AA

GSM CoreGSM Core


BTS

BTS

BSC

GSM Signalling Protocol StackGSM Signalling Protocol Stack

BTS BSC MSC

RR

SCCP SCCP

MTP’ MTP’

The GSM Signalling Protocol Stack (Um / A-bis / A Interfaces) contains the following protocols: • Layer 1 Protocol

TDMA – Time Division Multiple Access G.703 – ITU PCM frame structure MTP – Message Transfer Part

• Layer 2 Protocols LAPDm Link Access Protocol D-channel-mobile LAPD Link Access Protocol D-Channel

5.5 GSM Signalling Protocols

5. GSM Protocols



• Layer 3 Protocols RR – Radio Resource Management MM – Mobility Management CM – Connection management BTSM – Base Transceiver Station Management SCCP – Signalling Connection Control Part BSSMAP – Base Station Subsystem Management Application Part DTAP – Direct Transfer Application Part Note: the DTAP and BSSMAP are together referred to as the Base Station Subsystem Application Part (BSSAP).

GSM Recommendation Mapping of GSM Recommendation Mapping of Signalling Protocol StackSignalling Protocol Stack

The above diagram is provide for reference as it indicated the ETSI Recommendations relating to each of the protocols e.g. details of the LAPD protocol functionality can be found in GSM 08.56. The purpose and functionality of these protocols will be covered below, dealt with by interface i.e. Um, A-bis and A interfaces.

_____________________________________________________________________

The Um interface interconnects the mobile network elements (i.e. MSs) with the fixed network ( in this case BTSs).

5.6 The Air (Um) Interface Protocols

5. GSM Protocols


Air Interface Layer FunctionsAir Interface Layer Functions

Signalling

CC MM RR

Build framesRequest

acknowledgement

Channel codingError protection

Interleaving

RF modulation

Signalling

CC MM RR

Reconstruct framesSend acknowledgement

Error correctionDe - interleaving

Equalization

RF demodulation

Radio waves

CC: Call ControlMM: Mobility ManagementRR: Radio Resources

Speech and Data Speech and Data

Layer 1

Layer 3

Layer 2

5.6.1 Um INTERFACE - LAYER 1 The physical medium at layer 1 is a GMSK modulated UHF radio path. The physical transmission structure is based on a 16kbps IDSN D-channel configuration with a composite carrier data rate of 271kbps. The Access method uses Time Division Multiple Access (TDMA). Layer 1 functions include compression, channel coding for Forward Error Correction (FEC), interleaving, encryption and modulation.

CM

MM

RR

LAPDm

TDMA

MS

RR

LAPDm

TDMA

BTSM

LAPD

G.703

BTSM

LAPD

G.703

BSSMAPDTAP

BSSMAPDTAP

CM

MM

Layer 1

Layer 2

Layer 3

UUmm AAbisbis AA

GSM CoreGSM Core


BTS

BTS

BSC

UUmm Interface Protocol StackInterface Protocol Stack

BTS BSC MSC

RR

SCCP SCCP

MTP’ MTP’

5. GSM Protocols



5.6.2 Um INTERFACE - LAYER 2 The Um interface layer 2 (data link layer) uses LAPDm which is a modified version of the ISDN LAPD protocol used in fixed networks. LAPDm has been specifically adapted to the air interface for ISDN D(mobile) channels rather than standard ISDN D channels. In essence LAPDm is a protocol similar to the High-level Data Link Protocol (HDLC) which offers a number of services on the various logical Dm channels of Layer 3. The main task of Layer 2 is the transparent transport of messages between Layer 3 protocol entities. Layer 2 functions also include call setup and clearing, protected data transfer (using Backward Error Correction (BEC)) and operates in either acknowledged or unacknowledged mode.

User speech and data is generated within the application layers (layers 4-7) and is passed down through layer 3 into layer 2 where it is prepared for transportation over the air interface. This ‘preparation’ (or coding) is covered in detail in Section 6 of these course notes.

HDLC Frame FormatHDLC Frame Format

Flag Field

Address Field

Control Field Information Field FCS Field

8 8 8(or 16)

Flag Field

Variable16

(or 32)8

• Flag Field. Delineates each HDLC Frame. Always 011111110 sequence

• Address Field. Identifies destination station address• Control Field. Conveys flow control, frame type identifiers and network

commands

• Information Field. Contains level 2 messages

• Frame Check Sequence (FCS) Field. Uses a Cyclic Redundancy Check (CRC) for error detection purposes

5.6.3 Um INTERFACE - LAYER 3 Network signalling messages are generated at Layer 3 and relate to one of three functions:

• Call Control (CC) Management • Mobility Management (MM) • Radio Resource (RR) Management

The messages generated by each of these functions are combined at layer 2 and passed transparently across layer 1 before being reconstituted into their respective functional groups at the BTS Layer 2 before being passes back into their layer 3 functional areas.

5. GSM Protocols


Note that the RR Management functional relationship exists between the MS and the BSS whereas the CM and MM functional relationship exists between the MS and the MSC. In all cases, these messages are passed transparently over Layers 1 and 2 of the Um interface.

_____________________________________________________________________

CM

MM

RR

LAPDm

TDMA

MS

RR

LAPDm

TDMA

BTSM

LAPD

G.703

BTSM

LAPD

G.703

BSSMAPDTAP

BSSMAPDTAP

CM

MM

Layer 1

Layer 2

Layer 3

UUmm AAbisbis AA

GSM CoreGSM Core


BTS

BTS

BSC

AA--bisbis Interface Protocol StackInterface Protocol Stack

BTS BSC MSC

RR

SCCP SCCP

MTP’ MTP’

The A-bis interface interconnects BTSs to BSC within the Base Station Subsystem (BSS). The physical medium at this interface can be either cable (copper – or more commonly optical fibre) or microwave. 5.7.1 Abis INTERFACE - LAYER 1 The physical transmission structure is based on a 16kbps IDSN D-channel configuration. Four D-channels are sub-multiplexed onto a single ISDN B-channel which can then multiplexed onto a 2048kbps E1 link (32x 64kbps channels). This multiplexing option is dependant upon the location of the TRAU (see description of TRAU above). 5.7.2 Abis INTERFACE - LAYER 2 The Abis interface data link layer protocol is based on the ISDN D-channel Link Access Protocol (LAPD) which is itself based on the High-level Data Link Control protocol (HDLC) as described above. LAPD performs similar functions to LAPDm but over the BTS-BSC Abis interface.

5.7 The Abis (BSC-BTS) Interface Protocols

5. GSM Protocols



5.7.3 Abis INTERFACE - LAYER 3 Layer 3 utilises the Base Transceiver Station Management (BTSM) protocol. Most RR messages are passed transparently through the BTS to the BSC (and vice versa). However, certain RR information must be interpreted by the BTS e.g. random access of the MS, start of ciphering and paging. The BTSM contains functions for processing these messages and other BTS-specific management procedures.

_____________________________________________________________________

CM

MM

RR

LAPDm

TDMA

MS

RR

LAPDm

TDMA

BTSM

LAPD

G.703

BTSM

LAPD

G.703

BSSMAPDTAP

BSSMAPDTAP

CM

MM

Layer 1

Layer 2

Layer 3

UUmm AAbisbis AA

GSM CoreGSM Core


BTS

BTS

BSC

A Interface Protocol StackA Interface Protocol Stack

BTS BSC MSC

RR

SCCP SCCP

MTP’ MTP’

The A interface interconnects a BSC with an MSC and is considered to lie within the GSM core network. Unlike, the GSM-specific Um and A-bis interfaces, the core network A interface operates using subsets of the SS7 Signalling standard. These protocols are defined in the 08-series of the ETSI GSM Recommendations.

5.8.1 A INTERFACE - LAYER 1 The physical medium within layer 1 is similar to that described for the A-bis interface in terms of ISDN connections. 5.8.2 A INTERFACE - LAYER 1&2 SIGNALLING A interface signalling is based on the SS7 protocol which essentially covers both layer 1 and 2 of the reference model. Message transport in the SS7 network is realised through the Message Transfer Part (MTP). MTP provides for both routing and transport of signalling messages. A slightly modified version of the MTP, MTP’, has been defined for the protected transport of signalling messages over the A interface.

5.8 The A (MSC-BSS) Interface Protocols

5. GSM Protocols


5.8.3 A INTERFACE - LAYER 3 Layer 3 utilises a number of protocols, each providing different functionality. For GSM-specific signalling between the BSC and the MSC the Base Station Subsystem Application Part (BSSAP) has been defined which itself is divided into the Direct Transfer Application Part (DTAP) and the Base Station Subsystem Mobile Application Part (BSSMAP). In addition, layer 3 messages are transported using the Signalling Connection Control Part (SCCP)

5.8.3.1 DTAP The DTAP is used to convey messages between the MS and the MSC i.e. the Call Control (CC) and Mobility Management (MM) messages. At the A interface they are transmitted from the MSC with DTAP and then passed transparently through the BSS, across the A-bis interface to the MS without BTS interpretation. 5.8.3.2 BSSMAP The BSSMAP is the protocol responsible for all the administration of the BSS radio resources. However, some of these functions require involvement of the MSC, for example, some handover situations and release of connections or channels. Such actions are initiated and controlled by the MSC. This control is the responsibility of the BSSMAP RR messages are mapped and converted within the BSC into BSSMAP procedures and messages and vice versa. 5.8.3.3 SCCP For signalling transactions between the MSC and the MS (i.e. CM and MM) it is necessary to establish and identify distinct logical connections. The SCCP is used for this purpose.

SummarySummary

• What are Protocols

• OSI 7 Layer Model

• GSM Protocol Overview

• GSM Transmission Protocols• GSM Signalling Protocols

• Air, A-bis and A Interface Protocols

This Section has covered the following topics:

5. GSM Protocols






6. Speech and Channel Coding ____________________________________________________________________ 6.1 Introduction

Here we will consider two forms of coding techniques used within the GSM system. Firstly the process used to convert human speech into a digital equivalent and secondly the coding processes for compressing and protecting the data for transmission over the air interface. This section also covers the interleaving techniques by GSM to further protect the Air Interface data from the effects of ‘bursty’ noise and radio interface modulation techniques.




_____________________________________________________________________ 6.2 Speech Coding Techniques

GSM Voice & Channel Coding SequenceGSM Voice & Channel Coding Sequence

8000 Hz sampling

13-bit resolution

Quantization8000x13bits= 104 kbps

Channel Coding

2080-bit (20ms) blocks(note 1)

RPE-LTPSpeech Coder

260-bit blocks13 kbps

Interleaving

EncryptionRadio BurstMultiplexing

GMSKModulation

note 1: 160 samples of 13 bits per 20ms

22.8 kbps456-bit blocks

156.25-bit bursts

Speech Coding

Channel Coding

Radio Interface

There are several schemes available for reducing the bandwidth required for a single voice channel from the 64 kbps PCM requirement. When the GSM specification was being defined, over 20 different voice coding schemes were initially considered. This number was rapidly reduced to 6 schemes from 6 different countries before trials started.

Speech CodingSpeech Coding

• GSM transmits using digital modulation - speech must be converted to binary digits

• Coder and decoder must work to the same standard

• Simplest coding scheme is Pulse Code Modulation (PCM)• Sampling every 125 µs

• Requires data rate of 64 kbps

• This is too high for the bandwidth available on the radio channels

-1

-0.8

-0.6-0.4

-0.2

0

0.20.4

0.6

0.8

11.2

Sample analog signal at 8 kHZ Digital pulse train at 64 kbps

PCM



Each of the schemes involved various methods of manipulating the information contained within speech to balance the best quality reproduction with the minimum bandwidth. Speech obviously contains far more information than the simple text transcription of what is being said. We can identify the person speaking, and be aware of much unspoken information from the tone of voice and so on.

Advanced Speech CodingAdvanced Speech Coding

• We cannot send the 64 kbps required by PCM• We need alternative speech encoding

techniques

• Estimates are that speech only contains 50 bits per second of information

• Compare time to speak a word or sentence with time to transmit corresponding text

• Attempts to encode speech more efficiently:• speech consists of periodic waveforms -

so just send the frequency and amplitude• model the vocal tract - phonemes, voiced

and unvoiced speech• Vocoder - synthetic speech quality

“yahoo”

Early vocoders which reduced the voice to just simple waveform information lacked the human qualities which we need to hold a meaningful communication. Hybrid encoders give greater emphasis to these qualities by using regular pulse excitation which encodes the overall tone of the voice in great detail. Eventually a hybrid of the German RPE-LPC1 scheme and the French MPE-LTP2 was chosen. This became known as Regular Pulse Excitation with Long-Term Prediction (RPE-LTP).

_____________________________________________________________________ 6.3 GSM Speech Coding

The first stage of speech encoding is to convert human speech, generated by the microphone as an analogue signal, into a digital equivalent. GSM achieves this by sampling the analogue voice signal every 125mS, or 8000 times per second. Each sample is quantised into one of 8192 voltage levels. Each of these levels is represented by a 13-bit (213) binary code. Therefore, every second 8000x13-bit samples of the analogue signal are produced, resulting in a raw data rate of 104kbps.

1 Regular Pulse Excitation with Linear Predictive Coding 2 Multipulse Excitation with Long Term Prediction




GSM Voice Coding SequenceGSM Voice Coding Sequence

8000 Hz sampling

13-bit resolution


Channel Coding


RPE-LTPSpeech Coder


Interleaving


GMSKModulation



156.25-bit bursts

Speech Coding

Channel Coding

Radio Interface

This raw bit stream is presented to the RPE-LTP Vocoder where it is chopped into 20mS (2080-bit) blocks. Each block is then processed separately. The vocoder categorises the data in each 20mS -block into three parts:

• Short-term Linear Predictive Coding data (LPC) • Long-term prediction data (LTP) • Regular Pulse Excitation data (RPE)

Speech DigitisationSpeech Digitisation

8000 samples per second

8192

(2

13)

quan

tisat

ion

leve

ls

8000 samples per second x 13 bits per sample = 104kbps per secondDivided into 20mS blocks = 2080 bits per block



The long and short term prediction waveforms are each encoded as frequency and amplitude information in the form of 36-bit blocks, while the RPE is encoded in a 188-bit block primarily to ensure that the characteristic tone of the voice is reproduced well. The resulting data rate of 13 kbps is suitable for the bandwidth available on the air interface. Therefore, for every 20ms 2080-bit data block applied to the vocoder, a 20ms 260-bit output block is produced. Therefore, a compression ratio of almost 10:1 has been achieved without significant degradation to the voice quality.

Simplified RPESimplified RPE--LTP Speech CoderLTP Speech Coder

Voice datapre-processing

(note 1)

LPC analysis

Short-term analysis filter + RPE analysis

and coding

2

RPE decoding and analysis

+

LTP analysisfilter

LTPanalysis

1

3_

2

1

3

36 bits reflection coefficient = 36 bits

4 x 47 bits RPE parameters = 188 bits

4 x 9 bits LTP parameters = 36 bits

= 260 bits/20ms or 13kbps

2080 bit(20ms)blocks

note 1:removes any DC level and uses pre-emphasisfilter to emphasise higher speech frequenciesLPC = Linear Predictive CodingRPE = Regular Pulse ExcitationLTP = Long Term Prediction

MUX

13kbps

_____________________________________________________________________ 6.4 Channel Coding Techniques

The speech decoding process is very sensitive to errors in the transmitted bits and attention must be paid to checking and correcting errors in transmission. Procedures for addressing this problem are covered in this section




GSM Channel CodingGSM Channel Coding

8000 Hz sampling

13-bit resolution


Channel Coding


RPE-LTPSpeech Coder


Interleaving


GMSKModulation



156.25-bit bursts

Speech Coding

Radio Interface

Error Correction CodingError Correction Coding

• To reproduce speech, decoder needs bit error rate no more than 0.1%

• Radio channel typically gives error rate of 1% or more - need error correction

• Channel coding provides error protection

• Two approaches to error protection:

• Backward error correction

• Forward error correction

6.4.1 BACKWARD ERROR CORRECTION In backward error correction, we assume that if the known check bits have been transmitted correctly, the rest of the data is correct. If the check bits do not match what is expected, the system asks for re-transmission.



Automatic Repeat Request (ARQ) is not suitable for speech as the timing could become unintelligible if several repeats were necessary. However, in normal conversation, we naturally apply backward error correction by asking the person to repeat something we have not understood.

Backward Error Correction (BEC)Backward Error Correction (BEC)

• Blocks checked at distant end by comparing FCS/BCS• Detected errors generate request for retransmission of block

• BEC utilises block channel coding

• Suitable for data transmission - not speech

Data bits Addcheck bits

Transmitter

Removecheck bits

Correct

No

Yes

Repeatrequest

Acceptdata bits

Receiver

• Backward error correction - Automatic Repeat Request (ARQ):

6.4.2 FORWARD ERROR CORRECTION

Forward Error CorrectionForward Error Correction• Coding is added to the information bits (redundancy) which enable the original to

be reconstructed given a small number of random errors• Repeat transmission is not required if data fully corrected - suitable for speech

• FEC generally utilises convolution channel coding

Data bits

Code bits

Generate code

Combine code + data Coded

data

Coded data

ED&C

Extract data

Transmitter

ReceiverData bits




In forward error transmission, the original data can be reconstructed from the received bits in several ways, allowing the system to make a best estimate of what the data should be, without requiring re-transmission. Because we are sending more bits than there are in the original data, there is said to be redundancy in the system.

6.4.3 BLOCK CHANNEL CODING

Using block codes, the current data block (that which is about to be transmitted) is used to generate a code. This code is sent along with the original data bits. In the simple example illustrated, the code is just a repeat of the original data. Realistic schemes are calculated to give the best chance of recovering the data when errors occur.

Speech coded blocks

Block Channel CodingBlock Channel Coding

Data Block

Block Coder

Data Block

Check Code Data Block Check

Code Data Block

New block-codedspeech block

•• Simplified Block Coding ConceptSimplified Block Coding Concept

6.4.4 CONVOLUTIONAL CHANNEL CODING

Convolutional coders are normally described by the ratio of input information bits to output coded bits generated by the coder plus the delay (in terms of bits) incurred through the convolution process. They delay is related to the number of registers used in the coding device. For example, a coder that generates 2 output bits for every information input bit using a 5-bit register is referred to as a ½ rate encoder with a delay (or constraint length) of 5.



Convolutional CodesConvolutional Codes

• Rate of coding describes the amount of redundancy in the coded data:• 1/2 rate code transmits twice as many bits as actual data• Data rate is halved

• Convolutional codes cannot detect errors

• If the error rate is high, convolutional codes can increase errors

• Convolutional codes are slightly more efficient than block codesi.e. reduction in error rate for given increase in bits transmitted

Convolution Channel CodingConvolution Channel Coding

•• Simplified Convolution Coding Concept:Simplified Convolution Coding Concept:

d1 d2 d3 d4

+ +

+++

CjV = 2

G0(d)

G1(d)

di

G0(d) = d4 + d3 + 1

G1(d) = d4 + d3 + d1 + 1

Section 6 – Speech & Channel Coding

1

The coder above feeds 4 information bits of the bit stream into the registers. It then carries out two processes:

• Modulo 2 addition of d + d3 + 1 to produce a G0 bit and

• Modulo 2 addition of d4 + d3 + d1 + 1 to produce a G1 bit




These two bits are then fed to the output. The bits stored in the registers are then moved to the right by one place and the next information bit is fed in. The process then repeats itself. As a result, two bits are generated for each information bit fed into the encoder. These bits are not the original data with bits added (as is the case with block coding) but rather a representation of the original data. Therefore, convolutional coding is not able to detect errors; it simply reconstructs that data using the information stored in the transmitted bits.

_____________________________________________________________________ 6.5 GSM Channel Coding

GSM uses a combination of block and convolutional coding methods. First some of the information bits are block coded, building a block of information each with an associated block check sequence (BCS). All the block coded bits (including the BCS) are passed through a convolutional coder to form the final coded bits

53 bits

GSM (TCH/F) Channel CodingGSM (TCH/F) Channel Coding

78 Class 2 bits(side information)

½-rate convolution encoder

50 Class 1a bits

Inc 3 parity bits

4 tail bits

78 non-encoded bits378 convolution encoded bits +

456 bits

uncoded

260 bits

x2

132 Class 1b bits

189 bit block coding 132 bits

The reason for this ‘double coding’ is that ideally forward convolutional coding will detect and correct all errors. However, if the data is damaged beyond repair, block coding is used to ignore the data and request a retransmission of the corrupted data block.

The GSM coding scheme is described as ‘concatenated’. as divides the data into three prioritised sections, depending on the importance of the data to the speech characteristics. It then applies different levels of coding to each, as shown.. The resultant code is then put together (concatenated) for transmission. The convolutional coder described previously is that used by GSM. The purpose of the addition of 4 tail bits in the previous diagram is to ensure that the registers in the coder are flushed after each 260-bit block has been coded.



_____________________________________________________________________ 6.6 Interleaving

6.6.1 INTERLEAVING PRINCIPLE The efficiency of the convolutional coding described above is based on an assumption that errors will be randomly distributed. However, radio transmission paths tend to be prone to frequency-dependent ‘bursty’ type errors due primarily to fading. Therefore, convolutional coding alone may not be able to compensate for a large number of consecutive errors on a single channel frequency

Block InterleavingBlock Interleaving

8000 Hz sampling

13-bit resolution


Channel Coding


RPE-LTPSpeech Coder


Interleaving


GMSKModulation



156.25-bit bursts

Speech Coding

Radio Interface

To overcome this, the data bursts are not sent in their natural order, but are interleaved among a set of timeslots within the multiframe.

Interleaving is applied after error coding and removed at the receiver before the decoding. Thus the coding algorithm has a more random distribution of errors to deal with. In the example above, 8 data blocks for each of channels 1-3 are transmitted consecutively. If a noise burst occurs at the point and for the duration shown, 6 data blocks will be affected, 1 block of channel 1 and 5 blocks of channel 2. This is probably insignificant for channel 1 but could have significant implications for channel 2.




Interleaving Interleaving -- Effects of ‘Burst’ NoiseEffects of ‘Burst’ Noise

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 81 2 3 4 5 6 7 8

Noise burst

3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 81 1 1 2 2 2 3 3

Noise burst

1

1

1

Channel 1

Channel 2

Channel 3

• Non – Interleaved Channels:

• Interleaved Channels:

If the channel data blocks are interleaved as shown in the lower illustration, 6 blocks will still be affected but in this case only two from each channel. Therefore the significance of the noise burst (per channel) has been reduced.

InterleavingInterleaving

456 bits

Channel Coder Channel Coder

1 2 3 4 5 6 7 8

456 bits

1 2 3 4 5 6 7 8

1 2 3 4 5 6 71 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8

(8 x 57 bit blocks)

In addition, existing error correction algorithms function most efficiently when errors are random in nature. They would therefore have a greater probability of correcting all errors on each of the three channels in the second case above but would be unlikely to correct all the errors on channel 2 in the first case above.



6.6.2 GSM INTERLEAVING IMPLEMENTATION

GSM employs interleaving to reduce the effects of burst noise over the air interface. This takes place after channel coding but before converting the coded bit stream into data bursts.

The degree of interleaving used in GSM depends on the type of traffic carried. One 456-bit block of data is spread over:

• 8 timeslots for full-rate speech (as shown above) • 4 timeslots for most control channels • up to 19 timeslots for data

Each timeslot referred to above equates to a burst of data over the air interface. The following section describes the radio burst multiplexing of data blocks over the air interface and the different types of bursts used by GSM.

_____________________________________________________________________ 6.7 Radio Burst Multiplexing

GSM Burst MultiplexingGSM Burst Multiplexing

8000 Hz sampling

13-bit resolution


Channel Coding


RPE-LTPSpeech Coder


Interleaving


GMSKModulation



156.25-bit bursts

Speech Coding

Channel Coding

Radio Interface

6.7.1 RADIO BURST MULTIPLEXING PRINCIPLES Data is transmitted over the GSM Air interface in blocks. Each block is known as a ‘burst’. One burst corresponds to one timeslot on an 8-timeslot TDMA frame. GSM defines a number of burst types, dependant upon the burst’s function. However, they all have a size of 156.25 bit periods with time duration of 0.577ms (see section on voice/channel coding for explanation).




Radio Burst MultiplexingRadio Burst Multiplexing

1 burst = 156.25 bit periods (0.577mS)

456 bits

1 2 3 4 5 6 7 8

456 bits

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7

13 8.2557 data bits26 training bits 1 357 data bits

1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8

(8 x 57 bit blocks)

However, the Guard period of each burst exists to provide an inter-timeslot buffer and is therefore not actually part of the information burst. Therefore the burst size is often referred to by its information size. For example, a normal burst of 156.25 bit periods has an 8.25 guard period and therefore has an information burst size of 148 bits. Each burst bit is numbered 0-156 with the last ¼ bit being 156. The 0 bit is always transmitted first.

Types of Data BurstTypes of Data Burst

• The 156.25 bit periods of a timeslot can hold different types of data burst:

8.2526 Training

Bits

142 fixed bits

8

Guard period

Normal Burst(Traffic and most control channels)

Frequency Correction Burst (FCCH)Data and tail bits are all 0

Synchronisation Burst (SCH)Data to synchronise MS with BTS

Dummy BurstTransmitted on BCCH carrier when there are no other

bursts - allows power level measurements

Access Burst (RACH)Long guard period to avoid collisions

Tail bits

Stealing flag bits

57 Data Bits

41 Training Bits

36 Data Bits

1 3

3 8.253

3 8.2539 Data Bits

64 Training BitsSync Sequence

39 Data Bits

3

26 Training Bits 8.2533

157 Data Bits3

3 68.25



GSM defines 5 bursts types include:

• Normal Bursts • Synchronisation Bursts • Frequency Correction Bursts • Access Bursts • Dummy Bursts

6.7.2 NORMAL BURST A normal burst is the most common burst type and is generally used for carrying user data (voice) over the Traffic Channel (TCH) and for control channels other than the FCCH, SCH and RACH (see different burst types below). It has an information burst size of 148 bits (156.25-8.25 guard period). The burst comprises the following elements:

• Data Blocks. The burst includes 2 x 57-bit voice/data blocks. These blocks (plus the stealing bits) are encrypted (see section on voice/channel coding for explanation of how blocks are inserted into bursts).

• Tail Bits. The burst includes 2 x 3-bit tail blocks. These blocks are always set to 0,0,0. Their purpose is to assist in the equalisation process by providing a start/stop reference for the equaliser.

• Training Bits. Each burst contains a 26-bit training sequence. This sequence is used by the equaliser to compensate for timing variations on the channel (see section on Equalisation). GSM defines 8 distinct 26-bit training patterns. The sequence used is determined at call setup.

• Stealing Bits. Each burst contains two stealing bits, one associated with each voice/data block. A stealing bit is set to 1 if its associated data block has been ‘stolen’ for use by the FACCH (see section on GSM control channels for further explanation).

• Guard Period. The 8.25-bit guard period is unused space with allows for a short time

gap between consecutive timeslots to prevent inter-timeslot interference over the channel. The guard period also allows time for the transmitter to ramp -up and ramp-down.

6.7.3 FREQUENCY CORRECTION BURST

The Frequency Correction burst is used for frequency synchronisation of the MS. The data bits are all set to 0, the equivalent of an unmodulated carrier with a specific frequency offset. The repetitions of these bursts are collectively known as the Frequency Correction Channel (FCCH). It has an information burst size of 148 bits (156.25-8.25 guard period). The tail bits and guard band are the same as for a normal burst.




6.7.4 SYNCHRONISATION BURST The synchronisation burst is used for time-synchronisation of the mobile with the BTS. It differs from the Normal Burst primarily in the fact that it has an extended 64-bit training sequence, with no stealing bits and reduced-size data blocks. The repetitions of these bursts are collectively known as the Synchronisation Channel (SCH). It has an information burst size of 148 bits (156.25-8.25 guard period). A single burst comprises the following elements:

• Data Blocks. The burst includes 2 x 39-bit encrypted data blocks. These blocks carry information regarding the TDMA frame number and Base Station Identity Code (BSIC). It is broadcast in conjunction with the Frequency Correction burst. The frame Number (FN) is encoded in a 19-bit pattern which repeats every 2,715,648 frames (3.5 hours). The TDMA frame number is used by the mobile to determine the type of logical channel being transmitted on the control channel, TS0. The BSIC is also used by the mobile for checking the identity of the BTS when making power measurements.

• Training Bits. The extended 64-bit training sequence is used to allow for time-synchronisation between the mobile and the BTS.

The tail bits and guard band are the same as for a normal burst. 6.7.5 DUMMY BURST The format of Dummy Burst is the same as that for the Normal Burst (the stealing bits have relevance here). However, it contains no information. It is generally transmitted by the BTS on any BCH carrier timeslot (including TCHs) when no other information is to be sent so that neighbouring cells can still carry out power measurements. 6.7.6 ACCESS BURST The Access Burst is used to gain access to the network and is therefore uplink only. It is also used to request resources from the new cell on handover. It has a shortened information burst size of 88 bits (156.25-68.25 guard period). The burst comprises the following elements:

• Data Blocks. The burst includes a 36-bit data block. This block contains information from the MS requesting network resources

• Tail Bits. The burst includes a normal 3-bit tail block and an extended 8-bit tail block.

• Training Bits. Each burst contains an extended 41-bit training sequence to allow for the equaliser to provide adequate timing adjustments. This sequence is used to synchronise the MS to the BTS. The BTS detects the 41-bit access sequence and computes the timing advance value which is then transmitted to the MS.

• Guard Period. The extended 68.25-bit guard period is to allow for the fact that when an MS initially connects to the network, it has no information about timing advance. This guard period allows for maximum initial timing advance and hence maximum cell size (max 64-bit timing advance value, up to 37.5km round-trip distance from the BTS1) until the MS is informed about its correct timing advance level (see above).

1 Guard period = 68.25 bit periods at 3.69µs/bit = 252 µs. 252 µs x 3x108 = 75.5km = 37.5km round trip dis tance.



_____________________________________________________________________ 6.8 Summary of Coding Processes

Speech

GSM Voice/Channel Coding SummaryGSM Voice/Channel Coding Summary

20ms Block 20ms Block

260 bits

456 bits

13kbps

Speech Coder

Channel Coder

260 bits

Speech Coder

Channel Coder

1 2 3 4 5 6 7 8

456 bits

1 2 3 4 5 6 7 8

1 2 3 4 5 6 7

13 8.2557 data bits26

training bits

1 357 data bits 1 burst = 156.25 bit periods (0.577mS)

22.8kbps

20ms Block

RPE-LTP encoding

Block and convolution encoding

Interleaving

8 x 57-bit blocks

1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8

(2080 bits per block)

_____________________________________________________________________ 6.9 Radio Interface Modulation

GSM ModulationGSM Modulation

8000 Hz sampling

13-bit resolution


Channel Coding


RPE-LTPSpeech Coder


Interleaving


GMSKModulation



156.25-bit bursts

Speech Coding

Channel Coding

Radio Interface




The modulation technique used with standard GSM is known as Gaussian Minimum Shift Keying (GMSK). GMSK had its roots in Frequency Shift Keying (FSK) where each binary 1 and 0 is transmitted in the form of one of two different frequencies:

Modulation Modulation -- Frequency Shift KeyingFrequency Shift Keying

• Two frequencies are used to represent the two binary levels

Modulator

Carrier F1 + F2

F1 F1F2 F2

1 0 1 0

Modulation Modulation -- Minimum Shift Keying (MSK)Minimum Shift Keying (MSK)

• MSK utilises procedures to minimise the phase change when alternating frequencies

1



Minimum Shift Keying (MSK) is a special form of FSK that uses minimum spacing and no phase inversions. It uses a continuous phase modulation scheme where frequency changes occur at the carrier zero crossings. With MSK the difference between the frequency of a logical zero and a logical one is always equal to half the data rate.

A significant problem with using MSK for high speed applications is that it is not compact enough to fully utilize the available RF bandwidth. To more efficiently use available bandwidth, it is necessary to reduce the energy of the MSK upper side lobes by feeding the signal through a low pass filter. To do this, a Gaussian filter, characterized by a Gaussian distribution (bell shaped curve), is used to provide a cut-off frequency with very little overshoot in its impulse response and therefore reduces adjacent channel interference. Therefore GMSK is able to make much more efficient use of bandwidth and power than does MSK due to its low base-band and harmonic content.

Modulation Modulation -- Gaussian Minimum Shift KeyingGaussian Minimum Shift Keying

• Data pulses are shaped using a Gaussian filter:

• Smoothes phase transitions

• Gives a constant envelope

• Reduces adjacent channel interference

Spatial Frequency Spatial Frequency

0 0.1 0.2 0.3 0.4 0.5 0 0.1 0.2 0.3 0.4 0.5

Res

po

nse

Res

po

nse

0

0.2

0.4

0

.6

0.8

1

.0

0

0.2

0.4

0

.6

0.8

1

.0

Frequency Response of MSK Filter Frequency Response of GMSK Filter

Gaussian Filter Response




SummarySummary

• Speech Coding Techniques

• GSM Speech Coding

• Channel Coding Techniques• GSM Channel Coding

• Interleaving

• Radio Burst Multiplexing

• Radio Interface Modulation

This Section covers the following topics:

d1 d2 d3 d4

+ +

+++

CjV = 2

G0(d)

G1(d)

di1




_____________________________________________________________________ 7.1 Introduction

The Mobility management (MM) sublayer exists between the MS and the MSC. MM messages are relayed transparently through the BSS. MM functions can be divided into three groups:

• MM Common Procedures • MM Specific Procedures • MM Connection Management Procedures

The Common procedure group can be again sub-divided into two areas:

• Network initiated Common Procedures • MS-initiated Common Procedures




_____________________________________________________________________ 7.2 Mobility Management Procedures

Mobility Management ProceduresMobility Management Procedures

• Network Initiated MM common procedures:• TMSI re-allocation procedure• authentication procedure• identification procedure

• MS-Initiated MM common procedures:• IMSI detach procedure

• MM-specific procedures:• normal location updating procedure• periodic updating procedure• IMSI attach procedure

• MM connection management procedures:• establish, maintain and release a MM connection between the MS and

the Network

7.2.1 MM COMMON PROCEDURES. MM common procedures relate to security functions and also includes MS network detach procedures. A MM common procedure can always be initiated whilst a RR connection exists. The procedures belonging to this group are: (a) Network-Initiated:

• TMSI re-allocation procedure • Authentication procedure • Identification procedure • Abort procedure

The abort procedure is used only if an MM connection is being established or has already been established i.e. not during MM specific procedures or during IMSI detach procedure. (b) Initiated by the Mobile station:

• IMSI detach procedure



7.2.2 MM-SPECIFIC PROCEDURES. MM specific procedures relate to location updating and also includes MS network attach procedures. A MM specific procedure can only be initiated if no other MM specific procedure is running or no MM connection exists. The procedures belonging to this group are:

• Normal location updating procedure • Periodic updating procedure • IMSI attach procedure

7.2.3 MM CONNECTION MANAGEMENT PROCEDURES. MM Connection management procedures enable the establishment, maintenance and release of MM connections between the MS and the network (MSC), over which an entity of the upper CM layer can exchange information with its peer. A MM connection establishment can only be performed if no MM specific procedure is running. More than one MM connection may be active at the same time.

_____________________________________________________________________

Network AreasNetwork Areas

• Cell: radio coverage area of one base station (BTS)• GSM assigns a cell global identity number to each cell

• Location Area: Group of cells served by one or more BSCs.

• When there is an incoming call, the mobile is paged throughout its location area. A unique Location Area Identity (LAI) is assigned to each LA.

• MSC Service Area: part of network covered by one MSC. • All mobiles in this area will be registered in the VLR

associated with the MSC.

• PLMN Service Area: public land mobile network area - the area served by one network operator

7.3 Network Areas




In order to understand the concepts of mobility management, it is necessary to understand the structure of network areas used within GSM systems. This is also relevant to the concepts for call management and paging procedures. 7.3.1 GSM SERVICE AREA A GSM Service Area is defined as the total area served by a combination of all member countries where a mobile can be serviced. 7.3.2 PUBLIC LAND MOBILE NETWORK (PLMN) The PLMN is defined as a network serving a specific geographical area or a specific operator. For example, a country could be divided into a number of regions, each covered by a PLMN or, as is the case in the UK, each of the four major vendors (Cellnet, Vodafone, Orange and One-to-One) each provide a country-wide PLMN. The links between PLMNs or a PLMN and PSTNs will be on the level of national or international transit exchanges. All incoming calls for a GSM PLMN will be routed to a Gateway MSC which acts as an incoming transit exchange for the GSM PLMN. 7.3.3 MSC/VLR SERVICE AREA A PLMN is divided into a number of MSC/VLR Service Areas, each controlled by a single MSC. The size of each area is dependant upon the capacity constraints of the MSC and/or the size of the geographical region. All MSs within and Service Area are registered with the VLR associated with that MSC. All MS-originated and MS-terminated calls are routed through the MS’s parent MSC. 7.3.4 LOCATION AREAS (LA) MSC/VLR Service areas can comprise one or more LAs, each uniquely identified by a Location Area Identity (LAI). LAs are used to group MSs for paging purposes. When an MSC needs to locate an affiliated MS, it transmits a broadcast paging request message. To reduce the load on the signalling channels, rather than broadcasting this message over the whole MSC Service Area, it is only transmitted in the LA in which the MS is currently operating. In order to achieve this, the MSC must retain up-to-date knowledge of the current LA in which each MS is operating. This is achieved through location update messages transmitted by all MSs each time an MS moves into a new LA. 7.3.5…CELLS The lowest level of functional area within a GSM Network is the Cell. An LA comprises a number of cells, each cell serving a number of mobile subscribers. As the MS is moving between cells, it distinguishes new cell by receiving the Base Station Identity Code (BSIC) which is transmitted regularly by each Base Transceiver Station (BTS).



_____________________________________________________________________

7.4.1 MS TURNED OFF In this case the MS cannot be reached by the network. This could be due to the MS being out of coverage for an extended period or in powered down or the SIM has been removed. In all cases, the MS fails to respond to paging messages and does not provide periodic location updates. In such circumstances, the network assumed the MS is IMSI detached (see below).

MS Mobility StatesMS Mobility States

A Mobile Station (MS) can be in one of three mobility states:

• MS turned off

• MS turned on in idle mode

• MS turned on in dedicated mode

7.4.2 MS TURNED ON IN IDLE MODE In idle mode the MS is ‘camped-on’, synchronised to the network and is ready to place or receive a call. The MS is said to be ‘IMSI-attached’. It can also receive paging messages and provide periodic location updates (e.g. on change of Location Area). In addition it carries out cell reselection procedures as it moves around the network. 7.4.3 MS TURNED ON IN DEDICATED MODE In dedicated mode, the MS is participating in user information transfer, either through a voice or data call.

7.4 Mobility States




_____________________________________________________________________

7.5.1 MS NETWORK CONNECTION SEQUENCE When an MS powers on within network coverage, it starts by scanning all frequencies within its allocated band (e.g. 124 for standard GSM). It measures the received power on each of these frequencies and placed them in order. The MS then selects and listens out on the strongest RF level carrier for a frequency correction burst which is transmitted on the control channel of a BCCH carrier. This is to initially achieve frequency synchronisation with the transmitting BTS.

MS Network Connection SequenceMS Network Connection Sequence

Power on Scan RFchannels

Select highestcarrier level

Scan for FCCHfrequency correction burst

Select next highestcarrier level

FCCHdetected?

Scan for SCHsynchronisation burst

SCHdetected?

‘camp-on’ to BCCH and start decoding

Monitor PCH and adjacent carriers

YES

YES

NO

NO

Having achieved frequency synchronisation; the MS listens on the SCH for frame synchronisation information. The SCH channel provides frame timing, the current frame number and BSIC information. Once frame synchronisation is achieved, the MS starts to read and decode the additional information being transmitted on the BCCH. This includes the adjacent cell list, minimum received signal strength, the LAI and beacon frequencies from surrounding cells. The MS then continues to monitor the PCH for incoming call paging requests, sends periodic location updates and maintains a record of surround cell signal strengths. If the MS fails to detect either the FCCH or the SCH, it will reselect the next highest RF carrier level from its measured list and repeats the detection process.

7.5 IMSI Attach / Detach



7.5.2 IMSI ATTACH PROCEDURE

IMSI AttachIMSI Attach

• Mobile camps on to best serving BTS

• Mobile sends IMSI to MSC

• MSC/VLR is updated in HLR

• Subscriber data including current location area is added to local VLR

• MSC and HLR carry out authentication check - challenge and response using Ki

• Optionally EIR checks for status of mobile (white/grey/black)

BSC

EIRHLR

AuC

MSC

VLR

ü

Section 8 – Mobility Management

The IMSI attach procedure is used by the MS to indicate that it is has adopted the active (power-on) state within the network. The IMSI attach is also performed as part of the location updating procedure. The basic IMSI attach procedure is illustrated above and described below, with each of the stages identified on the diagram:

Stage 1 The MS sends a message to BSS on the RACH requesting a channel allocation. The BSS responds with a ‘Immediate Assignment’ message on the AGCH. This message assigns a SDCCH channel to the MS. Stage 2 On assignment of the SDCCH channel, the MS sends and IMSI attach message over the SDCCH to the MSC/VLR relayed via the BSS. This informs the MSC/VLR of the MS’s IMSI. This information may also be updated in the HLR which provides subscriber profile data to the VLR is it does not already have it. Stage 3 . Security procedures are activated including authentication and (optionally) and IMEI check with the EIR. Stage 4 Assuming successful authentication, the VLR responds to the MSC with an ‘IMSI Attach Acknowledge’ message which is forwarded by the MSC, via the BSS, to the MS. Stage 5 The MSC also sends a ‘Clear Command’ message to the MS over the SDCCH in order to release the dedicated resources used to effect the IMSI attach




Stage 6 . The VLR assigns a Temporary Mobile Subscriber Identity (TMSI) to the MS and informs it that it is attached to the network. This function creates a ‘Mobility Management (MM) Context’. 7.5.3 IMSI DETACH PROCEDURE

IMSI DetachIMSI Detach

• Explicit:• Mobile informs MSC it is switching off

• HLR stores last location area for mobile

• VLR records that mobile is no longer available on network

• Mobile powers down

• Implicit• VLR forces IMSI Detach due to no response

"BSC

HLR

AuC

MSC

VLR


The IMSI detach procedure is invoked if the MS is deactivated either by powering down or if the SIM is removed or forced by the network. There are two causes of an IMSI detach:

• Explicit: The MS informs the network that it is detaching. • Implicit: The MSC has not been able to contact the MS for a pre-determined amount

of time and forces an IMSI detach. The detach procedure is essentially the reverse of the IMSI attach procedure and is as follows: Stage 1 The MS sends a ‘Channel Request’ message on the RACH to the BSS. The BSS assigns a an SDCCH channel, informing the MS over the AGCH. Stage 2 The MS sends a ‘IMSI Detach Indication’ message to the BSS which identifies the MS using its TMSI. The BSS forwards this message to the MSC which in turn updates its VLR using a ‘Detach IMSI’ signalling message. Stage 3 The VLR informs the HLR of the change using a ‘Deregister Mobile Subscriber’ signalling message. The HLR responds to the VLR with a ‘Deregistration Accepted’ message.



Stage 4 The VLR notifies the MSC of this acceptance with an ‘Acknowledge IMSI Detachment’ message. The MSC does not notify the MS as, by this stage, the MS may well be disconnected. Stage 5 The MSC sends a ‘Clear Command’ message to the BSS to release the assigned SDCCH resources. The BSS responds with a ‘Clear Complete’ message which completes the IMSI Detach procedure.

_____________________________________________________________________

7.6.1 LOCATION UPDATE OPTIONS In order to ensure the correct routing of an incoming call to a MS, the network needs to know the current location of that MS down to cell level. This can be achieved by one of three methods:

• Location Update on Every Cell Change Every time an MS moves into a different cell area, it sends a location update to the network. This has the advantage that no paging is required to establish the cell location of an MS for each incoming call. However, it imposes a significant load on the network signalling channels.

• Paging All Cells

Every time an incoming call is to be routed to an MS, all cells in the network are paged to identify the cell owning the MS. This has the advantage that no location updating is required to maintain a current MS location log. However, it imposes a significant load on the network signalling channels.

Location Update OptionsLocation Update Options

• Send location update on every cell change• No paging requirement• Excessive signalling traffic load

• Page every cell in network• No location update requirement• Excessive signalling traffic load

• Subdivide network into paging areas• Requires paging procedure with reduced traffic load• Required location updating with reduced traffic load


7.6 Location Updating




• Subdivide Network into Paging Sub-Regions Every time an MS moves in a new paging sub-region it informs the network of that sub-region identity. Every time an incoming call is to be routed to an MS, only the cells in its current paging sub-region are checked. This provides a comprise between the two above options and has been proved to reduce signalling channel loads significantly.

7.6.2 GSM LOCATION AREAS (LAs) Within GSM networks these paging sub-regions are known as a Location Areas (LAs) and comprise a number of cells. All cells within the LA must be under the control of a single MSC and within the same PLMN. Each LA within the PLMN is uniquely identified by a Location Area Identifier (LAI). 7.6.3 CONDITIONS FOR LOCATION UPDATES

Location Updates occur under one of the following conditions:

• On change of LA • Periodic Updates • On MS switch on (IMSI attach) • When changing cells during a call

Location UpdatesLocation Updates

• Location Area Change

• Periodic Location Update

• IMSI Attach

• Cell change during call

• TMSI update on LA changeBSC

MSC

VLR

BSC

MSC

VLR

BSC

HLR

AuC

Every time a moving MS enters a new LA (identified by the information transmitted on the BCCH) it initiates a location update.



If an MS is not moving, LA updates will not take place. Therefore, if there has been no activity for a (operator-defined) period of time, the MS will initiate a periodic update to the network. If the parent VLR has received no updates from an MS within a certain (operator-defined) time period, it assumes it has left the network and forces an IMSI detach. Every time an IMSI attach takes place, location update information is passed to the parent VLR. If an MS has previously detached and is reattaching in the same VLR no update is required. If it is a new VLR a standard location update procedure is implemented. In this case the HLR would also be informed of the new LAI associated with the MS. If an MS changes cell during a call, a location update must be initiated to ensure traffic continues to be routed to the correct cell.

_____________________________________________________________________

Roaming is defined as the ability of an MS to move between different PLMNs with no disruption to services. In order to have this capability, the service providers of the two PLMNs must have a mutual roaming agreement.

RoamingRoaming

• Allows subscriber to travel to different network areas, different operator’s networks, different countries - keeping the services and features they use at home

• Billing is done through home network operator, who pays any other serving operator involved

• Requires agreements between operators on charge rates, methods of payments etc.

• Clearing house companies carry out data validation on roamerdata records, billing of home network operators and allocation of payments

7.7 Roaming




_____________________________________________________________________

In order to ensure continued confidentiality of a user’s IMSI, each time an MS changes LA, a new TMSI is issued by the VLR. Exceptional conditions could include a network failure (e.g. a database) where the TMSI becomes unknown, in which case the network will request IMSI details in order to validate the subscriber before issuing a new TMSI.

TMSI ReTMSI Re--allocationallocation

• Used to protect a subscriber’s IMSI

• TMSI only unique within a Location Area (LA)

• Outside an LA, TMSI must be combined with LAI to remain unique

• TMSI re-allocated on LA change (minimum) or as a result of an exceptional condition.

• Normally takes place in encrypted mode

• Normally tales place in conjunction with another procedure e.g. Location update, call setup etc

7.8 TMSI Reallocation



SummarySummary

This Section has covered the following MM Functions:• Network areas

• MS Mobility States

• Attaching and Detaching from the Network

• Authentication and Security (Section 10)

• Location Updating• Roaming

• TMSI reallocation



8. Radio Resource Management _____________________________________________________________________ 8.1 Introduction

Radio Resource management procedures include the functions related to the management of the common transmission resources, e.g. the physical channels and the data link connections on control channels. It exists only between the MS and the BSS. The general purpose of Radio Resource procedures is to establish, maintain and release RR connections that allow a point-to-point dialogue between the network and a Mobile Station. This includes the cell selection/reselection and the handover procedures. Moreover, Radio Resource management procedures include the reception of the uni-directional BCCH and CCCH when no RR connection is established. This permits automatic cell selection/reselection.




_____________________________________________________________________ 8.2 Radio Resource Connection Setup

Channel RequestChannel Request

Immediate AssignmentImmediate Assignment

RACHRACH

AGCHAGCH

MobileMobile BSSBSS

MobileMobile--Initiated RR Connection SetupInitiated RR Connection Setup

Channel RequestChannel Request RACHRACH


Paging Request

Paging Request



PCHPCH

RACHRACH

AGCHAGCH

MobileMobile BSSBSS

NetworkNetwork--Initiated RR Connection SetupInitiated RR Connection Setup



Channel Release

Channel Release

Return to idle stateReturn to idle state

SDCCHSDCCH

MobileMobile BSSBSS

RR Connection ReleaseRR Connection Release

• Initiated by network only

• Reasons could include:• End of a call

• Too many errors

• Removal of channel in favour of higher priority call

• MS waits for a short random period and returns to idle state

Short random delayShort random delay

_____________________________________________________________________ 8.3 Cell Selection and Reselection

On switch-on, an MS periodically measures the received power level on each of the BCCH frequencies of all cells within range. From these periodic measurements the MS calculates the mean received level value from each cell, stored in the parameter RXLEV(n) where n=neighbouring cell number. Based on these calculated values, the MS selects which cell to connect to. This connection process is referred top as ‘Camping-on’ to that cell. An MS in idle mode must periodically measure the received power level on each of the BCCH frequencies of neighbouring cells. From these periodic measurements the MS calculates the mean received level value from each cell, stored in the parameter RXLEV(n) where n=neighbouring cell number. Based on these calculated values, the MS selects which cell to camp-on to. Once a mobile has camped on to a cell, it will continue to measure neighbouring BCCH carriers, looking for a better cell. The OFFSET (hysteresis) term prevents unnecessary re-selection on a location area boundary which would require extra signalling to perform the location update.




Cell Selection ProcedureCell Selection Procedure

• MS powers-up

• MS starts measuring received power level from all cells in range

• MS calculates average power level received from each cell• Stored in RXLEV(n) parameter

• MS calculates C1 parameter for each cell based on RXLEV(n) and vendor-specific parameters

• Mobile compares cells which give a positive value of C1 and ‘camps-on’ to the cell with the highest C1 value

Cell ReCell Re--selection selection –– GSM Phase 1 MobilesGSM Phase 1 Mobiles

For GSM Phase 1 mobiles, cell reselection is achieved by comparing current cell C1 with neighbouring C1 cell measurements:

• Between cells within a Location Area:

C1 (new) > C1 (old)

(for more than 5 seconds)

• Between cells on a Location Area boundary:

C1 (new) > C1 (old) + OFFSET (for more than 5 seconds)



Cell ReCell Re--selection selection –– GSM Phase 2 MobilesGSM Phase 2 Mobiles

• GSM Phase 2 introduced a separate cell re-selection parameter, C2

• Intended to:• Prevent multiple reselections for fast-moving mobiles

• Ensure MS camps on to cell with greatest chance of successful communications

• The C2 calculated is:

C2 = C1 + OFFSET – (TEMPORARY_OFFSET x H(PENALTY_TIME –T)

In order to optimize cell reselection, additional cell reselection parameters can be broadcast on the BCCH of each cell. The cell reselection process employs a parameter C2 which depends on these parameters. The parameters used to calculate C2 are as follows:

C2 = C1 + CELL_RESELECT_OFFSET - TEMPORARY OFFSET * H(PENALTY_TIME - T) for PENALTY_TIME <> 11111 C2 = C1 - CELL_RESELECT_OFFSET for PENALTY_TIME = 11111 Where: H(x) = 0 for x < 0 {x = PENALTY_TIME-T} H(x) = 1 for x >= 0 CELL_RESELECT_OFFSET This optional parameter is a a positive or negative offset applied to each cell to encourage or discourage MSs to reselect that cell. PENALTY_TIME When the MS places the cell on the list of the strongest carriers (Neighbour list), it starts a timer which expires after the PENALTY_TIME. This timer will be reset when the cell is taken off the list. For the duration of this timer, C2 is given a negative offset. This will tend to prevent fast moving MSs from selecting the cell. TEMPORARY_OFFSET This is the amount of the negative offset described in (2) above. An infinite value can be applied, but a number of finite values are also possible.




_____________________________________________________________________ 8.4 Handovers

Handover TypesHandover Types

There are four different types of handover in the GSM system, which involve transferring a call between:

• Channels (time slots) in the same cell

• Cells within the same BSS (same BSC)

• Cells in different BSSs (different BSCs) but under the control of the same MSC

• Cells under the control of different MSCs

GSM handovers are ‘hard’ – i.e. mobile only communicates with one cell at a time

Internal

External

BSC

MSC

VLR

BSC

MSC

VLR

BSC

In a cellular network, the radio and fixed links required are not permanently allocated for the duration of a call. Handover, or handoff as it is called in North America, is the switching of an on-going call to a different channel or cell. The execution and measurements required for handover form one of basic functions of RR management. There are four different types of handover in the GSM system, which involve transferring a call between:

• Channels (time slots) in the same cell • Cells (Base Transceiver Stations) under the control of the same Base Station

Controller (BSC), • Cells under the control of different BSCs, but belonging to the same Mobile services

Switching Centre (MSC), and • Cells under the control of different MSCs.

Intra-BSS handovers are known as Internal handovers as they involve only one Base Station Controller (BSC). To save signalling bandwidth, they are managed by the BSC without involving the Mobile services Switching Centre (MSC), except to notify it at the completion of the handover. Inter-BSS (either intra- or inter-MSC) are known as external handovers and are handled by the MSCs involved. An important aspect of GSM is that the original (or anchor) MSC, remains responsible for most call-related functions, with the exception of subsequent inter-BSC handovers under the control of the new (or relay) MSC.



Handover CausesHandover Causes

• Handover can be initiated by either MS or MSC

• Handover decision is based on the following parameters (in priority order):

• Received signal quality

• Received signal strength

• Distance of MS from BTS

• Drops below power budget margin

• Each parameter has a operator-defined threshold and handover decisions can be based on one or a combination of the parameters

Handovers can be initiated by either the MS or the MSC (e.g. as a means of traffic load balancing). During its idle time slots of a multiframe, the MS scans the BCCH of up to 32 neighbouring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.

Handover Command MessageHandover Command Message

Structure of the message sent to MS by original BSS:

Message Type

Cell Description

Handover Reference

Power Command

Channel Description

Frequency List

or

Mobile Allocation

Includes Frequency Hopping information if required

Non - Frequency Hopping

Frequency Hopping

MS BSS

Handover Command




The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.

Handover MarginHandover Margin

Nom

inal

cel

l bou

ndar

y

BTS 1 BTS 2

Handover to BTS 2Handover to BTS 1

Mobile remains with BTS 1 or BTS 2

Hysteresis due to handover margin

Example of Handover SignallingExample of Handover Signalling

Signalling for a basic Inter-BSC handover involving only one MSC (Intra - MSC):

MS MSCBSS 1 BSS 2

Measurement report

Measurement report

Measurement report

Measurement report

Handover Required

Handover Request

Handover Command

Acknowledgement

Handover Command

Handover AccessHandover Detection

Physical Information

Handover CompleteHandover Complete

Clear Command

Clear Complete

Measurement report

Measurement report



SummarySummary

This section has covered the following RR Functions:

• Establish, maintain and release RR connections

• Cell Selection/reselection procedures

• Handover procedures

9. Call Management


9. Call Management _____________________________________________________________________ 9.1 Introduction

This section of the notes covers the procedures involved in establishing a call connection between subscribers and the routing of the associated traffic. This section also includes an overview of the requirements for echo cancelling. An MS can participate in one of two types of calls: Mobile Terminated Call. This is a call received by an MS that has been originated either from another MS (internal or external to the PLMN) or from a fixed network (e.g. PSTN) subscriber. Mobile Originated Call. This is call originated by an MS within a PLMN.

9. Call Management



_____________________________________________________________________ 9.2 Mobile Originated Calls

Mobile Originated CallMobile Originated Call

• When the mobile requests access to the network to make a call:

• BSS determines the nature of the call - e.g. regular voice call, emergency call, supplementary service

• Allocates radio resources to the mobile for the call

• NSS determines the destination of the call:•Mobile to mobile on same PLMN•Mobile to mobile on another PLMN•Mobile to fixed network (PSTN, ISDN)

• MSC / GMSC routes the call appropriately and handles signalling

?



RACHRACH

AGCHAGCH

MobileMobile BSSBSS

MobileMobile--Originated Call SetupOriginated Call Setup

LAPDmLAPDm Connection SetupConnection Setup



Unnumbered Acknowledgement Unnumbered Acknowledgement SDCCHSDCCH

Service RequestService Request SDCCHSDCCH

Radio Resource Connection

If the call is for another network, the originating MSC will route it to the gateway (GMSC) where it will be passed to the other network’s gateway.

9. Call Management


_____________________________________________________________________ 9.3 Mobile Terminated Calls

11

PSTNPSTNMSC

MobileMobile--Terminated (NetworkTerminated (Network--Originated) CallOriginated) Call

VLR HLR

GMSC

2244

44

33

55

6677

10101111

BSS

BSS

88

88

88

1212

9988

1212

99 BSS

The above example illustrates the following steps in establishing a Mobile Terminated (MT) (Network Originated) call: (1) The incoming call is passed from the fixed network to the gateway MSC (GMSC). (2) Using the MSISDN of the calling MS, the GMSC interrogates the HLR to determine the IMSI number of the called party. (3) The HLR checks for the existence of the called number and identifies the VLR to which it is currently affiliated. It then requests the mobile station roaming number (MSRN) from the identified VLR. (4) Upon receipt, the HLR transmits the MSRN back to the GMSC. (5) When the GMSC receives a valid MSRN, it switches the call through to the appropriate MSC. (6) The VLR is queried for the location range and reachability status of the mobile subscriber. (7) If the MS is marked reachable, a radio call is enabled at the MSC.

9. Call Management



(8) This generates a paging request to from the MSC to all BSSs in the MS’s last recorded Location Area. (9) The mobile subscriber telephone responds to the paging request from its current cell, the link is extended to the MS and authentication information is passed from the MS to the MSC . (10) All necessary security procedures are executed. (11) If security procedures are successful, the VLR indicates to the MSC that the call can be completed. (12) The MSC then extends the call from the GMSC to the MS.

Radio Resource Connection

Paging RequestPaging Request



Paging ResponsePaging Response

PCHPCH

RACHRACH

AGCHAGCH

SDCCHSDCCH

MobileMobile BSSBSS

NetworkNetwork--Initiated Call SetupInitiated Call Setup

LAPDmLAPDm Connection SetupConnection Setup

Unnumbered AcknowledgementUnnumbered AcknowledgementSDCCHSDCCH

9. Call Management


_____________________________________________________________________ 9.4 Call Routing Examples

9.4.1 INTRA-PLMN CALL ROUTING

IntraIntra--PLMN Call Routing ExamplePLMN Call Routing Example

PLMN

HLR

Call Routing

Signalling

HMSC VVLR

VMSC

When an MS calls another MS within the same PLMN it first carries out the mobile-initiated call procedure with its Home MSC (HMSC). The HMSC must first identify the location of the MS in order to route the call correctly. As this is not deducible from the dialled number (the destination MS’s MSISDN1 number), the HMSC must obtain the destination MS’s Mobile Station Roaming Number (MSRN). An MS’s MSRN is stored in its local VLR, in this case the VLR of the destination MS (Visited VLR or VVLR). However, the HMSC cannot interrogate the VVLR directly as it does not know its location. It must therefore request this information from the HLR. The HMSC requests this information from the HLR using the MSISDN number. The HLR interrogates the VVLR and extracts the MSRN of the destination MS. This is passed back to the HMSC which than then forward the call to the VMSC. The VMSC carries out paging procedures to initiate a mobile terminated call at the distant end.

1 The Mobile Subscriber ISDN (MSISDN) number is the number a subscriber normally associates with his handset

9. Call Management



9.4.2 INTER-PLMN CALL ROUTING

InterInter--PLMN Call Routing ExamplePLMN Call Routing Example

MSC2

HPLMN

GMSC

GMSC

VPLMN

MSC

HLR

Call Routing

Signalling

If subscriber within the HPLMN calls a subscriber external to the HPLMN, the dialled MSISDN number is not related to the current location of the destination MS. The call is therefore first routed to a GMSC in the HPLMN. The GMSC recognises the destination Network Dialling Code (NDC) from the dialled number and therefore known which VPLMN to access. It therefore forwards the call to a GMSC in the VPLMN. The VPLMN GMSC must then obtain the MSRN for the destination mobile. This procedure follows that of the Intra-PLMN call routing with the GMSC taking the place of the HMSC described in the previous example This simplifies the process of charging the called subscriber correctly if the call has to be re-routed because the called MS has roamed to a different PLMN or if the call has to be forwarded.

9. Call Management


_____________________________________________________________________ 9.5 Echo Cancelling

Echo CancellingEcho Cancelling

BSS

PLMN PSTN

MSC EC2W-4WHybridBridge

Switch

Echo is an effect of hearing your own voice echoed back to you when speaking into a handset. It is generated as a result of the delays incurred within the PLMN due to speech coding decoding and signal processing. This is rarely a problem when communicating between two MSs. However, when connecting to a PSTN telephone, the signal must pass through a 4-wire to 2-wire hybrid transformer. The function of this transformer is such that some of the energy at the 4-wire receive side from the mobile is coupled back to the 4-wire transmit side and thus speech is retransmitted back to the mobile. This effect is not noticeable to the PSTN subscriber but introduces an irritating delayed echo of about 180mS to the mobile subscriber. To counter this effect, an Echo Canceller (EC) is inserted at the interface between the MSC and the PSTN. A standard EC reduces this delay by about 80mS, making it generally transparent to the mobile subscriber.

9. Call Management



SummarySummary

This section has covered the following topics:

• Mobile Originated Calls• Mobile Terminated Calls

• Intra-PLMN Call Routing

• Inter-PLMN Call Routing

• Echo Cancelling

PLMN

HLR

HMSC VVLR

VMSC

9. Call Management


Section 9 Self-Assessment Exercises

Exercise 9.1 – Mobile-Originated Calls The following exercise re-visits the situation of a mobile originated call. You will need to consider how the network determines the location of the recipient in order to route the call correctly. Mobile Originated Calls A subscriber is trying to call another user of the same network. The other user may be in the same MSC as the caller (Location Area 1) or a different MSC (Location Area 2). Add notes and arrows to the diagram below to show the call routing and signalling required to locate the user and set up the call

Caller MS

BSS MSC 1

VLR 1

BSS

BSS

Location Area 1

User MS

HLR

MSC 2

VLR 2

BSS

BSS

Location Area 2

User MS

9. Call Management




10. GSM Security


10. GSM Security _____________________________________________________________________

In a GSM PLMN, both the users and the network operator have to be protected against undesirable intrusion by third parties. To achieve this, the GSM recommendations describe three areas where security measures have been implemented. These include:

• Authorising network access (authentication) • Protecting user identity confidentiality (use of temporary identities) • Protecting user data confidentiality (use of encryption) • Protection of network signalling information

10.1 Introduction

10. GSM Security



_____________________________________________________________________

Purposes of GSM SecurityPurposes of GSM Security

Purposes of GSM Security include:

• Provision of user identity confidentiality• Use of temporary identities (TMSI)

• Protection against unauthorised access• Authentication & service request validation

• Provision of data confidentiality• Encryption (Ciphering)

• Provision of network signalling confidentiality

The capability to implement the above security measures is mandatory for both the MS and the network. However, the implementation is not e.g. ciphering can be switched off. These security measures are designed to protect data within the GSM PLMN only. Implementation of end-to-end security of user data is not specified within the GSM recommendation

_____________________________________________________________________

Subscriber identity confidentiality provides for the privacy of GSM PLMN subscribers identities by ensuring that the IMSI is not made available or disclosed without authorisation. This capability provides protection against location tracing mobile subscribers by listening to the signalling exchanges on the radio path.

Protection of a subscriber’s IMSI is achieved through the issuing of a temporary replacement ID. This is known as the subscriber’s Temporary Mobile Subscriber Identity (TMSI – pronounced ‘timsie’). This identity is allocated by the VLR when a subscriber first affiliates to the network and may be subject to change each time the subscriber re-connects to the network or when it moves between MSCs (and hence VLRs).

10.2 Purposes of GSM Security

10.3 User Identity Confidentiality

10. GSM Security


Protecting User ID ConfidentialityProtecting User ID Confidentiality

• Benefits of user ID confidentiality include:

• Ensures IMSI is not disclosed without authorisation

• Prevents location tracking using air interface data

• Prevents user ID from being extracted from signalling information

• Implemented using replacement Temporary Mobile Subscriber Identity (TMSI)

_____________________________________________________________________

Authentication is the verification that the International Mobile Subscriber identity (IMSI) provided by the mobile subscriber within the identification procedure at the radio path, is the one claimed. Its purpose is to protect the network against unauthorised access. It also provides a degree of protection for GSM subscribers by preventing intruders from impersonating authorised users. Three items of information are required for the authentication process:

Ki Key The Ki key is a ciphering key stored permanently only in the MS SIM and in the subscriber profile in the AuC RAND The RAND is a random number generated within the AuC. SRES The SRES is a ‘Signed Result’ code generated by in the AuC by passing the Ki and RAND through the A3 algorithm.

The AuC, upon request from the MSC, generates a number of security information ‘triplets’, each comprising a RAND and an SRES and a Kc key. This group of triplets is sent to and stored in the VLR associated with the MS. Each time an authorisation has been requested, a new triplet is used.

10.4 Authentication

10. GSM Security



Note: the Kc key is generated as part of the triplet but is used for encryption rather than authentication

If all triplets held in the VLR have been used, the MSC requests a new batch from the HLR/AuC using a ‘Send Authentication Info’ message. The HLR/AuC responds with this information using a ‘Send Authentication Info Ack’ message. A request for Authentication can be initiated by the MS or the network.

AuthenticationAuthentication

• Benefits of authentication include:• Prevents unauthorised network access

• Prevents illegal impersonation of legitimate subscribers

• Implemented by using an authentication procedure.

• Procedure triggered by:• A change in subscriber profile data at the HLR/VLR

• Accessing a service

• First network access after MSC/VLR restart

• Cipher key sequence number mismatch

The authentication of the GSM PLMN subscriber identity may be triggered by the network when the subscriber applies for:

• a change of subscriber-related information element in the VLR or HLR including: • some or all location updating involving change of VLR, registration or erasure of

a supplementary service • an access to a service including some or all mobile originating or terminated call

setups, • activation or deactivation of a supplementary service • first network access after restart of MSC/VLR; • in the event of cipher key sequence number mismatch.

If, on an access request to the GSM PLMN, the subscriber identity authentication procedure fails and this failure is not due to network malfunction, access to the GSM PLMN is denied to the requesting subscriber.

10. GSM Security


BSSBSS

The General Authentication ProcedureThe General Authentication Procedure

[IMSI][IMSI]

Authentication & ciphering RequestAuthentication & ciphering Request

Send Authentication infoSend Authentication info

MSMS MSCMSC HLRHLR

Send Authentication info Send Authentication info AckAck

[IMSI, [IMSI, Triplet(RANDTriplet(RAND, SRES, SRES1 1 KKcc)])]

Authentication & ciphering ResponseAuthentication & ciphering Response

[RAND][RAND]

[SRES[SRES 22]]

A3 A3

KiKi KiKiRANDRAND

==

SRESSRES11/RAND/RAND

MSMS HLR/HLR/AuCAuC[IMSI][IMSI]

Access RequestAccess Request

AuCAuC

MSCMSC

RANDRAND

SRESSRES11SRESSRES22

SRESSRES22

SRESSRES11

The Authentication Process The authentication process is shown in the previous diagram and described below: STEP 1 The subscriber requests network access by sending its IMSI/TMSI to the MSC STEP 2 The MSC checks to see if its VLR holds a valid unused triplet required authentication. If not, new pairs are requested from the AuC. The MSC then sends the RAND component of the pair to the MS using an ‘Authentication and Ciphering Request’ message. STEP 3 Using its own Ki and the RAND sent from the MSC, the MS creates its own SRES and sends it to the MSC using an ‘Authentication and Ciphering Response’ message. STEP 4 The MSC compares its self-generated SRES with that received from the MS. If they are identical, the user is authenticated and access is granted to the network.

10. GSM Security



_____________________________________________________________________

The purpose of user data encryption is to ensure the confidentiality and privacy of user data on physical connections by preventing its availability or disclosed to unauthorised individuals, entities or processes. Encryption will normally be applied to all voice and non-voice communications. Although a standard algorithm (A5) will normally be employed, it is permissible for the mobile station and/or PLMN infrastructure to support more than one algorithm. In this case, the infrastructure is responsible for deciding which algorithm to use (including the possibility not to use encryption, in which case confidentiality is not applied). When encryption is requested, the MS signals to the network indicating which of up to seven ciphering algorithms it supports (see GSM 02.07). The serving network then selects one of these and signals this to the MS. The selected algorithm is then used by the MS and network.

User Data EncryptionUser Data Encryption

• Benefits of user data encryption include:• Provides confidentiality for user data across air interface

• Selection from seven encryption algorithms

• Capability is mandatory for MS and network• Implementation is optional• Does not provide for end-to-end encryption

Ciphering Key Sequence Number (CKSN) In order to allow ciphering to commence on a RR connection without authentication (for example after an MSC failure) ciphering key sequence numbers are used. The sequence number is managed by the network in the way that the AUTHENTICATION REQUEST message contains the sequence number allocated to the key which may be computed from the RAND parameter carried in that message.

10.5 User Data Confidentiality – Encryption

10. GSM Security


The Mobile Station stores this number with the key, and indicates to the network in the first message (LOCATION UPDATING REQUEST, CM SERVICE REQUEST, PAGING RESPONSE, CM REESTABLISHMENT REQUEST) which sequence number the stored key has. When the deletion of the sequence number is described this also means that the associated key shall be considered as invalid. In certain circumstances, the network can start ciphering with the stored key if the CKSN associated with that key is the same as CKSN stored with the key in the MS.

General Encryption Procedure

The General GSM Encryption ProcedureThe General GSM Encryption Procedure

A8 A8

KiKi KiKiRANDRAND

KcKc

KcKc

MSMS BTSBTS

A5 A5

DataDataDataData

Encrypted DataEncrypted Data

MSCMSC AuCAuC

KcKc

The authentication process is shown in the previous diagram and described below: STEP 1 – Determining the A5 Algorithm Assuming authentication has already taken place, when an MS wishes to establish an encrypted connection to the network, the A5 algorithm is first negotiated on the DCCH channel in accordance with the following priorities:

1. If the MS and the network have no common versions of the A5 algorithm and the network and/or MS is not prepared to use an unencrypted connection, then the connection is released.

2. If the MS and the network have at least one version of the A5 algorithm in common, then the network selects one of the mutually acceptable versions for use on that connection.

3. If the MS and the network have no common versions of the A5 algorithm and the network is willing to use an unencrypted connection, then an unencrypted connection is established.

STEP 2 – Kc Key Generation Using the Ki key, unique to each MS, and the RAND generated by the AuC, the Kc is generated at both the MS and AuC. The AuC Kc key is passed to the MSC/VLR along with the RAND and SRES as part of each Triplet.

10. GSM Security



STEP 3 – Transition to Cipher Mode Encrypted data is produced by passing the Kc key and the clear user data through the A5 algorithm, stored in both the MS and BSS. The transition from clear mode to ciphered mode proceeds as follows:

• deciphering starts in the BSS, which sends a clear text ‘Start Cipher’ message to the MS

• Once this message has been received correctly, both the enciphering and deciphering start on the MS side.

• Enciphering on the BSS side starts as soon as synchronisation has been achieved and an encrypted MS-generated frame or a message has been correctly deciphered at the BSS

When a TCH is allocated for user data transmission, the key used for TCH encryption is the one set during the preceding DCCH session (Call Set-up). The enciphering and deciphering processes start immediately. Handover Requirements When a handover occurs, the necessary information (e.g. key Kc, initialisation data) is transmitted within the system infrastructure to enable the communication to proceed from the old BSS to the new one, and the Synchronisation procedure is resumed. The key Kc remains unchanged at handover.

_____________________________________________________________________

Signalling Data EncryptionSignalling Data Encryption

• Signalling data encryption provides confidentiality for user identities across air interface

• Applied to selected fields of signalling messages including:

• International Mobile Equipment Identity (IMEI)

• International Mobile Subscriber Identity (IMSI)

• Calling subscriber directory number (mobile terminating calls)

• Called subscriber directory number (mobile originated calls)

• These fields are not protected on initial connection

• Does not provide for end-to-end encryption

10.6 Signalling Data Confidentiality – Encryption

10. GSM Security


The purpose of signalling data encryption is to ensure the confidentiality of user-related signalling data which is exchanged between MSs and BTSs by preventing its availability or disclosed to unauthorised individuals, entities or processes.

When used, this feature applies on selected fields of signalling messages which are exchanged between MSs and BTSs base stations. The following signalling information elements related to the user are protected whenever used after initial connection establishment:

• International Mobile Equipment Identity (IMEI). • International Mobile Subscriber Identity (IMSI). • Calling subscriber directory number (mobile terminating calls). • Called subscriber directory number (mobile originated calls).

Note that on initial connection establishment, the signalling information elements (protocol discriminator, connection reference, message type and MS identities IMSI, TMSI or IMEI) are not protected.

This section has covered the following aspects of GSM security:

• User Identity Confidentiality• Authentication • User Data Confidentiality• Signalling data Confidentiality

SummarySummary

A3 A3

KiKi KiKiRANDRAND

==

SRESSRES11/RAND/RAND

MSMS HLR/HLR/AuCAuC

MSCMSC

RANDRAND

SRESSRES11SRESSRES22

SRESSRES22

SRESSRES11

10. GSM Security




10. GSM Security


Section 10 Self-Assessment Exercises

Exercise 10.1 – Encryption Explain the purpose of the following:

1. Ki Key 2. Kc Key 3. RAND 4. SRES 5. A3 Algorithm 6. A5 Algorithm. 7. A8 Algorithm.

10. GSM Security




11 Billing Procedures Overview


11. Billing Procedures Overview _____________________________________________________________________ 11.1 Introduction

Call and event data from the MSCs, BSSs and location registers (HLR/VLR) is required for a number of network management activities including, but not limited to, the following:

• the billing of home subscribers, either directly or via service providers, for network utilisation charges;

• the settlement of accounts for traffic carried or services performed by fixed network and other operators;

• the settlement of accounts with other PLMNs for roaming traffic via the transferred account procedure;

• statistical analysis of service usage; • as historical evidence in dealing with customer service and billing complaints;

The call and event data collected from the network elements is employed to determine the network utilisation charges for the basic and supplementary services utilised by the home subscribers of the PLMN. The charges calculated are then combined with the network access (subscription) charges and billed to those customers directly serviced by the PLMN.




_____________________________________________________________________ 11.2 Billing Principles

Billing PrinciplesBilling Principles

• The GSM Specification for billing assumes the following principles:

• For MO calls, caller pays for connection to dialled number (caller does NOT pay for call-forward element)

• For MT calls the called party pays for call-forward part of connection

• For MT calls, the called party pays for any roaming extension part of the connection

• Charge rates can be based on one or a combination of:• duration, location, destination, service, time of day, type of day,

In deriving this specification the following principles are assumed: 1. For mobile originated calls, the mobile user pays for the connection to the dialled number, as per the published tariff of the Local PLMN, plus a mark-up defined by the HPLMN to cover additional administration costs, when roaming. It is assumed that the MS subscriber will NOT be charged for the forwarded leg if the dialled number has set call forwarding. If additional charging is required for this forwarded leg, then it is assumed that such charging will be applied only to the called party. 2. For mobile terminated calls, any charge set for incoming calls is that based on the tariff as published by the HPLMN. The tariff as published for the roaming extension charges is assumed to be time and date invariant. 3. Charge rates for calls originating within a PLMN vary depending upon, for example, location, destination, service, time of day, type of day and any mark ups.

_____________________________________________________________________ 11.3 Description of Call Components

In order to retain the flexibility to cater for differing subscriber profiles, every call connection can be divided into five different call components: • Originating call component • Terminating call component • Roaming Call Component • Call Forwarding call component (call-forwarding call only) • Transit call component (land-land calls only)



Call ComponentsCall Components

• Five basic call components:

• Originating call component

• Terminating call component

• Roaming call components

• Call Forward call component

• Transit call component

Originating Call Component The originating call component is from the originating subscriber to the destination region (defined by dialling code). The operator generally charges this component to the originating subscriber. Terminating Call Component The terminating call component is from the destination MSC/VLR to the destination MS i.e. an MS roaming into a different PLMN. It can be recorded separately and this component can be charged to either the originating or terminating subscriber.

Call ComponentsCall Components

MSC2

HPLMN1

Originating CC

GMSC1

VPLMN2

GMSC2

Terminating CC

GMSC3

VPLMN3

MSC3

Call Forward

Call Forward CC

PSTN

Transit CC

Roaming CC




Roaming Call Component If the terminating subscriber roams outside the original destination PLMN, this component is also recorded separately and is generally charged to the terminating subscriber as the originating subscriber has no control over the terminating subscriber’s movements. Call Forwarding Call Component (call-forwarding call only) If the terminating subscriber has implemented call forward, this component is recorded separately and is generally charged to the terminating subscriber. Transit call component (land-land calls only) If calls are set up over extended geographical distance, it may be necessary to record the intermediary transit network call component.

_____________________________________________________________________ 11.4 Charge Advice Information (CAI)

Charge Advice Information (CAI)Charge Advice Information (CAI)

• CAI supplied to MS by the network

• Enables MS to calculate Advice of Charge (AOC) data• Comprises all or a combination of the following

parameters:• e1 – Units per interval

• e2 – Seconds per time interval

• e3 – Scaling factor

• e4 – Unit increment

• e5 – Units per data interval

• e6 – Segments per data interval• e7 – Initial seconds per interval

On every successful request for an applicable telecommunications service, the network supplies the MS with Charge Advice Information (CAI) in the form of signalling information. This information enables the MS to calculate the units associated with the requested service in real time in the form of an Advice of Charge (AOC) value. Any change in the charging rate during a call may be indicated to the mobile station. The CAI provides charging information, indicates the charging point and initiates the timing of the chargeable duration. The CAI information sent to the MS from the MSC consists of seven elements, however it need only contain those elements required for the particular situation. If elements are missing from the initial CAI message of a call, they shall be treated as zero. The seven elements are as follows: Element e1 - This element defines the number of units incremented per interval. It is set in terms of LPLMN units/interval to a resolution as defined in the table above under RES.



Element e2 - This element defines the time interval for unitization, and is specified in seconds, to a resolution as defined in the table above under RES. Element e3 - This element defines the scaling factor to convert from LPLMN units to HPLMN units. It is a dimensionless multiplier given to a resolution as defined in the table above under RES. Element e4 - This element defines the number of units to be incremented on receipt of the message containing the CAI elements. It is specified in units of the LPLMN to a resolution as defined in the table above under RES. Element e5 - This element defines the number of units incremented per data interval. It is set in terms of LPLMN units/interval, to a resolution as defined in the table above under RES. Element e6 - This element defines the data usage interval for unitization, and is specified in segments (SEG), to a resolution as defined in the table above under RES., for Dedicated Access to the PSPDN (whether directly or via Dedicated PAD). It does not apply to circuit switched access to modems or PADs, (except Dedicated PAD's) or MS to MS calls. Element e7 - This element defines the initial time interval for unitization, and is specified in seconds, to a resolution as defined in the table above under RES.

_____________________________________________________________________11.5 Advice of Charge (AoC) Calculations

Advice of Charge (AOC) enables an MS to calculate and indicate the cost of a call in home units as a basic service. The MS is informed of the charging rate at the ‘charging point’ i.e the point at which the charging begins. The MAS then uses its internal Chargeable Duration (CDUR) clock to time the call from the charging point to the end of the call By using the AoC calculations the MS is able to derive the number of home units used. Due to the independence of the calculated value, an exact one-to-one relation with the bill cannot be guaranteed. This discrepancy is due to the short delays in signalling between the MS and the network, e.g. transmission of charging point and end of call signals.

On receipt of the CAI message, charging computation commences. The following describes the process for a simple single call scenario, for either an incoming or outgoing call for the MS in any PLMN, including HPLMN.




Advice of charge (Advice of charge (AoCAoC))

• Calculated by MS based on CAI supplied by network

• AoC calculated using the equation:

AoC = e3 x { e4 + e1xINT(CDUR/(e7,e2)) + e5xINT(SEG/e6) }

= scaling x {constant + time related + data related }

Where: CDUR = Chargeable DURation counter (as measured by MS)SEG = SEGment counter (as counted by MS)

INITIAL/FIXED CHARGE: Element e4*e3 defines the number of HPLMN units to be incremented in a Current Call Meter (CCM) on receipt of the CAI message. INITIAL TIME-RELATED CHARGE: On first receipt of the CAI message, timing commences immediately and MS timer CDUR is incremented from zero, with a precision of at least 0.1 seconds. When CDUR reaches e7 i.e. a full interval has been timed, then e1*e3 HPLMN units are added to the CCM. The CDUR is then reset to zero to allow timing of the next interval to commence based on CAI element e2. e7 is not used further, unless it is updated via a new CAI message. TIME-RELATED CHARGE: On expiry of the interval defined by e7; e2 is applied and timing re-commences immediately. The MS timer CDUR is incremented from zero, with a precision of at least 0.1 seconds. When CDUR reaches e2 i.e. a full interval has been timed, then e1*e3 HPLMN units are added to the CCM. The CDUR is then reset to zero to allow timing of the next interval to commence, based on e2. DATA-RELATED CHARGE: On first receipt of non-zero element e6, data segment counting commences immediately and the MS counter SEG is incremented from zero, by unity for each segment transferred. When SEG reaches e6 i.e. a full data interval has been counted, then e5*e3 HPLMN units are added to the CCM. SEG is then reset to zero to allow counting of the next data interval to commence.



_____________________________________________________________________ 11.6 Call Detail Records (CDRs)

Call Detail Records (Call Detail Records (CDRsCDRs))

• Each call within the PLMN creates a call record

• This record is generated by the MSC/GMSC originating the call

• The record in known as a ‘Call Detail Record’ (CDR)

• CDRs contain the following information:

• Subscriber Identity• Number called

• Call Length

• Route of call

Note that the MSC which originates the call keeps control of it throughout subsequent handovers in order to maintain the CDRs.

Call Charge Outline ProcedureCall Charge Outline Procedure• Network supplies originating MS with CAI details• MS calculates AOC record using CAI details• This record acts as a ‘toll ticket’ which tracks the call on its route through

various networks• Each call component can generate a separate CDR• The record passes along the backbone to the home network• Billing computer generates bills based on cumulative CDRs• HPLMN collects the charges• HPLM reimburses VPLMN using TAPs in accordance with roaming

agreement

PSTN/ISDN

CDR

MSC MSCCDR

CDR




• When a call is in initiated, the network supplies the MS with the necessary Charge Advice Information (CAI)

• The MS uses the CAI to calculate the Advice of Charge (AOC) for the current call and

the cumulative charge for all previous calls

• This record acts as a ‘toll ticket’ which tracks the call on its route through various networks

• The record passes along the backbone to the home network (HPLMN)

• Billing computer generates bills to be sent to the user

• Under international agreements, the HPLMN collects the charges

• Payment due to VPLMNs is settled by transfer of monies

_____________________________________________________________________ 11.7 The Transferred Account Procedure (TAP)

The Transferred Account Procedure (TAP) is the mechanism by which operators exchange roaming billing information. This is how roaming partners are able to bill each other for the use of networks and services through a standard process.

Transferred Account Procedure (TAP)Transferred Account Procedure (TAP)

• GSM Association-defined protocol for interchange of billing data between different network operators

• Initially defined by the Transferred Account Data Interchange Group (TADIG) in 1989.

• First TAP standard implemented in 1996

• Currently version is TAP3, launched in June 2000

• Latest update is V3.9 dated 30th November 2001



Much of the traffic carried by a GSM PLMN either originates, or terminates in another network. The operator of the local fixed network charges the wireless operator for each call that terminates at one of its fixed subscribers. Likewise, the GSM operator will charge the fixed operator for each call made to a mobile number from a fixed line. Therefore GSM network operators and their local fixed counterparts usually negotiate an interconnect agreement to make charging as simple as possible. Other fixed international operators have normally already negotiated similar agreements amongst themselves. EXAMPLE OF USING TAPS Therefore, in order to place a call from a German PLMN to a Canadian fixed phone, it is not necessary for the German PLMN operator to negotiate a price with a Canadian fixed network operator. The German PLMN operator negotiates a price with the German fixed network operator. The German fixed network operator then negotiates a price with the Canadian fixed network operator. So, the German fixed network operator passes this call cost back to the German PLMN. This means that the German PLMN has to recoup the cost of the call from its subscribers either directly (retail billing), or via the appropriate Service Provider (wholesale billing). This form of accounting covers the division of revenue between both fixed and mobile networks. However, it does not cover the costs incurred by foreign subscribers whilst roaming in other networks. Consider the case of a French subscriber calling a Canadian fixed phone from within a German network. The German fixed network will still charge the German PLMN for the leg of the call placed to the Canadian number. In this case, the German PLMN does not receive any revenue from its own subscriber. In order to recoup the costs incurred by the call, the German PLMN must charge the home mobile network operator, here the French PLMN, to cover the costs incurred by the French mobile subscriber. It is this type of inter-PLMN accounting for which TAP was designed. The details of the calls made by a subscriber roaming in a visited network (VPLMN) are recorded by the serving MSC. Each call produces one or more Call Detail Records (CDRs). Although ETSI provides a standard CDR format (GSM-12.05) many switch vendors use proprietary formats. The CDRs produced by the MSC are transferred on a regular basis to the billing system of the VPLMN for pricing or rating. Those call records produced on behalf of roaming subscribers, will be converted and grouped in files under the TAP format. The TAP files are generated and sent, at the latest, 36 hours from call end time. This means that operators can send 1 or many TAP files per day. TAP files contain rated call information according to the operator's Inter Operator Tariff (IOT), plus any bilaterally agreed arrangements or discounting schemes. The transfer of TAP records between the visited and the home mobile networks may be performed directly, or more commonly, via a Clearinghouse. Invoicing between the operators then normally happens once per month. On reception by the HPLMN, the TAP record is converted into an internal format and added together with any call records produced by the subscriber whilst within the home network. If a service provider serves the subscriber then the records will form the basis of the wholesale billing between the HPLMN and that Service Provider. On receipt of the information from the HPLMN, the Service Provider may re-rate the calls according to its own tariff plans and produce an itemised bill, including call detail, for the subscriber.




SummarySummary

This section has covered the following billing topics:

• Billing Principles

• Description of Call Components• Charge Advice Information (CAI)

• Advice of Charge (AoC) Calculation

• Call Detail Records (CDRs)

• The Transferred Account Procedure (TAP)

PSTN/ISDN

CDR

MSC MSC

CDR

CDR

12. GSM Evolution


12. GSM Evolution

_____________________________________________________________________

This final section of the course looks briefly at the developments within GSM that are leading towards third generation technology and the high data rates which this is intended to offer. These technologies are collectively known as 2.5 or 2 ½ Generation GSM technologies and include:

• High Speed Circuit-Switched Data (HSCSD) • General Packet Radio Service (GPRS) • Enhanced Data for GSM Evolution (EDGE)

2.5 Generation GSM2.5 Generation GSM

Circuit Switched

Packet Switched

22ndnd GenerationGeneration

33rdrd GenerationGeneration

2.5 Gene

ration

2.5 Gene

ration

CSD

GPRS

HSCSD

ECSD

UMTS

14.4 kb/s

21.4 kb/s

69.2 kb/s

384 kb/s 2 Mb/s

EGPRSEDGEEDGE

SMS

CSD9.6 kb/s

38.8 kb/s

• Evolution of GSM towards 3G systems

• Main requirement is for increased data rates

• Mobile access to:• Internet

• E-mail

• Corporate networks

12.1 Introduction

12. GSM Evolution



_____________________________________________________________________

The main new concept in HSCSD is that of multiple timeslots per handset. Current handsets are limited practically to a maximum of 4 timeslots.

`

HSCSDHSCSD

• Increases bit rate for GSM by a mainly software upgrade

• Uses multiple GSM channel coding schemes to give 4.8 kb/s, 9.6 kb/s or 14.4 kb/s per timeslot

• Multiple timeslots for a connectione.g. using two timeslots gives data rates up to 28.8 kb/s

• Timeslots may be symmetrical or asymmetrical, e.g. two downlink, one uplink, giving 28.8 kb/s downloads but 14.4 kb/s uploads.

Maximum data rate quoted as Maximum data rate quoted as 115 kb/s = 14.4 x 8115 kb/s = 14.4 x 8

HSCSD Mobile EquipmentHSCSD Mobile Equipment

• HSCSD handsets are typically limited to 4 timeslots, allowing:

• 2 up / 2 down (28.8 kb/s in both directions)• 3 down and 1 up (43.2 kb/s down 14.4 kb/s up)

• This limitation arises because the handset operates in half duplex and needs time to change between transmit and receive modes

• Nokia cardphone (PCMCIA card for laptops) uses HSCSD (Orange network) - quotes data downloads at 28.8 kb/s

12.2 HSCSD

12. GSM Evolution


_____________________________________________________________________

GPRSGPRS

• General Packet Radio Service

• Packet switching:• Data divided into packets

• Packets travel through network individually

• Connection only exists while packet is transferred from one node to next

• When packet has passed a node, the network resources become available for another packet

• User sees an ‘always on’ virtual connection through the network

Data packet

PCU Circuit/Packet Data SeparationPCU Circuit/Packet Data Separation

BTS BSC PCU

VisitedMSC/VLR

Serving GSN

GatewayMSC

GatewayGSN

HLR

Circuit Switched

Packet Switched

PSTNPSTN

PDNPDN

A

Gb

12.3 GPRS

12. GSM Evolution



GPRS Air InterfaceGPRS Air Interface

• New ‘Packet’ logical channels defined - PBCCH, PDTCH etc.

• New multiframe structure based on ‘radio blocks’ of 4 timeslots• Allows up to 8 mobiles to share a timeslot

• For high data rates, several physical channels may be allocated to one user

• 4 levels of channel coding schemes (CS-1 to CS-4):• Decreasing level of error checking

• Greater data throughput rates

• Scheme selected according to interference level (C/I)

Dat

a th

roug

hput

C/I

CS-1

CS-2

CS-3

CS-4

Using Spare GSM Capacity Using Spare GSM Capacity

Timeslots

TimeTime

Tim

eslo

ts

Circuit Switched Demand

Availablefor GPRS

Availablefor GPRS

Maximum Capacity

0 24

Tim

eslo

t U

sag

e

Time (hours)

• GPRS can use traffic capacity on the GSM network away from the busy hour for non time critical data transfers

• Even during the busy hour, there is spare capacity that GPRS can make use of:

• Voice calls start and finish at random times, leaving short periods when channels are unused

• Packets of data can be sent when these channels become available -dynamic allocation

12. GSM Evolution


Charging for GPRS ServicesCharging for GPRS Services

• GPRS allows the user to be ‘always connected’ - charging by time is not appropriate

• Some possible methods of charging are:• By volume of data transferred

• Flat rate for Internet access

• By Quality of Service

• For content - operator may provide own pages (value added services)

• Quality of Service parameters:

• Service Precedence (priority)

• Reliability

• Delay

• Throughput

Internet

£

££

£

£

_____________________________________________________________________

EDGEEDGE

• Enhanced Data rates for GSM Evolution• Use 8 Phase-Shift Keying (8PSK) modulation

- 3 bits per symbol

• Improved link control allows the system to adapt to variable channel quality - leads to slightly reduced coverage area

• Applied to GSM, EDGE allows a maximum data rate of 48 kb/s per timeslot, giving the quoted figure of 384 kb/s per carrier (8 timeslots)

• EDGE can be applied to HSCSD (ECSD) and GPRS (EGPRS)

• EDGE will be expensive for operators to implement:• Each base station will require a new EDGE transceiver

• Abis interface between BTS and BSC must be upgraded

(0,0,0)

(0,0,1)

(0,1,1)

(0,1,0)

(1,1,0)

(1,1,1)

(1,0,1)

(1,0,0)

12.4 EDGE

aircom gsm training manual

Education

gsm services

gsm protocols overview

gsm development

gsm identifiers

gsm interfaces

gsm transmission protocols

gsm signalling protocols

gsm bearer services