GSM

1

GSM

Mohamed Mokdad

Ecole d’Ingénieurs de Bienne

2

Agenda

• GSM– Architecture, Interface, …

• Enhancements– HSCSD– GPRS

• SIM– Architecture– Protocoles

3

Why GSM in 1982?

• Good subjective speech quality • Low terminal and service cost • Support for international roaming • Ability to support handheld terminals • Support for range of new services and

facilities • Spectral efficiency • ISDN compatibility

4

Phased GSM Approach 1

• GSM Phase 1 features – Call Forwarding – All Calls – No Answer – Engaged – Unreachable – Call Barring

• Outgoing - Bar certain outgoing calls (e.g. ISD) • Incoming - Bar certain incoming calls (Useful if in another

country) – Global roaming - Visit any other country with GSM and a

roaming agreement and use your phone and existing number

5

Phased GSM Approach 2• GSM Phase 2 features

– SMS - Short Message Service - Allows you to send text messages too and from phones

– Multi Party Calling - Talk to five other parties as well as yourself at the same time

– Call Holding - Place a call on Hold – Call Waiting - Notifies you of another call whilst on a call – Mobile Data Services - Allows handsets to communicate with computers – Mobile Fax Service - Allows handsets to send, retrieve and receive

faxes – Calling Line Identity Service - This facility allows you to see the

telephone number of the incoming caller on our handset before answering

– Advice of Charge - Allows you to keep track of call costs – Cell Broadcast - Allows you to subscribe to local news channels – Mobile Terminating Fax - Another number you are issued with that

receives faxes that you can then download to the nearest fax machine.

6

Phased GSM Approach 3

• GSM Phase 2 + features– Available by 1998 – Upgrade and improvements to existing services – Majority of the upgrade concerns data transmission, including

bearer services and packet switched data at 64 kbps and above – DECT access to GSM – PMR/Public Access Mobile Radio (PAMR)-like capabilities – GSM in the local loop – Virtual Private Networks – Packet Radio – SIM enhancements – Premium rate services (e.g. Stock prices sent to your phone)

7

01 02 03 04 05 06 07 08 09 10 11

Req

uir

em

ents

CO

DE

Cs

Ser

vice

asp

ects

Tec

hn

ical

rea

liza

tio

n

Sig

nal

lin

g p

roto

cols

(u

ser

eq

uip

men

t to

net

wo

rk)

Rad

io a

sp

ects

Dat

a

Sig

nal

lin

g p

roto

cols

(R

SS

-CN

)

Sig

nal

lin

g p

roto

cols

(in

tra-

fixe

d-n

etw

ork

)

Pro

gra

mm

e m

ana

gem

ent

Use

r Id

enti

ty M

od

ule

(S

IM /

US

IM)

GSM & UMTS numbering

8

Phased GSM Approach 3

• GSM-R– Future Railway control platform

• UMTS– In the context of IMT 2000 families– Releases 4, 5 and 6– Each release is a complete set

and a system can be build on it

9

GSM Evolution review

10

Reference Configuration

ISDN/PSTN

11

Cellular System

• The geographic area is divided into cells

• Each cell has a Base Station managing the communications

• A set of cells managed by a single MSC is called Location Area

Base Station

VLRMSC

VLR MSC

HLR

MSC Mobile Switching Center

VLR Visitor Location Register

HLR Home Location Register

land link

land link

Radio link

12

GSM Architecture

Databases

Switches

Radio Systems

BTS

BSC

MS

MSC MSC GMSC SSP

PSTN

BSS

BSS

HLRVLR VLREIR

SSP

AuC

NSS

PLMN

NSS Network and Switching

Subsystem

EIR Equipment Identity Register

AuC Authentication Center

GMSC Gateway MSC

BSS Base Station System

BSC Base Station Controller

BTS Base Transceiver Station

MS Mobile Station

SSP Service Switching Point

13

The GSM Interfaces 1

BS/MSCMT0

BS/MSCMT1TE1

BS/MSCMT1TATE2

BS/MSCMT2TE2

UmSR

14

The GSM Interfaces 2

+ B, C, D, E, F, G, H et I to HLR, VLR, MCS, …

15

The GSM Interfaces 3

16

GSM Radio Interface

• Spectrum– 900 MHz (and 1800 MHz)

• 890-915 MHz Uplink - 935-960 MHz Downlink

• FDMA– 124 carriers under 900 MHz

• TDMA– 8 Time Slots per carrier

• 1 (physical) channel per Time Slot– 1 channel = 1 communication = 15/26 ms

17

GSM Radio Interface bis

0 1 2 3 4 5 6 7

0 1 2 3 4 5 6 7

0 1 2 3 4 5 6 7

0 1 2 3 4 5 6 7

0 1 2 3 4 5 6 7

0

1

3

122

123

18

E.g. 2G Mobile telephony Spectrum

19

Channels: Logical & Physical

USER

CHANNELS

USER

CHANNELS

CONTROL

ENTITIES

CONTROL

ENTITIES

MAPPING

MAPPING

LOGICALCHANNELS

Traffic= TCH (Bm or Lm)

Control andSignalling

= CCH (Dm)

LOGICALCHANNELS

Traffic= TCH (Bm or Lm)

Control andSignalling

= CCH (Dm)

(Air interface)

PHYSICALRESOURCE

Frequency(RF Channels)

Time(Timeslots)

L A N D N E T W O R K M O B I L E

PHYSICALCHANNELS

( Timslotnumber,

TDMA framesequence

RF Channelsequence )

PHYSICALCHANNELS

( Timslotnumber,

TDMA framesequence

RF Channelsequence )

20

Les canaux GSM

21

Logical control channelsBroadcast Control CHannel (BCCH)

downlink only, used to broadcast Cell specific information;Synchronization CHannel (SCH)

downlink only, used to broadcast synchronization and BSS identification information;

Paging CHannel (PCH)downlink only, used to send page requests to Mobile Stations;

Random Access CHannel (RACH)uplink only, used to request a Dedicated Control CHannel;

Access Grant CHannel (AGCH)downlink only, used to allocate a Dedicated Control CHANNEL;

Stand Alone Dedicated Control CHannel (SDCCH)bi‑directional;

Fast Associated Control CHannel (FACCH)bi‑directional, associated with a Traffic CHannel;

Slow Associated Control CHannel (SACCH)bi‑directional, associated with a SDCCH or a Traffic CHannel;

Cell Broadcast CHannel (CBCH)downlink only used for general (not point to point) short message information.

22

GSM Frames

• Hyperframes– i.e. 2048 Superframes

• Superframes– 1326 frames:– i.e. 51 x 26 Multiframes for signalling– i.e. 26 x 51 Multiframes for traffic

• Multiframes– i.e 51 TDMA frames for signalling channels– i.e. 24 TDMA frames for traffic channels + 2

23

24

Speech Coding

25

GSM Speech Coding

• 8 bit samples–i.e. 256 values

• @ 8 kHz sampling rate• Implies 64 kbps

– i.e. Normal ISDN

• Then Compressed– i.e. 13 kbps FR (Full Rate Coding)

26

GSM Speech Coding

27

GSM Layers

• Layer 1– Enables physical transmission (TDMA, FDMA, etc.)– Assessment of channel quality

• Layer 2– Multiplexing of 1 or more layer 2 connections– Routing, flow control, a.o.

• Layer 3– Connection management (air interface)– Management of location data– Subscriber identification

28

Layer 3

• Radio resource management– Cell Selection, Handover, etc.

• Mobility management– Authentication, Location management, etc.

• Connection management

• Call control

• Supplementary service support

• Short message service support

29

System overview

• Logical control channels– BCCH, SCH, …

• Sub Layers– Sublayer resource management– Sublayer mobility management and – Sublayer connection management

• Procedures

• Messages format

30

Sublayers in layer 3

• Sublayer radio resource mgmt - RR– Radio Resource management procedures – Establish, maintain & release R connections– Cell selection/reselection and the handover

• Sublayer mobility management - MM– Management of the radio interface (Um)– In cooperation with RR

• Sublayer connection management - CC– Call control (CC) protocol

31

+ sublayers layers

• Supplementary Services - SS– …

• Short Message Service - SMS – …

• SIM manager - SIM – …

32

Sublayer RR

• Idle mode– MS available ready for signalling (e.g. paging)– BSS sends system information (e.g. cell info)

• Establishment & release of RR connection – Physical point‑to‑point bi‑directional– RR connection transfer

• RR connected mode– Automatic cell reselection – Indication of temporary unavailability

33

RR Messages

• Channel establishment messages:• ADDITIONAL ASSIGNMENT• IMMEDIATE ASSIGNMENT• IMMEDIATE ASSIGNMENT

EXTENDED• IMMEDIATE ASSIGNMENT REJECT

• Handover messages:• ASSIGNMENT COMMAND• ASSIGNMENT COMPLETE• ASSIGNMENT FAILURE• HANDOVER ACCESS• HANDOVER COMMAND• HANDOVER COMPLETE• HANDOVER FAILURE• PHYSICAL INFORMATION

• Ciphering messages:• CIPHERING MODE COMMAND• CIPHERING MODE COMPLETE• Channel release messages:• CHANNEL RELEASE• PARTIAL RELEASE• PARTIAL RELEASE COMPLETE

• Paging messages:• PAGING REQUEST TYPE 1• PAGING REQUEST TYPE 2• PAGING REQUEST TYPE 3• PAGING RESPONSE

34

Sublayer MM

• MM common procedures – TMSI reallocation procedure– Temporary Mobile Subscriber Identity

• MM specific procedures– IMSI attach procedure – International Mobile Subscriber Identity– Location updating– Authentication, Ciphering

35

MM Messages

• Registration messages:• IMSI DETACH INDICATION• LOCATION UPDATING ACCEPT• LOCATION UPDATING REJECT• LOCATION UPDATING REQUEST

• Security messages:• AUTHENTICATION REJECT• AUTHENTICATION REQUEST• AUTHENTICATION RESPONSE• IDENTITY REQUEST• IDENTITY RESPONSE• TMSI REALLOCATION COMMAND• TMSI REALLOCATION COMPLETE

• Connection management messages:• CM SERVICE ACCEPT• CM SERVICE REJECT• CM SERVICE ABORT• CM SERVICE REQUEST• CM RE-ESTABLISHMENT REQUEST• ABORT

• Miscellaneous message:• MM STATUS

36

Sublayer CC

• Call establishment procedures – From MS or Network

• Signalling procedures during active state – Notifications & connection rearrangement

• Call clearing– Call release

• Miscellaneous procedures– In‑band tones and announcements

37

CC messages

• Call establishment messages:• ALERTING• CALL CONFIRMED• CALL PROCEEDING• CONNECT• CONNECT ACKNOWLEDGE• EMERGENCY SETUP• PROGRESS• SETUP

• Call information phase messages:• MODIFY• MODIFY COMPLETE• MODIFY REJECT• USER INFORMATION• Call clearing messages:• DISCONNECT• RELEASE• RELEASE COMPLETE

• Messages for supplementary service control• FACILITY• HOLD• HOLD ACKNOWLEDGE• HOLD REJECT• RETRIEVE• RETRIEVE ACKNOWLEDGE• RETRIEVE REJECT

• Miscellaneous messages:• CONGESTION CONTROL• NOTIFY• START DTMF• START DTMF ACKNOWLEDGE• START DTMF REJECT• STATUS• STATUS ENQUIRY• STOP DTMF• STOP DTMF ACKNOWLEDGE

38

E.g. the IEs in AlertingIEI Information element Type / Reference Presence Format Length

Call control Protocol discriminator M V ½protocol discriminator (RR, MM, CM)

Transaction identifier Transaction identifier M V ½(Voir norme)

Alerting Message type M V 1message type (Ciphering, Handover)

1C Facility Facility O TLV 2‑?10.5.4.15

1E Progress indicator Progress indicator O TLV 410.5.4.21

7E User‑user User‑user O TLV 3‑3510.5.4.25

39

Some indications• Protocol discriminator

– 0 0 1 1 Call Control; call related SS messages– 0 1 0 1 Mobility Management messages– 0 1 1 0 Radio Resource management messages

• Presence– Mandatory– Optional

• Format– T Type only– V Value only– TV Type and Value– LV Length and Value

– TLV Type, Length and Value

40

CC IEs• 0 : : : : : : : : : Type 3 & 4 info elements • 0 0 0 0 1 0 0 Bearer capability • 0 0 0 1 0 0 0 Cause • 0 0 1 0 1 0 0 Note • 0 0 1 0 1 0 1 Call Control Capabilities • 0 0 1 1 1 0 0 Facility • 0 0 1 1 1 1 0 Progress indicator • 0 1 0 1 1 0 0 Keypad facility • 0 1 1 0 1 0 0 Signal • 1 0 0 1 1 0 0 Connected number • 1 0 0 1 1 0 1 Connected subaddress • 1 0 1 1 1 0 1 Calling party subad • 1 0 1 1 1 1 0 Called party BCD number • 1 1 0 1 1 0 1 Called party subad • 1 1 1 1 1 0 0 Low layer compatibility • 1 1 1 1 1 0 1 High layer compatibility• 1 1 1 1 1 1 0 User-user • 1 1 1 1 1 1 1 SS version indicator

41

Capability IEs

• Bearer capability– Synchronous – V.110, X.30

• Low layer compatibility– Unrestricted digital information transfer– 3.1 kHz audio

• High layer compatibility– Telephony– Facsimile G2/G3

42

Incoming GSM Call

2

43

Where is the cellular phone?

• Handset Switched ON > "here I am"• Location update• The radio station relays the information

to the nearest exchange: The VLR• The VLR updates the HLR• This way, the home exchange

always knows where the phone is• The telephone number of the cellular

phone indicates the home exchage.• The handy works with a provision number

44

Roaming (# Handover)

• Roaming is the ability to use your own GSM phone number in another GSM network.

• A roaming agreement is a business agreement between two network operators to transfer items such as call charges and subscription information back and forth, as their subscribers roam into each others areas.

45

Location Based Services

46

GPRS - HSCSD

Mohamed Mokdad

Ecole d’Ingénieurs de Bienne

47

HSCSD

High Speed Circuit Switched Data

48

GPRS

Global Packet Radio Service

49

GPRS time slots

50

Coding schemes

51

GPRS Architecture

52

GPRS VPN Tunneling

To Access Point Name

53

GPRS – the components

Serving GPRS Support Node

Gatway GPRS Support Node

GPRS Tunneling Protocol

54

The GTP Tunnel

55

E.g. http Encapsulation

Overhead of 88 bytes !!!

56

GPRS

• Data Transmission Speeds• The supported data transmission speed per

channel is 13.4Kbits. Depending on the type of phone, the following data transmission speeds are theoretically possible:

• Type 2+1: Receive 26.8Kbits & send 13.4Kbits. • Type 3+1: Receive 40.2Kbits &send 13.4Kbits. • Type 4+1: Receive 53.6Kbits &send 13.4Kbits

57

GPRS vs HSCSD

• Stay connected all the time (+)

• Higher Transfer Speed (=)

• IP Support (+)

• APN (-)– Access Point Name– GPRS can be only connected to the ISP

• GPRS WAP– Much confortable (Speed & Connection)

58

HSCSD vs GPRS / services

Function HSCSD GPRS

Moving images +++ +

Audio streaming +++ +

Fax transmission ++ -

E-mail transmission ++ ++

Telemetry + +++

Internet & WAP browsing ++ +++

59

Is GSM Data-Ready?• SMS (Short Message Services)

– 160 ASCII characters • Direct IP (starting with 9.6 kbps)

– bypass PSTN • 14.4 kbps per time slot

– new channel coding • GPRS (General Packet Radio Services)

– packet mode – fractional & multiple time slots (0.8 to 128 kbps)

• HSCSD (High-Speed Circuit Switch Data) – 38.4 kbps (4 time slots)

• Yes, the technology is ready and it can (and will) be improved

60

Evolution of GSM

• EDGE (Enhanced Data rate for GSM Evolution) – 2.5 G – new modulation scheme but still 200kHz – 384 kbps is the maximum data rate – designed for service providers that may or may not migrate to

UMTS

• UMTS (Universal Mobile Telecommunications Systems)– 3G – 384 kbps for wide-area coverage – 2 Mbps for local coverage – WCDMA (wideband CDMA) (BW=5MHz @ 2GHz) – Adopted by Europe and Japan

61

EDGE modulations

Channel Coding Scheme

Modulation

Slot Combinations

1 Slot 4 Slots 8 Slots

MCS1 GMSK 8.8 kb/s 35.2 kb/s 70.4 kb/s

MCS4 GMSK 17.6 kb/s 70.4 kb/s 140.8 kb/s

MCS5 8PSK 22.4 kb/s 89.6 kb/s 179.2 kb/s

MCS9 8PSK 59.2 kb/s 236.8 kb/s 473.6 kb/s

62

SIM Card

Mohamed Mokdad

Ecole d’Ingénieurs de Bienne

63

SIM = Smart Card ?

64

Smart Card Pinout

65

SPI: Clock and Data

Clock

Data

66

SIM Content

• User ID– IMSI, Ki, PINs, PUKs, etc

• Phone Book

• SMS

• A3/A8 Algorithm– Challenge response application

• Other info– Directory structure

67

SIM and Handy

OSI 7816

68

Instructions format

• CLA:INS:P1:P2:P3

• Verify CHV (PIN) – A0 20 00 00 08

• 67 00 Incorrect parameter P3• 00 20

• Run GSM A38 Algorithm– A0 88 00 00 10

• 67 00 Incorrect parameter P3• 00 88

69

Stack

HardwareHardwaree.g. Symbiane.g. Symbian

APIsAPIsApplicationApplication