Embed Size (px)
DESCRIPTION
GSM. Mohamed Mokdad Ecole d’Ingénieurs de Bienne. Agenda. GSM Architecture, Interface, … Enhancements HSCSD GPRS SIM Architecture Protocoles. Why GSM in 1982?. Good subjective speech quality Low terminal and service cost Support for international roaming - PowerPoint PPT Presentation
Citation preview
1
GSM
Mohamed Mokdad
Ecole d’Ingénieurs de Bienne
2
Agenda
• GSM– Architecture, Interface, …
• Enhancements– HSCSD– GPRS
• SIM– Architecture– Protocoles
3
Why GSM in 1982?
• Good subjective speech quality • Low terminal and service cost • Support for international roaming • Ability to support handheld terminals • Support for range of new services and
facilities • Spectral efficiency • ISDN compatibility
4
Phased GSM Approach 1
• GSM Phase 1 features – Call Forwarding – All Calls – No Answer – Engaged – Unreachable – Call Barring
• Outgoing - Bar certain outgoing calls (e.g. ISD) • Incoming - Bar certain incoming calls (Useful if in another
country) – Global roaming - Visit any other country with GSM and a
roaming agreement and use your phone and existing number
5
Phased GSM Approach 2• GSM Phase 2 features
– SMS - Short Message Service - Allows you to send text messages too and from phones
– Multi Party Calling - Talk to five other parties as well as yourself at the same time
– Call Holding - Place a call on Hold – Call Waiting - Notifies you of another call whilst on a call – Mobile Data Services - Allows handsets to communicate with computers – Mobile Fax Service - Allows handsets to send, retrieve and receive
faxes – Calling Line Identity Service - This facility allows you to see the
telephone number of the incoming caller on our handset before answering
– Advice of Charge - Allows you to keep track of call costs – Cell Broadcast - Allows you to subscribe to local news channels – Mobile Terminating Fax - Another number you are issued with that
receives faxes that you can then download to the nearest fax machine.
6
Phased GSM Approach 3
• GSM Phase 2 + features– Available by 1998 – Upgrade and improvements to existing services – Majority of the upgrade concerns data transmission, including
bearer services and packet switched data at 64 kbps and above – DECT access to GSM – PMR/Public Access Mobile Radio (PAMR)-like capabilities – GSM in the local loop – Virtual Private Networks – Packet Radio – SIM enhancements – Premium rate services (e.g. Stock prices sent to your phone)
7
01 02 03 04 05 06 07 08 09 10 11
Req
uir
em
ents
CO
DE
Cs
Ser
vice
asp
ects
Tec
hn
ical
rea
liza
tio
n
Sig
nal
lin
g p
roto
cols
(u
ser
eq
uip
men
t to
net
wo
rk)
Rad
io a
sp
ects
Dat
a
Sig
nal
lin
g p
roto
cols
(R
SS
-CN
)
Sig
nal
lin
g p
roto
cols
(in
tra-
fixe
d-n
etw
ork
)
Pro
gra
mm
e m
ana
gem
ent
Use
r Id
enti
ty M
od
ule
(S
IM /
US
IM)
GSM & UMTS numbering
8
Phased GSM Approach 3
• GSM-R– Future Railway control platform
• UMTS– In the context of IMT 2000 families– Releases 4, 5 and 6– Each release is a complete set
and a system can be build on it
9
GSM Evolution review
10
Reference Configuration
ISDN/PSTN
11
Cellular System
• The geographic area is divided into cells
• Each cell has a Base Station managing the communications
• A set of cells managed by a single MSC is called Location Area
Base Station
VLRMSC
VLR MSC
HLR
MSC Mobile Switching Center
VLR Visitor Location Register
HLR Home Location Register
land link
land link
Radio link
12
GSM Architecture
Databases
Switches
Radio Systems
BTS
BSC
MS
MSC MSC GMSC SSP
PSTN
BSS
BSS
HLRVLR VLREIR
SSP
AuC
NSS
PLMN
NSS Network and Switching
Subsystem
EIR Equipment Identity Register
AuC Authentication Center
GMSC Gateway MSC
BSS Base Station System
BSC Base Station Controller
BTS Base Transceiver Station
MS Mobile Station
SSP Service Switching Point
13
The GSM Interfaces 1
BS/MSCMT0
BS/MSCMT1TE1
BS/MSCMT1TATE2
BS/MSCMT2TE2
UmSR
14
The GSM Interfaces 2
+ B, C, D, E, F, G, H et I to HLR, VLR, MCS, …
15
The GSM Interfaces 3
16
GSM Radio Interface
• Spectrum– 900 MHz (and 1800 MHz)
• 890-915 MHz Uplink - 935-960 MHz Downlink
• FDMA– 124 carriers under 900 MHz
• TDMA– 8 Time Slots per carrier
• 1 (physical) channel per Time Slot– 1 channel = 1 communication = 15/26 ms
17
GSM Radio Interface bis
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
0
1
3
122
123
18
E.g. 2G Mobile telephony Spectrum
19
Channels: Logical & Physical
USER
CHANNELS
USER
CHANNELS
CONTROL
ENTITIES
CONTROL
ENTITIES
MAPPING
MAPPING
LOGICALCHANNELS
Traffic= TCH (Bm or Lm)
Control andSignalling
= CCH (Dm)
LOGICALCHANNELS
Traffic= TCH (Bm or Lm)
Control andSignalling
= CCH (Dm)
(Air interface)
PHYSICALRESOURCE
Frequency(RF Channels)
Time(Timeslots)
L A N D N E T W O R K M O B I L E
PHYSICALCHANNELS
( Timslotnumber,
TDMA framesequence
RF Channelsequence )
PHYSICALCHANNELS
( Timslotnumber,
TDMA framesequence
RF Channelsequence )
20
Les canaux GSM
21
Logical control channelsBroadcast Control CHannel (BCCH)
downlink only, used to broadcast Cell specific information;Synchronization CHannel (SCH)
downlink only, used to broadcast synchronization and BSS identification information;
Paging CHannel (PCH)downlink only, used to send page requests to Mobile Stations;
Random Access CHannel (RACH)uplink only, used to request a Dedicated Control CHannel;
Access Grant CHannel (AGCH)downlink only, used to allocate a Dedicated Control CHANNEL;
Stand Alone Dedicated Control CHannel (SDCCH)bi‑directional;
Fast Associated Control CHannel (FACCH)bi‑directional, associated with a Traffic CHannel;
Slow Associated Control CHannel (SACCH)bi‑directional, associated with a SDCCH or a Traffic CHannel;
Cell Broadcast CHannel (CBCH)downlink only used for general (not point to point) short message information.
22
GSM Frames
• Hyperframes– i.e. 2048 Superframes
• Superframes– 1326 frames:– i.e. 51 x 26 Multiframes for signalling– i.e. 26 x 51 Multiframes for traffic
• Multiframes– i.e 51 TDMA frames for signalling channels– i.e. 24 TDMA frames for traffic channels + 2
23
24
Speech Coding
25
GSM Speech Coding
• 8 bit samples–i.e. 256 values
• @ 8 kHz sampling rate• Implies 64 kbps
– i.e. Normal ISDN
• Then Compressed– i.e. 13 kbps FR (Full Rate Coding)
26
GSM Speech Coding
27
GSM Layers
• Layer 1– Enables physical transmission (TDMA, FDMA, etc.)– Assessment of channel quality
• Layer 2– Multiplexing of 1 or more layer 2 connections– Routing, flow control, a.o.
• Layer 3– Connection management (air interface)– Management of location data– Subscriber identification
28
Layer 3
• Radio resource management– Cell Selection, Handover, etc.
• Mobility management– Authentication, Location management, etc.
• Connection management
• Call control
• Supplementary service support
• Short message service support
29
System overview
• Logical control channels– BCCH, SCH, …
• Sub Layers– Sublayer resource management– Sublayer mobility management and – Sublayer connection management
• Procedures
• Messages format
30
Sublayers in layer 3
• Sublayer radio resource mgmt - RR– Radio Resource management procedures – Establish, maintain & release R connections– Cell selection/reselection and the handover
• Sublayer mobility management - MM– Management of the radio interface (Um)– In cooperation with RR
• Sublayer connection management - CC– Call control (CC) protocol
31
+ sublayers layers
• Supplementary Services - SS– …
• Short Message Service - SMS – …
• SIM manager - SIM – …
32
Sublayer RR
• Idle mode– MS available ready for signalling (e.g. paging)– BSS sends system information (e.g. cell info)
• Establishment & release of RR connection – Physical point‑to‑point bi‑directional– RR connection transfer
• RR connected mode– Automatic cell reselection – Indication of temporary unavailability
33
RR Messages
• Channel establishment messages:• ADDITIONAL ASSIGNMENT• IMMEDIATE ASSIGNMENT• IMMEDIATE ASSIGNMENT
EXTENDED• IMMEDIATE ASSIGNMENT REJECT
• Handover messages:• ASSIGNMENT COMMAND• ASSIGNMENT COMPLETE• ASSIGNMENT FAILURE• HANDOVER ACCESS• HANDOVER COMMAND• HANDOVER COMPLETE• HANDOVER FAILURE• PHYSICAL INFORMATION
• Ciphering messages:• CIPHERING MODE COMMAND• CIPHERING MODE COMPLETE• Channel release messages:• CHANNEL RELEASE• PARTIAL RELEASE• PARTIAL RELEASE COMPLETE
• Paging messages:• PAGING REQUEST TYPE 1• PAGING REQUEST TYPE 2• PAGING REQUEST TYPE 3• PAGING RESPONSE
34
Sublayer MM
• MM common procedures – TMSI reallocation procedure– Temporary Mobile Subscriber Identity
• MM specific procedures– IMSI attach procedure – International Mobile Subscriber Identity– Location updating– Authentication, Ciphering
35
MM Messages
• Registration messages:• IMSI DETACH INDICATION• LOCATION UPDATING ACCEPT• LOCATION UPDATING REJECT• LOCATION UPDATING REQUEST
• Security messages:• AUTHENTICATION REJECT• AUTHENTICATION REQUEST• AUTHENTICATION RESPONSE• IDENTITY REQUEST• IDENTITY RESPONSE• TMSI REALLOCATION COMMAND• TMSI REALLOCATION COMPLETE
• Connection management messages:• CM SERVICE ACCEPT• CM SERVICE REJECT• CM SERVICE ABORT• CM SERVICE REQUEST• CM RE-ESTABLISHMENT REQUEST• ABORT
• Miscellaneous message:• MM STATUS
36
Sublayer CC
• Call establishment procedures – From MS or Network
• Signalling procedures during active state – Notifications & connection rearrangement
• Call clearing– Call release
• Miscellaneous procedures– In‑band tones and announcements
37
CC messages
• Call establishment messages:• ALERTING• CALL CONFIRMED• CALL PROCEEDING• CONNECT• CONNECT ACKNOWLEDGE• EMERGENCY SETUP• PROGRESS• SETUP
• Call information phase messages:• MODIFY• MODIFY COMPLETE• MODIFY REJECT• USER INFORMATION• Call clearing messages:• DISCONNECT• RELEASE• RELEASE COMPLETE
• Messages for supplementary service control• FACILITY• HOLD• HOLD ACKNOWLEDGE• HOLD REJECT• RETRIEVE• RETRIEVE ACKNOWLEDGE• RETRIEVE REJECT
• Miscellaneous messages:• CONGESTION CONTROL• NOTIFY• START DTMF• START DTMF ACKNOWLEDGE• START DTMF REJECT• STATUS• STATUS ENQUIRY• STOP DTMF• STOP DTMF ACKNOWLEDGE
38
E.g. the IEs in AlertingIEI Information element Type / Reference Presence Format Length
Call control Protocol discriminator M V ½protocol discriminator (RR, MM, CM)
Transaction identifier Transaction identifier M V ½(Voir norme)
Alerting Message type M V 1message type (Ciphering, Handover)
1C Facility Facility O TLV 2‑?10.5.4.15
1E Progress indicator Progress indicator O TLV 410.5.4.21
7E User‑user User‑user O TLV 3‑3510.5.4.25
39
Some indications• Protocol discriminator
– 0 0 1 1 Call Control; call related SS messages– 0 1 0 1 Mobility Management messages– 0 1 1 0 Radio Resource management messages
• Presence– Mandatory– Optional
• Format– T Type only– V Value only– TV Type and Value– LV Length and Value
– TLV Type, Length and Value
40
CC IEs• 0 : : : : : : : : : Type 3 & 4 info elements • 0 0 0 0 1 0 0 Bearer capability • 0 0 0 1 0 0 0 Cause • 0 0 1 0 1 0 0 Note • 0 0 1 0 1 0 1 Call Control Capabilities • 0 0 1 1 1 0 0 Facility • 0 0 1 1 1 1 0 Progress indicator • 0 1 0 1 1 0 0 Keypad facility • 0 1 1 0 1 0 0 Signal • 1 0 0 1 1 0 0 Connected number • 1 0 0 1 1 0 1 Connected subaddress • 1 0 1 1 1 0 1 Calling party subad • 1 0 1 1 1 1 0 Called party BCD number • 1 1 0 1 1 0 1 Called party subad • 1 1 1 1 1 0 0 Low layer compatibility • 1 1 1 1 1 0 1 High layer compatibility• 1 1 1 1 1 1 0 User-user • 1 1 1 1 1 1 1 SS version indicator
41
Capability IEs
• Bearer capability– Synchronous – V.110, X.30
• Low layer compatibility– Unrestricted digital information transfer– 3.1 kHz audio
• High layer compatibility– Telephony– Facsimile G2/G3
42
Incoming GSM Call
2
43
Where is the cellular phone?
• Handset Switched ON > "here I am"• Location update• The radio station relays the information
to the nearest exchange: The VLR• The VLR updates the HLR• This way, the home exchange
always knows where the phone is• The telephone number of the cellular
phone indicates the home exchage.• The handy works with a provision number
44
Roaming (# Handover)
• Roaming is the ability to use your own GSM phone number in another GSM network.
• A roaming agreement is a business agreement between two network operators to transfer items such as call charges and subscription information back and forth, as their subscribers roam into each others areas.
45
Location Based Services
46
GPRS - HSCSD
Mohamed Mokdad
Ecole d’Ingénieurs de Bienne
47
HSCSD
High Speed Circuit Switched Data
48
GPRS
Global Packet Radio Service
49
GPRS time slots
50
Coding schemes
51
GPRS Architecture
52
GPRS VPN Tunneling
To Access Point Name
53
GPRS – the components
Serving GPRS Support Node
Gatway GPRS Support Node
GPRS Tunneling Protocol
54
The GTP Tunnel
55
E.g. http Encapsulation
Overhead of 88 bytes !!!
56
GPRS
• Data Transmission Speeds• The supported data transmission speed per
channel is 13.4Kbits. Depending on the type of phone, the following data transmission speeds are theoretically possible:
• Type 2+1: Receive 26.8Kbits & send 13.4Kbits. • Type 3+1: Receive 40.2Kbits &send 13.4Kbits. • Type 4+1: Receive 53.6Kbits &send 13.4Kbits
57
GPRS vs HSCSD
• Stay connected all the time (+)
• Higher Transfer Speed (=)
• IP Support (+)
• APN (-)– Access Point Name– GPRS can be only connected to the ISP
• GPRS WAP– Much confortable (Speed & Connection)
58
HSCSD vs GPRS / services
Function HSCSD GPRS
Moving images +++ +
Audio streaming +++ +
Fax transmission ++ -
E-mail transmission ++ ++
Telemetry + +++
Internet & WAP browsing ++ +++
59
Is GSM Data-Ready?• SMS (Short Message Services)
– 160 ASCII characters • Direct IP (starting with 9.6 kbps)
– bypass PSTN • 14.4 kbps per time slot
– new channel coding • GPRS (General Packet Radio Services)
– packet mode – fractional & multiple time slots (0.8 to 128 kbps)
• HSCSD (High-Speed Circuit Switch Data) – 38.4 kbps (4 time slots)
• Yes, the technology is ready and it can (and will) be improved
60
Evolution of GSM
• EDGE (Enhanced Data rate for GSM Evolution) – 2.5 G – new modulation scheme but still 200kHz – 384 kbps is the maximum data rate – designed for service providers that may or may not migrate to
UMTS
• UMTS (Universal Mobile Telecommunications Systems)– 3G – 384 kbps for wide-area coverage – 2 Mbps for local coverage – WCDMA (wideband CDMA) (BW=5MHz @ 2GHz) – Adopted by Europe and Japan
61
EDGE modulations
Channel Coding Scheme
Modulation
Slot Combinations
1 Slot 4 Slots 8 Slots
MCS1 GMSK 8.8 kb/s 35.2 kb/s 70.4 kb/s
MCS4 GMSK 17.6 kb/s 70.4 kb/s 140.8 kb/s
MCS5 8PSK 22.4 kb/s 89.6 kb/s 179.2 kb/s
MCS9 8PSK 59.2 kb/s 236.8 kb/s 473.6 kb/s
62
SIM Card
Mohamed Mokdad
Ecole d’Ingénieurs de Bienne
63
SIM = Smart Card ?
64
Smart Card Pinout
65
SPI: Clock and Data
Clock
Data
66
SIM Content
• User ID– IMSI, Ki, PINs, PUKs, etc
• Phone Book
• SMS
• A3/A8 Algorithm– Challenge response application
• Other info– Directory structure
67
SIM and Handy
OSI 7816
68
Instructions format
• CLA:INS:P1:P2:P3
• Verify CHV (PIN) – A0 20 00 00 08
• 67 00 Incorrect parameter P3• 00 20
• Run GSM A38 Algorithm– A0 88 00 00 10
• 67 00 Incorrect parameter P3• 00 88
69
Stack
HardwareHardwaree.g. Symbiane.g. Symbian
APIsAPIsApplicationApplication
