Thursday, August 5, 2010

Network Mobile Communications-Digital Cellular Systems and Standards

Chapter-5: Digital Cellular Systems and Standards (2G)

a)         Describe the GPRS architecture and protocols. How many of them already exist In GSM? Compare the channel request procedure in GPRS with that in GSM.                         [9]

d)        Draw the GPRS architecture showing the main components. Which is the component responsible for assignment of an IP address to the mobile? Why does there need to be a mapping between the mobile's IMSI and its IP address?                                                [7]

a)         General Packet Radio System is radio access technology and provides packet data service. Explain the protocol architecture.                                                                 [5]
GPRS is a data network that overlays a second-generation GSM network. This data overlay network provides packet data transport at rates from 9.6 to 171 kbps. Additionally, multiple users can share the same air-interface resources simultaneously.

Following is the GPRS Architecture diagram:

GPRS attempts to reuse the existing GSM network elements as much as possible, but to effectively build a packet-based mobile cellular network, some new network elements, interfaces, and protocols for handling packet traffic are required.

Therefore, GPRS requires modifications to numerous GSM network elements as summarized below:

GSM Network Element

Modification or Upgrade Required for GPRS.

Mobile Station (MS)

New Mobile Station is required to access GPRS services. These new terminals will be backward compatible with GSM for voice calls.


A software upgrade is required in the existing base transceiver site.


The base station controller (BSC) requires a software upgrade and the installation of new hardware called the packet control unit (PCU). The PCU directs the data traffic to the GPRS network and can be a separate hardware element associated with the BSC.

GPRS Support Nodes (GSNs)

The deployment of GPRS requires the installation of new core network elements called the serving GPRS support node (SGSN) and gateway GPRS support node (GGSN).

Databases (HLR, VLR, etc.)

All the databases involved in the network will require software upgrades to handle the new call models and functions introduced by GPRS.

GPRS Mobile Stations:

New Mobile Station are required to use GPRS services because existing GSM phones do not handle the enhanced air interface or packet data. A variety of MS can exist, including a high-speed version of current phones to support high-speed data access, a new PDA device with an embedded GSM phone, and PC cards for laptop computers. These mobile stations are backward compatible for making voice calls using GSM.

GPRS Base Station Subsystem:

Each BSC requires the installation of one or more Packet Control Units (PCUs) and a software upgrade. The PCU provides a physical and logical data interface to the base station subsystem (BSS) for packet data traffic. The BTS can also require a software upgrade but typically does not require hardware enhancements.

When either voice or data traffic is originated at the subscriber mobile, it is transported over the air interface to the BTS, and from the BTS to the BSC in the same way as a standard GSM call. However, at the output of the BSC, the traffic is separated; voice is sent to the mobile switching center (MSC) per standard GSM, and data is sent to a new device called the SGSN via the PCU over a Frame Relay interface.

GPRS Support Nodes:

Following two new components, called GPRS support nodes (GSNs), are added:

Gateway GPRS support node (GGSN):

The Gateway GPRS Support Node acts as an interface and a router to external networks. The GGSN contains routing information for GPRS mobiles, which is used to tunnel packets through the IP based internal backbone to the correct Serving GPRS Support Node. The GGSN also collects charging information connected to the use of the external data networks and can act as a packet filter for incoming traffic.

Serving GPRS support node (SGSN):

The Serving GPRS Support Node is responsible for authentication of GPRS mobiles, registration of mobiles in the network, mobility management, and collecting information for charging for the use of the air interface.

Internal Backbone:

The internal backbone is an IP based network used to carry packets between different GSNs. Tunneling is used between SGSNs and GGSNs, so the internal backbone does not need any information about domains outside the GPRS network. Signaling from a GSN to a MSC, HLR or EIR is done using SS7.

Routing Area:

GPRS introduces the concept of a routing area. This is much the same as a Location Area in GSM, except that it will generally contain fewer cells. Because routing areas are smaller than Location Areas, less radio resources are used when a paging message is broadcast.

Following diagrram shows the GPRS protocol stack and end-to-end message flows from the MS to the GGSN. The protocol between the SGSN and GGSN using the Gn interface is GTP. This is a Layer 3 tunneling protocol.

One of the most important things to note here is that the application communicates via standard IP, which is carried through the GPRS network and out through the gateway GPRS looks like a normal IP sub-network to users both inside and outside the network.

Also notice that packets travelling between the GGSN and the SGSN use the GPRS tunneling protocol so the internal backbone network does not have to deal with IP addresses outside the GPRS network. This GTP is run over UDP and IP.

Between the SGSN and the MS a combination of SubNetwork Dependent Convergence Protocol and Logical Link Control is used. SNDCP compresses data to minimize the load on the radio channel. The LLC provides a safe logical link by encrypting packets. The same LLC link is used as long as a mobile is under a single SGSN.

When the mobile moves to a routing area that lies under a different SGSN the LLC link is removed and a new link is established with the new Serving GSN X.25 services are provided by running X.25 on top of TCP/IP in the internal backbone
g)Both GSM and DECT are digital wireless communication standards for voice. What is the difference in terms of the intended coverage area and mobility supported by the two? Which one of them defines detailed network architecture for roaming across various providers' networks?        [4]

Along with workplaces such as factories, warehouses, schools and hospitals, there are a growing number of traditionally office-based working environments that require flexible, mobile IT and telecommunications networks. It is currently estimated that as many as 80% of workers across all industries are potentially mobile around their workplace and may require access to wireless voice communications.

The standard DECT- (Digital Enhanced Cordless Telecommunications) commonly used for domestic or corporate purposes for digital portable (cordless) phones is an ETSI (European Telecommunications Standards Institute). DECT (like GSM) is a cellular system and the major difference between GSM and DECT systems is that the cell radius on DECT is 25 to 100 meters, while in GSM is 2 to 10 km. *

The implementation of wireless Local Area Networks (WLANs) using IP-enabled wireless data handsets began from several years ago and was considered simple, inexpensive and a reliable method of delivering VoWLAN. The main attraction of a WiFi system is that it offers a single infrastructure for supporting wireless telephony and data, potentially providing a substantial return on investment by reducing hardware costs as well as longer-term operational, maintenance and support costs. But in the other hand, WLAN data applications are typically confined to the areas of a workplace where workstations and PCs are located, as well as meeting rooms and individual offices. WLAN generally does not extend to halls, staircases or outdoor areas.

To provide blanket coverage is complicated due to the co-channel interference inherent in the 802.11 standards. Access points too close together interfere with each other and if placed too far apart, holes are created in the coverage and the user can experience handover problems hence, providing the necessary amount of simultaneous coverage while avoiding interference is much more difficult than it should be. To upgrade a WLAN system to a full VoWLAN network there is necessary to increase the number of existing access points and this means significant additional cost, not only associated with the hardware itself, but with the high level of specialist expertise required for voice deployment, which demands careful channel allocation for each access point.

The DECT versus WLAN (WiFi) debate focuses mainly on arguments centre around whether the wireless telephony system (DECT) is more acceptable for voice applications than the Voice over Wireless LAN. DECT is a mature technology that has gone through the complete standardization process addressing issues such as availability and quality of service, and this is why it is supported by traditional vendors whose main business comes from traditional circuit-switched carriers, where voice network engineers work on the basis of 99.999% availability.

In contrast, the 802.11 networks were designed to carry data, not voice, 802.11b and 802.11g have no built-in mechanisms which tells the network to prioritize voice packets over data, a surge in network traffic may therefore disrupt voice calls, which in many cases, is not only an inconvenience, but a serious threat to customer service and business operations. In industries such as hospitality and retail, lost or interrupted calls mean lost revenue. Typically, 99% availability is considered acceptable by LAN designers for data packets. The difference may not seem significant, but while a half second network dropout every minute will go largely un-noticed by PC users such a delay will be obvious on the phone.

Another key quality challenge facing WLANs is the ability to roam between access points. While DECT telephony networks support seamless handover for voice calls being made on the move, the 802.11 standard currently only supports break-before-make handover. Again, when we consider that the 802.11 standard was originally designed for data, this does not prove a problem as data is transmitted in discrete packets, but for voice, handover between the access points needs to be very fast in order to have a voice call free of interruptions. Rather than addressing this critical issue, the 802.11i security standard, makes the situation worse by extending handover to over 70 milliseconds (ms), a break considered by many to be unacceptable for voice calls. When a user moves from one access point to another while making a voice call, an encrypted tunnel must be broken down through one access point and reformed through the new one. If this process takes more than 50 ms, the user will hear a break in the conversation.

Additionally, the security schemes commonly used for Wi-Fi handsets, Wireless Equivalent Privacy (WEP) and Media Access Control (MAC) are widely regarded as insufficient. While the 802.11i standard addresses the security issue, as mentioned previously, it is likely to have a negative impact on call handover delays forcing Wi-Fi users to choose between enhanced security and better voice quality two factors that most businesses regard as equally critical. In comparison, the DECT standard incorporates built-in security protocols that eliminate eavesdropping, impersonation and other security breaches like:
- 128-bit authentication and identification access security.
- Encryption system based on derived or static 64-bit cipher keys transmission security.

While WLAN systems can be configured to provide up to seven active handsets operating per access point on a voice-only 802.11b WLAN, the more realistic limit is four or five connections before quality suffers. And, if voice is being added to a WLAN which is also carrying data, this drops to around three simultaneous voice conversations per access point. Comparatively, the capacity of DECT, which was specifically designed to handle a high density of users, typically supports eight simultaneous conversations. In complete contrast to WLAN, DECT base stations can simply be co-located in traffic hot spots to provide the required number of additional voice channels, without the problem of co-channel interference.

Even when DECT is more appropriate for voice, there will be several implementation where WiFi is the selection for making phone calls. Standards are evolving and there will be a lot of improvements on the next years. For sure, both technologies will continue being used on the mid future, becoming a solution for wireless developers.

Always feel free to call ABP’s pre-sales support to discuss you application and get the pros and cons of different solutions.
d)        GSM uses the SIM card to identify a particular user. The user can use the same SIM card on any cellular phone. Is this an example of terminal mobility or personal mobility? Why?                           [2]

Terminal MobilityIn commercial wireless networks, the ability of a terminal, while in motion, to access telecommunication services from different locations, and the capability of the network to identify and locate that terminal

Personal mobility involves the network's capability to locate the terminal associated with the user for the purposes of addressing, routing, and charging the user for calls. "Access" is intended to convey the concepts of both originating and terminating services. Management of the service profile by the user is not part of personal mobility. The personal mobility aspects of personal communications are based on the UPT number.

f)          In each GSM multi frame, 24 frames are used for traffic and two for associated control signaling. Considering the detailed burst frame and multi frames infrastructures, explain, how the effective transmission rate for each GSM voice traffic is 22.8 kbps.            [4]

e)         In each GSM multi frame, 24 frames are used for traffic and two for associated control signaling. Considering the detailed burst frame and multi frames infrastructures, explain, how the effective transmission rate for each GSM voice traffic is 22.8 kbps.            [4]

a)         Draw the basic reference architecture and signaling interfaces of GSM. Why SIM card needed in GSM, while it is not required in AMPS?                                                [9]

b)        How do you compare AMPS and GSM systems in terms of coverage area, transmitted power and error control system? Explain, what you can do to address adjacent channel and co-channel interference.                                                                                        [9]

a)         If 8 speech channels are supported on a single radio channel and if no guard band is assumed, what is the number of simultaneous users that can be accommodated in GSM?                    [9]

a)         Discuss the GSM Reference Architecture in detail. What is the function of the following:
 i)          Mobile Station (MS)
  ii)         Base Station System (BSS)
ii)        HLR
iv)          VLR
v)         Authentication Centre                                                                                     [10]

a)         How do you compare D-AMPS and GSM systems in terms of coverage area, transmitted power and error control system, explain what you can do to address adjacent channel and co-channel interference.                                                                                 [9]

b)        What are the main elements of GSM System architecture? Discuss the reasons of separate MS and SIM in GSM.

a)         How is signaling protocol in GSM structured into layers? What are the specific functions performed by Layer 3 of the GSM signaling protocol?                                                    [9]
c)         If a normal GSM time slot consists of six trailing bits, 8.25 guard bits, 26 trailing bits and two traffic bursts of 58 bits of data, find the frame efficiency.                                    [4]
b)        Draw the basic reference architecture and signaling interfaces for GSM. Why is Smart card needed in GSM, while it is not required in AMPS?                                               [9]
GSM phones use SIM cards, or Subscriber information or identity modules. Memory modules. They're the biggest difference a user sees between a GSM phone or handset and a conventional cellular telephone. With the SIM card and its memory the GSM handset is a smart phone, doing many things a conventional cellular telephone cannot. Like keeping a built in phone book or allowing different ringtones to be downloaded and then stored. Conventional cellular telephones either lack the features GSM phones have built in, or they must rely on resources from the cellular system itself to provide them. Let me make another, important point.
With a SIM card your account can be shared from mobile to mobile, at least in theory. Want to try out your neighbor's brand new mobile? You should be able to put your SIM card into that GSM handset and have it work. The GSM network cares only that a valid account exists, not that you are using a different device. You get billed, not the neighbor who loaned you the phone.
This flexibility is completely different than AMPS technology, which enables one device per account. No swtiching around. Conventional cellular telephones have their electronic serial number burned into a chipset which is permanently attached to the phone. No way to change out that chipset or trade with another phone. SIM card technology, by comparison, is meant to make sharing phones and other GSM devices quick and easy.

b)        Explain GSM architecture and frequency planning.                                                      [5]

GSM System Architecture

In GSM system the mobile handset is called Mobile Station (MS). A cell is formed by the coverage area of a Base Transceiver Station (BTS) which serves the MS in its coverage area. Several BTS together are controlled by one Base Station Controller (BSC). The BTS and BSC together form Base Station Subsystem (BSS). The combined traffic of the mobile stations in their respective cells is routed through a switch called Mobile Switching Center (MSC). Connection originating or terminating from external telephone (PSTN) are handled by a dedicated gateway Gateway Mobile Switching Center (GMSC). The architecture of a GSM system is shown in the figure 2.1 below.

In addition to the above entities several databases are used for the purpose of call control and network management. These databases are Home Location Register (HLR), Visitor Location Register (VLR), the Authentication Center (AUC), and Equipment Identity Register (EIR).

Home Location Register (HLR) stores the permanent (such as user profile) as well as temporary (such as current location) information about all the users registered with the network. A VLR stores the data about the users who are being serviced currently. It includes the data stored in HLR for faster access as well as the temporary data like location of the user. The AUC stores the authentication information of the user such as the keys for encryption. The EIR stores stores data about the equipments and can be used to prevent calls from a stolen equipments.

All the mobile equipments in GSM system are assigned unique id called IMSI (International Mobile Equipment Identity) and is allocated by equipment manufacturer and registered by the service provider. This number is stored in the EIR. The users are identified by the IMSI (International Module Subscriber Identity) which is stored in the Subscriber Identity Module (SIM) of the user. A mobile station can be used only if a valid SIM is inserted into an equipment with valid IMSI. The ``real'' telephone number is different from the above ids and is stored in SIM

The GPRS is an enhancement over the GSM and adds some nodes in the network to provide the packet switched services. These network nodes are called GSNs (GPRS Support Nodes) and are responsible for the routing and delivery of the data packets to and form the MS and external packet data networks (PDN). The figure 2.2 below shows the architecture of the GPRS system.

Figure 2.2: GPRS Architecture (Source: Bettstetter et. all)

The most important network nodes added to the existing GSM networks are:

  • SGSN (Serving GPRS Support Node).

  • GGSN (Gateway GPRS Support Node).

The serving GPRS support node (SGSN) is responsible for routing the packet switched data to and from the mobile stations (MS) within its area of responsibility. The main functions of SGSN are packet routing and transfer, mobile attach and detach procedure (Mobility Management (MM)), location management, assigning channels and time slots (Logical Link Management (LLM)), authentication and charging for calls. It stores the location information of the user (like the current location, current VLR) and user profile (like IMSI addresses used in packet data networks) of registered users in its location register.

The gateway GPRS support node (GGSN) acts as interface between the GPRS backbone and the external packet data network (PDN). It converts the GPRS packet coming from the SGSN into proper packet data protocol (PDP) format (i.e. X.25 or IP) before sending to the outside data network. Similarly it converts the external PDP addresses to the GSM address of the destination user. It sends these packets to proper SGSN. For this purpose the GGSN stores the current SGSN address of the user and his profile in its location register.The GGSN also performs the authentication and charging functions. In general there may be a many to many relationship between the SGSN and GGSN. However a service provider may have only one GGSN and few SGSNs due to cost constraints. A GGSN proved the interface to several SGSNs to the external PDN

GSM network consists of several functional entities whose functions and interfaces are defined. The GSM network can be divided into following broad parts.

Following is the simple architecture diagram of GSM Network.

The added components of the GSM architecture include the functions of the databases and messaging systems:

*       Home Location Register (HLR)

*       Visitor Location Register (VLR)

*       Equipment Identity Register (EIR)

*       Authentication Center (AuC)

*       SMS Serving Center (SMS SC)

*       Gateway MSC (GMSC)

*       Chargeback Center (CBC)

*       Transcoder and Adaptation Unit (TRAU)

Following is the diagram of GSM Netwrok alongwith added elements.

The MS and the BSS communicate across the Um interface, also known as the air interface or radio link. The BSS communicates with the Network Service Switching center across the A interface.

GSM network areas:

In a GSM network, the following areas are defined:

*       Cell: Cell is the basic service area: one BTS covers one cell. Each cell is given a Cell Global Identity (CGI), a number that uniquely identifies the cell.

*       Location Area: A group of cells form a Location Area. This is the area that is paged when a subscriber gets an incoming call. Each Location Area is assigned a Location Area Identity (LAI). Each Location Area is served by one or more BSCs.

*       MSC/VLR Service Area: The area covered by one MSC is called the MSC/VLR service area.

*       PLMN: The area covered by one network operator is called PLMN. A PLMN can contain one or more MSCs.

Specifications for different Personal Communication Services (PCS) systems vary among the different PCS networks. The GSM specification is listed below with important characteristics.


Modulation is a form of change process where we change the input information into a suitable format for the transmission medium. We also changed the information by demodulating the signal at the receiving end.

The GSM uses Gaussian Minimum Shift Keying (GMSK) modulation method.

Access Methods:

Because radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible.

GSM chose a combination of TDMA/FDMA as its method. The FDMA part involves the division by frequency of the total 25 MHz bandwidth into 124 carrier frequencies of 200 kHz bandwidth.

One or more carrier frequencies are then assigned to each BS. Each of these carrier frequencies is then divided in time, using a TDMA scheme, into eight time slots. One time slot is used for transmission by the mobile and one for reception. They are separated in time so that the mobile unit does not receive and transmit at the same time.

Transmission Rate:

The total symbol rate for GSM at 1 bit per symbol in GMSK produces 270.833 K symbols/second. The gross transmission rate of the time slot is 22.8 Kbps.

GSM is a digital system with an over-the-air bit rate of 270 kbps.

Frequency Band:

The uplink frequency range specified for GSM is 933 - 960 MHz (basic 900 MHz band only). The downlink frequency band 890 - 915 MHz (basic 900 MHz band only).

Channel Spacing:

This indicates separation between adjacent carrier frequencies. In GSM, this is 200 kHz.

Speech Coding:

GSM uses linear predictive coding (LPC). The purpose of LPC is to reduce the bit rate. The LPC provides parameters for a filter that mimics the vocal tract. The signal passes through this filter, leaving behind a residual signal. Speech is encoded at 13 kbps.

Duplex Distance:

The duplex distance is 80 MHz. Duplex distance is the distance between the uplink and downlink frequencies. A channel has two frequencies, 80 MHz apart.


*       Frame duration: 4.615 mS

*       Duplex Technique: Frequency Division Duplexing (FDD) access mode previously known as WCDMA.

*       Speech channels per RF channel: 8.

GSM distinguishes explicitly between user and equipment and deals with them separately. Besides phone numbers and subscriber and equipment identifiers, several other identifiers have been defined; they are needed for the management of subscriber mobility and for addressing of all the remaining network elements. The most important addresses and identifiers are presented in the following:

International Mobile Station Equipment Identity (IMEI):

The international mobile station equipment identity (IMEI) uniquely identifies a mobile station internationally. It is a kind of serial number. The IMEI is allocated by the equipment manufacturer and registered by the network operator and registered by the network operator who stores it in the EIR. By means of IMEI one recognizes obsolete, stolen or nonfunctional equipment.

There are following parts of an IMEI:

*       Type Approval Code (TAC): 6 decimal places, centrally assigned.

*       Final Assembly Code (FAC): 6 decimal places, assigned by the manufacturer.

*       Serial Number (SNR): 6 decimal places, assigned by the manufacturer.

*       Spare (SP): 1 decimal place.

Thus, IMEI = TAC + FAC + SNR + SP. It uniquely characterizes a mobile station and gives clues about the manufacturer and the date of manufacturing.

International Mobile Subscriber Identity ( IMSI):

Each registered user is uniquely identified by its international mobile subscriber identity (IMSI). It is stored in the subscriber identity module (SIM) A mobile station can only be operated if a SIM with a valid IMSI is inserted into equipment with a valid IMEI.

There are following parts of an IMSI:

*       Mobile Country Code (MCC): 3 decimal places, internationally standardized.

*       Mobile Network Code (MNC): 2 decimal places, for unique identification of mobile network within the country.

*       Mobile Subscriber Identification Number (MSIN): Maximum 10 decimal places, identification number of the subscriber in the home mobile network.

Mobile Subscriber ISDN Number ( MSISDN):

The real telephone number of a mobile station is the mobile subscriber ISDN number (MSISDN). It is assigned to the subscriber (his or her SIM, respectively), such that a mobile station set can have several MSISDNs depending on the SIM.

The MSISDN categories follow the international ISDN number plan and therefore have the following structure.

*       Country Code (CC) : Up to 3 decimal places.

*       National Destination Code (NDC): Typically 2-3 decimal places.

*       Subscriber Number (SN): Maximum 10 decimal places.

Mobile Station Roaming Number ( MSRN):

The Mobile Station Roaming Number ( MSRN) is a temporary location dependent ISDN number. It is assigned by the locally responsible VLR to each mobile station in its area. Calls are also routed to the MS by using the MSRN.

The MSRN has same structure as the MSISDN.

*       Country Code (CC) : of the visited network.

*       National Destination Code (NDC): of the visited network.

*       Subscriber Number (SN): in the current mobile network.

Location Area Identity (LAI):

Each LA of an PLMN has its own identifier. The Location Area Identifier (LAI) is also structured hierarchically and internationally unique as follows:

*       Country Code (CC) : 3 decimal places.

*       Mobile Network Code (MNC): 2 decimal places.

*       Location Area Code (LAC): maximum 5 decimal places or, maximum twice 8 bits coded in hexadecimal (LAC < FFFF).

Temporary Mobile Subscriber Identity (TMSI):

The VLR, which is responsible for the current location of a subscriber, can assign a temporary mobile subscriber identity (TMSI) which has only local significance in the area handled by the VLR. It is stored on the network side only in the VLR and is not passed to the HLR.

Together with the current location area, TMSI allows a subscriber to be identified uniquely and it can consist of upto 4x8 bits.

Local Mobile Subscriber Identity (LMSI):

The VLR can assign an additional searching key to each mobile station within its area to accelerate database access. This unique key is called the Local Mobile Subscriber Identity (LMSI). The LMSI is assigned when the mobile station registers with the VLR and is also sent to the HLR.

An LIMSI consists of four octets ( 4 x 8 bits).

Cell Identifier (CI):

Within an LA, the individual cells are uniquely identified with a cell identifier (CI), maximum 2 x 8 bits. Together with the global cell identity (LAI + CI) calls are thus also internationally defined in a unique way.

The operation of the GSM system can be understood by studying the sequence of events that takes place when a call is initiated from the Mobile Station.

Call from Mobile Phone to PSTN:

When a mobile subscriber makes a call to a PSTN telephone subscriber, the following sequence of events takes place:

  1. The MSC/VLR receives the message of a call request.

  2. The MSC/VLR checks if the mobile station is authorized to access the network. If so, the mobile station is activated. If the mobile station is not authorized, service will be denied.

  3. MSC/VLR analyzes the number and initiates a call setup with the PSTN.

  4. MSC/VLR asks the corresponding BSC to allocate a traffic channel (a radio channel and a time slot).

  5. The BSC allocates the traffic channel and passes the information to the mobile station.

  6. The called party answers the call and the conversation takes place.

  7. The mobile station keeps on taking measurements of the radio channels in the present cell and neighboring cells and passes the information to the BSC. The BSC decides if handover is required, if so, a new traffic channel is allocated to the mobile station and the handover is performed. If handover is not required, the mobile station continues to transmit in the same frequency.

Call from PSTN to Mobile Phone:

When a PSTN subscriber calls a mobile station, the sequence of events is as follows:

  1. The Gateway MSC receives the call and queries the HLR for the information needed to route the call to the serving MSC/VLR.

  2. The GMSC routes the call to the MSC/VLR.

  3. The MSC checks the VLR for the location area of the MS.

  4. The MSC contacts the MS via the BSC through a broadcast message, that is, through a paging request.

  5. The MS responds to the page request.

  6. The BSC allocates a traffic channel and sends a message to the MS to tune to the channel. The MS generates a ringing signal and, after the subscriber answers, the speech connection is established.

  7. Handover, if required, takes place, as discussed in the earlier case.
The MS codes the speech at 13 Kbps for transmission over the radio channel in the given time slot. The BSC converts (or transcodes) the speech to 64 Kbps and sends it over a land link or radio link to the MSC. The MSC then forwards the speech data to the PSTN. In the reverse direction, the speech is received at 64 Kbps rate at the BSC and the BSC does the transcoding to 13 Kbps for radio transmission.

In its original form, GSM supports 9.6 Kbps data, which can be transmitted in one TDMA time slot. Over the last few years, many enhancements were done to the GSM standards (GSM Phase 2 and GSM Phase 2+) to provide higher data rates for data applications.

The layered model of the GSM architecture integrates and links the peer-to-peer communications between two different systems. The underlying layers satisfy the services of the upper-layer protocols. Notifications are passed from layer to layer to ensure that the information has been properly formatted, transmitted, and received.

The GMS protocol stacks diagram is shown below:

MS Protocols:

The signaling protocol in GSM is structured into three general layers, depending on the interface.

*       Layer 1: The physical layer, which uses the channel structures over the air interface.

*       Layer 2: The data-link layer. Across the Um interface, the data-link layer is a modified version of the Link access protocol for the D channel (LAP-D) protocol used in ISDN, called Link access protocol on the Dm channel (LAP-Dm). Across the A interface, the Message Transfer Part (MTP), Layer 2 of SS7 is used.

*       Layer 3: The third layer of the GSM signaling protocol is divided into three sublayers:

o    Radio Resource management (RR)

o    Mobility Management (MM) and

o    Connection Management (CM).

The MS to BTS Protocols:

The RR layer oversees the establishment of a link, both radio and fixed, between the MS and the MSC. The main functional components involved are the MS, the BSS, and the MSC. The RR layer is concerned with the management of an RR-session, which is the time that a mobile is in dedicated mode, as well as the configuration of radio channels, including the allocation of dedicated channels.

The MM layer is built on top of the RR layer and handles the functions that arise from the mobility of the subscriber, as well as the authentication and security aspects. Location management is concerned with the procedures that enable the system to know the current location of a powered-on MS so that incoming call routing can be completed.

The CM layer is responsible for CC, supplementary service management, and Short Message Service (SMS) management. Each of these may be considered as a separate sublayer within the CM layer. Other functions of the CC sublayer include call establishment, selection of the type of service (including alternating between services during a call), and call release.

BSC Protocols:

After the information is passed from the BTS to the BSC, a different set of interfaces is used. The Abis interface is used between the BTS and BSC. At this level, the radio resources at the lower portion of Layer 3 are changed from the RR to the Base Transceiver Station Management (BTSM). The BTS management layer is a relay function at the BTS to the BSC.

The RR protocols are responsible for the allocation and reallocation of traffic channels between the MS and the BTS. These services include controlling the initial access to the system, paging for MT calls, the handover of calls between cell sites, power control, and call termination. The RR protocols provide the procedures for the use, allocation, reallocation, and release of the GSM channels. The BSC still has some radio resource management in place for the frequency coordination, frequency allocation, and the management of the overall network layer for the Layer 2 interfaces.

From the BSC, the relay is using SS7 protocols so the MTP 1-3 is used as the underlying architecture, and the BSS mobile application part or the direct application part is used to communicate from the BSC to the MSC.

MSC Protocols:

At the MSC, the information is mapped across the A interface to the MTP Layers 1 through 3 from the BSC. Here the equivalent set of radio resources is called the BSS MAP. The BSS MAP/DTAP and the MM and CM are at the upper layers of Layer 3 protocols. This completes the relay process. Through the control-signaling network, the MSCs interact to locate and connect to users throughout the network. Location registers are included in the MSC databases to assist in the role of determining how and whether connections are to be made to roaming users.

Each user of a GSM MS is assigned a HLR that is used to contain the user's location and subscribed services. A separate register, the VLR, is used to track the location of a user. As the users roam out of the area covered by the HLR, the MS notifies a new VLR of its whereabouts. The VLR in turn uses the control network (which happens to be based on SS7) to signal the HLR of the MS's new location. Through this information, MT calls can be routed to the user by the location information contained in the user's HLR.

GSM has much more to offer than voice telephony. Additional services allow you greater flexibility in where and when you use your phone. You should contact your local GSM network operator for information on the specific services available to you.

But there are three basic types of services offered through GSM which you can ask for:

*       Telephony (also referred to as teleservices) Services

*       Data (also referred to as bearer services) Services.

*       Supplementary Services

Teleservices or Telephony Services:

A Teleservice utilises the capabilities of a Bearer Service to transport data, defining which capabilities are required and how they should be set up.

Voice Calls:

The most basic Teleservice supported by GSM is telephony. This includes Full-rate speech at 13 Kbps and emergency calls, where the nearest emergency service provider is notified by dialing three digits. A very basic example of emergency service is 911 service available in USA.

Videotext and Facsmile:

Another group of teleservices includes Videotext access, Teletex transmission, Facsimile alternate speech and facsimile Group 3, Automatic facsimile Group 3 etc.

Short Text Messages:

SMS (Short Messaging Service) service is a text messaging which allow you to send and receive text messages on your GSM Mobile phone. Services available from many of the world's GSM networks today - in addition to simple user generated text message services - include news, sport, financial, language and location based services, as well as many early examples of mobile commerce such as stocks and share prices, mobile banking facilities and leisure booking services.

Bearer Services or Data Services

Using your GSM phone to receive and send data is the essential building block leading to widespread mobile Internet access and mobile data transfer. GSM currently has a data transfer rate of 9.6k. New developments that will push up data transfer rates for GSM users are HSCSD (high speed circuit switched data) and GPRS (general packet radio service) are now available.

Supplementary Services

Supplementary services are provided on top of teleservices or bearer services, and include features such as caller identification, call forwarding, call waiting, multiparty conversations, and barring of outgoing (international) calls, among others. A brief description of supplementary services is given here:

*       Multiparty Service or conferencing: The multiparty service allows a mobile subscriber to establish a multiparty conversation.that is, a simultaneous conversation between three or more subscribers to setup a conference call. This service is only applicable to normal telephony.

*       Call Waiting: This service allows a mobile subscriber to be notified of an incoming call during a conversation. The subscriber can answer, reject, or ignore the incoming call. Call waiting is applicable to all GSM telecommunications services using a circuit-switched connection.

*       Call Hold: This service allows a subscriber to put an incoming call on hold and then resume this call. The call hold service is only applicable to normal telephony.

*       Call Forwarding: The Call Forwarding Supplementary Service is used to divert calls from the original recipient to another number, and is normally set up by the subscriber himself. It can be used by the subscriber to divert calls from the Mobile Station when the subscriber is not available, and so to ensure that calls are not lost. A typical scenario would be a salesperson turns off his mobile phone during a meeting with customers, but does not with to lose potential sales leads while he is unavailable.

*       Call Barring: The concept of barring certain types of calls might seem to be a supplementary disservice rather than service. However, there are times when the subscriber is not the actual user of the Mobile Station, and as a consequence may wish to limit its functionality, so as to limit the charges incurred. Alternatively, if the subscriber and user are one and the same, the Call Barring may be useful to stop calls being routed to international destinations when they are routed. The reason for this is because it is expected that the roaming subscriber will pay the charges incurred for international re-routing of calls. So, GSM devised some flexible services that enable the subscriber to conditionally bar calls.

*       Number Identification: There are following supplementary services related to number identification:

o    Calling Line Identification Presentation: This service deals with the presentation of the calling party's telephone number. The concept is for this number to be presented, at the start of the phone ringing, so that the called person can determine who is ringing prior to answering. The person subscribing to the service receives the telephone number of the calling party.

o    Calling Line Identification Restriction: A person not wishing their number to be presented to others subscribes to this service. In the normal course of event, the restriction service overrides the presentation service.

o    Connected Line Identification Presentation: This service is provided to give the calling party the telephone number of the person to whom they are connected. This may seem strange since the person making the call should know the number they dialled, but there are situations (such as forwardings) where the number connected is not the number dialled. The person subscribing to the service is the calling party.

o    Connected Line Identification Restriction: There are times when the person called does not wish to have their number presented and so they would subscribe to this person. Normally, this overrides the presentation service.

o    Malicious Call Identification: The malicious call identification service was provided to combat the spread of obscene or annoying calls. The victim should subscribe to this service, and then they could cause known malicious calls to be identified in the GSM network, using a simple command. This identified number could then be passed to the appropriate authority for action. The definition for this service is not stable.

*       Advice of Charge (AoC): This service was designed to give the subscriber an indication of the cost of the services as they are used. Furthermore, those Service Providers who wish to offer rental services to subscribers without their own Subscriber Identity Module (SIM) can also utilize this service in a slightly different form. AoC for data calls is provided on the basis of time measurements.

*       Closed User Groups (CUGs): This service is provided on GSM to enable groups of subscribers to only call each other. This type of services are being offered with special discount and is limited only to those members who wish to talk to each other.

*       Unstructured supplementary services data (USSD): This allows operator-defined individual services.

*       The security methods standardized for the GSM System make it the most secure cellular telecommunications standard currently available. Although the confidentiality of a call and anonymity of the GSM subscriber is only guaranteed on the radio channel, this is a major step in achieving end-to- end security.

*       The subscriber's anonymity is ensured through the use of temporary identification numbers. The confidentiality of the communication itself on the radio link is performed by the application of encryption algorithms and frequency hopping which could only be realized using digital systems and signaling.

*       This chapter gives an outline of the security measures implemented for GSM subscribers.

*       Mobile Station Authentication:

*       The GSM network authenticates the identity of the subscriber through the use of a challenge-response mechanism. A 128-bit random number (RAND) is sent to the MS. The MS computes the 32-bit signed response (SRES) based on the encryption of the random number (RAND) with the authentication algorithm (A3) using the individual subscriber authentication key (Ki). Upon receiving the signed response (SRES) from the subscriber, the GSM network repeats the calculation to verify the identity of the subscriber.

*       Note that the individual subscriber authentication key (Ki) is never transmitted over the radio channel. It is present in the subscriber's SIM, as well as the AUC, HLR, and VLR databases as previously described. If the received SRES agrees with the calculated value, the MS has been successfully authenticated and may continue. If the values do not match, the connection is terminated and an authentication failure indicated to the MS.

*       The calculation of the signed response is processed within the SIM. This provides enhanced security, because the confidential subscriber information such as the IMSI or the individual subscriber authentication key (Ki) is never released from the SIM during the authentication process.

*       Signaling and Data Confidentiality:

*       The SIM contains the ciphering key generating algorithm (A8) which is used to produce the 64-bit ciphering key (Kc). The ciphering key is computed by applying the same random number (RAND) used in the authentication process to the ciphering key generating algorithm (A8) with the individual subscriber authentication key (Ki). As will be shown in later sections, the ciphering key (Kc) is used to encrypt and decrypt the data between the MS and BS.

*       An additional level of security is provided by having the means to change the ciphering key, making the system more resistant to eavesdropping. The ciphering key may be changed at regular intervals as required by network design and security considerations. In a similar manner to the authentication process, the computation of the ciphering key (Kc) takes place internally within the SIM. Therefore sensitive information such as the individual subscriber authentication key (Ki) is never revealed by the SIM.

*       Encrypted voice and data communications between the MS and the network is accomplished through use of the ciphering algorithm A5. Encrypted communication is initiated by a ciphering mode request command from the GSM network. Upon receipt of this command, the mobile station begins encryption and decryption of data using the ciphering algorithm (A5) and the ciphering key (Kc).

*       Subscriber Identity Confidentiality:

*       To ensure subscriber identity confidentiality, the Temporary Mobile Subscriber Identity (TMSI) is used. The TMSI is sent to the mobile station after the authentication and encryption procedures have taken place. The mobile station responds by confirming reception of the TMSI. The TMSI is valid in the location area in which it was issued. For communications outside the location area, the Location Area Identification (LAI) is necessary in addition to the TMSI.

GSM service providers are doing billing based on the services they are providing to their customers. All the parameters are simple enough to charge a customer for the provided services.

In this chapter we will discuss about most frequently used billing techniques and parameters to charge a GSM subscriber.

Telephony Service:

These services can be charged on per call basis. Only call initiator has to pay the charges and now a days, all the incoming charges are free. A customer can be charged based on different parameters like:

*       International call or long distance call.

*       Local call

*       Call made during peak hours.

*       Call made during night time

*       Discounted call during weekends.

*       Call per minute or per second.

*       Many more other criteria can be designed by a service provider to charge their customers.

SMS Service:

Till the time this tutorial is written, most of the service providers are charging their customer's SMS services based on number of text messages sent from their mobile phone. There are other prime SMS services available where service providers are charging more than normal SMS charge. These services are being used in collaboration of Television Networks or Radio Networks to demand SMS from the audiences

Most of time charges are paid by the SMS sender but for some services like stocks and share prices, mobile banking facilities and leisure booking services etc. recipient of the SMS has to pay for the service.

GPRS Services

Using GPRS service you can browse Internet and can play games on the Internet, you can download movies or music etc. So a service provider will charge you based on the data uploaded as well as data downloaded on your mobile phone. These charges will be based on per Kilo Byte data downloaded/uploaded.

Additional parameter could be a Quality of Service provided to you. If you want to watch a movie then a low quality may work because some data loss may be acceptable to you but if you are downloading a zip file then a single byte loss will corrupt your complete downloaded file.

Another parameter could be peak and off peak time to download a data file or to browse the Internet.

Supplementary Services

Most of the supplementary services are being provided based on monthly rental or absolutely FREE. Like Call Waiting, Call Forwarding, Calling Number Identification, and call on hold are available at very low or zero prices.

Call Baring is a service which service providers use just to recover their dues etc. otherwise this service is not being used by any subscriber.

Call conferencing service is a form of simple telephone call where customer will be charged for multiple calls made at a time. No service provider charges extra charge for this service.

Closed User Group (CUG) is very popular and is mainly being used to give special discounts to the users if they are making calls to a particular defined group of subscribers.

Advice of Charge (AoC) can be charged based on number of queries made by a subscriber.

b)        Which is the 2G technology, which uses CDMA? How do the three CDMA variants 1XMC, 3XMC and HDR differ in terms of bandwidth usage?                                          [4]

Cell Phone Network Technologies: 2G

There are three common technologies used by 2G cell-phone networks for transmitting information (we'll discuss 3G technologies in the 3G section):

  • Frequency division multiple access (FDMA)

  • Time division multiple access (TDMA)

  • Code division multiple access (CDMA)

Although these technologies sound very intimidating, you can get a good sense of how they work just by breaking down the title of each one.

The first word tells you what the access method is. The second word, division, lets you know that it splits calls based on that access method.

  • FDMA puts each call on a separate frequency.

  • TDMA assigns each call a certain portion of time on a designated frequency.

  • CDMA gives a unique code to each call and spreads it over the available frequencies.

The last part of each name is multiple access. This simply means that more than one user can utilize each cell.

FDMA separates the spectrum into distinct voice channels by splitting it into uniform chunks of bandwidth. To better understand FDMA, think of radio stations: Each station sends its signal at a different frequency within the available band. FDMA is used mainly for analog transmission. While it is certainly capable of carrying digital information, FDMA is not considered to be an efficient method for digital transmission.

In FDMA, each phone uses a different frequency.

TDMA is the access method used by the Electronics Industry Alliance and the Telecommunications Industry Association for Interim Standard 54 (IS-54) and Interim Standard 136 (IS-136). Using TDMA, a narrow band that is 30 kHz wide and 6.7 milliseconds long is split time-wise into three time slots.

Narrow band means "channels" in the traditional sense. Each conversation gets the radio for one-third of the time. This is possible because voice data that has been converted to digital information is compressed so that it takes up significantly less transmission space. Therefore, TDMA has three times the capacity of an analog system using the same number of channels. TDMA systems operate in either the 800-MHz (IS-54) or 1900-MHz (IS-136) frequency bands.

TDMA splits a frequency into time slots.

Unlocking Your GSM Phone

Any GSM phone can work with any SIM card, but some service providers "lock" the phone so that it will only work with their service. If your phone is locked, you can't use it with any other service provider, whether locally or overseas. You can unlock the phone using a special code -- but it's unlikely your service provider will give it to you. There are Web sites that will give you the unlock code, some for a small fee, some for free.

TDM­A is also used as the access technology for Global System for Mobile communications (GSM). However, GSM implements TDMA in a somewhat different and incompatible way from IS-136. Think of GSM and IS-136 as two different operating systems that work on the same processor, like Windows and Linux both working on an Intel Pentium III. GSM systems use encryption to make phone calls more secure. GSM operates in the 900-MHz and 1800-MHz bands in Europe and Asia and in the 850-MHz and 1900-MHz (sometimes referred to as 1.9-GHz) band in the United States. It is used in digital cellular and PCS-based systems. GSM is also the basis for Integrated Digital Enhanced Network (IDEN), a popular system introduced by Motorola and used by Nextel.

GSM is the international standard in Europe, Australia and much of Asia and Africa. In covered areas, cell-phone users can buy one phone that will work anywhere where the standard is supported. To connect to the specific service providers in these different countries, GSM users simply switch subscriber identification module (SIM) cards. SIM cards are small removable disks that slip in and out of GSM cell phones. They store all the connection data and identification numbers you need to access a particular wireless service provider. ­

Unfortunately, the 850MHz/1900-MHz GSM phones used in the United States are not compatible with the international system. If you live in the United States and need to have cell-phone access when you're overseas, you can either buy a tri-band or quad-band GSM phone and use it both at home and when traveling or just buy a GSM 900MHz/1800MHz cell phone for traveling. You can get 900MHz/1800MHz GSM phones from Planet Omni, an online electronics firm based in California. They offer a wide selection of Nokia, Motorola and Ericsson GSM phones. They don't sell international SIM cards, however. You can pick up prepaid SIM cards for a wide range of countries at

CDMA takes an entirely different approach from TDMA. CDMA, after digitizing data, spreads it out over the entire available bandwidth. Multiple calls are overlaid on each other on the channel, with each assigned a unique sequence code. CDMA is a form of spread spectrum, which simply means that data is sent in small pieces over a number of the discrete frequencies available for use at any time in the specified range.

In CDMA, each phone's data has a unique code.

All of the users transmit in the same wide-band chunk of spectrum. Each user's signal is spread over the entire bandwidth by a unique spreading code. At the receiver, that same unique code is used to recover the signal. Because CDMA systems need to put an accurate time-stamp on each piece of a signal, it references the GPS system for this information. Between eight and 10 separate calls can be carried in the same channel space as one analog AMPS call. CDMA technology is the basis for Interim Standard 95 (IS-95) and operates in both the 800-MHz and 1900-MHz frequency bands.

Ideally, TDMA and CDMA are transparent to each other. In practice, high-power CDMA signals raise the noise floor for TDMA receivers, and high-power TDMA signals can cause overloading and jamming of CDMA receivers.

b)        Draw the CDMA based mobile system architecture and explain how it provides reliable basic phone services. Write the benefits of CDMA to users.                                         [9]

a)         Draw CDMA based mobile system architecture and explain, how it provides reliable basic phone services. Write the benefits of CDMA to users.                                                     [9]

f)          Compare and contrast the various 2.5G technology paths that each of the major 2G standards provide. Which path has the highest Internet access speed?                              [4]

Information on CDMA Architecture

A CDMA network consists of the following components:

  Mobile station. The CDMA mobile station (or mobile phone) communicates with other parts of the system through the base-station system.

  Base station (BS). The base station (BS) handles the radio interface to the mobile station. The base station is the radio equipment (transceivers and antennas)

  Base station controller (BSC). The BSC provides the control functions and physical links between the MSC and BTS. It provides functions such as handover, cell configuration data and control of RF power levels in base transceiver stations. A number of BSCs are served by a MSC.

  Mobile switching center (MSC). The MSC performs the telephony switching functions of the system. It also performs such functions as toll ticketing, network interfacing, common channel signalling, and others.

  Home location register (HLR). The HLR database is used for storage and management of subscriptions. The home location register stores permanent data about subscribers, including a subscriber's service profile, location information, and activity status.

  Visitor location register (VLR). The VLR database contains temporary information about subscribers that is needed by the mobile services switching center (MSC) in order to service visiting subscribers. When a mobile station roams into a new mobile services switching center (MSC) area, the visitor location register (VLR) connected to that MSC will request data about the mobile station from the HLR, reducing the need for interrogation of the home location register (HLR).

  Authentication center (AC). The AC provides authentication and encryption parameters that verify the user's identity and ensure the confidentiality of each call. The authentication center (AUC) also protects network operators from fraud.

  Operation and administration (OAM). The OAM is the functional entity from which the network operator monitors and controls the system. The purpose of operation and support system is to offer support for centralized, regional, and local operational and maintenance activities that are required for a CDMA network. 

a)         Using QPSK modulation and convolutional coding, the IS-95 digital cellular systems require 3dB < Sr < 9 dB. The bandwidth of the channel is 1.25 MHz., and the transmission rate is R = 9600 bps. Find the capacity of a single cell IS-95 cell.                 [6]

b)        Using QPSK modulation and convolutional coding, the IS-95 digital cellular systems require 3dB < Sr < 9 dB. The bandwidth of the channel is 1.25 MHz., and the transmission rate is R = 9600 bps. Find the capacity of a single cell IS-95 cell.                 [6]

Mathematical statement

Theorem (Shannon, 1948):

1. For every discrete memoryless channel, the channel capacity
has the following property. For any ε > 0 and R < C, for large enough N, there exists a code of length N and rate ≥ R and a decoding algorithm, such that the maximal probability of block error is ≤ ε.

2. If a probability of bit error pb is acceptable, rates up to R(pb) are achievable, where
and H2(pb) is the binary entropy function
3. For any pb, rates greater than R(pb) are not achievable.