GSM

1
GSM

• Mohamed Mokdad
• Ecole dIngénieurs de Bienne

2
Agenda

• GSM
• Architecture, Interface,
• Enhancements
• HSCSD
• GPRS
• SIM
• Architecture
• Protocoles

3
Why GSM in 1982?

• Good subjective speech quality
• Low terminal and service cost
• Support for international roaming
• Ability to support handheld terminals
• Support for range of new services and facilities
• Spectral efficiency
• ISDN compatibility

4
Phased GSM Approach 1

• GSM Phase 1 features
• Call Forwarding
• All Calls
• No Answer
• Engaged
• Unreachable
• Call Barring
• Outgoing - Bar certain outgoing calls (e.g. ISD)
• Incoming - Bar certain incoming calls (Useful if
  in another country)
• Global roaming - Visit any other country with GSM
  and a roaming agreement and use your phone and
  existing number

5
Phased GSM Approach 2

• GSM Phase 2 features
• SMS - Short Message Service - Allows you to send
  text messages too and from phones
• Multi Party Calling - Talk to five other parties
  as well as yourself at the same time
• Call Holding - Place a call on Hold
• Call Waiting - Notifies you of another call
  whilst on a call
• Mobile Data Services - Allows handsets to
  communicate with computers
• Mobile Fax Service - Allows handsets to send,
  retrieve and receive faxes
• Calling Line Identity Service - This facility
  allows you to see the telephone number of the
  incoming caller on our handset before answering
• Advice of Charge - Allows you to keep track of
  call costs
• Cell Broadcast - Allows you to subscribe to local
  news channels
• Mobile Terminating Fax - Another number you are
  issued with that receives faxes that you can then
  download to the nearest fax machine.

6
Phased GSM Approach 3

• GSM Phase 2 features
• Available by 1998
• Upgrade and improvements to existing services
• Majority of the upgrade concerns data
  transmission, including bearer services and
  packet switched data at 64 kbps and above
• DECT access to GSM
• PMR/Public Access Mobile Radio (PAMR)-like
  capabilities
• GSM in the local loop
• Virtual Private Networks
• Packet Radio
• SIM enhancements
• Premium rate services (e.g. Stock prices sent to
  your phone)

7
GSM UMTS numbering
8
Phased GSM Approach 3

• GSM-R
• Future Railway control platform
• UMTS
• In the context of IMT 2000 families
• Releases 4, 5 and 6
• Each release is a complete setand a system can
  be build on it

9
GSM Evolution review
10
Reference Configuration
ISDN/PSTN
11
Cellular System

• The geographic area is divided into cells
• Each cell has a Base Station managing the
  communications
• A set of cells managed by a single MSC is called
  Location Area

land link
VLR
MSC
HLR
land link
VLR
MSC
Base Station
Radio link
MSC Mobile Switching Center VLR Visitor Location
Register HLR Home Location Register
12
GSM Architecture
PLMN
Databases
NSS Network and Switching Subsystem EIR Equipment
Identity Register AuC Authentication Center GMSC
Gateway MSC BSS Base Station System BSC Base
Station Controller BTS Base Transceiver
Station MS Mobile Station SSP Service Switching
Point
HLR
VLR
VLR
EIR
AuC
PSTN
MSC
MSC
GMSC
SSP
NSS
Switches
SSP
BSC
BSS
BSS
MS
BTS
Radio Systems
13
The GSM Interfaces 1
Um
S
R
BS/MSC
MT0
BS/MSC
MT1
TE1
BS/MSC
MT1
TA
TE2
BS/MSC
MT2
TE2
14
The GSM Interfaces 2
B, C, D, E, F, G, H et I to HLR, VLR, MCS,
15
The GSM Interfaces 3
16
GSM Radio Interface

• Spectrum
• 900 MHz (and 1800 MHz)
• 890-915 MHz Uplink - 935-960 MHz Downlink
• FDMA
• 124 carriers under 900 MHz
• TDMA
• 8 Time Slots per carrier
• 1 (physical) channel per Time Slot
• 1 channel 1 communication 15/26 ms

17
GSM Radio Interface bis
0
1
2
3
4
5
6
7
123
0
1
2
3
4
5
6
7
122
0
1
2
3
4
5
6
7
3
0
1
2
3
4
5
6
7
1
0
1
2
3
4
5
6
7
0
18
E.g. 2G Mobile telephony Spectrum
19
Channels Logical Physical
20
Les canaux GSM
21
Logical control channels

• Broadcast Control CHannel (BCCH)downlink only,
  used to broadcast Cell specific information
• Synchronization CHannel (SCH)downlink only, used
  to broadcast synchronization and BSS
  identification information
• Paging CHannel (PCH)downlink only, used to send
  page requests to Mobile Stations
• Random Access CHannel (RACH)uplink only, used to
  request a Dedicated Control CHannel
• Access Grant CHannel (AGCH)downlink only, used
  to allocate a Dedicated Control CHANNEL
• Stand Alone Dedicated Control CHannel
  (SDCCH)bi-directional
• Fast Associated Control CHannel
  (FACCH)bi-directional, associated with a Traffic
  CHannel
• Slow Associated Control CHannel
  (SACCH)bi-directional, associated with a SDCCH
  or a Traffic CHannel
• Cell Broadcast CHannel (CBCH)downlink only used
  for general (not point to point) short message
  information.

22
GSM Frames

• Hyperframes
• i.e. 2048 Superframes
• Superframes
• 1326 frames
• i.e. 51 x 26 Multiframes for signalling
• i.e. 26 x 51 Multiframes for traffic
• Multiframes
• i.e 51 TDMA frames for signalling channels
• i.e. 24 TDMA frames for traffic channels 2

23
(No Transcript)
24
Speech Coding
25
GSM Speech Coding

• 8 bit samples
• i.e. 256 values
• _at_ 8 kHz sampling rate
• Implies 64 kbps
• i.e. Normal ISDN
• Then Compressed
• i.e. 13 kbps FR (Full Rate Coding)

26
GSM Speech Coding
27
GSM Layers

• Layer 1
• Enables physical transmission (TDMA, FDMA, etc.)
• Assessment of channel quality
• Layer 2
• Multiplexing of 1 or more layer 2 connections
• Routing, flow control, a.o.
• Layer 3
• Connection management (air interface)
• Management of location data
• Subscriber identification

28
Layer 3

• Radio resource management
• Cell Selection, Handover, etc.
• Mobility management
• Authentication, Location management, etc.
• Connection management
• Call control
• Supplementary service support
• Short message service support

29
System overview

• Logical control channels
• BCCH, SCH,
• Sub Layers
• Sublayer resource management
• Sublayer mobility management and
• Sublayer connection management
• Procedures
• Messages format

30
Sublayers in layer 3

• Sublayer radio resource mgmt - RR
• Radio Resource management procedures
• Establish, maintain release R connections
• Cell selection/reselection and the handover
• Sublayer mobility management - MM
• Management of the radio interface (Um)
• In cooperation with RR
• Sublayer connection management - CC
• Call control (CC) protocol

31
sublayers layers

• Supplementary Services - SS
• Short Message Service - SMS
• SIM manager - SIM

32
Sublayer RR

• Idle mode
• MS available ready for signalling (e.g. paging)
• BSS sends system information (e.g. cell info)
• Establishment release of RR connection
• Physical point-to-point bi-directional
• RR connection transfer
• RR connected mode
• Automatic cell reselection
• Indication of temporary unavailability

33
RR Messages

• Channel establishment messages
• ADDITIONAL ASSIGNMENT
• IMMEDIATE ASSIGNMENT
• IMMEDIATE ASSIGNMENT EXTENDED
• IMMEDIATE ASSIGNMENT REJECT
• Handover messages
• ASSIGNMENT COMMAND
• ASSIGNMENT COMPLETE
• ASSIGNMENT FAILURE
• HANDOVER ACCESS
• HANDOVER COMMAND
• HANDOVER COMPLETE
• HANDOVER FAILURE
• PHYSICAL INFORMATION

• Ciphering messages
• CIPHERING MODE COMMAND
• CIPHERING MODE COMPLETE
• Channel release messages
• CHANNEL RELEASE
• PARTIAL RELEASE
• PARTIAL RELEASE COMPLETE
• Paging messages
• PAGING REQUEST TYPE 1
• PAGING REQUEST TYPE 2
• PAGING REQUEST TYPE 3
• PAGING RESPONSE

34
Sublayer MM

• MM common procedures
• TMSI reallocation procedure
• Temporary Mobile Subscriber Identity
• MM specific procedures
• IMSI attach procedure
• International Mobile Subscriber Identity
• Location updating
• Authentication, Ciphering

35
MM Messages

• Registration messages
• IMSI DETACH INDICATION
• LOCATION UPDATING ACCEPT
• LOCATION UPDATING REJECT
• LOCATION UPDATING REQUEST
• Security messages
• AUTHENTICATION REJECT
• AUTHENTICATION REQUEST
• AUTHENTICATION RESPONSE
• IDENTITY REQUEST
• IDENTITY RESPONSE
• TMSI REALLOCATION COMMAND
• TMSI REALLOCATION COMPLETE

• Connection management messages
• CM SERVICE ACCEPT
• CM SERVICE REJECT
• CM SERVICE ABORT
• CM SERVICE REQUEST
• CM RE-ESTABLISHMENT REQUEST
• ABORT
• Miscellaneous message
• MM STATUS

36
Sublayer CC

• Call establishment procedures
• From MS or Network
• Signalling procedures during active state
• Notifications connection rearrangement
• Call clearing
• Call release
• Miscellaneous procedures
• In-band tones and announcements

37
CC messages

• Call establishment messages
• ALERTING
• CALL CONFIRMED
• CALL PROCEEDING
• CONNECT
• CONNECT ACKNOWLEDGE
• EMERGENCY SETUP
• PROGRESS
• SETUP
• Call information phase messages
• MODIFY
• MODIFY COMPLETE
• MODIFY REJECT
• USER INFORMATION
• Call clearing messages
• DISCONNECT
• RELEASE
• RELEASE COMPLETE

• Messages for supplementary service control
• FACILITY
• HOLD
• HOLD ACKNOWLEDGE
• HOLD REJECT
• RETRIEVE
• RETRIEVE ACKNOWLEDGE
• RETRIEVE REJECT
• Miscellaneous messages
• CONGESTION CONTROL
• NOTIFY
• START DTMF
• START DTMF ACKNOWLEDGE
• START DTMF REJECT
• STATUS
• STATUS ENQUIRY
• STOP DTMF
• STOP DTMF ACKNOWLEDGE

38
E.g. the IEs in Alerting

• IEI Information element Type / Reference Presence
  Format Length
• Call control Protocol discriminator M V ½
• protocol discriminator (RR, MM, CM)
• Transaction identifier Transaction identifier
  M V ½
• (Voir norme)
• Alerting Message type M V 1
• message type (Ciphering, Handover)
• 1C Facility Facility O TLV 2-?
• 10.5.4.15
• 1E Progress indicator Progress indicator O
  TLV 4
• 10.5.4.21
• 7E User-user User-user O TLV 3-35
• 10.5.4.25

39
Some indications

• Protocol discriminator
• 0 0 1 1 Call Control call related SS messages
• 0 1 0 1 Mobility Management messages
• 0 1 1 0 Radio Resource management messages
• Presence
• Mandatory
• Optional
• Format
• T Type only
• V Value only
• TV Type and Value
• LV Length and Value
• TLV Type, Length and Value

40
CC IEs

• 0 Type 3 4 info elements
  
• 0 0 0 0 1 0 0 Bearer capability
• 0 0 0 1 0 0 0 Cause
• 0 0 1 0 1 0 0 Note
• 0 0 1 0 1 0 1 Call Control Capabilities
• 0 0 1 1 1 0 0 Facility
• 0 0 1 1 1 1 0 Progress indicator
• 0 1 0 1 1 0 0 Keypad facility
• 0 1 1 0 1 0 0 Signal
• 1 0 0 1 1 0 0 Connected number
• 1 0 0 1 1 0 1 Connected subaddress
• 1 0 1 1 1 0 1 Calling party subad
• 1 0 1 1 1 1 0 Called party BCD number
  
• 1 1 0 1 1 0 1 Called party subad
• 1 1 1 1 1 0 0 Low layer compatibility
• 1 1 1 1 1 0 1 High layer compatibility
• 1 1 1 1 1 1 0 User-user
• 1 1 1 1 1 1 1 SS version indicator

41
Capability IEs

• Bearer capability
• Synchronous
• V.110, X.30
• Low layer compatibility
• Unrestricted digital information transfer
• 3.1 kHz audio
• High layer compatibility
• Telephony
• Facsimile G2/G3

42
Incoming GSM Call
2
43
Where is the cellular phone?

• Handset Switched ON gt "here I am"
• Location update
• The radio station relays the information to the
  nearest exchange The VLR
• The VLR updates the HLR
• This way, the home exchange always knows where
  the phone is
• The telephone number of the cellularphone
  indicates the home exchage.
• The handy works with a provision number

44
Roaming ( Handover)

• Roaming is the ability to use your own GSM phone
  number in another GSM network.
• A roaming agreement is a business agreement
  between two network operators to transfer items
  such as call charges and subscription information
  back and forth, as their subscribers roam into
  each others areas.

45
Location Based Services
46
GPRS - HSCSD

• Mohamed Mokdad
• Ecole dIngénieurs de Bienne

47
HSCSD
High Speed Circuit Switched Data
48
GPRS
Global Packet Radio Service
49
GPRS time slots
50
Coding schemes
51
GPRS Architecture
52
GPRS VPN Tunneling
To Access Point Name
53
GPRS the components
Serving GPRS Support Node
Gatway GPRS Support Node
GPRS Tunneling Protocol
54
The GTP Tunnel
55
E.g. http Encapsulation
Overhead of 88 bytes !!!
56
GPRS

• Data Transmission Speeds
• The supported data transmission speed per channel
  is 13.4Kbits. Depending on the type of phone, the
  following data transmission speeds are
  theoretically possible
• Type 21 Receive 26.8Kbits send 13.4Kbits.
• Type 31 Receive 40.2Kbits send 13.4Kbits.
• Type 41 Receive 53.6Kbits send 13.4Kbits

57
GPRS vs HSCSD

• Stay connected all the time ()
• Higher Transfer Speed ()
• IP Support ()
• APN (-)
• Access Point Name
• GPRS can be only connected to the ISP
• GPRS WAP
• Much confortable (Speed Connection)

58
HSCSD vs GPRS / services
Function HSCSD GPRS
Moving images
Audio streaming
Fax transmission -
E-mail transmission
Telemetry
Internet WAP browsing
59
Is GSM Data-Ready?

• SMS (Short Message Services)
• 160 ASCII characters
• Direct IP (starting with 9.6 kbps)
• bypass PSTN
• 14.4 kbps per time slot
• new channel coding
• GPRS (General Packet Radio Services)
• packet mode
• fractional multiple time slots (0.8 to 128
  kbps)
• HSCSD (High-Speed Circuit Switch Data)
• 38.4 kbps (4 time slots)
• Yes, the technology is ready and it can (and
  will) be improved

60
Evolution of GSM

• EDGE (Enhanced Data rate for GSM Evolution)
• 2.5 G
• new modulation scheme but still 200kHz
• 384 kbps is the maximum data rate
• designed for service providers that may or may
  not migrate to UMTS
• UMTS (Universal Mobile Telecommunications
  Systems)
• 3G
• 384 kbps for wide-area coverage
• 2 Mbps for local coverage
• WCDMA (wideband CDMA) (BW5MHz _at_ 2GHz)
• Adopted by Europe and Japan

61
EDGE modulations
Channel Coding Scheme Modulation Slot Combinations Slot Combinations Slot Combinations
Channel Coding Scheme Modulation 1 Slot 4 Slots 8 Slots
MCS1 GMSK 8.8 kb/s 35.2 kb/s 70.4 kb/s
MCS4 GMSK 17.6 kb/s 70.4 kb/s 140.8 kb/s
MCS5 8PSK 22.4 kb/s 89.6 kb/s 179.2 kb/s
MCS9 8PSK 59.2 kb/s 236.8 kb/s 473.6 kb/s
62
SIM Card

• Mohamed Mokdad
• Ecole dIngénieurs de Bienne

63
SIM Smart Card ?
64
Smart Card Pinout
65
SPI Clock and Data
Clock
Data
66
SIM Content

• User ID
• IMSI, Ki, PINs, PUKs, etc
• Phone Book
• SMS
• A3/A8 Algorithm
• Challenge response application
• Other info
• Directory structure

67
SIM and Handy
68
Instructions format

• CLAINSP1P2P3
• Verify CHV (PIN)
• A0 20 00 00 08
• 67 00 Incorrect parameter P3
• 00 20
• Run GSM A38 Algorithm
• A0 88 00 00 10
• 67 00 Incorrect parameter P3
• 00 88

69
Stack
Application
APIs
e.g. Symbian
Hardware