290 likes | 567 Views
GSM Continued. GSM Burst Format. Each time slot is 577us. They are (in this order) Trailing bits (3 bits) Data (57 bits) Flag (1 bit) Training sequence (26 bits) Data (57 bits) Flag (1 bit) Trailing bits (3 bits) Guard Period (8.25bit). GSM Bursts . In addition,
E N D
GSM Burst Format • Each time slot is 577us. They are (in this order) • Trailing bits (3 bits) • Data (57 bits) • Flag (1 bit) • Training sequence (26 bits) • Data (57 bits) • Flag (1 bit) • Trailing bits (3 bits) • Guard Period (8.25bit)
GSM Bursts • In addition, • Frequency Correction Burst • Synchronization Burst • Random Access burst
GSM Channels • Traffic Channels (TCH) • Control Channels (CCH) • Common Control Channels (CCCH) • Paging Channel (PCH): Used by the BTS to inform the MS about an incoming call. Broadcast channel. • Random Access Channel (RACH): Used by the MS for call establishment. Shared by all MS in cell. Slotted-ALOHA random access. • Access Grant Channel (AGCH): Used to indicate the slot assignment.
GSM Channels • Control Channels (CCH) • Dedicated Control Channels (DCCH): Used to control individual MS • Standalone Dedicated Control Channel (SDCCH) : Two-way channel assigned to each MS for keeping track of movement and call establishment. Certain slots periodically. About 2Kbps per MS. • Slow Associated Control Channel (SACCH): Two-way channel assigned to a TCH or SDCCH. Used to report parameters, such as signal power, to maintain the link. • Fast Associated Control Channel (FACCH) : Two-way channel used to support fast transitions when SACCH is not adequate. FACCH steals the TCH.
GSM Channels • Control Channels (CCH) • Broadcast Channels (BCH). Used to broadcast information to the MSs in the cell • Frequency Correction Channel (FCCH) and Synchronization Channel (SCH): Keep the MS synchronized • Broadcast Control Channel (BCCH): provides information such as cell ID, available services, … Can also be used to keep track of signal strength for handoff
Management of GSM • Mobile System (MS) • Mobile Equipment (ME) • Subscriber Identity Module (SIM) • Base Station Subsystem • Base Transceiver Station (BTS) • In charge of physical communication in the air. Has 1 to 16 transceivers • Base Station Controller (BSC) • Controls hundreds of BTS • Network Switching Subsystem • Mobile Switching Center (MSC) • Typical MSC supports up to 100,000 mobiles and 5000 simultaneous calls • MSC are connected with each other. • Gateway MSC connects the GSM system to external networks, e.g. PSTN. • Each MSC controls at least one Base Station System (BSS) • Visitor’s Location Register (VLR) • Home Location Register (HLR). • Authentication Center (AuC). Holds different algorithms for authentication and encryption. • Operations and maintenance center (OMC)
HLR and VLR • HLR: database of all cellphones permanently registered in the system. Stores • The address of the VLR currently associated with the phone • Encryption keys for data transmission and user authentication • Service type • … • VLR: Each MSC connects to a VLR. The VLR is a data base with the information about cellphones temporarily located in the area served by particular MSC.
ME and SIM • ME, has the IMEI (International Mobile Equipment Identity) • SIM card, has • Ki: Subscriber Authentication Key. 128 bit key shared by the subscriber and the operator. Stored in the SIM card and the HLR • PIN: to protect the SIM card • IMSI: International Mobile Subscriber Identity • TMSI: Temporary Mobile Subscriber Identity. To prevent eavesdropping, TMSI is used instead of IMSI. IMSI is used as rarely as possible. TMSI is randomly generated by the VLR. • MSISDN: Mobile Station International Service Digital Network • LAI: Location Area Identification
GSM Security • When a mobile station needs to be authenticated, • The operator generates a random number, RAND (128 bit), and sends to the MS. • The MS and the operator both runs an algorithm, called the A3 algorithm, with Ki as the key, to produce SRES (32 bit) from RAND • The MS sends the SRES to the operator, and if SRES matches the operator’s SRES, consider passed authentication • RAND is passed to an algorithm called A8 as input with Ki as the key, to produce Kc (64 bit). Done by both the MS and the operator • Kc becomes the key for the A5 algorithm. A5 is a stream cipher for encrypting the data.
GSM Registration (simplified) • When an MS needs registration (first turned on, found the current cell has a different ID) • MS sends Channel Request to BSC • BSC replies with Activation Response • MS sends Activation ACK • BSC assigns a channel to process registration • MS sends Location Update Request to MSC • MSC replies with Authentication Request • MS replies with Authentication Response • MSC checks the authentication • MSC assigns TMSI to MS • MS sends ACK for TMSI • MSC updates VLR and HLR • BSC informs the MS to release the channel for registration
GSM Call Flow (Simplified) • When the MS wishes to make a phone call • User enters the phone number and presses the “send” button. • To set up the phone call, the MS needs to send information to the MSC. The MS sends “Radio Resource Channel Request” to the associated BSS on the Random Access Channel (RACH) according to ALOHA The phone then waits to hear from the BSS at the Access Grant Channel (AGCH). • The BSS allocates a Traffic Channel (TCH), including the frequency and time slot, and broadcast it in the AGCH. It also contains information about time and frequency corrections. • The MS applies the corrections and tune to the assigned TCH. • MSC checks whether the MS is authenticated. • The BSS enables ciphering with the phone. At this step the connection has been set up between the MS and MSC. The BSS just forwards the message. • The MS sends a connection set up request to the MSC with the called phone number. The MSC connects to the PSTN and allocates the voice communication channel between the BSS. • Make the conversation. • User presses the “end” button. The MSC releases the voice channel with the BSS. The MSC informs the PTSN about the call release and the PTSN will inform the call has been released on its end. MSC informs the MS then releases the TCH.
home Mobile Switching Center Mobile Switching Center home MSC consults HLR, gets roaming number of mobile in visited network call routed to home network home MSC sets up 2nd leg of call to MSC in visited network VLR HLR 1 4 2 3 MSC in visited network completes call through base station to mobile GSM: indirect routing to mobile home network correspondent Public switched telephone network mobile user visited network
Handoff goal: route call via new base station (without interruption) reasons for handoff: stronger signal to/from new BSS (continuing connectivity, less battery drain) load balance: free up channel in current BSS GSM doesn’t mandate why to perform handoff (policy), only how (mechanism) handoff initiated by old BSS Mobile Switching Center VLR GSM: handoff with common MSC new routing old routing old BSS new BSS
Mobile Switching Center 1 3 2 4 5 6 7 8 VLR GSM: handoff with common MSC 1. old BSS informs MSC of impending handoff, provides list of 1+ new BSSs 2. MSC sets up path (allocates resources) to new BSS 3. new BSS allocates radio channel for use by mobile 4. new BSS signals MSC, old BSS: ready 5. old BSS tells mobile: perform handoff to new BSS 6. mobile, new BSS signal to activate new channel 7. mobile signals via new BSS to MSC: handoff complete. MSC reroutes call 8 MSC-old-BSS resources released old BSS new BSS
General Packet Radio Service (GPRS) • General Packet Radio Service • Supports data service. • Use the same physical link between the network and the MS • An MS maybe assigned with 1 or multiple time slots in a channel • The number of time slot in uplink and downlink may be different • Special network infrastructure added to support data traffic • Serving GRPS Supporting Node (SGSN): a router serves a group of BSCs. Send and receive packets from the MS. • Gateway GRPS Supporting Node (GGSN): interface to the Internet. Maintains routing information related to the MS, such that given an IP packet, it knows which SGSN to forward to.
GRPS • Multiple Access • Users are assigned frequency channels and time slots. • Packets are constant length, determined by the GSM slot. • Downlink: first come first served • Uplink: Slotted ALOHA for reserving, dynamic TDMA for data transmission
Reading • http://liny.csie.nctu.edu.tw/ch09A4.pdf • http://www.hackcanada.com/blackcrawl/cell/gsm/gsm-secur/gsm-secur.html • http://www.eventhelix.com/realtimemantra/Telecom/GSM_Originating_Call_Flow.pdf
3G Overview • Use CDMA. • Generally, 3G will have a much better support for data services. The numbers are different depending on the versions, but it will be about at least one order of magnitude higher than GRPS. • Defines an air interface and maybe combined with the GSM/GRPS core network • There are competing standards: • W-CDMA • CDMA2000 • …
CDMA Review • Users assigned different code, also called chip sequence • A data bit is multiplied with the chip sequence, to spread the baseband bandwidth to a much larger bandwidth • The codes for different users are orthogonal
Power Control in CDMA Schemes • The signal received at the base station are from multiple users at the same frequency • If one user is transmitting at a high power, other users signal will be overshadowed • CDMA schemes has to limit the transmitting power of the MS • The BS may measure the signal strength and send instructions to the MS about increasing or decreasing the transmitting power.
W-CDMA • Key features include • Radio channels 5MHz wide, both uplink and downlink • Chip rate 3.84Mcps • Frame length 10ms • Adaptive power control updated 1500 times per second • Cells not synchronized (synchronized in CDMA2000)
Orthogonal variable spreading factor (OVSF) • W-CDMA uses Orthogonal variable spreading factor (OVSF) to provide different data rates to different users • The idea is that users may be assigned with codes of different lengths, but still orthogonal to each other. • Because code length are different, a user assigned a shorter code will have a higher data rate
OVSF • Generation of OVSF code based on a simple binary tree • Start with the root node {1}. • A node has two children. The upper and lower. If the node as code C, the upper child is assigned code CC, and the lower child is assigned CC’ (C’ means inverting every bit in C). • Repeat. • Two codes are orthogonal as long as no one is the prefix of the other • A major issue is how to assign codes
HSDPA • Adaptive modulation and coding (AMC) • Depending on the channel state, send at different data rates. • Use lower data rate if channel is weak • In wireless LAN, the rate adaptation
High-Speed Downlink Packet Access (HSDPA) • Hybrid automatic repeat-request (HARQ) • When a data packet is received and found to be corrupted, the receiver does not simply discard it, but saves it and combines it with the retransmissions • When a packet is corrupted, the sender does not send the packet again, it sends some parity checking bits • AMC is coarse grained, HARQ is fine grained
HSDPA • Fast packet scheduling • Each user transmits to the base station the signal quality • The base station determines which user to send to for the next 2ms • Send to users with stronger channels • May send to multiple users simultaneously with the channelization code • Must also ensure fairness
Readings • http://www.ericsson.com/technology/whitepapers/innovations_in_wcdma.pdf