Development manager, MSc (EE) Antti.Siitonen@radiolinja.fi

GSM & GPRS

Antti Siitonen

Development manager, MSc (EE) Antti.Siitonen@radiolinja.fi

› T-110.300 Telecommunications architectures

› Lectures on 13.11.2002

› Introduction to GSM & GPRS

Contents

1. Short introduction to mobile telephony / mobile telecommunication 1.1. Radio interface

1.2. Mobility management 1.3. Technology generations 2. GSM

2.1. Architecture overview BSS+NSS 2.2. Mobile handset and SIM

2.3. GSM services

2.4. GSM data enhancements 3. GPRS

3.1. Architecture overview 3.2. GPRS terminals

3.3. GPRS services

Advantages of wireless access

› Speed of deployment and easiness of reconfiguration

› In certain cases cost efficiency

› Independence of wired infrastructure etc..

› BUT THE MAIN ADVANTAGE IS

› ^MOBILITY

Frequecy spectrum and spectrum allocation

› Who? What band and what bandwidth? What technology?

›

Globally CEPT, Europe ERC

» World Radio Conference (WRC) every fourth year

›

Nationally local regulators (Ficora in Finland)

› Licenced frequencies

›

Requires licence, typically for operator use

» Co-ordination, frequency planning, interference regulation

» Mobile networks, LMDS, Broadcasting TV and radio, links

» T.ex. 3G spectrum allocation 155 MHz (2*60+35) in 2 GHz band

› Unlicenced frequencies

›

Free for all, but within regulated boundaries (maximum power, technology)

» WLANs, cordeless phones, DECT, ..

» 2,4 GHz, 5 GHz, 17 GHz, ..

Wireless environment

› Path loss

›

Radio signals decrease exponentially with distance

›

The wide range of path loss associated with different radio links results in the Near-Far problems

› Shadow Fading and Multipath Fading

›

Blockage of radio paths by buildings and terrain causes shadow fading. Signals may drop 20 to 30 dB by turning a building corner

›

Radio signal received from different paths may destructively combine and result in multipath fading

›

In broadband systems the delay spread caused by multipath propagation may result in inter symbol interference

› Traffic loading

›

Mobile speed and users density are elusive in nature

Multiple access methods

›

FDMA – Frequency Division Multiple Access (NMT, TACS, AMPS)

› One frequency per user

› Filtering!

›

^CDMA – Code Division

Multiple Access (IS-95, UMTS)

› Same frequency, same timeslots, but different codes

› Power Control!

›

TDMA – Time Division Multiple Access

(GSM, D-AMPS, PDC)

› Same frequency, different timeslots

› Timing advance!

Picture: Ericsson

Mobility management

› Status of the mobile (on/off) - pageing

› Location of the mobile - Location update

› Moving mobile

›

Change the active cell - handover (handoff)

» Network optimization

» Movement prediction

›

Change the active operator - roaming

» Typically when crossing the country border

Handover

1. Call in progress cell 1 2. Signal cell 2 for handover

3. Switch to cell 2 = handover complete

cell 2 cell 1

›

^BSC

Soft handover

›

1. Call in progress cell 1 2. Cell 2 has good signal strength

3. Call in progress cell 1 and cell 2 = soft handover cell 2 cell 1

Satellite GSM + Evolution

- GPRS (2000)

(General Packet Radio Service)

- EDGE (2002)

(Enhanced Development for GSM Evolution)

Universal Mobile

Telecommunication Service

= UMTS (> 2002)

Wireless systems in general

kBit/s

Coverage area

Room House Campus City Country Continent

10 100 1000 10 000

Wireless Local Area Networks

= WLANs (Available)

Broadband Fixed Wireless Access (Available)

100 000 F

U T U R E S Y S T E M S

( >2003) B

L U E T O O T H

SCOPE

1G, 2G, 3G…….

1980 1990 2000 2010 2020

1 G

• Analog

• Voice services

• ARP, NMT, AMPS,

TACS 3 G

• Advanced digital

• Voice, medium speed data, multi- media messaging

• Convergence of wireless and internet

• IMT 2000 = UMTS, CDMA2000

Beyond 3 G (4G)

• Voice over IP

• High speed data, real-time multimedia services

2 G

• Digital

• Voice, messaging and low speed data services

• GSM (TDMA), cdma one (IS-41), D-AMPS (TDMA), PDC (TDMA)

GSM

›

1982 Group Special Mobile was established by CEPT

›

1987 Air interface TDMA was chosen as access method and Initial

Memorandum of Understanding was signed by telecom operators (from 12 countries)

›

1989 GSM specification responsibility is passed to ETSI

›

1990 GSM First Phase specification

›

1991 First commercial GSM service (Global System for Mobile Communications)

›

1992 More operators signed the MoU

›

1995 GSM Second Phase specification

› check http://www.gsmworld.com/

GSM radio technology basics

›Frequency bands

› GSM400

» 450.4 - 457.6 MHz paired with 460.4 - 467.6 MHz or 478.8 - 486 MHz paired with 488.8 - 496 MHz

› GSM900

» 880 - 915 MHz paired with 925 - 960 MHz

› GSM1800

» 1710 - 1785 MHz paired with 1805 - 1880 MHz

› GSM1900

» 1850 - 1910 MHz paired with 1930 - 1990 MHz

›Multiple access method

› TDMA

›Modulation

› GMSK

›Radio transmitted power (Mobile Station)

› 1 W Handset on GSM1800, 2 W Handset on GSM900, 8W Fixed installation (Car)

›Channels per carrier

› 8 timeslots

›Channel bit rate

› 22,8 kbit/s

PLMN Architecture overview

BTS BSC BTS

MS + SIM

TRAU

MSC

HLR

EIR

BSS

BSS

BSS

MSC area

BTS

MSC area

MSC area

MSC area

HLR

HLR

VLR

Customer care &

Billing system

Base station subsystem

› BTS = Base Transceiver Station

›

Radio-related tasks, Air interface

›

Standard configuration (cell size 300 m - 35 km)

›

Umbrella configuration

›

Sectorized configuration

› BSC = Base Station Controller

›

Controls several BTSs and takes care of all central functions of BSS

› TRAU = Transcoding Rate and Adaptation unit

›

Bitrate adaptation and voice coding/decoding

› OSS = Operation and support subsystem (also for NSS)

Network switching subsystem

› MSC = Mobile-Services Switching Center

›

Basically ISDN telephone exchange + mobility modifications

» Modifications: BSS channel assignments and inter-MSC handover

›

Gateway MSCs interface other networks

› HLR = Home Location Register / Authentication Center (AuC)

›

Database for subscriber identity - Home

›

AuC provides triplets for authentication and ciphering

› VLR = Visitor Location Register

›

Database for temporary subscriber identity - Visited

›

Integrated into each MSC

› EIR = Equipment Identity Register

›

GSM phone IMEI register (Lists: White, Black, Gray)

Mobile Station

› Voice encoding Voice decoding

› Channel encoding Channel decoding

› Interleaving De-interleaving

› Burst generation Re-formatting

› Ciphering Deciphering

› Modulation Demodulation

› Amplifier Receiver

filter + Antenna

› Burned in IMEI = Individual Moblie Station Equipment Identity

› Central processor, clock and tone, internal bus system, keyboard

› SIM interface

SIM

› Subscriber Identity Module

› Data storage and algorithm executions

›

Memory 8 kB / 16kB / 32 kB /64 kB

›

Administrative data: PIN/PUK, SIM service table..

›

Security related data: Algorithms A3 and A8, Ki, Kc, CKSN

›

Subscriber data: IMSI (International mobile subscriber identity = code for VLR and HLR), MSISDN, Access control classes

›

Roaming data: TMSI (Temporary MSI), NCCs (Network Color Codes)

›

PLMN data: Network identifier and home network frequencies

GSM authentication and ciphering

- Algorithms A3, A5/X ja A8 . Algorithms are secret.

- SIM parameters:

Parameter Need:

Algorithms A3 ja A8 (mandatory, fixed) Authentication, Key Kc calculation Key Ki (individual) (mandatory, fixed) Unique key, stored in SIM+HLR

Key Kc (cipher) (mandatory, changeable) Result of A8 algorithm, calculated from Ki and RAND CKSN (mandatory, changeable) Ciphering key sequence number, referred to Kc

- Ciphering:MS has at least A5/1 and A5/2 (There are seven different ciphering

algorithms, MS informs the network of it´s capabilities). Cipher is only for air interface.

- Note! Ciphering is optional!

- Network parameters:

› Every subscription has unique Ki stored in HLR

› AuC provides authentication triples. For one user five triplets may be generated at one time. HLR forwards triplets to VLR. VLR negotiates authentication and ciphering with MS

› Triplet:

» Signed Response (SRES), Random Number (RAND) and Kc

GSM authentication process

Network challenges the user. User must prove to have correct identity.

BTS BSC

VLR

MSC

AuC/HLR

2. Terminal (SIM) - Receives RAND

- A3(Ki&RAND) = SRES - Returns SRES to VLR

3. VLR compares SRES 1. Triplet to VLR - Key Kc

- RAND

- A3(Ki&RAND) = SRES

GSM ciphering process

BTS BSC

VLR

MSC

AuC/HLR

2. Cipher key A8(Ki&RAND)=Kc

3. VLR provides BTS information of chosen A5/x algorithm and key Kc

4. BTS transfers the information to MS 5. Traffic is ciphered and deciphered in 114 bit sequences

1. Cipher key A8(Ki&RAND) =Kc

GSM Services

› Bearer services: Bit transmission, 3,1 kHz voice, sync./async.data

› Voice

›

Full Rate codec 13 kbit/s (+ 9,8 kbit/s for error correction)

›

Enhanced Full Rate codec 13 kbit/s (+ 9,8 kbit/s for error correction)

›

Half Rate codec 6,5 kbit/s (+ 4,9 kbit/s for error correction)

› Emergency call

› Suplementary services: Call forwarding, Calling line identity..

› Fax

›

9,6 kbit/s Fax

› Data

›

9,6 kbit/s transparent data (no error correction)

›

9,6 kbit/s non-transparent data (with error correction)

GSM Services (cont.)

› Voice mail

›

Answering machine type of service. Colocated with MSC

› SMS

›

The initial SMS Center may be simply a voice mail platform module or alternatively a standalone SMS Center. It is not possible to make the Short Message Service available without an SMS Center since all short messages pass through the SMS Center.

› SMS Mobile terminate

›

Often SMS Mobile Terminate Services are offered along with voice mail notifications.

› SMS Mobile originate

›

True two-way SMS capability.

Value added services (examples)

› Mainly SMS based services

›

Edited content for SMS

›

^Ringtones

›

Logos and picture messages

›

CHAT

›

Payment methods

› Menu driven SMS applications

›

Sim Application Toolkit (STK) - set of tools possible to implement applications and menus executed on the SIM card

› Wireless Application Protocol WAP

›

Attemp to standardize mobile applications

›

Optimized for wireless networks (not only for GSM)

Operator service offering

› Operators

›

Typically Network and Service operators are same corporation

›

Pure service operators have entered during last years

› Subscriptions for different needs

›

Business use, Private use, Pure data

› Basic services without extra subscription

›

Call waiting, hold, group call, SMS, Calling line identity, Roaming, data

› Premium services

›

Voice mail, SMS-service packets, Billing limits, Mobile E-mail, MMS ..

Data in GSM-network

Internet

ISP (access server)

GSM-network PSTN

BS

MSC

Connection time 5-30 s

Data rate 9.6 kbit/s

Poor user interface for

data applications

Time based billing

Circuit switched connection

- features and restrictions

GSM data development

› Basic GSM data:

›

Connections to any modem service

›

9,6 Kbit/s data rate

› Enhancements:

›

ISDN type connection - faster connection time

›

V.42bis compression - 4:1 basic text compression (limited)

›

HSCSD - High Speed Circuit Switched Data

» Non transparent: 1-4 time slot per MS - up to 38,4 kbit/s - dynamic allocation of channels

» Transparent: Up to 8 time slots per MS - static allocation of channels

›

14,4 kbit/s channel coding

» Less bits for error correction if signal is good enough

» Can be combined to HSCSD and/or V.42bis

New service requirements

› Location Related Services

›

Can be implemented to the current architecture

» Still no established way to implement (Oct. 2001)

›

Different methods give different accuracy

› Need for packet based mobile data?

›

Asymmetric traffic

» WAP-services

» Internet services: Web browsing

›

Multiple Services with Variable Bit Rates

›

Multi-Session and “Always On” Features

›

Variable QoS Requirements

time traffic

Traffic in mobile network

08:00 17:00

›

GSMnetwork is planned for circuit switched voice services

›

”Rush hour” is the capacity planning key

WWW browsing traffic

Rate

^(kbit/s)

uplink downlink

14.4 4.8% 19.5%

28.8 3.9% 20%

64 3.0% 11.7%

Rate

^(kbit/s)

uplink downlink

14.4 4.8% 19.5%

28.8 3.9% 20%

64 3.0% 11.7%

- Measured usage rate on a circuit switched* data connection**

* GSM and HSCSD are circuit switched

* measurements are made during six days on may 1999 from the Kolumbus ISP’s access server

aika

Typical downlink traffic

Home page... Reading... WWW download...

Reading...

GPRS uses channel only when there is traffic

» Resources are availbe for other users when there is no traffic

Data traffic

No traffic

GPRS Data rates - Link layer

9,05 kbps

13,4 kbps

15,6 kbps

21,4 kbps CS-1

CS-2

CS-3

CS-4

1-8 channel

171,2 kbps in theory

Practical data rate is 10 - 40 kbit/s

GPRS Reference network architecture

Gf

Gi

Gn Gb

D Gc

Gp Gs

Signalling and Data Transfer Interface Signalling Interface

MSC/VLR

MS BSS PDN TE

Um

Gr

HLR

Other GPRS Nw SGSN

GGSN

GGSN

EIR A

BSS=Base Station Subsystem, GGSN=Gateway GPRS Support Node, HLR=Home Location Register, MS=Mobile Station,

MSC=Mobile Switching Centre, SGSN=Serving GPRS Support Node, PDN=Packet Data Network, VLR=Visitor Location Register

GPRS Network architecture

BTS

SGSN GGSN

BSC MSC/VLR HLR

IP Network

X.25 Network Backbone

Network IP MS

GPRS updates to GSM network

Element Software Hardware

MS Upgrade required Upgrade required

BTS Upgrade required No change

BSC Upgrade required PCU Interface

TRAU No change No change

MSC/VLR Upgrade required No change

HLR Upgrade required No change

SGSN New New

GGSN New New

SGSN = Serving GPRS Support Node

› Authentication, Authorization

› GTP tunneling to GGSN

› Ciphering and compression

› Mobility management

› Session management

› Interaction with HLR, MSC/VLR

› Collects charging and statistics information about data network usage

› Interfaces towards OSS (Operation and Management)

GGSN = Gateway GPRS Support Node

› Interfaces external data networks

›

Internet, Intranets, Operator ISP network

› Encapsulates end user data in GTP packets

› Routes mobile originated packets to right destination

› Filters end user traffic

› Collects charging and statistics information about data network

usage

RL service network WAP GW

Internet

RL ISP External WAP GW or ISP

GPRS- connections

GPRS

GSM

HLR (GSM&GPRS)

GGSN APN= internet

APN= wap

APN= yritys.fi SGSN

soittosarja

Corporate network

WAP GW

APN = Access Point Name (Logical Name)

Connection protocol stack

Relay

Network Service

GTP Application

IP / X.25 SNDCP

LLC RLC MAC GSM RF

SNDCP LLC BSSGP

L1bis RLC

MAC GSM RF

BSSGP

L1bis Relay

L2 L1 IP

L2 L1 IP GTP IP / X.25

Um Gb Gn Gi

MS BSS SGSN GGSN

Network Service

UDP / TCP UDP /

TCP

BSSGP=BSS GPRS Protocol, GTP=GPRS Tunneling Protocol, LLC=Logical Link Protocol, MAC=Medium Access Control, GSMRF=GSM Radio Physical Layer, SNDCP=Subnetwork Dependent Convergence, UDP=User Datagram Protocol, TCP=Transmission Control Protocol

GPRS phases

›

^{Phase 1}

›

Point-to-Point packet service

›

CS1 and CS2 channel coding

›

Internal interfaces

›

Flexible radio resource allocation, I.e. Multiple users per timeslot and multiple timeslots per user

›

Support for Class B and C Mobiles

›

GPRS Charging (packet based billing)

›

IP and X.25 packet data networks

›

Static and dynamic IP address allocation

›

Authentication and Ciphering

›

^{Phase 2}

›

Enhanced QoS support

›

Access to ISP and Intranets

›

GPRS prepaid

›

Group call

›

Point to multipoint services

GPRS roaming

› International Roaming Experts Group (IREG) Proposal

›

Roaming traffic will be carried over central managed hierarchical Roaming Network where commonly agreed policies are followed

›

GPRS Roaming Exchange (GRX) at least in every continent; some cases thre could be many GRX’s in one country

›

Every Roaming Operator will have connection to GRX using some of the following methods

» Layer 1 connection (Leased Line, fibre, etc.)

» Layer 2 logical connection (ATM/Frame Relay, etc)

» Layer 3 IP VPN connection over public IP Network (IPsec tunnel)

›

Connection will carry BGP routing (Border Gateway)

›

Public addressing in GPRS backbone networks

Roaming network

BTS

FW

BSC

Home network Home network Visited network Visited network

FW Visited

Network BB

BG

BTS

SGSN DNS

GGSN

Inter-operator BB

Home

BB GGSN

DNS SGSN

Internet BSC

• Border Gateway

• Inter-operator Backbone

BG

Three categories of terminals

› Class A

›

simultaneous circuit switched and packet connection

› Class B

›

both circuit and packed switched connections

possible but not at the same time

› Class C

›

only packet switched or circuit switched connection

Different capabilities

› Terminals are typically asymmetric

› Receiving is more simple than sending

› Full duplex radio

› Tx Rx

› 1 + 1

Ch

› ^{1 + 2}

^Ch

› 1 + 4

Ch

› 2 + 2

Ch

GPRS-terminal types and service usage GPRS-terminal types and service usage

Card phone+

Notebook

PDA WAP

Smart phone

EDGE

› Enhanced Data rates for Global (GSM) Evolution

›

Modulation update: from GMSK to 8-PSK

›

In theory modulation efficiency will be tripled

›

In practice the maximum bit rate increases from GPRS’s 171,2 kbit/s up to 384 kbit/s

› Needs new radio interface & terminals

› Transport network needs to be also upgraded

› Currently EDGE deployments are mainly going on in USA

GSM

capable systems

IMT-2000

capable systems Functionality

& bitrate

Time Speech

Circuit data

HSCSD

GPRS

WCDMA EDGE

Summary and conclusion

GSM-based network evolution

GSMGSM

HSCSD HSCSD

GPRSGPRS

EDGEEDGE UMTSUMTS

1997 1998 1999 2000 2001 2002 2003

Non-UMTS

For those who are interested to know more

Literature beyond course material:

› Yi-Bing Lin, Imric Chlamtac: ”Wireless and Mobile Network Architectures”

› Christoffer Andersson: ”GPRS and 3G Wireless Applications:

Professional Developer’s Guide”

› Timo Halonen, Javier Romero, Juan Melero: ” GSM, GPRS and EDGE Performance: Evolution Toward 3G/UMTS”

Internet:

http://www.3gpp.org/

http://www.cs.hut.fi/~hhk/GPRS/gprs_index.html

http://www.google.com/ J