GSM & GPRS
Antti Siitonen
Development manager, MSc (EE) Antti.Siitonen@radiolinja.fi
› T-110.300 Telecommunications architectures
› Lectures on 13.11.2002
› Introduction to GSM & GPRS
Contents
1. Short introduction to mobile telephony / mobile telecommunication 1.1. Radio interface
1.2. Mobility management 1.3. Technology generations 2. GSM
2.1. Architecture overview BSS+NSS 2.2. Mobile handset and SIM
2.3. GSM services
2.4. GSM data enhancements 3. GPRS
3.1. Architecture overview 3.2. GPRS terminals
3.3. GPRS services
Advantages of wireless access
› Speed of deployment and easiness of reconfiguration
› In certain cases cost efficiency
› Independence of wired infrastructure etc..
› BUT THE MAIN ADVANTAGE IS
› MOBILITY
Frequecy spectrum and spectrum allocation
› Who? What band and what bandwidth? What technology?
›
Globally CEPT, Europe ERC» World Radio Conference (WRC) every fourth year
›
Nationally local regulators (Ficora in Finland)› Licenced frequencies
›
Requires licence, typically for operator use» Co-ordination, frequency planning, interference regulation
» Mobile networks, LMDS, Broadcasting TV and radio, links
» T.ex. 3G spectrum allocation 155 MHz (2*60+35) in 2 GHz band
› Unlicenced frequencies
›
Free for all, but within regulated boundaries (maximum power, technology)» WLANs, cordeless phones, DECT, ..
» 2,4 GHz, 5 GHz, 17 GHz, ..
Wireless environment
› Path loss
›
Radio signals decrease exponentially with distance›
The wide range of path loss associated with different radio links results in the Near-Far problems› Shadow Fading and Multipath Fading
›
Blockage of radio paths by buildings and terrain causes shadow fading. Signals may drop 20 to 30 dB by turning a building corner›
Radio signal received from different paths may destructively combine and result in multipath fading›
In broadband systems the delay spread caused by multipath propagation may result in inter symbol interference› Traffic loading
›
Mobile speed and users density are elusive in natureMultiple access methods
›
FDMA – Frequency Division Multiple Access (NMT, TACS, AMPS)› One frequency per user
› Filtering!
›
CDMA – Code DivisionMultiple Access (IS-95, UMTS)
› Same frequency, same timeslots, but different codes
› Power Control!
›
TDMA – Time Division Multiple Access(GSM, D-AMPS, PDC)
› Same frequency, different timeslots
› Timing advance!
Picture: Ericsson
Mobility management
› Status of the mobile (on/off) - pageing
› Location of the mobile - Location update
› Moving mobile
›
Change the active cell - handover (handoff)» Network optimization
» Movement prediction
›
Change the active operator - roaming» Typically when crossing the country border
Handover
1. Call in progress cell 1 2. Signal cell 2 for handover
3. Switch to cell 2 = handover complete
cell 2 cell 1
›
BSCSoft handover
›
1. Call in progress cell 1 2. Cell 2 has good signal strength3. Call in progress cell 1 and cell 2 = soft handover cell 2 cell 1
Satellite GSM + Evolution
- GPRS (2000)
(General Packet Radio Service)
- EDGE (2002)
(Enhanced Development for GSM Evolution)
Universal Mobile
Telecommunication Service
= UMTS (> 2002)
Wireless systems in general
kBit/s
Coverage area
Room House Campus City Country Continent
10 100 1000 10 000
Wireless Local Area Networks
= WLANs (Available)
Broadband Fixed Wireless Access (Available)
100 000 F
U T U R E S Y S T E M S
( >2003) B
L U E T O O T H
SCOPE
1G, 2G, 3G…….
1980 1990 2000 2010 2020
1 G
• Analog
• Voice services
• ARP, NMT, AMPS,
TACS 3 G
• Advanced digital
• Voice, medium speed data, multi- media messaging
• Convergence of wireless and internet
• IMT 2000 = UMTS, CDMA2000
Beyond 3 G (4G)
• Voice over IP
• High speed data, real-time multimedia services
2 G
• Digital
• Voice, messaging and low speed data services
• GSM (TDMA), cdma one (IS-41), D-AMPS (TDMA), PDC (TDMA)
GSM
›
1982 Group Special Mobile was established by CEPT›
1987 Air interface TDMA was chosen as access method and InitialMemorandum of Understanding was signed by telecom operators (from 12 countries)
›
1989 GSM specification responsibility is passed to ETSI›
1990 GSM First Phase specification›
1991 First commercial GSM service (Global System for Mobile Communications)›
1992 More operators signed the MoU›
1995 GSM Second Phase specification› check http://www.gsmworld.com/
GSM radio technology basics
›Frequency bands
› GSM400
» 450.4 - 457.6 MHz paired with 460.4 - 467.6 MHz or 478.8 - 486 MHz paired with 488.8 - 496 MHz
› GSM900
» 880 - 915 MHz paired with 925 - 960 MHz
› GSM1800
» 1710 - 1785 MHz paired with 1805 - 1880 MHz
› GSM1900
» 1850 - 1910 MHz paired with 1930 - 1990 MHz
›Multiple access method
› TDMA
›Modulation
› GMSK
›Radio transmitted power (Mobile Station)
› 1 W Handset on GSM1800, 2 W Handset on GSM900, 8W Fixed installation (Car)
›Channels per carrier
› 8 timeslots
›Channel bit rate
› 22,8 kbit/s
PLMN Architecture overview
BTS BSC BTS
MS + SIM
TRAU
MSC
HLR
EIR
BSS
BSS
BSS
MSC area
BTS
MSC area
MSC area
MSC area
HLR
HLR
VLR
Customer care &
Billing system
Base station subsystem
› BTS = Base Transceiver Station
›
Radio-related tasks, Air interface›
Standard configuration (cell size 300 m - 35 km)›
Umbrella configuration›
Sectorized configuration› BSC = Base Station Controller
›
Controls several BTSs and takes care of all central functions of BSS› TRAU = Transcoding Rate and Adaptation unit
›
Bitrate adaptation and voice coding/decoding› OSS = Operation and support subsystem (also for NSS)
Network switching subsystem
› MSC = Mobile-Services Switching Center
›
Basically ISDN telephone exchange + mobility modifications» Modifications: BSS channel assignments and inter-MSC handover
›
Gateway MSCs interface other networks› HLR = Home Location Register / Authentication Center (AuC)
›
Database for subscriber identity - Home›
AuC provides triplets for authentication and ciphering› VLR = Visitor Location Register
›
Database for temporary subscriber identity - Visited›
Integrated into each MSC› EIR = Equipment Identity Register
›
GSM phone IMEI register (Lists: White, Black, Gray)Mobile Station
› Voice encoding Voice decoding
› Channel encoding Channel decoding
› Interleaving De-interleaving
› Burst generation Re-formatting
› Ciphering Deciphering
› Modulation Demodulation
› Amplifier Receiver
filter + Antenna
› Burned in IMEI = Individual Moblie Station Equipment Identity
› Central processor, clock and tone, internal bus system, keyboard
› SIM interface
SIM
› Subscriber Identity Module
› Data storage and algorithm executions
›
Memory 8 kB / 16kB / 32 kB /64 kB›
Administrative data: PIN/PUK, SIM service table..›
Security related data: Algorithms A3 and A8, Ki, Kc, CKSN›
Subscriber data: IMSI (International mobile subscriber identity = code for VLR and HLR), MSISDN, Access control classes›
Roaming data: TMSI (Temporary MSI), NCCs (Network Color Codes)›
PLMN data: Network identifier and home network frequenciesGSM authentication and ciphering
- Algorithms A3, A5/X ja A8 . Algorithms are secret.
- SIM parameters:
Parameter Need:
Algorithms A3 ja A8 (mandatory, fixed) Authentication, Key Kc calculation Key Ki (individual) (mandatory, fixed) Unique key, stored in SIM+HLR
Key Kc (cipher) (mandatory, changeable) Result of A8 algorithm, calculated from Ki and RAND CKSN (mandatory, changeable) Ciphering key sequence number, referred to Kc
- Ciphering:MS has at least A5/1 and A5/2 (There are seven different ciphering
algorithms, MS informs the network of it´s capabilities). Cipher is only for air interface.
- Note! Ciphering is optional!
- Network parameters:
› Every subscription has unique Ki stored in HLR
› AuC provides authentication triples. For one user five triplets may be generated at one time. HLR forwards triplets to VLR. VLR negotiates authentication and ciphering with MS
› Triplet:
» Signed Response (SRES), Random Number (RAND) and Kc
GSM authentication process
Network challenges the user. User must prove to have correct identity.
BTS BSC
VLR
MSC
AuC/HLR
2. Terminal (SIM) - Receives RAND
- A3(Ki&RAND) = SRES - Returns SRES to VLR
3. VLR compares SRES 1. Triplet to VLR - Key Kc
- RAND
- A3(Ki&RAND) = SRES
GSM ciphering process
BTS BSC
VLR
MSC
AuC/HLR
2. Cipher key A8(Ki&RAND)=Kc
3. VLR provides BTS information of chosen A5/x algorithm and key Kc
4. BTS transfers the information to MS 5. Traffic is ciphered and deciphered in 114 bit sequences
1. Cipher key A8(Ki&RAND) =Kc
GSM Services
› Bearer services: Bit transmission, 3,1 kHz voice, sync./async.data
› Voice
›
Full Rate codec 13 kbit/s (+ 9,8 kbit/s for error correction)›
Enhanced Full Rate codec 13 kbit/s (+ 9,8 kbit/s for error correction)›
Half Rate codec 6,5 kbit/s (+ 4,9 kbit/s for error correction)› Emergency call
› Suplementary services: Call forwarding, Calling line identity..
› Fax
›
9,6 kbit/s Fax› Data
›
9,6 kbit/s transparent data (no error correction)›
9,6 kbit/s non-transparent data (with error correction)GSM Services (cont.)
› Voice mail
›
Answering machine type of service. Colocated with MSC› SMS
›
The initial SMS Center may be simply a voice mail platform module or alternatively a standalone SMS Center. It is not possible to make the Short Message Service available without an SMS Center since all short messages pass through the SMS Center.› SMS Mobile terminate
›
Often SMS Mobile Terminate Services are offered along with voice mail notifications.› SMS Mobile originate
›
True two-way SMS capability.Value added services (examples)
› Mainly SMS based services
›
Edited content for SMS›
Ringtones›
Logos and picture messages›
CHAT›
Payment methods› Menu driven SMS applications
›
Sim Application Toolkit (STK) - set of tools possible to implement applications and menus executed on the SIM card› Wireless Application Protocol WAP
›
Attemp to standardize mobile applications›
Optimized for wireless networks (not only for GSM)Operator service offering
› Operators
›
Typically Network and Service operators are same corporation›
Pure service operators have entered during last years› Subscriptions for different needs
›
Business use, Private use, Pure data› Basic services without extra subscription
›
Call waiting, hold, group call, SMS, Calling line identity, Roaming, data› Premium services
›
Voice mail, SMS-service packets, Billing limits, Mobile E-mail, MMS ..Data in GSM-network
Internet
ISP (access server)
GSM-network PSTN
BS
MSC
Connection time 5-30 s
Data rate 9.6 kbit/s
Poor user interface for
data applications
Time based billing
Circuit switched connection
- features and restrictions
GSM data development
› Basic GSM data:
›
Connections to any modem service›
9,6 Kbit/s data rate› Enhancements:
›
ISDN type connection - faster connection time›
V.42bis compression - 4:1 basic text compression (limited)›
HSCSD - High Speed Circuit Switched Data» Non transparent: 1-4 time slot per MS - up to 38,4 kbit/s - dynamic allocation of channels
» Transparent: Up to 8 time slots per MS - static allocation of channels
›
14,4 kbit/s channel coding» Less bits for error correction if signal is good enough
» Can be combined to HSCSD and/or V.42bis
New service requirements
› Location Related Services
›
Can be implemented to the current architecture» Still no established way to implement (Oct. 2001)
›
Different methods give different accuracy› Need for packet based mobile data?
›
Asymmetric traffic» WAP-services
» Internet services: Web browsing
›
Multiple Services with Variable Bit Rates›
Multi-Session and “Always On” Features›
Variable QoS Requirementstime traffic
Traffic in mobile network
08:00 17:00
›
GSMnetwork is planned for circuit switched voice services›
”Rush hour” is the capacity planning keyWWW browsing traffic
Rate
(kbit/s)uplink downlink
14.4 4.8% 19.5%
28.8 3.9% 20%
64 3.0% 11.7%
Rate
(kbit/s)uplink downlink
14.4 4.8% 19.5%
28.8 3.9% 20%
64 3.0% 11.7%
- Measured usage rate on a circuit switched* data connection**
* GSM and HSCSD are circuit switched
* measurements are made during six days on may 1999 from the Kolumbus ISP’s access server
aika
Typical downlink traffic
Home page... Reading... WWW download...
Reading...
GPRS uses channel only when there is traffic
» Resources are availbe for other users when there is no traffic
Data traffic
No traffic
GPRS Data rates - Link layer
9,05 kbps
13,4 kbps
15,6 kbps
21,4 kbps CS-1
CS-2
CS-3
CS-4
1-8 channel
171,2 kbps in theory
Practical data rate is 10 - 40 kbit/s
GPRS Reference network architecture
Gf
Gi
Gn Gb
D Gc
Gp Gs
Signalling and Data Transfer Interface Signalling Interface
MSC/VLR
MS BSS PDN TE
Um
Gr
HLR
Other GPRS Nw SGSN
GGSN
GGSN
EIR A
BSS=Base Station Subsystem, GGSN=Gateway GPRS Support Node, HLR=Home Location Register, MS=Mobile Station,
MSC=Mobile Switching Centre, SGSN=Serving GPRS Support Node, PDN=Packet Data Network, VLR=Visitor Location Register
GPRS Network architecture
BTS
SGSN GGSN
BSC MSC/VLR HLR
IP Network
X.25 Network Backbone
Network IP MS
GPRS updates to GSM network
Element Software Hardware
MS Upgrade required Upgrade required
BTS Upgrade required No change
BSC Upgrade required PCU Interface
TRAU No change No change
MSC/VLR Upgrade required No change
HLR Upgrade required No change
SGSN New New
GGSN New New
SGSN = Serving GPRS Support Node
› Authentication, Authorization
› GTP tunneling to GGSN
› Ciphering and compression
› Mobility management
› Session management
› Interaction with HLR, MSC/VLR
› Collects charging and statistics information about data network usage
› Interfaces towards OSS (Operation and Management)
GGSN = Gateway GPRS Support Node
› Interfaces external data networks
›
Internet, Intranets, Operator ISP network› Encapsulates end user data in GTP packets
› Routes mobile originated packets to right destination
› Filters end user traffic
› Collects charging and statistics information about data network
usage
RL service network WAP GW
Internet
RL ISP External WAP GW or ISP
GPRS- connections
GPRS
GSM
HLR (GSM&GPRS)
GGSN APN= internet
APN= wap
APN= yritys.fi SGSN
soittosarja
Corporate network
WAP GW
APN = Access Point Name (Logical Name)
Connection protocol stack
Relay
Network Service
GTP Application
IP / X.25 SNDCP
LLC RLC MAC GSM RF
SNDCP LLC BSSGP
L1bis RLC
MAC GSM RF
BSSGP
L1bis Relay
L2 L1 IP
L2 L1 IP GTP IP / X.25
Um Gb Gn Gi
MS BSS SGSN GGSN
Network Service
UDP / TCP UDP /
TCP
BSSGP=BSS GPRS Protocol, GTP=GPRS Tunneling Protocol, LLC=Logical Link Protocol, MAC=Medium Access Control, GSMRF=GSM Radio Physical Layer, SNDCP=Subnetwork Dependent Convergence, UDP=User Datagram Protocol, TCP=Transmission Control Protocol
GPRS phases
›
Phase 1›
Point-to-Point packet service›
CS1 and CS2 channel coding›
Internal interfaces›
Flexible radio resource allocation, I.e. Multiple users per timeslot and multiple timeslots per user›
Support for Class B and C Mobiles›
GPRS Charging (packet based billing)›
IP and X.25 packet data networks›
Static and dynamic IP address allocation›
Authentication and Ciphering›
Phase 2›
Enhanced QoS support›
Access to ISP and Intranets›
GPRS prepaid›
Group call›
Point to multipoint servicesGPRS roaming
› International Roaming Experts Group (IREG) Proposal
›
Roaming traffic will be carried over central managed hierarchical Roaming Network where commonly agreed policies are followed›
GPRS Roaming Exchange (GRX) at least in every continent; some cases thre could be many GRX’s in one country›
Every Roaming Operator will have connection to GRX using some of the following methods» Layer 1 connection (Leased Line, fibre, etc.)
» Layer 2 logical connection (ATM/Frame Relay, etc)
» Layer 3 IP VPN connection over public IP Network (IPsec tunnel)
›
Connection will carry BGP routing (Border Gateway)›
Public addressing in GPRS backbone networksRoaming network
BTS
FW
BSC
Home network Home network Visited network Visited network
FW Visited
Network BB
BG
BTS
SGSN DNS
GGSN
Inter-operator BB
Home
BB GGSN
DNS SGSN
Internet BSC
• Border Gateway
• Inter-operator Backbone
BG
Three categories of terminals
› Class A
›
simultaneous circuit switched and packet connection› Class B
›
both circuit and packed switched connectionspossible but not at the same time
› Class C
›
only packet switched or circuit switched connectionDifferent capabilities
› Terminals are typically asymmetric
› Receiving is more simple than sending
› Full duplex radio
› Tx Rx
› 1 + 1
Ch› 1 + 2
Ch› 1 + 4
Ch› 2 + 2
ChGPRS-terminal types and service usage GPRS-terminal types and service usage
Card phone+
Notebook
PDA WAP
Smart phone
EDGE
› Enhanced Data rates for Global (GSM) Evolution
›
Modulation update: from GMSK to 8-PSK›
In theory modulation efficiency will be tripled›
In practice the maximum bit rate increases from GPRS’s 171,2 kbit/s up to 384 kbit/s› Needs new radio interface & terminals
› Transport network needs to be also upgraded
› Currently EDGE deployments are mainly going on in USA
GSM
capable systems
IMT-2000
capable systems Functionality
& bitrate
Time Speech
Circuit data
HSCSD
GPRS
WCDMA EDGE
Summary and conclusion
GSM-based network evolution
GSMGSM
HSCSD HSCSD
GPRSGPRS
EDGEEDGE UMTSUMTS
1997 1998 1999 2000 2001 2002 2003
Non-UMTS