Beruflich Dokumente
Kultur Dokumente
- GSM Introduction
- CDMA Overview
- GPRS Introduction
- UMTS Introduction
Transmission Principles 2
GSM PLMN 3
Sub-sections
Procedures 4
GSM Introduction
Radio Interface 5
Appindex 6
GSM Introduction
Sub-section reference
Introduction
Introduction
Introduction
Contents
1 History 2
2 GSM 15
3 Current Situation, Market & Trends 27
Introduction Siemens
1 History
Introduction
History
Fig. 1
2
Siemens Introduction
Introduction Siemens
Radio Communications
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether".
l 1873: J.C. Maxwell - electromagnetic wave theory
l 1887: H. Hertz - experimental proof of the existence of electromagnetic waves
l 1895: A. Popow - first receiver with antenna for weather reports
l 1895: G. M. Marconi - first wireless transmission using spark inductor generated
HF waves (Morse code)
l 1897: “Marconi Wireless Telegraphy Company" founded
l 1901: First transatlantic transmission (Marconi)
l 1903: "Deutschen Telefunken GmbH" founded by AEG and Siemens & Halske
l 1906: First speech & sound transmission (Lorenz AG / Deutsche Telefunken
GmbH)
l 1909: First radio broadcast (New York, Caruso)
3
Introduction Siemens
Radio transmission:
1873 Maxwell‘s theory of electromagn. waves
1887 H. Hertz: experimental proof
1895 Marconi: 1st wireless transmission
1901 1st transatlantic transmission
1903 Dt. Telefunken GmbH: AEG, Siemens& Halske
1906 1st speech and sound transmission
1909 1st radio broadcast
1917 1st mobile transmission: radio station - train
Fig. 2
4
Siemens Introduction
Introduction Siemens
Connection Types
There are two principles for radio connections:
Simplex Connection
Simplex connections are a "one-way street" for communication in the form of (mostly
fixed) transmitters and mobile receivers. This has been realized as e.g. (broadcast)
radio and television. But simplex connections are also used for direct communication
exchange i.e. two-way communication using stations which can be used both as a
transmitter and a receiver (e.g. walkie-talkies). However the equipment (transmitting /
receiving stations) cannot transmit and receive simultaneously. The call cycles or call
intervals are determined by prior agreement or personal code words ("over").
Duplex Connections
Duplex connections signify two-way communication. Users can transmit and receive
messages simultaneously. An example of an early duplex connection is radio
telegraphy.
Simplex Connection:
Over transmit or receive
Duplex Connection:
simultaneous
transmission and reception
Fig. 3
5
Siemens Introduction
Introduction Siemens
First Mobile
Services:
• Car telephone service
• Since the late 40‘s
Fig. 4
6
Siemens Introduction
Introduction Siemens
During the 1970s large-scale integrated, electronic applications and the development
of microprocessors made the configuration of more complex systems possible. One
result of this was the development of single-cell transmitter systems with multiple
receiving stations. This made it possible to extend the range of the supply area, i.e.
the operational range of the subscriber because the mobile station's transmitter
power limits the size of the cell in Single Cell Systems. However no increase in
capacity resulted from this.
7
Introduction Siemens
radius
r
Fig. 5
8
Siemens Introduction
Introduction Siemens
Fig. 6
9
Introduction Siemens
Siemens Introduction
Fig. 7
10
Siemens
Introduction Introduction
Siemens
11
Fig. 8
Subscriber [M.]
Introduction
0,01
0,1
1
10
100
1978 B-network
introduction
1980
1982
1984
C-network
Germany
introduction
1986
1988
Year
1990
GSM (D1, D2)
1992 introduction
Germany 1978 - 2000
1996
GSM (E2)
1998 introduction
2000
Siemens
12
Introduction Siemens
Siemens Introduction
13
Introduction Siemens
1G Limitations
¨ Capacity
¨ Quality
¨ Incompatibility
European mobile
communication market
early 90‘s
Fig. 9
14
Introduction Siemens
2 GSM
Introduction
GSM
Global System for
Mobile Communications
Fig. 10
15
Introduction Siemens
Siemens Introduction
16
Introduction Siemens
GSM Milestones
1978 CEPT reserves 2 x 25 MHz in 900 MHz range
1982 CEPT founds "Groupe Special Mobile" GSM
1984-86 Comparison of technical possibilities
Goals: - free roaming
- international accessibility under 1 number (international roaming)
- large network capacity (bandwidth efficiency)
- flexibility ® ISDN
- broad service offering
- security mechanisms
1986 Core of experts meets continuously
1987 Selection of central transmission techniques
Memorandum of Understanding: MoU
1988 ETSI founded
1989 GSM ® Global System for Mobile Communication
1990 GSM900 Standard (phase 1)
1991 DCS1800 adaptation
Trials / "friendly user" operation
1992 Start of commercial operation
1993 Beginning of work on phase 2
1995 Completion of work on phase 2 (GSM900/DCS1800)
Reservation of GSM-R frequencies (ETSI)
1996 PCS1900 adaptation (USA)
Fig. 11
17
Introduction Siemens
Siemens Introduction
l 1997: GSM Phase 2+ Annual Release ‘96: CAMEL Stage 1, ASCI for GSM-R.
DCS1800 / PCS1900 are renamed to GSM1800 / GSM1900. Dual band
equipment for GSM900 / GSM1800; 10 years of MoU: 109 countries; 239
operators; 44 million GSM subscribers; 28 % share of the world market.
l 1998: Phase 2+ Annual Release ‘97: HSCSD, GPRS Stage 1, CAMEL Stage 2,...
08/98: 100 million GSM subscribers in 120 countries; 35 % share of the world
market; GSM is quasi world standard. GSM-R networks in operation. World-wide
servicing through co-operation with mobile satellite systems (IRIDIUM).
l 1999: Phase 2+ Annual Release '98; 250 million subscriber; 130 countries
l 2000: Phase 2+ Annual Release '99: GPRS Stage 2, CAMEL Stage 3, EDGE,
Virtual Home Environment VHE, Adaptive Multirate speech AMR,...GSM Rel. '99
services identical to UMTS Rel. '99 (first UMTS release); 410 million subscriber;
161 countries; approx. 60% of world-market
GSM Milestones
1997 Phase 2+: Annual Release `96
DCS1800 / PCS1900 ® GSM1800 / GSM1900
Dual-band devices
GSM: practical world standard (109 countries/regions; 28 % market share)
1998 Phase 2+: Annual Release `97: GPRS, CAMEL,....
First GSM-R networks
World-wide accessibility using dual mode GSM/IRIDIUM
35 % of world market
1999 Phase 2+: Annual Release ‘98
250 M. subscriber, 130 countries
2000 Phase 2+: Annual Release ‘99: AMR, VHE,... identical to UMTS Rel. ‘99
60% of world market; 410 M. subscriber, 161 countries
Fig. 12
18
Introduction Siemens
Siemens Introduction
19
Introduction Siemens
PSTN
ISDN MSC BSS MS
Series 05:
Series 03: Network Aspects Um Radio
Transmission
Series 09: Series 06:
Network Interworking
Register Speech Coding
Series 10:
Service Interworking Series 067:
Terminal
Series 11: Equipment & Type Approval Specifications Adaptors for MS
Fig. 13
20
Introduction Siemens
Siemens Introduction
GSM Phase 1
The Phase 1 standardization was closed in 1990 for GSM900 and in 1991 for
GSM1800. The implementation of GSM systems Phase 1 comprises all of the most
important prerequisites for digital information transmission. Speech transmission is of
the greatest importance here. Data transmission is also defined by data transmission
rates of 0.3 to 9.6 kbit/s. GSM Phase 1 comprises only a few supplementary services
such as call forwarding and barring.
GSM Phase 2
The Phase 2 standardization work started shortly after completion of Phase 1 and
was closed in 1995. In Phase 2 Supplementary Services comparable to ISDN
(Integrated Services Digital Network) were included in the standard. Technical
improvements have been specified, e.g. the Half Rate Speech. In Phase 2, the
decision on future downward-compatibility with older versions is of high importance.
GSM Phase 2+
GSM Phase 2+ refers to a “smooth” transition in contrast to Phase 2. A new complete
update of the GSM Standard is not planned. Individual topics are discussed
separately and the update is added to the GSM standard in Annual Releases. Main
topics are new Supplementary Services as the ASCI services (Advanced Speech
Call Items). Furthermore, the IN feature Customized Applications for Mobile network
Enhanced Logic CAMEL and Virtual Home Environment VHE are very important.
Especially the introduction of features to achieve higher data rates, i.e. HSCSD (High
Speed Circuit Switched Data), GPRS (General Packet Radio Service) and EDGE
(Enhanced Data rates for the GSM Evolution) has received much attention. GSM
Phase 2+ thus paves the way to 3G (UMTS).
21
Introduction Siemens
Phase 2+
Phase 2 Phase 2
Phase 1 Phase 1 Phase 1
Fig. 14
22
Introduction Siemens
Siemens Introduction
GSM1800 (DCS1800)
As an adaptation of the GSM900 Standard the DCS1800 Standard (Digital Cellular
System) was introduced in 1991. The DCS1800 was a British initiative with the
intention of opening mobile communications to all sections of population as a “mass
market”, especially in urban areas. The GSM1800 has 2 x 75 MHz in the frequency
range around 1800 MHz (1710 - 1785; 1805 - 1880 MHz). In 1997 the designation
DCS1800 was changed to GSM1800 in order to clarify the common standard.
GSM1900 (PCS1900)
The PCS1900 Standard (Public Cellular System) is the American branch of the GSM
Standard since 1995/96 in the frequency range around 1900 MHz. The frequency
range available between 1850 - 1910; 1930 - 1990 MHz in the USA was split up in
1995 and auctioned off to different net-work operators. In 1997 the PCS1900 was
renamed GSM1900 in order to clarify the common standard.
GSM-R (Railway)
For mobile communication of railway operators 2 x 4 MHz in the frequency range of
876 – 880 MHz & 921 – 925 MHz have been reserved.
GSM400
With Rel. '99 the frequency ranges between 450.4 – 457.6 MHz & 460.4 – 467.6 MHz
respectively the ranges (of former 1G systems) between 478.8 – 486 MHz & 488.8 –
496 MHz are foreseen for GSM400. The GSM400 frequency range enables large
area cells for rural environment.
23
Introduction Siemens
GSM GSM
GSM GSM 1800 1800
900 900
GSM GSM
E-GSM E-GSM 1900 1900
876 880 915 921 925 960 [MHz] 1710 1785 1805 1850 1910 1930 1990 [MHz]
Frequency Range Useable HF Application Area
[MHZ] channels
GSM400 450.4 – 457.6 / 460.4 – 467.6 35 rural environment
478.8 – 486 / 488.8 - 496
GSM900 890 - 915 / 935 - 960 124 Worldwide except
E-GSM 880 - 915 / 925 - 960 174 America
GSM1800 1710 - 1785 / 1805 - 1880 374 Worldwide except
America
GSM1900 1850 - 1910 /1930 - 1990 299 America
GSM-R 876 - 880 / 921 - 925 19 Railway systems
Fig. 15
24
Introduction Siemens
Siemens Introduction
The GSM-PLMN
In the GSM System there must be a distinction between network operator, provider of
telecommunication services, supplier of terminal equipment and manufacturer of
network components. Especially the sale of telecommunication services and terminal
equipment differs from the conventional fixed network and mobile communication
network of the first generation, in which state-owned network operators, service
providers and equipment suppliers usually form a monopoly. In GSM the actual
network operator often transfers services to private providers who supply the
services to the mobile subscribers under different conditions. With the wide range of
products there is also great competition in the field of mobile equipment as well as of
mobile communication network components which should force further technical
development and keep the prices down.
25
Introduction Siemens
GSM-PLMN Example:
(Public Land Mobile Network) Germany
D1
Telekom
Competition concept:
different network operators, D2
providers and manufacturers Mannesmann
Eplus
E2
Viag Intercom
Fig. 16
26
Introduction Siemens
Introduction
1000
100
10
0,1
0,01
1980
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
Current Situation,
Market & Trends
Fig. 17
27
Introduction Siemens
Siemens Introduction
Overview: Systems/Standards
At the time there is a wide spectrum of mobile communication systems of the first and
second generation along with the GSM Standard and its adaptations. Important
examples include:
l Paging Systems
l Cordless Telephone
l Wireless Local Loop
l Private Mobile Radio
l Cellular Mobile Systems
l Mobile Satellite Systems
28
Introduction Siemens
analogue digital
Current paging systems paging systems
e.g. Citycall e.g. ERMES
Mobile
Communication
analogue cordless digital cordless
Systems telephone systems telephone systems
e.g. CT1, CT1+ e.g. DECT, PACS, PHP
digital
analogue
satellite systems
satellite systems
e.g. IRIDIUM, ICO,
e.g. INMARSAT
Globalstar
1G 2G
Fig. 18
29
Introduction Siemens
Siemens Introduction
1G Systems
C450: closed 12/2000
TACS (Total Access Communications System): closed 2001.
NMT (Nordic Mobile Telephone): closed 2001.
AMPS (Advanced Mobile Phone Service): The AMPS system was introduced in 1979
in the USA. The system, operated in the frequency range of 800 MHz, was the most
successful mobile radio system in the world until 1997. It still has an increasing
number of subscribers, because of its large coverage in the USA. 12/2000, more than
75 million AMPS subscribers were registered.
2G Systems
GSM (Global System for Mobile Communications): The GSM Standard was
adopted as the first digital mobile communication standard, as planned since the
early 80s. Commercial operation started in 1992. This led to the world-wide use of
GSM net-works, which were originally planned for the European system, in more than
120 countries and regions. GSM uses a hybrid solution of FDMA and TDMA as an
access technique. GSM used currently 900 / 1800 /1900 frequency ranges.
D-AMPS (Digital Advanced Mobile Phone System): The D-AMPS was conceived
as a supplementary system to the successful analogue AMPS in the USA and
Canada. The commercial start was 1991/92. D-AMPS as IS-136 standard is based
on a combined FDMA/TDMA access technique. It shares the 800 MHz range with
AMPS (824 - 849; 869 - 894 MHz). It expanded to the 1900 MHz range in 1995.
Multimode / multiband equipment is used for AMPS/D-AMPS.
PDC (Personal Digital Cellular): With the influence of D-AMPS, PDC (originally
called JDC - Japanese Digital Cellular) was standardized for the Japanese market.
The commercial start was 1993/94. A combined FDMA/TDMA procedure, similarly to
the D-AMPS, is used as an access procedure. Mobile stations transmit at the higher
frequency with PDC, in contrast to all other systems. Frequencies around 900 MHz
(810 - 826; 940 - 956 MHz) & 1500 MHz (1429 - 1453; 1477 - 1501 MHz) are used.
IS-95 CDMA IS-95 CDMA was developed in the early 90s based on CDMA spread
spectrum digital technology and was declared IS-95 standard in 1993. The
commercial start was 1995/96. IS-95 CDMA networks are emerging world-wide with
emphasis on North America and Eastern Asia. Frequencies in the 800 MHz and 1900
MHz range are used world-wide, and also in the 1700 MHz range in Korea.
30
Introduction Siemens
Cellular Systems
First generation:
C450
NMT - Nordic Mobile Telephone
TACS - Total Access Communications System
AMPS - Advanced Mobile Phone System
Second generation:
GSM D-AMPS PDC IS-95
Start 1992 1991/92 1993/94 1995
Coverage worldwide especially Japan especially USA,
USA, Canada Canada, Eastern
Asia
Frequency 900 / 1800 / 800 / 1900 900 / 1500 800 / 1700 (Korea) /
ranges [MHz] 1900 (America) 1900
Multiple TDMA / FDMA TDMA / FDMA TDMA / FDMA CDMA
Access
Speech [kbit/s] 13 / 5.6 7.95 6.7 9.4 / 13
Data (max.) 9.6 4.8 4.8 9.6 / 14.4
[kbit/s] (n•14.4; n = 1...8)
Subscribers ~ 410 million ~ 35 million + ~ 55 million ~ 85 million
(02/2001) 75 million (AMPS)
Fig. 19
31
Introduction Siemens
Siemens Introduction
1G MSS
MARISAT (Maritime Satellite): MARISAT went into operation in 1976 as the first
mobile satellite system, initiated by the USA.
INMARSAT (International Maritime Satellite Organization): INMARSAT is taking a
dominant role in 1G MSS. Founded in 1979, it is used by more than 100 membership
countries. The four INMARSAT (operation) satellites are in a geostationary orbit
(about 36,000 km altitude). With the exception of a the pole caps, a global
transmission to the world is achievable. Digital transmission is via INMARSAT
satellites since 1995., i.e. INMARSAT has turned over to a 2G MSS system
2G MSS
Digital information transmission and a larger number of satellites in lower orbits (LEO
and MEO satellites) allow considerably higher capacity. Several services similar to
those of GSM should be possible. A problem of the 2G systems is the comparable
high price and fast extension of 2G terrestrial networks
l Iridium (closed 2000)
l Globalstar
l ICO
l Ellipso
l ORBCOMM
l Teledesic
l Skybridge
32
Introduction Siemens
MEO
Medium
Earth Orbit
700
Earth - 1,500 km
1G:
LEO MARISAT (USA) since 1976
Low Earth
INMARSAT (International Maritime
Orbit
Satellite Organisation):
• since 1979; > 80 member countries
• 4 GEO satellites;
approx. • global access
36,000 km
GEO 2G:
GEostationary HEO • Iridium, ICO, Globalstar
Orbit High Elliptic • private MSS operator
Orbit • speech- & low data rate services
Fig. 20
33
Introduction Siemens
Siemens Introduction
The introduction of GSM as the first mobile communication standard of the second
(digital) generation allowed an improved transmission quality, a larger offer of
service, various technical / organizational improvements, and a considerably more
efficient use of radio interface resources. A significant increase of capacity and thus
further growth of the mobile communication market became possible. Already shortly
after the start of GSM in 1992, subscriber numbers exceeded the million mark in
many countries. Other digital systems such as IS-95 followed. A development to a
genuine mass market has been evident since the introduction of the second
generation of mobile communications.
34
Introduction Siemens
Subscriber trends:
1980 - 2000
1000
Germany
100
Subscriber [M.]
World
10
0,1
0,01
1980
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
Single cell 1G Year 2G
systems Introduction Introduction
Fig. 21
35
Introduction Siemens
Siemens Introduction
2 5 0 0'
Ro W
2 0 0 0' A s ia / P a c ific
No rth A m e ric a
1 5 0 0' E U 15
Subscriber [M.]
1 0 0 0'
5 0 0'
0'
1995 2000 2005 2 0 10 2015
Year
UMTS Forum
Report #1
Fig. 22
36
Introduction Siemens
Siemens Introduction
Mobile Trends
The mobile radio systems of the second generation have been optimized for speech
transmission. Data transmission is possible, but has previously been considered
secondary. Taking the increasing mobility in the professional world (work outside the
office, telework) into consideration, the need for mobile transmission of data is in-
creasing. Comparatively user-unfriendly terminals (adapter solution) and relatively
low data transmission rates are problems for data transmission of the second
generation of mobile communications. The data rates for GSM are between 0.3 - 9.6
kbit/s, the transmission rates of other cellular standards are comparable or less. The
first mobile satellite systems of the second generation also have only low data
transmission rates (Iridium max. 2.4 kbit/s, Globalstar max. 9.6 kbit/s). These rates
are considerably lower than those of ISDN (64 kbit/s).
A large variety of demands are being placed on future mobile communications. Along
with improved world-wide service, user friendliness and cost reduction, mobile PC
Internet connection with a high data transmission rate is required.
Many of these demands are taken into account in GSM Phase 2+.
In this way bearer services were standardized with transmission rates in order to in-
crease data transmission rates as well as to realize “mobile computing” and access
to the Internet. Data transmission rates can be adapted to the transmission rates of
ISDN and can be increased significantly further (up to more than 100 kit/s) by means
of these bearer services. User friendly equipment and cost-reduced features are also
planned, such as improvements in speech quality and world-wide availability by
means of satellite roaming. Furthermore flexible services adaptable to customer re-
quests and intelligent network services are planned.
37
Introduction Siemens
100 Voice
Requirements:
80 Data • high data rates
• user-friendliness
Traffic [%]
40
GSM Phase 2+
20 • data rates > 100 kbit/s
• mobile computing, Internet
• new, integrating ME
0 • new flexible services + IN
1996 2001 2005 2007 • satellite roaming
• & much more
Source: Year
UMTS Forum
Fig. 23
38
Introduction Siemens
Siemens Introduction
39
Introduction Siemens
Mobile communication
forecast (Europa)
300' Mobile subscriber
(total)
250'
Mobile subscriber
Subscriber [M.]
Fig. 24
40
Introduction Siemens
Siemens Introduction
41
Introduction Siemens
1G
(analog)
2G
(digital)
IMT-2000
Paging Systems, Paging Systems 3G
e.g. City Call e.g. ERMES 1 family of
standards
Cordless Telephone Cordless Telephone for all
e.g. CT1, 1+ e.g. DECT, PACS, PHS • applications
• countries
Wireless
wireless
Local Loops
Telephone cell
WLL
Cellular systems
Cellular systems
e.g. GSM, D-AMPS,
e.g. C450, NMT, AMPS e.g. UMTS, cdma2000, UWC-136
IS-95, PDC
MSS
MSS
e.g. IRIDIUM, ICO,
e.g. INMARSAT
Globalstar
Fig. 25
42
Introduction Siemens
Siemens Introduction
For IMT-2000 the frequency ranges from 1885 - 2025 MHz and from 2110 - 2200
MHz should be reserved (requested by ITU).
UMTS uses in Europe the frequency ranges of 1900 - 1980 MHz, 2010 - 2025 MHz
and 2110 - 2170 MHz.
The frequency ranges of 1980 - 2010 MHz and 2170 - 2200 MHz are reserved for 3G
MSS.
43
Introduction Siemens
Zone 4: Global
Zone 3:
Suburban / Rural
Zone 2:
Urban Zone 1:
Indoor
Pico
MSS Macro Micro Cell
Cell Cell
max.
144 kbit/s 144 kbit/s 384 kbit/s 2048 kbit/s data rate
1980 2010 2170
cellular MSS cellular MSS
1885 2025 2110 2200
1 8 5 0 1 9 0 0 1 9 5 0 2 0 0 0 2 0 5 0 2 1 0 0 2 1 5 0 2 2 0 0 2 2 5 0
Fig. 26
44
Chapter 2
Transmission Principles
Transmission Principles
Transmission Principles
Contents
Transmission Principles
Fig. 1
2
Transmission Principles Siemens
3
Transmission Principles Siemens
PLMN Fixed
Mobile Um Public Land Mobile Network network
Air Interface
terminal device
PSTN
BSS Public Switched
Base Station Telephone Network
Subsystem
NSS
Network Switching
BSS Subsystem
ISDN
Base Station Integrated Services
MS Subsystem
control/switching of Digital Network
Mobile mobile services
Station
BSS
Base Station PDN
Subsystem Public Data
Network
Fig. 2
4
Transmission Principles Siemens
Mobile Components
Mobile components are the Mobile Stations MS which transmit the users speech and
data to the PLMN. The Mobile Station MS consist of:
l ME: Mobile Equipment,
l SIM: Subscriber Identification Module,
The MS is not necessarily the termination point for the users data transmission. A
Terminal Equipment TE, e.g. laptop, fax machine,... can be connected to the MS for
final data handling.
5
Transmission Principles Siemens
Mobile Components
MS = ME + SIM
SIM
Subscriber Identification Module
Fig. 3
6
Transmission Principles Siemens
7
Transmission Principles Siemens
Principle:
Principle:
• Many cells (BTS)
• Full coverage r = cell radius
• Partial overlap of cells Solution: (cell parameter)
• Distribution of frequency resources
• Only a few frequencies per cell
• Frequency re-use
re-use distance
for HF channel frequency
cell,
radio cell
re-use distance
for
HF channel frequency
Fig. 4
8
Transmission Principles Siemens
Cluster
A certain minimum distance must be maintained between cells using the same
frequencies in order to prevent interference or at least keep it to a bare minimum.
This minimum distance, the so-called frequency re-use distance, depends on the
concrete network planning and corresponds to approximately 4 times the cell radius.
On this principle, the available channels can be divided e.g. into 7 parts and
distributed over the PLMN area in such a way that each cell contains one of these 7
sets of frequency channels. The minimum area in which the whole range of HF
channels is used is described as a cluster. Planning a concrete network implies that
the population/traffic density, the topography of the area to be supplied, etc. must be
taken into account. This network planning is an extremely difficult process; there is
special network planning software for this purpose.
Fig. 5
9
Transmission Principles Siemens
Cell Coverage
l Omni Cells: The BTS is equipped with omni-directional antennae and serves a
360° angle.
l Sector Cells: The BTS supplies the cells with directional antennae. The cell shape
is a circular segment. Sectors of e.g. 180° or 120° are covered.
10
Transmission Principles Siemens
35 km
GSM900 (100 km) omni cell 360°
(extended cell)
GSM1800 8 km cell 2
180°
sector cells 180° 180°
cell 1
Hierarchical Cellular Concept:
• Macro cells: min. 500 m
120° 120°
• Micro cells: some 100 m
• Pico cells: some 10 m 120° cell 3 cell 1
speed-dependent allocation sector cells
120°
cell 2
Fig. 6
11
Transmission Principles Siemens
Roaming
A further innovation of the cellular system was so called Roaming. This means that a
subscriber can move freely within the PLMN and remain reachable on a single
personal telephone number anywhere in this area. With GSM this concept of roaming
can be expanded to the international area (international roaming). A subscriber
whose home PLMN has a roaming agreement with other countries' GSM-PLMNs can
also be reached in these PLMNs (Visited PLMN - VPLMN) without dialing the
corresponding VPLMNs code; calls can also be made from that VPLMN. A
prerequisite is of course that subscriber’s authorization for international roaming.
Handover
In cellular networks, it is not necessary for the subscriber to have his call interrupted
when changing from one cell's service area to the area of a surrounding cell, as long
as the cell areas overlap. This overlapping should be guaranteed with good planning.
If the MS can receive better supply from another cell than the one currently in use
during a call, the MS connection will be diverted to the relevant cell. This procedure
designed for system quality maintenance ideally takes place without the user being
able to notice and is known as handover.
12
Transmission Principles Siemens
MS BS
Handover
BS
Location Update:
• Location Area: most precise location information
stored in the network
• Location Registration: initial registration
• Location Update: update of registration
Fig. 7
13
Transmission Principles Siemens
Transmission Principles
UL DL
Duplex FDMA
transmission
FDD TDD
Multiple
Access
TDMA CDMA
Duplex Transmission
& Multiple Access
Fig. 8
14
Transmission Principles Siemens
FDD
Frequency Uplink UL
Division Duplex
Duplex distance
Downlink DL
UL / DL
separated by
frequency ! Base Station BS Mobile Station MS
frequency f
T
Same
TDD MS transmit receive transmit receive frequency
Time UL DL UL DL
UL / DL
Division separated by
Duplex BS receive transmit receive transmit time!
time t
Fig. 9
15
Transmission Principles Siemens
Co-ordination
of limited frequency resources
for different subscribers
Multiplex Access
FDMA CDMA
Frequency Division Code Division
Multiple Access Multiple Access
TDMA
Time Division
Multiple Access
Fig. 10
16
Transmission Principles Siemens
power power
P
time t
FDMA P
time t
TDMA
TS 3
TS 2
TS 1
1 2 3
frequency f frequency f
FDMA Frequency
TDMA Time
3
CDMA PN code
2
1
frequency f
Fig. 11
17
Transmission Principles Siemens
FDMA in GSM
In the GSM system, a band width of 200 kHz is defined for one frequency band.
These HF channel widths are perfectly suited to the demands for speech
transmission.
Allocation to (E-) GSM900, GSM-R, GSM1800 and GSM1900 is as follows:
l GSM900: (880) 890 - 915 MHz; 925 (935) - 960 MHz; 124 (174) channel pairs ;
with a duplex distance of 45 MHz
l GSM-R: 876 - 880 MHz; 921 - 925 MHz; 19 channel pairs; with a duplex distance
of 45 MHz
l GSM1800:1710 - 1785 MHz; 1805 - 1880 MHz; 374 channel pairs; with a duplex
distance of 95 MHz
l GSM1900: 1850 - 1910 MHz; 1930 - 1990 MHz; common use along with other
standards (e.g. IS-95; D-AMPS); with a duplex distance of 80 MHz
In GSM for DL the higher and for UL the lower frequency range is used in general.
Remark: In co-ordination with the frequency plan regulation, there is a 200 kHz
protective band inserted between the lower limit frequency and the first carrier of
every sub-band, i.e. the corresponding channels are not used. This protective band
known as the "guard band" is an accepted, virtually "unavoidable loss" for preventing
interference between different applications in the totally filled frequency range.
18
Transmission Principles Siemens
FDMA in GSM
GSM900 / 1800 Frequency Allocation
(880) 890 MHz 915 MHz (925) 935 MHz 960 MHz GSM900
1710 MHz 1785 MHz 1805 MHz 1880 MHz GSM1800
UPLINK (UL) DOWNLINK (DL)
Guard band
C C
C C C 124 C C C 124'
1 2 3 (174) 1' 2' 3' (174')
374 374'
200 kHz
C - Radio Frequency Channel (RFC)
Fig. 12
19
Transmission Principles Siemens
TDMA in GSM
Each of the 200 kHz frequency bands is further sub-divided by TDMA into 8 so called
Time Slots TS. This produces 8 physical channels within one frequency band. In
GSM a physical channel is thus defined by a determined frequency channel Uplink
UL and Downlink DL and a determined time slot TS
In the GSM system, up to 8 (with half-rate transmission even 16) calls can be
transmitted "simultaneously" on one frequency band.
A sequence of 8 time slots TS in one radio channel is referred to as a TDMA frame. A
TDMA frame has a duration of 4.615 ms, an individual time slot a duration of approx.
0.577 ms. The users data are transmitted virtually "piece by piece" on one specific
time slot every TDMA frame.
GSM: FDMA
combined
FDMA/TDMA
1TS 577ms
1TS==577 ms TDMA
11TDMA
TDMAframe
frame==
88TS frame
TS==4.615
4.615msms
1
0
7
6
5
4
3 time
2
1
0
frequency
200 kHz
Fig. 13
20
Transmission Principles Siemens
Transmission Principles
A/D conversion
0011
speech band 1
1011 Multi-
plexer
band
3 2 1
speech band 2
common line
1100
PCM
Pulse Code
Modulation
speech band 3
Fig. 14
21
Transmission Principles Siemens
22
Transmission Principles Siemens
0 1 0 0 1 1 0 1
signal 2
Fig. 15
23
Transmission Principles Siemens
PCM30
PCM30 transmission systems use digital transmission lines or radio relay. A PCM30
frame consists of 32 time multiplexed time slots.
The 32 time slots can contain pulse code modulated message information (speech,
data) or signaling information in the form of 8-bit words.
The total bit rate of a PCM30 line is 2048 kbit/s
l Time slot 0: alternately frame identification word and service word (alarms)
l Time slots 1-15 and 17-31: calls or data
l Time slot 16: signaling channel
The pulse frames are transmitted in a direct sequence.
PCM30
PCM30
Fig. 16
24
Transmission Principles Siemens
Transmission Principles
Advantage:
mobility
Fig. 17
25
Transmission Principles Siemens
Advantage: Mobility
The main advantage of mobile communications is the unrestricted mobility which can
be achieved only via a radio interface. Mobility was extremely restricted, especially in
the early years of mobile communications (one-cell systems). Mobility only reached
as far as the radio coverage between the MS and the transmission/receiving
installations would allow. These limits were stretched significantly by cellular mobile
communication networks of the first generation (since the early 1980s). National
borders and the degree of area coverage of a PLMN within a country formed the
borders. In the GSM system, national borders no longer represented restrictions to
mobility owing to “inter-national roaming”. It is still the case that nation-wide
connectivity is only offered around urban areas and along main traffic routes in large
areas of central Europe. Unlimited world-wide mobility is possible in co-operation
between GSM and MSS such as Iridium, Globalstar and ICO.
26
Transmission Principles Siemens
Eavesdropping easy!
Security Aspect: GSM offers encryption
Fig. 18
27
Transmission Principles Siemens
28
Transmission Principles Siemens
received signal to
signals antenna
Fig. 19
29
Transmission Principles Siemens
30
Transmission Principles Siemens
Fig. 20
31
Transmission Principles Siemens
Fig. 21
32
Transmission Principles Siemens
S/N
signal
quality
distance to transmitter r
analog signal
digital signal
Fig. 22
33
Transmission Principles Siemens
34
Transmission Principles Siemens
Um
Addition of: Convo- Inter-
lutional leaving Convo-
parity De-inter- Parity
coding lutional
and filler leaving check
temporal decoding
bits redundancy spreading
Fig. 23
35
Transmission Principles Siemens
36
Transmission Principles Siemens
Fig. 24
37
Chapter 3
GSM PLMN
GSM PLMN
GSM PLMN
Contents
1 Overview 2
2 Network Elements 7
GSM PLMN Siemens
1 Overview
GSM-PLMN
PLMN fixed
RSS Public Land Mobile Network
network
Radio
SubSystem
PSTN
Public Switched
Telephone Network
ISDN
Integrated Services
MS BSS NSS Digital Network
Overview
Fig. 1
2
GSM PLMN
Siemens GSM Siemens
PLMN
Network Elements
The subsystems functions are grouped into functional units or network elements.
Functional units may be realized either as standalone Hardware HW units or
associated with other GSM functional units in one HW unit.
The Radio SubSystem RSS consists of the Mobile Stations MS and the Base
Station Subsystem BSS, which is composed of the following functional units:
l Base Station Controller BSC
l Base Transceiver Station BTS
l Transcoding and Rate Adaption Unit TRAU
3
GSM PLMN Siemens
GSM-PLMN
Radio Network
SubSystem Switching
RSS = Subsystem other
NSS networks
Mobile Base Station
Station + Subsystem
MS BSS AC EIR
Fig. 2
4
GSM PLMN
Siemens GSM Siemens
PLMN
Interfaces
The individual network elements are connected to each other for user data and/or
signaling transfer. Some of the interfaces are specified by ETSI as open interfaces,
allowing to connect equipment of different network manufacturer. Others are not
specified or "weakly" specified, so that only proprietary solutions are possible.
The following GSM Phase 1/2 interfaces are open interfaces:
l Um: MS - BSS (Air interface)
l A: MSC - BSS (BSC)
l B: MSC - VLR
l C: MSC - HLR
l D: HLR - VLR
l E: MSC - MSC
l F: MSC - EIR
l G: VLR - VLR.
5
GSM PLMN Siemens
AC
OMC - B
Fig. 3
6
GSM PLMN Siemens
2 Network Elements
GSM-PLMN
PLMN fixed
RSS Public Land Mobile Network
network
Radio
SubSystem
PSTN
Public Switched
Telephone Network
ISDN
Integrated Services
MS BSS NSS Digital Network
Mobile Base Station Network Switching
Station Subsystem Subsystem
PDN
Public Data
Network
OSS
Operation SubSystem
Network Elements
Fig. 4
7
GSM PLMN
Siemens GSM Siemens
PLMN
8
GSM PLMN Siemens
MS = ME + SIM
SIM card
Subscriber Identity Module:
· Subscriber license
· Personal Identities
(e.g.MSISDN, IMSI, TMSI, PIN,...)
· Subscriber key (Ki, Kc)
· Algorithms (A3, A8)
· Personal phone book
· SIM toolkits,...
ME:
MSISDN: Mobile Subscriber ISDN no.
IMSI: International Mobile Subscriber Identity
Mobile Equipment
TMSI: Temporary Mobile Subscriber Identity •Hardware & Software
PIN: Personal Identity Number
Ki: individual key
for radio transmission
Kc: cipher key •Cipher algorithm
Fig. 5
9
GSM PLMN
Siemens GSM Siemens
PLMN
H
block diagram
• securing • HF generation
speech
• interleaving ciphering • modulation
conversion
• burst block formation • amplification
Mobile Equipment ME
Fig. 6
10
GSM PLMN
Siemens GSM Siemens
PLMN
The BSS architecture shall be selected to achieve maximum flexibility with regards to
the various operator requirements. All BSS components can be installed in the same
geographical location or in different locations where the transmission paths can be
used via public networks. The ability of the BSC to manage several BTSs in different
cell locations enables optimal adaptability to the traffic requirements in urban and
rural areas.
In terms of function, the main task of the BSC is the handling of the call connections
(switching), sampling of operational/maintenance information of all BSS (BSC, BTSs
and TRAUs), as well as their transfer to OMC-B. The BTS handles the radio specific
aspects.
TRAU
BTS BSC
LMT
BTS
OMC-B
Fig. 7
11
GSM PLMN
Siemens GSM Siemens
PLMN
BTS
TRAU
Asub
TRAU Abis
BTS
TRAU
•
• BSC •
• •
•
••BSS
BTS
BSScontrol
control
••Switched
Switchedbetween TRAUÛ
betweenTRAU ÛBTS
BTS OMC- B
••Radio Resource Management
Radio Resource Management
••Collecting
Collectingerror
errormessages
messagesininBSS
BSS
••Contact to OMC-B
Contact to OMC-B
••Database
Databasestorage,
storage,SW
SWofofBSS
BSS
Fig. 8
12
GSM PLMN
Siemens GSM Siemens
PLMN
13
GSM PLMN Siemens
+ • Frequency hopping
• Synchronization
burst blocks burst (time and frequency)
formation multiplexing • Monitoring & optimization
of transmission quality
• Power Control PC
• Timing Advance TA
modulation
receive
Fig. 9
14
GSM PLMN
Siemens GSM Siemens
PLMN
Functions:
l Transcoding TC defines speech compression: compresses / decompresses the
incoming speech data from 64 kbit/s to 13 kbit/s, 12.2 or 5.6 kbit/s (embedded in
16 or 8 kbit/s channels).
l Rate Adaptation RA filters out the useful data (0.3 – 9.6 kbit/s in Phase 1/2)
coming from the MSC (64 kbit/s) signal and forms a 16 kbit/s signal toward the
BSC
l The user data are sub-multiplexed into 16 kbit/s subslots on the Asub interface
Remarks:
l TC and RA are implemented as algorithms in the same hardware unit as the
TRAU (Siemens solution).
l The TRAU is logically allocated to the BSC. Consequently, it belongs to the Base
Station Subsystem (BSS), but is generally installed at the MSC node in order to
keep line costs to a minimum.
l In contrast to user information signaling information passes the TRAU
transparently.
l The users information (data / speech) is embedded into 16 kbit/s channels. The
additional space is filled with proprietary inband-signaling (i.e. information, which
are directly exchanged between BTS and TRAU)
15
GSM PLMN Siemens
TRAU
Transcoding & Rate Adaptation Unit
TRAU
A
B 16 64 64 64 64 kbit/s M
S S
A sub
C 16 64 64 64 64 kbit/s C
64 64 64 64 kbit/s
16 64 64 64 64 kbit/s
16 16 16 16 16 64 64 64 64 kbit/s
submultiplexer
••speech
speechcompression:
compression: 64kbit/s«
64kbit/s «1313or
or5.6
5.6kbit/s
kbit/s++inband
inbandsignaling
signaling
••data transmission:
data transmission: "64 «
"64 kbit/s" « 0.3 - 9.6 kbit/s + inbandsignaling
kbit/s" 0.3 - 9.6 kbit/s + inband signaling
••signaling:
signaling: transparent
transparent
Fig. 10
16
GSM PLMN
Siemens GSM Siemens
PLMN
17
GSM PLMN Siemens
other NSS
MSC/VLRs Network &
Switching
Subsystem
AC
Authentication Center
HLR EIR
Home Location Equipment Identity
Register Register
VLR
Visitor Location
Register
other
networks
MSC
Mobile services
Switching Center
Fig. 11
18
GSM PLMN
Siemens GSM Siemens
PLMN
19
GSM PLMN Siemens
MSC
Mobile services
Switching Center
••NSS
NSS“heart
“heart&¢er”
center”
••Nodes
Nodesbetween
betweenNSSNSSregisters,
registers,BSS,
BSS,
other
other MSCs and externalnetworks
MSCs and external networks
••Serves
Servesseveral
severalBSS
BSS(BSC)
(BSC)
••Set-up
Set-up & switchingofofuser
& switching usertraffic
traffic&&signaling
signaling
••Always associated with
Always associated with VLRVLR
••Association
Associationwith
withHLR/AC
HLR/ACandandEIREIRpossible
possible
••Gateway
Gateway MSC: Gateway to externalnetworks
MSC: Gateway to external networks
••Visited
VisitedMSC:
MSC:MSCMSCserving
servingcertain
certainMS
MS
Fig. 12
20
GSM PLMN
Siemens GSM Siemens
PLMN
MSC
Mobile services
Switching Center
Fig. 13
21
GSM PLMN
Siemens GSM Siemens
PLMN
22
GSM PLMN Siemens
MSC
Mobile services
Switching Center
VLR
Visitor Location Register
Tasks:
• Subscriber management in MSC area
• Associated with MSC
• Authentication co-ordination
• commands start of ciphering
Subscriber data:
• Subscriber data from HLR (MSISDN, IMSI,
services (BS, TS, SS), service restrictions,..)
• Temporary subscriber information (LMSI, TMSI, LAI,
IMSI attach/detach, MSRN, HON, triples,...)
Entries valid until re-registration in another VLR!
Fig. 14
23
GSM PLMN
Siemens GSM Siemens
PLMN
24
GSM PLMN Siemens
AC
Authentication Center
Tasks:
• Security data storage (Ki)
• Generation of triples (VLR request)
• Associated with HLR
Data / algorithms:
• Ki, IMSI, A3, A8
HLR
Home Location Register
Tasks:
• Central storage/management of subscriber data
• Delivery of data to VLR
• Routing information at MTC
• Associated with AC
Subscriber data:
• Semipermanent data: MSISDN, IMSI,
services (BS, TS & SS), service restrictions,...
• Temporary subscriber information: VLR address,
LMSI, MSRN, SMS flags,...
Fig. 15
25
GSM PLMN
Siemens GSM Siemens
PLMN
Authentication Center AC
An Authentication Center AC contains all necessary means, keys and algorithms for
the creation of security related authorization parameters, the so-called Triples. The
Triples are created on VLR request and delivered via HLR to the VLR. An AC is
always associated with an HLR.
Central information contained in the AC are:
l IMSI: International Mobile Subscriber Identity
l Ki: Individual Key (top secret mobile subscriber identity)
l Algorithms for authentication and encryption: A3, A8.
26
GSM PLMN Siemens
CEIR
Common EIR
site: Dublin
Tasks:
• Central, worldwide ME register
• Worldwide ME theft prevention
EIR
Equipment Identity Register
Tasks:
• Storage of ME data (IMEI)
• Monitoring of IMEI: "white", "gray", "black" list
ME data:
• IMEI = International Mobile Equipment Identity
= Type Approval Code TAC
+ Final Assembly Code FAC (manufacture site)
+ Serial Number SNR (device serial number)
+ Software Version Number SVR
Fig. 16
27
GSM PLMN
Siemens GSM Siemens
PLMN
28
GSM PLMN Siemens
VMSC / PSTN
GMSC ISDN
VLR
Mobile CCU
BSS
DTE PCU HLR
extension
Gb
Gr
Fig. 17
29
GSM PLMN
Siemens GSM Siemens
PLMN
30
GSM PLMN Siemens
OSS
Operation SubSystem
MSC/VLR
EIR
HLR/
AC
WS
NSS MSC/VLR OMC
Operation & Maintenance Center
• Subscriber and equipment data
management
e.g. clearing services, bills
• Network operation, configuration
TRAU
& management
• Collecting network load information
BSC & compiling statistics
• Error detection & correction
BSS • Security management
BTS • Performance control
Fig. 18
31
GSM PLMN
Siemens GSM Siemens
PLMN
OSS
Telecommunication
Operating systems
Management System national
according to OMCs,
TMN administration, billing,
network management system,..
regional
OMCs
Fig. 19
32
Chapter 4
Procedures
Procedures
Procedures
Contents
Procedures
LAI
HLR-ID X1 X2 X3 X4 X5 X6 X7 X8
MSISDN CC NDC SN
Fig. 1
2
Procedures
Siemens Siemens
Procedures
3
Procedures Siemens
Hierarchy Service
of GSM Area Codes
Service Areas
/ Codes International
LA1
LAC: Location Area Code
MCC: Mobile Country Code
CC: Country Code Location Area LA LA2 LAI: Location Area Identity
MNC: Mobile Network Code
NDC: National Destination Code
NCC: Network Colour Code
LAC: Location Area Code
LAI: Location Area Identity
Cell CI: Cell Identity
CI: Cell Identity
CGI: Cell Global Identity CGI: Cell Global Identity
Fig. 2
4
Procedures
Siemens Siemens
Procedures
Location Area LA
The LA is (in classical GSM) is stored as the most precise information of the
(attached) subscribers current location. This information is stored in the VLR
associated to the VMSC. If the MS turns from one LA to another, a Location Update
Procedure is necessary. The size of a LA is configured by the operator according to
the traffic or population density and the behavior of the mobile subscriber. A Location
Area can encompass one or more radio cells that are controlled by one or more BSC,
but never belong to different MSC areas. Location Area identities are:
l Location Area Code LAC: The LAC serves to identify a LA within a GSM-PLMN.
The LAC length is 2 bytes.
l Location Area Identity LAI = MCC + MNC + LAC; the LAI serves as an
unambiguous international identification of a location area.
5
Procedures Siemens
National &
PLMN Codes Example*:
Germany
CC = 49
MCC = 262
D1
Telekom
NDC = 171
MNC = 01
Subscriber Identities D2
Mannesmann
IMSI
International Mobile Subscriber Identity
NDC = 172
MSIN MNC = 02
MCC MNC Mobile Subscriber Id. No.
Eplus
NDC = 177
HLR-ID X1 X2 X3 X4 X5 X6 X7 X8 MNC = 03
E2
MSISDN Viag Intercom
Mobile Subscriber ISDN Number NDC = 178
MNC = 04
CC NDC SN
Subscriber Number * This figure has just an illustrative purpose
and does not reflect the actual MSC areas
of any German PLMN operator.
Fig. 3
6
Procedures Siemens
Subscriber Identities:
l International Mobile Subscriber Identity IMSI = MCC + MNC + MSIN (Mobile
Subscriber Identification Number); IMSI length = 3 + 2 + 10 digits. The IMSI is the
unique identity of a GSM subscriber. It is used for signaling and normally not
known to the subscriber. Often die first two MSIN digits are taken to specify the
users HLR in the PLMN (operator dependent).
l Mobile Subscriber ISDN number MSISDN = CC + NDC + SN. MSISDN length: 2
/ 3 + 3 + max. 7 digits = max. 12 digits. The MSISDN is "the users telephone
number". A user has one IMSI (with one contract), but he can have different
MSISDN (e.g. for fax, phone,..).
l Temporary Mobile Subscriber Identity TMSI: The TMSI is generated by the VLR
and temporarily allocated to one MS. It is only valid in this MSC/VLR service.
When changing to a new MSC area, a new TMSI has to be allocated. The TMSI
consists of a TMSI Code TIC with length 4 bytes. Often the TMSI is used together
with the LAI.
Principle:
MSC, Location
MSC / VLR
& Cell Area
MSC / VLR
MSC / VLR
Identifier: LA
Cell LA
MSC / VLR - Identity Cell
LAI = MCC + MNC + LAC LA MSC / VLR
CGI = LAI + CI MSC / VLR
Fig. 4
7
Procedures Siemens
Procedures
Security Features:
• Authentication
• Ciphering
• TMSI allocation
• IMEI check
Fig. 5
8
Procedures
Siemens Siemens
Procedures
Security Features
In GSM the security of a mobile subscriber is ensured by several features.
l Authentication: protects the network operator and mobile subscriber against
unauthorized network use.
l Ciphering: is used to prevent eavesdropping of radio communications.
l Temporary Mobile Subscriber Identity TMSI allocation: protects the
subscribers identity in the initial access phase, where no ciphering is possible.
l IMEI check: prevents the usage of stolen/non-authorized mobile equipment.
9
Procedures Siemens
A5 IMEI
Prerequisites
for Authentication
& Ciphering
HLR AC
NSS BSS
SIM
Fig. 6
10
Procedures Siemens
Triples
The triples are parameters, which are necessary for authentication and ciphering.
They are produced in the Authentication Center AC and consist of:
l RAND (RANDom number)
l SRES (Signed RESponse): the reference value for the authentication
l Kc (Cipher Key): key necessary for ciphering.
Ki IMSI
Data-
RAND
Random base
Number
Generator
Algorithm Algorithm
A3 A8
AC
Authentication
SRES Kc Center
RAND SRES Kc
RAND = RANDom number
Triple SRES = Signed RESponse
Kc = Cipher Key
Fig. 7
11
Procedures
Siemens Siemens
Procedures
Authentication
The authentication checks the real identity of a user, i.e. his authorization to take
access to the network. Actually it is checked, whether the secret individual Key Ki
stored on the SIM card is identically to the one stored for this user in the
Authentication Center or not. The authentication procedure is or can be initiated by
the VLR in the following cases:
l IMSI Attach
l Location Registration
l Location update with VLR change
l call setup (MOC, MTC)
l activation of connectionless supplementary services
l Short Message Service (SMS)
Authentication Procedure
1. the VLR recognizes the need for an authentication; in the case, that no / no more
Triples are available in the VLR it requests a set of Triples from the HLR
2. the Triples are generated in the AC (see above) and sent via HLR to the VLR
3. the VLR sends the RAND to the MS; the SIM card calculates the SRES using Ki,
A3 and RAND (see above)
4. the MS sends the SRES back to the VLR; the VLR compares the SRES in the
triple with the SRES calculated by the MS; if they coincide, the network access
will be authorized and the general procedure will continue, otherwise
5. the access will be refused and the "Authentication Refused" message will be sent
to the MS
12
Procedures Siemens
• Location Registration LR
Authentication with: • LUP with VLR change
• Call Setup: MOC / MTC / SMS
• Activation of connectionless supplementary services
A B D
MS BSS MSC VLR HLR/AC
Um
1
*1
requests
triples
2
3 sends triples
3
3 sends RAND
4
4
sends SRES 4 coincidence
check
5
5 *2
5 sends
*1 only if no more Triples
“Authentication available in VLR
*2 only if coincidence
refused" check negative
Fig. 8
13
Procedures
Siemens Siemens
Procedures
Ciphering
Ciphering regards the security aspects of the information exchange between the
Mobile Station (MS) and the Base Station (BTS) on the air interface Um. User
information (speech/data) and signaling information are ciphered via air interface Um
(UL & DL). An exception is given by the initial signaling, before the cipher command
is sent from the network side. At initial signaling data exchange ciphering is not
possible, because the users identities are necessary prerequisite for the generation
of ciphering parameters. The cipher command is given after transmission of the user
identity (TMSI / IMSI) and the authentication procedure. Ciphering / Deciphering is
carried out in the BTS and in the MS.
The GSM Recommendation (02.16) of Phase 2 states that up to 8 logically different
encryption algorithms (incl. "no ciphering") should be used. The reason for this is the
intention
a) to assign different algorithms to different countries and
b) to provide MS, which do not use the A5-1 algorithm, with the possibility of
roaming in different GSM-PLMN networks.
Currently 3 algorithms are defined:
l A5-0: no ciphering for COCOM countries
l A5-1: "strict" cipher algorithm (originally MoU algorithm) for MoU-1 countries , A5-
1comes from GB; due to military origin (NATO), high security arrangements are to
be regarded
l A5-2: "simplified" cipher algorithm for MoU-2 countries (without COCOM
countries);
Remark: A5-0 is implemented in every MS and every BTS to enable access of every
MS in every network. Additionally A5-1 or A5-2 can be implemented.
14
Procedures Siemens
Ciphering
• Prevents eavesdropping in Um
• Application in user information and signalling
• Exception: initial signalling
ciphered information
A5 A5
Rec.
Rec.02.16:
02.16:max.
max.88cipher
cipheralgorithms
algorithms
A5-0:
A5-0: no nociphering;
ciphering;COCOM
COCOMcountries
countries
A5-1:
A5-1: "strict"
"strict" ciphering; MoU-1countries
ciphering; MoU-1 countries
A5-2:
A5-2: "simple"
"simple" ciphering; MoU-2countries
ciphering; MoU-2 countries(except
(exceptCOCOM)
COCOM)
Fig. 9
15
Procedures Siemens
Ciphering process
Transmitter/receiver must use the same cipher algorithms.
In order to handle ciphering individually for every user, the individual key Ki (stored in
the SIM card and the AC) is used.
The cipher key Kc is transmitted after ciphering from the VLR to the BTS. The MS is
able to calculate Kc (after receiving RAND in the authentication procedure) by
algorithm A8 from RAND and Ki.
A 114 bit long cipher sequence is calculated using the cipher algorithm A5, the cipher
key Kc and the TDMA frame number (broadcasted cyclically by every BTS over the
cell area).
The speech, data and signaling information are ciphered / deciphered in 114 bit long
sequences being connected in a so-called "eXclusive OR" XOR operation.
Deciphering follows exactly the same scheme as ciphering, as the XOR operation
yields the original values after double application of XOR (using the same cipher
sequence).
To start ciphering, the network sends a cipher start command, which has to be
acknowledged by the MS (being the first ciphered information).
ME:
A5 VLR: AC:
BTS:
SIM: RAND A5 RAND, Kc IMSI A3, A8,
Triples:
Triples IMSI,Ki
A3, A8, RAND,
Ki, IMSI SRES SRES SRES, Kc
MS BTS VLR AC
Authentication: Ciphering: Authentication: Authentication
A3(Ki, RAND) = SRES A5(Kc,TDMA-No.) = CS SRES comparison & ciphering:
generates RAND
Ciphering: text XOR CS = ciphered text
A3(Ki, RAND) = SRES
A8(Ki, RAND) = Kc A8(Ki, RAND) = Kc
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text CS: cipher sequence
Fig. 10
16
Procedures Siemens
TMSI Allocation
Ciphering protects the user from being eavesdropped. However, the ciphering with
Kc requires that the network is aware of the identity of the mobile subscriber with
whom it is in contact. Thus, during the initial phase of communication setup, when the
identity of the mobile subscriber is still unknown, the transmitted signaling information
can not be ciphered. During this phase a third party may identify a subscriber and the
desired service.
In order to protect the identity of the subscriber in this phase, a temporary
identification of the subscriber is distributed: the Temporary Mobile Subscriber
Identity TMSI.
The TMSI is used instead of the real user identity, the International Mobile Subscriber
Identity IMSI. This TMSI is allocated by the VLR, which is associated to the VMSC.
The MS usually identifies itself with the TMSI in the initial access phase to the VLR.
The VLR uses this TMSI to re-identify the IMSI. This is only possible if the TMSI has
been allocated by the same VLR. If not, the VLR has to request the VLR, which has
allocated the TMSI to the MS, to deliver the IMSI. Therefore, the TMSI is in most
cases transmitted together with the old LAI, which identifies uniquely a VLR. The
request VLR - VLR is only possible, if both VLR belong to the same PLMN.
Therefore, the IMSI has to be transmitted via Um at the first registration in a new
PLMN and obviously at the very first usage of the SIM card (i.e. in the case of
Location Registrations).
A new TMSI (TMSI re-allocation) can optionally be allocated to the MS after every
authentication & cipher start (and the optional IMEI check).
• •Network
Networkrequires
requiressubscriber
subscriberId.
Id.for
forcall
callsetup
setup
TMSI • •Id. necessary for triples calculation
Id. necessary for triples calculation
Allocation • •Start
Startofoftransmission
transmissionofofId.Id.uncoded
uncoded
• •TMSI
TMSI prevents eavesdroppingofofsubscriber
prevents eavesdropping subscriberId. Id.(IMSI)
(IMSI)
• •New TMSI with VLR change & usually at
New TMSI with VLR change & usually at call setup call setup
sends
MS TMSI BSS MSC VLR HLR/
= LAI + TIC TMSI TMSI determines IMSI AC
IMSI from
IMSI
Authentication TMSI
Þ Ki Þ
Ciphering Triples
Triples
For
ForLA
LAchange
changewithwithMSC/VLR
MSC/VLRchange:
change:
••New VLR identifies old VLR by TMSI
New VLR identifies old VLR by TMSI
••Subscriber
Subscriberdata:
data:query
queryofofold
oldVLR
VLR
Fig. 11
17
Procedures Siemens
IMEI Check
In contrast to the other security mechanism authentication, ciphering and TMSI
allocation, the check of the International Mobile Equipment Identity IMEI is optional. It
depends on the operators decision whether a EIR is implemented and IMEI checks
are done.
IMEI check serves to identify stolen, expired or faulty mobile equipment. A IMEI
clearly identifies a particular mobile device and contains information about the place
of manufacture, type approval code and the serial number of the equipment.
The IMEI consists of: Type Approval Code TAC, Final Assembly Code FAC, Serial
Number SNR and a Software Version Number SVN.
If a IMEI check in the PLMN is intended, the Mobile Station MS will be requested to
submit the IMEI during call setup after authentication and cipher command. The MS
sends back its IMEI. The IMEI is routed to the EIR of the PLMN. A check occurs here
to find out whether the IMEI is registered on the black or gray list, i.e. whether the MS
is blocked from further use of the PLMN, or whether it has to be observed.
Fig. 12
18
Procedures Siemens
3 Location Update
Procedures
request
Location Update
MS
BTS
Location Update
Fig. 13
19
Procedures
Siemens Siemens
Procedures
20
Procedures Siemens
Update BCCH:
CGI =
26205A64B... LAI =
2620533
request
Location Update
MS
3 types of Location Update:
• normal
BTS • periodic
• with IMSI attach
Fig. 14
21
Procedures Siemens
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI or IMSI. The request and the identity are forwarded to the VLR.
2. The VLR re-identifies the IMSI from the TMSI. If no / no more Triples are
available in the VLR, it requests triples from the AC via the HLR.
3. The AC generates a set of Triples and delivers them via HLR to the VLR.
4. The VLR stores the Triples and initiates the Authentication, then gives the cipher
start command and initiates an IMEI check (optional).
5. If the Authentication, cipher start and IMEI check are successful, the VLR needs
for call setups the subscriber data. In case of a LR, they are have not been
stored before in the VLR and so they have to be requested from the HLR.
Together with this request, the VLR delivers its identity and the information,
where this subscriber is stored in the VLR, i.e. the Local Mobile Subscriber
Identity, to the VLR.
6. The HLR stores the VLR identity and LMSI and transmits the requested
subscriber data to the VLR.
7. The VLR stores the subscriber data and assigns a TMSI (LR: mandatory) or a
new TMSI (LUP: only with MSC/VLR change) to the MS. This TMSI is transmitted
together with the VLRs acknowledgement, that the LUP has been successful, to
the MS. There, the new TMSI and LAI are stored on the SIM card.
3
4 triples
Fig. 15
22
Procedures Siemens
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI. The request and the identity (TMSI in combination with the old
LAI) are forwarded to the new VLR.
2. The new VLR receives the TMSI and LAI. It recognizes from the LAI, that the
TMSI has been allocated by another VLR (old VLR). Thus, the VLR is not able to
re-identify the IMSI from the TMSI and has no chance to request the subscriber
data from the HLR. Therefor, the new VLR calculates the address of the old VLR
from the LAI and transmits the TMSI to the old VLR and requests it to deliver the
users IMSI. The old VLR delivers the IMSI and the remaining Triples to the new
VLR. Remark: If this step 2 is not possible (e.g. line break between old and new
VLR) the new VLR commands the MS to transmit the IMSI directly.
3. The new VLR uses the IMSI to calculate the users HLR. The new VLR transmit
its identity and LMSI to the HLR and requests the HLR to deliver the subscriber
data and, if necessary, a set of Triples.
4. The HLR stores the new VLRs identity and LMSI, confirms the information,
supplies the subscriber data and, if necessary, the Triples.
5. The HLR informs the old VLR to erase the stored data set of this subscriber.
6. The VLR now starts authentication, ciphering and (optionally) IMEI check.
7. The VLR allocates a new TMSI to the MS.
3
old HLR new
VLR AC VLR
5
4
7 6 1
MSC MSC
7 6 1
BSS BSS
Um
LA change
7 6 1
with MSC / VLR change
Fig. 16
23
Procedures Siemens
Procedures
MOC
MS starts network access
(PLMN, ISDN, PSTN)
MTC
MS is contacted
MMC
MS1 starts network access
MS2 is contacted
MIC
Special case MMC:
both MSs in same MSC area
Call Setup
Fig. 17
24
Procedures Siemens
Siemens Procedures
Call Setup
Different procedures are necessary depending on the initiating and terminating party:
l Mobile Originating Call MOC: Call setup, which are initiated by an MS
l Mobile Terminating Call MTC: Call setup, where an MS is the called party
l Mobile Mobile Call MMC: Call setup between two mobile subscribers; MMC thus
consists of the execution of a MOC and a MTC one after the other.
l Mobile Internal Call MIC: a special case of MMC; both MSs are in the same MSC
area, possibly even in the same cell.
25
Procedures Siemens
1 2 2
sends identification +
*1 3
Channel Request
subscriber Id. authentication requests
TMSI (IMSI) request triples
3
4 triples
commands
9
Traffic Channel
assignment channel assignment
Setup connection to B-subscriber
Fig. 18
26
Procedures Siemens
Siemens Procedures
27
Procedures Siemens
Fig. 19
28
Procedures Siemens
EIR BSC
VLR BTS
VMSC
HLR AC BSC
BTS
NSS Network Switching Subsystem RSS Radio Subsystem
Fig. 20
29
Procedures Siemens
A- subscriber
call setup:
B- subscriber
signaling
traffic channel
assignment
MS B-subscriber B-subscriber
BTS
answers answers
Not for:
• International calls
• Data connection
• Emergency calls
Fig. 21
30
Procedures
Siemens Siemens
Procedures
31
Procedures Siemens
Intra-cell
BTS
f 1, TS 1 Handover
BSC performed
BTS BSC
MSC
f 2, TS 2
Handover BTS
performed
Intra-MSC MSC
Inter-MSC basic
BSS
MSC - A MSC - B
MSC
Fig. 22
32
Procedures
Siemens Siemens
Procedures
Handover Decision
The handover algorithm is based on periodically measurements of MS and BTS
concerning the strength and quality of the received signals. The MS measures quality
and strength of the connection and the strength of the serving BTS and that of the
surrounding BTSs. The BTS measures quality and strength of the connection as well
as the distance MS - BTS (Timing Advance TA).
The result of the MS measurements is transmitted to the BTS. The BTS adds its own
measurements and transmits the data as "Measurement Report" to the BSC.
The BSC has to decide, whether a handover is necessary or not. The decision is
determined by the comparison between the current measured values and the
threshold values. If no threshold values are exceeded, the BSC analyses whether an
other BTS as the current one would enable a better air interface quality. Different
other aspects have to be taken into account, e.g. the current load of the cells.
Furthermore, so-called "Ping-Pong Handover" should be prevented.
If an Inter-cell handover is initiated, the criterion of availability of surrounding cells is
used to set up a list of suitable handover destinations in a declining order of priority.
This list forms the basis for the final handover decision that is carried out by the BSC
(in case of Intra-BSS Handover) or by the MSC (in case of Inter-BSC / -MSC
Handover).
Handover criteria are e.g.:
l Strength of the received signal (UL and DL)
l Quality of the received signal (UL and DL)
l Distance MS - BTS (Timing Advance, UL)
l Signal strength of suitable surrounding cells (UL, BCCH)
l Interference that decrease the signal quality (UL and DL)
33
Procedures Siemens
MS Measurement:
Handover Timing Advance, connection quality & strength:
Decision Power control strength of serving BTS &
surrounding BTSs
Measurement:
Measurement report
connection quality & strength,
distance measurement (TA)
BTS
Measurement value processing
Measurement (averaging, limit values,..)
report
HO
decision
Evaluation list
BSC (suitable BTSs for HO...)
Initiation of HO type
BSC/
Handover
MSC
Fig. 23
34
Procedures Siemens
BTS
VLR
B BTS
BTS
MSC (B) A
BTS
Level:
BTS cell A
cell B BTS
BSC cell C
C
BTS BTS
1. BSC: HO necessary
2. Parallel connection setup
3. MS changes phys. channel
4. Original connection released
Fig. 24
35
Procedures Siemens
Emergency Call
The connection set up for the Tele Service "Emergency Call" is similar the that of the
Mobile Originating Call MOC.
The mobile subscriber starts this service either by pressing a SOS key or by dialing
an emergency service number (often: 112).
The setup follows the MOC signaling flow. Differences are:
l no Authentication is necessary
l no Ciphering will be used
l no IMEI check is performed
l no TMSI Re-allocation is performed
A short call setup is resulting in this lack of security features. Furthermore, the
Emergency Call should always be possible with any MS, even without a valid SIM
Card.
Emergency calls are treated with precedence. This may also lead to the release of
other existing connections.
The BSS always delivers the location of the emergency call to the MSC. Depending
on this origin, the emergency connection is then transmitted from the MSC to the
regionally responsible Emergency Call Center. The available location information can
be delivered to the Emergency Call Center, too (operator dependent).
call setup:
without:
• Authentification
• Ciphering
MSC
• IMEI check
• TMSI-Reallocation • Direct connection
• Supplies location info
Emergency call:
• Priority treatment
• no security features
MS • fast call setup
• usually always possible,
even without valid SIM card
Fig. 25
36
Procedures Siemens
s
37
Procedures Siemens
MS DetachedÞ
MSDetached Þ
SMS / • •nonoSMS
SMSdelivery
deliverypossible
possible
• •SMS
SMSstored
storedininSM-SC
SMS-SC • •flag
flagininVLR
VLR&&HLR
SM-SC
HLR
IMSI AttachÞ
IMSIAttach Þ
• •VLR
VLRinforms
informsHLR
HLR
• •HLR
HLR requestsSM-SC
requests SM-SCviavia
SMS-GMSC
SMS-GMSCtotoretransmit
retransmitSMS
SMS
SM-SC SMS-
SMS Service Center
VMSC MS
GMSC
HLR VLR
HLR-flag
+ SM-SC Id(s)
VLR-flag GSM-PLMN
Fig. 26
38
Chapter 5
Radio Interface
Radio Interface
Radio Interface
Contents
1 Physics of Layer 1 2
2 Logic of L1 14
3 MOC / MTC 25
Radio Interface Siemens
1 Physics of Layer 1
TS7 Example:
GSM900
TS6
TS5
TDMA UL DL
frame TS4
4.615
ms ••• •••
TS3
Physical
Physicalchannel
channel(Um)
(Um)
TS2
TS
TS1
577
ms
TS0
Fig. 1
2
Radio
SiemensInterface Siemens
Radio Interface
The Burst
In GSM, using FDMA & TDMA for multiple access, the transmission of data is not
continuously. In every Time Slot TS the HF has to be switched on, the data are
transmitted briefly and then the HF transmission is switched off again. This type of
HF transmission is called “pulse” or “bursty” operation. Therefore, the content of a TS
is called “Burst”.
The transmitter is only allowed to transmit the HF Burst within the duration of the TS.
If the HF transmission exceeds the duration of the TS, the transmission might
interfere with the transmission of the succeeding user. In this case, strong
disturbances of both connections follow. For this reason, the transmission must be
timed exactly. Furthermore, it is not possible to switch on / off immediately. To
prevent interference between neighboring TS, the GSM Rec. define a duration during
which the switching process must be closed. The BS and MS must be able to switch
the HF power on / off within 0.028 ms over a wide dynamic range. This range is 70
dB for BS and 36 dB for MS.
So the burst transmission can be explained as a maximum of 0.028 ms for switching
on HF to the necessary power level, 0.5428 ms for the HF transmission of the so-
called “useful part” (corresponding with 147 bit) and 0.028 ms for switching off the HF
power level down to “background noise” level. Note: This “useful part” + flanks
exceeds the duration of a TS (0.577 ms) and often irritate readers of GSM literature.
The 0.028 ms are however only time maximum limits for the flanks. They carry no
valuable information and so they are allowed to interfere with the succeeding Bursts
in a negligible way.
3
Radio Interface Siemens
The Burst
Power
„Useful
„Usefulpart“
part“
Time
28 ms 542,8 ms 28 ms
Fig. 2
4
Radio Interface Siemens
Burst: Content
A Time Slot is defined as a duration of 0.577 ms (to be precise: 0.576923 ms). This
duration is divided per definition into 156.25 bit. This means an individual bit has a
duration of 3692.3 ns.
The 156.25 bit are used / defined as follows:
142 bit for the transmission of “Information” (not only users data / signaling but also
control information necessary for maintenance of the connection)
3 bit as Tail Bits TB for edge limitations of the TS. They are preventing, that useful
information are “falling” into the flanks of the burst. TB contain no useful information.
They are modulated as content “0”.
8.25 bit as Guard Period GP. The GP is not part of the HF transmission. It is used to
compensate run-time effects in the cells. Note: There is one exception of GPs: The
first MS transmissions of the MS toward the network use special bursts (Access
Burst) with an extended GP of 68.25 bit.
Burst: Content
··· 7 0 1 2 3 4 5 6 7 ···
TS = 576 12/13 ms
= 156.25 bit
1 bit = 3.6923 ms
TB “Information” TB GP
Tail Bits Tail Bits Guard Period
3 bit 142 bit 3 bit 8.25 bit
HF transmission
Fig. 3
5
Radio Interface Siemens
Now the structure of a TS / burst is explained, the content has been described down
to bit level, but the question is now:
How are the “0” and “1” physically presented on the radio interface?
Training
TB Information-Bits S
Sequence
S Information-Bits TB GP
3 57 1 26 1 57 3 8.25
Bit
142 bit “Information”
S: Stealing flag
TB: Tail Bits
GP: Guard Period
Fig. 4
6
Radio Interface Siemens
Gaussian MSK
In GMSK, the phase transitions are smoothed by filtering the data with a gaussian
curve. This enables smooth phase shifts, keeping the bandwidth comparable narrow.
Thus, a bandwidth of only 200 kHz can be achieved.
Minimum Shift
Keying MSK
1
binary
0
signal
f
T - f
frequency
f
T
f + f
T
+ 180°
+ 90°
phase t
- 90°
- 180°
Fig. 5
7
Radio
SiemensInterface Siemens
Radio Interface
Frames
TDMA frames
A single frequency band in TDMA systems is subdivided into several Time Slots TS,
which can be used by different users. In GSM 8 TS form one TDMA frame (4.615
ms), i.e. 8 physical channels are using the same frequency band being cyclically
(every 4.615 ms) allocated to a certain user / application.
So the TDMA frame is a repetition cycle with a duration of 4.615 ms.
The TDMA frames themselves are again part of a repetition cycle of a larger duration.
Certain contains are always repeated after a certain duration. This repetition cycle is
called: Multiframe.
Multiframes
Here a separation has to be done according to the type of information a physical
channel is transmitting. The physical channels can be used to transmit either user
data or signaling.
Multiframes of physical channels allocated for user traffic (Traffic Channels TCH) are
repetition cycles of 26 TDMA frames.
Multiframes of physical channels allocated for signaling data (mostly on one / several
of the TS0 of the carrier of one cell) are repetition cycles of 51 TDMA frames.
Certain “logical contents” are repeated on certain TDMA frames of the 26 TDMA
frames of the TCH Multiframes or on the 51 TDMA frames of the signaling
Multiframe.
8
Radio Interface Siemens
Signaling
Time 50
User
Traffic
Frames
49
25
48 24
47 23
46 22 • TDMA-
21
45 20 • Multi-
Multi- 44 Frames
• Super-
43
Frames • Hyper-
5
4 Time
3 7
2 6
1
0
7 5
6 4
5
4 3
3 2
TDMA
2 frame cyclical
cyclicalrepetition
repetition
1 1
0 of
of certaincontents
certain contents
RFC RFC RFC 0 RFC
1 2 3 124
Frequency
FDMA
Fig. 6
9
Radio Interface Siemens
T T T T T T T T T T T TAT T T T T T T T T T T T I
T t T t T t T t T t T t A t T t T t T t T t T t T a
Fig. 7
10
Radio Interface
Siemens Siemens
Radio Interface
Time Hyperframe =
Numbering Period
Structure 2048 Superframes » 3h 29 min
e.g. repetition of
• frequency hopping
• ciphering
1 Superframe =
51 x 26
0 1 2 3 ··· 4950 Channel organisation
TDMA frames scheme
0 1 2 3 24 25
» 6.12 ms
1 TDMA frame
0 1 2 3 4 5 6 7
= 8 TS = 4,615 ms
Fig. 8
11
Radio Interface Siemens
Timing Advance TA
The Guard Periods GP of the Normal Bursts are not able to compensate signal
delays in larger GSM cells. The MS receives synchronization signals from the BS,
synchronizes their transmission based on this signals, but it cannot recognize its
distance from the BS. The distance can be up to 35 km in a normal GSM cell. A
transmission without special compensation of this run-time delay would result in
interference with the succeeding TS.
Therefore, the BS analyses the delay of the MS transmission using the very first MS
burst (which has an extended GP). The BS adjusts its transmission in the DL and
informs the MS with the Timing Advance TA information how to adjust the UL
transmission (i.e. how much earlier the transmission has to start). Over the total
connection, the delay is analyzed by the BS and new TA values set for the MS. 64
TA values (difference: plus/minus 1 bit period) can be used to compensate run-time
effects.
UL 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7 DL
Fig. 9
12
Radio
SiemensInterface Siemens
Radio Interface
Frequency Hopping
Frequency Hopping means to change the frequency used for transmission is
consequently changed every TDMA frame following a certain frequency hopping
algorithm. The Time Slot of the physical channel is still fixed.
The logic behind frequency hopping is to guarantee that all channels have the same
high degree of transmission quality by dividing possible short term interference over
all channels of the cell.
So a narrow-band interference does not disrupt the total transmission on one carrier,
i.e. on one frequency band, because the transmission is hopping from TDMA frame
to TDMA frame to other frequencies.
Nevertheless, now interference occurs for all the carrier of the cell from time to time
when transmitting on the disturbed frequency band. But this can be compensated in
GSM, because in classical GSM there is always redundancy on the transmitted data.
The redundant information is delivered in the next TS of the succeeding TDMA
frame, i.e. on another frequency (which is not disturbed).
Frequency hopping is optional in GSM. It is on the PLMN operators decision to use
frequency hopping or not. Frequency hopping significantly improves the quality /
reliability of transmission.
The carrier transmitting the Broadcast Control Channel BCCH (carrying information
necessary for MS synchronization to the network) does not participate in frequency
hopping.
Frequency hopping is done in the MS and BS, managed from the BSC. The
frequency hopping algorithm can be configured from an OMC.
RFC 1
RFC2
RFC 3
RFC 4
RFC 5
Fig. 10 13
Radio Interface Siemens
2 Logic of L1
SCH
PCH
DL
Signaling CCCH
Common Control AGCH
Channel UL
RACH
SDCCH
DCCH UL
Dedicated Control +
Channel DL SACCH
FACCH
TCH/F
Traffic
UL + DL
User Data TCH/H
Logic of L1
Fig. 11
14
Radio
SiemensInterface Siemens
Radio Interface
Logical Channels
Different signaling and user data contents determine different Logical Channels in
GSM.
For user data transmission two different Logical Channels are used:
l TCH/F Traffic Channels, Full rate (FR/EFR speech: 13 / 12.2 kbit/s; data: 9.6
kbit/s)
l TCH/H Traffic Channels, Half rate (HR speech: 5.6 kbit/s; data: 4.8/2.4/1.2/0.6/0.3
kbit/s)
For signaling 3 types of Logical Channels are used: BCHs, CCCHs and DCCHs.
Broadcast Channels BCH are used DL only for MS synchronization & information:
l FCCH Frequency Correction Channel: for MS frequency synchronization
l SCH Synchronization Channel: for MS time synchronization; contains additionally
TDMA frame no., BSIC
l BCCH Broadcast Control Channel: contains system & cell parameters, e.g. CGI
(i.e. PLMN, LAI), channel combining, frequency hopping algorithm, cipher mode,
cell capabilities: e.g. EFR/FR/HR, VAD/DTX, ASCI, HSCSD, GPRS, EDGE,..)
Common Control Channels CCCH are used uni-directional UL & DL for initial
access:
l PCH Paging Channel: to search the MS in the LAI in case of an MTC
l RACH Random Access Channel: MS request for dedicated signaling resources
l AGCH Access Grant Channel: to grant a dedicated channel to the MS
Dedicated Control Channels DCCH are used bi-directional for dedicated signaling:
l SDCCH Stand-alone Dedicated Control Channel: dedicated signaling between MS
& BS for Call Setup (Authentication, Cipher start, IMEI check, TMSI-Reallocation,
Setup,..) LUP procedures, SMS
l SACCH Slow Associated Control Channel: allocated together with SDCCH or
TCH; control information to maintain connection (e.g. DL: Power Control, Timing
Advance, Comfort Noise; UL: Measurement Reports for Handover,..)
l FACCH Fast Associated Control Channel: allocated instead of TCH in case of
enhanced demand for signaling resources (Handover, Call Release, IMSI-Detach,
OACSU..)
15
Radio Interface Siemens
Logical channels
FCCH Frequency synchronization
BCH DL
Broadcast Channel
SCH Time synchronization + BSIC, TDMA-No.
CGI, FR/EFR/HR, VAD/DTX, HSCSD,
BCCH frequency hopping, channel combinations
Fig. 12
16
Radio
SiemensInterface Siemens
Radio Interface
Burst Types
The HF transmission, which is transmitted in a Time Slot with a pre-defined bit
sequence is call Burst. In GSM there are 5 different Burst types defined:
Normal Burst NB: The NB is used for most of the Logical Channels (TCH, BCCH,
PCH, AGCH, SDCCH, SACCH, FACCH). It consists of the following bit sequence:
l 2 x 3 bit as Tail Bits TB for edge limitation of the HF burst (content: “0”),
l 2 x 57 bit as Data Bits (Information), which carry the users data or signaling
information.
l 2 x 1 bit as Stealing Flags S, which indicate whether user data (TCH) or user
related signaling (FACH) is transmitted in this Burst.
l 26 bit as Training Sequences, which are fixed bit pattern (8 different sequences
exist for NB) for synchronization of the transmitted burst & recognition of
transmission quality
l 8.25 bit as Guard Period GP, which is not part of the HF transmission; used as
guard period between succeeding TS.
Frequency Correction Burst: It is used for the FCCH only, consisting of:
l 142 Fixed Bits with content “0”; it is used for MS frequency synchronization
l 2 x 3 bit as Tail Bits
l 8.25 bit Guard Period
17
Radio Interface Siemens
Dummy Burst: The Dummy Burst has NB structure; it is transmitted in special cases
if nothing else (useful) is to be transmitted (e.g. at the BCCH carrier, which has to be
transmitted continuously because it is the cell beacon).
TB TB GP
Fixed bits
3 142 bit 3 8.25
bit bit bit
Fig. 13
18
Radio
SiemensInterface Siemens
Radio Interface
19
Radio Interface Siemens
DL Combination IV
F S BCCH CCCH F S CCCH F S CCCH F S CCCH F S CCCH I
0 1 2-5 6 - 9 10 11 12 - 19 20 21 22 - 29 30 31 32 - 39 40 41 42 - 49 50
UL
R R R R R R R R R R R
0 1 10 11 20 21 30 31 40 41 50
Fig. 14
20
Radio
SiemensInterface Siemens
Radio Interface
21
Radio Interface Siemens
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
0 1 2 3 4 5 6 7 0 1 2 3 I I I
UL
SACCH SACCH SACCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
5 6 7 I I I 0 1 2 3 4 5 6 7 4
SACCH SACCH SACCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
0 1 2 I I I 0 1 2 3 4 5 6 7 0
Fig. 15
22
Radio
SiemensInterface Siemens
Radio Interface
The GSM modulation rate is 270,833 kbit/s. I.e. one single bit has a duration of
3692.3 ns.
156.25 bit form one Time Slot TS, i.e. the duration of one TS is 0.5769 ms.
8 TS form one TDMA frame, i.e. the duration of one TDMA frame is 4.615 ms; it
contains 1250 bit.
23
Radio Interface Siemens
GMSK 270.833
200 kHz
Modulation kbit/s
1 Bit = 3.6923 ms
Fig. 16
24
Radio Interface Siemens
3 MOC / MTC
SDCCH: Setup
MOC / MTC
Fig. 17
25
Radio Interface
Siemens Siemens
Radio Interface
26
Radio Interface Siemens
Fig. 18
27
Radio
SiemensInterface Siemens
Radio Interface
OACSU:
In case of (TCH) overload on Um OACSU can be used. In this case, the Assign
Command / Assign Complete messages are sent after the Alert message, wasting no
TCH resources during this time (only SDCCH resources).
Emergency Call
In case of an Emergency Call, Authentication and Cipher are skipped. Call setup is
faster and allows usage of every Mobile Equipment (even without valid SIM card;
IMEI on black list).
28
Radio Interface Siemens
MOC ISDN
MS BSS Part I MSC VLR
Channel Request CHAN_REQ
Immediate Assign IMM_ASS_CMD)
CM Service Request CM_SERV_REQ
CM_SERV_REQ
Process Access Request
PROC_ACCESS_REQ
Authentication Request AUTH_REQ
AUTH_REQ
Fig. 19
29
Radio Interface Siemens
MOC ISDN
MS BSS Part II MSC VLR
Complete Call CALL_CMP
Call Proceeding CALL_PROC
CALL_PROC
Assign Request ASS_REQ
Assign Command ASS_CMD
Assign Complete ASS_COM
ASS_COM
Initial Address Message IAM
User data
Disconnect DISC
DISC
Release REL
Release REL
REL
Release Complete RLC
Release Command REL_COM REL_COM
Fig. 20
30
Radio Interface Siemens
Fig. 21
31
Appendix
Appendix
Appendix
Contents
1 References 2
2 Abbreviations 3
Appendix Siemens
1 References
l M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications", Cell & Sys
(1992), ISBN 2-9507190-0-7
l S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House Inc.
(1995), ISBN 0-89006-785-6
l A. Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 0-
89006-860-7
l G. Heine, "GSM-Signalisierung", Funkschau: Funktechnik, Franzis-Verlag GmbH
(1998), ISBN 3-528-15302
l G. Heine, "GSM Networks: Protocols, Terminology and Implementation", Artech
House Inc. (1999), ISBN 0-89006-471-7
l G. Heine, "GPRS from A – Z", Artech House Inc. (2000), ISBN 1-58053-181-4
l G. Heine, "GPRS, EDGE, HSCSD and the Path to 3G", Artech House Inc. (2001),
CD-ROM, ISBN 1-58053-275-6
2
Appendix Siemens
2 Abbreviations
AB access burst
AC authentication center
ACCH associated control channel
ACE antenna coupling equipment
ACE-Rx ACE receive side
ACE-Tx ACE transmit side
ACG auxiliary clock generator
ACM address complete message
ACU antenna combining unit
ADC analog to digital converter
AEF additional elementary function
AF audio frequency
AFC automatic frequency control
AGC automatic gain control
AGCH access grant channel
AMA automatic message accounting
AMPC ATM bridge Processor C
ANT-COMB antenna combiner
AoC advice of charge
AP application part
APS application program system
ARFCN absolute radio frequency number
ARQ automatic repeat request
ASN ATM Switching Network
ATB all trunks busy
ATE automatic test equipment
AUC authentication center
AUT(H) authentication
BA BCCH allocation
BAIC barring of all incoming calls
BAOC barring of all outgoing calls
BAP base processor (CP113)
BCC base transceiver station color code
3
Appendix Siemens
4
Appendix
Siemens Siemens
Appendix
5
Appendix Siemens
DB dummy burts
DBMS data base management system
DCCH dedicated control channel
DCN data communication network
DCP data communication processor
DCS1800 digital communication system
DE digital exchange
DEC digital echo compensator
DEMUX demultiplexer
DHA dialogue handling
DIU digital interface unit
Dm control/data channel
DL down link
DPC destination point code)
DPPC data post processing computer
DPPS data post processing system
DRX discontinuous reception
DSMX digital signal multiplexer
DTAP direct transfer application part
DTMF dual tone multi frequency
DTX discontinuous transmission
EIR equipment identification register
EMML extended man machine language
ERP effective radiated power
EWSD Digitales Elektronisches Wählsystem
FAC final assembly code
FACCH fast associated control channel
FACCH/F full rate FACCH
FACCH/H half rate FACCH
FB frequency correction burst
FC filter coupler
FCCH frequency correction channel
FDMA frequency division multiple access
FEC forward error correction)
6
Appendix Siemens
Siemens Appendix
7
Appendix Siemens
8
Appendix
Siemens Siemens
Appendix
9
Appendix Siemens
10
Appendix
Siemens Siemens
Appendix
11
Appendix Siemens
12
Appendix
Siemens Siemens
Appendix
13
Appendix Siemens
14
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
The way to CDMA Technology 1
Appindex 6
Reference 7
Glossary 8
CDMA Overview
Sub-section reference
Contents
1 Introduction to Cellular Technology 2
1.1 Progress in Radio Communications 2
1.2 The Growth in Cellular Market & its demands 4
1.3 Why is it called cellular? 6
2 Advantages of Digital Communications 8
2.1 Digital Communication 8
2.2 Digital Mobile Systems 10
3 Cellular System Architecture 11
3.1 System Architecture 11
3.2 Types of cells 13
4 Cellular System Components 15
4.1 Cellular System Components 15
5 Wireless Digital Transmission Problems 17
5.1 Reasons leading to Wireless Digital Transmission Problems 17
5.2 Result of Wireless Digital Transmission Problems 19
6 Solutions against Air transmission Problems 21
6.1 Solutions for Wireless Digital Transmission Problems 21
6.2 Solutions for Bit Error Rate 23
7 Transmission Principles 24
7.1 Duplex Transmission 24
7.2 Multiple Access Techniques 26
7.2.1 Frequency Division Multiple Access 26
7.2.1.1 The Advanced Mobile Phone Service (AMPS) 28
7.2.2 Time Division Multiple Access 29
7.2.2.1 The GSM network 31
7.2.3 Code Division Multiple Access 36
8 Data Transmission 38
8.1 Data Transmission Development 38
1
The Way To CDMA Technology
2
The Way To CDMA Technology
Fig.1
3
The Way To CDMA Technology
4
The Way To CDMA Technology
Fig.2
5
The Way To CDMA Technology
6
The Way To CDMA Technology
Fig. 3
7
The Way To CDMA Technology
8
The Way To CDMA Technology
Analogue
Signal
Transmission
Quality:
“Easy to regenerate”
Distance to BS
Fig. 4
Fig. 5
• Security
• Higher capacities
• Easily Maintainance
• Minaturization an friendleness
• High Quality with low cost
• Worlwide Availability
• New Service Implementation
• High Fidility
9
The Way To CDMA Technology
Fig.6
10
The Way To CDMA Technology
11
The Way To CDMA Technology
Cluster
Fig.7
Fig.8
12
The Way To CDMA Technology
13
The Way To CDMA Technology
Fig.9
Fig.10
Fig.11
14
The Way To CDMA Technology
15
The Way To CDMA Technology
Fig.12
16
The Way To CDMA Technology
17
The Way To CDMA Technology
Fig.13
Fig.14
18
The Way To CDMA Technology
19
The Way To CDMA Technology
Fig.15
20
The Way To CDMA Technology
• Time Advance
Time Advance is introduced to overcome the effect of time alignment. When the
MS is moving far away from the BTS , this BTS tells the MS how much time ahead of
the synchronization time it must transmit the burst .
21
The Way To CDMA Technology
Fig.16
Fig.17
22
The Way To CDMA Technology
Fig.18
23
The Way To CDMA Technology
7 Transmission Principles
7.1 Duplex Transmission
• FDD and TDD
Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap
between the two frequency bands for UL and DL is known as the duplex distance. It
is constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band,
Uplink (UL) and Downlink (DL) takes place at different times. There is fast switching
between UL and DL transmission, so that the user has the impression of
simultaneous transmission and reception.
As a result, only a fraction of the time needed for analog transmission is required
for digital transmission of subscriber data.
24
The Way To CDMA Technology
Fig.19
Fig.20
25
The Way To CDMA Technology
26
The Way To CDMA Technology
Fig.21
27
The Way To CDMA Technology
AMPS is used throughout the world and is particularly popular in the United
States, South America, China, and Australia. AMPS uses frequency modulation (FM)
for radio transmission. In the United States, transmissions from mobile to cell site use
separate frequencies from the base station to the mobile subscriber.
28
The Way To CDMA Technology
29
The Way To CDMA Technology
Fig.22
30
The Way To CDMA Technology
• Mobile Station MS
A Mobile Station consists of two main elements:
1. The Mobile Equipment Terminal.
2. The Subscriber Identity Module (SIM).
There are different types of terminals distinguished principally by their power and
application: The `fixed' terminals are the ones installed in cars. Their maximum
allowed output power is 20 W.The GSM portable terminals can also be installed in
vehicles. Their maximum allowed output power is 8W.
The handhels terminals have experienced the biggest success thanks to their
weight and volume, which are continuously decreasing. These terminals can emit up
to 2 W. The evolution of technologies allows decreasing the maximum allowed power
to 0.8 W.
31
The Way To CDMA Technology
Fig.23
32
The Way To CDMA Technology
The BSS connects the Mobile Station and the NSS. It is in charge of the transmission
and reception. The BSS can be divided into two parts:
• The Base Transceiver Station (BTS).
• The Base Station Controller (BSC).
Fig.24
33
The Way To CDMA Technology
34
The Way To CDMA Technology
Fig.25
35
The Way To CDMA Technology
36
The Way To CDMA Technology
Fig.26
37
The Way To CDMA Technology
8 Data Transmission
8.1 Data Transmission Development
One of the problems of data transmission using GSM is posed by the current
comparatively user-unfriendly usage of data services in the terminals (e.g. SMS) or
the complicated connection of terminal equipment via adapter.
Terminal equipment in which different functions are integrated, as well as displays
optimized for each individual data transmission form provide an answer to this.
A decisive problem is posed by the comparatively low data transmission rates of
GSM Phase 1 and 2. Data transmission rates of 0.3 -9.6 kbit/s compared to 64 kbit/s
using ISDN are considerably too low.
To increase the data transmission rates in the Europian system new bearer
services are being developed in GSM Phase 2+, which will adapt the data
transmission rates to the ISDN transmission rates in various usage areas or even, be
considerably above them.
38
The Way To CDMA Technology
Fig.27
Fig.28
39
Chapter 2
1
Basic Concept of Spread Spectrum Technology
1 Advantages of CDMA
When implemented in a cellular telephone system, CDMA technology offers
many benefits to meet Mobile Radio Requirements. The following is an overview
of the advantages of CDMA.
2
Basic Concept of Spread Spectrum Technology
Fig.1
Fig.2
3
Basic Concept of Spread Spectrum Technology
4
Basic Concept of Spread Spectrum Technology
Fig.3
5
Basic Concept of Spread Spectrum Technology
6
Basic Concept of Spread Spectrum Technology
Fig.4
Fig.5
7
Basic Concept of Spread Spectrum Technology
8
Basic Concept of Spread Spectrum Technology
Fig.6
Fig.7
9
Basic Concept of Spread Spectrum Technology
10
Basic Concept of Spread Spectrum Technology
Fig.8
Fig.9
11
Basic Concept of Spread Spectrum Technology
12
Basic Concept of Spread Spectrum Technology
Fig.10
13
Basic Concept of Spread Spectrum Technology
14
Basic Concept of Spread Spectrum Technology
Fig.11
15
Basic Concept of Spread Spectrum Technology
Fig.12
16
Chapter 3
1
CDMA codes and its usage
On the reverse link, all mobiles respond in an asynchronous fashion. The user data
is encoded, interleaved, and then blocks of 6 bits are mapped to one of the 64 orthogonal
Walsh functions. Finally, the data is spread by a user specific code of 42 bits (channel
identifier) and the base station pseudorandom sequence of length 2 15 chips. The reverse
channel is organized in:
At both the base station and the terminal, Rake receivers are used to resolve and
combine multipath components, in order to improve the link quality.
2
CDMA codes and its usage
Fig.1
3
CDMA codes and its usage
4
CDMA codes and its usage
Fig.2
5
CDMA codes and its usage
If the value of 0 (all shift register bits are 0) is ever present in the shift register, it will
stay in that state until reloaded with a nonzero value.
6
CDMA codes and its usage
Fig.3
Fig.4
7
CDMA codes and its usage
Fig.5
8
CDMA codes and its usage
1. Short PN code
2. Long PN code
3. Walsh codes
IS-95 uses the two types of maximum-length PN generators to spread the signal power
uniformly over the physical bandwidth of about 1.25 MHz. The PN spreading on the reverse
link also provides near orthogonality of and hence, minimal interference between signals
from each mobile. This allows reuse of the band of frequencies available, which is a major
advantage of CDMA.
2.2.1 Short Code:
A 15-stage linear shift register generates the short PN code. Therefore, the maximum
length of the Short PN Code is
L = 2 N-1 = 2 15-1 = 32,768-1 chips.
By implementation, an extra chip is inserted at the end of the sequence, yielding a
sequence of length L=32,768 chips. The short PN code runs at a speed of 1,228,800 chips
per second. This yields a repetition cycle of 32,768/1,228,800=26.67 ms.
The short PN code consist of two PN Sequences I and Q each 32,768 chips long
generated in similar but differently tapped 15 bit shift register, the two sequences scramble
the information on the I and Q phase channels.
§ These codes are used for cell identification in a reused cell.
§ The chip rate of the short PN code is 1.2288 Mcps.
9
CDMA codes and its usage
Fig.6
Fig.7
10
CDMA codes and its usage
Fig.8
11
CDMA codes and its usage
12
CDMA codes and its usage
Fig.9
Fig.10
13
CDMA codes and its usage
14
CDMA codes and its usage
Where SNRo and SNRi are the output and input SNR of the correlator, respectively.
Where BWD and BWSS are the bandwidth of the data before and after SS modulation.
Fig.11
15
CDMA codes and its usage
16
CDMA codes and its usage
Fig.12
17
CDMA codes and its usage
Fig.13
18
CDMA codes and its usage
Parallel search
Unlike serial search, we test all the possible phases simultaneously in the parallel search
strategy as shown in figure. Obviously, the circuit complexity of the parallel search is high.
The overall acquisition time is much smaller than that of the serial search.
Fig.14
19
CDMA Air Interface Overview
Fig.15
20
Chapter 4
Contents
1 CDMA Air Links and Channels 2
1.1 CDMA Air Links 2
1.2 Forward Link Channels 4
1.2.1 Pilot Channel 4
1.2.2 Sync Channel 6
1.2.3 Paging Channel 7
1.2.4 Rate Set 1Traffic Channel 9
1.2.5 Rate Set 2 Traffic Channel 11
1.3 Reverse Link Channels 12
1.3.1 Access Channel 12
1.3.1 Access Channel (Cont.) 14
1.3.2 Traffic Channel 15
1.3.2 Traffic Channel (Cont.) 16
1.4 How calls from a BTS are encoded and transmitted to a cellphone 17
1
CDMA Air Interface Overview
2
CDMA Air Interface Overview
Fig.1
Fig.2
3
CDMA Air Interface Overview
4
CDMA Air Interface Overview
Fig.3
5
CDMA Air Interface Overview
Fig.4
6
CDMA Air Interface Overview
7
CDMA Air Interface Overview
Fig.5
8
CDMA Air Interface Overview
9
CDMA Air Interface Overview
Fig.6
10
CDMA Air Interface Overview
Note that in order to maintain the output of the block interleaver at 19.2 Ksps, the
rate of the convolutional encoder is increased to R = 3/4.
Fig.7
11
CDMA Air Interface Overview
12
CDMA Air Interface Overview
Fig.8
13
CDMA Air Interface Overview
• Registration Message: sends to the base station information necessary to page the
mobile, such as: location, status, and identification.
• Order message: to transmit information such as base station challenge, mobile
station acknowledgement, local control response, and mobile station reject.
• Data Burst message: user-generated data message sent by the mobile station to the
base station.
• Origination message: allows the mobile station to place a call’ sending dialed digits.
• Page Response message: used to respond to a page.
• Authentication Challenge Response message: contains necessary information to
validate the mobile station’s identity.
Fig.9
14
CDMA Air Interface Overview
Fig.10
Fig.10 15
CDMA Air Interface Overview
This channel can multiplex primary (voice) and secondary (data) or signaling traffic.
Some of the typical messages that the reverse traffic channel carries are:
• Order messages: include base station challenge, parameter update confirmation,
mobile station acknowledgement, service option request and response, release,
connect, DTMF tone, etc.
• Authentication Challenge Response message: information to validate the mobile
station.
• Data Burst message: a user-generated data message sent by the mobile to the base
station.
• Pilot Strength Measurement message: information about the strength of other pilot
signals that are not associated with the serving base station.
• Power Measurement Report message: sends FER statistics to the base station.
• Handoff Completion message: is the mobile response to a Handoff Direction
message.
• Parameter Response message: is the mobile response to the base station to a
Retrieve Parameters message.
Fig.11
16
CDMA Air Interface Overview
At the base station, each voice conversation is converted into digital code and
compressed with a vocoder. The vocoder output is doubled by a convolutional encoder that
adds redundancy for error checking. Each bit from the encoder is replicated 64 times and
exclusive OR'd with a Walsh code that is used to identify that call from the rest.
The output of the Walsh code is exclusive OR'd with the next string of bits (PN sequence)
from a pseudo-random number generator, which is used to identify all the calls in a
particular cell's sector. At this point, there is 128 times as many bits as there were from the
vocoder's output. All the calls are combined and modulated onto a carrier frequency in the
800 MHz range.
At the receiving side, the received signals are quantized (turned into bits) and run
through the Walsh code and PN sequence correlation receiver to recover the transmitted
bits of the original signal. When 20ms of voice data is received, a Viterbi decoder corrects
the errors using the convolutional code, and that all goes to the vocoder that turns the bits
back into waveforms (sound).
17
CDMA Air Interface Overview
Fig.12
18
Chapter 5
Contents
1 Power Control in CDMA 2
1.1 Introduction 2
1.1.1 Effect of No Power Control 2
1.1.2 The NEAR – FAR Problem 2
1.2 Classification of Power Control Techniques 4
1.2.1 According to update strategies 4
1.2.2 According to direction of transmission 6
1.2.3 According to techniques 8
2 Rake Receiver 9
2.1 Rake Receiver Theory and Structure 9
3 Handoff Versus Handover 11
3.1 Handoff Versus Handover 11
3.2 Soft Handover 11
3.2.1 The Importance Of Soft Handoff 11
3.3 Softer Handover 12
4 Multiuser Detection 14
4
1
CDMA System Aspects
2
CDMA System Aspects
Fig.1
Fig.2
3
CDMA System Aspects
4
CDMA System Aspects
Fig.3
5
CDMA System Aspects
6
CDMA System Aspects
Fig.4
7
CDMA System Aspects
3. Outer Loop PC
Signal to interference ratio is varied, to guarantee QoS (BER,..)
Fig.5
8
CDMA System Aspects
2 RAKE Receiver
9
CDMA System Aspects
Fig.6
10
CDMA System Aspects
11
CDMA System Aspects
Fig.7
12
CDMA System Aspects
Fig.8
13
CDMA System Aspects
4 Multiuser Detection
The current CDMA receivers are based on the RAKE receiver principle, which
considers other users’ signals as interference. However, in an optimum receiver all signals
would be detected jointly or interference from other signals would be removed by
subtracting them from the desired signal. This is possible because the correlation
properties between signals are known (i.e., the interference is deterministic not random).
The capacity of a direct sequence CDMA system using RAKE receiver is interference
limited. In practice this means that when a new user, or interferer, enters the network, other
users’ service quality will go below the acceptable level. The more the network can resist
interference the more users can be served. Multiple access interference that disturbs a
base or mobile station is a sum of both intra- and inter-cell interference. Multiuser detection
(MUD), also called joint detection and interference cancellation (IC), provides a means of
reducing the effect of multiple access interference, and hence increases the system
capacity.
In the first place MUD is considered to cancel only the intra-cell interference, meaning
that in a practical system the capacity will be limited by the efficiency of the algorithm and
the inter-cell interference. In addition to capacity improvement, MUD alleviates the near/far
problem typical to DS-CDMA systems. A mobile station close to a base station may block
the whole cell traffic by using too high a transmission power. If this user is detected first and
subtracted from the input signal, the other users do not see the interference. Since optimal
multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference using too high a transmission power. If this user is detected
first and subtracted from the input signal, the other users do not see the interference. Since
optimal multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference (i.e., the interference due to correlations between user codes).
Examples of linear detectors are decorrelator and linear minimum mean square error
(LMMSE) detectors. In interference cancellation multiple access interference is first
estimated and then subtracted from the received signal. Parallel interference cancellation
(PIC) and successive (serial) interference cancellation (SIC) are examples of interference
cancellation.
14
CDMA System Aspects
Fig.9
15
Appendix
Appendix
Appendix
A
AC Authentication Center
ACCH Associated Control CHannel
ACE Antenna Coupling Equipment
ADC Analog to Digital Converter
AGCH Access Grant Channel
AMR Adaptive MultiRate speech
AMX ATM MultipleXer
AMPS Advanced Mobile Phone Services
ANSI American National Standards Institute (USA)
AP Application Part
ARFCN Absolute Radio Frequency Channel Number
ARIB Association of Radio Industries and Business (Japan)
ARQ Automatic Repeat reQuest
ASCI Advanced Speech Call Items
ASN ATM Switching Network
ATM Asynchronous Transfer Mode
AUC Authentication Center
B
BA BCCH Allocation
BCC Base transceiver station Color Code
BCCH Broadcast Control CHannel
BCH Broadcast CHannel
BER Bit Error Rate
BPSK Binary Phase Shift Keying
BS Base Station
BSC Base Station Controller
BSIC Base transceiver Station Identity Code
1
Appendix
3
Appendix
4
Appendix
K
kbps Kilo Bits per second
Kc cipher Key
Ki individual subscriber authentication Key
L
LA Location Area
LAI Location Area Identity
LAN Local Area Network
LAPDm Link Access Protocol on the Dm channel
LCR Low Chip Rate
LEO Low Earth Orbital
LES Land Earth Station
5
Appendix
6
Appendix
MUX MUltipleXer
N
NB Normal Burst
NCC Network Color Code (PLMN color code)
NDC National Destination Code
NE Network Element
NMT Nordic Mobile Telephone
NSS Network Switching Subsystem
O
O&M Operation and Maintenance
OACSU Off Air Call Set Up
ODMA Opportunity Driven Multiple Access
OFDMA Orthogonal Frequency Division Multiple
Access
OMC Operation & Maintenance Center
OMC-B Operation & Maintenance Center for BSS
OMC-S Operation & Maintenance center for SSS
OSS Operation SubSystem
OVSF Orthogonal Variable Spreading Factor codes
P
PA Power Amplifier
PACS Personal Access Communication System
PC Power Control
PCM Pulse Code Modulation
PCU Packet Control Unit
PDA Personal Data Assistant
PDC Personal Digital Cellular (Japan)
PDN Packet Data Network
PHS Personal Handy System (Japan)
7
Appendix
8
Appendix
9
Appendix
10
Appendix
11
References
References
References
• M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications",
Cell & Sys (1992), ISBN 2-9507190-0-7
• S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House
Inc.(1995), ISBN 0-89006-785-6
• Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 0-
89006-860-7
• G. Heine, "GPRS from A – Z", Artech House Inc. (2000), ISBN 1-58053-
181-4V.K.G. Garg, K.F. Smolik, J.E. Wilkes, „Applications of CDMA in
Wireless/Personal Communications“, Feher / Prentice Hall digital and
wireless communications series (1997) ISBN 0-13-572157-1
• A.J. Viterbi: „CDMA: Principles of Spread Spectrum for third Generation
Mobile Communication“ (1995), ISBN 0-201-63374-4
• T. Ojanperä, R. Prasad: „ Wideband CDMA for third Generation Mobile
Communication“, (1998) ISBN 0-89006-735-X
• R. Prasad, W. Mohr, W. Konhäuser, „Third Generation Mobile
Communications Systems, Artech House Publishers (04/2000)
• G. Calhoun, „Third Generation Wireless Communications: Post Shannon
Architectures“, Artech House Publishers (07/2000)
• Authentication and Security in Mobile Phones by Greg Rose, Qualcomm
Inc., Australia.
• Security in CDMA Wireless Systems by Frank Quick, Qualcomm Inc.,
February 1997
• Security Aspects of Mobile Wireless Networks, by Mullaguru Naidu, July
2002.
• CDMA RF System Engineering, by Samuel C. Yang
• Understanding Cellular Radio, by WILLIAM WEBB
• B. J. Wysocki and T. A. Wysocki, “Power Spectra of Signal Formats for
DS-SS CDMA Wireless LANs,” IEEE TENCON, pp. 329-332, 1996
• M.Y. Rhee, CDMA Cellular Mobile Communications Network Security.
Prentice Hall, 1998
• G. Allen and S. Raymond, “Encryption of Analog Signals - A Perspective,”
IEEE Journal on selected area in communications, vol. SAC-2, No. 3, pp.
423-425, 1984.
• James A. Davis, “Security Aspects in Mobile Phone Telephony: Focus on
GSM,” White Paper, Jan. 2000.
• CDMA System Analysis II, by Timothy X Brown, Silvana Susi, Sukhjinder
Singh University Of Colorado, Boulder
1
References
Useful links
• http://www.3gpp.org
• http://www.itu.int/imt
• http://www.etsi.fr
• http://www.umts-forum.org
• http://www.gsmworld.com
• http://www.cdg.org
2
Glossary
Glossary
Glossary
AMPS (Advanced Mobile Phone Service):
Developed by AT&T’s Bell Laboratories in the1970’s and first used in the US in
1983. The AMPS Standard has been the foundation for the industry in the United
States.
CDMA (Code Division Multiple Access):
Known in the US as IS-95, a spread spectrum approach to digital transmission.
With CDMA, each conversation is digitized and then tagged with a code. The
mobile phone is then instructed to decipher only a particular code to pluck the
right conversation off the air. It has a 1.25Mhz spread spectrum air interface,
uses the same frequency bands as AMPS and supports AMPS operation,
employing spread-spectrum technology and a special coding scheme. It was
adopted by the Telecommunications Industry Association (TIA) in 1993.
DAMPS (Digital AMPS): The second generation of the AMPS standard.
FDMA (Frequency Division Multiple Access): FDMA is the division of the
frequency band allocated for wireless cellular communication into 30 KHz
channels, each of which can carry a two way voice conversation. FDMA is the
basic technology used in AMPS, the most widely installed cellular phone system
in North America. With FDMA, each channel can be assigned to only one user at
a time.
EDGE (Enhanced Data rate for GSM Evolution):
The next generation of data heading towards third generation and personal
multimedia environments. It builds on GPRS and is a technique to increase the
maximum data capacity of GSM radio channels. It will allow GSM operators to
use existing GSM radio bands to offer wireless multimedia IP-based services and
applications at theoretical maximum speeds of 384 kbps with a bit-rate of 48 kbps
per timeslot and up to 69.2 kbps per timeslot in good radio conditions.
GPRS (General Packet Radio Service):
A GSM data transmission technique that does not set up a continuous channel
from a portable terminal for the transmission and reception of data, but transmits
and receives data in packets, with users only paying for the volume of data sent
and received.
GPS (Global Positioning System):
A satellite navigation system, consisting of 24 geosynchronous satellites. Used in
personal tracking, navigation and automatic vehicle location technologies.
1
Glossary
Cell Site:
The central radio transmitter/receiver that maintains communications with mobile
phones within a give range. Also called a Base Station.
Diversity:
The use of multiple antennas to receive or transmit the same signal, so that if one
of the antennas picks up a weak signal, another antenna should have a strong
signal.
Downlink:
The transmission of radio signals from the Base Station to the mobile handset.
EIR (Equipment Identity Register):
The component of a GSM system that retains information about the identity of
equipment such mobile phones. Assists network operator in discovering stolen
mobile phones and blocking them from using the network.
Fading:
A reduction in signal strength in a radio signal. Fading is usually caused by
reflected waves from the transmitter having different phases from the main signal
path.
GMSC (Gateway Mobile Switching Center):
The component of a GSM network, which provides a point of connection between
the GSM network and the PSTN.
Handoff:
The process of transferring a mobile phone conversation from one cell site to
another as a user crosses cell areas during the conversation.
HLR (Home Location Register):
The component of a GSM network responsible for maintaining the location of a
mobile.
IMEI (International Mobile Equipment Identity):
The unique serial number given to each phone, to help in tracking stolen mobile
phones.
IMSI (International Mobile Subscriber Identity):
A unique number used in GSM systems to identify individual subscribers.
MAHO (Mobile Assisted Handoff):
Similar to a basic handoff, except that the mobile also helps in finding a suitable
base station to handoff into by providing the network with measurements
indicating which base station provides the largest signal strength.
3
Glossary
Modulation:
Information on a carrier signal modulated by varying one or more of the signal's
basic characteristics - frequency, amplitude and phase. Different modulation
carries the information as the change from the immediately preceding state rather
than the absolute state.
MS (Mobile Station):
Another name for a cellular mobile phone.
MSC (Mobile Switching Center):
The switch in a GSM network, which connects calls from the GMSC to the
particular base station in which the mobile phone is currently located. The MSC
also manages call handovers.
MTSO (Mobile Telephone Switching Office):
The central computer that connects a wireless phone call to the public telephone
network. The MTSO controls the entire system’s operations, including monitoring
calls, billing and handoffs.
POTS (Plain Old Telephone Service):
Standard household phone service. PSTN (Public Switched Telephone Network):
The worldwide telephone network which allows people to call anywhere in the
world. The PSTN mainly consists of copper cables and switches.
Roaming:
Roaming allows a user to operate their mobile phone in another countries
network.
The user’s network makes agreements with other networks worldwide to allow
this to happen.
Smart antenna:
An antenna system with technology that enables it to focus its beam on a desired
signal to reduce interference. A wireless network would employ smart antennas
at its base stations in an effort to reduce the number of dropped calls, improve
call quality and improve channel capacity.
Soft handoff:
Procedure in which two base stations, one in the cell site where the phone is
located and the other in the cell site to which the conversation is being passed,
both hold onto the call until the handoff is completed. The first cell site does not
cut off the conversation until it receives information that the second is maintaining
the call. This reduces the probability of the call being blocked.
Uplink:
The transmission of radio signals from the mobile handset to the Base Station.
VLR (Visitor Location register):
The component of a GSM network which keeps track of a mobile phone’s
position to the nearest location area.
4
Glossary
Walsh codes:
A family of orthogonal codes often preferred for CDMA transmission.
WLL Wireless Local Loop:
The use of radio to replace copper wiring as a means of connecting the home to
the PSTN.
5
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
Introduction and Overview 1
Procedures 4
GPRS Introduction
Abbreviations 5
GPRS Introduction
Sub-section reference
Contents
1 Mobile Radio Evolution 23
1
Introduction and Overview Siemen
Subscriber trends:
1982 - 2002
1000
Germany
100
Subscriber [M.]
World
10
0,1
0,01
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
2002
Year
Fig. 1 Increase in the number of subscribers due to introduction of first and second generation of mobile communication
2
Introduction and Overview Siemens
2 G Trends:
Speech → Data transmission
100
1 G: speech
speech transmission only data
80
2 G:
traffic [%]
60
• speech transmission
• supplementary services
40
• data transmission
20
0
1996 2001 2005 2007
year
3
Introduction and Overview Siemens
4
Introduction and Overview Siemens
Wireless
Wireless booth Local Loop IMT-2000:
WLL
UMTS, MC-CDMA,
analoge digital
TD-SCDMA,...
Private Mobile Radio PMR
PMR e.g. TETRA
digital
analog
cellular systems
cellular systems
e.g GSM, D-AMPS,
e.g. C450, NMT, AMPS
IS-95, PDC
• compatibility within 3G
• downward compatibility to
analog MSS digital MSS
e.g. INMARSAT e.g. IRIDIUM
2G (e.g. UMTS → GSM)
• resource efficiency
• high data rates
Multiple incompatible standards • applications • Multimedia
for different • countries / regions
Fig. 3 Intention of third generation as a common global standard for different applications, regions, and service areas
5
Introduction and Overview Siemens
Mobile Radio
Evolution
Fig. 4
6
Introduction and Overview Siemens
GSM900 / E-GSM
In 1990 the first GSM standard, known as GSM900 with 2x 25 MHz developed. An
extension of this, the E-GSM (Extended GSM), provides a further 20 MHz, i.e. a total
of 2 x 35 MHz for GSM, in the event that national authorizations to operate other sys-
tems expire.
GSM1800 (DCS1800)
In 1991 the DCS1800 (Digital Cellular System) standard, a GSM adaptation, was
agreed upon as result of a British initiative in view of the opening-up of a mass-
market; in 1997 this standard was renamed GSM1800. For GSM1800 2 x 75 MHz is
available in the 1800 MHz area.
GSM1900 (PCS1900)
Since 1995 PCS1900 (Public Cellular System), renamed GSM1900 in 1997 repre-
sents the GSM adaptation for the American market. 2 x 60 MHz are available for
GSM1900 and other standards (D-AMPS, IS-95,..).
GSM-R
GSM-R (Railway) was specified as GSM Adaption for mobile radio communication. In
1995 ETSI decided to reserve 2 x 4 MHz in 900 MHz range for GSM-R. First GSM-R
systems are in operation since 1998
7
Introduction and Overview Siemens
GSM-R GSM-Adaptations
890 935 1880
GSM GSM
GSM GSM 1800 1800
900 900
GSM GSM
E-GSM E-GSM 1900 1900
876 880 915 921 925 960 [MHz] 1710 1785 1805 1850 1910 1930 1990 [MHz]
Frequency Range Useable HF Application Area
[MHZ] channels
GSM900 890 - 915 / 935 - 960 124 Worldwide except
E-GSM 880 - 915 / 925 - 960 174 US
GSM1800 1710 - 1785 / 1805 - 1880 374 Worldwide except
US
GSM1900 1850 - 1910 /1930 - 1990 Shares HF-channels US
with other standards
GSM-R 876 - 880 / 921 - 925 19 European
railroads
8
Introduction and Overview Siemens
GSM Phase1
Phase 1 (agreed upon in 1990/91) includes all central prerequisites for mobile, digital
transmission of information. Speech transfer plays an important role. Data transmis-
sion was also defined with transmission rates of 0.3 to 9.6 kbit/s. GSM phase 1 in-
cludes only a few supplementary services.
GSM Phase2
Research on GSM phase 2 was concluded in 1995. Mainly supplementary services
comparable to ISDN were specified, but also technical improvements such as half
rate speech were considered. Of central importance was the agreement on down-
ward compatibility, meaning that all networks and terminal equipment of phase 2
were compatible to the networks and terminal equipment of phase 1.
GSM Phase2+
Phase2+ marks a “smooth” transition as opposed to phase2. The standard is not en-
tirely re-worked. Since 1996 annual releases take place and current themes relate to
new supplementary services relevant mainly for special groups of users, as well as to
connection and call control issues, IN applications and data services with high trans-
mission rates.
9
Introduction and Overview Siemens
Phase 2+
Phase 2 Phase 2
Phase 1 Phase 1 Phase 1
10
Introduction and Overview Siemens
3 GSM – Phase2+
Mobile Radio
Evolution
GSM - Phase 2+
Fig. 7
11
Introduction and Overview Siemens
GSM
Multi-
Phase2+ Satellite
Roaming Band / Mode
Multiple further
features
EFR ASCI
Enhanced Advanced Speech
Full Rate Call Items CAMEL
Customized Application
for Mobile network
HSCSD Enhanced Logic
High Speed Circuit
Switched Data
EDGE • GSM solutions for
Enhanced Data Rates
for the GSM evolution demands to
GPRS mobile radio:
General Packet ∗ enhanced speech quality
Radio Service ∗ user friendly equipment
∗ world-wide connectivity /
“home PLMN” service
∗ specific services
GSM ∗ fast transfer of large
Phase 2+ data volumes
• platform for UMTS:
Solutions compatibility GSM⇔ UMTS
common infrastructure
Fig. 8 Solutions for new demands and market trends offered by GSM phase 2+
12
Introduction and Overview Siemens
13
Introduction and Overview Siemens
Time Slot
HSCSD GPRS
up to up to
14.4 kbit/s 21.4 kbit/s
14
Introduction and Overview Siemens
EDGE
(Enhanced Data Rates for GSM Evolution)
EDGE:
• uses a new modulation method:
replaces GMSK by 8PSK
⇒ three bit of information can be transported
by one symbol of modulation (instead of one bit)
⇒ BTS has to be upgraded
⇒ hardware modifications are necessary
15
Chapter 2
Contents
1 GPRS Objectives and Advantages 23
1.2 Standardization 56
2 Basic Principles 79
3 GPRS-Architecture 1721
1
GPRS - General Packet Radio Services Sidemen's
GPRS
General Packet Radio Services
Fig. 1
2
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
3
GPRS - General Packet Radio Services Sidemen's
GPRS Objectives
& Advantages
SMSC
PDN´s
SMS
IP
BSS Service provider Internet
SSS BS-udi ISDN access point
Modem Modem Intranet
BS-
3.1 kHz
audio PSPDN
PSTN
4
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
1.2 Standardization
The introduction of GPRS into the GSM Recommendations is carried out in two
phases.
Phase 1 of GPRS introduction was completed by ETSI in the Annual Release 1997
(03/98) and includes all central GPRS functions.
Phase 1 supports:
Point-to-point transfer of user data
TCP/IP and X.25 bearer services
GPRS identities
GPRS safety (a new ciphering algorithm specially designed for packet data)
Support of volume-oriented billing
In Phase 2, further extensions are planned for all requirements to be met by GPRS:
Support of point-to multipoint (PTM) services
Support of special point-to-point and point-to-multipoint services for applications such
as traffic telematics and GSM-R (PTM-Group Call: PTM-Multicast)
Support of further additional services
Support of additional interworking functions (e.g. ISDN)
Phase 2 will be completed in 1998 or 1999.
GPRS Phase 1 includes the introduction of a number of new recommendations;
some of the existing recommendations have been modified to cover other GPRS
functions, too.
The following recommendations are of central importance:
5
GPRS - General Packet Radio Services Sidemen's
Rec. 02.60
General GPRS Overview
ETSI/GERAN
Rec. 03.60
GPRS system &
architecture description
Rec. 03.64
Very important: Radio architecture description
6
GPRS - General Packet Radio Services Sidemen's
2 Basic Principles
GPRS
General Packet Radio Services
Basics
Fig. 4
7
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
New GPRS coding schemes (CS) - CS1 - CS4 - have been defined for the transmis-
sion of packet data traffic channel PDTCH (Rec. 03.64). Coding schemes can be as-
signed as a function of the quality of the radio interface. Normally, groups of 4 burst
blocks each are coded together.
CS-1 makes use of the same coding scheme as has been specified for SDCCH in
GSM Rec. 05.03. It consists of a half rate convolutional code for forward error correc-
tion FEC. CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-4 has no redundancy in transmission (no FEC) and corresponds to a data rate of
21.4 kbit/s.
CS-2 and CS-3 represent punctured versions of the same half rate convolutional
code as CS-1.
CS-2 corresponds to a rate of 13.4 kbit/s, while CS-3 corresponds to a data rate of
15.6 kbit/s.
In principle, 1 to 8 time slots TS of a TDMA frame can be combined dynamically for a
user for the transmission of GPRS packet data. Theoretically it is thus possible to
achieve peak performances of up to 171.2 kbit/s (8x21.4 kbit/s) with GPRS.
8
GPRS - General Packet Radio Services Sidemen's
Coding different
Schemes redundancy (FEC) →
“Um transmission quality”
9
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
The packet network address is necessary to identify the subscriber in the public
data net. Either dynamically assigned (temporary) addresses or (in the future) static
addresses are used in case of IP. The problem of the dynamic addresses will be
overcome with the change from Ipv4 to IPv6. In GPRS is two layer 2 protocols are al-
lowed, X.25 or IP.
The quality of service QoS: QoS describes various parameters. The subscriber pro-
file defines the highest values of the QoS parameters that can be used by the sub-
scriber.
The screening profile: This profile depends on the PDP used and on the capacity of
the GPRS nodes. It serves to restrict acceptance during transmission/reception of
packet data. For example, a subscriber can be restricted with respect to his possible
location, or with respect to certain specific applications.
The GGSN address: The GGSN address indicates which GGSN is used by the sub-
scriber. In this way the point of access to external packet data networks PDN is de-
fined. The internal routing of the data is done by IP protocol; the GSNs will have IP
addresses. A DNS function is needed to find the destination of the data packets (ad-
dress translating: e.g. www.gsn-xxx.com → 129.64.39.123)
10
GPRS - General Packet Radio Services Sidemen's
PDP
Parameter
Screening
GGSN address
Access to external PDN Profile
limits receiving / emission
of data packets
Fig. 6 Part of the GPRS subscriber profile are the PDPs and their parameters
11
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
Peak
throughput
class
precedence class
reliability class
mean throughput
class
delay class
12
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
Precedence Class
Three different classes have been defined to allow assessment of the importance of
the data packets, in case of limited resources or overload:
1. High precedence
2. Normal precedence
3. Low precedence
Delay Class
GSM Rec.02.60 defines 4 delay classes (1 to 4). However, a PLMN only needs to re-
alize part of these. The minimum requirement is the support of the so-called „best ef-
fort delay class“ (Class 4). Delay requirements (maximum delay) concern the delay of
transported data through the entire GPRS network (the first two columns refer to data
packets 128 bytes in length, while the last two columns apply to packets 1024 bytes
in length).
Delay Class mean transfer 95% delay mean transfer 95% delay
delay (sec) (sec) delay (sec) (sec)
1 < 0,5 < 1,5 <2 <7
2 <5 < 25 < 15 < 75
3 < 50 < 250 < 75 < 375
4 (Best Effort) unspecified unspecified unspecified unspecified
13
GPRS - General Packet Radio Services Sidemen's
Precedence Class
1: high priority
2: normal priority
3: low priority
Delay Class
Delay Class mean transfer 95% delay mean transfer 95% delay
delay (sec) (sec) delay (sec) (sec)
1 < 0,5 < 1,5 <2 <7
2 <5 < 25 < 15 < 75
3 < 50 < 250 < 75 < 375
4 (Best Effort) unspecified unspecified unspecified unspecified
minimum
requirements
SDU size: 128 Byte 1024 Byte
Fig. 8 QoS is an assumption of several parameters, which are defined in the recommendations
14
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
Reliability Class
Transmission reliability is defined with respect to the probability of data loss, data de-
livery beyond/outside the sequence, twofold data delivery, and data falsification
(probabilities 10-2 to 10-9):. 5 reliability classes (1 to 5) have been defined, 1 guaran-
teeing the highest and 5 the lowest degree of reliability. Highest reliability (Class 1) is
required for error-sensitive, non-real-time applications, which have no possibility of
compensating for data loss; lowest reliability (Class 5) is needed for real-time applica-
tions which can get over data loss.
The peak throughput class defines the maximum data rate to be expected (in
bytes/s). However, there is no guarantee that this data rate/throughput can be
achieved over a certain period of time. This depends on the capacity of the MS and
the availability of radio resources. 9 throughput classes have been defined, ranging
from Class 1 with 1000 bytes/s (8 kbit/s) to 256,000 bytes (2048 kbit/s). The maxi-
mum data rate doubles from one class to the next.
The mean throughput class represents the mean data rate /throughput to be ex-
pected for data transport via the GPRS network during an activated link. A total of 19
classes have been defined. Class 1 is „best effort“ and means that the data rate for
the MS is made available on the basis of demand and availability of resources.
Class 2 stands for 100 bytes/h (0.22 bit/s), class 3 for 200 bytes/h, class 4 for 500
bytes/h and class 5 for 1000 bytes/h, etc. till Class 19 which stands for 50000000
bytes/h (111 kbit/s).
15
GPRS - General Packet Radio Services Sidemen's
Reliability Class
1 - 5 (lowest):
• data loss probability
• out of sequence probability
• duplicate probability
• corrupt data probability
probabilities 10 -9 - 10 -2
peak throughput Class
1 - 9: > 8 kbit /s - >2048 kbit /s
maximum data rate
no guarantee for this data rates
over a longer period of time
Fig. 9 QoS is an assumption of several parameters, which are defined in the recommendations
16
GPRS - General Packet Radio Services Sidemen's
3 GPRS-Architecture
GPRS
General Packet Radio Services
Architecture
Fig. 10
17
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
The Serving GPRS Support Node SGSN is on the same hierarchic level as MSC
and has functions comparable to those of a Visited MSC (VMSC).
The Gateway GPRS Support Node GGSN has functions comparable with those of a
Gateway MSC (GMSC) and offers interworking functions for establishing contact be-
tween the GSM/GPRS-PLMN and external packet data networks PDN
A GPRS Support Node GSN includes the central functions required to support the
GPRS. One PLMN can contain one or more GSNs.
In addition to GSN, extensions of functions in other GSM functional units are neces-
sary:
In the BSS a Packet Control Unit PCU ensures the reception/adaptation of packet
data from SGSN into BSS and vice versa.
GPRS subscriber data are added to the HLR. On the following pages of this script
this extension will be termed GPRS Register GR.
GPRS - Architecture
Channel Codec Unit CCU GPRS subscription data
in BTS (GPRS Register GR)
for channel coding
HLR
18
Sidemen's
GPRS - General Packet Radio Services GPRS - General Packet Radio Services
Sidemen'
19
GPRS - General Packet Radio Services Sidemen's
Asub VLR
T
A E PSTN
BTS MSC GMSC
MS B R A
(SIM) Abis A IWF/ ISDN
S U TC
Um BTS C
Gb CSE EIR HLR/AC
GSM BSS Gs Gf
Uu Iu(CS) Gr Gc
UE UMTS IP
(USIM) Terrestrial SGSN GGSN G
Iu(PS) Gn i
Radio Gd SLR X.25
E
Access
Network SMS-GMSC GSM Phase 2+
SMS-IWMSC Core Network
IWF/TC: Interworking Function / Transcoder
Fig. 12 Common GSM/GPRS/UMTS core network, coexistence of two radio access networks (GSM BSS/UTRAN)
20
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
21
GPRS - General Packet Radio Services Sidemen's
22
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
BSS PCU Gb
GGSN Gi External
GPRS-MS SGSN IP Network
SGSN & GGSN BSS PCU Gb
in same
physical entity
SGSN & GGSN
in different
BSS PCU physical entities /
location
SGSN
BSS PCU Gn External
IP-based GGSN IP Network
GPRS-MS
Backbone
SGSN Network
External
Gp GGSN X.25 Network
other
PLMN GGSN Security fu nctions
for Inte r-PLMN
co mmunication
23
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
24
GPRS - General Packet Radio Services Sidemen's
optional:
PCU, CCU, GPRS - MS Gb PCU-location
BTS BSC site GSN site
CCU
MS A
PCU
CCU
Um Abis Gb
Packet Control Unit PCU
Channel Codec Unit CCU • Channel Access Control functions
• Channel Coding (FEC, Interleaving,..) • Radio Channel Management functions
• Radio Channel Measurementfuncions (Power Control, Congestion Control,...)
(received quality & signal level, TA,..) • scheduling data transmission (UL/DL)
• protocol conversion (Gb ↔ Um)
25
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
Note: Various GSM specifications use the terms GPRS Class-A MS, GPRS Class-B
MS, GPRS Class-C MS.
GPRS-Mobile Station
Class B
GPRS and GSM
Class A services but not
Simultaneously handling simultaneously
of GPRS and other Class C
GSM services Only GPRS services
26
GPRS - General Packet Radio Services Sidemen's
4 Logical Functions
GPRS
General Packet Radio Services
Logical Functions
Fig. 17
27
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
Logical functions
in GPRS networks
Network Access
Control
Functions
Packet Routeing
& Transfer
Functions
Mobility
Management
Functions
Logical Link
Management
Functions
Radio Resource
Management
Functions
Network
Management
Functions
28
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
29
GPRS - General Packet Radio Services Sidemen's
Registration:
User‘s mobile ID associated with
*user‘s PDP Authentication &
*address Authorisation
*access points *user
*requested services
Admission Control
*required resources Message Screening
(available resouces) Filters unsolicited and
(reservation of resources) unauthorised messages
30
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
31
GPRS - General Packet Radio Services Sidemen's
Relay
forward data packets Routing
„next hop“
32
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
33
GPRS - General Packet Radio Services Sidemen's
Fig. 21 Mobility management, logical link, radio resource and network management functions
34
GPRS - General Packet Radio Services
Sidemen's GPRS - General Packet Radio Services
Sidemen'
35
Chapter 3
Contents
1 The Radio Interface (Layer 1) 23
1
GPRS Radio Interface Siemens
GPRS:
Interfaces
Fig. 1
2
GPRS Radio Interface Siemen
3
GPRS Radio Interface Siemens
Transmission
of user & GSM RF:
signaling data
GPRS Layer 1 (Um)
Measure
signal strength Cell Selection
L1-
tasks
determinate &
Power Control
actualise
functions Resource optimization:
Timing Advance
1 physical channel to be used
by many MSs simultaneously !!
Allocation of physical channel
(Packet Data Channel PDCH)
asymmetrical traffic
UL / DL possible !!
dynamically: 1 or 4 Radio Blocks
(1 Radio Block = 4 Normal Burst High data rate traffic
in 4 consecutive TDMA-frames) up to 171.2 kbit/s:
⇒ User & signaling data of several MSs combining 1..8 PDCH for 1 MS !!
statistically to be multiplexed into 1 PDCH
4
GPRS Radio Interface Siemen
5
GPRS Radio Interface Siemens
6
GPRS Radio Interface Siemen
Four new coding schemes were introduced for GPRS (Rec. 03.64): CS-1 to CS-4.
These can be used alternatively depending on the information to be transferred and
on the radio interface’s quality.
7
GPRS Radio Interface Siemens
Radio Block
BCS: Block Code Sequence MAC: Medium Access Control RLC: Radio Link Control
(for error recognition)
Channel Coding
4 new Coding Schemes:
CS-1, -2, -3, -4
8 Burst-
Interleaving 57 Bit 57 Bit 57 Bit ••• 57 Bit 57 Bit
blocks
8
GPRS Radio Interface Siemen
By bundling up to 8 packet data channels of one carrier into one MS, transmission
rates up to 171.2 kbit/s are possible.
9
GPRS Radio Interface Siemens
Fig. 6 Coding schemes of GPRS, CS1 with high redundancy, CS4 no redundancy, radio blocks
10
GPRS Radio Interface Siemen
11
GPRS Radio Interface Siemens
18
CS1
16 CS2
CS3
Net Throughput (kbit/s)
14 CS4
12
10
0
18 17 16 15 14 13 12 11 10 9 8 7 6 5
Carrier / Interference C/I (dB)
Fig. 7 Comparison of the efficiency of the four coding schemes under realistic circumstances of the air interface
12
GPRS Radio Interface Siemen
13
GPRS Radio Interface Siemens
Logical Channel
(for GSM Circuit Switched)
Fig. 8 "Classical" logical channels of GSM may be used by GPRS users too
14
GPRS Radio Interface Siemen
New GPRS signaling channels are mainly specified analogously to GSM Phase1/2.
The Packet Common Control Channel PCCCH has been newly defined. It consists
of a set of logical channels, which are used for common control signaling to start the
connection set-up:
Packet Random Access Channel PRACH
Packet Paging Channel PPCH
Packet Access Grant Channel PAGCH
Packet Notification Channel PNCH
PRACH and PAGCH fulfill GPRS-MS functions, which are analogue to the “classical”
logical channels RACH and AGCH for non-GPRS-users. The PNCH is used for the
initiation of point-to-multipoint multicast (PtM multicast).
For the transmission of system information to the GPRS mobile stations, the
Packet Broadcast Control Channel PBCCH
was defined analogue to the “classical” BCCH.
In a physical channel all different types of logical channels can be contained (no
separation into traffic and signaling channels respectively as is done in conventional
GSM). The differentiation of channel contents is carried out per radio block using the
MAC header, i.e. contents are specified for the four normal bursts of a radio block
sent in each case.
The MAC function, which distributes the physical channel to the various mobile sta-
tions and allocates radio resources to an MS can also use the conventional logical
channels in GSM.
15
GPRS Radio Interface Siemens
Logical channels
for GPRS
Broadcast channel DL PBCCH Packet System
Packet Broadcast Information
Control Channel
16
GPRS Radio Interface Siemen
For packet common control channels PCCH, conventional 51-type multiframes can
be used for signaling or 52-type multiframes. The GPRS users can use "classical"
common control channels of GSM before they will be directed onto their PTCHs. All
mobiles will read the BCCH anyway. Either in case of GSM mobiles to fulfill the same
tasks as before and for GPRS equipment this logical channel will indicate weather
GPRS service is available and if extra logical channels (PBCCH, PPCH, ...) are used.
GSM CS traffic and GPRS subscribers are clearly separated so that there is no con-
flict due to different signaling or multiframe structure.
It is important that there are no "visible" changes for "GSM only mobiles" due to the
introduction of GPRS. GSM CS connections will use for example the same 26 multi-
frame structure for TCH and the 51 multiframe structure for signaling.
17
GPRS Radio Interface Siemens
B0 B1 B2 i B3 B4 B5 i B6 B7 B8 i B9 B10 B11 i
Fig. 10 Multiframes for GPRS consist of a certain time slot in 52 consequent TDMA frames
18
Chapter 4
Procedures
Procedures Sidemen's
Procedures
Contents
1 Activation of GPRS Services 23
1
Procedures Sidemen's
GPRS:
Procedures
Activation of
GPRS services
Fig. 1
2
Procedures
Sidemen's Procedures
Sidemen'
Location Area
Routing area
cell
3
Procedures
Sidemen's Procedures
Sidemen'
One central question in GPRS is: how can a logical link between a mobile and a
SGSN be identified uniquely? This is done with the NSAPI/TLLI pair, which are
unique within a routing area.
NSAPI (Network layer Service Access Point Identifier):
The NSAPI is used as a service access point between the higher level and the
SNDCP. The NSAPI is used to identify the corresponding PDP context, which is as-
sociated with the GPRS MS PDP address on the side of the GSN.
TLLI (Temporary Logical Link Identity):
The TTLI is used to define a one to one correspondence within a Routing Area be-
tween the MS and the SGSN. This is only known by the MS and the SGSN.
TID (Tunnel Identifier):
This identity is used by the GTP to identify a PDP context. The TID is a combination
of the IMSI and the NSAPI. The IMSI/NSAPI pair uniquely identifies a PDP context.
GSN-Address:
The GSN Address is the IP-no. of GSN for the GPRS IP backbone.
The GSN-number is the ISDN-no. for a GSN
Access Point Name:
This name indicates in the NSS backbone, which GGSN shall be used. Furthermore
it can indicate the external network, the subscriber wants to be attached to, for in-
stance the "Internet Service Provider" Name.
4
Procedures Sidemen's
Subscribers Identities
Who is the owner of one packet
G
G
S S
G N
S
N G
G
S
TLLI IMSI N
1 2 S G
G G
3 4 S S
N N
NSAPI
5
Sidemen's Procedures
Procedures Sidemen'
With regard to point-to-point PtP packet data transmission the GPRS service oper-
ates in two independent state models/circles. One circle describes the mobility man-
agement behavior whereas the other is assigned to the activation of a packet data
protocol PDP.
The circle related to mobility management states in the MS and the associated SGSN
consist of the:
"Idle" state
"Standby" state
"Ready" state
States of
GPRS services
2 circles
regarding:
Idle
State Inactive
State
Mobility
Management
Packet Data
Standby Protocol
State PDP
Ready Active
State State
Fig. 4 States of GPRS services with regard to mobility management and packet data protocols
6
Procedures
Sidemen's Procedures
Sidemen'
"Idle" state
A mobile station MS in the idle state is detached from the GPRS. Only GPRS sub-
scription data is available in the HLR. No further information exists in other network
units such as SGSN and GGSN. It is not possible to activate a packet data protocol
PDP or to maintain a PDP in its active state. The GPRS MS must monitor the BCCH
to determine the availability of cells, which support GPRS services. Accordingly, the
GPRS MS can carry out PLMN and cell selection procedures. To exit idle state, the
MS must execute the “attach” procedure. Upon successful completion of this proce-
dure, the MS changes to ready state.
"Standby" state
In the standby state the GPRS MS is attached to the GPRS network. The GPRS and
the SGSN have a mobility management context comparable to the circuit switched
connections. The MS monitors the broadcast channel to determine the availability of
cells offering GPRS services and also the paging channel PCH, to be informed about
paging requests. The SGSN recognizes/stores the routing area RA of the GPRS-MS.
The routing area is a sub-unit of the location area LA, in other words a more detailed
determination of the GPRS-MS location. The GPRS-MS informs the SGSN about
changes of the routing area and answers paging requests.
"Ready" state
In the ready state, the SGSN detects the current cell of the GPRS-MS beyond the
routing area RA of the GPRS-MS. If the GPRS-MS changes cells, it informs the
SGSN. Paging is thus superfluous in the ready state. The DL packet data transfer
can be performed any time. Ready state does not mean that a physical connection is
established between SGSN and MS. Only in the ready state, SGSN and MS can
transfer data packets. MS and SGSN exit ready state upon expiry of a ready timer or
in case of a faulty packet data transmission and change to standby state. Upon log-
off, i.e. execution of a detach procedure; MS and SGSN exit ready state and change
to idle state.
7
Procedures Sidemen's
Mobility Management
States
GPRS GPRS
attach detach
• SGSN knows Routing Area & cell!! READY • MS initiates Cell Update
• UL & DL packet transmission possible
state
8
Procedures
Sidemen's Procedures
Sidemen'
"Inactive" State
The inactive state of a PDP means that this PDP is not operating at that moment.
There is no routing context in the MS, SGSN and GGSN. A transition in the active
state is only possible if there is a mobility management connection and if MS and
SGSN are in the standby or ready state.
No data transfer is possible in the inactive state. Data packets, which reach the
GPRS network are either rejected or ignored.
"Active" State
In the active state the MS, GGSN and SGSN are in a routing context. Data can be
transmitted or received by the MS. The active state is ended explicitly if the MS deac-
tivates a certain PDP. With GPRS detach and expiry of the standby timer, all the acti-
vated PDP are deactivated, too.
PDP States
ACTIVE
• Routing context
for MS, SGSN & GGSN state
• Data transmission possible !
9
Procedures
Sidemen's Procedures
Sidemen'
To reduce the signaling load via the radio interface during GPRS and non-GPRS op-
eration, important mobility management MM procedures are carried out jointly (com-
mon MM). This regards the procedures for: attachment / detachment, location & rout-
ing area update and paging.
The result of a GPRS routing area update procedure is stored in the SGSN. The rout-
ing area represents a more exact indication of the MS location, than is actually
needed for non-GPRS services. Triggered by the MS (in the framework of a RA up-
date) the SGSN informs the MSC/VLR via the Gs interface of a change in the loca-
tion areas, which has taken place simultaneously.
Further mobility management procedures are also executed via GPRS procedures. If
possible, all messages containing mobility management information are transferred
through signaling data packets. The MM procedures are defined in the GGM/SM
(GPRS Mobility Management & Session Management).
10
Abbreviations
Abbreviations Siemen
Abbreviations
Contents
1 Abbreviations 23
1
Abbreviations Siemen
1 Abbreviations
AAL ATM Adaptation Layer
AAL5 AAL Type 5
ABC Administration and Billing Center
ACCG ASN Controller and Clock Generator
ACIS ATM Communication Interface Simulator
ACT Active
ADET Application Database Engineering Team
AGCH Access Grant Channel
ALI Alarm and Interface Module
ALIB Alarm and Interface Module Type B
ALM ATM Layer Module
AMP ATM Bridge Processor
AMX ATM Multiplexer
AMXE AMX Module type E
AP Accounting Probe
APE Abgesetzte Peripherie Einheit (Remote Peripheral Unit)
API Application Programming Interface
APS Application Program System
ASIC Application Specification Integrated Circuit
ASN ATM Switching Network
ASN.1 Abstract Syntax Notation 1
ASNF ASN Module Type F
ASNG ASN Module Type G
ASNH ASN Module Type H
ATM Asynchronous Transfer Mode
ATM230 ATM Interface Asic with 200- and 30-Mbit Interfaces
AUB Access Unit Broadband
BAP Base Processor
BCH Broadcast Channel
BCCH Broadcast Control Channel
2
Siemens
Abbreviations Abbreviations
Siemen
3
Abbreviations Siemen
4
Siemens
Abbreviations Abbreviations
Siemen
5
Abbreviations Siemen
6
Siemens
Abbreviations Abbreviations
Siemen
7
Abbreviations Siemen
8
Siemens
Abbreviations Abbreviations
Siemen
9
Abbreviations Siemen
10
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
The Third Generation (3G) 1
UMTS Evolution 2
Security Features 4
UMTS Introduction
UTRA Aspects 5
Appindex 7
UMTS Introduction
Sub-section reference
Contents
1 IMT-2000 23
1.1 3G / IMT-2000 Standardization 34
1.2 3G Frequency Ranges 1214
2 UMTS 1721
2.1 The UMTS Standard 1822
2.2 3G / UMTS: 4 Zone Concept / Data Rates 2732
2.3 UMTS Licenses 3136
3 Exercise 3339
4 Solution 3847
1
The Third Generation (3G) Siemens
1 IMT-2000
Standardization:
International
Telecommunication
Union
Global Mobile
Personal
Communication
by Satellite
IMT-2000
International Mobile Telecommunications
Fig. 1
2
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
3
The Third Generation (3G) Siemens
1G 2G IMT-2000
(analog) (digital)
3G
Paging Systems, Paging Systems 1 family of standards
e.g. City Call e.g. ERMES for all
• applications
• countries
Cordless Telephone Cordless Telephone
e.g. CT1, 1+ e.g. DECT, PACS, PHS
Wireless
wireless
Local Loops
Telephone cell
WLL
Fig. 2
4
The Third Generation (3G) Siemen
5
The Third Generation (3G) Siemens
IMT-2000 Development:
regional Standards Development Organisations
ETSI
(Europe) TIA, T1
(USA)
200 0
MT-
ARIB, TTC
I CATT
ITU:
(Japan)
(China)
TTA
(South Korea) ESA, Iridium
(MSS)
Fig. 3
6
The Third Generation (3G)
Siemens Siemen
The Third Generation (3G)
7
The Third Generation (3G) Siemens
ITU-Deadline
RTT proposals für RTT Proposals:
for IMT 2000 30.06.98
China
CATT: TD-SCDMA
USA Japan
TIA: UWC-136 ARIB: W-CDMA
WIMS W-CDMA
cdma2000
MSS
ICO: ICO RTT
T1: NA: W-CDMA
Inmarsat: Horizons
T1, TIA: WP-CDMA
ESA: SW-CDMA
SW-CTDMA
Iridium: INX
Source: ITU
RTT: Radio Transmission Technology
Fig. 4
8
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
RTT Proposals
11 of the total number of 17 RTT proposals referred to terrestrial, cellular systems.
They cover all commercially viable areas of the mainland including coastal areas – in
other words, from indoor areas (i.e., quasi stationary or lowest speed, smallest range)
to pedestrian (i.e., low speed, small and medium ranges) to vehicular (i.e., wide
ranging at medium and high speeds).
Another 6 proposals from the area of mobile satellite systems (MSS) for covering the
remaining surface of the globe (sea, deserts, mountains, and sparsely populated,
inaccessible regions) were also submitted.
The greatest share of the RTT proposals, particularly for the terrestrial solutions,
have so-called CDMA (Code Division Multiple Access) solutions. Different variations
of this special multiple access method provide very efficient use of resources via the
radio interface and allow flexible, high data rates.
Other methods use “conventional” TDMA (Time Division Multiple Access) methods
with different optimization solutions to provide access to 3G systems at the high data
rates demanded by the ITU.
Pedes- Vehi-
Proposal Description Indoor
trian cular
Satellite Source
R
DECT
Digital Enhanced Cordless
Telecommunications
x x - - ETSI T
UWC-136 Universal Wireless Communications x x x - USA TIA
T
WIMS Wireless Multimedia and Messaging
W-CDMA Services Wideband CDMA
x x x - USA TIA P
TD-SCDMA Time-Division Synchronous CDMA x x x - China CATT r
W-CDMA Wideband CDMA x x x - Japan ARIB
o
CDMA II Asynchronous DS-CDMA x x x - South Korea TTA
p
o
UTRA
UMTS Terrestrial Radio Access:
W-CDMA
x x x - ETSI s
NA: W-CDMA North American: W-CDMA x x x - USA T1P1
a
cdma2000 W-CDMA (IS-95+) x x x - USA TIA
l
s
CDMA I Multiband synchronous DS-CDMA x x x - South Korea TTA
Fig. 5
9
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
10
The Third Generation (3G) Siemens
Paired: Unpaired:
EDGE UTRA TDD December `99
UTRA FDD TD-SCDMA
FDD: Frequency Division Duplex
MC-CDMA
TDD: Time Division Duplex (former 12/99 ITU:
DS-CDMA: Direct Sequence CDMA
CDMA2000) TG 8/1 closed &
MC-CDMA: Multicarrier CDMA
TD-SCDMA: Time-Division Synchronous CDMA WP 8F founded: 3.5G / 4G studies
Fig. 6
11
The Third Generation (3G)
Siemens Siemen
The Third Generation (3G)
12
The Third Generation (3G) Siemens
America
1G: AMPS, MSS 2G: GSM1900,
2G: D-AMPS, IS-95 IS-95, D-AMPS
Japan
1G + 2G: PDC 2G: MSS PHS
Remaining frequencies < 2 GHz: PDC
Military, Industry, Broadcast, TV, Research,
private (households, amateurs),...
WARC-92: 3G Plans
1980 2010 2170
cellular MSS cellular MSS
1885 2025 2110 2200
1 8 5 0 1 9 00 1 9 5 0 2 0 0 0 2 0 5 0 2 1 0 0 2 1 5 0 2 2 0 0 2 2 5 0
Fig. 7
13
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
Regional 3G reservation
Europe, Japan and South Korea complied for the most part with the
recommendations of the WARC-92 regarding reservation of frequency ranges for 3G
systems.
Europe: It was defined at European level after a decision taken by the ERC
(European Radiocommunications Committee) at the end of 1997 that the
corresponding (WARC-92) frequency range, with the exception of the frequency
range from 1880 – 1900 MHz (DECT range), is to be made available to 3G systems.
Many non-European countries also adopted this frequency reservation.
Japan: With the exception of the frequency range below 1918.1 MHz, which will
continue to be used for PHS systems, the entire WARC-92 frequency band was
reserved for 3G systems.
South Korea: The full WARC-92 frequency band was reserved for 3G systems.
North America: In 1995 the frequency range between 1850 MHz and 1990 MHz was
auctioned in the USA for use by 2G systems (e.g., IS-95, D-AMPS, GSM1900). As a
result, the introduction of 3G systems in the USA is experiencing great difficulty. The
same applies to Canada. However, smaller ranges (C, E blocks) were reserved here
for future applications.
Regional 3G Reservation
1850 1900 1950 2000 2050 2100 2150 2200 2250
2010 MHz
USA, PCS1900
MSS reserved MSS
Canada A C B EF C A CB E F C
(C,E reserved)
1910 1930 1990 MHz 2160 MHz
Fig. 8
14
The Third Generation (3G)
Siemens Siemen
The Third Generation (3G)
15
The Third Generation (3G) Siemens
Harmonisation / Extension:
cellular Refarming 2G frequencies
(important for rural service areas)
698 806 960
Frequency range [MHz]
Harmonisation / Extension:
cellular Refarming 2G frequencies
1710 1885
1980 2010 2170
Fig. 9
16
The Third Generation (3G) Siemens
2 UMTS
Universal Mobile
World-wide,
seamless
Multimedia access
Telecommunication System
UMTS
Standardisation & Concept
Fig. 10
17
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
18
The Third Generation (3G) Siemens
Fig. 11
19
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
3GPP members
3GPP distinguishes between "organizational partners“, "market representation
partners" and "observership status“.
Organizational partners delegate experts to 3GPP to work on the development of the
standard. Market representation partners can make submissions to 3GPP, and
engage in the investigation of market demands, services, compilation of studies, etc.
Observership status is given to organizations with access to the 3GPP committees
but without any voting power.
Since the founding of the 3GPP many other organizations have agreed to active
involvement in the project.
For instance, by the beginning of the year 2000, the CWTS (China) joined as an
organizational partner; the UMTS Forum, GSM Association, GSA,UWCC and Ipv6
Forum as market representation partners MPRs and TIA and TSACC are engaged
under observership status. Several other organizations joined 3GPP in the following
as MPRs.
20
The Third Generation (3G) Siemens
UMTS
ETSI
Standardization European Telecommunication
Standards Institute
ARIB/TTC
TTA Association of Radio Industries
Telecommunications Technology & Business / Telecommunication
Association, South Korea Technology Committee, Japan
TSACC GSA
Telecommunication Global Mobile Supplier
Association
3GPP
Standards Advisory Council
of Canada IPv6
UMTS Forum
TIA 3rd Generation Forum
Telecommunication
Industry Association, Partnership Project UWCC
USA
Universal Wireless
Communications
ACIF Consortium
Australian Communications WMF
Industry Forum Wireless Multimedia MWIF
Forum
CWTS Mobile Wireless
Internet Forum
China Wireless 3G.IP
Telecommunications Forum GSM
Standards Association
ANSI T1
Committee T1 Organisational Partner
Telecommunications MPR: Market Representation
Partner
Observership status
Fig. 12
21
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
3GPP structures
3GPP originally has been divided into a project coordinating group (PCG), originally
four, now five technical specification groups TSG's and many working groups WG's.
The PCG coordinates the work of the various TSG's and WG's.
The TSG's are writing the standard – i.e., the recommendations for UMTS and
GSM/EDGE.
There are TSG's for each of the following UMTS topics: "Radio Access Network",
"Service & System Aspects", "Core Network" and "Terminals"."
A fifth TSG has been created in July 2000: "GERAN" (GSM/EDGE Radio Access
Network). Its principal responsibilities will be the maintenance and development of
GSM Technical Specifications and Technical Reports, including GSM evolved radio
access technologies such as GPRS and EDGE.
The Working Groups are working out studies regarding different aspects of the
standard. The studies are used by the TSG's as a basis for drafting the
recommendations.
3GPP
PCG
Structure Project Co-ordinating Group
TSG: Technical
Specification Group
CN WG 1 SA WG 1 T WG 1 RAN WG 1 GERAN WG 1
Mobile Terminal Radio Layer 1
MC/CC/CS (Iu) Services Radio Aspects
Conformance testing specification
CN WG 2 SA WG 2 T WG 2 RAN WG 2 GERAN WG 2
Mobile Terminal Radio Layer 2 & 3
CAMEL Architecture Protocol Aspects
Services & capabilities (RR) spec.
CN WG 3 SA WG 3 T WG 3 RAN WG 3 GERAN WG 3
Interworking with USIM Iub, Iur, Iu spec. &
Security BS Testing and O&M
External Networks (Universal SIM) UTRAN O&M requirem.
CN WG 4 SA WG 4 RAN WG 4 GERAN WG 4
Radio performance &
MAP/GTP/BCH/SS Codec MS testing
Protocol aspects
CN WG 5 SA WG 5
OSA (Open
Telecom Management
Service Architecture)
Source: 3GPP
Fig. 13
22
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
23
The Third Generation (3G) Siemens
GSM Numbering:
Rel. 99
Specification
3G TS ab.cde
„3G only“
Specification
Fig. 14
24
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
3G Series
The UMTS specifications are divided into a total of 15 series.
Each of the series treats a particular aspect of the UMTS Standard.
21 series: Requirement specifications (overview: preliminary nature)
22 series: Service aspects
23 series: Technical realization
24 series: Signaling protocols (UE - CN network)
25 series: UTRA aspects
25.100 series: UTRA radio performance aspects
25.200 series: UTRA radio aspects (physical layer 1 of UTRA)
25.300 series: UTRA radio interface architecture, layer 2 and layer 3 aspects
25.400 series: UTRA network aspects (Iub, Iur, Iu Interface)
26 series: Codecs (speech, video, etc.)
27 series: Data (functions for support of data applications)
28 series: Signaling protocols (RSS - network part)
29 series: Signaling protocols (NSS)
30 series: Program management (3GPP plans and work programs, etc.)
31 series: UIM (User Identity Module)
32 series: Operation and Maintenance
33 series: Security aspects
34 series: Test specifications
35 series: Confidentiality & integrity algorithms
Work on the "classical" GSM series 1 - 12 is closed. The remaining work on
GSM/EDGE is done by TSG "GERAN" in the series 41 – 55, which are build up in
analogy to the 21 - 35 series of UMTS.
25
The Third Generation (3G) Siemens
3G TS: Series
Fig. 15
26
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
27
The Third Generation (3G) Siemens
Zone 2:
Urban Zone 1:
Indoor
Pico
MSS Macro Micro Cell
Cell Cell
max.
144 kbit/s 144 kbit/s 384 kbit/s 2048 kbit/s data rate
max.
1000 km/h 500 km/h 120 km/h 10 km/h speed
Fig. 16
28
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
29
The Third Generation (3G) Siemens
• Applications
UMTS • Data rates
• 2G / 3G comparison
100 Fixed network
Terminal
MBS
(Mobile Broad
10 Band System)
WLAN
Fixed network
Data rates [Mbit/s]
1
3G UMTS
(FDD & TDD Services)
0.1 2G TDD
(DECT, W-PBX, WLL)
2G FDD
cellular systems (GSM, IS-95,..)
0.01
office / floor Building, halls Hot Spots Pedestrian Vehicles
stationary stationary stationary Low mobility High mobility
Indoor Outdoor
Source: UMTS Task Force Report
Fig. 17
30
The Third
Siemens Generation (3G) Siemen
The Third Generation (3G)
31
The Third Generation (3G) Siemens
UMTS UMTS
UMTS FDD (UL) UMTS FDD (DL)
TDD TDD
Fig. 18
32
Chapter 2
UMTS Evolution
UMTS Evolution Siemens
UMTS Evolution
Contents
1 Background & Principle 23
1.1 Evolutionary Path: GSM to UMTS 34
1.2 GSM & UMTS Evolution 78
1.3 Evolution: Data Transmission 190
2 Exercise 1113
3 Solution 1317
1
UMTS Evolution Siemens
UMTS Evolution
UMTS
GSM
Release
Release 4
Phase
2+ 3
Phase
1/2
Fig. 1
2
Siemens
UMTS Evolution Siemen
UMTS Evolution
3
UMTS Evolution Siemens
Evolutionary path:
GSM to UMTS Original vision:
quantum leap from
GSM to UMTS
Capabilities
UMTS
GSM
Fig. 2
4
UMTS
Siemens Evolution Siemen
UMTS Evolution
5
UMTS Evolution Siemens
Fig. 3
6
Siemens
UMTS Evolution Siemen
UMTS Evolution
GSM Phase 1
Phase 1 contains everything required for the operation of GSM networks. Speech
data transfer is the core focus. Data transfer is defined, too (0.3 - 9.6 kbit/s). Only a
few supplementary services are included.
GSM Phase 2
After Phase 1completion, the GSM Standard was fully revised. Phase 2 includes a
wide range of supplementary services comparable with the ISDN standard.
GSM Phase 2+
Phase 2+ enhances in Annual Releases (`96, `97, `98, `99) the GSM standard and
prepares the UMTS introduction. Especially the GSM Core Network CN is enhanced
to be used as UMTS CN at UMTS start. Major Phase 2+ aspects are IN services,
flexible service definition, packet data transfer, high data rate transmission and
improved voice codes. GSM is limited by the narrowband radio access, the radio
resource efficiency and a lack of additionally available frequency bands.
UMTS Release 4
Unlike GSM Phase 2+, the enhancement of UMTS is not performed in annually
steps. Enhancements should be possible in flexible time schedules. Rel. 4 (late 2001)
introduces e.g. important CN modifications (bearer independent signaling flow) and
the Low Chip Rate LCR TDD mode as a third radio access option.
UMTS Release 5, 6, …
For UMTS Rel. 5 major CN modifications, i.e. the IP Multimedia Subsystem IMS, are
planed. New network elements and protocol structures are defined.
For the future modifications of the UTRAN toward an All IP RAN, enhancements of
the radio resource efficiency, new frequency ranges (WRC'2000) and many more
enhancements toward 4G are expected
7
UMTS Evolution Siemens
Ph1: TeleServices TS, new SS, flexible new WCDMA new CN solutions Time
BS max. 9.6 Kbit/s Service Concept Radio Interface (R’4: CS domain
Ph2: Supplementary (CAMEL, MExE,..), (large bandwidth, modification
Services SS (= ISDN) higher data rates Flexible data rates; R’5: IMS);
(HSCSD, GPRS, EDGE) optimized for PS); new RTT options
new network elements new RAN (LCR-TDD)
close to original IMS: IP Multimedia Subsystem
3G plans LCR: Low Chip Rate
RTT: Radio Transmission Technology
Fig. 4
8
Siemens
UMTS Evolution Siemen
UMTS Evolution
9
UMTS Evolution Siemens
Data Transmission
Evolution UTRA:
1920 kbit/s
• HSCSD, GPRS & EDGE: combining 1-8 TS
• HSCSD: Circuit Switched
• GPRS: Packet Switched; new Infrastructure
• EDGE: 8PSK instead of GMSK EDGE:
max. Data rate
GSM Phase 2+
HSCSD: High Speed Circuit Switched Data 8PSK: Phase Shift Keying
GPRS: General Packet Radio Services GMSK: Gaussian Minimum Shift Keying
EDGE: Enhanced Data rates for the GSM Evolution UTRA: UMTS Terrestrial Radio Access
Fig. 5
10
Chapter 3
Contents
1 Release `99: Network Overview 23
2 Release `99 CN: CS Domain 69
3 Release `99 CN: Entities common to CS & PS Domain 1319
4 Release `99: PS Domain 1929
5 Release `99: UTRAN & UE 2637
6 Further Evolution: Release 4 & 5 3347
7 Exercise 4055
8 Solution 4765
1
The UMTS Network Siemens
UMTS
PSTN / Network Intra- /
ISDN Internet
A Gb Iu
BSS Co-existence of UTRAN
GSM Base Station GSM & UMTS UMTS Terrestrial
Subsystem network elements Radio Access Network
Um Uu
Fig. 1
2
Siemens
The UMTS Network The UMTS Network
Siemen
The UMTS CN
The enhanced GSM Phase 2+ Core Network consists of a Circuit Switched CS
Domain for speech, video telephony and real-time data transfer and a Packet
Switched PS Domain for Non real-time data transfer. Furthermore, several network
elements are necessary respectively optional for both domains, here determined as
"Entities common to the CS & PS Domain".
An overview of the PS Domain is given in TS 23.060.
Network Overview
TS 23.002:
RAN CN
Network Architecture
External
Networks
GSM BSS CS Domain
Entities common
to the CS & PS Domain
UE
UTRAN
PS Domain
TS 23.060:
GPRS
Fig. 2
3
Siemens
The UMTS Network The UMTS Network
Siemen
CS Domain
The CS Domain of the UMTS CN consists of the following functions:
l MSC: Mobile Services switching Center
l GMSC: Gateway MSC
l SMS-GMSC: Short Message Services Gateway MSC
l SMS-IWMSC: Short Message Services Interworking MSC
l VLR: Visitor Location Register
l TC/IWF: Transcoding & Interworking function
PS Domain
The PS Domain of the UMTS CN consists of the following functions:
l GGSN: Gateway GPRS Support Node
l SGSN: Serving GPRS Support Node
l CGF: Charging Gateway Function
Remark: This list of UMTS functions is not complete (see TS23.002). Only the "most
important" functions are shown. The listed functions are described in the following.
4
The UMTS Network Siemens
UMTS TS 23.002
Network
GSM BSS CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
Node B C SGSN GGSN IP
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C SMS-IWMSC
SM-SC
CGF: Charging Gateway Function
TC: Transcoding
CSE: CAMEL Service Environment
IWF: Interworking Functions
SM-SC: Short Message Service Centre
Fig. 3
5
The UMTS Network Siemens
UMTS
GSM BSS Network CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
Node B C SGSN GGSN IP
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99 CN: SMS-IWMSC SM-SC
CS Domain
Fig. 4
6
Siemens
The UMTS Network Siemen
The UMTS Network
3G MSC
The Mobile-services Switching Center MSC constitutes the interface between the
radio system and the external fixed networks (ISDN / PSTN). The MSC performs all
necessary functions in order to handle the circuit switched services to and from the
Mobile Stations MS / User Equipment UE.
The MSC is an exchange which performs all the switching and signaling functions for
MSs / UEs located in a geographical area designated as the MSC area. The MSC
area is sub-divided into so-called Location Areas LA. The main difference between a
MSC and an exchange in a fixed network is that the MSC has to take into account
the impact of the subscribers mobility.
Several MSCs may be required to cover a country.
The MSC is connected to other network elements via the following interfaces
(Examples):
l A-Interface: to the GSM Base Station Controller BSC
l B-Interface: to the VLR. The MSC is always associated with a Visitor Location
Register. Therefore, the B-Interface is proprietary.
l C-Interface: to the HLR
l E-Interface: to other MSCs
l F-Interface: to the EIR
l Gs-Interface: to the SGSN (for common Mobility Management)
l Iu(CS)-Interface: to the RNC
Gateway MSC (GMSC): If a network delivering a call to the PLMN cannot interrogate
the HLR, the call is routed to an MSC. This MSC will interrogate the appropriate HLR
and then route the call to the MSC where the mobile station is located. The MSC
which performs the routing function to the actual location of the MS / UE is called the
Gateway MSC. The choice of which MSCs can act as Gateway MSCs is for the
operator to decide (i.e. all MSCs or some designated MSCs).
Visited MSC (VMSC): For all the MSs / UEs in the MSCs area the serving MSC is
regarded as Visited MSC.
7
The UMTS Network Siemens
3G MSC SMS-GMSC
SMS-IWMSC
SM-SC
Mobile services
Switching Center
E GMSC:
GMSC:
• •PSTN/ISDN
PSTN/ISDNInterface
Interface
• •Interrogating
InterrogatingHLR
HLR
T • •routing
routingtotoactual
actual
B VLR VLR UE
UElocation
location
R A
S A B B PSTN
C U
E
MSC GMSC ISDN
IWF/
Iu(CS) TC C Main
Gs F
R
MSC
tasks:
N EIR HLR • Switching
C SGSN • Handling CS Services
• Call Setup / Release
• Charging
LA1 LA2 • Interfaces:
MSC:
MSC:
• •always A, B, C, E, F,
alwaysassociated
associatedwith
withVLR
VLR Gs, Iu(CS)
• •control
controlofofgeographical
geographicalarea:
area:
MSC
MSCAreaArea==11/ /several
several LA3 LA4
Location
LocationArea
AreaLA
LA
• •V(isited)-MSC
V(isited)-MSCfor
forall
allUEs
UEs
ininMSC
MSCArea
Area MSC Area
Fig. 5
8
The UMTS
Siemens Network Siemen
The UMTS Network
SMS-GMSC
TS 23.002
SMS-IWMSC
External
CS MSC / Networks
all or some designated
MSCs can act as Domain VLR
SMS-GMSC/IWMSC
(Network operator
dependent) E
SMS-GMSC SM-SC
SMS Gateway MSC
Short Message
SMS-IWMSC Service Center
SMS Interworking MSC
Gd
PS
SGSN
Domain
Fig. 6
9
Siemens
The UMTS Network The UMTS Network
Siemen
10
The UMTS Network Siemens
VLR Main
Visitor Location VLR
Register tasks:
B
MSC
VLR
* e.g. Authentication, Authorization,
Cipher & Integrity Start
••Location
LocationUpdates
Updates D
••Subscriber Profiles®
SubscriberProfiles ®VLR
VLR
••Security
SecurityParameter
Parameter
(via HLR®®VLR)
(viaHLR VLR)
••Interrogation
Interrogation
(MSRN HLR AuC
(MSRNvia
viaHLR
HLRtotoGMSC)
GMSC)
TS: Tele Services
BS: Bearer Services IMSI: International Mobile Subscriber Identity
SS: Supplementary Services LMSI: Local Mobile Subscriber Identity
MSRN: Mobile Station Roaming Number TMSI: Temporary Mobile Subscriber Identity
Fig. 7
11
Siemens
The UMTS Network Siemen
The UMTS Network
Transcoding TC function
The Transcoding TC function is used to perform conversion between standard ISDN
64 kbit/s speech transmission and the UMTS Adaptive Multi-Rate AMR speech codec
(Specs: 26-series).
The AMR speech coder is a single integrated speech codec with eight source rates
from 4.75 kbit/s to 12.2 kbit/s, and a low rate background noise encoding mode. The
speech coder is capable of switching its bit-rate every 20 ms speech frame upon
command (TS 26.071).
Different to GSM, in UMTS the Transcoding function is not part of the Radio Access
Network RAN. It has been defined as part of the UMTS Core Network CN.
Some optimization procedures allow it to be passed through, without transcoding, in
the case of UE to UE communication for example, when double-transcoding would
be performed for nothing.
TC
Transcoding T CN
B Core Network VLR
& R A
S A
IWF B
C U
InterWorking Function
E
RAN MSC
Radio Access IWF/
Network
Iu(CS) TC Gs F
C
BlaBla BlaBla
Bla
Bla
TC
Transcoding
Fig. 8 12
The UMTS Network Siemens
UMTS
GSM BSS Network CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
Node B C SGSN GGSN IP
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS)
Release `99 CN: SMS-GMSC
SM-SC
C SMS-IWMSC
Entities common
to CS & PS Domain
Fig. 9
13
Siemens
The UMTS Network The UMTS Network
Siemen
14
The UMTS Network Siemens
HLR AuC
Home Location Register Authentication Center
• Subscriber Registration
• Storing/Management CS Domain • Storing „secret Keys“
subscriber profiles (counterpart: USIM) &
• Deliver profiles to VLR/SGSN MSC / Security Algorithm
• Storing Location Information GMSC • Generating Security Parameter
• (VLR / SGSN)
VLR (GSM: Triples; UMTS: Quintets)
• MTC: Deliver Routing • Deliver Parameter to VLR /
information to GMSC / GGSN SGSN (via HLR)
• Associated with AuC
D C • Associated with HLR
HLR AuC
Gr Gc
SGSN GGSN
PS Domain
BS: Bearer Service
TS: Tele Service
SS: Supplementary Service
Subscriber data (Examples): CSI: CAMEL Subscription Information
• Semi-permanent Data: MSISDN, IMSI, Services QoS: Quality of Service
(BS, TS, SS), QoS Profile, CSI, Service Restrictions,.. IMSI: International Mobile Subscriber Identity
MSISDN: Mobile Station ISDN Number
• Temporary Data: VLR / SGSN address, MSRN: Mobile Station Roaming Number
MS Non-Reachable flag, MSRN, SMS flags,..
Fig. 10
15
The UMTS
Siemens Network Siemen
The UMTS Networ
EIR
Equipment Identity Register • Storing IMEIs
(counterpart: ME)
on White / Gray / Black List
CS Domain • Performing IMEI Check
on VLR / SGSN request
MSC / • optional network function
VLR
EIR
Gf
SGSN
IMEI
International
PS Domain Mobile station
Equipment
Identity
Fig. 11
16
Siemens
The UMTS Network The UMTS Network
Siemen
CS gsm gsm
Domain SSF SSF
MSC / E
VLR GMSC
SGSN GGSN
PS Gn
gprs MSC/VLR
MSC/VLR&&SGSN:
SGSN:
Domain store
storeCSI
CSIas
aspart
partofof
SSF subscriber
subscriberprofile
profile
Fig. 12
17
The UMTS Network
Siemens Siemen
The UMTS Network
CAMEL
Protocols & Data transfer
Interfaces Signalling
O-CSI
T-CSI
TS 23.078,
MAP 29.078
HLR gsmSCF
HPLMN
CSE
MAP
CAP
Interfaces
gsmSSF
gprsSSF
MSC/VLR
SGSN
UE
gsmSSF
Fig. 13
18
The UMTS Network Siemens
UMTS
GSM BSS Network CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99 CN: SMS-IWMSC SM-SC
PS Domain
Fig. 14
19
The UMTS Network Siemenk
20
The UMTS Network Siemens
GGSN TS 23.060
Gateway GPRS • Interworking PLMN « PDN (Gi)
• Screening / Filtering
Support Node
• Storing Routing Information (current SGSN)
• Requesting Location Information from HLR
(Gc optional; for MTC)
• Routing Packets ® SGSN (Gn)
• Collecting Charging Data & forwarding
to CGF (Ga)
HLR AuC
Gc
X.25
Gn Gi
SGSN IP-based GGSN IP
Backbone
Network
Ga
Gp Billing
SGSN CGF System
Fig. 15
21
Siemens
The UMTS Network Siemen
The UMTS Network
22
The UMTS Network Siemens
RA
SGSN RA
5
• Serving all UEs in SGSN area =
2 RA
Serving GPRS LA RA 1 / several Routing Area(s) RA
Support Node 1 RA 4 • Storing subscriber profiles
RA (requested from HLR)
3 RA • Mobility Management, e.g
7
SGSN area 6 Update Location, Attach, Paging,..
• Security & Access Control:
Authentication, Cipher start, IMEI Check...
MSC / • Routing / Traffic-Management
VLR • Collecting charging data
TS 23.060 •…
Gs
SMS-GMSC
GSM BSS CSE EIR HLR AuC
SMS-IWMSC
CAP Gs Gr Gd
BSC Gb
Gn
SGSN IP-based GGSN
Backbone
RNC Iu(PS) Network
Ga
Gp
CGF
SGSN
other
PS PLMN SGSN
UTRAN Domain
Fig. 16
23
Siemens
The UMTS Network Siemen
The UMTS Network
24
The UMTS Network Siemens
CGF TS 23.060
Charging Gateway & 32.015
Functionality Gn
SGSN GGSN TS32.015:
TS32.015:
Charging
Charging&&Billing
Billing
for
for thePS
the PSDomain
Domain
Ga Ga
PS
Domain CGF • collect CDRs from SGSNs & GGSNs
• intermediate CDR storage buffering
• CDR data transfer to the BS
External Billing
Networks System BS
• be integrated
GSN CGF BS in the GSNs
Fig. 17
25
The UMTS Network Siemens
UMTS
GSM BSS Network CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
Node B C SGSN GGSN IP
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99: SMS-IWMSC
SM-SC
UTRAN & UE
Fig. 18
26
Siemens
The UMTS Network Siemen
The UMTS Network
27
The UMTS Network Siemens
Fig. 19
28
Siemens
The UMTS Network Siemen
The UMTS Network
Node B
One or more Node B's are controlled and addressed by an RNC. A Node B is a
physical unit for implementation of the UMTS radio interface. It is converting the
physical transmission of the data from fixed network transmission (ATM based) to
WCDMA transmission.
As a central transmission and reception site, it serves one or more UMTS cells. It is
serving one UMTS cell in case of an omni cell with 360° service or, for example, 2, 3
or 6 sector cells with 180°, 120° and 60° service respectively.
The Node B is connected:
l via Iub interface to its controlling RNC
l via Uu interface to the UEs
To prepare the data for reliable transmission over the air interface Uu, the Node B
performs many WCDMA specific aspects, which are shown in the following chapters
and in the TS 25.3xx and 25.4xx series.
Uu
UE
Sector-Cell
Omni-Cell Node Node Sector-Cell
B Sector-Cell B
Fig. 20
29
Siemens
The UMTS Network Siemen
The UMTS Network
User Equipment UE
The User Equipment UE is responsible for similar functions as the GSM Mobiles
Station MS, i.e. it is a device allowing a user access to network services.
It consists of the:
l Mobile Equipment ME, which means to be the Hardware and Software for
WCDMA air interface transmission. The ME is identified by an International Mobile
Equipment Identity IMEI.
l UMTS Subscriber Identity Module USIM, which contains data and procedures,
which unambiguously and securely identify itself. These functions are typically
embedded in a stand-alone smart card. This device is associated to a given user
(subscriber license), and as such allows to identify this user regardless of the ME
he uses. The USIM stores the personal identities (e.g. IMSI, MSISDN, PIN),
security algorithm (for e.g. Ciphering, Authentication), the personal phone book,
the USIM Application Toolkit USAT (TS 22.038, 31.111) and many more
information.
The basic functions of the UE are given in the TS TS 23.101. More detailed
descriptions are given in the TS 31 series.
UE
User Equipment
MSC/VLR
TS 23.101 &
Node
31series RNC
B
SGSN
Uu
UE = ME + USIM
Fig. 21
30
Siemens
The UMTS Network Siemen
The UMTS Network
Remark: This list of UMTS functions is not complete. Only the "most important"
functions are shown. A detailed overview is given in TS 23.002.
31
The UMTS Network Siemens
UMTS Network
Summary
(Rel. `99)
GSM BSS CS Domain
A PSTN
T MSC /
BTS
B R VLR E
GMSC
Abis A IWF/ ISDN
S U TC C/D
Um BTS C Gb CAP F
Fig. 22
32
The UMTS Network Siemens
UMTS
PSTN / Network Intra- /
ISDN Internet
UMTS CN
Co-existence of
GERAN GSM & UMTS UTRAN
network elements
Further Evolution
Release 4 & 5 GERAN: GSM/EDGE Radio Access Network
Fig. 23
33
Siemens
The UMTS Network Siemen
The UMTS Network
34
The UMTS Network Siemens
3G modularity
& future options 3G RAN
EDGE
Core Iu
UTRA TDD LCR
Network
e.g. UTRA FDD
enhanced
GSM / IS-41,
MC- CDMA
or
R`4, R`5
UMTS CN 3G-MSS
Hiperlan-2,
strict separation MBS,..
CN - RAN tasks
Þ flexibility in 3G
Fig. 24
35
Siemens
The UMTS Network Siemen
The UMTS Network
UMTS Release 4 CN
The UMTS CN CS domain is a central aspect of Release 4 modifications (TS
23.002). The intention of these modifications is a separation of the call control from
the transport user the user data.
In UMTS Release 4, the (G)MSC/VLR functions split into two different entities:
l MSC Server: The MSC Server is responsible for e.g. Call Control CC and Mobility
Management MM. It stores temporarily the subscribers data and takes over the
"VLR functionality". It is interfacing and translating the user-network signaling (TS
24.008) and the network-network signaling and it is controlling one/several
MGW(s) via Mc interface. Furthermore, it is collecting charging data (Call Data
Records CDRs). As Gateway MSC Server, it is responsible for HLR interrogation.
l Media Gateway MGW: The MGW is responsible for bearer control and
transmission resource management (e.g. QoS guarantee). It is responsible for the
conversion of the data formats from CN internal, i.e. Nb interface (IP, ATM,…) to
either Iu interface (ATM based) or external CS ISDN/PSTN networks. Additionally,
the TC function is allocated to the MGWs interfacing Iu.
New Interfaces
l Nc: between MSC Server and (G)MSC Server for Bearer-Independent Call Control
BICC.
l Mc: between CS-MGW and (G)MSC Server to separate between call control and
bearer control. The ITU standard H.248 respectively its IETF standard equivalent
Media Gateway Control MEGACO is used on Mc.
l Nb: between MGWs. Different options are possible on Nb for user data transfer
and bearer control signaling (e.g. ATM, IP).
36
The UMTS Network Siemens
Iu Mc Mc (H.248/MEGACO)
A
Bearer Level
GERAN
A
CS- Nb (e.g. ATM, IP) CS- PSTN/
UTRAN MGW MGW ISDN
Iu
MGW:
• Bearer Control
• Transmission Resource Management
• Data Format Conversion MEGACO: IETF Media Gateway Control protocol
CDR: Call Data Records
BICC: Bearer Independent Call Control
• Transcoding H.248: ITU protocol for Media Gateway Control
MGW: Media Gateway
Fig. 25
37
Siemens
The UMTS Network Siemen
The UMTS Network
UMTS Release 5 CN
In Release 5, it should be possible to transmit all data only via one PS domain (the
so-called "All IP CN"). This PS domain can be split up logically into the GPRS CN
with its well known network elements and an IP Multimedia Subsystem IMS, which is
added to the GPRS CN like an external PDN (i.e. via Gi interface). Currently (late
2001) not all Release 5 network elements and functions are defined precisely.
For downward-compatibility reasons to GSM and UMTS Rel. `99 and Rel. `4 it might
be necessary, to support additionally a CS domain.
Here some central Release 5 aspects / functions:
l Home Subscriber Server HSS: The HSS is used for mobility related aspects,
very similar to the "classical" HLR (storing subscription and routing information).
l Media Gateway MGW: The MGW ensures interoperability and interworking
between an All IP CN and the external fixed CS networks PSTN or ISDN. The
MGW enables conversion from CS data transmission, e.g. voice transmission, to
PS data transmission, e.g. Voice over IP VoIP. Echo cancellation and Transcoding
functionality will take place in the MGW. The MGWs are connected via Gi interface
towards the GGSNs.
l Media Gateway Control Function MGCF: The MGCF are used e.g. for MGW
control, Call Control and Signaling Protocol Conversion from external SS7 to
internal Session Initiation Protocol SIP.
l Call State Control Function CSCF: The CSCF are responsible e.g. for Session
Flow Handling and Application Coordination. They are interfacing the IN /
Application Server/ IN and they are responsible to collect charging data (Charging
Data Records CDRs).
This description of Release 5 is regarded as a very first overview, giving an idea on
the future UMTS options. It is not complete and needs to be extended in additional
courses.
38
The UMTS Network Siemens
CSCF:
UMTS CN R`5 Intelligent & Application Servers • Session Flow Handling
• Application Coordination
IMS & PS Domain • interfaces IN/Application
CSE WAP ••• Servers
• CDR`s
HSS:
• similar HLR
MGCF PSTN
UTRAN CSCF
HSS
ISDN
R MGW
Uu Node
B
Iub
R R IP R
N
UE Node C R Backbone
(USIM)
B
Iur Iu R R IP
R SGSN GGSN Gi
Node X.25
B N
Iub C MGCF:
• MGW control R`5
• Call Control TS 23.002
HSS: Home Subscriber Server other • Signalling Protocol
Conversion (SS7 to SIP) IMS: IP Multimedia Subsystem
PLMN
MGW: Media Gateway CSCF: Call State Control Function
MGCF: Media Gateway Control Function R: IP Router/Switch
SIP: Session Initiation Protocol
Fig. 26
39
Chapter 4
Security Features
Security Features Siemens
Security Features
Contents
1 Overview 23
2 IMEI Check 79
3 (P-)TMSI Allocation 11195
4 Authentication 1521
5 Ciphering & Integrity Check 2735
6 Exercise 3747
7 Solution 4153
1
Security Features Siemens
1 Overview
II)
ME I) I) I)
I) USIM
AN SN HE
III) I) Access Serving Home
Network Network Environment
III) User Domain
Security: IV) Application Domain Security:
secures access to MS enables applications in the user & provider domain to
(e.g. PIN) securely exchange messages (e.g. USIM ATK messages)
IV)
Fig. 1
2
Security
Siemens Features Siemen
Security Features
3
Security Features Siemens
TS
TS21.133:
21.133:
Security
SecurityThreats
Threats&&Requirements
Requirements
TS
TS33.102
33.102
Security
SecurityArchitecture
Architecture
TS
TS33.120
33.120
Security
SecurityPrinciples
Principles&& Objectives
Objectives
Fig. 2
4
Security
Siemens Features Siemen
Security Features
5
Security Features Siemens
Network Access
Security Features
CS Domain Authentication
TMSI / P-TMSI Allocation - User Authentication:
- allocated by VLR / SGSN instead of IMSI
MSC/ network checks real PSTN
user identity;
- protects user identity & location confidentiality
GMSC
prevents misuse / misappropriation
VLR of network resources / services
ISDN
- Network Authentication:
UE checks network authorisation
IMEI Check to provide service
prevents usage of
stolen / not allowed ME
EIR HLR AuC
Node B R
N
C
UE Ciphering IP
= prevents eavesdropping of SGSN GGSN
ME user data / signaling on Uu PS Domain
+ X.25
USIM Data Integrity Check
provides security against unauthorised
modification of signaling data /
change of data origin
Fig. 3
6
Security Features Siemens
2 IMEI Check
ME
ME
stolen TS
TS23.002,
23.002,
ME 23.003,
23.003,23.060,
23.060,
not 24.008,
24.008,29.002
29.002
allowed
IMEI Check
Fig. 4
7
Security
Siemens Features Siemen
Security Features
IMEI Check
The IMEI Check is an optional feature, which can be used to prevent the usage of
stolen or not allowed mobile equipment. This feature remains the same as in GSM.
The Equipment Identity Register EIR (TS 23.002) is responsible for storing the
IMEIs in the network. The ME is classified as "white listed", "gray listed", "black listed"
or it may be unknown as specified in TS 22.016 and TS 29.002.
The white list is composed of all number series of equipment identities that are
permitted for use. The black list contains all equipment identities that belong to
equipment that need to be barred. Besides the black and white list, administrations
have the possibility to use a gray list. Equipment on the gray list are not barred, but
are tracked by the network (for evaluation or other purposes).
An EIR shall as a minimum contain a "white list".
8
Security Features Siemens
IMEI Check
IMEI Check
(optional) EIR:
white / gray / black list
EIR:
EIR:
not in case of
TS
TS23.002
ME emergency calls 23.002
IMEI(SV):
IMEISV: IMEI & Software Version number
IMEI(SV):
TS
TS23.003
23.003
TAC FAC SNR SVN
Type Approval Code Final Assembly Code Serial Number 2 digit = 8 Bit
6 digits = 24 Bit 2 digits = 8 Bit 6 digits = 24 Bit
Fig. 5
9
Siemens
Security Features Siemen
Security Features
IMEI Check
Authentication TS
TS33.102
33.102
IMEI
IMEICheck
Check
• •optional
optional
• •after
afterauthentication
1) Identity Request • •totobe
authentication
2) Identity Request beperformed
performedatatany
anyaccess
accessattempt
attempt
[Identity Type] &&during
duringestablished
establishedcalls
callsatatany
anytime
time
• •not in case of emergency calls
not in case of emergency calls
• •not at IMSI Detach
not at IMSI Detach
3) Identity Response
[IMEI/IMEISV] 4) Identity Response
5) Check IMEI
[IMEI/IMEISV]
Decision: TS
TS29.002
29.002
Continue / Block
S- VLR
UE RNC EIR
SGSN
Fig. 6
10
Security Features Siemens
3 (P-)TMSI Allocation
MSC/VLR
TMSI
P-TMS
I
ME SGSN
IMSI? Þ
TS
TS23.002,
Mr. / Ms. XY! 23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
(P-)TMSI Allocation
Fig. 7
11
Siemens Features
Security Security Features
Siemen
(P-)TMSI Allocation
A unique International Mobile Subscriber Identity IMSI shall be allocated to each
mobile subscriber in the GSM system.
To achieve user identity confidentiality and user location confidentiality, the user is
normally identified by a temporary identity (Temporary Mobile Subscriber Identity
TMSI or Packet-TMSI) by which he is known by the Serving Network SN. To avoid
user traceability, which may lead to compromise of user identity confidentiality, the
user should not be identified for a long period by means of the same (P-) TMSI (TS
33.102). (P-)TMSI should be used at any Location Update Request, Service Request,
Detach Request, connection re-establishment request, etc.
A (P-)TMSI has local significance only in the LAI or RAI in which to user is registered.
Outside that area it should be accompanied by an appropriate LAII or RAI in order
avoid ambiguities. The association between IMSI and TMSI / P-TMSI is kept by the
VLR / SGSN in which the user is registered.
IMSI structure
The IMSI is composed of three parts: Mobile Country Code MCC, Mobile Network
Code MNC and Mobile Subscriber Identity Code MSIN. The MCC (3 digits; CCITT
administered) identifies uniquely the country of the mobile subscriber. The MNC (2
digits) identifies the Home PLMN of the mobile subscriber. The MSIN identifies the
mobile subscriber within a GSM PLMN. The IMSI shall consist of numerical
characters (O through 9) only. The overall number of digits in IMSI shall not exceed
15 digits.
(P-)TMSI structure
Since the (P-)TMSI has only local significance (i.e. within a VLR/SGSN area), the
structure and coding of it can be chosen by agreement between operator and
manufacturer in order to meet local needs. The P-TMSI / TMSI consists of 3 / 4
octets. It can be coded using a full hexadecimal representation.
12
Security Features Siemens
Packet-TMSI
3 bytes SGSN
TMSI
4 bytes VLR
UE MCC: Mobile Country Code
MNC: Mobile Network Code
MSIN: Mobile Subscriber
Identification Number
Fig. 8
13
Siemens
Security Features Siemen
Security Features
Paging Paging
Paging
[(IMSI) / (P-)TMSI, Paging Cause]
S- VLR
UE *e.g. LUP, RUP, Attach,
Detach, Service Request RNC TS
TS23.060
23.060 SGSN
NAS: Non-Access Stratum
Fig. 9
14
Security Features Siemens
4 Authentication
USIM AuC
AN SN HE
ME Access Serving Home
Network Network Environment
enhanced
mechanism
& keys
TS
TS33.102
33.102
Authentication
Fig. 10
15
Siemens
Security Features Siemen
Security Features
Authentication
In UMTS different to GSM both sides of the radio transmission check the correct
identity of their counterpart. Not only the user identity is checked by the Serving
Network SN. Additionally, the authorization of the SN to provide services is checked
by the UE. Both, user and network authentication should occur at each connection
set-up (TS 33.102).
So the objective of the Authentication process is to enable User Authentication
similar to the GSM Authentication and additionally Network Authentication.
Furthermore, the Authentication process provides the keys for Ciphering and
Integrity Check to the User Equipment UE.
The authentication process should occur at each connection set-up between the user
and the network.
It has been chosen in such a way to achieve maximum compatibility with the GSM
security architecture and facilitate migration from GSM to UMTS.
Nevertheless, the security mechanism and keys for authentication have been
enhanced significantly.
User&&Network
Network
User Authentication: Authentication User
Authentication
Authentication
User identity alright? Basics shouldoccur
should occuratateach
connectionset-up
each
set-up
connection
USIM AuC
New! AN SN HE
Access Serving Home
Network Network Environment
Fig. 11
16
Siemens
Security Features Siemen
Security Features
17
Security Features Siemens
Basic Principles
K
secret Key
128 bit length
IMSI Þ K;
f1...f5
Authentication AuC
Data Request [IMSI]
USIM Authentication HLR
Data Response
[AV(1..n)]
VLR / SGSN
Authentication Request
[Authentication Parameter] Authentication Vector
Network / Quintet
Authentication Authentication Response
User
Authentication
K: secret Key
Visited PLMN Home PLMN SQN: Sequence Number
f1...f5: message authentication /
key generating Functions
Fig. 12
18
Siemens
Security Features Siemen
Security Features
Authentication Vector AV
Each Authentication Vector consists of the following components (TS 33.102):
l a Random Number RAND, which is randomly generated, i.e. non-predictable. It’s
length is 128 bit.
l an Expected Response XRES, which is used for User Authentication. It shall
have a flexible length of 32 – 128 bit.
l a Cipher Key CK, which is necessary for Ciphering. It shall have a fixed length of
128 bit.
l an Integrity Key IK, which is used for Signaling Data Integrity Check. It’s length is
128 bit.
l an Authentication Token AUTN, which is used for Network Authentication. AUTN
consists of three different parts, described later on. Its total length is 128 bit.
19
Security Features Siemens
Authentication Vector AV
• consisting of 3 parts
Used for data • Used for network
randomly generated, Used for user Used for
authentication
i.e. non-predictable authentication encryption integrity check
Authentication Request
· generate RES(i) = [RAND(i), AUTN(i)]
f2(RAND(i),K) Authentication Response User Authentication:
· AUTN(i) for [RES(i)] Compare
Network Authentication XRES(i) & RES(i)
RES: Response
Fig. 13
20
Siemens
Security Features Siemen
Security Features
21
Security Features Siemens
AV Generation
AuC
Database
SQN Generator (IMSI;K) RAND Generator
AMF
Authentication &
SQN key Management K RAND
Sequence Number Field secret Key Random Number
f1 f2 f3 f4 f5
MAC XRES CK IK AK
Message Authentication Expected Response
Code Cipher Key Integrity Key Anonymity Key
® User
® Network Authentication ® Ciphering ® Ciphering ® SQN Anonymity
Authentication
AV = RAND
Random number
XRES
Expected Response
CK
Cipher Key
IK
Integrity Key
AUTN
Authentication Token
AMF
® selection of f1-5 version SQN Å AK AMF MAC
® different f1-5 versions possible 48 bit 16 bit 64 bit
(operator-dependent)
Fig. 14
22
Siemens
Security Features Siemen
Security Features
23
Security Features Siemens
f5 AK Å
SQN
f4 f3 f2 f1
IK CK RES XMAC
Fig. 15
24
Siemens
Security Features Security Features
Siemen
Synchronization Failure
At the beginning of the Authentication process, the AuC generates the Sequence
Number SQN. SQN shall have a length of 48 bit. The structure & content of SQN is
operator-dependent. SQN may contain information used to restrict the Authentication
Vector AV validity time or to verify the Serving Network SN Identity.
SQN, being a part of AUTN, is transmitted via VLR/SGSN (“Authentication Data
Response”) to the USIM (“Authentication Request”).
The USIM regenerates SQN and verifies that the received SQN is in the correct
range.
If the USIM considers SQN to be not in the correct range, it sends the
“Synchronization Failure” message back to the VLR/SGSN including the appropriate
parameter, and abandons the connection set-up.
Upon receiving a “Synchronization Failure” message from the UE, the VLR/SGSN
sends an “Authentication Data Request” with a Synchronization Failure Indication to
the AuC of the user’s Home Environment HE together with RAND and the
appropriate parameter received from the UE.
The AuC checks the parameter, generates a fresh set of AVs and sends them with
an “Authentication Data Response” message to the VLR/SGSN.
Whenever the VLR/SGSN receives a new set of AVs from the AuC in an
“Authentication Data Response” to an “Authentication Data Request” with
Synchronization Failure Indication it deletes the old AVs for that UE. The VLR/SGSN
may now start a new authentication process to the UE based on a new AV from the
AuC.
25
Security Features Siemens
• Re-generates SQN
• SQN in correct range ? AuC
No Þ Synchronisation Failure Authentication
Yes Þ continue Data Request [IMSI]
Authentication
Authentication Data HLR
Response [AV(1..n)]
USIM ] ]
e st tion ..n)
qu dic V(1
a
VLR / SGSN Re e In e [A
ta r s
. DaFailu pon
Authentication Request th n. es
[RAND(i), AUTN(i)] Au hro a R
c t
yn Da
Synchronisation Failure [S th.
Au
&
or Authentication Response
[RES(i)]
Network
Fig. 16
26
Security Features Siemens
VLR / AuC
S-RNC SGSN HLR
SN
Serving HE
Network Home
UE Environment
Data Integrity Check Mandatory!!
provides security against
Mandatory!!
unauthorised modification of
• signalling data /
• change of data origin
Fig. 17
27
Siemens Features
Security Siemen
Security Features
Connection Establishment
At the connection start the RRC Connection Establishment also informs the network
about the UEs security capabilities. They include the MEs UMTS Encryption
Algorithms UEAs and UMTS Integrity Algorithms UIAs. In Rel. ’99 only 2 UEAs and 1
UIA are defined (TS 33.102): UEA0 = “no encryption”, UEA1 = Kasumi encryption,
UIA1 = Kasumi algorithm. The S-RNC stores the UEs security capabilities.
28
Security Features Siemens
•
Authentication Request Authentication Request
[RAND, AUTN] [RAND, AUTN] Authentication
generates:
RES, XMAC, Authentication Response Authentication Response & Key
CK, IK [RES] [RES] Generation
••
•
Security Mode Command Security
[ IK, CK, UIAs, UEAs]
Mode
Security Mode Command • Select UIA & UEA Set-Up
[UIA, UEA*, CN domain, • start Integrity
start Integrity Parameter, Cipher Start]
Integrity
Security Mode Complete Security Mode Complete
start (De-)Ciphering start (De-)Ciphering
S- VLR
UE *1 also denoted by f9
RNC SGSN
*2 also denoted by f8
Fig. 18
29
Security
Siemens Features Siemen
Security Features
Control Data:
· start of Integrity protection mandatory
S-
UE · nearly all control data Integrity protected* RNC
*not in case of
emergency calls
Transmitter Receiver
Encrypted Encrypted
Control Data Control Data Data
Control
check sum check sum
check sum
IK dependent generator IK
check sum generator IK
Expected
Equal? Encrypted
check sum check sum
* exceptions listed in TS33.102 (6.5.1)
Fig. 19
30
Siemens
Security Features Security Features
Siemen
31
Security Features Siemens
f9 (UIA)
Control Data f9 (UIA)
Fig. 20
32
Siemens
Security Features Security Features
Siemen
33
Security Features Siemens
Ciphering
UMTS Encryption Algorithm UEA not in case of
emergency calls
UE S-
RNC
UL = 0 1 Bearer parameter /
Cipher
Sequence No.
DL = 1
UE or S-RNC user radio bearer indicate length
of required
Direction Bearer Length keystream block
COUNT-C direction bit radio bearer id. length indicator
CKPS & CKCS
CK f8 (UEA)
Cipher Key
“cipher sequence”
Keystream block
Fig. 21
34
Siemens
Security Features Siemen
Security Features
IMEI Check:
To prevent the usage of stolen or not allowed mobile equipment, the mobile
equipment identification can be checked by the network. This feature remains the
same as in GSM.
Authentication:
In UMTS authentication is extended compared to GSM. Additionally to the User
Authentication a Network Authentication is introduced.
User Authentication is the property that the Serving Network SN checks the real
identity of the user, preventing non-authorized access to the network.
Network Authentication is a check whether the connected SN is really authorized
by the user’s Home PLMN to provide him services. This includes the guarantee that
this authorization is recent.
Ciphering
Ciphering prevents eavesdropping of user data and signaling over the radio interface.
UMTS ciphering has been enhanced compared to GSM/GPRS.
35
Security Features Siemens
UE S- VLR
RNC Summary SGSN
Fig. 22
36
Chapter 5
UTRA Aspects
UTRA Aspects Siemens
UTRA Aspects
Contents
1 Power Control 23
2 RAKE Receiver 181
3 Handover 1217
4 Exercise 2027
5 Solution 2433
1
UTRA Aspects Siemens
1 Power Control
UTRA Aspects
Power
P
Time t
3
Power
2 Control
1
Frequency f
Power Control
Fig. 1
2
Siemens Aspects
UTRA Siemen
UTRA Aspects
Power Control
Principle
BTS
UL & DL
CDMA: Power Control
everyone for
in the same Interference limitation
frequency band P(UE2)
Þ
„everyone is P(UE1)
interferer
for everyone“ UE2
Fig. 2
3
Siemens Aspects
UTRA UTRA Aspects
Siemen
4
UTRA Aspects Siemens
UTRA
Power Control
PC - Types:
• Open Loop PC
• Inner Loop PC
• Outer Loop PC
S/N > (S/N)def
Þ TPC = Down
else TPC = Up DL:
Inner Loop PC
P(BTS) ® UE TPC
Fig. 3
5
Siemens
UTRA Aspects UTRA Aspects
Siemen
6
UTRA Aspects Siemens
UTRA
Power Control
• •FDD:
FDD:1500
1500PC
PCcycles/s
cycles/s
(1(1TPC
TPCjejeTS)
TS) Fast
• •TDD:
TDD:100
100- -800
800cycles/s
cycles/s Power Control
(100/s:
(100/s:per
perframe;
frame;>100/s:
>100/s:
depends
depends onframe
on frameconfiguration)
configuration) ® UTRA Capacity
BTS Interference limited
® system stability
max. power:
vendor specific
PC steps:
1, 2, 3 dB
Dynamic:
30 dB (= 1000)
UE
max. power (4 classes):
• FDD: 2000 / 500 / 250 / 125 mW
• TDD: 1000 / 250 / 125 / 10* mW
UE: PC steps: 1, 2, 3 dB
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
BTS:TS
TS25.104/105
25.104/105(FDD/TDD)
(FDD/TDD) min. power: 0,04 mW
TPC: Transmit Power Control
* for unlicensed operation
Receiver Sensitivity: -110 dBm
Fig. 4
7
UTRA Aspects Siemens
2 RAKE Receiver
UTRA Aspects
RAKE Receiver
Þ
CDMA Advantage
from
Multipath
propagation
Path 2
Path 1
Path 3
RAKE Receiver
Fig. 5
8
Siemens
UTRA Aspects Siemen
UTRA Aspects
RAKE receiver
CDMA can benefit from multipath propagation of radio waves with the use of a so-
called RAKE receiver. The information for transmission reaches the receiver in
practice not only by direct "line of sight", but also via echos from obstacles. Normally
this increases the noise level, a situation that is not desirable. The reflected
information passes over longer paths than the direct line of sight and is therefore
delayed. If the delay is longer than one chip, the receiver usually regards the
reflected information as undesirable noise. The use of RAKE receivers turns this
disadvantage to an advantage.
A RAKE receiver has a number of RAKE fingers. Each of these RAKE fingers
changes (by de-spreading) broadband signals with different delays from the same
source (i.e., with the same spreading code) back into user information by using the
spreading code. This can be done because the different RAKE fingers apply the
spreading code with delays.
The RAKE fingers obtain information from a so-called Matched Filter (MF) for the
synchronization required. The MF compares incoming information with predefined
data sequences. These sequences are shifted in time. If the incoming chip
sequences match the predefined sequences, a power peak is registered. Predefined
information and information in the UL / DL contain so-called pilot sequences or the
mid-ambles of the TDD bursts. The MF returns information on the delays of the
different user signals in this way. It also supplies information on the amplitude of the
different user signals.
The RAKE fingers are responsible for the de-spreading of the user signals received
by multipath propagation. The fingers also correct the information with regard to
phase and adapt the timing of the information.
Depending on the signal strength (MF information), the information components are
summed (Maximum Ratio Combining).
A strong signal consisting of multipath components is therefore obtained in this way
with a RAKE receiver.
9
UTRA Aspects Siemens
RAKE
Receiver
RAKE Receiver:
several „finger“ for multipath components
De-
Matched Filter MF: Spreading
measures „Pilot“ Code (t-d1) „Finger 1“ a1
Þ „Delay“ estimation
5
De-
Spreading a2
Code (t-d2) „Finger 2“
Path 2 (d2, a2) a3
De-
Spreading
Path 1 Code (t-d3) „Finger 3“
(d1,a1)
Maximum
Ratio
Combining
Path 3 (d3, a3)
RAKE finger:
• Despreading (® MF-Info!)
d: delay • Phase correction
a: attenuation • „Delay“ correction
Fig. 6
10
Siemens
UTRA Aspects Siemen
UTRA Aspects
MultiUser
Detection MUD Node B
Interference Cancellation IC
MultiUser Detection MUD &
De- Data 1
UE 2: Spreading
Code 2 Code 1
De- Data 2
Spreading
Code 2
De- Data n
UE n: Spreading
Code n Code n
UE 1:
Code 1
BTS MUD:
• mainly for UL (in Node B)
(Node B)
• reduces Intra-Cell interferences
Þ increases capacity
• reduces Near-Far problem
Fig. 7
11
UTRA Aspects Siemens
3 Handover
UTRA Aspects
UE Measurement:
Connection quality & strength
+ strength of own & surrounding BTS
BTS
Pre-processing of measurements
Measurement
Report
HOV
Decision
Handover
Fig. 8
12
Siemens
UTRA Aspects Siemen
UTRA Aspects
UTRA handover
The criteria and procedures for performing handover in UMTS are similar to those in
GSM. The UE and BTS determine the quality and strength of a radio transmission.
The UE also determines the signal strength and quality of its own and the local
BTS's. The measurement values are compiled in a measurement report for use by
the RNC as a basis for deciding for or against handover. If handover is decided upon,
the new BTS is activated and included in the so-called active set. The RNC is
responsible for decisions regarding the acceptance or rejection of handovers, while
the execution (initiation of contact with the new BTS) is the responsibility of the UE.
Hard handover
Hard handovers refer to handovers in which a mobile station (MS) transmits its user
information only via one base station at any one time. Up until the time of the
handover command, the MS communicates with the old base station over a specific
physical channel. After the handover command, the MS changes the physical
channel and then communicates with the new base station.
Hard handovers are used in GSM and in the following cases in UMTS:
During TDD / TDD handovers
During FDD handovers if the frequency (interfrequency handover) or the Core
Network is changed
During inter-system handovers – for example, when changing from FDD to TDD or
from UMTS to GSM.
Soft handover
Soft handovers refer to handovers in which a mobile station (MS) transmits its user
information via more than one base station at the same time. Soft handovers can be
used in CDMA systems in order to prevent an increase in power of the MS in
boundary areas between different cells. This reduces the interference level and
therefore increases the capacity of the system. Moreover, the contact with more than
one base station ensures the connection to a moving MS in difficult terrain.
Soft handovers are used in IS-95 and MC-CDMA and in the following cases in
UMTS:
During FDD / FDD handovers (without frequency changes).
13
UTRA Aspects Siemens
DL
UL DL UL DL
Fig. 9
14
Siemens
UTRA Aspects UTRA Aspects
Siemen
Soft handover
UE can communicate with two or three BTS's during soft handovers in the UTRA
FDD mode due to the fact that all cells use the same frequency. If the mobile station
enters the boundary area between two or three cells, the RNC can decide that a
connection with two or three BTS's is advantageous. The RNC reserves
corresponding codes in the different cells for the UE and commands the UE to
implement handover to the new BTS (or BTS's). As of this time, the information is
handled by the relevant BTS's. The identity of the cells involved in the connection is
stored in the RNC as an active set.
The Node B's receive the transmission from the UE, despread it and forward the
information over the Iub interface to the RNC. The RNC combines this information
and forwards it via the Iu interface to the Core Network (CN). This procedure is
implemented frame for frame. The quality of the supplied frames is the basis for
assessment. Only information in frames with top quality is used.
The gain due to reception of additional signals in soft handovers is also known as
macro diversity.
In the opposite direction, the RNC splits the information from the Core Network and
forwards it to the different Node B's. During soft handover the UE receives the
transmission of the (apart from the TPC command) identical information from the
various Node B's / BTS's. The transmission information from the BTS's is despread
by different RAKE fingers and combined (Maximum Ratio Combining – MRC).
Softer handover
Softer handovers are handovers between sector cells in the same Node B. The
transmission information received via the antennae of the different sector cells is
handled by different RAKE receivers and combined in the Node B itself (Maximum
Ratio Combining – MRC). Softer handovers are internal Node B affairs. Additional
(Iub) transmission capacity to the RNC is not required.
The gain due to reception of additional signals in softer handovers is also known as
macro diversity.
15
UTRA Aspects Siemens
Sector cells
Node B
Iub
Node B
Node B
Iub
Iub
Combining / RNC Active
Splitting Set
Iu RNC
Active Set:
max. 3 Cells
CN
Fig. 10
16
Siemens
UTRA Aspects Siemen
UTRA Aspects
Soft Handover
S-RNC: Serving RNC
D-RNC: Drift RNC
Inter-RNC HoV RR: Radio Resource
Node B
Iub
Node B
Node B RNC
Iub
Iub
Iur
Combining / RNC Active
Splitting Set
Iu • S-RNC: Combining/Splitting + RR allocation
• D-RNC: only RR allocation
• change D-RNC ® S-RNC possible
CN
Fig. 11
17
Siemens
UTRA Aspects UTRA Aspects
Siemen
Differences between TDD and FDD are mainly based on the different multiplex
methods used (and of course on the different UL/DL coordination/frequencies).
The FDD mode uses pure DS-CDMA thereby producing a continuous transmission.
The shortest transmission duration is one frame (10 ms).
The TDD mode uses a TDMA / DS-CDMA hybrid solution which produces
transmission of bursts.
The FDD mode uses 1500 power control cycles (1 TPC / TS).
The TDD mode uses 100 to 800 power control cycles/s depending on the frame
configuration.
The FDD mode mainly uses soft handovers (except for changes in frequency /
system).
The TDD mode uses hard handovers.
The FDD mode has advantages in its use of relatively large cells (macro and micro
cells), particularly for UE moving at high speed. The TDD mode offers advantages for
small-space, quasi-stationary applications (in pico and micro cells).
The main advantages of the TDD mode are as follows:
l Flexible use in new frequency areas (reframing); only 1 x 5 MHz required
l Unlicensed operation with low power equipment (power class 4) possible
l Asymmetric distribution of resources for UL & DL (higher resource efficiency).
18
UTRA Aspects Siemens
Zone 2: Urban
Zone 1:
Indoor
Fig. 12
19
Chapter 6
Basic Principles
UMTS Radio Access: Basic Principles Siemens
Contents
1 Transmission Principles & Examples 23
2 Principle of CDMA & Example 191
3 UTRA: The UMTS Terrestrial Radio Access 2127
3.1 UTRA Conception & Harmonization 2228
3.2 FDD / TDD – Technical Parameters 2632
3.3 UTRA Codes 3036
3.4 UTRA Timing Structures 3440
3.5 Summary – Key UTRA Parameters 3642
4 MC-CDMA / UTRA / TD-SCDMA Comparison 3845
5 Exercise 4251
6 Solution 4657
1
UMTS Radio Access: Basic Principles Siemens
UTRA Basics
UL DL
FDMA
Duplex
transmission
Multiple
FDD TDD Access
TDMA CDMA
Transmission Principles
& 2G Examples
Fig. 1
2
Siemens
UMTS Radio Access: Basic Principles Siemen
UMTS Radio Access: Basic Principles
3
UMTS Radio Access: Basic Principles Siemens
Duplex Transmission:
·
FDD & TDD ·
·
TDD:
Time t
duplex distance
UL UL / DL
separated by
Time t
Time!
UL DL DL
UL
DL
frequency f
Frame
FDD: UL / DL with n TS
separated by
UL
Frequency!
FDD: Frequency Division Duplex
TDD: Time Division Duplex
frequency f
TS: Time Slot
Fig. 2
4
Siemens Radio Access: Basic Principles
UMTS Siemen
UMTS Radio Access: Basic Principles
Multiplex methods
Multiplex methods are used to divide the limited frequency resources of a cell
between the different subscribers and mobile stations in the cell. Three different
methods are mainly used today: Frequency Division Multiple Access (FDMA), Time
Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). Other
multiplex methods are currently being researched or developed (for example, Space
Division Multiple Access – SDMA).
5
UMTS Radio Access: Basic Principles Siemens
TS 3
TS 2
TS 1
1 2 3
frequency f
frequency f
Power co-ordination of
P time t restricted frequency resources
CDMA to different subscriber
Fig. 3
6
Siemens Radio Access: Basic Principles
UMTS Siemen
UMTS Radio Access: Basic Principles
7
UMTS Radio Access: Basic Principles Siemens
time
Examples
1 2 3 4 5 6 7 8 9 101112131415161718192021222324
Duplex distance:10 MHz
20 kHz
1G: time
A
FDD, UL
A
AMPS DL
450 455,74 460 465,74
frequency [MHz]
10
1
9
2
3
7
8
time Duplex distance: 45 MHz 1,88 20 1,90
GHz MHz GHz
TS7 frequency
Example: 1,728
TS6 2G MHz [MHz]
GSM900
TS5
frame cellular: 2G CT:
TS4
FDD, TDMA TDD, TDMA e.g. DECT
4.615 TS3
ms ••• ••• (&FDMA)
TS2
e.g.
TS1 GSM, PDC,
TS0 D-AMPS 2G Example CDMA:
200 kHz frequency [MHz]
IS-95 (later)
Fig. 4
8
UMTS Radio Access: Basic Principles Siemens
UTRA Basics
Power
P Code Division
time t
Multiple Access
3
2
1
frequency f
CDMA
Basics & Example
Fig. 5
9
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
CDMA user 1
user 2
Principle CDMA: user 1 & 2
• Spread Spectrum Technology
• every user with unique Code
• high bit rate Code: Spreading / De-Spreading
Power P
frequency f
frequency f
Fig. 6
10
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
Advantages of CDMA
The CDMA principle is associated with many attributes that can have positive effects
for transmission of information.
The coded transmission and the low information concentration of the CDMA signals
were particularly important for the military applications. A transmitted signal can only
be despreaded, and the data regenerated, if the receiver has the correct spreading
code. The low information concentration allows information to be discretely
transmitted – the signals are for all intents and purposes concealed in background
noise.
The high level of stability of the broadband information transmission against the
effects of narrowband background noise is vitally important for military and civil
utilization. Frequency hopping is used in narrowband systems (such as GSM) to
obtain this effect.
Yet another CDMA attribute is extremely important for civil applications in mobile
communications systems. CDMA in principle allows the re-use of the same frequency
band in all neighboring cells (re-use = 1). In contrast, the same frequency bands
cannot be re-used in neighboring cells in FDMA or TDMA systems. To prevent
interference by subscribers at the same frequencies or in the same timeslots, cells
with identical frequencies must be spatially separated. In FDMA and TDMA systems,
cells are arranged in a careful, complicated frequency planning process. Re-use
schemes of 1/7, 1/9, etc. are typical. As a result, only one part (1/7, 1/9, ...) of the
theoretically available frequency band can be used in the one cell.
CDMA can therefore in principle do without complicated frequency planning, and
allows efficient usage of the available (scarce) frequency resources.
The limits to transmission capacities in FDMA and TDMA systems are determined by
a fixed number of physical channels. With CDMA, however, there is a "soft" capacity
limit. The capacity of CDMA systems is mainly restricted by the interference of other
subscribers in a cell (so-called intra-cell interference) and interference from other
cells (inter-cell interference).
Another CDMA advantage is a stable transmission especially in severe environment.
This is caused by the so-called Multipath Advantage and Soft Handover. Both effects
are described later.
Due to an essential need for precise and fast Power Control, CDMA mobile stations
also need less transmission power than TDMA mobiles. The UMTS Power Control is
also described later on.
11
UMTS Radio Access: Basic Principles Siemens
CDMA
® narrow-band interference
• Stability®
Advantages • Stability in severe environment
(® Multipath Advantage, Soft HoV)
• simple frequency planning (Re-Use: 1)
• efficient radio resource usage
• lower transmission power (® Power Control)
3/7 1/1
1/7 1/1
6/7 1/1
Re-Use 2/7
Distance
Fig. 7
12
Siemens
UMTS Radio Access: Basic Principles Siemen
UMTS Radio Access: Basic Principles
CDMA types
Signals can be spread for CDMA using a number of different methods. The following
three CDMA methods are most commonly used: TH-CDMA, FH-CDMA and
DS-CDMA.
13
UMTS Radio Access: Basic Principles Siemens
CDMA
Types
time t
Time DS-CDMA
Direct Hopping ® IS-95
Sequence (TH-CDMA) ® Globalstar
(DS-CDMA) ® UMTS
Frequency FH-CDMA
Hopping ® Bluetooth
(FH-CDMA)
frequency f
Fig. 8
14
Siemens Radio Access: Basic Principles
UMTS Siemen
UMTS Radio Access: Basic Principles
DS-CDMA: +1
Transmission / Spreading
-1
Reception Code
1
Chip
Air
Interface
Binary Binary
Data Wideband De- De- Data
Spreading Modulation Modulation
RB Spreading R
B
time-
RC fT RC synchronisation
!!!
Fig. 9
15
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
Spreading / de-spreading
In UMTS, the binary, digital subscriber data (1, 0) is converted on the transmission
side to bipolar data (+1, –1) before the spreading process takes place. The spreading
code also consists of bipolar data. The value of a chip can be +1 or –1. The
subscriber data is then multiplied by the high chip rate spreading code. The result is
the coded data, which is then transmitted over the radio interface.
The receiver multiplies the received, code data sequence with the bipolar spreading
code to obtain a bipolar data sequence. The original subscriber data is recovered by
converting this data sequence to binary, digital data.
16
UMTS Radio Access: Basic Principles Siemens
Spreading / De-Spreading
1 Symbol
Binary Data 1 0 1 0
+1
Bipolar SF = Rc / RS
Data -1
x =B/W
+1
Spreading
Code -1
= Bit / Symbol ®
+1 modulation principle
Spreaded
e.g.:
Data -1 GMSK: 1 / 1 (Bit/Symbol)
x BPSK: 1 / 1
+1 QPSK: 2 / 1
Spreading 8PSK: 3 / 1
Code -1
= B = bandwidth, spreaded
W = bandwidth, un-spreaded
+1 RS: Symbol Rate [symb/s]
Bipolar RB: Bit Rate [bit/s]
Data -1
RC: Chip Rate [chip/s]
SF = Spreading Factor
GMSK: Gaussian Minimum Shift Keying
BPSK: Binary Phase Shift Keying
Binary Data 1 0 1 0 QPSK: Quadrature PSK
8PSK: Eight PSK
1 Chip
Fig. 10
17
Siemens Radio Access: Basic Principles
UMTS Siemen
UMTS Radio Access: Basic Principles
18
UMTS Radio Access: Basic Principles Siemens
after +2 after +2
Integration Integration -2
-2
Þ User Data 1 1 0 1 Þ User Data 2 0 0 1
Fig. 11
19
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
Example CDMA:
IS-95 parameter:
IS-95 (2G) FDD / CDMA
B = 1,25 MHz
Rc = 1,2288 Mchip/s
SF = 64
Modulation: QPSK / BPSK (DL / UL)
Power Control: 800 cycles/s
time t
Duplex distance:
Power P
45 / 80 MHz at
800/1900 MHz
64 PN-Codes range (USA)
Fig. 12
20
UMTS Radio Access: Basic Principles Siemens
UTRA Basics
Zone 4: Global
Zone 3: Suburban
MSS
Zone 2: Urban
Zone 1:
Indoor
Macro-cell Micro-cell Pico-cell
FDD TDD
UTRA:
UMTS Terrestrial Radio Access
Fig. 13
21
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
22
UMTS Radio Access: Basic Principles Siemens
UTRA Conception
(ETSI)
Principle
Principle Supported
Supported by
by Remarks
Remarks
Phase 1: Ericsson,
Ericsson, Nokia,
Nokia, pure CDMA
UTRA studies aa-- NEC, Panasonic, pure CDMA
NEC, Panasonic,
(1996 - 06/97) concept
W-CDMA
W-CDMA Fujitsu,
Fujitsu, FDD;
FDD; 4.096
4.096Mchip/s;
Mchip/s;
concept 4,4
4,4 --5,2
5,2 MHz
Mitsubishi
Mitsubishi MHz
gg-- Philips,
Philips, Nokia,
Nokia,
W-TDMA
W-TDMA France TDMA
TDMA
concept
concept France Telecom
Telecom
Phase 2:
Evaluation
(06 - 12/97) UMTS-Alliance:
UMTS-Alliance: TDMA & CDMA
Bosch, TDMA & CDMA
dd-- TD-
TD- Siemens,
Siemens, Bosch,
Alcatel, T-Mobil, FDD/TDD
Alcatel, T-Mobil, FDD/TDD
concept
concept CDMA
CDMA Motorola, Nortel, 2.267
Motorola, Nortel, 2.267Mchip/s;
Mchip/s; 1,6
1,6 MHz;
MHz;
Italtel TS
TS // Frame
Frame wie
wie GSM
GSM
Selection of Italtel
a & d- Concept
(01/98) ee-- Vodaphone,
Vodaphone, option
option for
for
ODMA
ODMA
concept
concept Swiss
SwissTelecom
Telecom aa and
and dd
Fig. 14
23
UMTS
Siemens Radio Access: Basic Principles Siemen
UMTS Radio Access: Basic Principles
24
UMTS Radio Access: Basic Principles Siemens
UTRA conception
& harmonisation
W-CDMA TD/CDMA
cdma2000
a-concept d-concept
Phase 3: TD/CDMA
TDD
harmonisation
(01 - 06/98)
ETSI-ARIB UTRA UTRA
harmonisation FDD TDD
(05/98)
4,096 Mchip/s 5 MHz
Submission to ITU
(06/98)
Fig. 15
25
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
26
UMTS Radio Access: Basic Principles Siemens
UTRA conception
& harmonisation time t
time t
FDD TDD 15
Power P
Mode
Mode
Frame
Power P
1
TS
frequency f frequency f
Fig. 16
27
Siemens
UMTS Radio Access: Basic Principles Siemen
UMTS Radio Access: Basic Principles
28
UMTS Radio Access: Basic Principles Siemens
time t
Data Rate 15
Variation Data rate variation:
• SF = 1 - 16
• TS - combining
2
Power P
1 TDD Asymmetric
UL/DL allocation !!
flexible
Switching Point (min. 2 TS for DL/UL)
Example: UL DL
frequency f
time t
FDD SF =
Rc [chip/s] /
RS[symb/s]
Power P
frequency f
Fig. 17
29
Siemens Radio Access: Basic Principles
UMTS UMTS Radio Access: Basic Principles
Siemen
Channelization Codes
Channelization codes are used to separate channels from the same source.
For DL this channelization means the separation of different users (or, to take it a
step further, different applications of different users) by the BTS.
For UL the channelization means the separation of different applications used
simultaneously by the same UE. Up to 6 different applications are theoretically
possible from individual UE.
The channelization codes for the TDD and FDD modes are Orthogonal Variable
Spreading Factor (OVSF) codes and have orthogonal attributes.
Scrambling Codes
Scrambling codes are used to separate different sources.
For DL this means the separation of different BTS's. Each cell has a scrambling code
to allow the UE to distinguish between neighboring cells. The scrambling codes are
not globally unique cell codes.
For UL the scrambling means the separation of different items of UE in a cell. The
scrambling codes are assigned to the UE by UTRAN.
FDD and TDD use different scrambling codes. So-called gold codes 10 ms in length
(= 38400 chips) are used periodically in FDD. In TDD, sequences of 16 chips are
used periodically.
30
UMTS Radio Access: Basic Principles Siemens
different
differentBTS:
UTRA Scrambling
BTS:
ScramblingCodes
Codes BTS
Codes
Channelisation
ChannelisationCode Codeseparates
separates
ULULdifferent
differentapplications
applications
BTS ofof11UE
UE(max.
(max.6;6;SF
SFvariable)
variable)
Channelisation
ChannelisationCode
Code
separates
separatesDL
DLdifferent
differentUE
Spreading Code = UE
Channelisation Code
x Scrambling Code different
differentUE:
UE:
(TS 25.201) Scrambling
ScramblingCodes
Codes
(RNC
(RNCallocated)
allocated)
Channelization
ChannelizationCode:
Code:
BTS separates
separatesphysical
physicalchannels
channels
••DL:
DL: channelsofofthe
channels thesame
sameBTS
BTS
••UL:
UL: channels of the sameUE
channels of the same UE
Spreading
Spreading&&Modulation: Scrambling
TS
Modulation: ScramblingCode:
Code:
TS25.201
25.201(UTRA
(UTRAOverview)
Overview) separates
TS
TS25.213
25.213(FDD),
(FDD),
separatessources
sources
TS ••DL:
DL:separates
separatesdifferent
differentBTS
BTS
TS25.223
25.223(TDD)
(TDD)
••UL:
UL: separates differentUE
separates different UEinin11cell
cell
Fig. 18
31
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
32
UMTS Radio Access: Basic Principles Siemens
SF = 1 SF = 2 SF = 4 SF = 256
CC256,0
CC256,1
CC4,0 = (1,1,1,1)
CC256,2
CC2,0 = (1,1)
CC2,1 = (1,-1)
CC256,254
CC4,3 = (1,-1,-1,1) CC256,255
Fig. 19
33
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
Timeslot (TS)
A UTRA timeslot (TS) is defined as the length of 2560 chips: this corresponds to
duration of 2/3 ms. A timeslot is the shortest repetitive period in UTRA.
A timeslot for the TDD mode means the time frame allowed by an HF burst.
In the FDD mode specific information is exchanged cyclically between the UE and
network. An example of this is the power control information (Transmit Power Control
– TPC).
Frame
A UTRA frame is defined by the duration of 10 ms. A frame therefore contains 15
timeslots.
In the TDD mode, a frame is identical with the TDMA frame – i.e., the cyclical
repetitive pattern of the time slots.
In the FDD mode, a frame is the shortest possible transmission duration. Short data
packets for setting up a connection, for transmission of SMS messages or packet-
switched data packets are at least one frame in duration.
UTRA is a radio access solution allowing data rates that are not only flexible, but that
can also be dynamically adapted. A frame is likewise (for TDD and FDD) the shortest
period of time for changing the transmission rate.
Superframe
A UTRA superframe is defined as the duration of 72 frames – i.e., 720 ms.
A superframe is the counting period for defining physical channels. Since it exactly 6
times longer than a traffic channel (TCH) multiframe in GSM (= 120 ms), it enables
adaptation of the timing patterns between UMTS and GSM – as is essential for inter-
system handover between the two systems.
34
UMTS Radio Access: Basic Principles Siemens
UTRA
time
structure • shortest information unit in CDMA
2/3 ms
720 ms
Fig. 20
35
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
The main difference between the UTRA FDD and MDD modes is in the multiplex
methods used:
l The FDD mode uses pure DS-CDMA – i.e., broadband, continuous transmission
(minimum transmission duration: 1 frame = 10 ms).
l The TDD mode uses a hybrid solution of TDMA and DS-CDMA – i.e., broadband
but bursty transmission. The duration of a burst is one timeslot.
36
UMTS Radio Access: Basic Principles Siemens
UTRA
Key Parameters
• bandwidth B = 5 MHz
• chiprate Rc = 3,84 Mchip/s
• SF = Rc / RS = 1 - 16 (TDD)
4 - 256/512 (FDD)
Spreading Code =
Channelisation Code x Scrambling Code
• 1 TS = 2/3 ms = 2560 chip
• 1 frame = 10 ms
• 1 Superframe = 72 frames
• TDD: bursty structure (TS)
• FDD: continuous transmission (³ 10 ms)
Fig. 21
37
UMTS Radio Access: Basic Principles Siemens
UTRA Basics
GSM IS-95
harmonisation
(chipsets possible for UTRA TDD, FDD & MC-CDMA mode)
IMT-2000
MC-CDMA / UTRA / TD-SCDMA
Comparison
Fig. 22
38
Siemens
UMTS Radio Access: Basic Principles Siemen
UMTS Radio Access: Basic Principles
39
UMTS Radio Access: Basic Principles Siemens
MC-CDMA / UTRA
Carrier
MC-CDMA
Guard Band 1,25 MHz 1,25 MHz 1,25 MHz
625 kHz 625 kHz DL
Rc = n Carrier
1,2288 Mchip/s n = 1, 2, 3,
6, 9, 12
Rc = UL
Rc = 3,6864 Mchip/s n-fold
Rc = 2,4576 Mchip/s
1,2288 Mchip/s chip rate
1 2 3 4 5 MHz
Fig. 23
40
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
TD-SCDMA
TD-SCDMA =
UMTS R`4
Carrier Bandwidth 1.6 MHz Option
®LCR-TDD
Mode
Chip Rate 1.28 Mchps
Spreading Factors 1, 2, 4, 8, 16
10 ms
Radio Frame Length (divided into 2 sub-frames)
(each sub-frame 5 ms)
Timeslots 675 ms
Fig. 24
41
Appendix
Appendix Siemens
Appendix
Contents
1 Appendix 1: References 23
2 Appendix 2: Abbreviations 45
1
Appendix Siemens
1 Appendix 1: References
Books:
l V.K.G. Garg, K.F. Smolik, J.E. Wilkes, „Applications of CDMA in Wireless/Personal
Communications“, Feher / Prentice Hall digital and wireless communications series
(1997) ISBN 0-13-572157-1
l A.J. Viterbi: „CDMA: Principles of Spread Spectrum for third Generation Mobile
Communication“ (1995), ISBN 0-201-63374-4
l T. Ojanperä, R. Prasad: „ Wideband CDMA for third Generation Mobile
Communication“, (1998) ISBN 0-89006-735-X
l R. Prasad, W. Mohr, W. Konhäuser, „Third Generation Mobile Communications
Systems, Artech House Publishers (2000) ISBN 1-58053-082-6
l H. Holma, A. Toskala, “WCDMA for UMTS”, John Wiley & Sons, Ltd. (2000); ISBN
0-471-72051-8
l T. Ojanperä, R. Prasad, "Wideband CDMA: Towards IP Mobility and Mobile
Internet", Artech House Publishers (2001) ISBN 1-58053-180-6
l J. Korhonen: "Introduction to 3G Mobile Communications", Artech House
Publishers (2001) ISBN 1-58053-287-X
l Heikki Kaaranen, Naghian Siamak, "UMTS Network: Architecture, Mobility and
Services", Wiley, (2001) ISBN 0-47148-654-X
Magazines:
l Funkschau
l Gateway
l Mobilcom
l pcmobil
l Mobile Computer
l Amtsblatt der „Regulierungsbehörde für Telekommunikation und Post“
l SMG News (ETSI)
2
Siemens
Appendix Appendix
Siemen
3G Internet addresses:
l http://www.3gpp.org
l http://www.3gip.org
l http://www.itu.int/imt
l http://www.etsi.org
l http://www.umts-forum.org
l http://www.gsmworld.com
l http://www.cdg.org
3
Appendix Siemens
2 Appendix 2: Abbreviations
4
Siemens
Appendix Appendix
Siemen
BA BCCH Allocation
BCC Base transceiver station Color Code
BCCH Broadcast Control CHannel
BCH Broadcast CHannel
BER Bit Error Rate
BMC Broadcast / Multicast Control
BPSK Binary Phase Shift Keying
BS Base Station
BSC Base Station Controller
BSIC Base transceiver Station Identity Code
BSS Base Station System
BSSAP Base Station System Application Part
BSSMAP Base Station System Management Application Part
BTS Base Transceiver Station
5
Appendix Siemens
CA Cell Allocation
CAMEL Customized Applications for Mobile network Enhanced Logic
CAP CAMEL Application Part
CATT China Academy of Telecommunication Technology (China)
CC Call Control
CC Country Code
CCCH Common Control Channel
CCH Control CHannel
CCITT Comité Consulatif International Téléphonique et Télégraphique
CCS7 Common Channel signaling System No. 7
CCU Channel Coding Unit
CDMA Code Division Multiple Access
CEPT Conference Europèene des Postes et Telecommunication
CGI Cell Global Identity
CI Cell Identity
CN Core Network
CP Call Processing
CPCH Common Packet Channel
CPICH Common Pilot Channel
CS Coding Scheme
CS Circuit Switched
CSCF Call State Control Function
CTCH Common Traffic Channel
CUG Closed User Group
6
Siemens
Appendix Siemen
Appendix
7
Appendix Siemens
8
Siemens
Appendix Appendix
Siemen
9
Appendix Siemens
JD Joint Detection
JDC Japanese Digital Cellular
Kc cipher Key
Ki individual subscriber authentication Key
LA Location Area
LAI Location Area Identity
LAN Local Area Network
LAPDm Link Access Protocol on the Dm channel
LCR-CDMA Low Chip Rate CDMA
LEO Low Earth Orbital
LES Land Earth Station
LIC Line Interface Circuit
LMT Local Maintenance Terminal
LR Location Register
10
Siemens
Appendix Appendix
Siemen
11
Appendix Siemens
NB Normal Burst
NBAP Node B Application Part
NCC Network Color Code (PLMN color code)
NDC National Destination Code
NMT Nordic Mobile Telephone
NSS Network Switching Subsystem
12
Siemens
Appendix Appendix
Siemen
PA Power Amplifier
PACS Personal Access Communication System
PC Power Control
PCCH Paging Control Channel
P-CCPCH Primary Common Control Physical Channel
PCH Paging Channel
PCM Pulse Code Modulation
PCPCH Physical Common Packet Channel
PCU Packet Control Unit
PDA Personal Data Assistant
PDC Personal Digital Cellular (Japan)
PDCP Packet Data Convergence Protocol
PDN Packet Data Network
PDSCH Physical DL Shared Channel
PHS Personal Handy System (Japan)
PICH Page Indication Channel
PIN Personal Identification Number
PLMN Public Land Mobile Network
PMR Private Mobile Radio
PP Point-to-Point
PRACH Physical Random Access Channel
PSTN Public Switched Telephone Network
13
Appendix Siemens
RA Rate Adaptation
RACH Random Access CHannel
RANAP Radio Access Network Application Part
RAND RANDom number
REQ REQuest
RES RESponse
RF Radio Frequency
RFC Radio Frequency Channel
RFCH Radio Frequency CHannel
RFCN Radio Frequency Channel Number
RLC Radio Link Control
RNC Radio Network Controller
RNS Radio Network Subsystem
RNSAP Radio Network Subsystem Application Part
RRC Radio Resource Control
RRM Radio Resource Management
RSS Radio SubSystem
RX / Rx Receiver
14
Siemens
Appendix Siemen
Appendix
15
Appendix Siemens
16
Siemens
Appendix Siemen
Appendix
17
Fast link dependent scheduling
methods
y Round Robin (RR)
y Cyclically assign the channel to users without taking channel
conditions into account
y Simple but poor performance
y Proportional Fair (PF)
y Assign the channel to the user with the best relative channel quality
y High throughput, fair
y Max C/I Ratio
y Assign the channel to the user with the best channel quality
y High system throughput but not fair
Fast hybrid ARQ
Fast hybrid ARQ schemes