Mobile communication networks question and answer

bank

1
 UNIT I
Two marks questions
1. Mention the different types of random access protocols.

ALOHA, Slotted ALOHA, Carrier Sense Multiple Access, Carrier Sense

Multiple Access /Collision Detection.

2. Distinguish between 1G and 2G cellular networks.

First generation cellular systems introduced in early 1980’s were based on

analog FM technology and designed to carry narrow band circuit switched
voice services. Second generation cellular systems introduced in early 1990’s
use digital modulation and offers more spectral efficiency and voice quality.

3. Define a cell.

In mobile communication, the coverage area is divided into smaller areas

which are each served by it’s own base station. These smaller areas are
called cells.

4. What is frequency reuse?

Spatially reusing the available spectrum so that the same spectrum can
support multiple users separated by a distance is called frequency reuse.

5. What are the various types of wireless network topologies?

Infrastructure network topology and ad hoc topology.

6. Mention the various multiple access schemes used in wireless

communication.

Frequency Division Multiplexing Access, Time Division Multiplexing Access

and Code Division Multiplexing Access

7. What is co-channel interference?

Interference between signals from co channels are termed as co channel

interference

8. What is adjacent channel interference?

Interference resulting from signals which are adjacent in frequency to the

desired signal is called adjacent channel interference.

9. Mention the different types of cells.

2
 Femto cells, pico cells, micro cells, macro cells and mega cells.

10. What is a picocell?

Small cells inside a building that support local indoor networks such as
wireless LANs. Size of these cells are in the range of few tens of meters.

11. What is cellular topology?

Cellular topology refers to infrastructure topology employing frequency reuse

concept.

12. What are the various channel allocation techniques used in cellular
communication?

Fixed Channel Allocation, dynamic channel allocation and hybrid channel

allocation.

13. What is mobility management?

Mobility management refers to the operations required for tracking the mobile
and restructuring existing connections as it moves. Mobility management
consists of Location management and Handoff management

14.What is a cluster?

The N cells which collectively use the complete set of available frequencies is
called a cluster.

15.Distinguish between 3G and 4G cellular networks.

Details 3G including 2.5G (EDGE) 4G

Major requirement driving Predominantly voice driven, Converge data and voice
architecture data was always add on over IP

Network architecture Wide area cell-based Hybrid-integration of

WLAN (WiFi, Bluetooth)
and wireless wide-area
networks

Speeds 384 kbps to 2 Mbps 20 to 100 Mbps in mobile

mode

Frequency band Dependent on country or Higher frequency bands

continent (1.8 to 2.4 GHz) (2 to 8 GHz)

Bandwidth 5 to 20 MHz 100 MHz or more

3
Switching design basis Circuit and packet All digital with packetized
voice

Access technologies WCDMA, cdma2000 OFDM and multicarrier

(MC)-CDMA

Component design Optimized antenna design, Smart antenna, software

multiband adapters defined multiband and
wideband radios
Mobile top speed 200 km/h 200 km/h

16.What is radio resource management?

Radio resource management refers to the control signalling and associated protocols
employed to keep track of relationships between signal strength, available radio
channels in a system so as to enable a mobile station or the network to optionally
select the best radio resources for communication.

17.What are the technical issues in planning of a cellular network?

i. Selection of frequency reuse pattern for different radio transmission

techniques

j. Physical deployment and radio coverage modelling

k. Plans to account for the growth of the network

l. Analysis of the relationship between the capacity, cell size and the
cost of infrastructure

18.Define location management and handoff management.

Location management refers to the activities a wireless network should perform in

order to keep track of where the mobile is.

Handoff management handles the messages required to make the changes in the
fixed network to handle the change in location during a ongoing communication.

19.What is cell splitting?

This is the process of subdividing a congested cell into smaller cells, each with it’s
own base station and a corresponding reduction in antenna height and transmitter
power. Cell splitting increases the capacity of a cellular system since it increases the
number of times that channels are reused.

20.What is cell sectoring?

4
The co channel interference in a cellular system may be decreased by replacing a
single omni directional antenna at the base station by several directional antennas,
each radiating within a specified sector. By using directional antennas, a given cell
will receive interference and transmit with only a fraction of the available co channel
cells. This technique for reducing co channel interference and thus increasing
system performance by using directional antennas is called sectoring.

21. What is trunking efficiency ?

It is a measure of the number of users which can be offered a particular GOS with
a particular configuration of fixed channels.

22. What are the different types of Hand over?

• Intra-satellite hand over

• Inter-satellite hand over
• Gateway hand over
• Inter-system hand over

23. What is the necessity of Standards?

Standards help to ensure or promote the following;

• Wide variety of products and services to customers

• Interoperability between products and services made by different vendors.
• Easier introduction of PCS products into the national market.
• Healthy competitiveness among vendors, which in turn may lead to reduced
cost and improved product quality.
• Development and innovation according to common guidelines.
• More accessible services to customers

24. What are the applications of a satellite system?

• Weather forecasting.
• Radio and TV broadcast satellites.
• Military services.
• Navigation.

25. Give the benefits of paging systems?

• Wide spread coverage

• Long battery life
• Small light weight sets
• Economical

5
26. What is a page?

It is a brief message which is broadcast over the entire service area, usually in
a simulcast fashion by many base stations at the same time.

27. What are the channels used in mobile communication systems?

1. Forward voice channels (FVC)

2. Reverse voice channels (RVC)
3. Forward control channels (FCC)
4. Reverse Control channels (RCC)

28. What are the basic units of a Cellular system?

• Mobile stations
• Base stations
• Mobile Switching Center (MSC) or Mobile Telephone Switching Office
(MTSO).

29. What are the classifications of Wireless technologies and systems?

• Cellular mobile radio systems

• Cordless telephones
• Wide-area wireless data systems
• High-speed WLANs
• Paging/messaging systems
• Satellite-based mobile systems

30. What are the limitations of conventional mobile telephone system?

• Limited service capability

• Poor service performance
• Inefficient frequency spectrum utilization

31. What are the disadvantages of cellular systems with small cells?

• Requires complex infrastructure

• Requires frequent hand-over
• Involves complicated frequency planning

32. Define BCA.

Borrowing Channel Allocation is a method by which more frequencies are

allotted dynamically for high traffic cells.
6
33. What is breathe?

The cells in which the frequency allocation is based on CDMA technique

are called as breathe.

34. Why 800 MHz frequency is selected for mobiles?

Fixed Station Services - 30 MHz to 100 MHz

Television Broadcasting - 41 MHz to 960 MHz

FM Broadcasting - 100 MHz

Air to Ground system - 118 MHz to 136 MHz

Maritime mobile services - 160 MHz

Military Aircraft use - 225 MHz to 400 MHz

Frequency bands between 30 MHz to 400 MHz is crowded with large number
of services and above 10 GHz is not used due to propagation path loss,
multipath fading and improper medium due to rain activity. So 800 MHz is
chosen for mobile communication.

35. State the two different types of fading.

Long term fading & short term fading.

36. Define rayleigh fading.

It refers to the variation in the received signal which is due to the waves
reflected from surrounding buildings and other structures.

37. Define the term coherence bandwidth.

It is defined as the bandwidth in which either the amplitudes or the phases of

two received signals have a high degree of similarity.

38. What is direct wave path ?

It is the path which is clear from the terrain contour.

39. State the different analog systems available in 1G.

Advanced Mobile Phone System

European Total Access Communication System
7
 Nippon Telephone and Telegraph

40. What are the different digital cellular systems available in 2G.

Global system Mobile

Interim Standard -136
Pacific digital Cellular
Interim Standard -95

41. Mention the function of the base station.

The base station serves as a bridge between all mobile users in the cell and
connects the simultaneous mobile calls via telephone lines or microwave links to the
mobile switching center(MSC)

42. What are the functions of MSC?

The MSC coordinates the activities of all the base stations and connects the entire
cellular system to the PSTN.

43. Define foot print.

The actual radio coverage of a cell is known as the foot print. It is determined
from field measurements or propagation prediction models.

44. Define Dwell time.

The time over which a call may be maintained within a cell without handoff, is
called the dwell time.

45. State the methods used for handoff.

Mobile Controlled Handoff

Network Controlled Handoff
Mobile Assisted Handoff

46. State the types of modulation schemes used in mobile communication.

Gaussian minimum shift keying

Differential Quadrature Phase Shift Keying.

47. Explain free space propagation model.

This model is used to predict the received signal strength, when there is
unobstructed line-of-sight between the transmitter and receiver. The free
space power received by the receiving antenna which is separated from a
radiating transmitter antenna by a distance d is given by
8
 Pt Gt Gr λ2
Pr (d ) =
(4π )2 d 2 L
where Pr(d) is the received power, Pt is the transmitted power, Gt is the
transmitter antenna gain, Gr is the receiver antenna gain, L is the loss factor
and λ is wavelength in meters.

48. Define radar cross section.

Radar cross section of a scattering object is defined as the ratio of the power
density of the signal scattered in the direction of the receiver to the power density of
the radio wave incident upon the scattering object and has units of square meters.
49. What is far-field region?

The far-field or fraunhofer region, of the transmitting antenna is defined as the

region beyond the far-field distance df , which is related to the largest linear
dimension of the transmitter antenna aperture and the carrier wavelength.

50. What is the need of bistatic radar equation ?

The bistatic radar equation may be used to compute the received power due
to scattering in the far field in the urban mobile radio systems.

51. Name some of the outdoor propagation models.

Longely-Rico model
Durkin,s model
Okumura model

52. What are the effects of fading?

a. Rapid changes in signal strength over a small travel distance or time interval
b. Random frequency modulation due to varying Doppler shifts on different
multipath signals
c. Time dispersion(echoes) caused by multipath propagation delays

53. Expand PCS, PLMR, NLOS and DECT.

PCS - Personal Communication Systems.

PLMR – Public Land Mobile Radio
NLOS – Non Line Of Sight
DECT – Digital Equipment Cordless Telephone

54. Mention the three partially separable effects of radio propagation.

The three partially separable effects of radio propagation are,

Multi path fading
Shadowing
Path loss

9
55. Mention the basic propagation mechanisms, which impact propagation in
mobile communication.
The basic propagation mechanisms are,
Reflection
Diffraction
Scattering

56. What is reflection?

Reflection occurs when a propagating electromagnetic wave impinges upon

an object, which has very large dimension when compared to the wavelength
of propagating wave.

57. What is diffraction?

Diffraction occurs when the radio path between the transmitter and receiver is
obstructed by a surface that has sharp irregularities.

58. What is scattering?

Scattering occurs when the medium through which the wave travels consists
of objects with dimensions that are small compared to the wavelength and
where the number of obstacles per unit volume is large.

59. Define Brewster angle?

The Brewster angle is the angle at which no reflection occurs in the medium
of origin. It occurs when the incident angle is such that the reflection
coefficient Is equal to zero.

60. . What are the principles of Cellular Architecture?

• Low power Transmitters and Coverage Zones.

• Frequency Reuse.
• Cell splitting to increase Capacity.
• Hand off and Central Control.

61. Define adaptive equalizer.

To combat ISI, the equalizer coefficients should change according to the

channel status so as to track the channel variations. Such an equalizer is called an
adaptive equalizer since it adapts to the channel variations.

62. Where is decision feedback equalizer used?

The decision feedback equalizer is particularly used for channels with severe
amplitude distortions and has been widely used in wireless communications.

10
63. Write the basic algorithms used in adaptive equalization.

Zero forcing algorithm

Least Mean square algorithm
Recursive Least square algorithm

64. What is EIRP?

Effective isotropic radiated power is referenced to an isotropic source. The

difference between ERP and EIRP is 2dB
ERP=EIRP-2dB

65. What is PHP?

PHP means Personal Handy Phone System. It is otherwise called PHS. PHP
is a wireless communication TDD System which supports personal
communication services (PCS). It uses small, low-complexity light weight
terminals called Personal Stations (PSS).

66. Write down the applications of PHP?

PHP can be used for,

* Public Telephone
* Wireless PBX
* Home Cordless Telephone
* Walkie – talkie communication.

67 What are the features of PHP?

* Wider Coverage per cell.

* Operation in a mobile Outdoor environment,
* Faster and distributed control of handoffs.
* Enhanced authentication
* Encryption
* Privacy
* Circuit and packet-oriented data services.

68. What are the logical channels that the control channel consists?

* Broadcast control channel.

* Common control channel.
* User packet channel.
* Associated control channel.

69. What is BCCH?

11
 Broadcast control channel is a one way down link channel for broadcasting
control information from CS to PS.

70. What is CCCH?

CCCH is Common Control Channel Which sends out the control information
for call connection.

71. What is SIM?

SIM, which is memory device that store information such as the subscriber
identity number, the network and countries where the subscriber is entitled to
service, private key, and other user specified information.

72. What are main subsystems of GSM architecture?

i) Base station subsystem (BSS)

ii) Network &switching subsystem (NSS)
iii) Operation support subsystem (OSS)

73. What are frequencies used in forward and reverse link frequency in GSM?

(890-915) MHz- reverse link frequency

(935-960) MHz-forward link frequency

63. What are the channel types of GSM system?

i) GSM traffic channel

ii) GSM control channel
1. Broad cost channel
2. Common control channel
3. Dedicated control channel

74. What is CDMA digital cellar standard (is 95)?

IS-95- interim standard

IS 95 allows each user with in the a cell to use the same radio channel and
user in adjacent cell also use the same radio channel since this is a direct
sequence spread spectrum CDMA system.

75. What are frequencies used in forward and reverse link frequency in IS-95?

(824-849) MHz- reverse link frequency

(869-894) MHz-forward link frequency

12
76. If a cellular operator is allocated 12.5 MHz for each simple’s band and if
bandwidth is 12.5MHz guardband is 10 KHz & Bc=10khz find the number of
channel available in an FDMA system.

N= (bt --2 bguard) / Bc =(12.5 MHz-2(10 KHz))/ 10khz =416channel

77. State certain access technologies used in mobile satellite communication

systems.
FDMA, TDMA and CDMA.

78 State the different types of handoffs.

Soft handoff, hard handoff, forced handoff, delayed handoff and mobile
associated handoff.

79. What is intersystem handoff ?

During a course of a call, if a mobile moves from one cellular system to a
different cellular system controlled by a different MSC it is referred as
intersystem handoff.

80. State the expression that relates co channel reuse ratio (Q) to radius (R) of
a cell
Q = D/R
D – Distance between center of co channel cells

81. State the expression used to locate co channel cells.

N = i2 + ij + j2

82. Define the term dwell time.

The time over which a call may be maintained within a cell without handoff.

83. State the advantage of umbrella cell approach.

It provides large area coverage to high speed users while providing small area
coverage to users traveling at low speeds.

84. Define co channel cells.

The cells that operate with the same set of frequencies are referred as co
channel cells.

85. Define the term Erlong.

13
 One Erlong represents the amount of traffic intensity carried by a channel that
is completely occupied.

86. State the relation between traffic intensity (Au) and holding time (H).

Au = lH.
l = request rate

87. State the two types of trunked system.

Blocked call cleared system and Delayed call cleared system

88.How many co channel interferes are present in the first tier for a cluster size
of 7?

Six

89.What is CDPD?

CDPD is a Cellular packet digital Data System that uses packet switched data
The bit rate in the RF channel for CDPD is !9.2kbps

90.Write some features of TDMA?

*In TDMA , no. of time slots depends upon modulation technique ,available
bandwidth
*Data transmission occurs in bursts
*It uses different time slots for transmission and reception, then duplexers are
not required
*Adaptive equalization is necessary
* Guard time should be minimized

91Write some features of CDMA?

*In CDMA system, many users share the same frequency either TDD or FDD
may be used
*Channel data rate is high
*Multipath fading may be substantially reduced
*CDMA uses co –channel cells, it can use macroscopic spatial diversity to
provide soft hand off

92.Write the features of DECT?

· DECT provides a cordless communication framework for high traffic

intensity, short range telecommunication and covers a broad range of
applications and environment
· It supports telepoint services
14
 · It provides low power radio access between portable parts and fixed base
station’s at ranges of upto a few hundred meters

93.What are the interfaces used in the GSM?

GSM radio air interface

Abis interface
A interface

94.What are the types of services in GSM?

Tele sevices and Data services

95.Write some third generation wireless standards.

Personal communication system

IMT-2000
UMTS

96.What is Bluetooth?

It is an open standard that provides an ad-hoc approach for enabling various

devices to communicate with one another within nominal 10 meter range. It
operates in the 2.4 Ghz ISM band and uses frequency hopping TDD scheme
for each radio channel

97.What is the forward and reverse link frequency for AMPS?

(890-915) MHz- reverse link frequency

(935-960) MHz-forward link frequency

98.Write the specifications of DECT ?

Frequency band –1880-1900Mhz

No. of carriers - 10
RF channel bandwidth -1.728MHz
Multiplexing –FDMA/TDMA
Duplex-TDD

99.What is near-far effect in wireless network?

When used with FM or spread spectrum modulation, it is possible for the

strongest user to successfully capture the intended receiver , even when
many users are also transmitting . If the closest transmitter is able to capture
a receiver because of small propagation path loss, it is called as near -far
effect in wireless network

100. Write some standards used in 3G system

W-CDMA, UMTS
15
 Six marks questions

1. Explain the principle of frequency division multiple access.

Frequency division Multiple Access (FDMA) is a technology whereby the total

amount of spectrum is divided in a number of channels. Each channel can be
assigned to a different user. FDMA is commonly used in analog mobile radio,
including analogue cellular mobile telephone systems like AMPS, NMT and
TACS. Between the different used frequency channels is a small amount of
bandwidth not used. This space is called a guard band. This bandwidth is
necessary to cater for instability of the sender, frequency shifts due to
movement (the Doppler effect) and no-ideal filtering. FDMA is usually
implemented either in narrowband systems or to produce few subchannels
combined with other multiple access techniques (e.g., TDMA,CDMA). In
narrowband FDMA systems, the symbol time is usually large as compared
with the average delay spread, and hence, the amount of ISI is low and no
equalization is required. Furthermore, few bits are needed for overhead
purposes such as synchronization and framing as compared to TDMA. FDMA
systems have to cope with intermodulation (IM) products interference.Real
systems almost always include an FDMA component. In cellular systems, the
two directions, base to mobile station and vice versa, are usually separated in
frequency. This scheme is called FDD. Of course, both receiver and
transmitter have to know the frequencies in advance since the receiver must
be able to tune properly. It is not possible to jump arbitrarily in the frequency
domain, contrary to what can be done in the time domain.

The principle of FDMA.

16
2.Give the comparison between fixed channel allocation and dynamic channel
allocation.

Channel allocation deals with the allocation of channels to cells in a cellular

network. Once the channels are allocated, cells may then allow users within the
cell to communicate via the available channels. Channels in a wireless
communication system typically consist of time slots, frequency bands and/or
CDMA pseudo noise sequences, but in an abstract sense, they can represent
any generic transmission resource. There are two major categories for assigning
these channels to cells (or base-stations). They are

• Fixed Channel Allocation,

• Dynamic Channel Allocation

Fixed Channel Allocation

Fixed Channel Allocation (FCA) systems allocate specific

channels to specific cells. This allocation is static and
can not be changed. For efficient operation, FCA
systems typically allocate channels in a manner that
maximizes frequency reuse. Thus, in a FCA system, the
distance between cells using the same channel is the minimum reuse distance for
that system. The problem with FCA systems is quite simple and occurs whenever
the offered traffic to a network of base stations is not uniform. Consider a case in
which two adjacent cells are allocated N channels each. There clearly can be
situations in which one cell has a need for N+k channels while the adjacent cell only
requires N-m channels (for positive integers k and m). In such a case, k users in the
first cell would be blocked from making calls while m channels in the second cell
would go unused. Clearly in this situation of non-uniform spatial offered traffic, the
available channels are not being used efficiently. FCA has been implemented on a
widespread level to date.

17
Dynamic Channel Allocation

Dynamic Channel Allocation (DCA) attempts to alleviate the problem mentioned for
FCA systems when offered traffic is non-uniform. In DCA systems, no set
relationship exists between channels and cells. Instead, channels are part of a pool
of resources. Whenever a channel is needed by a cell, the channel is allocated
under the constraint that frequency reuse requirements can not be violated. There
are two problems that typically occur with DCA based systems.

• First, DCA methods typically have a degree of randomness associated with

them and this leads to the fact that frequency reuse is often not maximized
unlike the case for FCA systems in which cells using the same channel are
separated by the minimum reuse distance.
• Secondly, DCA methods often involve complex algorithms for deciding which
available channel is most efficient. These algorithms can be very
computationally intensive and may require large computing resources in order
to be real-time.

3.Write short note on Interim Standard-136.

IS-136 is a second-generation mobile phone systems, known as Digital

AMPS (D-AMPS). This system is most often referred to as TDMA. That name
is based on the acronym for time division multiple access, a common multiple
access technique which is used by multiple protocols, including GSM, as well
as in IS-54 and IS-136. However, D-AMPS has been competing against GSM
and systems based on code division multiple access (CDMA) for adoption by
the network carriers, although it is now being phased out in favor of GSM/
GPRS and CDMA2000 technology.

D-AMPS uses existing AMPS channels and allows for smooth transition
between digital and analog systems in the same area. Capacity was
increased over the preceding analog design by dividing each 30 kHz channel
pair into three time slots (hence time division) and digitally compressing the
18
 voice data, yielding three times the call capacity in a single cell. A digital
system also made calls more secure because analog scanners could not
access digital signals. IS-136 added a number of features to the original IS-54
specification, including text messaging, circuit switched data (CSD), and an
improved compression protocol. SMS and CSD were both available as part of

The technical specifications can be summarized as below:

Mobile Frequency Range Rx: 869-894 MHz; Tx: 824-849 MHz

Multiple Access Method TDMA/FDM
Duplex Method FDD
Number of Channels 832 (3 users per channel)
Channel Spacing/Bandwidth 30 kHz
Modulation π/4 DQPSK
Channel Bit Rate 48.6 kbit/s
Spectrum Efficiency 1.62 bit/s/Hz
Equalizer Unspecified
Interleaving 2 slot interleaver

4.Explain in detail the fading effects in wireless channel.

In wireless communications, fading is deviation of the attenuation that a carrier-

modulated telecommunication signal experiences over certain propagation
media. The fading may vary with time, geographical position and/or radio
frequency, and is often modelled as a random process. A fading channel is a
communication channel that experiences fading. In wireless systems, fading may
either be due to multipath propagation, referred to as multipath induced fading, or
due to shadowing from obstacles affecting the wave propagation, sometimes
referred to as shadow fading. The terms slow and fast fading refer to the rate at
which the magnitude and phase change imposed by the channel on the signal
changes. The coherence time is a measure of the minimum time required for the

19
magnitude change of the channel to become uncorrelated from its previous
value.

• Slow fading

arises when the coherence time of the channel is large relative to the
delay constraint of the channel. In this regime, the amplitude and phase
change imposed by the channel can be considered roughly constant over
the period of use. Slow fading can be caused by events such as
shadowing, where a large obstruction such as a hill or large building
obscures the main signal path between the transmitter and the receiver.
The amplitude change caused by shadowing is often modeled using a log-
normal distribution with a standard deviation according to the log-distance
path loss model.

• Fast fading

occurs when the coherence time of the channel is small relative to the
delay constraint of the channel. In this regime, the amplitude and phase
change imposed by the channel varies considerably over the period of
use.

In a fast-fading channel, the transmitter may take advantage of the variations in

the channel conditions using time diversity to help increase robustness of the
communication to a temporary deep fade. Although a deep fade may temporarily
erase some of the information transmitted, use of an error-correcting code
coupled with successfully transmitted bits during other time instances
(interleaving) can allow for the erased bits to be recovered. In a slow-fading
channel, it is not possible to use time diversity because the transmitter sees only
a single realization of the channel within its delay constraint. A deep fade
therefore lasts the entire duration of transmission and cannot be mitigated using
coding. The coherence time of the channel is related to a quantity known as the
Doppler spread of the channel. When a user (or reflectors in its environment) is
20
 moving, the user's velocity causes a shift in the frequency of the signal
transmitted along each signal path. This phenomenon is known as the Doppler
shift. Signals travelling along different paths can have different Doppler shifts,
corresponding to different rates of change in phase. The difference in Doppler
shifts between different signal components contributing to a single fading channel
tap is known as the Doppler spread. Channels with a large Doppler spread have
signal components that are each changing independently in phase over time.
Since fading depends on whether signal components add constructively or
destructively, such channels have a very short coherence time.

5. Explain the Power Control mechanism in CDMA

A proper power control on both the uplink and downlink has several
advantages: System capacity is improved or optimized. Mobile battery life is
extended. Radio path impairments are properly compensated for. Quality of
service (QoS) at various bit rates can be maintained. The reverse link (uplink)
uses a combination of open loop and closed loop power control to command
the mobile station to make power adjustments The mobile station and the
base station receiver measure the received power and use the measurements
to maintain a power level for adequate performance. The mobile unit
measurement is part of the open loop power control while the base station
measurement is part of the closed loop power control. In the closed loop
mode, the mobile station transmitter power is controlled by a signal from the
base station site. Each base station demodulator measures the received SNR
for that mobile station and sends a power command either to increase or
decrease mobile station power. The measure-command-react cycle is
performed at a rate of800 times per second for each mobile station in IS-95.
The power adjustment command is combined with the mobile’s open loop
estimate and the result is used to adjust the transmitter gain. This solves the
near far interference problem, reduces interference to other mobiles using the
same. CDMA radio channel, helps to overcome fading, and conserves battery
power in portable and mobile units. On the uplink, the objective of the mobile
station is to produce a nominal received power signal at the base station
receiver. Regardless of the mobile’s position or propagation loss, each mobile
21
should be received at the base station with almost the same power level. If
the mobile’s signal arrives at the base station with a lower power level than
the required power level, its error rate performance will be high. On the other
hand, if the mobile’s signal is too high, it will interfere with other users with the
same CDMA radio channel causing performance degradation unless the
traffic load is decreased. Similarly, a combination of open loop and closed
loop power control is used on the forward link (downlink) to keep SNR at the
mobile almost constant. Forward link power control mitigates the corner
problem. Mobiles at the edges of cells normally require more power than
those close to the center of the base station for two reasons: more
transmission loss and more interference from adjacent base stations. This is
known as the corner problem. Forward link power control minimizes
interference to mobiles in the same base station (in multipath environments)
as well as mobiles in other base stations. Using the downlink power control,
the base station transmits the minimum required power, hence, minimizes the
interference to mobiles in the surrounding base stations. The outer loop power
control is the finer power control over the closed loop power control. It adjusts

the target signal-to-interference ratio (SIR) in the base station according to the
needs of the individual radio links and aims at a constant quality, which is
usually defined as a certain target bit error rate (BER) or frame error ratio

22
 (FER). The required SIR depends on the mobile speed and multipath profile.
The outer loop power control is typically implemented by having the base
station to each uplink user data frame with frame quality indicator, such as a
cyclic redundancy check (CRC) result, obtained during decoding of the
particular user data frame.

6. Explain the channels in GSM

GSM uses a variety of channels in which the data is carried. In GSM, these
channels are separated into physical channels and logical channels. The
Physical channels are determined by the timeslot, whereas the logical
channels are determined by the information carried within the physical
channel. It can be further summarised by saying that several recurring
timeslots on a carrier constitute a physical channel. These are then used by
different logical channels to transfer information. These channels may either
be used for user data (payload) or signalling to enable the system to operate
correctly.The channels may also be divided into common and dedicated
channels. The forward common channels are used for paging to inform a
mobile of an incoming call, responding to channel requests, and broadcasting
bulletin board information. The return common channel is a random access
channel used by the mobile to request channel resources before timing
information is conveyed by the BSS.The dedicated channels are of two main
types: those used for signalling, and those used for traffic. The signalling
channels are used for maintenance of the call and for enabling call set up,
providing facilities such as handover when the call is in progress, and finally
terminating the call. The traffic channels handle the actual payload.

The following logical channels are defined in GSM:

TCHf - Full rate traffic channel.

TCH h - Half rate traffic channel.

23
 BCCH - Broadcast Network information, e.g. for describing the current
control channel structure. The BCCH is a point-to-multipoint channel
(BSS-to-MS).

SCH - Synchronisation of the MSs.

FCHMS - frequency correction.

AGCH - Acknowledge channel requests from MS and allocate a

SDCCH.

PCHMS - terminating call announcement.

RACHMS - access requests, response to call announcement, location

update, etc.

FACCHt - For time critical signalling over the TCH (e.g. for handover
signalling). Traffic burst is stolen for a full signalling burst.

SACCHt - TCH in-band signalling, e.g. for link monitoring.

SDCCH - For signalling exchanges, e.g. during call setup, registration /

location updates.

FACCHs - FACCH for the SDCCH. The SDCCH burst is stolen for a
full signalling burst. Function not clear in the present version of GSM
(could be used for e.g. handover of an eight-rate channel, i.e. using a
"SDCCH-like" channel for other purposes than signalling).

SACCHs - SDCCH in-band signalling, e.g. for link monitoring.

7. Explain the characteristics of HIPERLAN

HIPERLAN is a European standardization initiative for a HIgh PERformance

wireless Local Area Network. Radio waves are used instead of a cable as a
transmission medium to connect stations. Either, the radio transceiver is
mounted to the movable station as an add-on and no base station has to be
24
installed separately, or a base station is needed in addition per room. The
stations may be moved during operation-pauses or even become mobile. The
max. data rate for the user depends on the distance of the communicating
stations. With short distances (<50 m) and asynchronous transmission a data
rate of 20 Mbit/s is achieved, with up to 800 m distance a data rate of 1 Mbit/s
are provided. For connection-oriented services, e.g. video-telephony, at least
64 kbit/s are offered. The standard serves to ensure the possible
interoperability of different manufacturers' wireless communications
equipment that operate in this spectrum. The HIPERLAN standard only
describes a common air interface including the physical layer for wireless
communications equipment, while leaving decisions on higher level
configurations and functions open to the equipment manufacturers.

The choice of frequencies allocated to HIPERLAN was part of the 5-5.30 GHz
band being allocated globally to aviation purposes. The Aviation industry only
used the 5-5.15GHz frequency, thus making the 5.15-5.30 frequency band
accessible to HIPERLAN standards. HIPERLAN is designed to work without
any infrastructure. Two stations may exchange data directly, without any
interaction from a wired (or radio-based) infrastructure. The simplest
25
HIPERLAN thus consists of two stations. Further, if two HIPERLAN stations
are not in radio contact with each other, they may use a third station (i.e. the
third station must relay messages between the two communicating stations).
Products compliant to the HIPERLAN 5 GHz standard shall be possible to
implement on a PCMCIA Type III card. Thus the standard will enable users to
truly take computing power on the road.

8. Explain the characteristics of mobile ad hoc networks

Wireless, or single-hop networks, until recently were based on a fixed structure,

basically network nodes communicating to fixed infrastructure. Mobile ad-hoc
networking offers multi-hop communication, in effect network nodes communicating
via other nodes. In situations where networks are constructed and destructed in ad-
hoc manner, mobile ad-hoc networking is an excellent choice. The idea of mobile ad-
hoc or packet radio networks has been under development since 1970s. Since the
mid-90s, when the definition of standards such as IEEE802.11 helped cause
commercial wireless technology to emerge, mobile ad-hoc networking has been
identified as a challenging evolution in wireless technology. A mobile ad-hoc network
is a collection of mobile devices equipped with a transmitter and receiver, connected
in the absence of fixed infrastructure. Mobile ad-hoc network is defined with
characteristics such as purpose-specific, autonomous and dynamic. In comparison
with fixed wireless networks, there is no master slave relationship that exists in a
mobile ad-hoc network. Nodes rely on each other to established communication,
thus each node acts as a router. Therefore, in a mobile ad-hoc network, a packet
can travel from a source to a destination either directly, or through some set of
intermediate packet forwarding nodes.

The control and management of mobile ad-hoc network is distributed among the
participating nodes. Each node is responsible to forward packet to other nodes in the
networks. The nodes are also collaborate themselves to implement network routine
functions such as security. Nodes in mobile ad-hoc network are highly mobile which
causes network topology to change rapidly and unpredictably. Moreover the
connectivity among the hosts varies with time. In most cases, mobile ad-hoc

26
 networks operate on low power devices. Normally these devices have low CPU
process capability and small memory sizes, thus affect the capability of the mobile
ad-hoc network to reach other devices. Routing in mobile ad-hoc network, meaning
transferring packets from source to destination, is different than traditional routing in
a fixed network. Routing in mobile ad-hoc networking depends on many factors
which includes topology, selection of routers, initiation of request and available
bandwidth.

9. Explain in detail about denial of service attacks?

A denial-of-service attack (DoS attack) or distributed denial-of-service attack

(DDoS attack) is an attempt to make a computer resource unavailable to its
intended users. Although the means to carry out, motives for, and targets of a
DoS attack may vary, it generally consists of the concerted efforts of a person
or people to prevent an Internet site or service from functioning efficiently or at
all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites
or services hosted on high-profile web servers such as banks, credit card
payment gateways, and even root nameservers. The term is generally used
with regards to computer networks, but is not limited to this field, for example,
it is also used in reference to CPU resource management. One common
method of attack involves saturating the target (victim) machine with external
communications requests, such that it cannot respond to legitimate traffic, or
responds so slowly as to be rendered effectively unavailable. In general
terms, DoS attacks are implemented by either forcing the targeted
computer(s) to reset, or consuming its resources so that it can no longer
provide its intended service or obstructing the communication media between
27
 the intended users and the victim so that they can no longer communicate
adequately.

A "denial-of-service" attack is characterized by an explicit attempt by attackers

to prevent legitimate users of a service from using that service. Attacks can be
directed at any network device, including attacks on routing devices and web,
electronic mail, or Domain Name System servers.A DoS attack can be
perpetrated in a number of ways. The five basic types of attack are:

1. Consumption of computational resources, such as bandwidth, disk

space, or processor time
2. Disruption of configuration information, such as routing information.
3. Disruption of state information, such as unsolicited resetting of TCP
sessions.
4. Disruption of physical network components.
5. Obstructing the communication media between the intended users and
the victim so that they can no longer communicate adequately.

A DoS attack may include execution of malware intended to:

• Max out the processor's usage, preventing any work from occurring.
• Trigger errors in the microcode of the machine.
• Trigger errors in the sequencing of instructions, so as to force the
computer into an unstable state or lock-up.
• Exploit errors in the operating system, causing resource starvation and/or
thrashing, i.e. to use up all available facilities so no real work can be
accomplished.
• Crash the operating system itself.
• A permanent denial-of-service (PDoS), also known loosely as phlashing is
an attack that damages a system so badly that it requires replacement or
reinstallation of hardware. Unlike the distributed denial-of-service attack, a
PDoS attack exploits security flaws which allow remote administration on
the management interfaces of the victim's hardware, such as routers,
printers, or other networking hardware. The attacker uses these

28
 vulnerabilities to replace a device's firmware with a modified, corrupt, or
defective firmware image—a process which when done legitimately is
known as flashing. This therefore "bricks" the device, rendering it unusable
for its original purpose until it can be repaired or replaced.
• The PDoS is a pure hardware targeted attack which can be much faster
and requires fewer resources than using a botnet in a DDoS attack.
Because of these features, and the potential and high probability of
security exploits on Network Enabled Embedded Devices (NEEDs), this
technique has come to the attention of numerous hacker communities.

10. What are the security threats to wireless networks?

Signals in wireless networks are omni directional and spread beyond the
desired coverage area. Due to this weakness, many active and passive
methods are available for doing attacks in wireless network transmission.
Inserting the data into wireless networks or modifying any transmitted data is
called active method whereas passive methods include monitoring the traffic
in promiscuous mode to get information about wireless networks.Major
security threats which are possible in wireless networks are as follows:

· Active Scanning / Probing Threat:

The most common threat of wireless networks is doing attack by Active
software like Net Stumber (for Windows) and Dstumber (for Unix/ Linux).
These software works on the method of active scanning. Attacks transmit the
probe request to find any access point. If any access point is available, it will
transmit probe response for that request. This response frame consists of
SSID, Source/Destination MAC Address. Once attack captures this response
frame, he/she has all the necessary information to enter in the network.
Hence, if there is not any strong authentication mechanism, attackers may
easily enter in the network.

· Spoofing Threat:
Another major threat in wireless networks is ‘MAC Address Spoofing’ which
alters the manufacture assigned MAC address to any other value. This is
29
conceptually different than traditional IP address spoofing where an attacker
sends data from any arbitrary source address and does not expect to see a
response to their actual source IP address. An attacker may choose ‘MAC
Address Altering’ for several reasons, e.g. to bypass access control list, to
impersonate an already authenticated user or disguising his/her presence on
the network.

802.11 Beacon Flood Threat:

This technique requires generating thousands of counterfeit/fake 802.11
beacon frames and then transmits them on the network. Beacon frame
contains the information about SSID of the network. Hence, it becomes
difficult for the client to choose correct SSID to find a legitimate AP. There are
several tools available nd transmit the fake beacon frames.

· Authentication/ De Authentication Flood Threat:

In this, the attacker broadcasts the association or authentication request
frames from the fake addresses to either access point (infrastructure mode) or
to clients e). So, access point or client sends reply and keep the information
about that request for some time in memory and wait for response, which is
never going to come. Thus they are loaded with false authentication/ de-n
requests and legitimate entities are put on hold for sometime, hence denying
services to them.

· Threat from Unauthorized Devices:

In case of wireless networks, unauthorized access are not only limited to
clients, but it is also applicable to access points. Sometimes, an authorized
person, due to suspicious users does not plant these access points. Once
planted, this rouge access point is configured to operate on higher
broadcasting power and as a valid access point. Sometimes, the legitimate
users plant access point to improve their coverage.

· Jamming Threat:

30
 One of the most famous security threats for wireless networks is jamming. In
this, the attacker operates on the same frequency and channel of the target
network. He/she operates at higher power, thus disabling the actual access
point. Sometimes, the network arrives at standstill position and user fears that
network is attacked.

· ‘Man in the Middle’ Threat:

Wireless networks are also prone to ‘Man in the Middle’ attack. In this, an
attacker sends management frames to client and force them dissociate from
valid access point and prompt them to join another fake access point setup by
an attacker posing as valid access point.

11. Describe in detail the Radio Propagation and Propagation Path-Loss

Models

Exponential growth of mobile communications has increased interest in many

topics in radio propagation. Much effort is now devoted to refine radio
propagation path-loss models for urban, suburban, and other environments
together with substantiation by field data. Radio propagation in urban areas is
quite complex because it often consists of reflected and diffracted waves
produced by multipath propagation. Radio propagation in open areas free
from obstacles is the simplest to treat, but, in general, propagation over the
earth and the water invokes at least one refl ected wave. For closed areas
such as indoors, tunnels, and underground passages, no established models
have been developed as yet, since the environment has a complicated
structure. However, when the environmental structure is random, the Rayleigh
model used for urban area propagation may be applied. When the
propagation path is on line of sight, as in tunnel and underground passages,
the environment may be treated either by the Rician model or waveguide
theory. Direct wave models may be used for propagation in a corridor. In
general, radio wave propagation consists of three main attributes: reflection,
diffraction and scattering. Reflection occurs when radio wave propagating in

31
 one medium impinges upon another medium with different electromagnetic
properties. The amplitude and phase of the reflected wave are strongly
related to the medium’s instrinsic impedance, incident angle, and electric field
polarization. Part of the radio wave energy may be absorbed or propagated
through the reflecting medium, resulting in a reflected wave that is attenuated.
Diffraction is a phenomenon by which propagating radio waves bend or
deviate in the neighborhood of obstacles. Diffraction results from the
propagation of wavelets into a shadowy region caused by obstructions such
as walls, buildings, mountains, and so on. Scattering occurs when a radio
signal hits a rough surface or an object having a size much smaller than or on
the order of the signal wavelength. This causes the Signal energy to spread
out in all directions. Scattering can be viewed at the receiver as another radio
wave source. Typical scattering objects are furniture, lamp posts, street signs,
and foliage.

12. Write short note on frequency reuse and hexagonal cell pattern

Frequency reuse

Cellular systems seeks to make an efficient use of available channels by

employing low-power transmitters to allow frequency reuse at much smaller
32
 distances Maximizing the number of times each channel may be reused in a
given geographic area is the key to an efficient cellular system design.
Cellular systems are designed to operate with groups of low-power radios
spread out over the geographical service area. Each group of radios serve
mobile stations located near them. The area served by each group of radios is
called a cell. Each cell has an appropriate number of low-power radios to
communicate within the cell itself. The power transmitted by the cell is chosen
to be large enough to communicate with mobile stations located near the
edge of the cell. The radius of each cell may be chosen to be perhaps 28 km
(about 16 miles) in a start-up system with relatively few subscribers, down to
less than 2 km (about 1 mile) for a mature system requiring considerable
frequency reuse.

Hexagonal Cell Geometry

As the traffic grows, new cells and channels are added to the system. If an
irregular cell pattern is selected, it would lead to an inefficient use of the
spectrum due to its inability to reuse frequencies because of cochannel
interference. In addition, it would also result in an uneconomical deployment
of equipment, requiring relocation from one cell site to another. Therefore, a
33
 great deal of engineering effort would be required to readjust the
transmission, switching, and control resources every time the system goes
through its development phase. The use of a regular cell pattern in a cellular
system design eliminates all these difficulties. In reality, cell coverage is an
irregularly shaped circle. The exact coverage of the cell depends on the
terrain and many other factors. For design purposes and as a first-order
approximation, we assume that the coverage areas are regular polygons. For
example, for omnidirectional antennas with constant signal power, each cell
site coverage area would be circular. To achieve full coverage without dead
spots, a series of regular polygons are required for cell sites. Any regular
polygon such as an equilateral triangle, a square, or a hexagon can be used
for cell design.The hexagon is used for two reasons: a hexagonal layout
requires fewer cells and, therefore, fewer transmitter sites, and a hexagonal
cell layout is less expensive compared to square and triangular cells. In
practice, after the polygons are drawn on a map of the coverage area, radial
lines are drawn and the signal-to-noise ratio (SNR) calculated for various
directions using the propagation

13. Write short note on medium access techniques

A typical scenario in a wireless network is shown in fig 1. The MSs have to

compete for a shared medium. Each MS has a transmitter/receiver that
communicates with other MSs.

34
 MS 3

MS 2 MS 4

Shared multiple access

medium

MS 1 MS n

Fig 1 Multiple access of a shared medium in wireless network

In a general scheme, transmission from any MS can be received by all other

MSs in the neighborhood. Therefore, if more than one MS attempts to transmit at
one time, collision occurs and MSs receiving the information cannot interpret or
differentiate what id being transmitted. These situations are called collisions in the
medium. Collisions must be avoided and this is done using medium access control
(MAC) techniques. Thus the primary function of MAC is to minimize or eliminate the
incidence of collisions to achieve a reasonable utilization of the medium. The two
basic approaches in MAC are random access and scheduling.

Random access

The different types of random access protocols are

i. ALOHA
ii. Slotted ALOHA
iii. Carrier Sense Multiple Access
iv. Carrier Sense Multiple Access with Collision Detection
Scheduling approaches to medium access control

These approaches attempt to produce an orderly access to the transmission

medium. The different types of scheduling protocols are

35
 i. Reservation systems
ii. Polling

14. Explain shortly about CDMA

In the mid-l980s, several researchers saw the potential for a technology primarily
used in military applications to also be used for cellular communications. This
technology, spread spectrum communications, which involve transforming
narrowband information to a wideband signal for transmission, was seen as a mean
of addressing potential capacity limitations of TDMA systems (which result from the
fact that the number of users on any single frequency is restricted by the number of
available time slots). A spread spectrum system operates by transforming the
narrowband information of an individual user into wideband information by using
high- frequency codes, each unique for that particular user. By assigning different
users unique codes, a multiple-access system is possible, i.e, code division multiple
access (CDMA). Moreover, in a CDMA system, frequency reuse limitations Seen in
FDMA and TDMA systems are not quite so critical, as multiple mobile stations and
base stations can occupy the same frequencies at once. Qualcomm Incorporated in
San Diego, California, developed the first CDMA cellular system for widespread
deployment in the early 1990s, culminating with the standardization of Qualcomm's
CDMA solution by the Telecommunications Industry Association (TIA) in 1992.
More recently, CDMA has formed the basis for enhancing cellular systems around
the world. CDMA spread spectrum systems come in two types: frequency hopped
and direct sequence. CDMA using frequency hopping involves a user transmitting
over multiple frequencies consecutively in time in a pseudorandom manner.
Pseudorandom in this case refers to the fact that the sequence of transmission
frequencies is known at the transmitter and receiver, but appears random to any
other receiver. An example of a frequency hopping sequence is given in Figure 1.
Slow-hopping systems involve a changing of frequencies at a slower rate than the
information bit rate, whereas fast-hopping requires a much faster change of the
transmission frequency than the information bit rate. Frequency hopped systems are
limited by the total number of hopping frequencies available. If two users hop to the
same frequency at once, they will interfere with one another.Direct-sequence

36
systems work by modulating the user's information signal with a sequence known to
the receiver and transmitter. This sequence is generated at a much higher rate than
the user signal, literally "spreading" the user's signal bandwidth. This process is
illustrated in Figure 2. All commercial cellular CDMA systems use direct-sequence
spreading as opposed to frequency hopping.

Fig 1 Frequency hopping sequence

Fig 2 Direct sequence spreading of information

37
 Ten Marks questions

1. Explain the development history of mobile radio systems.

1921 - Detroit Michigan Police Dept. made the earliest significant use of
Mobile radio in a vehicle in the United States. The system operated at a
frequency close to 2 MHz. The channels soon became overcrowded.

1940 - New frequencies between 30 and 40 MHz were made available.

Increasing the available channels encouraged a substantial buildup of police
systems. Shortly thereafter other users found a need for this form of
communication. Private individuals, companies, and public agencies
purchased and operated their own mobile units.

1945 - First public mobile telephone system in the U.S. was inaugurated in St.
Louis, Missouri with three channels at 150 MHz. Six channels spaced 60 kHz
apart were allocated for this service by the FCC, but the mobile equipment
was not sophisticated enough to prevent interference.

1947 - A Public mobile system using frequencies in the 35 to 44 MHz band

began operations along the highway between New York and Boston. These
frequencies were thought to carry greater distances however a problem with
skip-distance propagation carried interfering conversations for long distances.
These early mobile telephone systems used push-to-talk operation.

1949 - FCC authorized separate radio channels to common carrier entities

known as "Radio Common Carriers" (ROC). These companies do not provide
public telephone service, but interconnect to the public telephone network to
provide mobile telephone services equivalent to the wire line common
carriers.

38
1955 - Number of wire line channels available at 150 MHz was expanded
from 5 to 11 by the creation of new channels between the old ones (channel
spacing of 30 kHz).

1956 - 12 wire line channels were added near 450 MHz. All systems operated
in a manual mode, with each call to or from a mobile unit being handled by a
special mobile telephone operator.

1964 - A new system (150 MHz) was developed providing automatic channel
selection for each call, eliminated the need to push-to-talk operation, and
allowed customers to do their own dialing.

1969 - Automatic capability was extended to the 450 MHz band and the so
called "Improved Mobile Telephone System" (IMTS) became the standard for
mobile telephone service in the U.S.

Advanced Systems (Cellular Concept)

As early as 1947, it was realized that small cells with frequency reuse could
increase traffic capacity substantially and the basic cellular concept was
developed. However, the technology did not exist.

1953 - AT&T proposed to the FCC a broadband mobile telephone system to

operate in the 800 MHz region.

1970 - FCC announced a tentative allocation of 75 MHz in the 800 MHz

region and invited industry to submit proposals for achieving communication
objectives and demonstrating feasibility.

1971 - AT&T responds with a technical report asserting feasibility by detailing

how a "cellular system" might be composed. No other proposed systems were
submitted to the FCC.

1974 - FCC makes a firm allocation of 40 MHz for mobile telephone service
and solicited applications for developmental Systems to prove the feasibility of
so-called "Cellular Systems" but because of the beginnings of Bell Systems
divestiture proceedings, ruled that Western Electric could not manufacture
cellular terminal equipment. This was because Western Electric makes the
39
 network equipment and the restriction from selling both terminal and network
products were to prevent further monopolization.

1975 - AT&T applied for authorization to operate a developmental cellular

system in Chicago.

1977 - License granted in March of 1977. Illinois Bell Telephone constructs

and operates a developmental cellular system.

1978 - Mid 1978 the Equipment Test phase commenced. The Service Test-
phase started in late 1978. Twenty-one hundred mobile sets were procured
from three suppliers for the test and the system served over 2000 trial
customers.

1981 - FCC issues standard rules and due to the direction already taken, In
the Bell System divestiture proceedings, now rules that Western Electric is
permitted to manufacture cellular terminals as well as the network equipment.

In the years between 1974 and 1981, AT&T Bell Labs worked with all other cellular
terminal vendors to develop their cellular phones so that consumers would have
quality products available to use on the cellular network.

2. Explain in detail IEEE 802.11 MAC layer structure

The MAC sublayer is responsible for the channel allocation procedures,

protocol data unit (PDU) addressing, frame formatting, error checking, and
fragmentation and reassembly. The transmission medium can operate in the
contention mode exclusively, requiring all stations to contend for access to the
channel for each packet transmitted. The medium can also alternate between
the contention mode, known as the contention period (CP), and a contention-
free period (CFP). During the CFP, medium usage is controlled (or mediated)
by the AP, thereby eliminating the need for stations to contend for channel
access. IEEE 802.11 supports three different types of frames: management,
control, and data. The management frames are used for station association
and disassociation with the AP, timing and synchronization, and
authentication and deauthentication. Control frames are used for handshaking

40
 during the CP, for positive acknowledgments during the CP, and to end the
CFP. Data frames are used for the transmission of data during the CP and
CFP, and can be combined with polling and acknowledgments during the
CFP. The standard IEEE 802.11 frame format is illustrated in Fig. 1 The IEEE
standard 48-bit MAC addressing is used to identify a station. The 2 duration
octets indicate the time (in microseconds) the channel will be allocated for
successful transmission of a MAC protocol data unit (MPDU). The type bits
identify the frame as either control, data or management. The subtype bits
further identify the type of frame (e.g., Clear to Send control frame). A 32-bit
cyclic redundancy check (CRC) is used for error detection.

Fig 1. IEEE 802.11 MAC frame format

DISTRIBUTED COORDINATION FUNCTION

The DCF is the fundamental access method used to support asynchronous
data transfer on a best effort basis. As identified in the specification, all
stations must support the DCF. The DCF operates solely in the ad hoc
network, and either operates solely or coexists with the PCF in an
infrastructure network. The MAC architecture is depicted in Fig. 2, where it is
shown that the DCF sits directly on top of the physical layer and supports
contention services. Contention services imply that each station with an
MSDU queued for transmission must contend for access to the channel and,
once the MSDU is transmitted, must recontend for access to the channel for
all subsequent frames. Contention services promote fair access to the
channel for all stations. The DCF is based on carrier sense multiple access
with collision avoidance (CSMA/CA). CSMA/CD (collision detection) is not
41
used because a station is unable to listen to the channel for collisions while
transmitting. In IEEE 802.11, carrier sensing is performed at both the air
interface, referred to as physical carrier sensing, and at the MAC sublayer,
referred to as virtual carrier sensing. Physical carrier sensing detects the
presence of other IEEE 802.11 WLAN users by analyzing all detected
packets, and also detects activity in the channel via relative signal strength
from other sources. A source station performs virtual carrier sensing by
sending MPDU duration information in the header of request to send (RTS),
clear to send (CTS), and data frames. An MPDU is a complete data unit that
is passed from the MAC sublayer to the physical layer. The MPDU contains
header information payload, and a 32-bit CRC. The duration field indicates the
amount of time (in microseconds) after the end of the present frame the
channel will be utilized to complete the successful transmission of the data or
management frame. Stations in the BSS use the information in the duration
field to adjust their network allocation vector (NAV), which indicates the
amount of time that must elapse until the current transmission session is
complete and the channel can be sampled again for idle status. The channel
is marked busy if either the physical or virtual carrier sensing mechanisms
indicate the channel is busy. Priority access to the wireless medium is
controlled through the use of interframe space (IFS) time intervals between
the transmission of frames. The IFS intervals are mandatory periods of idle
time on the transmission medium. Three IFS intervals are specified in the
standard: short IFS (SIFS), point coordination function IFS (PIFS), and DCF-
IFS (DIFS). The SIFS interval is the smallest IFS, followed by PIFS and DIFS,
respectively. Stations only required to wait a SIFS have priority access over
those stations required to wait a PIFS or DIFS before transmitting; therefore,
SIFS has the highest-priority access to the communications medium. For the
basic access method, when a station senses the channel is idle, the station
waits for a DIFS period and samples the channel again. If the channel is still
idle, the station transmits an MPDU. The receiving station calculates the
checksum and determines whether the packet was received correctly. Upon
receipt of a correct packet, the receiving station waits a SIFS interval and

42
 transmits a positive acknowledgment frame (ACK) back to the source station,
indicating that the transmission was successful.

POINT COORDINATION FUNCTION (PCF)

The PCF is an optional capability, which is connection-oriented, and provides
contention-free (CF) frame transfer. The PCF relies on the point coordinator (PC) to
perform polling, enabling polled stations to transmit without contending for the
channel. The function of the PC is performed by the AP within each BSS. Stations
within the BSS that are capable of operating in the CF period (CFP) are known as
CF-aware stations. The method by which polling tables are maintained and the
polling sequence is determined, is left to the implementor. The PCF is required to
coexist with the DCF and logically sits on top of the DCF (Fig. 2). The CFP repetition
interval (CFP_Rate) is

Fig 2. MAC Architecture

used to determine the frequency with which the PCF occurs. Within a
repetition interval, a portion of the time is allotted to contention-free traffic, and
the remainder is provided for contention-based traffic. The CFP repetition
interval is initiated by a beacon frame, where the beacon frame is transmitted
by the AP. One of its primary functions is synchronization and timing. The
duration of the CFP repetition interval is a manageable parameter that is
always an integral number of beacon frames. Once the CFP_Rate is

43
 established, the duration of the CFP is determined. The maximum size of the
CFP is determined by the manageable parameter CFP_Max_Duration. The
minimum value of CFP_Max_Duration is the time required to transmit two
maximum-size MPDUs, including overhead, the initial beacon frame, and a
CF-End frame. The maximum value of CFP_Max_Duration is the CFP
repetition interval minus the time required to successfully transmit a
maximumsize MPDU during the CP (which includes the time for RTS/CTS
handshaking and the ACK). Therefore, time must be allotted for at least one
MPDU to be transmitted during the CP. It is up to the AP to determine how
long to operate the CFP during any given repetition interval. If traffic is very
light, the AP may shorten the CFP and provide the remainder of the repetition
interval for the DCF. The CFP may also be shortened if DCF traffic from the
previous repetition interval carries over into the current interval. The maximum
amount of delay that can be incurred is the time it takes to transmit an
RTS/CTS handshake, maximum MPDU, and ACK

3.Explain the IEEE 802.11 physical layer

The IEEE 802.11 draft specification calls for three different physical-layer
implementations: They are
frequency hopping spread spectrum (FHSS),
direct sequence spread spectrum (DSSS), and
Infra Red.
The FHSS utilizes the 2.4 GHz Industrial, Scientific, and Medical (ISM) band
(i.e., 2.4000–2.4835 GHz). In the United States, a maximum of 79 channels
are specified in the hopping set. The first channel has a center frequency of
2.402 GHz, and all subsequent channels are spaced 1 MHz apart. The 1 MHz
separation is mandated by the FCC for the 2.4 GHz ISM band. The channel
separation corresponds to 1 Mb/s of instantaneous bandwidth. Three different
hopping sequence sets are established with 26 hopping sequences per set.
Different hopping sequences enable multiple BSSs to coexist in the same
geographical area, which may become important to alleviate congestion and
maximize the total throughput in a single BSS. The reason for having three

44
different sets is to avoid prolonged collision periods between different hopping
sequences in a set. The minimum hop rate permitted is 2.5 hops/s. The basic
access rate of 1 Mb/s uses two-level Gaussian frequency shift keying (GFSK),
where a logical 1 is encoded using frequency Fc + f and a logical 0 using
frequency Fc – f. The enhanced access rate of 2 Mb/s uses four-level GFSK,
where 2 bits are encoded at a time using four frequencies.
The DSSS also uses the 2.4 GHz ISM frequency band, where the 1 Mb/s
basic rate is encoded using differential binary phase shift keying (DBPSK),
and a 2 Mb/s enhanced rate uses differential quadrature phase shift keying
(DQPSK). The spreading is done by dividing the available bandwidth into 11
subchannels, each 11 MHz wide, and using an 11-chip Barker sequence to
spread each data symbol. The maximum channel capacity is therefore (11
chips/ symbol)/(11 MHz) = 1 Mb/s if DBPSK is used. Overlapping and
adjacent BSSs can be accommodated by ensuring that the center frequencies
of each BSS are separated by at least 30 MHz [3]. This rigid requirement will
enable only two overlapping or adjacent BSSs to operate without interference.

45
 Fig IEEE 802.11 physical layer activities

The IR specification identifies a wavelength range from 850 to 950 nm. The IR
band is designed for indoor use only and operates with nondirected
transmissions. The IR specification was designed to enable stations to receive
line-of-site and reflected transmissions. Encoding of the basic access rate of 1
Mb/s is performed using 16-pulse position modulation (PPM), where 4 data
bits are mapped to 16 coded bits for transmission. The enhanced access rate
(2 Mb/s) is performed using 4-PPM modulation, where 2 data bits are mapped
to 4 coded bits for transmission.
IEEE 802.11a makes use of 5-GHz band and Provides rates of 6, 9 ,
12, 18, 24, 36, 48, 54 Mbps. It uses orthogonal frequency division multiplexing
(OFDM) as the physical layer. It is basically a multicarrier system in which the

46
 subcarriers used are orthogonal to each other. The subcarriers are modulated
using BPSK, QPSK, 16-QAM or 64-QAM.

IEEE 802.11b standard provides data rates of 5.5 and 11 Mbps. In this
case the barker code used for spreading is replaced by complementary code
keying (CCK) modulation scheme shown below.

Fig 11Mbps CCK modulation scheme

4. Explain in detail about the Mobile radio standards around the world.

Many mobile radio standards have been developed for Wireless

systems throughout the world, and more standards are likely to emerge.
Some of the standards prevalent throughout the world are listed below.

The world’s first cellular system was implemented by the Nippon Telephone
and Telegraph Company (NTT) in Japan. The system deployed in 1979, uses
6—FM Duplex channels (25 KHz for each one way link) in the 800 MHz band.

MOBILE RADIO STANDARDS IN NORTH AMERICA

Year of Multiple Frequency Channel

Standard Type Modulation
Introduction Access band Bandwidth

AMPS cellular 1983 FDMA 824-894 FM 30 KHz

47
 MHz

824-894
NAMPS cellular 1992 FDMA FM 10 KHz
MHz

824-894 π/4-
USDC cellular 1991 TDMA 30KHz
MHz DQPSK

FH/ 824-894
CDPD cellular 1993 GMSK 30 KHz
packet MHz

824-894
Cellular/ QPSK/
IS-95 1993 CDMA MHz/ 1.25 MHz
PCS BPSK
1.8-2.0 GHz

GSC paging 1970S Simplex several FSK 1.25 KHz

POCSAG Paging 1970S Simplex several FSK 1.25 KHz

FLEX Paging 1993 Simplex several 4-FSK 15 KHz

DCS-900 1.85-1.99
PCS 1994 TDMA GMSK 200 KHz
(GSM) GHz

Cordless/ FDMA/ 1.85-1.99 π/4-

PACS 1994 300 KHz
PCS TDMA GHz DQPSK

SMR/PC
MIRS 1994 TDMA several 16-QAM 25 KHz
S

SMR/PC
iDen 1995 TDMA several 16-QAM 25 KHz
S

MOBILE RADIO STANDARDS IN EUROPE

Standard Type Year of Multiple Frequency Modulation Channel

48
 Introduction Access band Bandwidth

ETACS Cellular 1985 FDMA 900MHz FM 25 KHz

450-470
NMT-450 Cellular 1981 FDMA FM 25 KHz
MHz

890-960
NMT-900 Cellular 1986 FDMA FM 12.5 KHz
MHz

Cellular/ 890-960
GSM 1990 TDMA GMSK 200 KHz
PCS MHz

450-465 20 KHz/
C-450 Cellular 1985 FDMA FM
MHz 10 KHz

ERMES Paging 1993 FDMA Several 4-FSK 25 KHz

864-868
CT2 Cordless 1989 FDMA GFSK 100 KHz
MHz

1880-1900
DECT Cordless 1993 TDMA GFSK 1.728 MHz
MHz

DCS- Cordless/ 1710-1880

1993 TDMA GFSK 200 KHz
1800 PCS MHz

The first generation European cellular systems are generally incompatible with one
another because of the different frequencies and communication protocols used.

MOBILE RADIO STANDARDS IN JAPAN

Year of Multiple Frequency Channel

Standard Type Modulation
Introduction Access band Bandwidth

JTACS Cellular 1988 FDMA 860-925 MHz FM 25 KHz

49
 π/4-
PDC Cellular 1993 TDMA 810-1501 MHz 25 KHz
DQPSK

NTT Cellular 1979 FDMA 400/800 MHz FM 25 KHz

NTACS Cellular 1993 FDMA 843-925 MHz FM 12.5 KHz

NTT Paging 1979 FDMA 280 MHz FSK 12.5 KHz

NEC Paging 1979 FDMA Several FSK 10 KHz

π/4-
PHS Cordless 1993 TDMA 1895-1907 MHZ 300 KHz
DQPSK

5. Discuss in detail about the security mechanism used in WLAN

Two security services are specified in IEEE 802.11, the authentication service and
the privacy service. The privacy service is provided by Wired Equivalent Privacy
(WEP) algorithm. The authentication service provides two basic levels of security.
The first, Open System Authentication (OSA) is mandatory, but provides essentially
no security.The second is shared-key authentication that provides the highest level
of security available and uses the WEP algorithm.

Wired Equivalent Privacy (WEP)

The WEP is based on the use of RC4 encryption. RC4 as specified in the standard
operates in Output FeedBack (OFB) mode as shown in Figure 1. The RC4 algorithm
has three inputs; an initializing vector IV, the random key, and the plaintext. The IV
vector is input to E, the RC4 encryption algorithm, along with the key. The algorithm
generates a keystream output from E that is sent to the output box O. The output box
O shifts the keystream out, a byte at a time and each byte is combined with the
plaintext P under the Exclusive OR function. The output of E is also fed back to the I

50
stage which causes the keystream to vary as a function of IV and the key. That is:
Given:
The plaintext pj and RC4(IV, Key)
Form: cj = pj Å RC4(IV, Key)

Encryption is shown on the left and decryption on the right side of Figure 1.
Since IV must be known to the transmitter and receiver, it is sent to the receiver as
an unencrypted part of the ciphertext stream. The logic function to insert IV into the
ciphertext stream and recover it from the stream for input to the I function at the
receiving end are not shown, but are straightforward functions. IV does not have to
be secret since RC4’s strength is derived from the algorithm and key, not IV.
However, the integrity of IV needs to be assured or decryption will not function
properly. The RC4 algorithm supports variable length keys. The two lengths most
commonly used for wireless applications are 40 bits for export controlled systems
and 128 bits for domestic application. Although most vendors advertise 128 bit
encryption, the effective key length is 104 bits . One of the primary requirements of
stream ciphers in general and RC4 as well is that the implementation must ensure
that the keystream is never used twice to encrypt a data stream.

Fig stream cipher operation

51
Authentication
Prior to sending data, a station (i.e., a wireless device) and an access point must
authenticate and establish an association. An association is a binding between the
station and the access point. Once successfully authenticated and associated
stations can exchange data with the access point (i.e., enter the network). The two
authentication methods supported are
Open System authentication and
Shared key Authentication.

Open System Authentication(OSA)

In OSA, two management frames are exchanged between the station and the
access point (AP). The first frame is sent from the station to the AP and includes the
station Media Access Control (MAC) address and an identifier indicating it is an
authentication request. The AP responds with a second frame that includes a status
field indicating authentication success or failure. The station is now authenticated
and unassociated. Two more frames are passed to establish and association. Most
wireless vendors have implemented a wireless access control mechanism as part of
the association process that is based on examining the station MAC address and
blocking unwanted stations from associating

Shared Key Authentication

Shared key authentication uses the optional WEP algorithm along with a challenge
response system to mutually authenticate a station and an AP. Authentication
consists of the exchange of 4 messages for station authentication and 4 more for AP
authentication APs send “beacon” messages to announce their presence. A station
wishing to enter the network finds a beacon message and then initiates
authentication with the AP whose address appears in the beacon message. The
exchange is shown in Figure 2
The initiating station sends a management frame (sequence # 1) to the AP
requesting authentication. The frame is sent in the clear. The responding AP sends
sequence #2 which contains an authentication challenge in the message body. The
challenge is 128 octets in length. The AP challenge is generated by combining a
52
pseudo random number with the shared secret key and a random initializing vector
(IV) and sent as a clear text message (i.e.,unencrypted). The station receives the
message, extracts the challenge and copies it to a new management frame. This
frame is encrypted under the WEP algorithm using the shared key and a “new” IV
and sent to the AP. The IV used by the station is also sent to the AP in the clear so
the AP knows what IV to use with the secret key to decrypt the frame. The AP
receives the frame, decrypts the contents, and checks the validity of the CRC 32
check sum, and tests the challenge to see if it matches the original challenge sent to
the station. If the CRC 32 check is invalid, the frame is dropped. If the CRC-32 is
valid, the challenge is tested. On a match, the station is successfully authenticated.
The process is repeated to authenticate the AP to the stationThe protocol for
exchanging authentication messages can be exploited to allow unauthorized stations
to enter the network.

6. Explain the principle of cellular telephony

Cellular telephony systems are radio systems that involve distributed

transmission. Therefore, rather than having a single transmitter service
53
many different users over a wide area of coverage (e.g., commercial FM
radio), the coverage area is divided into smaller areas known as cells.
Each cell has one stationary transceiver known as a base station. A user
of a cellular system communicates with the base station to place a call.
The call can be data or voice, and the base station routes the call to either
a terrestrial network to the termination point or to another user of the
same cellular network. Normally, for voice calls, the base station either
directly or indirectly routes the call to a public switched telephony
network (PSTN).Each user of a cellular system is also sometimes called a
subscriber. The basic relationship between a subscriber and the base
station is shown in Figure 1-1. The communications link from the base
station to the subscriber is referred to as the downlink or forward link,
while the link from the subscriber to the base station is referred to as the
uplink or reverse link. Cellular subscribers can be stationary or mobile. If
the subscriber is mobile, then the cellular network must be able to handle
the situation in which a mobile subscriber (also known as a mobile
station) moves from one cell to another. This event is known as handoff
for handover. If the mobile station can engage in simultaneous
communication with multiple base stations, then it is said to be in soft
handoff In order to ensure that a call is not dropped when a handoff
occurs, information about the mobile station is usually known to the base
stations involved in the handoff. Due to this and for other reasons, some
communication exists in the network that connects base stations together
in a cellular system. This network is known as the backbone network or
simply the backhaul.

54
The backbone network consists of several entities between the PSTN and the base
station. The base station usually interfaces with a base station controller (BSC),
which networks a cluster of base stations to ensure that call admission and handover
can function in a coordinated manner among base stations within a geographical
region. A cluster is a group of cells that use the complete set of available telephony
channels in a cellular network. One or more BSCs are usually connected to a mobile
switching center (MSC), which interfaces directly with the PSTN. The MSC
contains information about the cellular subscriber that can be used to route other
information to that user during the call. Moreover, a home location register (HLR)
may be co-located with the MSC; this entity contains user-specific information used
primarily for authentication of the subscriber during call initialization. The
intercommunication between the mobile station, base station, BSC and MSC is
shown in Figure 1-2. A cellular telephone system has two basic functions; it must
locate and track both active and inactive mobile stations (MSs), and it must always
attempt to connect the active MSs to the best available base station(s) (BS(s)). The
former task is the subject of user location updating and paging. The latter task
requires the continuous evaluation of the radio link quality with the serving BS(s),
and the radio link quality with alternate BSs. This monitoring is performed by a
computer system that uses knowledge of the link quality evaluations, in addition to

55
the system topology and traffic flow, to decide upon the best BS(s) to serve a
particular MS.

7.Explain in detail RC4 stream cipher algorithm

RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a
variable keysize stream cipher with byte-oriented operations. The algorithm is based
on the use of a random permutation. Eight to sixteen machine operations are
required per output byte, and the cipher can be expected to run very quickly in
software. RC4 was kept as a trade secret by RSA Security. A variable-length key of
from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S,
with elements S[0], S[1], …, S[255]. At all times, S contains a permutation of all 8-bit
numbers from 0 through 255. For encryption and decryption, a byte k is generated
from S by selecting one of the 255 entries in a systematic fashion. As each value of k
is generated, the entries in S are once again permuted.

Initialization of S
To begin, the entries of S are set equal to the values from 0 through 255 in
ascending order; that is;
S[0] = 0, S[1] = 1, …, S[255] = 255.

56
A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K
is transferred to T. Otherwise, for a key of length keylen bytes, the first keylen
elements of T are copied from K and then K is repeated as many times as necessary
to fill out T. These preliminary operations can be summarized as follows:

/* Initialization */
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];
Next we use T to produce the initial permutation of S. This involves starting with S[0]
and going through to S[255], and, for each S[i], swapping S[i] with another byte in S
according to a scheme dictated by T[i]:

/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);
Because the only operation on S is a swap, the only effect is a permutation. S still
contains all the numbers from 0 through 255.
Stream Generation
Once the S vector is initialized, the input key is no longer used. Stream generation
involves starting with S[0] and going through to S[255], and, for each S[i], swapping
S[i] with another byte in S according to a scheme dictated by the current
configuration of S. After S[255] is reached, the process continues, starting over again
at S[0]:
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
57
k = S[t];
To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the
value k with the next byte of ciphertext.

58
 Fig 2 RC4

8.Explain in detail about general packet radio service.

General Packet Radio Services (GPRS) is a mobile data service available to

users of GSM and IS-136 mobile phones. GPRS data transfer is typically charged
per megabyte of transferred data, while data communication via traditional circuit
switching is billed per minute of connection time, independently of if the user actually
has transferred data or been in an idle state. GPRS can be utilized for services such
as WAP access, SMS and MMS, but also for Internet communication services such
as email and web access.2G cellular systems combined with GPRS is often
described as "2.5G", that is, a technology between the second and third generations
of mobile telephony. It provides moderate speed data transfer, by using unused
TDMA channels.

59
GPRS is different from the older Circuit Switched Data (or CSD) connection included
in GSM standards. In CSD, a data connection establishes a circuit, and reserves the
full bandwidth of that circuit during the lifetime of the connection. GPRS is packet-
switched which means that multiple users share the same transmission channel,
only transmitting when they have data to send. This means that the total available
bandwidth can be immediately dedicated to those users who are actually sending at
any given moment, providing higher utilisation where users only send or receive data
intermittently. Web browsing, receiving e-mails as they arrive and instant messaging
are examples of uses that require intermittent data transfers, which benefit from
sharing the available bandwidth.The multiple access methods used in GSM with
GPRS is based on frequency division duplex (FDD) and FDMA. During a session, a
user is assigned to one pair of uplink and downlink frequency channels. This is
combined with time domain statistical multiplexing, i.e. packet mode communication,
which makes it possible for several users to share the same frequency channel. The
packets have constant length, corresponding to a GSM time slot. In the downlink,
first-come first-served packet scheduling is used. In the uplink, a scheme that is very
similar to reservation ALOHA is used. This means that slotted Aloha (S-ALOHA) is
used for reservation inquiries during a contention phase, and then the actual data is
transferred using first-come first-served scheduling.

GPRS speeds and profile

Packet-switched data under GPRS is achieved by allocating unused cell bandwidth

to transmit data. As dedicated voice (or data) channels are setup by phones, the
bandwidth available for packet switched data shrinks. A consequence of this is that
packet switched data has a poor bit rate in busy cells. The theoretical limit for packet
switched data is 171.2 kbit/s (using 8 time slots and CS-4 coding). A realistic bit rate
is 30–80 kbit/s, because it is possible to use max 4 time slots for downlink. A change
to the radio part of GPRS called EDGE (sometimes called EGPRS or Enhanced
GPRS however it actually stands for Enhanced Data rates for GSM Evolution) allows
higher bit rates of between 160 and 236.8 kbit/s. The maximum data rates are
achieved only by allocation of more than one time slot in the TDMA frame. Also, the
higher the data rate, the lower the error correction capability. Generally, the
connection speed drops logarithmically with distance from the base station. This is
60
not an issue in heavily populated areas with high cell density, but may become an
issue in sparsely populated/rural areas.

GPRS coding scheme

Transfer speed depends also on the channel encoding used. The least robust (but
fastest) coding scheme (CS-4) is available near the Base Transceiver Station (BTS)
while the most robust coding scheme (CS-1) is used when the Mobile Station (MS) is
further away from the BTS.Using the CS-4 it is possible to achieve a user speed of
20.0 kbit/s per time slot. However, using this scheme the cell coverage is 25% of
normal. CS-1 can achieve a user speed of only 8.0 kbit/s per time slot, but has 98%
of normal coverage. Newer network equipment can adapt the transfer speed
automatically depending on the mobile location.
GPRS upgrades GSM data services providing:

• MMS - Multimedia Messaging Service

• Push To Talk over Cellular PoC / PTT - Push to talk
• Instant Messaging and Presence Wireless_Village
• Internet Applications for Smart Devices through WAP
• Point-to-point (PTP) service: internetworking with the Internet (IP protocols).
• Short Message Service (SMS): bearer for SMS.
• Future enhancements: flexible to add new functions, such as more capacity,
more users, new accesses, new protocols, new radio networks.

9. Explain the GSM architecture

GSM is a cellular network, which means that mobile phones connect to it by

searching for cells in the immediate vicinity. GSM networks operate in four different
frequency ranges. Most GSM networks operate in the 900 MHz or 1800 MHz
bands..In the 900 MHz band the uplink frequency band is 890-915 MHz, and the
downlink frequency band is 935-960 MHz. This 25 MHz bandwidth is subdivided into
124 carrier frequency channels, each spaced 200 kHz apart. Time division
multiplexing is used to allow eight full-rate or sixteen half-rate speech channels per
radio frequency channel. There are eight radio timeslots (giving eight burst periods)

61
grouped into what is called a TDMA frame. Half rate channels use alternate frames
in the same timeslot. The channel data rate is 270.833 kbit/s, and the frame duration
is 4.615 ms.The transmission power in the handset is limited to a maximum of 2
watts in GSM850/900 and 1 watt in GSM1800/1900.

The structure of a GSM network

GSM has used a variety of voice codecs to squeeze 3.1kHz audio into between 6
and 13kbps. Originally, two codecs, named after the types of data channel they were
allocated, were used, called "Full Rate" (13kbps) and "Half Rate" (6kbps). These
used a system based upon linear predictive coding (LPC). In addition to being
efficient with bitrates, these codecs also made it easier to identify more important
parts of the audio, allowing the air interface layer to prioritize and better protect these
parts of the signal.GSM was further enhanced in the mid-nineties with the GSM-EFR
codec, a 12.2kbps codec that uses a full rate channel. Finally, with the development
of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband,
which is high quality and robust against interference when used on full rate channels,
and less robust but still relatively high quality when used in good radio conditions on
62
half-rate channels.There are four different cell sizes in a GSM network - macro,
micro, pico and umbrella cells. The coverage area of each cell varies according to
the implementation environment. Macro cells can be regarded as cells where the
base station antenna is installed on a mast or a building above average roof top
level. Micro cells are cells whose antenna height is under average roof top level; they
are typically used in urban areas. Picocells are small cells whose diameter is a few
dozen meters; they are mainly used indoors. On the other hand, umbrella cells are
used to cover shadowed regions of smaller cells and fill in gaps in coverage between
those cells.

Cell radius varies depending on antenna height, antenna gain and propagation
conditions from a couple of hundred meters to several tens of kilometers. The
longest distance the GSM specification supports in practical use is 35 km or 22
miles. There are also several implementations of the concept of an extended cell,
where the cell radius could be double or even more, depending on the antenna
system, the type of terrain and the timing advance.Indoor coverage is also supported
by GSM and may be achieved by using an indoor picocell base station, or an indoor
repeater with distributed indoor antennas fed through power splitters, to deliver the
radio signals from an antenna outdoors to the separate indoor distributed antenna
system. These are typically deployed when a lot of call capacity is needed indoors,
for example in shopping centers or airports. However, this is not a prerequisite, since
indoor coverage is also provided by in-building penetration of the radio signals from
nearby cells.

The modulation used in GSM is Gaussian minimum shift keying (GMSK), a kind of
continuous-phase frequency shift keying. In GMSK, the signal to be modulated onto
the carrier is first smoothed with a Gaussian low-pass filter prior to being fed to a
frequency modulator, which greatly reduces the interference to neighboring channels
(adjacent channel interference).

Network structure

The network behind the GSM system seen by the customer is large and
complicated in order to provide all of the services which are required. It is divided into a
number of sections and these are each covered in separate articles.
63
 • the Base Station Subsystem (the base stations and their controllers).
• the Network and Switching Subsystem (the part of the network most similar to
a fixed network). This is sometimes also just called the core network.
• the GPRS Core Network (the optional part which allows packet based Internet
connections).
• all of the elements in the system combine to produce many GSM services
such as voice calls and SMS.

Subscriber identity module

One of the key features of GSM is the Subscriber Identity Module (SIM), commonly
known as a SIM card. The SIM is a detachable smart card containing the user's
subscription information and phonebook. This allows the user to retain his or her
information after switching handsets.

GSM security

GSM was designed with a moderate level of security. The system was designed to
authenticate the subscriber using shared-secret cryptography. Communications
between the subscriber and the base station can be encrypted. GSM uses several
cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used for
ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger
algorithm used within Europe and the United States; A5/2 is weaker and used in
other countries. A large security advantage of GSM over earlier systems is that the
Ki, the crypto variable stored on the SIM card that is the key to any GSM ciphering
algorithm, is never sent over the air interface. Serious weaknesses have been found
in both algorithms, and it is possible to break A5/2 in real-time in a ciphertext-only
attack. The system supports multiple algorithms so operators may replace that
cipher with a stronger one.

10.Explain the two ray reflection model

When the two antennas (transmitting and receiving) are on the earth, then there are
multiple paths from the transmitter to the receiver. The effect of the multiple paths is
the change in the path loss between two points. The simplest case is when the
64
antenna heights, hb and hm, are small compared with their separation, d, and the refl
ecting earth surface is assumed to be flat. The received signal is then represented
by a scattered fi eld, Es, that is approximated by a combination of a direct wave and
reflected wave

(1)

Fig Two ray reflection model

where:
cr _ coefficient of reflection
E _ electric field
∆θ_ _ phase difference between the direct and reflected path

(2)

where:
∆d _ difference between direct path and refl ected path
In the mobile radio environment, c r = -1, and ∆θ is much less than one
65
radian. Thus Equation 2 can be written as

(3)

Since the received power Pr is proportional to the square of the field strength,
the power level at the antenna output located at the distance, d, from the transmitter,
including the path loss, will be:

(4)

From fig.1

(5)

Using image property

(6)

66
 (7)

Substituting for ∆θ from eq.7 into eq.5,we get

(8)

11. Explain in detail about wireless network topologies

Wireless network topology refers to the configuration in which a mobile terminal

communicates with another. The two fundamental types of topologies used in
wireless networks are

a) infrastructure, centralized or hub and spoke topology

b) ad hoc or distributed topology
Infrastructure network topology

In this topology, there is a fixed (wired ) infrastructure that supports communication

between mobile terminals and between mobile and fixed terminals. The
infrastructure networks are often designed for large coverage areas and multiple
base station or access point operations. Figure 1 shows the basic operation of an
infrastructure network with a single BS/AP. The BS/AP serves as the hub of the
network, and the mobile terminals are located at the ends of the spokes. Any
communication between one wireless user station to another, i.e. between peers has
to be sent through the BS/AP. The hub station usually controls the mobile stations

67
and monitors what each station is transmitting. Thus the hub station is involved in
managing user access to the network. All standardized cellular mobile telephone and
wireless data systems use an infrastructure network topology to serve mobile
terminals operating within the coverage area of any BS. The IEEE 802.11 standard
and most of the wireless LAN products support infrastructure operation

Fig 1. Basic operation of an infrastructure network topology

Ad hoc network topology

This type of network topology applies to reconfigurable networks that can operate
without the need for a fixed infrastructure. These networks are primarily used by
the military and also in a few commercial applications for voice and data
transmission. Such a topology is suitable for rapid deployment of a wireless network
in a mobile or fixed environment. Fig 2 shows two variations of the ad hoc network
topology. Fig 2.a is a single hop ad hoc network where, as the name implies every
user terminal has the functional capability of communicating directly with any of the
other user terminals. The IEEE 802.11 WLAN standard supports single hop as hoc
topology.

68
Fig 2.Ad hoc networking (a) single hop peer to peer topology (b) multi hop ad hoc
network topology

In some as hoc networking applications, where users may be distributed over a wide
area, a given user terminal may be able to reach only a portion of the other users in
the network due to transmitter signal power limitations. In this situation, user
terminals will have to co-operate in carrying messages across the network between
widely separated stations. Networks designed to function this way are called
multihop ad hoc networks and is illustrated in fig2.b. In this type of network each
terminal should be aware of the neighboring terminals in its coverage range. This
type of network configuration is used in military applications.

12. Explain in detail the ALOHA and slotted ALOHA random access protocols
used in wireless systems

ALOHA

This is a single hop system with infinite users. Each user generates packets of
data according to a Poisson process with arrival rate λ (packets/sec) and all
packets have the same fixed length T. In this scheme, when the MS has a packet
to transmit, it transmits the packet right away. The sender side also waits to see
whether transmission is acknowledged by the receiver; no response within a
specified period of time indicates a collision with another transmission. If the

69
presence of a collision is determined by the sender, it retransmits after some
random wait time, as shown in fig.1 where the arrows indicate the arrival times.

Fig 1 Collision mechanism in ALOHA

Each packet is generated by different users. In this method, it is assumed that

the packets and users are identical. Thus the time point at which the packet
transmission attempts are made is only considered. Considering the channel over
time, the scheduling time includes both the generation times of new packets and
the retransmission times of previously collided packets. Let the rate of
scheduling be g (packets/sec). The parameter g is referred to as the offered load
to the channel. Since some packets have to be transmitted more than once for
successful transmission, g>λ.

It is assumed that this scheduling process is a Poisson process with arrival time
g. Consider a new or retransmitted packet scheduled for transmission at some
instant t. This packet can be successfully transmitted if there are no other
packets scheduled for transmission between the instants t-T and t+ T , where
the period 2T is called the vulnerable period. Therefore, the probability, Ps of
successful transmission is the probability that no packet is scheduled in an
interval of length 2T. Since the distribution of the scheduling time is assumed to
be Poisson process,

Ps =P (no collision) = P (no transmission in two packets time)= e-2gT (1)

Since packets are scheduled at a rate of g packets per second with only a
fraction of Ps successful, the rate of successful transmission is g Ps . Defining

70
throughput as the fraction of time during which the useful information is carried on
the channel, it can be written as

Sth= gTe-2gT =Ge-2G (2)

Where G=gT is the normalized offered load to the channel. The maximum
throughput Sth max can be obtained by differentiating eq.(2) w.r.t G. It is found that
the maximum throughput occurs when G=1/2. Substituting in eq(2),

Sth max=1/2e ≈0.184 (3)

Slotted ALOHA

This is a modification of the ALOHA and in this scheme, the slot size is taken
as equal to the duration of the packet transmission T. Thus the vulnerable period
for packet collision is reduced to a slot. It means that a transmission is successful
if and only if one packet is scheduled for transmission for the current slot. Fig.2
shows the collision mechanism in slotted ALOHA where a collision is observed
to be a full collision; thus, no partial collision occurs.

Since the process composed of newly generated and retransmitted packets id

Poisson, the probability of successful transmission is given by

Ps = e-gT (4)

and the throughput becomes Sth= gTe-gT =Ge-G (5)

The maximum throughput Sth max can be obtained by differentiating eq.(5) w.r.t G.
It is found that the maximum throughput occurs when G=1. Substituting in eq(5),

Sth max=1/e ≈0.368 (6)

Fig 3 shows the throughput of pure ALOHA and slotted ALOHA.

71
 Fig.2 Collision mechanism in slotted ALOHA

Fig 3 Throughputs of pure ALOHA and slotted ALOHA

13. Explain in detail the CSMA and CSMA/CD random access protocols used in
wireless systems

Carrier Sense Multiple Access (CSMA)

In Carrier Sense Multiple Access protocol potential collision is prevented by

listening to the channel before transmitting a packet. Each MS can sense the
transmission of all other terminals, and the propagation delay is small compared with
the transmission time. Fig 1 shows the collision process in the CSMA protocol.

72
 Fig 1. Collision mechanism in CSMA

Two different variants of this protocol are

a. non persistent CSMA

b. persistent CSMA

Non persistent CSMA protocol

In this protocol, the MS senses the medium first whenever the MS has a packet to
send. If the medium is busy, the MS waits for a random amount of time and senses
the medium again. If the medium is idle, the MS transmits the packet immediately. If
a collision occurs, the MS waits for a random amount of time and starts all over
again. The packets can be sent during a slotted period or can be transmitted at any
arbitrary time. This leads to two different subcategories.

a. slotted non persistent CSMA

b. unslotted non persistent CSMA
For unslotted non persistent CSMA, the throughput is given by

Ge −αG
S th = (1)
G (1 + 2α ) + e −αG

For slotted non persistent CSMA, the throughput is given by

αGe −αG
S th = (2)
(1 − e −αG ) + α

73
where α = τ , and τ is the propagation delay through the air.
T

Persistent CSMA

Two different variants of this protocol are

a. 1 persistent CSMA
b. p persistent CSMA

In 1 persistent CSMA protocol, the MS senses the medium when the MS has a
packet ready to send. If the medium is busy, the MS keeps listening to the medium
and transmits the packet immediately after the medium becomes idle. This protocol
is called 1 persistent because the MS transmits with a probability of 1 whenever it
finds the medium to be idle. However, in this protocol, there will always be a collision
if two or more MSs have ready packets, are waiting for the medium to become free,
and start transmitting at the same time. The two variants of this protocol are
unslotted 1 persistent CSMA and slotted 1 persistent CSMA. Given the system
parameters G and α, the throughput for unslotted 1 persistent CSMA is given by

 αG 
G1+ G +αG(1+ G + )e−G(1+2α)
Sth = 
2 
(3)
G(1+ 2α) − (1− e ) + (1+αG)e−G(1+α)
−αG

the throughput for slotted 1 persistent CSMA is given by

G (1 + α − e −αG )e −G (1+α )
S th = (4)
(1 + α )(1 − e −αG ) + αe −G (1+α )

In p persistent CSMA protocol, the time is slotted. In this protocol, the MS senses
the medium when it has a packet to send. If the medium is busy, the MS waits until
the next slot and checks the medium again. If the medium id idle, the MS transmits

74
with probability p or deters transmission with probability (1-p) until the next slot. If a
collision occurs, the MS waits for a random amount of time and starts all over again.
Intuitively, this protocol is considered as an optimal access strategy. If N terminals
have a packet to send, Np, the expected number of terminals will attempt to transmit
once the medium becomes idle. If Np>1, then a collision is expected. Therefore, the
network should make sure that Np≤1.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

In a typical CSMA protocol, if two terminals begin transmitting at the same time, each
will transmit its complete packet even though they collide. This wastes the medium
for an entire packet time and can be addressed by a new protocol called CSMA
with collision detection. The main idea is to terminate transmission immediately after
detection of a collision.

In this protocol, the terminal senses the medium when the terminal has a
packet to transmit. If the medium is not busy, the terminal will transmit the packet
immediately. If the medium is busy, the terminal will wait until it becomes free. If a
collision is detected during the transmission, the terminal aborts its transmission
immediately and it attempts to transmit later after waiting for a random amount of
time. Fig 2 shows the collision mechanism in this protocol. Here two terminals A and
B are considered. The propagation delay between them is τ. Suppose A starts
transmission at time To, then its transmission reaches B at time To+τ. Suppose B
initiates a transmission at To+τ-ε (where ε is a small period such that 0<ε≤τ). It takes
τcd for a terminal to detect collision, so at time To+τ+ τcd B detects collision. Then a
short jamming signal is transmitted to ensure that other stations know that collision
has occurred before aborting the transmission, and a backoff algorithm is used to
schedule for future resensing time.

75
 Fig 2. Collision mechanism in CSMA/CD

14. Explain the Scheduling approaches to medium access control

These approaches attempt to produce an orderly access to the transmission

medium. The different types of scheduling protocols are

iii. Reservation systems

iv. Polling
Reservation systems

Fig 1 shows the basic reservation system. The station takes turns transmitting

Fig.1 Basic reservation system

a single frame at the full rate R bps, and the transmissions from stations are
organized into cycles that can be variable in length. Each cycle begins with a
reservation interval. In the simplest case, the reservation interval consists of M

76
minislots, one time slot per station. Stations use their corresponding minislot to
indicate that they have a frame to transmit in a corresponding cycle. The stations
announce their intention to transmit a frame by broadcasting their reservation bit
during the appropriate minislot. By listening to the reservation interval, the stations
can determine the order of frame transmissions in the corresponding cycle. The
length of the cycle will the correspond to the number of stations that have a frame to
transmit.

The basic reservation system improves the performance of a time division

multiplexing scheme by taking slots that would have gone idle and making them
available to other stations. Fig 2.a shows an example of the operation of the basic
reservation system. In the initial portion only stations 3 and 5 have frames to
transmit. In the middle portion, station 8 becomes active, and the cycle is expanded
from two slots to three slots.

Fig 2. Operation of the reservation system with (a) negligible and

(b) nonnegligible delays

To find the maximum attainable throughput for this system, assume propagation
delay is negligible, the frame transmission times are X=1 time unit, the reservation
minislot requires v time units, where v<1 and that one minislot is required per frame
reservation. Each frame transmission then requires 1+v time units. The maximum
throughput occurs when all the stations are busy and is given by,

ρmax =1/1+v (1)

for one frame reservation/minislot. Very high throughputs can be achieved if v is very
small compared to 1.

77
 Suppose the propagation delay is not negligible as shown in fig 2.b. The
stations transmit their reservations in the same way as before, but the reservations
do not take effect until some fixed number of cycles later. If the cycle length is
constrained to have some minimum duration that is greater than the round trip
propagation delay, then the reservations would take effect in the second following
cycle.

Polling

In this type of system, the stations take turns accessing the medium. At any given
time, only one of the stations has the right to transmit into the medium. When a
station is done transmitting, some mechanism is used to pass the right to transmit to
another station.

The different ways for passing the right to transmit from station to station is shown
in fig 3. Fig 3.a shows the situation in which M stations communicate with the host
computer. The host computer will act as the central controller that issues control
messages to co-ordinate the transmissions from the stations.

Fig.3. Polling systems (a) polling by central controller over lines

(b) polling by central controller over radio transmissions

(c) polling without a central controller

The central controller sends a polling message to the particular station. When
polled, the station sends its inbound frames and indicates the completion of its

78
transmission through a go-ahead message. The central controller might poll the
stations in round-robin fashion, or according to some other pre-determined order.

Fig 3.b shows another situation where polling can be used. Here the central
controller may use radio transmissions in a certain frequency band to transmit
outbound frames and stations may share a different frequency band to transmit
inbound frames. This technique is called frequency division duplex (FDD) approach.
Again the centra l controllers can co-ordinate transmissions on the inbound channel
by issuing polling messages. Another variation of fig 9.b involves having inbound and
outbound transmissions share one frequency band. This is the time division duplex
(TDD) approach. In this case, there will be alternation between transmissions from
the central controller and transmissions from polled stations. Fig3c shows a
situation where polling is used without a central controller. In such a case, the
stations will have a polling order developed using some protocol and all stations will
be able to receive the signals from all other stations. After a station is done
transmitting, it is responsible for sending a polling message to the next station in the
polling list.

79