Mobile communication networks (EC505) question and answer bank

S2 M.E Communication systems

Prepared by

Dr.Jayakumari.J Professor/ECE N.I. University

UNIT I
Two marks questions
1. Mention the different types of random access protocols. ALOHA, Slotted ALOHA, Carrier Sense Multiple Access, Carrier Sense Multiple Access /Collision Detection. 2. Distinguish between 1G and 2G cellular networks. First generation cellular systems introduced in early 1980s were based on analog FM technology and designed to carry narrow band circuit switched voice services. Second generation cellular systems introduced in early 1990s use digital modulation and offers more spectral efficiency and voice quality. 3. Define a cell. In mobile communication, the coverage area is divided into smaller areas which are each served by its own base station. These smaller areas are called cells. 4. What is frequency reuse? Spatially reusing the available spectrum so that the same spectrum can support multiple users separated by a distance is called frequency reuse. 5. What are the various types of wireless network topologies? Infrastructure network topology and ad hoc topology. 6. Mention the various multiple access schemes used in wireless communication. Frequency Division Multiplexing Access, Time Division Multiplexing Access and Code Division Multiplexing Access 7. What is co-channel interference? Interference between signals from co channels are termed as co channel interference 8. What is adjacent channel interference? Interference resulting from signals which are adjacent in frequency to the desired signal is called adjacent channel interference. 9. Mention the different types of cells.
2

Femto cells, pico cells, micro cells, macro cells and mega cells. 10. What is a picocell? Small cells inside a building that support local indoor networks such as wireless LANs. Size of these cells are in the range of few tens of meters. 11. What is cellular topology? Cellular topology refers to infrastructure topology employing frequency reuse concept. 12. What are the various channel allocation techniques used in cellular communication? Fixed Channel Allocation, dynamic channel allocation and hybrid channel allocation. 13. What is mobility management? Mobility management refers to the operations required for tracking the mobile and restructuring existing connections as it moves. Mobility management consists of Location management and Handoff management 14.What is a cluster? The N cells which collectively use the complete set of available frequencies is called a cluster. 15.Distinguish between 3G and 4G cellular networks. Details 3G including 2.5G (EDGE) 4G Converge data and voice over IP Hybrid-integration of WLAN (WiFi, Bluetooth) and wireless wide-area networks 20 to 100 Mbps in mobile mode Higher frequency bands (2 to 8 GHz) 100 MHz or more

Major requirement driving Predominantly voice driven, architecture data was always add on Network architecture Wide area cell-based

Speeds Frequency band Bandwidth

384 kbps to 2 Mbps Dependent on country or continent (1.8 to 2.4 GHz) 5 to 20 MHz

Switching design basis Access technologies Component design Mobile top speed

Circuit and packet WCDMA, cdma2000 Optimized antenna design, multiband adapters 200 km/h

All digital with packetized voice OFDM and multicarrier (MC)-CDMA Smart antenna, software defined multiband and wideband radios 200 km/h

16.What is radio resource management? Radio resource management refers to the control signalling and associated protocols employed to keep track of relationships between signal strength, available radio channels in a system so as to enable a mobile station or the network to optionally select the best radio resources for communication. 17.What are the technical issues in planning of a cellular network? i. j. Selection of frequency reuse pattern for different radio transmission techniques Physical deployment and radio coverage modelling

k. Plans to account for the growth of the network l. Analysis of the relationship between the capacity, cell size and the cost of infrastructure

18.Define location management and handoff management. Location management refers to the activities a wireless network should perform in order to keep track of where the mobile is. Handoff management handles the messages required to make the changes in the fixed network to handle the change in location during a ongoing communication. 19.What is cell splitting? This is the process of subdividing a congested cell into smaller cells, each with its own base station and a corresponding reduction in antenna height and transmitter power. Cell splitting increases the capacity of a cellular system since it increases the number of times that channels are reused. 20.What is cell sectoring?
4

The co channel interference in a cellular system may be decreased by replacing a single omni directional antenna at the base station by several directional antennas, each radiating within a specified sector. By using directional antennas, a given cell will receive interference and transmit with only a fraction of the available co channel cells. This technique for reducing co channel interference and thus increasing system performance by using directional antennas is called sectoring. 21. What is trunking efficiency ? It is a measure of the number of users which can be offered a particular GOS with a particular configuration of fixed channels. 22. What are the different types of Hand over? Intra-satellite hand over Inter-satellite hand over Gateway hand over Inter-system hand over

23. What is the necessity of Standards? Standards help to ensure or promote the following; Wide variety of products and services to customers Interoperability between products and services made by different vendors. Easier introduction of PCS products into the national market. Healthy competitiveness among vendors, which in turn may lead to reduced cost and improved product quality. Development and innovation according to common guidelines. More accessible services to customers

24. What are the applications of a satellite system? Weather forecasting. Radio and TV broadcast satellites. Military services. Navigation.

25. Give the benefits of paging systems? Wide spread coverage Long battery life Small light weight sets Economical
5

26. What is a page? It is a brief message which is broadcast over the entire service area, usually in a simulcast fashion by many base stations at the same time.

27. What are the channels used in mobile communication systems? 1. 2. 3. 4. Forward voice channels (FVC) Reverse voice channels (RVC) Forward control channels (FCC) Reverse Control channels (RCC)

28. What are the basic units of a Cellular system? Mobile stations Base stations Mobile Switching Center (MSC) or Mobile Telephone Switching Office (MTSO).

29. What are the classifications of Wireless technologies and systems? Cellular mobile radio systems Cordless telephones Wide-area wireless data systems High-speed WLANs Paging/messaging systems Satellite-based mobile systems

30. What are the limitations of conventional mobile telephone system? Limited service capability Poor service performance Inefficient frequency spectrum utilization

31. What are the disadvantages of cellular systems with small cells? Requires complex infrastructure Requires frequent hand-over Involves complicated frequency planning

32. Define BCA. Borrowing Channel Allocation is a method by which more frequencies are allotted dynamically for high traffic cells.
6

33. What is breathe? The cells in which the frequency allocation is based on CDMA technique are called as breathe.

34. Why 800 MHz frequency is selected for mobiles? Fixed Station Services Television Broadcasting FM Broadcasting Air to Ground system Maritime mobile services Military Aircraft use 30 MHz to 100 MHz 41 MHz to 960 MHz 100 MHz 118 MHz to 136 MHz 160 MHz 225 MHz to 400 MHz

Frequency bands between 30 MHz to 400 MHz is crowded with large number of services and above 10 GHz is not used due to propagation path loss, multipath fading and improper medium due to rain activity. So 800 MHz is chosen for mobile communication. 35. State the two different types of fading. Long term fading & short term fading. 36. Define rayleigh fading. It refers to the variation in the received signal which is due to the waves reflected from surrounding buildings and other structures. 37. Define the term coherence bandwidth. It is defined as the bandwidth in which either the amplitudes or the phases of two received signals have a high degree of similarity. 38. What is direct wave path ? It is the path which is clear from the terrain contour. 39. State the different analog systems available in 1G. Advanced Mobile Phone System European Total Access Communication System
7

Nippon Telephone and Telegraph 40. What are the different digital cellular systems available in 2G. Global system Mobile Interim Standard -136 Pacific digital Cellular Interim Standard -95 41. Mention the function of the base station. The base station serves as a bridge between all mobile users in the cell and connects the simultaneous mobile calls via telephone lines or microwave links to the mobile switching center(MSC) 42. What are the functions of MSC? The MSC coordinates the activities of all the base stations and connects the entire cellular system to the PSTN. 43. Define foot print. The actual radio coverage of a cell is known as the foot print. It is determined from field measurements or propagation prediction models. 44. Define Dwell time. The time over which a call may be maintained within a cell without handoff, is called the dwell time. 45. State the methods used for handoff. Mobile Controlled Handoff Network Controlled Handoff Mobile Assisted Handoff 46. State the types of modulation schemes used in mobile communication. Gaussian minimum shift keying Differential Quadrature Phase Shift Keying. 47. Explain free space propagation model. This model is used to predict the received signal strength, when there is unobstructed line-of-sight between the transmitter and receiver. The free space power received by the receiving antenna which is separated from a radiating transmitter antenna by a distance d is given by
8

Pr (d ) =

Pt Gt Gr 2

(4 )2 d 2 L

where Pr(d) is the received power, Pt is the transmitted power, Gt is the transmitter antenna gain, Gr is the receiver antenna gain, L is the loss factor and is wavelength in meters. 48. Define radar cross section. Radar cross section of a scattering object is defined as the ratio of the power density of the signal scattered in the direction of the receiver to the power density of the radio wave incident upon the scattering object and has units of square meters. 49. What is far-field region? The far-field or fraunhofer region, of the transmitting antenna is defined as the region beyond the far-field distance df , which is related to the largest linear dimension of the transmitter antenna aperture and the carrier wavelength. 50. What is the need of bistatic radar equation ? The bistatic radar equation may be used to compute the received power due to scattering in the far field in the urban mobile radio systems. 51. Name some of the outdoor propagation models. Longely-Rico model Durkin,s model Okumura model 52. What are the effects of fading? a. Rapid changes in signal strength over a small travel distance or time interval b. Random frequency modulation due to varying Doppler shifts on different multipath signals c. Time dispersion(echoes) caused by multipath propagation delays 53. Expand PCS, PLMR, NLOS and DECT. PCS - Personal Communication Systems. PLMR Public Land Mobile Radio NLOS Non Line Of Sight DECT Digital Equipment Cordless Telephone 54. Mention the three partially separable effects of radio propagation. The three partially separable effects of radio propagation are, Multi path fading Shadowing Path loss
9

55. Mention the basic propagation mechanisms, which impact propagation in mobile communication. The basic propagation mechanisms are, Reflection Diffraction Scattering 56. What is reflection? Reflection occurs when a propagating electromagnetic wave impinges upon an object, which has very large dimension when compared to the wavelength of propagating wave. 57. What is diffraction? Diffraction occurs when the radio path between the transmitter and receiver is obstructed by a surface that has sharp irregularities. 58. What is scattering? Scattering occurs when the medium through which the wave travels consists of objects with dimensions that are small compared to the wavelength and where the number of obstacles per unit volume is large. 59. Define Brewster angle? The Brewster angle is the angle at which no reflection occurs in the medium of origin. It occurs when the incident angle is such that the reflection coefficient Is equal to zero. 60. . What are the principles of Cellular Architecture? Low power Transmitters and Coverage Zones. Frequency Reuse. Cell splitting to increase Capacity. Hand off and Central Control.

61. Define adaptive equalizer. To combat ISI, the equalizer coefficients should change according to the channel status so as to track the channel variations. Such an equalizer is called an adaptive equalizer since it adapts to the channel variations. 62. Where is decision feedback equalizer used? The decision feedback equalizer is particularly used for channels with severe amplitude distortions and has been widely used in wireless communications.
10

63. Write the basic algorithms used in adaptive equalization. Zero forcing algorithm Least Mean square algorithm Recursive Least square algorithm 64. What is EIRP? Effective isotropic radiated power is referenced to an isotropic source. The difference between ERP and EIRP is 2dB ERP=EIRP-2dB 65. What is PHP? PHP means Personal Handy Phone System. It is otherwise called PHS. PHP is a wireless communication TDD System which supports personal communication services (PCS). It uses small, low-complexity light weight terminals called Personal Stations (PSS). 66. Write down the applications of PHP? PHP can be used for, * Public Telephone * Wireless PBX * Home Cordless Telephone * Walkie talkie communication. 67 What are the features of PHP? * Wider Coverage per cell. * Operation in a mobile Outdoor environment, * Faster and distributed control of handoffs. * Enhanced authentication * Encryption * Privacy * Circuit and packet-oriented data services. 68. What are the logical channels that the control channel consists? * Broadcast control channel. * Common control channel. * User packet channel. * Associated control channel. 69. What is BCCH?

11

Broadcast control channel is a one way down link channel for broadcasting control information from CS to PS. 70. What is CCCH? CCCH is Common Control Channel Which sends out the control information for call connection. 71. What is SIM? SIM, which is memory device that store information such as the subscriber identity number, the network and countries where the subscriber is entitled to service, private key, and other user specified information. 72. What are main subsystems of GSM architecture? i) Base station subsystem (BSS) ii) Network &switching subsystem (NSS) iii) Operation support subsystem (OSS) 73. What are frequencies used in forward and reverse link frequency in GSM? (890-915) MHz- reverse link frequency (935-960) MHz-forward link frequency 63. What are the channel types of GSM system? i) GSM traffic channel ii) GSM control channel 1. Broad cost channel 2. Common control channel 3. Dedicated control channel 74. What is CDMA digital cellar standard (is 95)? IS-95- interim standard IS 95 allows each user with in the a cell to use the same radio channel and user in adjacent cell also use the same radio channel since this is a direct sequence spread spectrum CDMA system. 75. What are frequencies used in forward and reverse link frequency in IS-95? (824-849) MHz- reverse link frequency (869-894) MHz-forward link frequency

12

76. If a cellular operator is allocated 12.5 MHz for each simples band and if bandwidth is 12.5MHz guardband is 10 KHz & Bc=10khz find the number of channel available in an FDMA system. N= (bt --2 bguard) / Bc =(12.5 MHz-2(10 KHz))/ 10khz =416channel 77. State certain access technologies used in mobile satellite communication systems. FDMA, TDMA and CDMA. 78 State the different types of handoffs. Soft handoff, hard handoff, forced handoff, delayed handoff and mobile associated handoff.

79. What is intersystem handoff ? During a course of a call, if a mobile moves from one cellular system to a different cellular system controlled by a different MSC it is referred as intersystem handoff. 80. State the expression that relates co channel reuse ratio (Q) to radius (R) of a cell Q = D/R D Distance between center of co channel cells 81. State the expression used to locate co channel cells. N = i2 + ij + j2 82. Define the term dwell time. The time over which a call may be maintained within a cell without handoff. 83. State the advantage of umbrella cell approach. It provides large area coverage to high speed users while providing small area coverage to users traveling at low speeds. 84. Define co channel cells. The cells that operate with the same set of frequencies are referred as co channel cells. 85. Define the term Erlong.
13

One Erlong represents the amount of traffic intensity carried by a channel that is completely occupied. 86. State the relation between traffic intensity (Au) and holding time (H). Au = lH. l = request rate 87. State the two types of trunked system. Blocked call cleared system and Delayed call cleared system 88.How many co channel interferes are present in the first tier for a cluster size of 7? Six

89.What is CDPD? CDPD is a Cellular packet digital Data System that uses packet switched data The bit rate in the RF channel for CDPD is !9.2kbps 90.Write some features of TDMA? *In TDMA , no. of time slots depends upon modulation technique ,available bandwidth *Data transmission occurs in bursts *It uses different time slots for transmission and reception, then duplexers are not required *Adaptive equalization is necessary * Guard time should be minimized 91Write some features of CDMA? *In CDMA system, many users share the same frequency either TDD or FDD may be used *Channel data rate is high *Multipath fading may be substantially reduced *CDMA uses co channel cells, it can use macroscopic spatial diversity to provide soft hand off 92.Write the features of DECT? DECT provides a cordless communication framework for high traffic intensity, short range telecommunication and covers a broad range of applications and environment It supports telepoint services
14

 It provides low power radio access between portable parts and fixed base stations at ranges of upto a few hundred meters 93.What are the interfaces used in the GSM? GSM radio air interface Abis interface A interface 94.What are the types of services in GSM? Tele sevices and Data services 95.Write some third generation wireless standards. Personal communication system IMT-2000 UMTS 96.What is Bluetooth? It is an open standard that provides an ad-hoc approach for enabling various devices to communicate with one another within nominal 10 meter range. It operates in the 2.4 Ghz ISM band and uses frequency hopping TDD scheme for each radio channel 97.What is the forward and reverse link frequency for AMPS? (890-915) MHz- reverse link frequency (935-960) MHz-forward link frequency 98.Write the specifications of DECT ? Frequency band 1880-1900Mhz No. of carriers - 10 RF channel bandwidth -1.728MHz Multiplexing FDMA/TDMA Duplex-TDD 99.What is near-far effect in wireless network? When used with FM or spread spectrum modulation, it is possible for the strongest user to successfully capture the intended receiver , even when many users are also transmitting . If the closest transmitter is able to capture a receiver because of small propagation path loss, it is called as near -far effect in wireless network 100. Write some standards used in 3G system W-CDMA, UMTS
15

Six marks questions

1. Explain the principle of frequency division multiple access. Frequency division Multiple Access (FDMA) is a technology whereby the total amount of spectrum is divided in a number of channels. Each channel can be assigned to a different user. FDMA is commonly used in analog mobile radio, including analogue cellular mobile telephone systems like AMPS, NMT and TACS. Between the different used frequency channels is a small amount of bandwidth not used. This space is called a guard band. This bandwidth is necessary to cater for instability of the sender, frequency shifts due to movement (the Doppler effect) and no-ideal filtering. FDMA is usually implemented either in narrowband systems or to produce few subchannels combined with other multiple access techniques (e.g., TDMA,CDMA). In narrowband FDMA systems, the symbol time is usually large as compared with the average delay spread, and hence, the amount of ISI is low and no equalization is required. Furthermore, few bits are needed for overhead purposes such as synchronization and framing as compared to TDMA. FDMA systems have to cope with intermodulation (IM) products interference.Real systems almost always include an FDMA component. In cellular systems, the two directions, base to mobile station and vice versa, are usually separated in frequency. This scheme is called FDD. Of course, both receiver and transmitter have to know the frequencies in advance since the receiver must be able to tune properly. It is not possible to jump arbitrarily in the frequency domain, contrary to what can be done in the time domain.

The principle of FDMA.

16

2.Give the comparison between fixed channel allocation and dynamic channel allocation. Channel allocation deals with the allocation of channels to cells in a cellular network. Once the channels are allocated, cells may then allow users within the cell to communicate via the available channels. Channels in a wireless communication system typically consist of time slots, frequency bands and/or CDMA pseudo noise sequences, but in an abstract sense, they can represent any generic transmission resource. There are two major categories for assigning these channels to cells (or base-stations). They are

Fixed Channel Allocation, Dynamic Channel Allocation

Fixed Channel Allocation Fixed Channel Allocation (FCA) systems allocate specific channels to specific cells. This allocation is static and can not be changed. For efficient operation, FCA systems typically allocate channels in a manner that maximizes frequency reuse. Thus, in a FCA system, the distance between cells using the same channel is the minimum reuse distance for that system. The problem with FCA systems is quite simple and occurs whenever the offered traffic to a network of base stations is not uniform. Consider a case in which two adjacent cells are allocated N channels each. There clearly can be situations in which one cell has a need for N+k channels while the adjacent cell only requires N-m channels (for positive integers k and m). In such a case, k users in the first cell would be blocked from making calls while m channels in the second cell would go unused. Clearly in this situation of non-uniform spatial offered traffic, the available channels are not being used efficiently. FCA has been implemented on a widespread level to date.

17

Dynamic Channel Allocation Dynamic Channel Allocation (DCA) attempts to alleviate the problem mentioned for FCA systems when offered traffic is non-uniform. In DCA systems, no set relationship exists between channels and cells. Instead, channels are part of a pool of resources. Whenever a channel is needed by a cell, the channel is allocated under the constraint that frequency reuse requirements can not be violated. There are two problems that typically occur with DCA based systems.

First, DCA methods typically have a degree of randomness associated with them and this leads to the fact that frequency reuse is often not maximized unlike the case for FCA systems in which cells using the same channel are separated by the minimum reuse distance. Secondly, DCA methods often involve complex algorithms for deciding which available channel is most efficient. These algorithms can be very computationally intensive and may require large computing resources in order to be real-time.

3.Write short note on Interim Standard-136. IS-136 is a second-generation mobile phone systems, known as Digital

AMPS (D-AMPS). This system is most often referred to as TDMA. That name is based on the acronym for time division multiple access, a common multiple access technique which is used by multiple protocols, including GSM, as well as in IS-54 and IS-136. However, D-AMPS has been competing against GSM and systems based on code division multiple access (CDMA) for adoption by the network carriers, although it is now being phased out in favor of GSM/ GPRS and CDMA2000 technology. D-AMPS uses existing AMPS channels and allows for smooth transition between digital and analog systems in the same area. Capacity was increased over the preceding analog design by dividing each 30 kHz channel pair into three time slots (hence time division) and digitally compressing the
18

voice data, yielding three times the call capacity in a single cell. A digital system also made calls more secure because analog scanners could not access digital signals. IS-136 added a number of features to the original IS-54 specification, including text messaging, circuit switched data (CSD), and an improved compression protocol. SMS and CSD were both available as part of The technical specifications can be summarized as below: Mobile Frequency Range Multiple Access Method Duplex Method Number of Channels Rx: 869-894 MHz; Tx: 824-849 MHz TDMA/FDM FDD 832 (3 users per channel)

Channel Spacing/Bandwidth 30 kHz Modulation Channel Bit Rate Spectrum Efficiency Equalizer Interleaving /4 DQPSK 48.6 kbit/s 1.62 bit/s/Hz Unspecified 2 slot interleaver

4.Explain in detail the fading effects in wireless channel. In wireless communications, fading is deviation of the attenuation that a carriermodulated telecommunication signal experiences over certain propagation media. The fading may vary with time, geographical position and/or radio frequency, and is often modelled as a random process. A fading channel is a communication channel that experiences fading. In wireless systems, fading may either be due to multipath propagation, referred to as multipath induced fading, or due to shadowing from obstacles affecting the wave propagation, sometimes referred to as shadow fading. The terms slow and fast fading refer to the rate at which the magnitude and phase change imposed by the channel on the signal changes. The coherence time is a measure of the minimum time required for the

19

magnitude change of the channel to become uncorrelated from its previous value.

Slow fading arises when the coherence time of the channel is large relative to the delay constraint of the channel. In this regime, the amplitude and phase change imposed by the channel can be considered roughly constant over the period of use. Slow fading can be caused by events such as shadowing, where a large obstruction such as a hill or large building obscures the main signal path between the transmitter and the receiver. The amplitude change caused by shadowing is often modeled using a lognormal distribution with a standard deviation according to the log-distance path loss model.

Fast fading occurs when the coherence time of the channel is small relative to the delay constraint of the channel. In this regime, the amplitude and phase change imposed by the channel varies considerably over the period of use.

In a fast-fading channel, the transmitter may take advantage of the variations in the channel conditions using time diversity to help increase robustness of the communication to a temporary deep fade. Although a deep fade may temporarily erase some of the information transmitted, use of an error-correcting code coupled with successfully transmitted bits during other time instances (interleaving) can allow for the erased bits to be recovered. In a slow-fading channel, it is not possible to use time diversity because the transmitter sees only a single realization of the channel within its delay constraint. A deep fade therefore lasts the entire duration of transmission and cannot be mitigated using coding. The coherence time of the channel is related to a quantity known as the Doppler spread of the channel. When a user (or reflectors in its environment) is
20

moving, the user's velocity causes a shift in the frequency of the signal transmitted along each signal path. This phenomenon is known as the Doppler shift. Signals travelling along different paths can have different Doppler shifts, corresponding to different rates of change in phase. The difference in Doppler shifts between different signal components contributing to a single fading channel tap is known as the Doppler spread. Channels with a large Doppler spread have signal components that are each changing independently in phase over time. Since fading depends on whether signal components add constructively or destructively, such channels have a very short coherence time. 5. Explain the Power Control mechanism in CDMA A proper power control on both the uplink and downlink has several advantages: System capacity is improved or optimized. Mobile battery life is extended. Radio path impairments are properly compensated for. Quality of service (QoS) at various bit rates can be maintained. The reverse link (uplink) uses a combination of open loop and closed loop power control to command the mobile station to make power adjustments The mobile station and the base station receiver measure the received power and use the measurements to maintain a power level for adequate performance. The mobile unit measurement is part of the open loop power control while the base station measurement is part of the closed loop power control. In the closed loop mode, the mobile station transmitter power is controlled by a signal from the base station site. Each base station demodulator measures the received SNR for that mobile station and sends a power command either to increase or decrease mobile station power. The measure-command-react cycle is performed at a rate of800 times per second for each mobile station in IS-95. The power adjustment command is combined with the mobiles open loop estimate and the result is used to adjust the transmitter gain. This solves the near far interference problem, reduces interference to other mobiles using the same. CDMA radio channel, helps to overcome fading, and conserves battery power in portable and mobile units. On the uplink, the objective of the mobile station is to produce a nominal received power signal at the base station receiver. Regardless of the mobiles position or propagation loss, each mobile
21

should be received at the base station with almost the same power level. If the mobiles signal arrives at the base station with a lower power level than the required power level, its error rate performance will be high. On the other hand, if the mobiles signal is too high, it will interfere with other users with the same CDMA radio channel causing performance degradation unless the traffic load is decreased. Similarly, a combination of open loop and closed loop power control is used on the forward link (downlink) to keep SNR at the mobile almost constant. Forward link power control mitigates the corner problem. Mobiles at the edges of cells normally require more power than those close to the center of the base station for two reasons: more transmission loss and more interference from adjacent base stations. This is known as the corner problem. Forward link power control minimizes interference to mobiles in the same base station (in multipath environments) as well as mobiles in other base stations. Using the downlink power control, the base station transmits the minimum required power, hence, minimizes the interference to mobiles in the surrounding base stations. The outer loop power control is the finer power control over the closed loop power control. It adjusts

the target signal-to-interference ratio (SIR) in the base station according to the needs of the individual radio links and aims at a constant quality, which is usually defined as a certain target bit error rate (BER) or frame error ratio
22

(FER). The required SIR depends on the mobile speed and multipath profile. The outer loop power control is typically implemented by having the base station to each uplink user data frame with frame quality indicator, such as a cyclic redundancy check (CRC) result, obtained during decoding of the particular user data frame. 6. Explain the channels in GSM GSM uses a variety of channels in which the data is carried. In GSM, these channels are separated into physical channels and logical channels. The Physical channels are determined by the timeslot, whereas the logical channels are determined by the information carried within the physical channel. It can be further summarised by saying that several recurring timeslots on a carrier constitute a physical channel. These are then used by different logical channels to transfer information. These channels may either be used for user data (payload) or signalling to enable the system to operate correctly.The channels may also be divided into common and dedicated channels. The forward common channels are used for paging to inform a mobile of an incoming call, responding to channel requests, and broadcasting bulletin board information. The return common channel is a random access channel used by the mobile to request channel resources before timing information is conveyed by the BSS.The dedicated channels are of two main types: those used for signalling, and those used for traffic. The signalling channels are used for maintenance of the call and for enabling call set up, providing facilities such as handover when the call is in progress, and finally terminating the call. The traffic channels handle the actual payload. The following logical channels are defined in GSM: TCHf - Full rate traffic channel. TCH h - Half rate traffic channel.

23

BCCH - Broadcast Network information, e.g. for describing the current control channel structure. The BCCH is a point-to-multipoint channel (BSS-to-MS). SCH - Synchronisation of the MSs. FCHMS - frequency correction. AGCH - Acknowledge channel requests from MS and allocate a SDCCH. PCHMS - terminating call announcement. RACHMS - access requests, response to call announcement, location update, etc. FACCHt - For time critical signalling over the TCH (e.g. for handover signalling). Traffic burst is stolen for a full signalling burst. SACCHt - TCH in-band signalling, e.g. for link monitoring. SDCCH - For signalling exchanges, e.g. during call setup, registration / location updates. FACCHs - FACCH for the SDCCH. The SDCCH burst is stolen for a full signalling burst. Function not clear in the present version of GSM (could be used for e.g. handover of an eight-rate channel, i.e. using a "SDCCH-like" channel for other purposes than signalling). SACCHs - SDCCH in-band signalling, e.g. for link monitoring. 7. Explain the characteristics of HIPERLAN HIPERLAN is a European standardization initiative for a HIgh PERformance wireless Local Area Network. Radio waves are used instead of a cable as a transmission medium to connect stations. Either, the radio transceiver is mounted to the movable station as an add-on and no base station has to be
24

installed separately, or a base station is needed in addition per room. The stations may be moved during operation-pauses or even become mobile. The max. data rate for the user depends on the distance of the communicating stations. With short distances (<50 m) and asynchronous transmission a data rate of 20 Mbit/s is achieved, with up to 800 m distance a data rate of 1 Mbit/s are provided. For connection-oriented services, e.g. video-telephony, at least 64 kbit/s are offered. interoperability of The standard serves to ensure the possible manufacturers' wireless communications different

equipment that operate in this spectrum. The HIPERLAN standard only describes a common air interface including the physical layer for wireless communications equipment, while leaving decisions on higher level configurations and functions open to the equipment manufacturers.

The choice of frequencies allocated to HIPERLAN was part of the 5-5.30 GHz band being allocated globally to aviation purposes. The Aviation industry only used the 5-5.15GHz frequency, thus making the 5.15-5.30 frequency band accessible to HIPERLAN standards. HIPERLAN is designed to work without any infrastructure. Two stations may exchange data directly, without any interaction from a wired (or radio-based) infrastructure. The simplest
25

HIPERLAN thus consists of two stations. Further, if two HIPERLAN stations are not in radio contact with each other, they may use a third station (i.e. the third station must relay messages between the two communicating stations). Products compliant to the HIPERLAN 5 GHz standard shall be possible to implement on a PCMCIA Type III card. Thus the standard will enable users to truly take computing power on the road.

8. Explain the characteristics of mobile ad hoc networks Wireless, or single-hop networks, until recently were based on a fixed structure, basically network nodes communicating to fixed infrastructure. Mobile ad-hoc networking offers multi-hop communication, in effect network nodes communicating via other nodes. In situations where networks are constructed and destructed in adhoc manner, mobile ad-hoc networking is an excellent choice. The idea of mobile adhoc or packet radio networks has been under development since 1970s. Since the mid-90s, when the definition of standards such as IEEE802.11 helped cause commercial wireless technology to emerge, mobile ad-hoc networking has been identified as a challenging evolution in wireless technology. A mobile ad-hoc network is a collection of mobile devices equipped with a transmitter and receiver, connected in the absence of fixed infrastructure. Mobile ad-hoc network is defined with characteristics such as purpose-specific, autonomous and dynamic. In comparison with fixed wireless networks, there is no master slave relationship that exists in a mobile ad-hoc network. Nodes rely on each other to established communication, thus each node acts as a router. Therefore, in a mobile ad-hoc network, a packet can travel from a source to a destination either directly, or through some set of intermediate packet forwarding nodes. The control and management of mobile ad-hoc network is distributed among the participating nodes. Each node is responsible to forward packet to other nodes in the networks. The nodes are also collaborate themselves to implement network routine functions such as security. Nodes in mobile ad-hoc network are highly mobile which causes network topology to change rapidly and unpredictably. Moreover the connectivity among the hosts varies with time. In most cases, mobile ad-hoc
26

networks operate on low power devices. Normally these devices have low CPU process capability and small memory sizes, thus affect the capability of the mobile ad-hoc network to reach other devices. Routing in mobile ad-hoc network, meaning transferring packets from source to destination, is different than traditional routing in a fixed network. Routing in mobile ad-hoc networking depends on many factors which includes topology, selection of routers, initiation of request and available bandwidth.

9. Explain in detail about denial of service attacks? A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks, but is not limited to this field, for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between
27

the intended users and the victim so that they can no longer communicate adequately. A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.A DoS attack can be perpetrated in a number of ways. The five basic types of attack are: 1. Consumption of computational resources, such as bandwidth, disk space, or processor time 2. Disruption of configuration information, such as routing information. 3. Disruption of state information, such as unsolicited resetting of TCP sessions. 4. Disruption of physical network components. 5. Obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. A DoS attack may include execution of malware intended to:

Max out the processor's usage, preventing any work from occurring. Trigger errors in the microcode of the machine. Trigger errors in the sequencing of instructions, so as to force the computer into an unstable state or lock-up. Exploit errors in the operating system, causing resource starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished. Crash the operating system itself. A permanent denial-of-service (PDoS), also known loosely as phlashing is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the distributed denial-of-service attack, a PDoS attack exploits security flaws which allow remote administration on the management interfaces of the victim's hardware, such as routers, printers, or other networking hardware. The attacker uses these
28

vulnerabilities to replace a device's firmware with a modified, corrupt, or defective firmware imagea process which when done legitimately is known as flashing. This therefore "bricks" the device, rendering it unusable for its original purpose until it can be repaired or replaced.

The PDoS is a pure hardware targeted attack which can be much faster and requires fewer resources than using a botnet in a DDoS attack. Because of these features, and the potential and high probability of security exploits on Network Enabled Embedded Devices (NEEDs), this technique has come to the attention of numerous hacker communities.

10. What are the security threats to wireless networks? Signals in wireless networks are omni directional and spread beyond the desired coverage area. Due to this weakness, many active and passive methods are available for doing attacks in wireless network transmission. Inserting the data into wireless networks or modifying any transmitted data is called active method whereas passive methods include monitoring the traffic in promiscuous mode to get information about wireless networks.Major security threats which are possible in wireless networks are as follows: Active Scanning / Probing Threat: The most common threat of wireless networks is doing attack by Active software like Net Stumber (for Windows) and Dstumber (for Unix/ Linux). These software works on the method of active scanning. Attacks transmit the probe request to find any access point. If any access point is available, it will transmit probe response for that request. This response frame consists of SSID, Source/Destination MAC Address. Once attack captures this response frame, he/she has all the necessary information to enter in the network. Hence, if there is not any strong authentication mechanism, attackers may easily enter in the network. Spoofing Threat: Another major threat in wireless networks is MAC Address Spoofing which alters the manufacture assigned MAC address to any other value. This is
29

conceptually different than traditional IP address spoofing where an attacker sends data from any arbitrary source address and does not expect to see a response to their actual source IP address. An attacker may choose MAC Address Altering for several reasons, e.g. to bypass access control list, to impersonate an already authenticated user or disguising his/her presence on the network. 802.11 Beacon Flood Threat: This technique requires generating thousands of counterfeit/fake 802.11 beacon frames and then transmits them on the network. Beacon frame contains the information about SSID of the network. Hence, it becomes difficult for the client to choose correct SSID to find a legitimate AP. There are several tools available nd transmit the fake beacon frames. Authentication/ De Authentication Flood Threat: In this, the attacker broadcasts the association or authentication request frames from the fake addresses to either access point (infrastructure mode) or to clients e). So, access point or client sends reply and keep the information about that request for some time in memory and wait for response, which is never going to come. Thus they are loaded with false authentication/ de-n requests and legitimate entities are put on hold for sometime, hence denying services to them. Threat from Unauthorized Devices: In case of wireless networks, unauthorized access are not only limited to clients, but it is also applicable to access points. Sometimes, an authorized person, due to suspicious users does not plant these access points. Once planted, this rouge access point is configured to operate on higher broadcasting power and as a valid access point. Sometimes, the legitimate users plant access point to improve their coverage. Jamming Threat:

30

One of the most famous security threats for wireless networks is jamming. In this, the attacker operates on the same frequency and channel of the target network. He/she operates at higher power, thus disabling the actual access point. Sometimes, the network arrives at standstill position and user fears that network is attacked. Man in the Middle Threat: Wireless networks are also prone to Man in the Middle attack. In this, an attacker sends management frames to client and force them dissociate from valid access point and prompt them to join another fake access point setup by an attacker posing as valid access point.

11. Describe in detail the Radio Propagation and Propagation Path-Loss Models Exponential growth of mobile communications has increased interest in many topics in radio propagation. Much effort is now devoted to refine radio propagation path-loss models for urban, suburban, and other environments together with substantiation by field data. Radio propagation in urban areas is quite complex because it often consists of reflected and diffracted waves produced by multipath propagation. Radio propagation in open areas free from obstacles is the simplest to treat, but, in general, propagation over the earth and the water invokes at least one refl ected wave. For closed areas such as indoors, tunnels, and underground passages, no established models have been developed as yet, since the environment has a complicated structure. However, when the environmental structure is random, the Rayleigh model used for urban area propagation may be applied. When the propagation path is on line of sight, as in tunnel and underground passages, the environment may be treated either by the Rician model or waveguide theory. Direct wave models may be used for propagation in a corridor. In general, radio wave propagation consists of three main attributes: reflection, diffraction and scattering. Reflection occurs when radio wave propagating in
31

one medium impinges upon another medium with different electromagnetic properties. The amplitude and phase of the reflected wave are strongly related to the mediums instrinsic impedance, incident angle, and electric field polarization. Part of the radio wave energy may be absorbed or propagated through the reflecting medium, resulting in a reflected wave that is attenuated. Diffraction is a phenomenon by which propagating radio waves bend or deviate in the neighborhood of obstacles. Diffraction results from the propagation of wavelets into a shadowy region caused by obstructions such as walls, buildings, mountains, and so on. Scattering occurs when a radio signal hits a rough surface or an object having a size much smaller than or on the order of the signal wavelength. This causes the Signal energy to spread out in all directions. Scattering can be viewed at the receiver as another radio wave source. Typical scattering objects are furniture, lamp posts, street signs, and foliage.

12. Write short note on frequency reuse and hexagonal cell pattern Frequency reuse Cellular systems seeks to make an efficient use of available channels by employing low-power transmitters to allow frequency reuse at much smaller
32

distances Maximizing the number of times each channel may be reused in a given geographic area is the key to an efficient cellular system design. Cellular systems are designed to operate with groups of low-power radios spread out over the geographical service area. Each group of radios serve mobile stations located near them. The area served by each group of radios is called a cell. Each cell has an appropriate number of low-power radios to communicate within the cell itself. The power transmitted by the cell is chosen to be large enough to communicate with mobile stations located near the edge of the cell. The radius of each cell may be chosen to be perhaps 28 km (about 16 miles) in a start-up system with relatively few subscribers, down to less than 2 km (about 1 mile) for a mature system requiring considerable frequency reuse.

Hexagonal Cell Geometry As the traffic grows, new cells and channels are added to the system. If an irregular cell pattern is selected, it would lead to an inefficient use of the spectrum due to its inability to reuse frequencies because of cochannel interference. In addition, it would also result in an uneconomical deployment of equipment, requiring relocation from one cell site to another. Therefore, a
33

great deal of engineering effort would be required to readjust the transmission, switching, and control resources every time the system goes through its development phase. The use of a regular cell pattern in a cellular system design eliminates all these difficulties. In reality, cell coverage is an irregularly shaped circle. The exact coverage of the cell depends on the terrain and many other factors. For design purposes and as a first-order approximation, we assume that the coverage areas are regular polygons. For example, for omnidirectional antennas with constant signal power, each cell site coverage area would be circular. To achieve full coverage without dead spots, a series of regular polygons are required for cell sites. Any regular polygon such as an equilateral triangle, a square, or a hexagon can be used for cell design.The hexagon is used for two reasons: a hexagonal layout requires fewer cells and, therefore, fewer transmitter sites, and a hexagonal cell layout is less expensive compared to square and triangular cells. In practice, after the polygons are drawn on a map of the coverage area, radial lines are drawn and the signal-to-noise ratio (SNR) calculated for various directions using the propagation 13. Write short note on medium access techniques A typical scenario in a wireless network is shown in fig 1. The MSs have to compete for a shared medium. Each MS has a transmitter/receiver that communicates with other MSs.

34

MS 3

MS 2

MS 4

Shared multiple access medium

MS 1

MS n

Fig 1 Multiple access of a shared medium in wireless network In a general scheme, transmission from any MS can be received by all other MSs in the neighborhood. Therefore, if more than one MS attempts to transmit at one time, collision occurs and MSs receiving the information cannot interpret or differentiate what id being transmitted. These situations are called collisions in the medium. Collisions must be avoided and this is done using medium access control (MAC) techniques. Thus the primary function of MAC is to minimize or eliminate the incidence of collisions to achieve a reasonable utilization of the medium. The two basic approaches in MAC are random access and scheduling. Random access The different types of random access protocols are i. ii. iii. iv. ALOHA Slotted ALOHA Carrier Sense Multiple Access Carrier Sense Multiple Access with Collision Detection

Scheduling approaches to medium access control These approaches attempt to produce an orderly access to the transmission medium. The different types of scheduling protocols are
35

i. ii.

Reservation systems Polling

14. Explain shortly about CDMA In the mid-l980s, several researchers saw the potential for a technology primarily used in military applications to also be used for cellular communications. This technology, spread spectrum communications, which involve transforming narrowband information to a wideband signal for transmission, was seen as a mean of addressing potential capacity limitations of TDMA systems (which result from the fact that the number of users on any single frequency is restricted by the number of available time slots). A spread spectrum system operates by transforming the narrowband information of an individual user into wideband information by using high- frequency codes, each unique for that particular user. By assigning different users unique codes, a multiple-access system is possible, i.e, code division multiple access (CDMA). Moreover, in a CDMA system, frequency reuse limitations Seen in FDMA and TDMA systems are not quite so critical, as multiple mobile stations and base stations can occupy the same frequencies at once. Qualcomm Incorporated in San Diego, California, developed the first CDMA cellular system for widespread deployment in the early 1990s, culminating with the standardization of Qualcomm's CDMA solution by the Telecommunications Industry Association (TIA) in 1992. More recently, CDMA has formed the basis for enhancing cellular systems around the world. CDMA spread spectrum systems come in two types: frequency hopped and direct sequence. CDMA using frequency hopping involves a user transmitting over multiple frequencies consecutively in time in a pseudorandom manner. Pseudorandom in this case refers to the fact that the sequence of transmission frequencies is known at the transmitter and receiver, but appears random to any other receiver. An example of a frequency hopping sequence is given in Figure 1. Slow-hopping systems involve a changing of frequencies at a slower rate than the information bit rate, whereas fast-hopping requires a much faster change of the transmission frequency than the information bit rate. Frequency hopped systems are limited by the total number of hopping frequencies available. If two users hop to the same frequency at once, they will interfere with one another.Direct-sequence
36

systems work by modulating the user's information signal with a sequence known to the receiver and transmitter. This sequence is generated at a much higher rate than the user signal, literally "spreading" the user's signal bandwidth. This process is illustrated in Figure 2. All commercial cellular CDMA systems use direct-sequence spreading as opposed to frequency hopping.

Fig 1 Frequency hopping sequence

Fig 2 Direct sequence spreading of information

37

Ten Marks questions 1. Explain the development history of mobile radio systems. 1921 - Detroit Michigan Police Dept. made the earliest significant use of Mobile radio in a vehicle in the United States. The system operated at a frequency close to 2 MHz. The channels soon became overcrowded. 1940 - New frequencies between 30 and 40 MHz were made available. Increasing the available channels encouraged a substantial buildup of police systems. Shortly thereafter other users found a need for this form of communication. Private individuals, companies, and public agencies purchased and operated their own mobile units. 1945 - First public mobile telephone system in the U.S. was inaugurated in St. Louis, Missouri with three channels at 150 MHz. Six channels spaced 60 kHz apart were allocated for this service by the FCC, but the mobile equipment was not sophisticated enough to prevent interference. 1947 - A Public mobile system using frequencies in the 35 to 44 MHz band began operations along the highway between New York and Boston. These frequencies were thought to carry greater distances however a problem with skip-distance propagation carried interfering conversations for long distances. These early mobile telephone systems used push-to-talk operation. 1949 - FCC authorized separate radio channels to common carrier entities known as "Radio Common Carriers" (ROC). These companies do not provide public telephone service, but interconnect to the public telephone network to provide mobile telephone services equivalent to the wire line common carriers.
38

1955 - Number of wire line channels available at 150 MHz was expanded from 5 to 11 by the creation of new channels between the old ones (channel spacing of 30 kHz). 1956 - 12 wire line channels were added near 450 MHz. All systems operated in a manual mode, with each call to or from a mobile unit being handled by a special mobile telephone operator. 1964 - A new system (150 MHz) was developed providing automatic channel selection for each call, eliminated the need to push-to-talk operation, and allowed customers to do their own dialing. 1969 - Automatic capability was extended to the 450 MHz band and the so called "Improved Mobile Telephone System" (IMTS) became the standard for mobile telephone service in the U.S. Advanced Systems (Cellular Concept) As early as 1947, it was realized that small cells with frequency reuse could increase traffic capacity substantially and the basic cellular concept was developed. However, the technology did not exist. 1953 - AT&T proposed to the FCC a broadband mobile telephone system to operate in the 800 MHz region. 1970 - FCC announced a tentative allocation of 75 MHz in the 800 MHz region and invited industry to submit proposals for achieving communication objectives and demonstrating feasibility. 1971 - AT&T responds with a technical report asserting feasibility by detailing how a "cellular system" might be composed. No other proposed systems were submitted to the FCC. 1974 - FCC makes a firm allocation of 40 MHz for mobile telephone service and solicited applications for developmental Systems to prove the feasibility of so-called "Cellular Systems" but because of the beginnings of Bell Systems divestiture proceedings, ruled that Western Electric could not manufacture cellular terminal equipment. This was because Western Electric makes the
39

network equipment and the restriction from selling both terminal and network products were to prevent further monopolization. 1975 - AT&T applied for authorization to operate a developmental cellular system in Chicago. 1977 - License granted in March of 1977. Illinois Bell Telephone constructs and operates a developmental cellular system. 1978 - Mid 1978 the Equipment Test phase commenced. The Service Testphase started in late 1978. Twenty-one hundred mobile sets were procured from three suppliers for the test and the system served over 2000 trial customers. 1981 - FCC issues standard rules and due to the direction already taken, In the Bell System divestiture proceedings, now rules that Western Electric is permitted to manufacture cellular terminals as well as the network equipment. In the years between 1974 and 1981, AT&T Bell Labs worked with all other cellular terminal vendors to develop their cellular phones so that consumers would have quality products available to use on the cellular network. 2. Explain in detail IEEE 802.11 MAC layer structure The MAC sublayer is responsible for the channel allocation procedures, protocol data unit (PDU) addressing, frame formatting, error checking, and fragmentation and reassembly. The transmission medium can operate in the contention mode exclusively, requiring all stations to contend for access to the channel for each packet transmitted. The medium can also alternate between the contention mode, known as the contention period (CP), and a contentionfree period (CFP). During the CFP, medium usage is controlled (or mediated) by the AP, thereby eliminating the need for stations to contend for channel access. IEEE 802.11 supports three different types of frames: management, control, and data. The management frames are used for station association and disassociation with the AP, timing and synchronization, and authentication and deauthentication. Control frames are used for handshaking
40

during the CP, for positive acknowledgments during the CP, and to end the CFP. Data frames are used for the transmission of data during the CP and CFP, and can be combined with polling and acknowledgments during the CFP. The standard IEEE 802.11 frame format is illustrated in Fig. 1 The IEEE standard 48-bit MAC addressing is used to identify a station. The 2 duration octets indicate the time (in microseconds) the channel will be allocated for successful transmission of a MAC protocol data unit (MPDU). The type bits identify the frame as either control, data or management. The subtype bits further identify the type of frame (e.g., Clear to Send control frame). A 32-bit cyclic redundancy check (CRC) is used for error detection.

Fig 1. IEEE 802.11 MAC frame format DISTRIBUTED COORDINATION FUNCTION The DCF is the fundamental access method used to support asynchronous data transfer on a best effort basis. As identified in the specification, all stations must support the DCF. The DCF operates solely in the ad hoc network, and either operates solely or coexists with the PCF in an infrastructure network. The MAC architecture is depicted in Fig. 2, where it is shown that the DCF sits directly on top of the physical layer and supports contention services. Contention services imply that each station with an MSDU queued for transmission must contend for access to the channel and, once the MSDU is transmitted, must recontend for access to the channel for all subsequent frames. Contention services promote fair access to the channel for all stations. The DCF is based on carrier sense multiple access with collision avoidance (CSMA/CA). CSMA/CD (collision detection) is not
41

used because a station is unable to listen to the channel for collisions while transmitting. In IEEE 802.11, carrier sensing is performed at both the air interface, referred to as physical carrier sensing, and at the MAC sublayer, referred to as virtual carrier sensing. Physical carrier sensing detects the presence of other IEEE 802.11 WLAN users by analyzing all detected packets, and also detects activity in the channel via relative signal strength from other sources. A source station performs virtual carrier sensing by sending MPDU duration information in the header of request to send (RTS), clear to send (CTS), and data frames. An MPDU is a complete data unit that is passed from the MAC sublayer to the physical layer. The MPDU contains header information payload, and a 32-bit CRC. The duration field indicates the amount of time (in microseconds) after the end of the present frame the channel will be utilized to complete the successful transmission of the data or management frame. Stations in the BSS use the information in the duration field to adjust their network allocation vector (NAV), which indicates the amount of time that must elapse until the current transmission session is complete and the channel can be sampled again for idle status. The channel is marked busy if either the physical or virtual carrier sensing mechanisms indicate the channel is busy. Priority access to the wireless medium is controlled through the use of interframe space (IFS) time intervals between the transmission of frames. The IFS intervals are mandatory periods of idle time on the transmission medium. Three IFS intervals are specified in the standard: short IFS (SIFS), point coordination function IFS (PIFS), and DCFIFS (DIFS). The SIFS interval is the smallest IFS, followed by PIFS and DIFS, respectively. Stations only required to wait a SIFS have priority access over those stations required to wait a PIFS or DIFS before transmitting; therefore, SIFS has the highest-priority access to the communications medium. For the basic access method, when a station senses the channel is idle, the station waits for a DIFS period and samples the channel again. If the channel is still idle, the station transmits an MPDU. The receiving station calculates the checksum and determines whether the packet was received correctly. Upon receipt of a correct packet, the receiving station waits a SIFS interval and

42

transmits a positive acknowledgment frame (ACK) back to the source station, indicating that the transmission was successful.

POINT COORDINATION FUNCTION (PCF) The PCF is an optional capability, which is connection-oriented, and provides contention-free (CF) frame transfer. The PCF relies on the point coordinator (PC) to perform polling, enabling polled stations to transmit without contending for the channel. The function of the PC is performed by the AP within each BSS. Stations within the BSS that are capable of operating in the CF period (CFP) are known as CF-aware stations. The method by which polling tables are maintained and the polling sequence is determined, is left to the implementor. The PCF is required to coexist with the DCF and logically sits on top of the DCF (Fig. 2). The CFP repetition interval (CFP_Rate) is

Fig 2. MAC Architecture used to determine the frequency with which the PCF occurs. Within a repetition interval, a portion of the time is allotted to contention-free traffic, and the remainder is provided for contention-based traffic. The CFP repetition interval is initiated by a beacon frame, where the beacon frame is transmitted by the AP. One of its primary functions is synchronization and timing. The duration of the CFP repetition interval is a manageable parameter that is always an integral number of beacon frames. Once the CFP_Rate is
43

established, the duration of the CFP is determined. The maximum size of the CFP is determined by the manageable parameter CFP_Max_Duration. The minimum value of CFP_Max_Duration is the time required to transmit two maximum-size MPDUs, including overhead, the initial beacon frame, and a CF-End frame. The maximum value of CFP_Max_Duration is the CFP repetition interval minus the time required to successfully transmit a maximumsize MPDU during the CP (which includes the time for RTS/CTS handshaking and the ACK). Therefore, time must be allotted for at least one MPDU to be transmitted during the CP. It is up to the AP to determine how long to operate the CFP during any given repetition interval. If traffic is very light, the AP may shorten the CFP and provide the remainder of the repetition interval for the DCF. The CFP may also be shortened if DCF traffic from the previous repetition interval carries over into the current interval. The maximum amount of delay that can be incurred is the time it takes to transmit an RTS/CTS handshake, maximum MPDU, and ACK 3.Explain the IEEE 802.11 physical layer The IEEE 802.11 draft specification calls for three different physical-layer implementations: They are frequency hopping spread spectrum (FHSS), direct sequence spread spectrum (DSSS), and Infra Red. The FHSS utilizes the 2.4 GHz Industrial, Scientific, and Medical (ISM) band (i.e., 2.40002.4835 GHz). In the United States, a maximum of 79 channels are specified in the hopping set. The first channel has a center frequency of 2.402 GHz, and all subsequent channels are spaced 1 MHz apart. The 1 MHz separation is mandated by the FCC for the 2.4 GHz ISM band. The channel separation corresponds to 1 Mb/s of instantaneous bandwidth. Three different hopping sequence sets are established with 26 hopping sequences per set. Different hopping sequences enable multiple BSSs to coexist in the same geographical area, which may become important to alleviate congestion and maximize the total throughput in a single BSS. The reason for having three
44

different sets is to avoid prolonged collision periods between different hopping sequences in a set. The minimum hop rate permitted is 2.5 hops/s. The basic access rate of 1 Mb/s uses two-level Gaussian frequency shift keying (GFSK), where a logical 1 is encoded using frequency Fc + f and a logical 0 using frequency Fc f. The enhanced access rate of 2 Mb/s uses four-level GFSK, where 2 bits are encoded at a time using four frequencies. The DSSS also uses the 2.4 GHz ISM frequency band, where the 1 Mb/s basic rate is encoded using differential binary phase shift keying (DBPSK), and a 2 Mb/s enhanced rate uses differential quadrature phase shift keying (DQPSK). The spreading is done by dividing the available bandwidth into 11 subchannels, each 11 MHz wide, and using an 11-chip Barker sequence to spread each data symbol. The maximum channel capacity is therefore (11 chips/ symbol)/(11 MHz) = 1 Mb/s if DBPSK is used. Overlapping and adjacent BSSs can be accommodated by ensuring that the center frequencies of each BSS are separated by at least 30 MHz [3]. This rigid requirement will enable only two overlapping or adjacent BSSs to operate without interference.

45

Fig IEEE 802.11 physical layer activities The IR specification identifies a wavelength range from 850 to 950 nm. The IR band is designed for indoor use only and operates with nondirected transmissions. The IR specification was designed to enable stations to receive line-of-site and reflected transmissions. Encoding of the basic access rate of 1 Mb/s is performed using 16-pulse position modulation (PPM), where 4 data bits are mapped to 16 coded bits for transmission. The enhanced access rate (2 Mb/s) is performed using 4-PPM modulation, where 2 data bits are mapped to 4 coded bits for transmission. IEEE 802.11a makes use of 5-GHz band and Provides rates of 6, 9 , 12, 18, 24, 36, 48, 54 Mbps. It uses orthogonal frequency division multiplexing (OFDM) as the physical layer. It is basically a multicarrier system in which the

46

subcarriers used are orthogonal to each other. The subcarriers are modulated using BPSK, QPSK, 16-QAM or 64-QAM. IEEE 802.11b standard provides data rates of 5.5 and 11 Mbps. In this case the barker code used for spreading is replaced by complementary code keying (CCK) modulation scheme shown below.

Fig 11Mbps CCK modulation scheme 4. Explain in detail about the Mobile radio standards around the world. Many mobile radio standards have been developed for Wireless systems throughout the world, and more standards are likely to emerge. Some of the standards prevalent throughout the world are listed below. The worlds first cellular system was implemented by the Nippon Telephone and Telegraph Company (NTT) in Japan. The system deployed in 1979, uses 6FM Duplex channels (25 KHz for each one way link) in the 800 MHz band. MOBILE RADIO STANDARDS IN NORTH AMERICA

Standard Type AMPS cellular

Year

of Multiple Access FDMA

Frequency band 824-894

Introduction 1983

Modulation FM

Channel Bandwidth 30 KHz

47

MHz NAMPS cellular 1992 FDMA 824-894 MHz 824-894 MHz 824-894 MHz 824-894 1993 PCS GSC paging 1970S 1970S 1993 Simplex Simplex Simplex CDMA MHz/ 1.8-2.0 GHz several several several 1.85-1.99 GHz 1.85-1.99 GHz FM 10 KHz

/430KHz DQPSK

USDC

cellular

1991

TDMA

FH/ CDPD cellular 1993 packet Cellular/ IS-95

GMSK

30 KHz

QPSK/ 1.25 MHz BPSK FSK FSK 4-FSK 1.25 KHz 1.25 KHz 15 KHz

POCSAG Paging FLEX DCS-900 PCS (GSM) Cordless/ PACS PCS MIRS SMR/PC S SMR/PC S Paging

1994

TDMA

GMSK

200 KHz

FDMA/ 1994 TDMA 1994 TDMA

/4300 KHz DQPSK 16-QAM 25 KHz

several

iDen

1995

TDMA

several

16-QAM

25 KHz

MOBILE RADIO STANDARDS IN EUROPE Standard Type Year of Multiple

48

Frequency

Modulation

Channel

Introduction ETACS NMT-450 Cellular Cellular 1985 1981

Access FDMA FDMA

band 900MHz 450-470 MHz 890-960 MHz 890-960 MHz 450-465 MHz Several 864-868 MHz 1880-1900 MHz 1710-1880 MHz FM FM

Bandwidth 25 KHz 25 KHz

NMT-900

Cellular Cellular/

1986

FDMA

FM

12.5 KHz

GSM PCS

1990

TDMA

GMSK

200 KHz

20 KHz/ FM 10 KHz 4-FSK GFSK 25 KHz 100 KHz

C-450

Cellular

1985

FDMA

ERMES CT2

Paging Cordless

1993 1989

FDMA FDMA

DECT

Cordless Cordless/

1993

TDMA

GFSK

1.728 MHz

DCS1800

1993 PCS

TDMA

GFSK

200 KHz

The first generation European cellular systems are generally incompatible with one another because of the different frequencies and communication protocols used. MOBILE RADIO STANDARDS IN JAPAN Standard Type JTACS Cellular Year of Multiple Access FDMA Frequency band 860-925 MHz Modulation FM Channel Bandwidth

Introduction 1988

25 KHz

49

/4PDC Cellular 1993 TDMA 810-1501 MHz DQPSK NTT NTACS NTT NEC Cellular Cellular Paging Paging 1979 1993 1979 1979 FDMA FDMA FDMA FDMA 400/800 MHz 843-925 MHz 280 MHz Several FM FM FSK FSK /4PHS Cordless 1993 TDMA 1895-1907 MHZ DQPSK 300 KHz 25 KHz 12.5 KHz 12.5 KHz 10 KHz 25 KHz

5.

Discuss in detail about the security mechanism used in WLAN

Two security services are specified in IEEE 802.11, the authentication service and the privacy service. The privacy service is provided by Wired Equivalent Privacy (WEP) algorithm. The authentication service provides two basic levels of security. The first, Open System Authentication (OSA) is mandatory, but provides essentially no security.The second is shared-key authentication that provides the highest level of security available and uses the WEP algorithm.

Wired Equivalent Privacy (WEP) The WEP is based on the use of RC4 encryption. RC4 as specified in the standard operates in Output FeedBack (OFB) mode as shown in Figure 1. The RC4 algorithm has three inputs; an initializing vector IV, the random key, and the plaintext. The IV vector is input to E, the RC4 encryption algorithm, along with the key. The algorithm generates a keystream output from E that is sent to the output box O. The output box O shifts the keystream out, a byte at a time and each byte is combined with the plaintext P under the Exclusive OR function. The output of E is also fed back to the I
50

stage which causes the keystream to vary as a function of IV and the key. That is: Given: The plaintext pj and RC4(IV, Key) Form: cj = pj RC4(IV, Key) Encryption is shown on the left and decryption on the right side of Figure 1. Since IV must be known to the transmitter and receiver, it is sent to the receiver as an unencrypted part of the ciphertext stream. The logic function to insert IV into the ciphertext stream and recover it from the stream for input to the I function at the receiving end are not shown, but are straightforward functions. IV does not have to be secret since RC4s strength is derived from the algorithm and key, not IV. However, the integrity of IV needs to be assured or decryption will not function properly. The RC4 algorithm supports variable length keys. The two lengths most commonly used for wireless applications are 40 bits for export controlled systems and 128 bits for domestic application. Although most vendors advertise 128 bit encryption, the effective key length is 104 bits . One of the primary requirements of stream ciphers in general and RC4 as well is that the implementation must ensure that the keystream is never used twice to encrypt a data stream.

Fig stream cipher operation

51

Authentication Prior to sending data, a station (i.e., a wireless device) and an access point must authenticate and establish an association. An association is a binding between the station and the access point. Once successfully authenticated and associated stations can exchange data with the access point (i.e., enter the network). The two authentication methods supported are Open System authentication and Shared key Authentication. Open System Authentication(OSA) In OSA, two management frames are exchanged between the station and the access point (AP). The first frame is sent from the station to the AP and includes the station Media Access Control (MAC) address and an identifier indicating it is an authentication request. The AP responds with a second frame that includes a status field indicating authentication success or failure. The station is now authenticated and unassociated. Two more frames are passed to establish and association. Most wireless vendors have implemented a wireless access control mechanism as part of the association process that is based on examining the station MAC address and blocking unwanted stations from associating Shared Key Authentication Shared key authentication uses the optional WEP algorithm along with a challenge response system to mutually authenticate a station and an AP. Authentication consists of the exchange of 4 messages for station authentication and 4 more for AP authentication APs send beacon messages to announce their presence. A station wishing to enter the network finds a beacon message and then initiates authentication with the AP whose address appears in the beacon message. The exchange is shown in Figure 2 The initiating station sends a management frame (sequence # 1) to the AP requesting authentication. The frame is sent in the clear. The responding AP sends sequence #2 which contains an authentication challenge in the message body. The challenge is 128 octets in length. The AP challenge is generated by combining a
52

pseudo random number with the shared secret key and a random initializing vector (IV) and sent as a clear text message (i.e.,unencrypted). The station receives the message, extracts the challenge and copies it to a new management frame. This frame is encrypted under the WEP algorithm using the shared key and a new IV and sent to the AP. The IV used by the station is also sent to the AP in the clear so the AP knows what IV to use with the secret key to decrypt the frame. The AP receives the frame, decrypts the contents, and checks the validity of the CRC 32 check sum, and tests the challenge to see if it matches the original challenge sent to the station. If the CRC 32 check is invalid, the frame is dropped. If the CRC-32 is valid, the challenge is tested. On a match, the station is successfully authenticated. The process is repeated to authenticate the AP to the stationThe protocol for exchanging authentication messages can be exploited to allow unauthorized stations to enter the network.

6. Explain the principle of cellular telephony Cellular telephony systems are radio systems that involve distributed transmission. Therefore, rather than having a single transmitter service
53

many different users over a wide area of coverage (e.g., commercial FM radio), the coverage area is divided into smaller areas known as cells. Each cell has one stationary transceiver known as a base station. A user of a cellular system communicates with the base station to place a call. The call can be data or voice, and the base station routes the call to either a terrestrial network to the termination point or to another user of the same cellular network. Normally, for voice calls, the base station either directly or indirectly routes the call to a public switched telephony network (PSTN).Each user of a cellular system is also sometimes called a subscriber. The basic relationship between a subscriber and the base station is shown in Figure 1-1. The communications link from the base station to the subscriber is referred to as the downlink or forward link, while the link from the subscriber to the base station is referred to as the uplink or reverse link. Cellular subscribers can be stationary or mobile. If the subscriber is mobile, then the cellular network must be able to handle the situation in which a mobile subscriber (also known as a mobile station) moves from one cell to another. This event is known as handoff for handover. If the mobile station can engage in simultaneous communication with multiple base stations, then it is said to be in soft handoff In order to ensure that a call is not dropped when a handoff occurs, information about the mobile station is usually known to the base stations involved in the handoff. Due to this and for other reasons, some communication exists in the network that connects base stations together in a cellular system. This network is known as the backbone network or simply the backhaul.

54

The backbone network consists of several entities between the PSTN and the base station. The base station usually interfaces with a base station controller (BSC), which networks a cluster of base stations to ensure that call admission and handover can function in a coordinated manner among base stations within a geographical region. A cluster is a group of cells that use the complete set of available telephony channels in a cellular network. One or more BSCs are usually connected to a mobile switching center (MSC), which interfaces directly with the PSTN. The MSC contains information about the cellular subscriber that can be used to route other information to that user during the call. Moreover, a home location register (HLR) may be co-located with the MSC; this entity contains user-specific information used primarily for authentication of the subscriber during call initialization. The intercommunication between the mobile station, base station, BSC and MSC is shown in Figure 1-2. A cellular telephone system has two basic functions; it must locate and track both active and inactive mobile stations (MSs), and it must always attempt to connect the active MSs to the best available base station(s) (BS(s)). The former task is the subject of user location updating and paging. The latter task requires the continuous evaluation of the radio link quality with the serving BS(s), and the radio link quality with alternate BSs. This monitoring is performed by a computer system that uses knowledge of the link quality evaluations, in addition to

55

the system topology and traffic flow, to decide upon the best BS(s) to serve a particular MS.

7.Explain in detail RC4 stream cipher algorithm RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It is a variable keysize stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. RC4 was kept as a trade secret by RSA Security. A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a 256-byte state vector S, with elements S[0], S[1], , S[255]. At all times, S contains a permutation of all 8-bit numbers from 0 through 255. For encryption and decryption, a byte k is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are once again permuted. Initialization of S To begin, the entries of S are set equal to the values from 0 through 255 in ascending order; that is; S[0] = 0, S[1] = 1, , S[255] = 255.

56

A temporary vector, T, is also created. If the length of the key K is 256 bytes, then K is transferred to T. Otherwise, for a key of length keylen bytes, the first keylen elements of T are copied from K and then K is repeated as many times as necessary to fill out T. These preliminary operations can be summarized as follows: /* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen]; Next we use T to produce the initial permutation of S. This involves starting with S[0] and going through to S[255], and, for each S[i], swapping S[i] with another byte in S according to a scheme dictated by T[i]: /* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]); Because the only operation on S is a swap, the only effect is a permutation. S still contains all the numbers from 0 through 255. Stream Generation Once the S vector is initialized, the input key is no longer used. Stream generation involves starting with S[0] and going through to S[255], and, for each S[i], swapping S[i] with another byte in S according to a scheme dictated by the current configuration of S. After S[255] is reached, the process continues, starting over again at S[0]: /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256;
57

k = S[t]; To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the value k with the next byte of ciphertext.

58

Fig 2 RC4 8.Explain in detail about general packet radio service. General Packet Radio Services (GPRS) is a mobile data service available to users of GSM and IS-136 mobile phones. GPRS data transfer is typically charged per megabyte of transferred data, while data communication via traditional circuit switching is billed per minute of connection time, independently of if the user actually has transferred data or been in an idle state. GPRS can be utilized for services such as WAP access, SMS and MMS, but also for Internet communication services such as email and web access.2G cellular systems combined with GPRS is often described as "2.5G", that is, a technology between the second and third generations of mobile telephony. It provides moderate speed data transfer, by using unused TDMA channels.

59

GPRS is different from the older Circuit Switched Data (or CSD) connection included in GSM standards. In CSD, a data connection establishes a circuit, and reserves the full bandwidth of that circuit during the lifetime of the connection. GPRS is packetswitched which means that multiple users share the same transmission channel, only transmitting when they have data to send. This means that the total available bandwidth can be immediately dedicated to those users who are actually sending at any given moment, providing higher utilisation where users only send or receive data intermittently. Web browsing, receiving e-mails as they arrive and instant messaging are examples of uses that require intermittent data transfers, which benefit from sharing the available bandwidth.The multiple access methods used in GSM with GPRS is based on frequency division duplex (FDD) and FDMA. During a session, a user is assigned to one pair of uplink and downlink frequency channels. This is combined with time domain statistical multiplexing, i.e. packet mode communication, which makes it possible for several users to share the same frequency channel. The packets have constant length, corresponding to a GSM time slot. In the downlink, first-come first-served packet scheduling is used. In the uplink, a scheme that is very similar to reservation ALOHA is used. This means that slotted Aloha (S-ALOHA) is used for reservation inquiries during a contention phase, and then the actual data is transferred using first-come first-served scheduling. GPRS speeds and profile Packet-switched data under GPRS is achieved by allocating unused cell bandwidth to transmit data. As dedicated voice (or data) channels are setup by phones, the bandwidth available for packet switched data shrinks. A consequence of this is that packet switched data has a poor bit rate in busy cells. The theoretical limit for packet switched data is 171.2 kbit/s (using 8 time slots and CS-4 coding). A realistic bit rate is 3080 kbit/s, because it is possible to use max 4 time slots for downlink. A change to the radio part of GPRS called EDGE (sometimes called EGPRS or Enhanced GPRS however it actually stands for Enhanced Data rates for GSM Evolution) allows higher bit rates of between 160 and 236.8 kbit/s. The maximum data rates are achieved only by allocation of more than one time slot in the TDMA frame. Also, the higher the data rate, the lower the error correction capability. Generally, the connection speed drops logarithmically with distance from the base station. This is
60

not an issue in heavily populated areas with high cell density, but may become an issue in sparsely populated/rural areas. GPRS coding scheme Transfer speed depends also on the channel encoding used. The least robust (but fastest) coding scheme (CS-4) is available near the Base Transceiver Station (BTS) while the most robust coding scheme (CS-1) is used when the Mobile Station (MS) is further away from the BTS.Using the CS-4 it is possible to achieve a user speed of 20.0 kbit/s per time slot. However, using this scheme the cell coverage is 25% of normal. CS-1 can achieve a user speed of only 8.0 kbit/s per time slot, but has 98% of normal coverage. Newer network equipment can adapt the transfer speed automatically depending on the mobile location. GPRS upgrades GSM data services providing:

MMS - Multimedia Messaging Service Push To Talk over Cellular PoC / PTT - Push to talk Instant Messaging and Presence Wireless_Village Internet Applications for Smart Devices through WAP Point-to-point (PTP) service: internetworking with the Internet (IP protocols). Short Message Service (SMS): bearer for SMS. Future enhancements: flexible to add new functions, such as more capacity, more users, new accesses, new protocols, new radio networks.

9. Explain the GSM architecture GSM is a cellular network, which means that mobile phones connect to it by searching for cells in the immediate vicinity. GSM networks operate in four different frequency ranges. Most GSM networks operate in the 900 MHz or 1800 MHz bands..In the 900 MHz band the uplink frequency band is 890-915 MHz, and the downlink frequency band is 935-960 MHz. This 25 MHz bandwidth is subdivided into 124 carrier frequency channels, each spaced 200 kHz apart. Time division multiplexing is used to allow eight full-rate or sixteen half-rate speech channels per radio frequency channel. There are eight radio timeslots (giving eight burst periods)
61

grouped into what is called a TDMA frame. Half rate channels use alternate frames in the same timeslot. The channel data rate is 270.833 kbit/s, and the frame duration is 4.615 ms.The transmission power in the handset is limited to a maximum of 2 watts in GSM850/900 and 1 watt in GSM1800/1900.

The structure of a GSM network

GSM has used a variety of voice codecs to squeeze 3.1kHz audio into between 6 and 13kbps. Originally, two codecs, named after the types of data channel they were allocated, were used, called "Full Rate" (13kbps) and "Half Rate" (6kbps). These used a system based upon linear predictive coding (LPC). In addition to being efficient with bitrates, these codecs also made it easier to identify more important parts of the audio, allowing the air interface layer to prioritize and better protect these parts of the signal.GSM was further enhanced in the mid-nineties with the GSM-EFR codec, a 12.2kbps codec that uses a full rate channel. Finally, with the development of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband, which is high quality and robust against interference when used on full rate channels, and less robust but still relatively high quality when used in good radio conditions on
62

half-rate channels.There are four different cell sizes in a GSM network - macro, micro, pico and umbrella cells. The coverage area of each cell varies according to the implementation environment. Macro cells can be regarded as cells where the base station antenna is installed on a mast or a building above average roof top level. Micro cells are cells whose antenna height is under average roof top level; they are typically used in urban areas. Picocells are small cells whose diameter is a few dozen meters; they are mainly used indoors. On the other hand, umbrella cells are used to cover shadowed regions of smaller cells and fill in gaps in coverage between those cells. Cell radius varies depending on antenna height, antenna gain and propagation conditions from a couple of hundred meters to several tens of kilometers. The longest distance the GSM specification supports in practical use is 35 km or 22 miles. There are also several implementations of the concept of an extended cell, where the cell radius could be double or even more, depending on the antenna system, the type of terrain and the timing advance.Indoor coverage is also supported by GSM and may be achieved by using an indoor picocell base station, or an indoor repeater with distributed indoor antennas fed through power splitters, to deliver the radio signals from an antenna outdoors to the separate indoor distributed antenna system. These are typically deployed when a lot of call capacity is needed indoors, for example in shopping centers or airports. However, this is not a prerequisite, since indoor coverage is also provided by in-building penetration of the radio signals from nearby cells. The modulation used in GSM is Gaussian minimum shift keying (GMSK), a kind of continuous-phase frequency shift keying. In GMSK, the signal to be modulated onto the carrier is first smoothed with a Gaussian low-pass filter prior to being fed to a frequency modulator, which greatly reduces the interference to neighboring channels (adjacent channel interference). Network structure
The network behind the GSM system seen by the customer is large and complicated in order to provide all of the services which are required. It is divided into a number of sections and these are each covered in separate articles. 63

the Base Station Subsystem (the base stations and their controllers). the Network and Switching Subsystem (the part of the network most similar to a fixed network). This is sometimes also just called the core network. the GPRS Core Network (the optional part which allows packet based Internet connections). all of the elements in the system combine to produce many GSM services such as voice calls and SMS.

Subscriber identity module One of the key features of GSM is the Subscriber Identity Module (SIM), commonly known as a SIM card. The SIM is a detachable smart card containing the user's subscription information and phonebook. This allows the user to retain his or her information after switching handsets. GSM security GSM was designed with a moderate level of security. The system was designed to authenticate the subscriber using shared-secret cryptography. Communications between the subscriber and the base station can be encrypted. GSM uses several cryptographic algorithms for security. The A5/1 and A5/2 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. A large security advantage of GSM over earlier systems is that the Ki, the crypto variable stored on the SIM card that is the key to any GSM ciphering algorithm, is never sent over the air interface. Serious weaknesses have been found in both algorithms, and it is possible to break A5/2 in real-time in a ciphertext-only attack. The system supports multiple algorithms so operators may replace that cipher with a stronger one. 10.Explain the two ray reflection model When the two antennas (transmitting and receiving) are on the earth, then there are multiple paths from the transmitter to the receiver. The effect of the multiple paths is the change in the path loss between two points. The simplest case is when the
64

antenna heights, hb and hm, are small compared with their separation, d, and the refl ecting earth surface is assumed to be flat. The received signal is then represented by a scattered fi eld, Es, that is approximated by a combination of a direct wave and reflected wave

(1)

Fig Two ray reflection model where: cr _ coefficient of reflection E _ electric field _ _ phase difference between the direct and reflected path

(2) where: d _ difference between direct path and refl ected path In the mobile radio environment, c r = -1, and is much less than one
65

radian. Thus Equation 2 can be written as

(3) Since the received power Pr is proportional to the square of the field strength, the power level at the antenna output located at the distance, d, from the transmitter, including the path loss, will be:

(4) From fig.1

(5) Using image property

(6)

66

(7)

Substituting for from eq.7 into eq.5,we get

(8) 11. Explain in detail about wireless network topologies Wireless network topology refers to the configuration in which a mobile terminal communicates with another. The two fundamental types of wireless networks are a) infrastructure, centralized or hub and spoke topology b) ad hoc or distributed topology Infrastructure network topology In this topology, there is a fixed (wired ) infrastructure that supports communication between mobile terminals and between mobile and fixed terminals. The infrastructure networks are often designed for large coverage areas and multiple base station or access point operations. Figure 1 shows the basic operation of an infrastructure network with a single BS/AP. The BS/AP serves as the hub of the network, and the mobile terminals are located at the ends of the spokes. Any communication between one wireless user station to another, i.e. between peers has to be sent through the BS/AP. The hub station usually controls the mobile stations
67

topologies

used in

and monitors what each station is transmitting. Thus the hub station is involved in managing user access to the network. All standardized cellular mobile telephone and wireless data systems use an infrastructure network topology to serve mobile terminals operating within the coverage area of any BS. The IEEE 802.11 standard and most of the wireless LAN products support infrastructure operation

Fig 1. Basic operation of an infrastructure network topology Ad hoc network topology This type of network topology applies to reconfigurable networks that can operate without the need for a fixed infrastructure. These networks are primarily used by the military and also in a few commercial applications for voice and data transmission. Such a topology is suitable for rapid deployment of a wireless network in a mobile or fixed environment. Fig 2 shows two variations of the ad hoc network topology. Fig 2.a is a single hop ad hoc network where, as the name implies every user terminal has the functional capability of communicating directly with any of the other user terminals. The IEEE 802.11 WLAN standard supports single hop as hoc topology.

68

Fig 2.Ad hoc networking (a) single hop peer to peer topology (b) multi hop ad hoc network topology In some as hoc networking applications, where users may be distributed over a wide area, a given user terminal may be able to reach only a portion of the other users in the network due to transmitter signal power limitations. In this situation, user terminals will have to co-operate in carrying messages across the network between widely separated stations. Networks designed to function this way are called multihop ad hoc networks and is illustrated in fig2.b. In this type of network each terminal should be aware of the neighboring terminals in its coverage range. This type of network configuration is used in military applications. 12. Explain in detail the ALOHA and slotted ALOHA random access protocols used in wireless systems ALOHA This is a single hop system with infinite users. Each user generates packets of data according to a Poisson process with arrival rate (packets/sec) and all packets have the same fixed length T. In this scheme, when the MS has a packet to transmit, it transmits the packet right away. The sender side also waits to see whether transmission is acknowledged by the receiver; no response within a specified period of time indicates a collision with another transmission. If the

69

presence of a collision is determined by the sender, it retransmits after some random wait time, as shown in fig.1 where the arrows indicate the arrival times.

Fig 1 Collision mechanism in ALOHA Each packet is generated by different users. In this method, it is assumed that the packets and users are identical. Thus the time point at which the packet transmission attempts are made is only considered. Considering the channel over time, the scheduling time includes both the generation times of new packets and the retransmission times of previously collided packets. Let the rate of scheduling be g (packets/sec). The parameter g is referred to as the offered load to the channel. Since some packets have to be transmitted more than once for successful transmission, g>. It is assumed that this scheduling process is a Poisson process with arrival time g. Consider a new or retransmitted packet scheduled for transmission at some instant t. This packet can be successfully transmitted if there are no other packets scheduled for transmission between the instants t-T and t+ T , where the period 2T is called the vulnerable period. Therefore, the probability, Ps of successful transmission is the probability that no packet is scheduled be Poisson process, Ps =P (no collision) = P (no transmission in two packets time)= e-2gT (1) in an interval of length 2T. Since the distribution of the scheduling time is assumed to

Since packets are scheduled at a rate of g packets per second with only a fraction of Ps successful, the rate of successful transmission is g Ps . Defining

70

throughput as the fraction of time during which the useful information is carried on the channel, it can be written as Sth= gTe-2gT =Ge-2G (2)

Where G=gT is the normalized offered load to the channel. The maximum throughput Sth max can be obtained by differentiating eq.(2) w.r.t G. It is found that the maximum throughput occurs when G=1/2. Substituting in eq(2), Sth max=1/2e 0.184 (3)

Slotted ALOHA This is a modification of the ALOHA and in this scheme, the slot size is taken as equal to the duration of the packet transmission T. Thus the vulnerable period for packet collision is reduced to a slot. It means that a transmission is successful if and only if one packet is scheduled for transmission for the current slot. Fig.2 shows the collision mechanism in slotted ALOHA where a collision is observed to be a full collision; thus, no partial collision occurs. Since the process composed of newly generated and retransmitted packets id Poisson, the probability of successful transmission is given by Ps = e-gT and the throughput becomes Sth= gTe-gT =Ge-G (4) (5)

The maximum throughput Sth max can be obtained by differentiating eq.(5) w.r.t G. It is found that the maximum throughput occurs when G=1. Substituting in eq(5), Sth max=1/e 0.368 Fig 3 shows the throughput of pure ALOHA and slotted ALOHA. (6)

71

Fig.2 Collision mechanism in slotted ALOHA

Fig 3 Throughputs of pure ALOHA and slotted ALOHA 13. Explain in detail the CSMA and CSMA/CD random access protocols used in wireless systems Carrier Sense Multiple Access (CSMA) In Carrier Sense Multiple Access protocol potential collision is prevented by listening to the channel before transmitting a packet. Each MS can sense the transmission of all other terminals, and the propagation delay is small compared with the transmission time. Fig 1 shows the collision process in the CSMA protocol.

72

Fig 1. Collision mechanism in CSMA

Two different variants of this protocol are a. non persistent CSMA b. persistent CSMA

Non persistent CSMA protocol In this protocol, the MS senses the medium first whenever the MS has a packet to send. If the medium is busy, the MS waits for a random amount of time and senses the medium again. If the medium is idle, the MS transmits the packet immediately. If a collision occurs, the MS waits for a random amount of time and starts all over again. The packets can be sent during a slotted period or can be transmitted at any arbitrary time. This leads to two different subcategories. a. slotted non persistent CSMA b. unslotted non persistent CSMA For unslotted non persistent CSMA, the throughput is given by S th = Ge G G (1 + 2 ) + e G (1)

For slotted non persistent CSMA, the throughput is given by S th =

Ge G
(1 e G ) +

(2)

73

where =

, and is the propagation delay through the air.

Persistent CSMA Two different variants of this protocol are a. 1 persistent CSMA b. p persistent CSMA

In 1 persistent CSMA protocol, the MS senses the medium when the MS has a packet ready to send. If the medium is busy, the MS keeps listening to the medium and transmits the packet immediately after the medium becomes idle. This protocol is called 1 persistent because the MS transmits with a probability of 1 whenever it finds the medium to be idle. However, in this protocol, there will always be a collision if two or more MSs have ready packets, are waiting for the medium to become free, and start transmitting at the same time. The two variants of this protocol are unslotted 1 persistent CSMA and slotted 1 persistent CSMA. Given the system parameters G and , the throughput for unslotted 1 persistent CSMA is given by

G G1+ G +G(1+ G + )eG(1+2) 2 Sth = G G(1+ 2) (1 e ) + (1+G)eG(1+)

(3)

the throughput for slotted 1 persistent CSMA is given by S th = G (1 + e G )e G (1+ ) (1 + )(1 e G ) + e G (1+ ) (4)

In p persistent CSMA protocol, the time is slotted. In this protocol, the MS senses the medium when it has a packet to send. If the medium is busy, the MS waits until the next slot and checks the medium again. If the medium id idle, the MS transmits
74

with probability p or deters transmission with probability (1-p) until the next slot. If a collision occurs, the MS waits for a random amount of time and starts all over again. Intuitively, this protocol is considered as an optimal access strategy. If N terminals have a packet to send, Np, the expected number of terminals will attempt to transmit once the medium becomes idle. If Np>1, then a collision is expected. Therefore, the network should make sure that Np1.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) In a typical CSMA protocol, if two terminals begin transmitting at the same time, each will transmit its complete packet even though they collide. This wastes the medium for an entire packet time and can be addressed by a new protocol called CSMA with collision detection. The main idea is to terminate transmission immediately after detection of a collision. In this protocol, the terminal senses the medium when the terminal has a packet to transmit. If the medium is not busy, the terminal will transmit the packet immediately. If the medium is busy, the terminal will wait until it becomes free. If a collision is detected during the transmission, the terminal aborts its transmission immediately and it attempts to transmit later after waiting for a random amount of time. Fig 2 shows the collision mechanism in this protocol. Here two terminals A and B are considered. The propagation delay between them is . Suppose A starts transmission at time To, then its transmission reaches B at time To+. Suppose B initiates a transmission at To+- (where is a small period such that 0<). It takes cd for a terminal to detect collision, so at time To++ cd B detects collision. Then a short jamming signal is transmitted to ensure that other stations know that collision has occurred before aborting the transmission, and a backoff algorithm is used to schedule for future resensing time.

75

Fig 2. Collision mechanism in CSMA/CD

14. Explain the Scheduling approaches to medium access control These approaches attempt to produce an orderly access to the transmission medium. The different types of scheduling protocols are iii. iv. Reservation systems Polling

Reservation systems Fig 1 shows the basic reservation system. The station takes turns transmitting

Fig.1 Basic reservation system a single frame at the full rate R bps, and the transmissions from stations are organized into cycles that can be variable in length. Each cycle begins with a reservation interval. In the simplest case, the reservation interval consists of M
76

minislots, one time slot per station. Stations use their corresponding minislot to indicate that they have a frame to transmit in a corresponding cycle. The stations announce their intention to transmit a frame by broadcasting their reservation bit during the appropriate minislot. By listening to the reservation interval, the stations can determine the order of frame transmissions in the corresponding cycle. The length of the cycle will the correspond to the number of stations that have a frame to transmit. The basic reservation system improves the performance of a time division multiplexing scheme by taking slots that would have gone idle and making them available to other stations. Fig 2.a shows an example of the operation of the basic reservation system. In the initial portion only stations 3 and 5 have frames to transmit. In the middle portion, station 8 becomes active, and the cycle is expanded from two slots to three slots.

Fig 2. Operation of the reservation system with (a) negligible and (b) nonnegligible delays To find the maximum attainable throughput for this system, assume propagation delay is negligible, the frame transmission times are X=1 time unit, the reservation minislot requires v time units, where v<1 and that one minislot is required per frame reservation. Each frame transmission then requires 1+v time units. The maximum throughput occurs when all the stations are busy and is given by, max =1/1+v (1)

for one frame reservation/minislot. Very high throughputs can be achieved if v is very small compared to 1.

77

Suppose the propagation delay is not negligible as shown in fig 2.b. The stations transmit their reservations in the same way as before, but the reservations do not take effect until some fixed number of cycles later. If the cycle length is constrained to have some minimum duration that is greater than the round trip propagation delay, then the reservations would take effect in the second following cycle. Polling In this type of system, the stations take turns accessing the medium. At any given time, only one of the stations has the right to transmit into the medium. When a station is done transmitting, some mechanism is used to pass the right to transmit to another station. The different ways for passing the right to transmit from station to station is shown in fig 3. Fig 3.a shows the situation in which M stations communicate with the host computer. The host computer will act as the central controller that issues control messages to co-ordinate the transmissions from the stations.

Fig.3. Polling systems (a) polling by central controller over lines (b) polling by central controller over radio transmissions (c) polling without a central controller The central controller sends a polling message to the particular station. When polled, the station sends its inbound frames and indicates the completion of its

78

transmission through a go-ahead message. The central controller might poll the stations in round-robin fashion, or according to some other pre-determined order. Fig 3.b shows another situation where polling can be used. Here the central controller may use radio transmissions in a certain frequency band to transmit outbound frames and stations may share a different frequency band to transmit inbound frames. This technique is called frequency division duplex (FDD) approach. Again the centra l controllers can co-ordinate transmissions on the inbound channel by issuing polling messages. Another variation of fig 9.b involves having inbound and outbound transmissions share one frequency band. This is the time division duplex (TDD) approach. In this case, there will be alternation between transmissions from the central controller and transmissions from polled stations. situation Fig3c shows a where polling is used without a central controller. In such a case, the

stations will have a polling order developed using some protocol and all stations will be able to receive the signals from all other stations. After a station is done transmitting, it is responsible for sending a polling message to the next station in the polling list.

79