RTTC Pune presents

GSM
Presented by
S. R. Gulhane, SDE RTTC Pune.
GSM
Architecture
First telephone : Alexander G. Bell

March 10, 1876 : First telephone Alexander Bell.

Marconi made economical use of EM theory by developing
devices for wireless transmission of Morse signals (about 1885).
After 6 years, the first transatlantic wireless transmission of
Morse signal took place.
Voice was transmitted for the first time in 1906 (R. Fess Eden),
and the first radio broadcast transmission in 1909 in New
York.
It all started like this
Economically most successful wireless application in the
first half of the 20
th
century was Radio broadcast.
There is one transmitter, the so called Radio station.
Information, such as news, music etc. is transmitted from
the radio station to the receiver equipment, the radio device.

This type of one-way transmission is called Simplex
transmission.
Here the transmission takes place in one direction, from the
transmitter to the receiver.
History
For telephony services, a technical solution is required,
where subscribers have the impression, that they can
speak (transmit) and hear (receive) simultaneously. This
type of solution is regarded as full- duplex transmission.




Mobile concepts
Mobile Phone
1946 :The first car mounted radio telephone

Mobile Phone
1946 : The first commercial mobile radio-telephone
service by Bell Lab in Saint Louis, Missouri (USA).
Half duplex, 120KHz/Chl, 50 miles coverage, operator
assisted.
It was a car phone service, the mobile phone equipment
was bulky and heavy.
But it was real full duplex solution.


Mobile Phone
In the 50s, several vehicle radio systems were also
installed in Europe.
These systems are now a days called Single cell system.
The user data transmission takes place between the
mobile phone and the base station (BS).
A base station transmit and receive data and handle the
calls of several subscribers simultaneously.


Going further
1960 IMPS( Improved mobile phone system) by Bell
and AT&T, direct dial, 30 KHz/Chl.
1976 First handheld cellular phone (Motorola)
Multiplicity of Mobile systems thereafter.
Mobile Generation-1
Many Different Standards:
o AMPS (US)
o NMT (Northern Europe)
o TACS (Europe)
o NTT (Japan)
o C-450 ( W-Germany)
o many others...
Spectrum
o around 800 and 900 MHz.
Generation Gap
Generation Gap

Analog [mainly for voice]
All systems are incompatible
No international roaming
Little capacity cannot accommodate masses of
subscribers
Security problems
Mobile Generation-1
Mobile Generation-1

All of them launched in the 80s of the last century.
Support Voice communication.
Offered national wide coverage.
Limitations:
Most of them did not support international roaming.
No support to data transmission.
No Supplementary services (like ISDN), such as number
indication and call forwarding, when busy.
Unprotected transmission over the radio interface.
Heavy Cost.
Mobile communication started to become a mass market.
And the radio interface is the main bottleneck in terms of
capacity.
Improved solution was urgently required.

This lead to the launch of the second generation mobile
communication systems, one of which is GSM.

Mobile Generation-1
Mobile Generation-2

Digital [voice encoding]
Increased capacity
More security ( by encryption)
Compatibility/Flexibility
Can use TDMA or CDMA for increasing capacity
Generation Gap
Four Major Standards:
GSM (European, now Global)
IS-54 (Later becomes IS-136, US)
JDC (Japanese Digital Cellular, now PDC)
IS-95 (CDMA, US)
Mobile Generation-2
Generation Gap
GSM History
1982 : CEPT
GSM (Group Special Mobile) was created to study and
develop a Pan-European Mobile system to replace first
generation (analogue) cellular technology in Europe.
The Purpose:
o Good subjective speech quality
o Efficient use of available spectrum
o Low terminal and network equipment costs
o Support of international roaming
o Integration of various bearer, supplementary and
tele-services in a single mobile network
1989 : GSM work was transferred to the ETSI.
1990 : Phase I of GSM specifications published.
GSM History
All GSM networks and equipment conform to a defined
GSM standard issued by ETSI.
Due to great International demand the system name
changed to Global Systems for Mobile Communications
(still GSM).
1991 : Commercial service started .
1992 : First paying customers were signed up for service.
1992 : Worlds first GSM network launched in Finland. The
first roaming agreement was made. By Dec-92 there were
13 networks operating in 7 areas.
Australian operators were the first non- European
signatories of the GSM MoU.

New frequency allocation for GSM 1800 (DCS 1800)
1710-1785 MHz (uplink) &
1805-1880 MHz (downlink).
1993 : GSM demonstrated for first time in Africa at Telkom.
GSM History
1993 : 36 GSM networks in 22 countries.
1994 : The first GSM network in Africa was
launched in South Africa.
1994 : 1.3 million subscribers worldwide.
1995 : There were 117 GSM networks. Fax,
data, and SMS roaming was implemented.
The GSM phase-2 standardization was
completed, for GSM 1900 (PCS1900).
1996 : There were 120 networks operating.
1996 : 25 million subscribers worldwide.
1997 : 55 million subscribers worldwide
GSM History
GSM History
At present more than 800 million end users in 190
countries and representing over 60% of today's
digital wireless market.
source: GSM Association

Telephone
Exchange
Subscriber
Line
(2W)
Inter-Exchange
Junction
Mobile Switching
Centre (MSC)
BSC BTS
MS
Mobile Communication
0 124 0 124
890MHz 915MHz 935MHz 960MHz
GSM uses paired radio channels
Transmission of user data from base station to the
mobile phone is called downlink (DL).
Transmission from mobile phone to base station is
called uplink (UL).

The area, where the wireless transmission between
mobile phone to the base station can take place, is
the base station supply area, called a Cell.
Mobile concepts
GSM
GSM comes in three flavors :
GSM-900, 1800 and 1900 MHz.
BSNL used 900 and 1800 MHz.
Voice is digitized using Full-Rate coding.
20 ms sample => 260 bits . 13 Kbps bitrate
Mobile Problems
Radio range, or coverage.
No. of channels, or voice circuits.
Full, seamless service coverage.
Huge number of subscribers.( Millions)
Voice
Channels
Or
control
channels
Lines to
BSC
MS
A Radio Cell
A base station (transmitter) having a number of
RF channels is called a cell.
Each cell covers a a limited number of mobile
subscribers within the cell boundaries.
(Coverage area).
Typical Cell Radius :
Approx = 30 Km (Start up), 1 KM (Mature).

Cellular Concept
Single cell system are quite limited. The more and more
distant the subscriber is from the base station, the lower the
quality of the radio link.
If the subscriber is leaving the cell, no communication is
possible any more. In order to over come this limitation,
cellular systems were introduced.
Mobile concepts
A cellular mobile system consists of several cells, which
can overlap so as to cover whole geographical area.

Mobile concepts
While moving if the subscriber is leaving a cell and enters
into a new cell, the system makes new radio resources
available in that cell, the call is handed over from one cell to
this one.
The process is known as handover. A hand over takes place
during a call i.e. when a mobile in active mode.
In the idle mode of mobile, the mobile is switched on,
but no resources are allocated to it to allow user data
transmission, and the mobile phone is still listening the
information, broadcast by the base station.
Why? Imagine, there is a mobile terminated call. The
mobile phone is then paged in the cell. This means the
phone receive information that there is a mobile terminated
call.
Mobile concepts
A cellular system may consists of hundreds of cell. If
the mobile network does not know, in which cell the
mobile phone is located, it must be paged in all of
them.
To reduce load on networks, paging is done in small
parts of mobile an operators network.
Mobile network operators group cells in
administrative units called location areas (LA).
A mobile phone is paged in only one direction area.
Mobile concepts
But How does the cellular system know, in which
location area the mobile phone is located?
In every cell, system information is continuously
transmitted. System information includes the location
area information.
In the idle mode, the mobile phone is listening to this
system information.
If the subscriber moves hereby from one cell to the
next cell, and the new cell belongs to the same location
area, the mobile stays idle.
Mobile concepts
If the new cell belongs to a new location area, then the
mobile phone has to become active. It starts a
communication with the network informing it about it
new location. This is stored in database with in the
mobile network, and if there is a mobile terminated
call, the network knows where to page the subscriber.

The process, where the mobile phones informs the
network about its new location is called Location
Update Procedure (LUP).
Mobile concepts
GSM SYSTEM
Frequency of Operation:
Up link : 890-915 MHz (MS- BTS)
Down link : 935-960 MHz (BTS- MS)
Access Method : FDMA & TDMA
Duplexing Method : FDD
RF CHL spacing : 200 KHz
Duplex Separation : 45 MHz
Modulation : GMSK
Coverage: 5 km to 35 km radius.
Voice coding : 6.5/13 Kbps RPE-LTP
Sharing
GSM uses TDMA and FDMA to let everybody talk.

FDMA: 25MHz freq. is divided into 124 carrier
frequencies. Each base station gets few of those.
TDMA: Each carrier frequency is divided into bursts
[0.577 ms]. 8 bursts are a frame.
GSM FDMA
(Frequency Division Multiple Access

25 MHz 25 MHz
Mobile to Base
0
1 2
890.2
890.4 890.6
(MHz)
Base to Mobile
0
1 2
935.2
935.4
935.6
200 kHz
45MHz
Channel layout and frequency bands of operation
890 935 960 915
200 kHz
GSM TDMA
(Time Division Multiple Access)
8
7
6
5
4
3
2
1
8
7
6
5
4
3
2
1
45 MHz
Frequency
F2
F1
(Cell transmit)
F2 F1
(Cell Rx)
Amplitude
Typical TDMA/ FDMA frame structure

FDMA/TDMA Scheme
BP1
BP2
BP3
BP4
BP5
BP6
BP7
BP8
BP1
BP2
TIME
890.
0
890.2
890.4
890.6
890.8
891.0
891.2
915.8
FREQ
MHz
BURST
F
R
A
M
E
Number of channels in GSM
Freq. Carrier: 200 kHz
TDMA: 8 time slots per freq carrier

No. of carriers = 25 MHz / 200 kHz = 125
Max no. of user channels = 125 * 8 = 1000

Considering guard bands = 124 * 8 = 992 channels
( Freq. Reuse.) Cluster of Cells
GSM Channels
The physical channel in GSM is the
timeslot.
The logical channel is the information that
goes through the physical channel.
Both user data and signaling are logical
channels.
User data is carried on the traffic channel
(TCH) , which is defined as 26 TDMA frames.
There are lots of control channels for
signaling, base station to mobile, mobile to
base station.
GSM Channels..
LOGICAL CHANNELS

USER INFORMATION( TRAFFIC)

SIGNALLING INFORMATION (CONTROL)
GSM RF Channels
OPERATIONAL CONCEPTS

Subscribers are not allocated dedicated channels.
TCH Allocated to users only when needed.
Hence IDLE MODE & DEDICATED MODE.
DEDICATED MODE :
When a full Bi directional P to P CHL has been
allocated during an established call.
IDLE MODE MODE :
When MS is powered on (active)without being in
dedicated mode.





Features of Mobile technologies
All mobile techniques incorporate some special features
to overcome the hazards created by mobile environment.
The following are a few to name:

Multiple Access Techniques
Duplexing Techniques
Cellular Principles.
Frequency Reuse
Coding.
Diversity techniques.
Adaptive equalization (Rake Receiver)
Coding
Different mobile communication systems use different bit rates for
voice encoding. The following table gives a glimpse.
S/N Technology Bit rate per
voice chl
Voice coding
technique
1 GSM 13Kbps RPE-LTP
2 CDMA IS95A 9.6Kbps/14.4
Kbps
QCELP/EV RC
3 Cor-DECT 32Kbps ADPCM
Rake Receiver
The rake receiver is multiple receivers in one. There is a rake
receiver at both the mobile and BTS.
62
GSM :Various subsystems
1. Network Subsystem : Manage the communication between
mobile users and other users.For this it has databases to store all
information about its subscribers and to manage their mobility.Its
components are HLR, VLR, AuC , EIR.

2. Radio Subsystem includes the equipments and functions
related to the management of the connections on the radio path.
Its components are MS, BTS and BSC.

3. Operations and Maintenance subsystem includes the
operation and maintenance of GSM equipment for the radio and
network interface.

GSM Network Architecture
Three broad parts
Mobile Station (MS): carried by the subscriber
Base Station Subsystem: connects MS & NSS
(control radio link with MS).
Network Subsystem: its main part is MSC.

Interfaces:
Um Interface : known as air interface or radio link.
Abis Interface: between BTS and BSC
A Interface: between BSC and MSC
Other E-1 interfaces namely B, C, D, E, F, G
64
GSM Network Structure
GSM Service Area
PLMN Service Area : Geographical area in which land
mobile service is provided by an Operator.
MSC Service Area
Location Area : To eliminate N/W wide paging broadcast
PLMN needs to know approx. position of MS active.
Cells : In order to support the terminal mobility the
geographic area which the mobile network covers is
subdivided into cells. Each cell is serviced by a fixed radio
transmitter\receiver known as a base station (BS) which
is commonly located in the centre or corner of a cell.
While often drawn as hexagonal in shape, real cells have
no defined shape.
65

GSM : PLMN Service Area
V

MSC
MSC
MSC
MSC
VLR
VLR
VLR
I II
IV
II
I
I
66


GSM : MSC Service Area
MSC
VLR
LA1
LA2
LA3
LA6
LA4
LA5
67



GSM : Cells
MSC
VLR
LA1
LA2
LA3
LA6
LA4
LA5
C1
C2 C3
C6
C5
C4
C=CELL
68
GSM : Relation between areas in GSM
Location Area
Cell
Area served by a BTS
Location Area
MSC Service Area
PLMN Service Area
GSM Service Area
70
GSM :Identification Numbers
IMEI
MSISDN
IMSI
TMEI
MSRN
LAI
LMSI

75
GSM : IMSI
International mobile subscribers
Identity
The IMSI is an unique identity which is used
internationally and used within the network to
identify the mobile subscribers.
The IMSI is stored on the subscriber identity
module (SIM), the HLR, VLR and AC
database.

GSM Architecture
GSM Network Architecture
GMSC
BTS
BTS
BSC
HLR
OMC
VLR
BSS
AUC
Other MSC
VLR
Other
Networks
(PSTN,PSPDN)
EIR
Other
MSC
MS
G
B
A C
F
E
Abis
D
Abis
Um
MS
MS
BTS
BTS
BTS
BSC
BSC
MSC
MSC
VLR
VLR
GMSC
HLR
PSTN
EIR
AuC
Um
Abis
Abis
A
A
OMC Server
Um
GSM Network Architecture
BTS Base Transceiver Station
BSC Base Station Controller
MSC Mobile Switching Center
VLR Visitor Location Register
HLR Home Location Register
BTS
BSC
MSC/VLR
HLR BSC
GMSC
CO
BSC
BSC
MSC/VLR
CO
PSTN
PLMN
CO
Tandem Tandem
SMS-SC
PSDN
GSM Architecture
How the GSM looks ?
HLR, VLR,
AC, EIR
MSC
PSTN
BS

MS
MS
BTS
BTS
BTS
BSC
BSC
MSC
MSC
VLR
VLR
GMSC
HLR
PSTN
EIR
AuC
Um
Abis
Abis
A
A
OMC Server
Um
GSM Network Structure
Mobile Station (MS)
Hand portable unit
Frequency and Time
Synchronization
Voice encoding and
transmission
Voice encryption/decryption
functions
Power measurements of
adjacent cells
Display of short messages
International Mobile
Equipment Identifier (IMEI)
Subscriber Identity Module (SIM)
Portable Smart Card with memory
Static Information
International Mobile Subscriber
Identity(IMSI) (MCC + MNC + MSIN)
Personal Identification Number (PIN)
Authentication Key (Ki)
Dynamic Information
Temporary Mobile Subscriber
Identity(TMSI)
Location Area Identity (LAI)
Phone memories, billing information
Ability to store Short Messages received
Base Transceiver Station (BTS)
Consists of one or more radio terminals for
transmission and reception
Each Radio terminal represents an RF
Channel
TRX and MS communicates over Um
interface
Received data transcoding
Voice encryption/decryption
Signal processing functions of the radio
interface
Uplink Radio channel power measurements
Base Station Controller (BSC)
External Interfaces
Abis interface towards the BTS
A interface towards the MSC
Monitors and controls several BTSs
Management of channels on the radio
interface
Alarm handling from the external
interfaces
Performs inter-cell handover
Switching from Abis link to the A link
Interface to OMC for BSS management
Gateway Mobile Services Switching
Centre (GMSC)
Interface of the cellular network to PSTN
Routes calls between PLMN and PSTN
Queries HLR when calls come from PSTN
to mobile user
Inter-BSC handover
Performs call switching
Paging
Billing
Home Location Register (HLR)
Stores user data of all Subscribers related to the
GMSC
International Mobile Subscriber
Identity(IMSI)
Users telephone number (MS ISDN)
Subscription information and services
VLR address
Reference to Authentication centre for key
(Ki)
Referred when call comes from public land
network
Visitor Location Register (VLR)
Identity of Mobile Subscriber
Copy of subscriber data from HLR
Generates and allocates a Temporary Mobile
Subscriber Identity(TMSI)
Location Area Code
Provides necessary data when mobile
originates call
Authentication Centre (AuC)
Stores Subscriber authentication data
called Ki
Generates security related parameters
to authorize a subscriber (SRES)
Generates unique data pattern called
Cipher key (Kc) for user data
encryption
GSM Architecture
Mobile phone is identified by SIM card.
Key feature of the GSM
Has the secret for authentication

BTS houses the radiotransceivers of the cell
and handles the radio-link protocols with the
mobile
BSC manages radio resources (channel
setup, handover) for one or more BTSs
GSM Architecture..
MSC Mobile Switching Center
The central component of the network
Like a telephony switch plus everything for a
mobile subscriber: registration,
authentication, handovers, call routing,
connection to fixed networks.
Each switch handles hundreds of cells
GSM Architecture..
HLR database of all users + current
location. One per network
VLR database of users + roamers in some
geographic area. Caches the HLR
EIR database of valid equipment
AuC Database of users secret keys
GSM Architecture..
Mobile Station (MS)
MS consists of following two components
1. Mobile Equipment (ME)
2. Mobile Subscriber Identity Module (SIM)
Removable plastic card
Stores Network Specific Data such as list of carrier
frequencies and current LAI.
Stores International Mobile Subscriber Identity (IMSI)
+ ISDN
Stores Personal Identification Number (PIN) &
Authentication Keys.
Also stores short messages, charging information,
telephone book etc.
Allows separation of user mobility from equipment mobility
87
GSM : SIM Card
Provides personal mobility rather than the terminal.
Contains all the network relevant subscriber information
(encoded form).For this SIM has ROM, RAM and EPROM.
Contains unique Subscribers id IMSI and ISDN.
Access to SIM is protected from unauthorized use by
codes/password(PIN and PUK codes).
Contains keys to activate the phone like Ki, Kc and
Algorithms A3,A5 and A8 ( for authenticating the SIM
when it attempts to access the number)
88
GSM : Mobile Station
The MS consists of the mobile equipment (terminal) and
a smart card called the subscriber identity module
(SIM).
Functions of MS :
Voice and data transmission.
Frequency and time synchronization.
Monitoring of power and signal quality of the
surrounding cells .
Provision of location updates even during inactive state
( using BCCH ).
Equalization of multi path distortions.


89
RADIO SUB SYSTEM (RSS)
RSS
n BTS
n BTS
BSC
BSC
BSC
MSC/VLR
91
Houses the radio transceivers and antennas that define a
cell and powered as per the cell size usually placed in the
center of a cell.
A BTS can have upto 16 transceivers depending on the
density of users in a cell.
Many BTSs in a large urban area. BTS mainly consists of
a set of transceivers (TRX). Can accommodate 1 to 7 TRX
per Sector.
11 power classes from .01 watts (Micro cell) to 320 watts
(Umbrella cell).
Base Transceiver Station (BTS)
Consists of high speed transmitter and receiver
Houses the radio transceivers of the cell and handles
the radio-link protocols with the M.S.
One per cell
Function of BTS :
Provides two channels : Signalling and Data Channel
Performs error protection coding for the radio channel
BTS
93
FUNCTION OF BTS..
Encodes, encrypts, multiplexes, modulates and feeds the
RF signals to the antenna.
( ie. functionality required to support traffic transmission
over the radio link e.g. channel coding, speech coding,
encryption, RF modulation)
Transcoding and rate adaption Functionality.
Time and frequency synchronization signals
transmission. Frequency hopping.
Random access detection.
Uplink radio channel measurements.
Base Station Controller (BSC)
Manages radio resources (channel setup, handover)
for one or more BTSs and controls multiple BTS
Functions of BSC.
Performs radio resource management
Assigns and releases frequencies and time slots for all
the MSs in its area
Reallocation of frequencies among cells
Hand over protocol is executed here
Time and frequency synchronization signals to BTSs.
Time Delay Measurement and notification of an MS to
BTS.
Power Management of BTS and MS.
95
FUNCTIONS OF BSC
Controls a group of BTS and offloads MSC by
controlling the communication between the BTSs & a
single MSC.
Radio resource management for one or more BTSs.
Primarily responsible for Inter-cell handover in same
BSS.
Handles such as : Channel setup, Freq.hopping/
Reallocation of frequencies.
Controls the Power levels of BTSs.
BSC performs call processing.
Data from OMC and can be down loaded to BSC.

Mobile Switching Center (MSC)
The central component of the network.
Switching node of a PLMN.
Like a telephony switch plus everything for a mobile
subscriber: registration, authentication, handovers, call
routing, connection to fixed networks.
Each switch handles dozens of cells.
Allocation of radio resource (RR) : Handover.
Mobility of subscribers: Location registration of subscriber.
There can be several MSCs in a PLMN.
97
MSC : Mobile Switching Centre
The central component or Heart of a mobile network
Basic switching of speech and data between :
Base Station Controllers.
Mobile Switching Centers.
GSM-networks.
Other external networks.
Three main jobs:
Connects calls from sender to receiver
Collects details of the calls made and received
Supervises operation of the rest of the n/w components
MSC takes into account the RR allocation in addition to
normal exchange functions

98
MSC Functions
MSC does gateway function while its customers
roams to other network by using HLR.
Paging, specifically call handling
Location updation.
Handover management.
Billing for all subscribers based in its area.
Reallocation of frequencies to BTSs in its area to meet
heavy demands.
99
MSC Functions
Echo canceller operation control.
Signaling interface to databases like HLR, VLR.
Gateway to SMS between SMS centers and
subscribers.
Handle interworking function while working as GMSC.
(provides connectivity to other N/Ws)
Gateway MSC (GMSC)
Connects mobile network to a fixed network
Entry point to a PLMN, usually one per PLMN
Request routing information from the HLR and routes
the connection to the local MSC
Home Location Register (HLR)
Central master database containing user data, permanent
and semi-permanent data of all subscribers assigned to the
HLR. It is a large database system which is connected to,
or integrated into, one or many MSC in the network
MSCs exchange information with HLR
Every subscriber on a GSM network will have a
permanent entry in one of the HLR on their home
network
Subscribers are nominally allocated to a particular
home HLR in a network
When MS registers with a new GMSC, the HLR sends
the user profile to the new MSC


102
The subscribers entry (identified by their IMSI) in their
home HLR contains important information such as
their current location in the GSM network and the
services which the subscriber can access Reference store
for subscribers parameters, numbers, authentication &
Encryption values.
Current subscriber status and associated VLR.
Both VLR and HLR can be implemented in the
same equipment in an MSC.
one PLMN may contain one or several HLR.(i.e. GSM
service provider can have several HLRs)
HLR...
103
HLR
Permanent data in HLR

Data stored is changed only by man-machine
IMSI, MS-ISDN number.
Category of MS ( whether pay phone or not )
Roaming restriction ( allowed or not ).
Supplementary services like call forwarding
104
HLR
Temporary data in HLR

The data changes from call to call & is dynamic
MSRN
RAND /SRES and Kc
VLR address , MSC address.
Messages waiting data used for SMS
107
VLR
Responsible for a group of location areas,
typically associated with an MSC

It controls those mobiles roaming in its area.
VLR reduces the number of queries to HLR
One VLR may be incharge of one or more LA.
VLR is updated by HLR on entry of MS its area.
VLR assigns TMSI which keeps on changing.
IMSI detach and attach operation
108

Data in VLR
IMSI & TMSI
MSISDN
MSRN.
Location Area
Supplementary service parameters
MS category
Authentication Key
Authentication Centre
Accessed by HLR to authenticate a user for
service .
In particular, it contains information, known as a key,
(for authentication and encryption) which is used to
authenticate the identity of a SIM when an attempt is
made by the SIM to access the network
The same information is also involved in the process
by which the digital radio transmissions to/from a
mobile can be encrypted .
110
AUC is a separate entity and physically included in
HLR.
Protect against intruders in air interface.
Authentication (Ki) and ciphering (Kc) key are
stored in this data base.
Keys change randomly with each call.
Keys are never transmitted to MS on air Only
calculated response are sent.
Authentication Centre ...
Security Parameters
Authentication
Authentication center provides
RAND to Mobile
AuC generates SRES using Ki
of subscriber and RAND
Mobile generates SRES using
Ki and RAND
Mobile transmits SRES to
BTS
BTS compares received SRES
with one generated by AuC
MS
Ki RAND
A3
SRES
RAND
SRES
SRES
Auth Result
AuC BTS MS
Ciphering
Data sent on air
interface ciphered for
security
A5 and A8 algorithms
used to cipher data
Ciphering Key is never
transmitted on air
MS
Ki RAND
A8
Kc
MS Network
Um interface
A5 A5
Kc
Kc
Data Data Ciphered
Data
Security Parameters
September 26, 2014 GSM : Communicate on Move ... 113
Equipment Identity Register (EIR)
EIR
MSC
The IMEI is an unique code allocated to each mobile equipment.
. It is checked in the EIR.
MSC asks mobile to send it IMEI & then checks it with
data available in EIR.
EIR has different classification for mobile handsets
like, White list, Grey list & Black list. According to category the
MS can make calls or can be stopped from making calls.
Equipment Identity Register (EIR)
The EIR is also involved in provide network
security. This is an Optional module.
It may also be used by a network to validate the
mobile equipment (IMEI) rather than the SIM
when it attempts to access the network.
The EIR is a database which contains a list of
stolen and\or terminals that have failed GSM type
approval tests.
Not widely used in many networks.
115
EIR
This data base stores IMEI for all registered mobile
equipments and is unique to every ME
Databases to track handsets using the IMEI..
Only one EIR per PLMN.
White list : IMEI, assigned to valid ME.
Black list : IMEI reported stolen
Gray list : IMEI having problems like faulty
software, wrong make of equipment etc.

September 26, 2014 GSM : Communicate on Move ... 116
Operation & Maintenance Centre (OMC)
OMC
All the n/w elements are connected to OMC.
OMC monitors health of all n/w elements &
carry out mnte. operations, if required.
OMC link to BTSs are via parent BSC.
OMC keeps records of all the faults occurred.
OMC can also do Traffic analysis.
OMC may prepares MIS Report for the n/w.
Configuration/supervision management.
Storage of system software and data.
Support GUI for operation and Maintenance.
118

O&M data function
Configuration management .
Fault report and alarm handling.
Performance supervision/management.
Storage of system software and data.
Support GUI for operation and Maintenance.

Functions of OMC
In Summary . AuC/EIR/OSS
AuC: Authentication Center
Accessed by HLR to authenticate a user for service
Contains authentication and encryption keys for
subscribers

EIR: Equipment Identity Register
allows stolen or fraudulent mobile stations to be identified

Operation Subsystem (OSS):
Operations and maintenance center (OMC), network
management center (NMC), and administration center (ADC)
work together to monitor, control, maintain, and manage the
network
September 26, 2014 GSM : Communicate on Move ... 120
VMSC & SMSC
MSC
SMSC
VMSC
Voice Mail Service Centre : To provide Voice Mail service.
It has database for all the VMS subscribers & also stores voice
messages for them.
Short Message Service Centre : To provide text message service.

121
GSM : Security Management
Four basic security services provided by GSM

Anonymity : TMSI Assignment
Authentication
Encryption:
PIN
Conclusion
Wireless means convenience.
However to achieve this certain measures are
taken to overcome the Security issues ,
bandwidth scarcity, population and multipath
problems etc.
GSM is a 2G-digital cellular technology.
Still not a single global standard.
MS to BS bearer rates are still very slow for
non-voice services.

Thank You
for
Your Time