CSE 4215/5431: Mobile Communications Winter 2011 Suprakash Datta

CSE 4215/5431: Mobile Communications Winter 2011 Suprakash Datta

CSE 4215/5431: Mobile Communications Winter 2011 Suprakash Datta [email protected] Office: CSEB 3043 Phone: 416-736-2100 ext 77875 Course page: http://www.cs.yorku.ca/course/4215 Some slides are adapted from the book website 02/07/20 CSE 4215, Winter 2011 1 Next GSM 02/07/20 CSE 4215, Winter 2011 2 How does it work? How can the system locate a user? Why dont all phones ring at the same time? What happens if two users talk simultaneously? Why dont I get the bill from my neighbor? Why can an Australian use her phone in Berlin? Why cant I simply overhear the neighbors communication? How secure is the mobile phone system? What are the key components of the mobile phone network? 02/07/20

CSE 4215, Winter 2011 3 GSM: Overview GSM formerly: Groupe Spciale Mobile (founded 1982) now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential services in three phases (1991, 1994, 1996) by the European telecommunication administrations (Germany: D1 and D2) seamless roaming within Europe possible Today many providers all over the world use GSM (219 countries in Asia, Africa, Europe, Australia, America) more than 4,2 billion subscribers in more than 700 networks more than 75% of all digital mobile phones use GSM over 29 billion SMS in Germany in 2008, (> 10% of the revenues for many operators) [be aware: these are only rough numbers] See e.g. www.gsmworld.com/newsroom/market-data/index.htm 02/07/20 CSE 4215, Winter 2011 4 Performance characteristics of GSM (wrt. analog sys.) Communication mobile, wireless communication; support for voice and data services Total mobility international access, chip-card enables use of access points of

different providers Worldwide connectivity one number, the network handles localization High capacity better frequency efficiency, smaller cells, more customers per cell High transmission quality high audio quality and reliability for wireless, uninterrupted phone calls at higher speeds (e.g., from cars, trains) Security functions access control, authentication via chip-card and PIN 02/07/20 CSE 4215, Winter 2011 5 Disadvantages of GSM There is no perfect system!! no end-to-end encryption of user data no full ISDN bandwidth of 64 kbit/s to the user, no transparent B-channel reduced concentration while driving electromagnetic radiation abuse of private data possible roaming profiles accessible high complexity of the system several incompatibilities within the GSM standards 02/07/20

CSE 4215, Winter 2011 6 Architecture of the GSM system GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard within each country components MS (mobile station) BS (base station) MSC (mobile services switching center) LR (location register) subsystems RSS (radio subsystem): covers all radio aspects NSS (network and switching subsystem): call forwarding, handover, switching OSS (operation subsystem): management of the network 02/07/20 CSE 4215, Winter 2011 7 Ingredients 1: Mobile Phones, PDAs... The visible but smallest part of the network! 02/07/20 CSE 4215, Winter 2011 8

Ingredients 2: Antennas Still visible cause many discussions 02/07/20 CSE 4215, Winter 2011 9 Ingredients 3: Infrastructure 1 Base Stations Cabling Microwave links 02/07/20 CSE 4215, Winter 2011 10 Ingredients 3: Infrastructure 2 Not ``visible, but comprise the major part of the network (also from an investment point of view) Management Data bases Switching units Monitoring 02/07/20 CSE 4215, Winter 2011 11 GSM: overview OMC, EIR,

AUC HLR NSS with OSS VLR MSC GMSC VLR fixed network MSC BSC BSC RSS 02/07/20 CSE 4215, Winter 2011 12 GSM: cellular network segmentation of the area into cells possible radio coverage of the cell cell idealized shape of the cell use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells handover of the connection to the neighbor cell

02/07/20 CSE 4215, Winter 2011 13 GSM frequency bands (examples) Type Channels Uplink [MHz] Downlink [MHz] GSM 850 128-251 824-849 869-894 GSM 900 0-124, 955-1023 876-915 921-960 classical extended 124 channels +49 channels 890-915 880-915 935-960 925-960

GSM 1800 512-885 1710-1785 1805-1880 GSM 1900 512-810 1850-1910 1930-1990 GSM-R 955-1024, 0-124 876-915 921-960 exclusive 69 channels 876-880 921-925 - Additionally: GSM 400 (also named GSM 450 or GSM 480 at 450-458/460-468 or 479-486/489-496 MHz) - Please note: frequency ranges may vary depending on the country! - Channels at the lower/upper edge of a frequency band are typically not used 02/07/20 CSE 4215, Winter 2011 14

GSM - TDMA/FDMA qu en c y 935-960 MHz 124 channels (200 kHz) downlink fre 890-915 MHz 124 channels (200 kHz) uplink higher GSM frame structures time GSM TDMA frame 1 2 3 4 5 6 7 8 4.615 ms GSM time-slot (normal burst) guard space

tail 3 bits 02/07/20 user data S Training S user data 57 bits 1 26 bits 1 57 bits CSE 4215, Winter 2011 guard tail space 3 546.5 s 577 s 15 GSM hierarchy of frames hyperframe 0 1 2 2045 2046 2047 3 h 28 min 53.76 s ... superframe

0 1 0 2 ... 1 48 ... 49 24 50 6.12 s 25 multiframe 0 1 ... 0 1 24 2 120 ms 25

... 48 49 50 235.4 ms frame 0 1 ... 6 7 4.615 ms slot 577 s burst 02/07/20 CSE 4215, Winter 2011 16 GSM protocol layers for signaling Um A Abis MS

BTS BSC MSC CM CM MM MM BSSAP RR BTSM RR BTSM LAPDm RR LAPDm LAPD LAPD radio radio PCM PCM 16/64 kbit/s 02/07/20

CSE 4215, Winter 2011 BSSAP SS7 SS7 PCM PCM 64 kbit/s / 2.048 Mbit/s 17 Mobile Terminated Call 1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN from calling VLR station 6: forward responsible MSC to GMSC 7: forward call to current MSC

8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection 02/07/20 HLR 4 5 3 6 1 PSTN CSE 4215, Winter 2011 2 GMSC 10 7 VLR 8 9 14 15 MSC 10 13 16 10 BSS BSS

BSS 11 11 11 11 12 17 MS 18 Mobile Originated Call 1, 2: connection request 3, 4: security check 5-8: check resources (free circuit) 9-10: set up call 02/07/20 VLR 3 4 PSTN CSE 4215, Winter 2011 6 5 GMSC 7 MSC

8 2 9 MS 1 10 BSS 19 MTC/MOC MS BTS MTC MS MOC BTS paging request 02/07/20 channel request channel request immediate assignment immediate assignment paging response service request authentication request

authentication request authentication response authentication response ciphering command ciphering command ciphering complete ciphering complete setup setup call confirmed call confirmed assignment command assignment command assignment complete assignment complete alerting alerting connect connect connect acknowledge connect acknowledge

data/speech exchange data/speech exchange CSE 4215, Winter 2011 20 4 types of handover 1 MS BTS 02/07/20 2 3 4 MS MS MS BTS BTS BTS BSC BSC BSC MSC

MSC CSE 4215, Winter 2011 21 Handover decision receive level BTSold receive level BTSnew HO_MARGIN MS MS BTSold 02/07/20 BTSnew CSE 4215, Winter 2011 22 Handover procedure MS BTSold BSCold measurement measurement report result MSC BSCnew BTSnew

HO decision HO required HO request resource allocation ch. activation HO command HO command HO command HO request ack ch. activation ack HO access Link establishment clear command clear command clear complete 02/07/20 HO complete HO complete clear complete CSE 4215, Winter 2011 23 Security in GSM Security services access control/authentication user SIM (Subscriber Identity Module): secret PIN (personal identification number) SIM network: challenge response method confidentiality voice and signaling encrypted on the wireless link (after successful authentication)

anonymity temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission 3 algorithms specified in GSM A3 for authentication (secret, open interface) A5 for encryption (standardized) A8 for key generation (secret, open interface) 02/07/20 CSE 4215, Winter 2011 secret: A3 and A8 available via the Internet network providers can use stronger mechanisms 24 GSM - authentication SIM mobile network Ki RAND 128 bit AC RAND 128 bit RAND

Ki 128 bit 128 bit A3 A3 SIM SRES* 32 bit MSC SRES* =? SRES SRES SRES 32 bit Ki: individual subscriber authentication key 02/07/20 32 bit SRES SRES: signed response CSE 4215, Winter 2011 25 GSM - key generation and encryption MS with SIM mobile network (BTS) Ki AC

RAND 128 bit RAND 128 bit RAND 128 bit A8 cipher key BSS 128 bit SIM A8 Kc 64 bit Kc 64 bit data encrypted data A5 02/07/20 Ki SRES data MS A5

CSE 4215, Winter 2011 26 Data services in GSM I Data transmission standardized with only 9.6 kbit/s advanced coding allows 14.4 kbit/s not enough for Internet and multimedia applications HSCSD (High-Speed Circuit Switched Data) mainly software update bundling of several time-slots to get higher AIUR (Air Interface User Rate, e.g., 57.6 kbit/s using 4 slots @ 14.4) advantage: ready to use, constant quality, simple disadvantage: channels blocked for voice transmission AIUR [kbit/s] 4.8 9.6 14.4 19.2 28.8 38.4 43.2 57.6 02/07/20 TCH/F4.8 1 2 3 4 TCH/F9.6 TCH/F14.4 1

1 2 3 4 2 3 4 CSE 4215, Winter 2011 27 Data services in GSM II GPRS (General Packet Radio Service) packet switching using free slots only if data packets ready to send (e.g., 50 kbit/s using 4 slots temporarily) standardization 1998, introduction 2001 advantage: one step towards UMTS, more flexible disadvantage: more investment needed (new hardware) GPRS network elements GSN (GPRS Support Nodes): GGSN and SGSN GGSN (Gateway GSN) interworking unit between GPRS and PDN (Packet Data Network) SGSN (Serving GSN) supports the MS (location, billing, security) GR (GPRS Register) user addresses 02/07/20 CSE 4215, Winter 2011 28 GPRS quality of service Reliability class

Lost SDU probability Duplicate SDU probability 1 2 3 10-9 10-4 10-2 10-9 10-5 10-5 Delay class 1 2 3 4 02/07/20 Out of sequence SDU probability 10-9 10-5 10-5 Corrupt SDU probability 10-9 10-6 10-2

SDU size 128 byte SDU size 1024 byte mean 95 percentile mean 95 percentile < 0.5 s < 1.5 s <2s <7s <5s < 25 s < 15 s < 75 s < 50 s < 250 s < 75 s < 375 s unspecified CSE 4215, Winter 2011 29 Examples for GPRS device classes Class Receiving slots Sending slots Maximum number of slots 1 1 1

2 2 2 1 3 3 2 2 3 5 2 2 4 8 4 1 5 10 4 2 5

12 4 4 5 02/07/20 CSE 4215, Winter 2011 30 GPRS user data rates in kbit/s 2 Coding 1 slot slots scheme 3 slots 4 slots 5 slots 6 slots 7 slots 8 slots CS-1 9.05

18.1 27.15 36.2 45.25 54.3 63.35 72.4 CS-2 13.4 26.8 40.2 53.6 67 80.4 93.8 107.2 CS-3 15.6 31.2 46.8 62.4

78 93.6 109.2 124.8 CS-4 21.4 42.8 64.2 85.6 107 128.4 149.8 171.2 02/07/20 CSE 4215, Winter 2011 31 GPRS protocol architecture MS BSS Um SGSN

Gb Gn GGSN Gi apps. IP/X.25 IP/X.25 SNDCP SNDCP LLC RLC 02/07/20 MAC RLC MAC radio radio BSSGP FR GTP GTP LLC UDP/TCP UDP/TCP

BSSGP IP IP FR L1/L2 L1/L2 CSE 4215, Winter 2011 32 Example 3G Networks: Japan FOMA (Freedom Of Mobile multimedia Access) in Japan 02/07/20 CSE 4215, Winter 2011 Examples for FOMA phones 33 Example 3G networks: Australia cdma2000 1xEV-DO in Melbourne/Australia Examples for 1xEV-DO devices 02/07/20 CSE 4215, Winter 2011 34 Some current enhancements GSM

EMS/MMS EMS: 760 characters possible by chaining SMS, animated icons, ring tones, was soon replaced by MMS (or simply skipped) MMS: transmission of images, video clips, audio see WAP 2.0 / chapter 10 EDGE (Enhanced Data Rates for Global [was: GSM] Evolution) 8-PSK instead of GMSK, up to 384 kbit/s new modulation and coding schemes for GPRS EGPRS MCS-1 to MCS-4 uses GMSK at rates 8.8/11.2/14.8/17.6 kbit/s MCS-5 to MCS-9 uses 8-PSK at rates 22.4/29.6/44.8/54.4/59.2 kbit/s 02/07/20 CSE 4215, Winter 2011 35

Recently Viewed Presentations

  • Teaching English - Narr

    Teaching English - Narr

    no linear story of progress in language teaching and learning. Pertinent topics. the principles of language acquisition and teaching a FL. the political decision whether to train practical language skills only or pursue further educational objectives. 1. Teaching English as...
  • Walking the tightrope : balancing copyright and open access

    Walking the tightrope : balancing copyright and open access

    The balancing act : balancing copyright and open access eIFL.net in co-operation with the Research Library Consortium Institutional repositories : a workshop
  • Welcome to the University of Cincinnatis Women in

    Welcome to the University of Cincinnatis Women in

    UC-COM Faculty Well-Being Advisory Group. Initial Goal: Advise the UC-COM Dean regarding best ways to measure/assess current burden of burnout and faculty well-being. Initial Deliverable: Create a central repository of ongoing burnout mitigation efforts across the UC-COM
  • The Interstellar Medium

    The Interstellar Medium

    Eq. of State for Expansion & analogy of baking bread Vacuum~air holes in bread Matter ~nuts in bread Photons ~words painted Verify expansion doesn't change Nhole, Nproton, Nphoton No Change with rest energy of a proton, changes energy of a...
  • Speaker: Aki Pakarinen 25.04.2006 Imperial College Active Flow

    Speaker: Aki Pakarinen 25.04.2006 Imperial College Active Flow

    The forcing was confined to the viscous sublayer. Flow Visualisation Plots of instantaneous streamwise velocity on both unactuated (top) and actuated (bottom) walls. Top plot shows characteristics 100 viscous unit spacing of low-speed/high-speed streak pairs.
  • The Baha&#x27;i Faith - University of Missouri-St. Louis

    The Baha'i Faith - University of Missouri-St. Louis

    The Baha'i Faith This youngest of the world's major religions teaches unity… of God of humanity of all religions A "universal" religion of 5 - 6 million followers in over 200 countries and principalities densest populations of Baha'is are found...
  • Senior Parent Information Session

    Senior Parent Information Session

    The minimum GPA required for a public NC college/university is a 2.5. After researching and visiting colleges, your child will hopefully have an idea of what colleges are realistic for them . It will be difficult for us to know...
  • Quine: On What There Is

    Quine: On What There Is

    Example: Physicalism or Phenomenalism. Here we have two competing conceptual schemes, a . phenomenalistic. one and a . physicalistic. one…Each has its advantages…the one is epistemologically, the other physically, fundamental.