GSM
1
WHAT IS GSM?






If you are in Europe, Asia or Japan and using a mobile phone
then most probably you must be using GSM technology in your
mobile phone.
GSM stands for Global System for Mobile Communication and is
an open, digital cellular technology used for transmitting mobile
voice and data services.
The GSM emerged from the idea of cell-based mobile radio
systems at Bell Laboratories in the early 1970s.
The GSM is the name of a standardization group established in
1982 to create a common European mobile telephone standard
The GSM standard is the most widely accepted standard and is
implemented globally.
The GSM is a circuit-switched system that divides each 200kHz
channel into eight 25kHz time-slots. GSM operates in the
900MHz and 1.8GHz bands in Europe and the 1.9GHz and
2
CONT…





The GSM is owning a market share of more than 70
percent of the world's digital cellular subscribers.
The GSM makes use of narrowband Time Division
Multiple Access (TDMA) technique for transmitting
signals.
The GSM was developed using digital technology. It has
an ability to carry 64 kbps to 120 Mbps of data rates.
Presently GSM support more than one billion mobile
subscribers in more than 210 countries throughout of
the world.
The GSM provides basic to advanced voice and data
services including Roaming service. Roaming is the
ability to use your GSM phone number in another GSM
network
3
WHY GSM?
The GSM study group aimed to provide the
followings through the GSM:
 Improved spectrum efficiency.
 International roaming.
 Low-cost mobile sets and base stations (BSs)
 High-quality speech
 Compatibility with Integrated Services Digital
Network (ISDN) and other telephone company
services.
 Support for new services

4
GSM BRIEF HISTORY:
1982CEPT establishes a GSM group in order to
develop the standards for a pan-European
cellular mobile system.
 2000General Packet Radio Service(GPRS)
came into existence.
 2001As of May 2001, over 550 million people
were subscribers to mobile
telecommunications

5
Architecture
of GSM
6
ADVERTISEMENTS
A GSM network consists of several functional
entities whose functions and interfaces are
defined. The GSM network can be divided
into following broad parts.
 The Mobile Station(MS)
 The Base Station Subsystem (BSS)
 The Network Switching Subsystem (NSS)
 The Operation Support Subsystem(OSS)

7
1) MOBILE STATION
The MS consists of the physical equipment,
such as the radio transceiver, display and
digital signal processors, and the SIM card. It
provides the air interface to the user in GSM
networks. As such, other services are also
provided, which include:
 Voice tele services
 Data bearer services
 The features' supplementary services

8
2)THE BASE STATION SUBSYSTEM
The BSS is composed of two parts:
1.The Base Transceiver Station (BTS)
2. The Base Station Controller(BSC)

9
THE BTS AND THE BSC COMMUNICATE ACROSS THE SPECIFIED
ABIS
INTERFACE,
ENABLING
OPERATIONS
BETWEEN
COMPONENTS THAT ARE MADE BY DIFFERENT SUPPLIERS. A
BSS MAY HAVE ONE OR MORE BASE STATIONS. THE BSS USES
THE ABIS INTERFACE BETWEEN THE BTS AND THE BSC. A
SEPARATE HIGH-SPEED LINE (T1 OR E1) IS THEN CONNECTED
FROM THE BSS TO THE MOBILE MSC.
10
A) THE BASE TRANSCEIVER STATION (BTS):
 The
BTS houses the radio transceivers
that define a cell and handles the radio
link protocols with the MS. In a large
urban area, a large number of BTSs may
be deployed.
11
1.ENCODING, ENCRYPTING, MULTIPLEXING, MODULATING, AND FEEDING THE
RF SIGNALS TO THE ANTENNA.
2.TRANSCODING AND RATE ADAPTATION
3.TIME AND FREQUENCY SYNCHRONIZING
4.VOICE THROUGH FULL- OR HALF-RATE SERVICES
5.DECODING, DECRYPTING, AND EQUALIZING RECEIVED SIGNALS
6.RANDOM ACCESS DETECTION
TIMING ADVANCES
UPLINK CHANNEL MEASUREMENTS
12
B)THE BASE STATION CONTROLLER (BSC):
 The
BSC manages the radio resources for
one or more BTSs. It handles radio
channel setup, frequency hopping, and
handovers. The BSC is the connection
between the mobile and the MSC. The
BSC also translates the 13 Kbps voice
channel used over the radio link to the
standard 64 Kbps channel used by the
Public Switched Telephone Network
(PSDN) or ISDN.
13
3) THE NETWORK SWITCHING SUBSYSTEM (NSS)
 The
Network switching system (NSS), the
main part of which is the Mobile Switching
Center (MSC), performs the switching of
calls between the mobile and other fixed
or mobile network users, as well as the
management of mobile services such as
authentication.
14
15
A)HOME LOCATION REGISTER (HLR)
 The
HLR is a database used for storage
and management of subscriptions. The
HLR is considered the most important
database, as it stores permanent data
about subscribers, including a subscriber's
service profile, location information, and
activity status. When an individual buys a
subscription in the form of SIM then all the
information about this subscription is
registered in the HLR of that operator
16
B)MOBILE SERVICES SWITCHING CENTER (MSC)

The central component of the Network
Subsystem is the MSC. The MSC performs the
switching of calls between the mobile and other
fixed or mobile network users, as well as the
management of mobile services such as such as
registration, authentication, location updating,
handovers, and call routing to a roaming
subscriber. It also performs such functions as toll
ticketing, network interfacing, common channel
signaling, and others. Every MSC is identified by
a unique ID
17
C)VISITOR LOCATION REGISTER (VLR)

The VLR is a database that contains temporary
information about subscribers that is needed by
the MSC in order to service visiting subscribers.
The VLR is always integrated with the MSC. When
a mobile station roams into a new MSC area, the
VLR connected to that MSC will request data
about the mobile station from the HLR. Later, if
the mobile station makes a call, the VLR will have
the information needed for call setup without
having to interrogate the HLR each time
18
D)AUTHENTICATION CENTER (AUC)

The Authentication Center is a protected
database that stores a copy of the secret key
stored in each subscriber's SIM card, which is
used for authentication and ciphering of the
radio channel. The AUC protects network
operators from different types of fraud found in
today's cellular world.
19
E)EQUIPMENT IDENTITY REGISTER (EIR)

The Equipment Identity Register (EIR) is a
database that contains a list of all valid mobile
equipment on the network, where its
International Mobile Equipment Identity (IMEI)
identifies each MS. An IMEI is marked as
invalid if it has been reported stolen or is not
type approved
20
4)THE OPERATION SUPPORT SUBSYSTEM(OSS)
The operations and maintenance center (OMC) is
connected to all equipment in the switching system
and to the BSC. The implementation of OMC is
called the operation and support system (OSS).
 Here are some of the OMC functions:
 Administration
and
commercial
operation
(subscription, end terminals, charging and
statistics).
 Security Management.
 Network configuration, Operation and Performance
Management.
 Maintenance Tasks.

21
22
FOLLOWING IS THE SIMPLE ARCHITECTURE
DIAGRAM OF GSM NETWORK
23
CONT..
 The operation and Maintenance functions
are based on the concepts of the
Telecommunication Management Network
(TMN) which is standardized in the ITU-T
series M.30.
Following is the figure which shows how
OMC system covers all the GSM elements.
24
GSM
25
COMPONANT
The added components of the GSM architecture
include the functions of the databases and
messaging systems:
 Home Location Register (HLR)
 Visitor Location Register (VLR)
 Equipment Identity Register (EIR)
 Authentication Center (AuC)
 SMS Serving Center (SMS SC)
 Gateway MSC (GMSC)
 Chargeback Center (CBC)
 Transcoder and Adaptation Unit (TRAU)

26
FOLLOWING IS THE DIAGRAM OF GSM
NETWROK ALONGWITH ADDED ELEMENTS
27
GSM NETWORK AREAS:
Cell: Cell is the basic service area: one BTS covers
one cell. Each cell is given a Cell Global Identity
(CGI), a number that uniquely identifies the cell.
 Location Area: A group of cells form a Location
Area. This is the area that is paged when a
subscriber gets an incoming call. Each Location
Area is assigned a Location Area Identity (LAI).
Each Location Area is served by one or more BSCs.
 MSC/VLR Service Area: The area covered by one
MSC is called the MSC/VLR service area.
 PLMN: The area covered by one network operator
is called PLMN. A PLMN can contain one or more
MSCs.

28
THE GSM SPECIFICATIONS

Modulation
Modulation is a form of change process where
we change the input information into a suitable
format for the transmission medium. We also
changed the information by demodulating the
signal at the receiving end.
 The GSM uses Gaussian Minimum Shift Keying
(GMSK) modulation method.

29
ACCESS METHODS:



Because radio spectrum is a limited resource shared by
all users, a method must be devised to divide up the
bandwidth among as many users as possible.
GSM chose a combination of TDMA/FDMA as its
method. The FDMA part involves the division by
frequency of the total 25 MHz bandwidth into 124
carrier frequencies of 200 kHz bandwidth.
One or more carrier frequencies are then assigned to
each BS. Each of these carrier frequencies is then
divided in time, using a TDMA scheme, into eight time
slots. One time slot is used for transmission by the
mobile and one for reception. They are separated in
time so that the mobile unit does not receive and
transmit at the same time.
30
TRANSMISSION RATE:
The total symbol rate for GSM at 1 bit per
symbol in GMSK produces 270.833 K
symbols/second. The gross transmission rate
of the time slot is 22.8 Kbps.
 GSM is a digital system with an over-the-air bit
rate of 270 kbps

31
FREQUENCY BAND:
 The
uplink frequency range specified for
GSM is 933 - 960 MHz (basic 900 MHz
band only). The downlink frequency
band 890 - 915 MHz (basic 900 MHz band
only).
32
CHANNEL SPACING:
 This
indicates separation between
adjacent carrier frequencies. In GSM, this
is 200 kHz.
33
SPEECH CODING:

GSM uses linear predictive coding (LPC). The
purpose of LPC is to reduce the bit rate. The
LPC provides parameters for a filter that mimics
the vocal tract. The signal passes through this
filter, leaving behind a residual signal. Speech
is encoded at 13 kbps.
34
DUPLEX DISTANCE:
 The
duplex distance is 80 MHz. Duplex
distance is the distance between the
uplink and downlink frequencies. A
channel has two frequencies, 80 MHz
apart.
35
GSM - ADDRESSES AND IDENTIFIERS

GSM distinguishes explicitly between user and
equipment and deals with them separately.
Besides phone numbers and subscriber and
equipment identifiers, several other identifiers
have been defined; they are needed for the
management of subscriber mobility and for
addressing of all the remaining network
elements. The most important addresses and
identifiers are presented in the following
36
(IMEI):







The international mobile station equipment identity (IMEI)
uniquely identifies a mobile station internationally. It is a kind of
serial number. The IMEI is allocated by the equipment
manufacturer and registered by the network operator and
registered by the network operator who stores it in the EIR. By
means of IMEI one recognizes obsolete, stolen or nonfunctional
equipment.
There are following parts of an IMEI:
Type Approval Code (TAC): 6 decimal places, centrally assigned.
Final Assembly Code (FAC): 6 decimal places, assigned by the
manufacturer.
Serial Number (SNR): 6 decimal places, assigned by the
manufacturer.
Spare (SP): 1 decimal place.
Thus, IMEI = TAC + FAC + SNR + SP. It uniquely characterizes a mobile station
and gives clues about the manufacturer and the date of manufacturing
37
INTERNATIONAL MOBILE SUBSCRIBER IDENTITY
( IMSI):





Each registered user is uniquely identified by its
international mobile subscriber identity (IMSI). It is
stored in the subscriber identity module (SIM) A mobile
station can only be operated if a SIM with a valid IMSI is
inserted into equipment with a valid IMEI.
There are following parts of an IMSI:
Mobile Country Code (MCC): 3 decimal places,
internationally standardized.
Mobile Network Code (MNC): 2 decimal places, for
unique identification of mobile network within the
country.
Mobile
Subscriber
Identification
Number
(MSIN): Maximum 10 decimal places, identification
number of the subscriber in the home mobile network
38
MOBILE SUBSCRIBER ISDN NUMBER ( MSISDN):
The real telephone number of a mobile station is
the mobile subscriber ISDN number (MSISDN). It is
assigned to the subscriber (his or her SIM,
respectively), such that a mobile station set can
have several MSISDNs depending on the SIM.
 The MSISDN categories follow the international
ISDN number plan and therefore have the
following structure.
 Country Code (CC) : Up to 3 decimal places.
 National Destination Code (NDC): Typically 2-3
decimal places.
 Subscriber Number (SN): Maximum 10 decimal
place

39
MOBILE STATION ROAMING NUMBER ( MSRN):
The Mobile Station Roaming Number ( MSRN) is a
temporary location dependent ISDN number. It is
assigned by the locally responsible VLR to each
mobile station in its area. Calls are also routed to
the MS by using the MSRN.
 The MSRN has same structure as the MSISDN.
 Country Code (CC) : of the visited network.
 National Destination Code (NDC): of the visited
network.
 Subscriber Number (SN): in the current mobile
network.

40
LOCATION AREA IDENTITY (LAI):
Each LA of an PLMN has its own identifier. The
Location Area Identifier (LAI) is also structured
hierarchically and internationally unique as
follows:
 Country Code (CC) : 3 decimal places.
 Mobile Network Code (MNC): 2 decimal places.
 Location Area Code (LAC): maximum 5 decimal
places or, maximum twice 8 bits coded in
hexadecimal

41
TEMPORARY MOBILE SUBSCRIBER IDENTITY
(TMSI):

The VLR, which is responsible for the current
location of a subscriber, can assign a temporary
mobile subscriber identity (TMSI) which has only
local significance in the area handled by the VLR.
It is stored on the network side only in the VLR and
is not passed to the HLR.

Together with the current location area, TMSI
allows a subscriber to be identified uniquely and it
can consist of upto 4x8 bits
42
LOCAL MOBILE SUBSCRIBER IDENTITY (LMSI):

The VLR can assign an additional searching key
to each mobile station within its area to
accelerate database access. This unique key is
called the Local Mobile Subscriber Identity
(LMSI). The LMSI is assigned when the mobile
station registers with the VLR and is also sent
to the HLR.

An LIMSI consists of four octets ( 4 x 8 bits).
43
GSM - OPERATIONS

The operation of the GSM system can be
understood by studying the sequence of events
that takes place when a call is initiated from
the Mobile Station.
44
CALL FROM MOBILE PHONE TO PSTN:








When a mobile subscriber makes a call to a PSTN telephone
subscriber, the following sequence of events takes place:
The MSC/VLR receives the message of a call request.
The MSC/VLR checks if the mobile station is authorized to access
the network. If so, the mobile station is activated. If the mobile
station is not authorized, service will be denied.
MSC/VLR analyzes the number and initiates a call setup with the
PSTN.
MSC/VLR asks the corresponding BSC to allocate a traffic channel (a
radio channel and a time slot).
The BSC allocates the traffic channel and passes the information to
the mobile station.
The called party answers the call and the conversation takes place.
The mobile station keeps on taking measurements of the radio
channels in the present cell and neighboring cells and passes the
information to the BSC. The BSC decides if handover is required, if
so, a new traffic channel is allocated to the mobile station and the
handover is performed. If handover is not required, the mobile
station continues to transmit in the same frequenc
45
CALL FROM PSTN TO MOBILE PHONE:








When a PSTN subscriber calls a mobile station, the
sequence of events is as follows:
The Gateway MSC receives the call and queries the HLR for
the information needed to route the call to the serving
MSC/VLR.
The GMSC routes the call to the MSC/VLR.
The MSC checks the VLR for the location area of the MS.
The MSC contacts the MS via the BSC through a broadcast
message, that is, through a paging request.
The MS responds to the page request.
The BSC allocates a traffic channel and sends a message to
the MS to tune to the channel. The MS generates a ringing
signal and, after the subscriber answers, the speech
connection is established.
Handover, if required, takes place, as discussed in the earlier
case.
46
GSM - USER SERVICES
Voice Calls:
 Videotext
 Short Text Messages
 Supplementary Services
 Call Waiting
 Call Hold
 Closed User Groups

47
CALL ROUTING IN GSM
48
CALL ROUTING
Call Originating from MS
 Call termination to MS

49
OUTGOING CALL
MS sends dialled number to BSS
2.
BSS sends dialled number to
MSC
3,4 MSC checks VLR if MS is allowed
the requested service. If so,MSC
asks BSS to allocate resources
for call.
5
MSC routes the call to GMSC
6
GMSC routes the call to local
exchange of called user
7, 8,
9,10 Answer back(ring back) tone
is routed from called user to MS
via GMSC,MSC,BSS
1.
50
INCOMING
CALL
1. Calling a GSM
subscribers
2. Forwarding call to
GSMC
3. Signal Setup to HLR
4. 5. Request MSRN from
VLR
6. Forward responsible
MSC to GMSC
7. Forward Call to current
MSC
8. 9. Get current status
of MS
10.11. Paging of MS
12.13. MS answers
14.15. Security checks
16.17. Set up connection
51
PLMN INTERFACE
(PRIVATE LAND MOBILE NETWORK)
52
53
NETWORK ASPECTS IN GSM
54
For roaming purpose a mobile need registration,
authentication, call routing and location update.
 The layer dependencies in GSM is structured into
three general layers :
 Layer 1 is physical layer
 Layer 2 is DLL used for interface, LAPD(link access
procedure-D) protocol is used.
 Layer 3 is used for signaling purpose, it includes
Radio resources Management : setup control,
maintenance
Mobility Management : registration procedures
Connection Management : includes services like
SMS

55
56
GSM FREQUENCY ALLOCATION
57
FREQUENCY RESOURCE
GSM900 :
up: 890~915MHz
down: 935~960MHz
duplex interval: 45MHz
bandwidth: 25MHz，
frequency interval: 200KHz
GSM1800 :
up: 1710-1785MHz
down: 1805-1880MHz
duplex interval: 95MHz，
working bandwidth: 75MHz，
frequency interval: 200KHz
EGSM900 :
up: 880~890MHz
down: 925~935MHz
duplex interval: 45MHz
bandwidth: 10MHz，
frequency interval: 200KHz
GSM1900MHz:
up:1850~1910MHz
down:1930~1990MHz
duplex interval: 80MHz，
working bandwidth: 60MHz，
frequency interval: 200KHz
58
Mobile to base : Ft(n)=890.2 + 0.2(n-1)MHz
 Base to mobile : Fr(n)=Fr(n) + 45 MHz
To share bandwidth for multiple users, GSM uses
a combination of Time Division Multiplexing
and Frequency Division Multiplexing encoding.
One or more carrier frequency is assigned to
each base station.
Each of these carrier frequencies divided in time
using TDMA scheme.

59
CARRIER FREQUENCIES AND TDMA FRAMES
60
A TCH (traffic channel) carry 26 multiple frames at one instance.
ORGANIZIATION OF BURSTS,TDMA FRAMES
SACCH-slow associated control channel
61
MOBILITY MANAGEMENT
Paging
 Location Update
 Handover
 Authentication & Security Issues during
Handover
 Roaming

62
PAGING
For a mobile terminated call the MS needs to
be traced, located and then the call connected.
 The MS is traced through the Paging process
within a location.
 Mobile call reception is the process of the GSM
system sending paging messages on a paging
control channel to alert mobile devices that
they are receiving a call. Mobile devices listen
for paging messages with their identification
code on a paging channel.

63
LOCATION UPDATE
64
As a MS moves around it is constantly
monitoring the signal strength of its current
BTS, as well as neighboring BTS's to determine
if the neighbors have a stronger signal.
 When the MS is in idle mode (not in a call), it
will determine for itself when to move from its
current BTS to a more attractive one.
 When the MS switches from a BTS in one VLR
to a BTS in a different VLR, it must do an
location update, so the network knows which
MSC/VLR the MS is currently using.

65
Numbering Arrangement
Temporarily Mobile Subscriber Identification Number
(TMSI)
To insure the IMSI security, the VLR will
assign an unique TMSI number for the
accessed subscriber. It is used locally
only and is a 4-byte TMSI number BCD
code.
66
HANDOVERS



Between 1 and 2 – Inter
BTS / Intra BSC
Between 1 and 3 –
Inter BSC/ Intra MSC
Between 1 and 4 –
Inter MSC
67
SECURITY IN GSM



On air interface, GSM uses encryption and TMSI
instead of IMSI.
SIM is provided 4-8 digit PIN to validate the ownership
of SIM
3 algorithms are specified :
- A3 algorithm for authentication
- A5 algorithm for encryption
- A8 algorithm for key generation
68
AUTHENTICATION CONCEPT
Random Number
Generator
Serving Network
Mobile Station
Random Number
Secret Data
Authentication
Algorithm
Authentication
Response
No
Authentication
Algorithm
Secret Data
Authentication
Response
=
Yes
Deny
Access
Grant
Access
69
AUTHENTICATION IN GSM (A3 ALGO.)
During the authentication process the MSC
challenges the MS with a random number (RAND).
 In SIM the RAND number is stored with a secret
key Ki.
 Both RAND & Ki are 128 bits long.
 Using A3 algorithm with RAND & Ki a 32 bit output
is generated by SIM called SRES(signature
response).
 Using same algorithm AuC also generates a SRES
as same as old one, to compare with SIM (SRES &
Ki).

70
AUTHENTICATION IN GSM (A3 ALGO.)
71
ALGORITHM FOR ENCRYPTION (A5
ALGO.)

Uses same cryptography methods as used in
Internet Network.
72
KEY GENERATION AND ENCRYPTION(A8)
73
CHARACTERISTICS OF GSM STANDARD









Fully digital system using 900,1800 MHz frequency band.
TDMA over radio carriers(200 KHz carrier spacing.
8 full rate or 16 half rate TDMA channels per carrier.
User/terminal authentication for fraud control.
Encryption of speech and data transmission over the radio
path.
Full international roaming capability.
Low speed data services (upto 9.6 Kb/s).
Compatibility with ISDN.
Support of Short Message Service (SMS).
74
ADVANTAGES OF GSM OVER ANALOG
SYSTEM






Capacity increases
Reduced RF transmission power and longer battery
life.
International roaming capability.
Better security against fraud (through terminal
validation and user authentication).
Encryption capability for information security and
privacy.
Compatibility with ISDN,leading to wider range of
services
75
GSM APPLICATIONS
Mobile telephony
 GSM-R
 Telemetry System
- Fleet management
- Automatic meter reading
- Toll Collection
- Remote control and fault reporting of DG sets
 Value Added Services

76
FUTURE OF GSM



2nd Generation
 GSM -9.6 Kbps (data rate)
2.5 Generation ( Future of GSM)
 HSCSD (High Speed ckt Switched data)
 Data rate : 76.8 Kbps (9.6 x 8 kbps)
 GPRS (General Packet Radio service)
 Data rate: 14.4 - 115.2 Kbps
 EDGE (Enhanced data rate for GSM Evolution)
 Data rate: 547.2 Kbps (max)
3 Generation
 WCDMA(Wide band CDMA)
 Data rate : 0.348 – 2.0 Mbps
77