SlideShare a Scribd company logo

Lecture 10_cellular.ppt

Download as PPT, PDF
M
MashrukhZayed

Cellular communication has evolved from early radio experiments to modern cellular networks that allow communication anywhere. Key developments include the invention of radio telegraphy in the late 19th century, the first commercial cellular network launching in 1979, and the introduction of digital cellular technologies and standards like GSM. Cellular networks operate by dividing coverage areas into cells served by base stations. Frequency reuse allows limited radio spectrum to be used efficiently across many cells. Cell phones connect to the network by registering with base stations and being assigned radio resources as needed to make and receive calls.

Engineering
1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Cellular Communication
Evolution to cellular networks – communication anytime, anywhere  radio communication was invented by Nokola Tesla and Guglielmo Marconi: in 1893, Nikola Tesla made the first public demonstration of wireless (radio) telegraphy; Guglielmo Marconi conducted long ditance (over see) telegraphy 1897  in 1940 the first walkie-talkie was used by the US military  in 1947, John Bardeen and Walter Brattain from AT&T’s Bell Labs invented the transistor (semiconductor device used to amplify and switch electronic signals)  in 1979 the first commercial cellular phone service was launched by the Nordic Mobile Telephone (in Finland, Sweden, Norway, Denmark).
Cellular systems generations  1G (first generation) – voice-oriented systems based on analog technology; ex.: Advanced Mobile Phone Systems (AMPS) and cordless systems  2G (second generation) - voice-oriented systems based on digital technology; more efficient and used less spectrum than 1G; ex.: Global System for Mobile (GSM) and US Time Division Multiple Access (US-TDMA)  3G (third generation) – high-speed voice-oriented systems integrated with data services; ex.: General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA)  4G (fourth generation) – still experimental, not deployed yet; based on Internet protocol networks and will provide voice, data and multimedia service to subscribers
Frequency reuse  is a method used by service providers to improve the efficiency of a cellular network and to serve millions of subscribers using a limited radio spectrum  is based on the fact that after a distance a radio wave gets attenuated and the signal falls bellow a point where it can no longer be used or cause any interference  a transmitter transmitting in a specific frequency range will have only a limited coverage area  beyond this coverage area, that frequency can be reused by another transmitter
Network Cells  the entire network coverage area is divided into cells based on the principle of frequency reuse  a cell = basic geographical unit of a cellular network; is the area around an antenna where a specific frequency range is used; is represented graphically as a hexagonal shape, but in reality it is irregular in shape  when a subscriber moves to another cell, the antenna of the new cell takes over the signal transmission  a cluster is a group of adiacent cells, usually 7 cells; no frequency reuse is done within a cluster  the frequency spectrum is divided into subbands and each subband is used within one cell of the cluster  in heavy traffic zones cells are smaller, while in isolated zones cells are larger
Network cells (2)
Types of cells  macrocell – their coverage is large (aprox. 6 miles in diameter); used in remote areas, high-power transmitters and receivers are used  microcell – their coverage is small (half a mile in diameter) and are used in urban zones; low-powered transmitters and receivers are used to avoid interference with cells in another clusters  picocell – covers areas such as building or a tunnel
Other cellular concepts  handover = moving a call from one zone (from the transmitter-receiver from one zone) to another zone due to subscriber’s mobility  roaming = allowing the subscriber to send/receive calls outside the service provider’s coverage area
Multiple access schemes Frequency Division Multiple Access - when the subscriber enters another cell a unique frequency is assigned to him; used in analog systems Time Division Multiple Access - each subscriber is assigned a time slot to send/receive a data burst; is used in digital systems Code Division Multiple Access - each subscriber is assigned a code which is used to multiply the signal sent or received by the subscriber
The control channel  this channel is used by a cellular phone to indicate its presence before a frequency/time slot/code is allocated to him
Cellular services  voice communication  Short Messaging Service (SMS)  Multimedia Messaging Service (MMS)  Global Positioning System (GPS)  Wireless Application Protocol (WAP) – to access the Internet
Cellular network components
Cellular network components (2)  BTS (Base Transceiver Station) – main component of a cell and it connects the subscribers to the cellular network; for transmission/reception of information it uses several antennas spread across the cell  BSC (Basic Station Controller) – it is an interface between BTSs and it is linked to BTSs by cable or microwave links; it routes calls between BTSs; it is also connected to the MSC  MSC (Mobile Switching Center) – the coordinator of a cellular network, it is connected to several BSCs, it routes calls between BSCs; links the cellular network with other networks like PSTN through fiber optics, microwave or copper cable
Components of a cellular phone (MSU – Mobile Subscriber Unit)  radio transceiver – low power radio transmitter and receiver  antenna, usually located inside the phone  control circuitry – formats the data sent to and from the BTS; controls signal transmission and reception  man-machine interface – consists from a keypad and a display; is managed by the control circuitry  Subscriber Identity Module (SIM) – integrated circuit card that stores the identity information of subscriber  battery, usually Li-ion, the power unit of the phone
Setting up a call process  when powered on, the phone does not have a frequency/ time slot/ode assigned to it yet; so it scans for the control channel of the BTS and picks the strongest signal  then it sends a message (including its identification number) to the BTS to indicate its presence  the BTS sends an acknowledgement message back to the cell phone  the phone then registers with the BTS and informs the BTS of its exact location  after the phone is registered to the BTS, the BTS assigns a channel to the phone and the phone is ready to receive or make calls
Making a call process  the subscriber dials the receiver’s number and sends it to the BTS  the BTS sends to its BSC the ID, location and number of the caller and also the number of the receiver  the BSC forwards this information to its MSC  the MSC routes the call to the receiver’s MSC which is then sent to the receiver’s BSC and then to its BTS  the communication with the receiver’s cell phone is established
Receiving a call process  when the receiver’ phone is in an idle state it listens for the control channel of its BTS  if there is an incoming call the BSC and BTS sends a message to the cells in the area where the receiver’s phone is located  the phone monitors its message and compares the number from the message with its own  if the numbers matches the cell phone sends an acknowledgement to the BTS  after authentication, the communication is established between the caller and the receiver
Global System for Mobile Communication (GSM)
GSM characteristics  previous standard in cellular communication were restrictive  GSM – global digital standard for cellular phones that offered roaming facility  first named Groupe Special Mobile and used in Europe; then usage extended to other continents  GSM operate in frequency bands: 900MHz, 1800 MHz, 1900 MHz  GSM provides voice and data services
Subscriber Identity Module (SIM) card  SIM – a memory card (integrated circuit) holding identity information, phone book etc.  GSM system support SIM cards  other systems, like CDMA do not support SIM cards, but have something similar called Re-Usable Identification Module (RUIM)
International Mobile Equipment Identity (IMEI) key  IMEI – a unique 15 digit number identifying each phone, is incorporated in the cellular phone by the manufacturer  IMEI ex.: 994456245689001  when a phone tries to access a network, the service provider verifies its IMEI with a database of stolen phone numbers; if it is found in the database, the service provider denies the connection  the IMEI is located on a white sticker/label under the battery, but it can also be displayed by typing *#06# on the phone
International Mobile Subscriber Identity (IMSI) key  IMSI – a 15-digit unique number provided by the service provider and incorporated in the SIM card which identifies the subscriber  IMSI enables a service provider to link a phone number with a subscriber  first 3 digits of the IMSI are the country code
Temporary Mobile Subscriber Identity (TMSI) key  TMSI – is a temporary number, shorter than the IMSI, assigned by the service provider to the phone on a temporary basis  TMSI key identifies the phone and its owner in the cell it is located; when the phone moves to a different cell it gets a new TMSI key  as TMSI keys are shorter than IMSI keys they are more efficient to send  TMSI key are used for securing GSM networks
GSM architecture
Base Station Subsystem (BSS)
HLR, VLR and EIR registers  Home Location Register (HLR) - is a database maintained by the service provider containing permanent data about each subscriber (i.e. location, activity status, account status, call forwarding preference, caller identification preference)  Visitor Location Register (VLR) – database that stores temporary data about a subscriber; it is kept in the MSC of the of the area the subscriber is located in; when the subscriber moves to a new area the new MSC requests this VLR from the HLR of the old MSC  Equipment Identity Register (EIR) – database located near the MSC and containing information identifying cell phones
Authentication Center (AuC)  1st level security mechanism for a GSM cellular network  is a database that stores the list of authorized subscribers of a GSM network  it is linked to the MSC and checks the identity of each user trying to connect  also provides encryption parameters to secure a call made in the network
GSM Mobile Switching Center (MSC)  is a switching center of the GSM network; coordinates BSCs linked to it
GSM Channels
GSM Access Scheme and Channel Structure  GSM uses FDMA and TDMA to transmit voice and data  the uplink channel between the cell phone and the BTS uses FDMA and a specific frequency band  the downlink channel between the BTS and the cell phone uses a different frequency band and the TDMA technique  there is sufficient frequency separation between the uplink freq. band and the downlink freq. band to avoid interference  each uplink and downlink frequency bands is further split up as Control Channel (used to set up and manage calls) and Traffic Channel (used to carry voice)
GSM uplink/downlink frequency bands used GSM Frequency band Uplink/BTS Transmit Downlink/BTS Receive 900 MHz 935-960 MHz 890-915 MHz 1800 MHz 1805-1880 MHz 1710-1785 MHz 1900 MHz 1930-1990 MHz 1850-1910 MHz
GSM uplink/downlink frequency bands  uplink and downlink take place in different time slots using TDMA  uplink and downlink channels have a bandwidth of 25 MHz  these channels are further split up in a 124 carrier frequencies (1 control channels and the rest as traffic channels); each carrier frequency is spaced 200 KHz apart to avoid interference  these carrier frequencies are further devided by time using TDMA and each time slot lasts for 0.577 ms.
GSM Control Channel  is used to communicate management data (setting up calls, location) between BTS and the cell phone within a GSM cell  only data is exchanged through the control channel (no voice)  a specific frequency from the frequency band allocated to a cell and a specific time slot are allocated for the control channel (beacon frequency); a single control channel for a cell  GSM control channels can have the following types:  broadcast channel  common control channel  dedicated control channel
Broadcast Channel  type of control channel used for the initial synchronization between the cell phone and the BTS  is composed from:  Frequency Correction Channel (FCCH) – is composed from a sequence of 148 zeros transmitted by the BTS  Synchronization Channel (SCH) – follows the FCCH and contains BTS identification and location information  Broadcast Control Channel (BCCH) – contains the frequency allocation information used by cell phones to adjust their frequency to that of the network; is continuously broadcasted by the BTS
Common Control Channels  type of control chan. used for call initiation  is composed of:  Paging Channel (PCH) – the BTS uses this channel to inform the cell phone about an incoming call; the cell phone periodically monitors this channel  Random Access Channel (RACH) – is an uplink channel used by the cell phone to initiate a call; the cell phone uses this channel only when required; if 2 phones try to access the RACH at the same time, they cause interference and will wait a random time before they try again; once a cell phone correctly accesses the RACH, BTS send an acknowledgement  Access Grant Channel (AGCH) – channel used to set up a call; once the cell phone has used PCH or RACH to receive or initiate a call, it uses AGCH to communicate to the BTS
Dedicated Control Channels  control channel sed to manage calls  is comprised from:  Standalone Dedicated Control Channel (SDCCH) – used along with SACCH to send and receive messages; relays signalling information  Slow Associated Control Channel (SACCH) – on the downlink BTS broadcasts messages of the beacon frequency of neighboring cells to the cell phones; on the uplink BTS receives acknowledgement messages from the cell phone  Fast Associated Control Channel (FACCH) – used to transmit unscheduled urgent messages; FACCH is faster than SACCH as it can carry 50 messages per second, while SACCH an caryy only 4.
Traffic Channel  is used to carry voice data  based on the TDMA the traffic (voice channel) is divided in 8 different time slots numbered from 0 to 7  the BTS sends signals to a particular cell phone in a specific time slot (from those 8 time slots) and the cell phone replies in a different time slot
GSM Call Processing
Initializing a call 1. when the cell phone is turned on it scans all the available frequencies for the control channel 2. all the BTS in the area transmit the FCCH, SCH and BCCH that contain the BTS identification and location 3. out of available frequencies from the neighboring BTSs, the cell phone chooses the strongest signal 4. based on the FCCH of the strongest signal, the cell phone tunes itself to the frequency of the network 5. the phone send a registration request to the BTS 6. the BTS sends this registration request to the MSC via the BSC 7. the MSC queries the AUC and EIR databases and based on the reply it authenticates the cell phone 8. the MSC also queries the HLR and VLR databases to check whether the cell is in its home area or outside 9. if the cell phone is in its home area the MSC gets all the necessary information from the HLR if it is not in its home area, the VLR gets the information from the corresponding HLR via MSCs 10. then the cell phone is ready to receive or make calls.
Initializing a call (2)
Making a call 1. when thee phone needs to make a call it sends an access request (containing phone identification, number) using RACH to the BTS; if another cell phone tries to send an access request at the same time the messages might get corrupted, in this case both cell phones wait a random time interval before trying to send again 2. then the BTS authenticates the cell phone and sends an acknowledgement to the cell phone 3. the BTS assigns a specific voice channel and time slot to the cell phone and transmits the cell phone request to the MSC via BSC 4. the MSC queries HLR and VLR and based on the information obtained it routes the call to the receiver’s BSC and BTS 5. the cell phone uses the voice channel and time slot assigned to it by the BTS to communicate with the receiver
Making a call (2)
Receiving a call 1. when a request to deliver a call is made in the network, the MSC or the receiver’s home area queries the HLR; if the cell phone is located in its home area the call is transferred to the receiver; if the cell phone is located outside its home area, the HLR maintains a record of the VLR attached to the cell phone 2. based on this record, the MSC notes the location of the VLR and indicated the corresponding BSC about the incoming call 3. the BSC routes the call to the particular BTS which uses the paging channel to alert the phone 4. the receiver cell phone monitors the paging channel periodically and once it receives the call alert from the BTS it responds to the BTS 5. the BTS communicates a channel and a time slot for the cell phone to communicate 6. now the call is established
Receiving a call (2)
GSM Security  Personal Identification Number (PIN)  User Authentication  TMSI-based Security
Personal Identification Number (PIN)  the PIN is stored on the SIM card of the cell phone  when the cell phone is turned on, the SIM checks the PIN; in case of 3 consecutive faulty PIN inputs a PUK (Personal Unblocking Key) is asked for  in case of 10 faulty PUK inputs, the SIM is locked and the subscriber must ask a new SIM  this security measure is within the cell phone and the service provider is not involved
User Authentication  a mechanism for encrypting messages in a GSM network  the network sends random data to the cell phone (RAND)  each cell phone is allocated a secret key (KI)  using RAND and KI and the A3 encryption algorithm the cell phone generates a signed result (SRES) which is then sent to the network  a similar process takes place in the network which generates a signed result specific to the cell phone  the network compares its SRES with the SRES generated by the phone and in case of a match the cell phone is connected to the network
TMSI-Key Based Security  is most used in a GSM cellular network  a TMSI key provides a temporary identification to a cell phone and is provided by the network upon authentication  a TMSI key keeps changing according to the location of the cell phone this way preventing unauthorized access to a channel and preventing intruder from tracing location  the mapping between IMSI and TMSI keys is handled by the VLR  ISMI are used only when the SIM is used for the first time

More Related Content

PPT
Cellular communication
Swapnil Patil
 
PPT
Cellular communication basics knowledge basec on analyses .ppt
lamialubna23
 
PPT
Cellular communication
Chyon Ju
 
PPT
Cellular Communication
vasanthimuniasamy
 
PPT
Cellular communication
yemarmar
 
PPT
Cellular communication
Prashant Gajendra
 
PDF
cellular communications .pdf
MadhuriDesai15
 
RTF
Cellular communication
giri reddy
 
Cellular communication
Swapnil Patil
 
Cellular communication basics knowledge basec on analyses .ppt
lamialubna23
 
Cellular communication
Chyon Ju
 
Cellular Communication
vasanthimuniasamy
 
Cellular communication
yemarmar
 
Cellular communication
Prashant Gajendra
 
cellular communications .pdf
MadhuriDesai15
 
Cellular communication
giri reddy
 

Similar to Lecture 10_cellular.ppt (20)

PPT
Cellular phone
Muhammad Azam
 
PPT
Telecommunication
Dhrubaji Mandal ♛
 
PPT
Wireless Communications Presentati.ppt
Ihtisham Saeed
 
PPTX
It2402 mobile communication unit3
RMK ENGINEERING COLLEGE, CHENNAI
 
PDF
Journey of Evolution of UMTS and CDMA
Naveen Jakhar, I.T.S
 
DOCX
Mobile communication - GSM/CDMA/WIMAX Technologies
Aman Abhishek
 
PPTX
Cellular communications
MuhammadAwais662
 
PPT
My Seminar
anoop_wi
 
DOC
Gsm fundamentals
Dawood Aqlan
 
PDF
Unit 1-Introduction to Mobile Computing
Swapnali Pawar
 
PPS
Ch5
Ronak Patel
 
PDF
Introduction to Cellular Network and its applications
mtwnc202302
 
ODP
Gsm overview11
Vishal Jagtap
 
PPTX
Unit 1
rajesh samata
 
PPT
Mobile Multi Media Applications
kkkseld
 
PDF
Digital cellular networks GSM
RAVIKIRAN ANANDE
 
PPT
GSM_SANAT_Ppt
Sanat Varasada
 
PPT
Gsm overview
sachi100
 
PPTX
MOBILE COMPUTING ppt2 covering Unit 1 and Unit concepts.pptx
Tejaswini79997
 
PPTX
Cellular Networks Presentation in distributed systems, Mobile Networks
Ahmad Yar
 
Cellular phone
Muhammad Azam
 
Telecommunication
Dhrubaji Mandal ♛
 
Wireless Communications Presentati.ppt
Ihtisham Saeed
 
It2402 mobile communication unit3
RMK ENGINEERING COLLEGE, CHENNAI
 
Journey of Evolution of UMTS and CDMA
Naveen Jakhar, I.T.S
 
Mobile communication - GSM/CDMA/WIMAX Technologies
Aman Abhishek
 
Cellular communications
MuhammadAwais662
 
My Seminar
anoop_wi
 
Gsm fundamentals
Dawood Aqlan
 
Unit 1-Introduction to Mobile Computing
Swapnali Pawar
 
Ch5
Ronak Patel
 
Introduction to Cellular Network and its applications
mtwnc202302
 
Gsm overview11
Vishal Jagtap
 
Unit 1
rajesh samata
 
Mobile Multi Media Applications
kkkseld
 
Digital cellular networks GSM
RAVIKIRAN ANANDE
 
GSM_SANAT_Ppt
Sanat Varasada
 
Gsm overview
sachi100
 
MOBILE COMPUTING ppt2 covering Unit 1 and Unit concepts.pptx
Tejaswini79997
 
Cellular Networks Presentation in distributed systems, Mobile Networks
Ahmad Yar
 
Ad

Recently uploaded (20)

PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
Welding lecture in detail for understanding
sahilpoonia10
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PDF
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPT
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Welding lecture in detail for understanding
sahilpoonia10
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
TFEC-4-2020-Design-Guide-for-Timber-Roof-Trusses.pdf
AinieButt1
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPT on Performance Review to get promotions
prashant593122
 
CRASH COURSE IN ALTERNATIVE PLUMBING CLASS
rene militante
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
composite construction of structures.pdf
AinieButt1
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
Ad

Lecture 10_cellular.ppt

  • 2. Evolution to cellular networks – communication anytime, anywhere  radio communication was invented by Nokola Tesla and Guglielmo Marconi: in 1893, Nikola Tesla made the first public demonstration of wireless (radio) telegraphy; Guglielmo Marconi conducted long ditance (over see) telegraphy 1897  in 1940 the first walkie-talkie was used by the US military  in 1947, John Bardeen and Walter Brattain from AT&T’s Bell Labs invented the transistor (semiconductor device used to amplify and switch electronic signals)  in 1979 the first commercial cellular phone service was launched by the Nordic Mobile Telephone (in Finland, Sweden, Norway, Denmark).
  • 3. Cellular systems generations  1G (first generation) – voice-oriented systems based on analog technology; ex.: Advanced Mobile Phone Systems (AMPS) and cordless systems  2G (second generation) - voice-oriented systems based on digital technology; more efficient and used less spectrum than 1G; ex.: Global System for Mobile (GSM) and US Time Division Multiple Access (US-TDMA)  3G (third generation) – high-speed voice-oriented systems integrated with data services; ex.: General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA)  4G (fourth generation) – still experimental, not deployed yet; based on Internet protocol networks and will provide voice, data and multimedia service to subscribers
  • 4. Frequency reuse  is a method used by service providers to improve the efficiency of a cellular network and to serve millions of subscribers using a limited radio spectrum  is based on the fact that after a distance a radio wave gets attenuated and the signal falls bellow a point where it can no longer be used or cause any interference  a transmitter transmitting in a specific frequency range will have only a limited coverage area  beyond this coverage area, that frequency can be reused by another transmitter
  • 5. Network Cells  the entire network coverage area is divided into cells based on the principle of frequency reuse  a cell = basic geographical unit of a cellular network; is the area around an antenna where a specific frequency range is used; is represented graphically as a hexagonal shape, but in reality it is irregular in shape  when a subscriber moves to another cell, the antenna of the new cell takes over the signal transmission  a cluster is a group of adiacent cells, usually 7 cells; no frequency reuse is done within a cluster  the frequency spectrum is divided into subbands and each subband is used within one cell of the cluster  in heavy traffic zones cells are smaller, while in isolated zones cells are larger
  • 7. Types of cells  macrocell – their coverage is large (aprox. 6 miles in diameter); used in remote areas, high-power transmitters and receivers are used  microcell – their coverage is small (half a mile in diameter) and are used in urban zones; low-powered transmitters and receivers are used to avoid interference with cells in another clusters  picocell – covers areas such as building or a tunnel
  • 8. Other cellular concepts  handover = moving a call from one zone (from the transmitter-receiver from one zone) to another zone due to subscriber’s mobility  roaming = allowing the subscriber to send/receive calls outside the service provider’s coverage area
  • 9. Multiple access schemes Frequency Division Multiple Access - when the subscriber enters another cell a unique frequency is assigned to him; used in analog systems Time Division Multiple Access - each subscriber is assigned a time slot to send/receive a data burst; is used in digital systems Code Division Multiple Access - each subscriber is assigned a code which is used to multiply the signal sent or received by the subscriber
  • 10. The control channel  this channel is used by a cellular phone to indicate its presence before a frequency/time slot/code is allocated to him
  • 11. Cellular services  voice communication  Short Messaging Service (SMS)  Multimedia Messaging Service (MMS)  Global Positioning System (GPS)  Wireless Application Protocol (WAP) – to access the Internet
  • 13. Cellular network components (2)  BTS (Base Transceiver Station) – main component of a cell and it connects the subscribers to the cellular network; for transmission/reception of information it uses several antennas spread across the cell  BSC (Basic Station Controller) – it is an interface between BTSs and it is linked to BTSs by cable or microwave links; it routes calls between BTSs; it is also connected to the MSC  MSC (Mobile Switching Center) – the coordinator of a cellular network, it is connected to several BSCs, it routes calls between BSCs; links the cellular network with other networks like PSTN through fiber optics, microwave or copper cable
  • 14. Components of a cellular phone (MSU – Mobile Subscriber Unit)  radio transceiver – low power radio transmitter and receiver  antenna, usually located inside the phone  control circuitry – formats the data sent to and from the BTS; controls signal transmission and reception  man-machine interface – consists from a keypad and a display; is managed by the control circuitry  Subscriber Identity Module (SIM) – integrated circuit card that stores the identity information of subscriber  battery, usually Li-ion, the power unit of the phone
  • 15. Setting up a call process  when powered on, the phone does not have a frequency/ time slot/ode assigned to it yet; so it scans for the control channel of the BTS and picks the strongest signal  then it sends a message (including its identification number) to the BTS to indicate its presence  the BTS sends an acknowledgement message back to the cell phone  the phone then registers with the BTS and informs the BTS of its exact location  after the phone is registered to the BTS, the BTS assigns a channel to the phone and the phone is ready to receive or make calls
  • 16. Making a call process  the subscriber dials the receiver’s number and sends it to the BTS  the BTS sends to its BSC the ID, location and number of the caller and also the number of the receiver  the BSC forwards this information to its MSC  the MSC routes the call to the receiver’s MSC which is then sent to the receiver’s BSC and then to its BTS  the communication with the receiver’s cell phone is established
  • 17. Receiving a call process  when the receiver’ phone is in an idle state it listens for the control channel of its BTS  if there is an incoming call the BSC and BTS sends a message to the cells in the area where the receiver’s phone is located  the phone monitors its message and compares the number from the message with its own  if the numbers matches the cell phone sends an acknowledgement to the BTS  after authentication, the communication is established between the caller and the receiver
  • 18. Global System for Mobile Communication (GSM)
  • 19. GSM characteristics  previous standard in cellular communication were restrictive  GSM – global digital standard for cellular phones that offered roaming facility  first named Groupe Special Mobile and used in Europe; then usage extended to other continents  GSM operate in frequency bands: 900MHz, 1800 MHz, 1900 MHz  GSM provides voice and data services
  • 20. Subscriber Identity Module (SIM) card  SIM – a memory card (integrated circuit) holding identity information, phone book etc.  GSM system support SIM cards  other systems, like CDMA do not support SIM cards, but have something similar called Re-Usable Identification Module (RUIM)
  • 21. International Mobile Equipment Identity (IMEI) key  IMEI – a unique 15 digit number identifying each phone, is incorporated in the cellular phone by the manufacturer  IMEI ex.: 994456245689001  when a phone tries to access a network, the service provider verifies its IMEI with a database of stolen phone numbers; if it is found in the database, the service provider denies the connection  the IMEI is located on a white sticker/label under the battery, but it can also be displayed by typing *#06# on the phone
  • 22. International Mobile Subscriber Identity (IMSI) key  IMSI – a 15-digit unique number provided by the service provider and incorporated in the SIM card which identifies the subscriber  IMSI enables a service provider to link a phone number with a subscriber  first 3 digits of the IMSI are the country code
  • 23. Temporary Mobile Subscriber Identity (TMSI) key  TMSI – is a temporary number, shorter than the IMSI, assigned by the service provider to the phone on a temporary basis  TMSI key identifies the phone and its owner in the cell it is located; when the phone moves to a different cell it gets a new TMSI key  as TMSI keys are shorter than IMSI keys they are more efficient to send  TMSI key are used for securing GSM networks
  • 26. HLR, VLR and EIR registers  Home Location Register (HLR) - is a database maintained by the service provider containing permanent data about each subscriber (i.e. location, activity status, account status, call forwarding preference, caller identification preference)  Visitor Location Register (VLR) – database that stores temporary data about a subscriber; it is kept in the MSC of the of the area the subscriber is located in; when the subscriber moves to a new area the new MSC requests this VLR from the HLR of the old MSC  Equipment Identity Register (EIR) – database located near the MSC and containing information identifying cell phones
  • 27. Authentication Center (AuC)  1st level security mechanism for a GSM cellular network  is a database that stores the list of authorized subscribers of a GSM network  it is linked to the MSC and checks the identity of each user trying to connect  also provides encryption parameters to secure a call made in the network
  • 28. GSM Mobile Switching Center (MSC)  is a switching center of the GSM network; coordinates BSCs linked to it
  • 30. GSM Access Scheme and Channel Structure  GSM uses FDMA and TDMA to transmit voice and data  the uplink channel between the cell phone and the BTS uses FDMA and a specific frequency band  the downlink channel between the BTS and the cell phone uses a different frequency band and the TDMA technique  there is sufficient frequency separation between the uplink freq. band and the downlink freq. band to avoid interference  each uplink and downlink frequency bands is further split up as Control Channel (used to set up and manage calls) and Traffic Channel (used to carry voice)
  • 31. GSM uplink/downlink frequency bands used GSM Frequency band Uplink/BTS Transmit Downlink/BTS Receive 900 MHz 935-960 MHz 890-915 MHz 1800 MHz 1805-1880 MHz 1710-1785 MHz 1900 MHz 1930-1990 MHz 1850-1910 MHz
  • 32. GSM uplink/downlink frequency bands  uplink and downlink take place in different time slots using TDMA  uplink and downlink channels have a bandwidth of 25 MHz  these channels are further split up in a 124 carrier frequencies (1 control channels and the rest as traffic channels); each carrier frequency is spaced 200 KHz apart to avoid interference  these carrier frequencies are further devided by time using TDMA and each time slot lasts for 0.577 ms.
  • 33. GSM Control Channel  is used to communicate management data (setting up calls, location) between BTS and the cell phone within a GSM cell  only data is exchanged through the control channel (no voice)  a specific frequency from the frequency band allocated to a cell and a specific time slot are allocated for the control channel (beacon frequency); a single control channel for a cell  GSM control channels can have the following types:  broadcast channel  common control channel  dedicated control channel
  • 34. Broadcast Channel  type of control channel used for the initial synchronization between the cell phone and the BTS  is composed from:  Frequency Correction Channel (FCCH) – is composed from a sequence of 148 zeros transmitted by the BTS  Synchronization Channel (SCH) – follows the FCCH and contains BTS identification and location information  Broadcast Control Channel (BCCH) – contains the frequency allocation information used by cell phones to adjust their frequency to that of the network; is continuously broadcasted by the BTS
  • 35. Common Control Channels  type of control chan. used for call initiation  is composed of:  Paging Channel (PCH) – the BTS uses this channel to inform the cell phone about an incoming call; the cell phone periodically monitors this channel  Random Access Channel (RACH) – is an uplink channel used by the cell phone to initiate a call; the cell phone uses this channel only when required; if 2 phones try to access the RACH at the same time, they cause interference and will wait a random time before they try again; once a cell phone correctly accesses the RACH, BTS send an acknowledgement  Access Grant Channel (AGCH) – channel used to set up a call; once the cell phone has used PCH or RACH to receive or initiate a call, it uses AGCH to communicate to the BTS
  • 36. Dedicated Control Channels  control channel sed to manage calls  is comprised from:  Standalone Dedicated Control Channel (SDCCH) – used along with SACCH to send and receive messages; relays signalling information  Slow Associated Control Channel (SACCH) – on the downlink BTS broadcasts messages of the beacon frequency of neighboring cells to the cell phones; on the uplink BTS receives acknowledgement messages from the cell phone  Fast Associated Control Channel (FACCH) – used to transmit unscheduled urgent messages; FACCH is faster than SACCH as it can carry 50 messages per second, while SACCH an caryy only 4.
  • 37. Traffic Channel  is used to carry voice data  based on the TDMA the traffic (voice channel) is divided in 8 different time slots numbered from 0 to 7  the BTS sends signals to a particular cell phone in a specific time slot (from those 8 time slots) and the cell phone replies in a different time slot
  • 39. Initializing a call 1. when the cell phone is turned on it scans all the available frequencies for the control channel 2. all the BTS in the area transmit the FCCH, SCH and BCCH that contain the BTS identification and location 3. out of available frequencies from the neighboring BTSs, the cell phone chooses the strongest signal 4. based on the FCCH of the strongest signal, the cell phone tunes itself to the frequency of the network 5. the phone send a registration request to the BTS 6. the BTS sends this registration request to the MSC via the BSC 7. the MSC queries the AUC and EIR databases and based on the reply it authenticates the cell phone 8. the MSC also queries the HLR and VLR databases to check whether the cell is in its home area or outside 9. if the cell phone is in its home area the MSC gets all the necessary information from the HLR if it is not in its home area, the VLR gets the information from the corresponding HLR via MSCs 10. then the cell phone is ready to receive or make calls.
  • 41. Making a call 1. when thee phone needs to make a call it sends an access request (containing phone identification, number) using RACH to the BTS; if another cell phone tries to send an access request at the same time the messages might get corrupted, in this case both cell phones wait a random time interval before trying to send again 2. then the BTS authenticates the cell phone and sends an acknowledgement to the cell phone 3. the BTS assigns a specific voice channel and time slot to the cell phone and transmits the cell phone request to the MSC via BSC 4. the MSC queries HLR and VLR and based on the information obtained it routes the call to the receiver’s BSC and BTS 5. the cell phone uses the voice channel and time slot assigned to it by the BTS to communicate with the receiver
  • 43. Receiving a call 1. when a request to deliver a call is made in the network, the MSC or the receiver’s home area queries the HLR; if the cell phone is located in its home area the call is transferred to the receiver; if the cell phone is located outside its home area, the HLR maintains a record of the VLR attached to the cell phone 2. based on this record, the MSC notes the location of the VLR and indicated the corresponding BSC about the incoming call 3. the BSC routes the call to the particular BTS which uses the paging channel to alert the phone 4. the receiver cell phone monitors the paging channel periodically and once it receives the call alert from the BTS it responds to the BTS 5. the BTS communicates a channel and a time slot for the cell phone to communicate 6. now the call is established
  • 45. GSM Security  Personal Identification Number (PIN)  User Authentication  TMSI-based Security
  • 46. Personal Identification Number (PIN)  the PIN is stored on the SIM card of the cell phone  when the cell phone is turned on, the SIM checks the PIN; in case of 3 consecutive faulty PIN inputs a PUK (Personal Unblocking Key) is asked for  in case of 10 faulty PUK inputs, the SIM is locked and the subscriber must ask a new SIM  this security measure is within the cell phone and the service provider is not involved
  • 47. User Authentication  a mechanism for encrypting messages in a GSM network  the network sends random data to the cell phone (RAND)  each cell phone is allocated a secret key (KI)  using RAND and KI and the A3 encryption algorithm the cell phone generates a signed result (SRES) which is then sent to the network  a similar process takes place in the network which generates a signed result specific to the cell phone  the network compares its SRES with the SRES generated by the phone and in case of a match the cell phone is connected to the network
  • 48. TMSI-Key Based Security  is most used in a GSM cellular network  a TMSI key provides a temporary identification to a cell phone and is provided by the network upon authentication  a TMSI key keeps changing according to the location of the cell phone this way preventing unauthorized access to a channel and preventing intruder from tracing location  the mapping between IMSI and TMSI keys is handled by the VLR  ISMI are used only when the SIM is used for the first time