• Tidak ada hasil yang ditemukan

GSM System Architecture

Dalam dokumen GSM, 3G-WCDMA, LTE and the Road to 5G (Halaman 81-91)

Global System Mobile, GSM, 2G

7.2 GSM System Architecture

7

60 Introduction to Mobile Network Engineering

MSC&VLR

PSTN, ISDN Data

BSC BS

BS

HLR

Data AUC & EIR

GMSC

MS CORE

RAN Mobile backhaul

Figure 7.1 GSM System architecture.

These respective three subsystems can also be called the Base-Station Subsystem (BSS), the Network Switching Subsystem (NSS) and the Operation Support Subsystem (OSS).

The abbreviations in Figure 7.1 are as follows:

MS – Mobile Station (mobile phone) HLR – Home Location Register BS – Base Station (site) VLR – Visited Location Register BSC – Base-Station Controller AuC – Authentication Centre MSC – Mobile Switching Centre EIR – Equipment Identity Register

GMSC – Gateway MSC PSTN – Public Switching Telephone Network User equipment (Mobile Station: MS) is normally a handheld terminal that commu- nicates over the air with a base station, called the Base Transceiver Station (BS) in GSM.

The BS transceiver is installed on some outdoor or indoor site together with additional site infrastructure that includes antennas, power supply and transmission equipment for connection to a Base-Station Controller (BSC).

• The logical object related to BS is a radio cell, which is a set control and traffic chan- nels. The cell or logical Base Station is defined by presence of Broadcast Control Channel (BCCH). A number of BSs are controlled by one BSC.

• The BSC manages radio resources on in base stations, it is responsible for RF channel allocation and takes part in call setup, manages handovers.

• The base stations and BSC are connected by fixed lines or point-to-point radio links, this part of system infrastructure is named Mobile Backhaul.

• The BSs, BSCs and mobile backhaul together form the radio access network, RAN.

The BS and BSC perform different tasks in support of communications over the air interface, the task distribution between nodes is given in Table 7.1

Table 7.1 Functionalities of the base station and controller.

Main Function BS BSC

Management of radio channels x

Mapping of upper layers to radio channels

x Channel coding and rate adaptation x

Authentication x

Encryption x x

Frequency hopping x

Uplink signal measurement x

Traffic measurement x

Paging x x

Handover management x

Location update x

The RAN is connected to the Core network, which is comprised of a Mobile Switching Centre (MSC), Home Location Register (HLR) and number of logical network nodes including Gateway MSC (GMSC), Equipment Identity Register (EIR), Authentication Centre (AuC). Additional network elements may include components of the Value Added Services (VAS) platform.

The MSC performs all of the switching functions including path search, data forward- ing and service feature processing. The main difference between an ISDN switch and the MSC is that the MSC also has to consider mobility of users. The MSC has to provide additional functions for location registration of users as well as manage the handover of a connection when a user moves from cell to cell. A cellular network may have sev- eral MSCs with each being responsible for some part of the network called the Location Area (LA).

Calls originating from or terminating in the fixed network are handled by a dedicated Gateway MSC (GMSC). The interworking of a cellular network and a fixed network (e.g.

PSTN, ISDN) is performed by the Interworking Function (IWF). It is needed to map the protocols of the cellular network onto those of the respective fixed network. Either GMSC or IWF can be implemented as a standalone node or as a SW functionality with some HW interfaces in the MSC.

The Home Location Register (HLR) and the Visited Location Register (VLR) store the current location of a mobile user. Normally, the VLR is a logical node implemented in MSC. HLR and VLR databases store the profiles of users, which are required for charging and billing and other administrative issues. The HLR database is a root database where the provisioning of new subscribers is made. Given the importance of HLR database for operator revenue it often has a redundant standby node, sometimes geographically distributed.

Two other databases perform security functions: the Authentication Centre (AuC) stores security-related data such as keys used for authentication and encryption; the Equipment Identity Register (EIR) registers equipment data.

62 Introduction to Mobile Network Engineering

Cell 1 ... Cell N Cell 1 ... ...

... ...

BSC #1

Cell N

BSC #M

Cell 1 Cell N

BSC #M + 1

MSC / LA #1 MSC / LA #2

GSM Network / PLMN

Figure 7.2 GSM system hierarchy.

The network management is centralized in Operation and Maintenance Centre (OMC). OMC functions include the administration of subscribers, terminals, charging data, network configuration, operation, performance monitoring and network maintenance.

Figure 7.2 summarizes the hierarchical relationship between the network components MSC, BSC and BS. Each MSC relates to a Location Area (LA), which comprises several BSCs and respective radio cells/base stations.

Each cell group is assigned to a BSC connected to via mobile backhaul. For each LA there exists at least one BSC, but cells of one BSC may belong to different LAs. The exact partitioning of the network area, with respect to LAs, BSCs and MSCs, is decided by the network operator. Each location area has a unique identifier (a Location Area Identity or LAI) that is broadcast regularly by the base station via a control channel. The mobile station monitors the broadcast and stores the current LAI. When the MS changes its location to another LA, the broadcasted LAI changes. The MS notices the change and requests a location update (in VLR/HLR) from the MSC.

The Public Land Mobile Networks (PLMN) run by different operators constitute islands in the Public Switched Telephone Network (PSTN). When the PSTN initiates a call to a mobile terminal belonging to a PLMN, the call request is fed to the interface between the PSTN and the PLMN. The interface consists of the operator’s Gateway Mobile Switching Centre (GMSC). Details of all the subscribers belonging to the PLMN are contained in the Home Location Register (HLR) database.

7.2.1 Location Area Identity (LAI)

Each LA of a cellular network has its own identifier. The LAI is also structured hierar- chically and internationally unique, with the LAI again consisting of an internationally standardized part and an operator-dependent part:

• CC, three digits;

• MNC, two digits;

• Location Area Code (LAC), a maximum of five digits or a maximum of 2×8 bits, coded in hexadecimal.

This LAI is broadcast regularly by the base station on the Broadcast Control Channel (BCCH). Thus, each cell is identified uniquely on the radio channel as belonging to an LA, and each MS can determine its current location through the LAI.

If the LAI that is ‘heard’ by the MS changes, the MS notices this LA change and requests an update to its location information in the VLR and HLR (location update).

The significance for GSM networks is that the MS itself rather than the network is responsible for monitoring the local conditions of signal reception, to select the base station that can be received best and to register with the VLR of the LA that the cur- rent base station belongs to. The LAI is requested from the VLR if the connection for an incoming call has been routed to the current MSC using the MSRN. The LAI deter- mines the precise location of the MS where the mobile can be subsequently paged. When the MS answers, the exact cell and therefore also the base station become known; this information can then be used to switch the call through.

7.2.2 The SIM Concept

GSM was the first mobile network technology that introduced a personal chip card, the Subscriber Identity Module (SIM). The SIM card turns a handset into a mobile station (MS) with a set of network services allowed for use by subscription. The SIM concept allows to distinguish between equipment mobility and subscriber mobility. In general, a subscriber can register to the locally available network with their SIM card using dif- ferent handsets. This enables international roaming independent of mobile equipment and network technology, provided that the air-interface standard in visited network is supported by mobile terminal.

In addition to subscriber-specific data like an optional Personal Identification Num- ber (PIN) and address book with names and telephone numbers, the SIM can also store network-specific data; for example, lists of carrier frequencies used by the network to broadcast system information periodically. The SIM also takes over security functions:

all of the cryptographic algorithms are realized on the SIM, which implements impor- tant functions for authentication and user data encryption based on the subscriber iden- tity and secret keys.

7.2.3 User Addressing in the GSM Network

All mobile users in the GSM network must be assigned a certain addresses or identities in order to identify, authenticate and localize them. The obvious address is a ‘real’

telephone number of the user provided with subscription. This number is called the Mobile Subscriber ISDN Number (MSISDN). In addition to the telephone number, several other identifiers have been defined; they are needed for management of user mobility and for addressing network elements. GSM distinguishes explicitly between a user and mobile equipment. The user identities are stored on the SIM; the equipment identities on the mobile equipment.

7.2.4 International Mobile Station Equipment Identity (IMEI)

The International Mobile Station Equipment Identity (IMEI) is a kind of serial number that uniquely identifies a mobile station, manufacturer and the date of manufacturing.

64 Introduction to Mobile Network Engineering

The IMEI is registered by the network operator, who stores it in the EIR. The IMEI can be used to identify stolen or non-functional equipment.

7.2.5 International Mobile Subscriber Identity (IMSI)

When registering for service with a mobile network operator, each subscriber receives a unique identifier, the International Mobile Subscriber Identity (IMSI). This IMSI is stored in the SIM. The IMSI uses a maximum of 15 decimal digits and consists of three parts:

1) Mobile Country Code (MCC): three digits, internationally standardized;

2) Mobile Network Code (MNC): two digits, for unique identification of mobile net- works within a country;

3) Mobile Subscriber Identification Number (MSIN): a maximum of 10 digits, identifi- cation number of the subscriber in their mobile home network.

A three-digit MCC has been assigned to each of the GSM countries and two-digit MNCs have been assigned within countries (e.g. 505 as the MCC for Australia and MNC 01, 02 and 03 for the networks of Telstra, Optus and Vodafone, respectively).

7.2.6 Different Roles of MSISDN and IMSI

The distinction between call number (MSISDN) and subscriber identity (IMSI) primar- ily serves to protect the confidentiality of the IMSI and subsequently the user. Opposite to the MSISDN, the IMSI is a private identifier. The association of IMSI and MSISDN is stored in the HLR; that is, in the internal database of the operator network.

The MSISDN composition follows the international ISDN numbering plan with the following structure:

• Country Code (CC), up to three digits;

• National Destination Code (NDC), typically two or three digits;

• Subscriber Number (SN), a maximum of 10 digits.

The CCs are internationally standardized, complying with the ITU-T recommenda- tion E.164.

There are country codes with one, two or three digits; for example, the country code for the USA is 1, for the UK 44 and for Australia 61. The national operator or regulatory administration assigns the NDC as well as the SN, which may have a variable length. The NDCs of the mobile networks in Australia have one digit (i.e. 4), while the SN has eight digits. The MSISDN is stored centrally in the HLR.

7.2.7 Mobile Station Routing Number

The Mobile Station Routing Number (MSRN) is a temporary location-dependent ISDN number. It is assigned by the locally responsible VLR to each MS in its area. Calls are routed to the MS by using the MSRN. On request, the MSRN is passed from the HLR to the GMSC.

The MSRN has the same structure as the MSISDN:

• CC of the visited network;

• NDC of the visited network;

• SN in the current mobile network.

The components CC and NDC are determined by the network visited and depend on the current location. The SN is assigned by the current VLR and is unique within the mobile network. An MSRN is assigned in such a way that the currently responsi- ble switching node MSC in the visited network can be determined from the subscriber number, which allows routing decisions to be made.

7.2.8 Calls to Mobile Terminals

The call follows the standard calling procedure on the PSTN (or ISDN) number just entering the MSISDN number of a B-party. By means of the country code and NDC, the fixed network (e.g. the PSTN or ISDN) establishes a connection with the operator’s gateway (GMSC). The GMSC invokes the HLR in order to get B-party location to route the call to correct MSC. The location of the mobile subscriber is known to HLR from latest location update or registration procedure performed by the MS (B-party). When a mobile subscriber registers in the network, it obtains the MSRN number that identifies a user in a specific location area of MSC/VLR. The MSRN number is then stored in the HLR against the user IMSI and MSISDN. When the MS moves to another LA, the MSRN number changes accordingly and the HLR is updated. In response to the GMSC request, the HLR provides a current MSRN number for the associated MSISDN and GMSC then routes the call correct MSC, see Figure 7.3.

The next step is that the MSC initiates paging to the MS within a known location area.

The immediate location of the MS is defined by a LAI. The LAI is retrieved from the VLR when incoming call is routed to the current MSC using the MSRN. The paging will use the TMSI (Temporary Mobile Subscriber Identity) number to identify the MS. In BSS, the call processing follows the procedure described in Section 7.9. The role of the TMSI is explained in Section 7.2.9.

BS MSC

BS

BSC

Data VLR

Terminal /SIM TMSI

IMSI IMSI G-MSC

Data HLR

PSTN PLMN

Mobile subscriber ISDN, i.e. normal telephone

number

MSISDN --> IMSI MSRN (b)

IMSI<- - -> MSRN MSRN (a)

(a) MSRN associated with IMSI and provided on MS registration in VLR

(b) MSRN retrived from HLR on association of MSISDN &

IMSI & MSRN and used for routing call to MSC.

Figure 7.3 Connection to the public telephone network.

66 Introduction to Mobile Network Engineering

The specific feature of GSM and next generation mobile networks is that the MS takes responsibility for selecting the best server (Base Station) by monitoring received signal quality and then registers with VLR/MSC of the Location Area that the selected BS belongs to.

7.2.9 Temporary Mobile Subscriber Identity (TMSI)

After subscriber registration in the network, the network starts to use a temporary identity, TMSI instead of an IMSI, for communication via the air interface. The TMSI is sent to the MS over the encrypted channel. The TMSI is assigned by the VLR and only has local significance in the Location Area handled by the VLR, the TMSI has not passed to the HLR. With a location update, the network provides a new TMSI after re-authentication of the mobile. All ongoing communication over the air interface is performed using the two-tuple (TMSI, LAI) instead of IMSI.

7.2.10 Security-Related Network Functions: Authentication and Encryption The GSM security is based on information stored in the SIM. The SIM contains a 128-bit permanent secret key (Ki) associated with the subscriber identity (IMSI). The GSM sub- scriber authentication is done by a cryptographic challenge-response protocol based on the permanent key (Ki). The challenge response and integrated key generation protocol A3 are both implemented. A smart card inside the SIM contains a key generation proto- col A3 processing the challenge response. In addition to the user’s SIM card, the secret permanent key Ki for each MS is stored in a second location, namely the Authentication Centre (AuC). Authentication procedure checks the access to the correct secret key Ki by the mobile user. During call setup, the AuC initiates an authentication request to the mobile by sending a random 128-bit string RAND to the terminal, see Figure 7.4. It also generates a signed response, SRES, using the A3 algorithm and Ki security key.

The MS responds by using RAND and Ki, computing with A3 and returning the 32-bit output SRES to the network. Authentication is successful when two SRES are identical.

After successful authentication, the network sends the TMSI to the MS in an authentica- tion response. In addition to RAND and SRES, the Authentication Centre also generates

A3 A3

Ki Ki

IMSI RAND

SRES

SRES =

MS AuC

Figure 7.4 Principle of subscriber authentication.

A8 A8

Ki RAND

IMSI

Kc Kc

Ki

Figure 7.5 Generation of the cipher key Kc.

a temporary session key Kc using algorithm A8 with the same input parameters, namely Ki and RAND; see Figure 7.5. The session key Kc is used for encryption of the air inter- face. It is important to note that neither the Base-Station Subsystem nor the MSC/VLR have access to secret key, Ki. The authentication triplet (RAND, SRES and Ki) is gen- erated by the AuC and is sent to the serving nodes MSC/VLR (or SGSN in the case of GPRS) from the Authentication Centre.

7.2.11 Call Security

Ciphering is one of the security procedures designed to protect the subscriber’s identity and data. It is an optional procedure in GSM. When the ciphering is active, all informa- tion exchanged between the mobile and the network on the dedicated radio channels is encrypted. A key previously set between the network and the mobile station (MS) is used to encipher and to decipher the encrypted information burst by burst. The A5 type encryption algorithm [1] applied to a GSM network is a 3GPP standardized ciphering method. It has several modifications, A5/1, A5/3 with an increased level of protection against eavesdropping. A5/3 ciphering is based on the Kazumi F8 algorithm [1] and used in both GSM and WCDMA.

Encryption is performed at the transmitting side after channel coding and interleav- ing and immediately preceding modulation. On the receiving side, decryption directly follows the demodulation of the data stream. The encryption of both signalling and user data is performed at the MS as well as at the base station (see Figure 7.6). This is a case of symmetric encryption; that is, ciphering and deciphering are performed with the same key Kc and the A5 algorithm.

Based on the secret key Ki stored in the network, the cipher key Kc for a con- nection or signalling transaction can be generated at both sides, and the BS and MS can decipher each other’s data. Signalling and user data are encrypted together (TCH/SACCH/FACCH); for dedicated signalling channels (SDCCH) the same method as for traffic channels is used.

This process is also called astream cipher; that is, ciphering uses a bit stream that is added bitwise to the data to be enciphered. Deciphering consists of performing an additional EXCLUSIVE OR operation of the enciphered data stream with the ciphering stream. The FN of the current TDMA frame within a hyperframe) is another input for

Dalam dokumen GSM, 3G-WCDMA, LTE and the Road to 5G (Halaman 81-91)
Unduh sekarang "GSM, 3G-WCDMA, LTE and..."

Garis besar

Dokumen terkait