gsm mobility management n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
GSM Mobility Management PowerPoint Presentation
Download Presentation
GSM Mobility Management

Loading in 2 Seconds...

play fullscreen
1 / 35

GSM Mobility Management - PowerPoint PPT Presentation


  • 1092 Views
  • Uploaded on

GSM Mobility Management. Originals by: Rashmi Nigalye, Mouloud Rahmani, Aruna Vegesana, Garima Mittal, Fall 2001 Prof. M. Veeraraghavan, Polytechnic University, New York. GSM architecture overview Network layout Protocols Addresses & identifiers Location management

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'GSM Mobility Management' - Samuel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
gsm mobility management
GSM Mobility Management

Originals by: Rashmi Nigalye, Mouloud Rahmani, Aruna Vegesana, Garima Mittal, Fall 2001

Prof. M. Veeraraghavan, Polytechnic University, New York

  • GSM architecture overview
    • Network layout
    • Protocols
    • Addresses & identifiers
  • Location management
    • Call delivery + location update
    • Security
  • Handover management
gsm network layout
GSM network layout

PLMN: Public Land Mobile Network

MSC: Mobile Switching Center

BTS: Base Transceiver Station

BSC: Base Station Controller

GSM Network (PLMN)

MSC region

MSC region

Location area

Location area

BSC

BSC

MSC region

BTS

BTS

gsm network layout1
GSM network layout

PSTN

ISDN

OMC

BSC

MSC

GMSC

E

Abis

BSC

A

B,C

BTS

HLR

EIR

BTS

VLR

AUC

Um

BTS

gsm map protocol
GSM MAP protocol
  • GSM MAP similar to IS41 MAP
  • MAP uses Transactions Capabilities Part (TCAP) of the SS7 stack
  • MAP functions:
    • Updating of location information in VLRs
    • Storing routing information in HLRs
    • Updating and supplementing user profiles in HLRs
    • Handoff of connections between MSCs
what is a location area la
What is a location area (LA)?
  • A powered-on mobile is informed of an incoming call by a paging message sent over the PAGCH channel of a cell
  • One extreme is to page every cell in the network for each call - a waste of radio bandwidth
  • Other extreme is to have a mobile send location updates at the cell level. Paging cut to 1 cell, but large number of location updating messages.
  • Hence, in GSM, cells are grouped into Location Areas – updates sent only when LA is changed; paging message sent to all cells in last known LA
addresses and identifiers

MCC MNC MSIN

MCC: Country Code

MNC: Mobile Network Code

MSIN: Mobile Subscriber Identification Number

Addresses and Identifiers
  • International Mobile Station Equipment Identity (IMEI)
    • It is similar to a serial number. It is allocated by equipment manufacturer, registered by network, and stored in EIR
  • International Mobile Subscriber Identity (IMSI)

When subscribing for service with a network, subscriber receives (IMSI)

and stores it in the SIM (Subscriber Identity Module) card.

The HLR can be identified by a VLR/MSC from the IMSI.

addresses and identifiers1

CC NDC SN

Addresses and Identifiers
  • Mobile Subscriber ISDN (MSISDN)
    • The “real telephone number”: assigned to the SIM
    • The SIM can have several MSISDN numbers for selection of different services like voice, data, fax

NDC: National Destination Code (NDC identifies operator); SN: Subscriber Number; CC: Country Code;

Digits following NDC identifies the HLR

addresses and identifiers2

CC NDC SN

Addresses and Identifiers
  • Mobile Station Roaming Number (MSRN)
    • It is temporary location dependent ISDN number
    • It is assigned by local VLR to each MS in its area.
addresses and identifiers3
Addresses and identifiers
  • Temporary Mobile Subscriber Identity (TMSI)
    • It is an alias of the IMSI and is used in its place for privacy.
    • It is used to avoid sending IMSI on the radio path.
    • It is an temporary identity that is allocated to an MS by the VLR at inter-VLR registration, and can be changed by the VLR
    • TMSI is stored in MS SIM card and in VLR.
tmsi imsi msrn and msisdn
TMSI, IMSI, MSRN and MSISDN
  • Unlike MSISDN, IMSI is not known to the GSM user. The CC of MSISDN translates to an MCC of IMSI as follows, e.g, Denmark CC: 45 MCC: 238
  • TMSI is used instead of IMSI during location update to protect privacy. As user moves, TMSI is used to send location update. Thus a third party snooping on the wireless link cannot track a user as he/she moves.
  • MSRN is the routing number that identifies the current location of the called MS.
    • MSRN is temporary network identity assigned to a mobile subscriber.
    • MSRN identifies the serving MSC/VLR.
    • MSRN is used for call delivery (calls incoming to an MS).
  • MSISDN is the dialed number to reach a GSM user
addresses and identifiers4

CC MNC LAC

Addresses and Identifiers
  • Location Area ID (LAI)
    • CC: Country Code, MNC:Mobile Network Code, LAC: Location Area Code
    • LAI is broadcast regularly by Base Station on BCCH
    • Each cell is identified uniquely as belonging to an LA by its LAI
location management
Location management
  • Set of procedures to:
    • track a mobile user
    • find the mobile user to deliver it calls
  • Current location of MS maintained by 2-level hierarchical strategy with HLRs and VLRs.
ways to obtain msrn
Ways to obtain MSRN
  • Obtaining at location update – MSRN for the MS is assigned at the time of each location update, and is stored in the HLR. This way the HLR is in a position to immediately supply the routing info (MSRN) needed to switch a call through to the local MSC.
  • Obtaining on a per call basis – This case requires that the HLR has at least an identification for the currently responsible VLR. When routing info is requested from the HLR, it first has to obtain the MSRN from the VLR. This MSRN is assigned on a per call basis, i.e. each call involves a new MSRN assignment
routing information case when msrn is selected per call by vlr msc

IMSI

MSISDN

MSRN

MSRN

MSISDN

MSRN

GMSC

Routing information: case when MSRN is selected per call by VLR/MSC
  • If MSRN is allocated to each subscriber visiting at an MSC, then the number of MSRNs required is large. If instead, an MSRN is allocated only when a call is to be established, then the number of MSRNs is roughly equal to number of circuits at MSC – a much smaller number – hence MSRNs typically allocated per call by VLR/MSC

MSISDNIMSI, VLR number

HLR

MSC/VLR

call routing to a mobile station case when hlr returns msrn
Call routing to a mobile station: case when HLR returns MSRN

1

MSISDN

GMSC

ISDN

LA 1

1

4

MSRN

2

MSISDN

3

MSRN

BSC

MSC

MSC

HLR

BTS

7

TMSI

5

MSRN

7

TMSI

LA 2

BSC

EIR

BTS

VLR

8

TMSI

7

TMSI

AUC

6

TMSI

BTS

MS

messages exchanged call delivery
Messages exchanged: call delivery

5

GMSC

1

4

PSTN

HLR

2

VLR

3

6

Target

MSC

Target MSC

VLR

HLR

GMSC

Originating Switch

1. ISUP IAM

2. MAP_SEND_ROUTING_INFO

3. MAP_PROVIDE_ROAMING_NUMBER

4. MAP_PROVIDE_ROAMING_NUMBER_ack

5. MAP_SEND_ROUTING_INFO_ack

6. ISUP IAM

find operation in gsm
Find operation in GSM
  • ISDN switch recognizes from the MSISDN that the call subscriber is a mobile subscriber. Therefore, forward the call to the GMSC of the home PLMN (Public Land Mobile Network)
  • GMSC requests the current routing address (MSRN) from the HLR using MAP
  • By way of MSRN the call is forwarded to the local MSC
  • Local MSC determines the TMSI of the MS (by querying VLR) and initiates the paging procedure in the relevant LA
  • After MS responds to the page the connection can be switched through.
gsm security

Ki

RAND

RAND (128bit)

Ki

A3 algorithm

A3 algorithm

network

MS

SRES

SRES

GSM security
  • Authentication
    • What signed response (SRES) are you able to derive from the input challenge RAND by applying the A3 algorithm with your personal key Ki (Ki is per subscriber)?

equal?

gsm security1

BTS

MS

frame number

Kc (64 bits)

frame number

(22 bits)

Kc

A5 algorithm

A5 algorithm

ciphering

S1(114)

S2(114)

S1

S2

deciphering

deciphering

ciphering

GSM security
  • Encryption
    • Digital technology – easy to encrypt voice data
    • A5 derives a ciphering sequence of 114 bits for each burst independently
    • XOR 114 bits of a radio burst with 114 bits of a ciphering sequence generated by A5
key management
Key management
  • Ciphering key Kc is generated using algorithm A8 in the same manner as SRES (from RAND and Ki)
  • Each time a mobile station is authenticated the MS and network compute the ciphering key Kc by running algorithm A8 with the same inputs RAND and Ki as for SRES
  • Ciphering with Kc applies only when the network knows the identity of the subscriber it is talking to.
    • Bootstrap period during which network does not know who the subscriber is
      • Up to and including the first message carrying the non-ambiguous subscriber identity is carried in the clear (unencrypted)
    • Protection: use TMSI instead of IMSI when possible – TMSI should be exchanged during protected signaling (ciphered) procedures
location registration
Location registration
  • MS has to register with the PLMN to get communication services
  • Registration is required for a change of PLMN
  • MS has to report to current PLMN with its IMSI and receive new TMSI by executing Location Registration process.
  • The TMSI is stored in SIM, so that even after power on or off, there is only normal Location Update.
  • If the MS recognizes by reading the LAI broadcast on BCCH that it is in new LA, it performs Location Update to update the HLR records.
  • Location update procedure could also be performed periodically, independent of the MS movement.
  • The difference in Location Registration and Location Update is that in location update the MS has already been assigned a TMSI.
location registration1

MS

BSS/MSC

VLR

HLR

AUC

Location registration

IMSI Ki

Loc.Upd.Req

Upd Loc.Area

Auth.Info.Req (IMSI)

Aut.Par.Req

(IMSI,LAI)

(IMSI,LAI)

(IMSI)

Aut. Info.

Authenticate

Auth.Info

(IMSI,Kc, RAND,SRES)

Authentic. Req

(IMSI,Kc, RAND,SRES)

(RAND)

(RAND)

Ki

RAND

SRES

A3 & A8

SRES

Kc

Auth.Resp.

Auth.Resp

=

(SRES)

(SRES)

Update Location

(IMSI,MSRN)

Generate

TMSI

Contd...

contd location registration

can be combined

(…contd) Location registration.

VLR

MS

BSS/MSC

HLR

AUC

Generate

TMSI

Start Ciph.

Ins.Subsc.Data

(Kc)

(IMSI)

Forw. New TMSI

Subs.Dat.Ins.Ack

(TMSI)

Ciph.Mod.Com.

Loc.Upd.Accept

Kc

Loc.Upd.Accept

Message M

(IMSI)

A5

Ciph.Mod.

Kc(M)

New TMSI is received by MS

(TMSI Reallocation) in ciphering mode.

Kc(M)

Kc(M)

Kc

A5

M

TMSI Realloc.Cmd.

Loc.Upd.Accept

TMSI Realloc.Ack

TMSI.Ack

location update

MS

BSS/MSC

VLR

HLR

AUC

Location update

IMSI, TMSI

Ki, Kc, LAI

Loc.Upd.Req

Update Loc.Area

(TMSI,LAI)

(TMSI,LAI)

Authentication

Update Location

(IMSI,MSRN)

Generate

TMSI

Start ciphering

Insert Subscriber. data

(Kc)

IMSI

Start ciphering.

Subs. Data Insert Ack

(contd..)

contd location update
(..contd) Location update.

VLR

MS

BSS/MSC

HLR

AUC

Start ciphering.

Forward new TMSI

(TMSI)

Loc. Upd. Acept

(IMSI)

Loc. Upd. Acept

TMSI Realloc. Cmd.

Auth. Para. Req

(IMSI)

Loc. Upd. Acept

Auth. Info.

Auth.Info.Req

(IMSI,Kc, RAND,SRES)

TMSI Reallocation

Complete

TMSI Ack

(IMSI)

Auth.Info

(IMSI,Kc, RAND,SRES)

types of handover same as handoff
Types of handover (same as “handoff”)
  • There are four different types of handover in the GSM system. Handover involves transferring a call between:
    • Channels (time slots) in the same cell
    • Cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC),
    • Cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC), and
    • Cells under the control of different MSCs.
attributes of radio link handover
Attributes of radio-link handover
  • Hard handover
  • MAHO
  • Backward
  • COS selection scheme: static
    • Cross-over switch: anchor switch
handover maho
Handover (MAHO)
  • Handovers are initiated by the BSS/MSC (as a means of traffic load balancing).
  • During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength.
  • This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.
handover procedures in gsm
Handover procedures in GSM

8

Connection route

9

MSC-A

MSC-B

MSC-C

1

6

8

BSC

4

3

BSC

BTS 1

BSC

BTS 2

2

BTS 3

BTS 3

5

7

inter msc basic handover
Inter MSC basic handover

VLR-B

MS/BSS 1

MSC-A

MSC-B

Handover required

Perform Handover

Allocate Handover number

Handover report

Radio chan. Ack

IAM

MS/BSS 2

ACM

HA Indication

HB Indication

HB Confirm

Send End Signal

ANS

End of Call

REL

RLC

End Signal

Handover report

subsequent handover from msc b to msc a
Subsequent handover from MSC-B to MSC-A

MS/BSS 1

MSC-A

MSC-B

MS/BSS 2

HA Required

Perform subsequent

Handover

Subseq. Handover

Acknowledge

HB Indication

HB Confirm

HA Indication

End Signal

VLR-B

Handover report

End of Call

REL

RLC

subsequent handover from msc b to msc c
Subsequent handover from MSC-B to MSC-C

MSC-A

MSC-B

MS

HA Request

Perform subsequent

Handover

MSC-C

VLR-C

Perform Handover

Allocate Handover

Number

Send Handover report

Radio chan. Ack.

IAM

ACM

HB Indication

(Contd…)

contd subsequent handover from msc b to msc c
(…contd) Subsequent handover from MSC-B to MSC-C

MSC-A

MSC-B

MS

Perform subsequent

Acknowledge

HA Indication

MSC-C

HB Confirm

Send End Signal

ANS

MSC-B

VLR-B

End Signal

Handoff Report

REL

RLC

abbreviations
Abbreviations
  • ISC: International switching center
  • OMC: Operations and maintenance center
  • GMSC: Gateway switching center
  • MSC: Mobile switching center
  • VLR: Visitor location register
  • HLR: Home Location register
  • EIR: Equipment Identification register
  • AUC: Authentication center
  • BSC: Base station controller
  • BTS: Base transceiver station
  • MS: Mobile subscriber
  • TMSI: Temporary Mobile Subscriber Identity
  • IMSI: International Mobile Subscriber Identity
references
References
  • The GSM Sytem for Mobile communications by Mouly & Pautet
  • Wireless and Mobile Network Architectures by Yi-Bing Lin & Imrich Chlamtac
  • Wireless Personal Communications Systems by Dr. Goodman
  • GSM Switching, Services and Protocols by Jorg Eberspacher and Hans-Jorg Vogel