موبایل - gsm


سامانهٔ جهانی ارتباطات همراهgsm

History of GSM
During the early 1980s, analog cellular telephone systems were experiencing rapid growth in Europe, particularly in Scandinavia and the United Kingdom, but also in France and Germany. Each country developed its own system, which was incompatible with everyone else's in equipment and operation. This was an undesirable situation, because not only was the mobile equipment limited to operation within national boundaries, which in a unified Europe were increasingly unimportant, but there was also a very limited market for each type of equipment, so economies of scale and the subsequent savings could not be realized.

The Europeans realized this early on, and in 1982 the Conference of European Posts and Telegraphs (CEPT) formed a study group called the Groupe Spécial Mobile (GSM) to study and develop a pan-European public land mobile system. The proposed system had to meet certain criteria:

    Good subjective speech quality
    Low terminal and service cost
    Support for international roaming
    Ability to support handheld terminals
    Support for range of new services and facilities
    Spectral efficiency
    ISDN compatibility

In 1989, GSM responsibility was transferred to the European Telecommunication Standards Institute (ETSI), and phase I of the GSM specifications were published in 1990. Commercial service was started in mid-1991, and by 1993 there were 36 GSM networks in 22 countries [6]. Although standardized in Europe, GSM is not only a European standard. Over 200 GSM networks (including DCS1800 and PCS1900) are operational in 110 countries around the world. In the beginning of 1994, there were 1.3 million subscribers worldwide [18], which had grown to more than 55 million by October 1997. With North America making a delayed entry into the GSM field with a derivative of GSM called PCS1900, GSM systems exist on every continent, and the acronym GSM now aptly stands for Global System for Mobile communications.

The developers of GSM chose an unproven (at the time) digital system, as opposed to the then-standard analog cellular systems like AMPS in the United States and TACS in the United Kingdom. They had faith that advancements in compression algorithms and digital signal processors would allow the fulfillment of the original criteria and the continual improvement of the system in terms of quality and cost. The over 8000 pages of GSM recommendations try to allow flexibility and competitive innovation among suppliers, but provide enough standardization to guarantee proper interworking between the components of the system. This is done by providing functional and interface descriptions for each of the functional entities defined in the system.
Services provided by GSM
From the beginning, the planners of GSM wanted ISDN compatibility in terms of the services offered and the control signalling used. However, radio transmission limitations, in terms of bandwidth and cost, do not allow the standard ISDN B-channel bit rate of 64 kbps to be practically achieved.

Using the ITU-T definitions, telecommunication services can be divided into bearer services, teleservices, and supplementary services. The most basic teleservice supported by GSM is telephony. As with all other communications, speech is digitally encoded and transmitted through the GSM network as a digital stream. There is also an emergency service, where the nearest emergency-service provider is notified by dialing three digits (similar to 911).

A variety of data services is offered. GSM users can send and receive data, at rates up to 9600 bps, to users on POTS (Plain Old Telephone Service), ISDN, Packet Switched Public Data Networks, and Circuit Switched Public Data Networks using a variety of access methods and protocols, such as X.25 or X.32. Since GSM is a digital network, a modem is not required between the user and GSM network, although an audio modem is required inside the GSM network to interwork with POTS.

Other data services include Group 3 facsimile, as described in ITU-T recommendation T.30, which is supported by use of an appropriate fax adaptor. A unique feature of GSM, not found in older analog systems, is the Short Message Service (SMS). SMS is a bidirectional service for short alphanumeric (up to 160 bytes) messages. Messages are transported in a store-and-forward fashion. For point-to-point SMS, a message can be sent to another subscriber to the service, and an acknowledgement of receipt is provided to the sender. SMS can also be used in a cell-broadcast mode, for sending messages such as traffic updates or news updates. Messages can also be stored in the SIM card for later retrieval [2].

Supplementary services are provided on top of teleservices or bearer services. In the current (Phase I) specifications, they include several forms of call forward (such as call forwarding when the mobile subscriber is unreachable by the network), and call barring of outgoing or incoming calls, for example when roaming in another country. Many additional supplementary services will be provided in the Phase 2 specifications, such as caller identification, call waiting, multi-party conversations.
Architecture of the GSM network
A GSM network is composed of several functional entities, whose functions and interfaces are specified. Figure 1 shows the layout of a generic GSM network. The GSM network can be divided into three broad parts. The Mobile Station is carried by the subscriber. The Base Station Subsystem controls the radio link with the Mobile Station. The Network Subsystem, the main part of which is the Mobile services Switching Center (MSC), performs the switching of calls between the mobile users, and between mobile and fixed network users. The MSC also handles the mobility management operations. Not shown is the Operations and Maintenance Center, which oversees the proper operation and setup of the network. The Mobile Station and the Base Station Subsystem communicate across the Um interface, also known as the air interface or radio link. The Base Station Subsystem communicates with the Mobile services Switching Center across the A interface.

Figure 1. General architecture of a GSM network

Mobile Station
The mobile station (MS) consists of the mobile equipment (the terminal) and a smart card called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the user can have access to subscribed services irrespective of a specific terminal. By inserting the SIM card into another GSM terminal, the user is able to receive calls at that terminal, make calls from that terminal, and receive other subscribed services.

The mobile equipment is uniquely identified by the International Mobile Equipment Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI) used to identify the subscriber to the system, a secret key for authentication, and other information. The IMEI and the IMSI are independent, thereby allowing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number.
Base Station Subsystem
The Base Station Subsystem is composed of two parts, the Base Transceiver Station (BTS) and the Base Station Controller (BSC). These communicate across the standardized Abis interface, allowing (as in the rest of the system) operation between components made by different suppliers.

The Base Transceiver Station houses the radio tranceivers that define a cell and handles the radio-link protocols with the Mobile Station. In a large urban area, there will potentially be a large number of BTSs deployed, thus the requirements for a BTS are ruggedness, reliability, portability, and minimum cost.

The Base Station Controller manages the radio resources for one or more BTSs. It handles radio-channel setup, frequency hopping, and handovers, as described below. The BSC is the connection between the mobile station and the Mobile service Switching Center (MSC).
Network Subsystem
The central component of the Network Subsystem is the Mobile services Switching Center (MSC). It acts like a normal switching node of the PSTN or ISDN, and additionally provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handovers, and call routing to a roaming subscriber. These services are provided in conjuction with several functional entities, which together form the Network Subsystem. The MSC provides the connection to the fixed networks (such as the PSTN or ISDN). Signalling between functional entities in the Network Subsystem uses Signalling System Number 7 (SS7), used for trunk signalling in ISDN and widely used in current public networks.

The Home Location Register (HLR) and Visitor Location Register (VLR), together with the MSC, provide the call-routing and roaming capabilities of GSM. The HLR contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile. The location of the mobile is typically in the form of the signalling address of the VLR associated with the mobile station. The actual routing procedure will be described later. There is logically one HLR per GSM network, although it may be implemented as a distributed database.

The Visitor Location Register (VLR) contains selected administrative information from the HLR, necessary for call control and provision of the subscribed services, for each mobile currently located in the geographical area controlled by the VLR. Although each functional entity can be implemented as an independent unit, all manufacturers of switching equipment to date implement the VLR together with the MSC, so that the geographical area controlled by the MSC corresponds to that controlled by the VLR, thus simplifying the signalling required. Note that the MSC contains no information about particular mobile stations --- this information is stored in the location registers.

The other two registers are used for authentication and security purposes. The Equipment Identity Register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its International Mobile Equipment Identity (IMEI). An IMEI is marked as invalid if it has been reported stolen or is not type approved. The Authentication Center (AuC) is a protected database that stores a copy of the secret key stored in each subscriber's SIM card, which is used for authentication and encryption over the radio channel.
Radio link aspects
The International Telecommunication Union (ITU), which manages the international allocation of radio spectrum (among many other functions), allocated the bands 890-915 MHz for the uplink (mobile station to base station) and 935-960 MHz for the downlink (base station to mobile station) for mobile networks in Europe. Since this range was already being used in the early 1980s by the analog systems of the day, the CEPT had the foresight to reserve the top 10 MHz of each band for the GSM network that was still being developed. Eventually, GSM will be allocated the entire 2x25 MHz bandwidth.
Multiple access and channel structure
Since radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible. The method chosen by GSM is a combination of Time- and Frequency-Division Multiple Access (TDMA/FDMA). The FDMA part involves the division by frequency of the (maximum) 25 MHz bandwidth into 124 carrier frequencies spaced 200 kHz apart. One or more carrier frequencies are assigned to each base station. Each of these carrier frequencies is then divided in time, using a TDMA scheme. The fundamental unit of time in this TDMA scheme is called a burst period and it lasts 15/26 ms (or approx. 0.577 ms). Eight burst periods are grouped into a TDMA frame (120/26 ms, or approx. 4.615 ms), which forms the basic unit for the definition of logical channels. One physical channel is one burst period per TDMA frame.

Channels are defined by the number and position of their corresponding burst periods. All these definitions are cyclic, and the entire pattern repeats approximately every 3 hours. Channels can be divided into dedicated channels, which are allocated to a mobile station, and common channels, which are used by mobile stations in idle mode.
Traffic channels
A traffic channel (TCH) is used to carry speech and data traffic. Traffic channels are defined using a 26-frame multiframe, or group of 26 TDMA frames. The length of a 26-frame multiframe is 120 ms, which is how the length of a burst period is defined (120 ms divided by 26 frames divided by 8 burst periods per frame). Out of the 26 frames, 24 are used for traffic, 1 is used for the Slow Associated Control Channel (SACCH) and 1 is currently unused (see Figure 2). TCHs for the uplink and downlink are separated in time by 3 burst periods, so that the mobile station does not have to transmit and receive simultaneously, thus simplifying the electronics.

In addition to these full-rate TCHs, there are also half-rate TCHs defined, although they are not yet implemented. Half-rate TCHs will effectively double the capacity of a system once half-rate speech coders are specified (i.e., speech coding at around 7 kbps, instead of 13 kbps). Eighth-rate TCHs are also specified, and are used for signalling. In the recommendations, they are called Stand-alone Dedicated Control Channels (SDCCH).

Figure 2. Organization of bursts, TDMA frames, and multiframes for speech and data
Control channels
Common channels can be accessed both by idle mode and dedicated mode mobiles. The common channels are used by idle mode mobiles to exchange the signalling information required to change to dedicated mode. Mobiles already in dedicated mode monitor the surrounding base stations for handover and other information. The common channels are defined within a 51-frame multiframe, so that dedicated mobiles using the 26-frame multiframe TCH structure can still monitor control channels. The common channels include:

Broadcast Control Channel (BCCH)
    Continually broadcasts, on the downlink, information including base station identity, frequency allocations, and frequency-hopping sequences.
Frequency Correction Channel (FCCH) and Synchronisation Channel (SCH)
    Used to synchronise the mobile to the time slot structure of a cell by defining the boundaries of burst periods, and the time slot numbering. Every cell in a GSM network broadcasts exactly one FCCH and one SCH, which are by definition on time slot number 0 (within a TDMA frame).
Random Access Channel (RACH)
    Slotted Aloha channel used by the mobile to request access to the network.
Paging Channel (PCH)
    Used to alert the mobile station of an incoming call.
Access Grant Channel (AGCH)
    Used to allocate an SDCCH to a mobile for signalling (in order to obtain a dedicated channel), following a request on the RACH.

Burst structure
There are four different types of bursts used for transmission in GSM [16]. The normal burst is used to carry data and most signalling. It has a total length of 156.25 bits, made up of two 57 bit information bits, a 26 bit training sequence used for equalization, 1 stealing bit for each information block (used for FACCH), 3 tail bits at each end, and an 8.25 bit guard sequence, as shown in Figure 2. The 156.25 bits are transmitted in 0.577 ms, giving a gross bit rate of 270.833 kbps.

The F burst, used on the FCCH, and the S burst, used on the SCH, have the same length as a normal burst, but a different internal structure, which differentiates them from normal bursts (thus allowing synchronization). The access burst is shorter than the normal burst, and is used only on the RACH.
Speech coding
GSM is a digital system, so speech which is inherently analog, has to be digitized. The method employed by ISDN, and by current telephone systems for multiplexing voice lines over high speed trunks and optical fiber lines, is Pulse Coded Modulation (PCM). The output stream from PCM is 64 kbps, too high a rate to be feasible over a radio link. The 64 kbps signal, although simple to implement, contains much redundancy. The GSM group studied several speech coding algorithms on the basis of subjective speech quality and complexity (which is related to cost, processing delay, and power consumption once implemented) before arriving at the choice of a Regular Pulse Excited -- Linear Predictive Coder (RPE--LPC) with a Long Term Predictor loop. Basically, information from previous samples, which does not change very quickly, is used to predict the current sample. The coefficients of the linear combination of the previous samples, plus an encoded form of the residual, the difference between the predicted and actual sample, represent the signal. Speech is divided into 20 millisecond samples, each of which is encoded as 260 bits, giving a total bit rate of 13 kbps. This is the so-called Full-Rate speech coding. Recently, an Enhanced Full-Rate (EFR) speech coding algorithm has been implemented by some North American GSM1900 operators. This is said to provide improved speech quality using the existing 13 kbps bit rate.
Channel coding and modulation
Because of natural and man-made electromagnetic interference, the encoded speech or data signal transmitted over the radio interface must be protected from errors. GSM uses convolutional encoding and block interleaving to achieve this protection. The exact algorithms used differ for speech and for different data rates. The method used for speech blocks will be described below.

Recall that the speech codec produces a 260 bit block for every 20 ms speech sample. From subjective testing, it was found that some bits of this block were more important for perceived speech quality than others. The bits are thus divided into three classes:

    Class Ia 50 bits - most sensitive to bit errors
    Class Ib 132 bits - moderately sensitive to bit errors
    Class II 78 bits - least sensitive to bit errors

Class Ia bits have a 3 bit Cyclic Redundancy Code added for error detection. If an error is detected, the frame is judged too damaged to be comprehensible and it is discarded. It is replaced by a slightly attenuated version of the previous correctly received frame. These 53 bits, together with the 132 Class Ib bits and a 4 bit tail sequence (a total of 189 bits), are input into a 1/2 rate convolutional encoder of constraint length 4. Each input bit is encoded as two output bits, based on a combination of the previous 4 input bits. The convolutional encoder thus outputs 378 bits, to which are added the 78 remaining Class II bits, which are unprotected. Thus every 20 ms speech sample is encoded as 456 bits, giving a bit rate of 22.8 kbps.

To further protect against the burst errors common to the radio interface, each sample is interleaved. The 456 bits output by the convolutional encoder are divided into 8 blocks of 57 bits, and these blocks are transmitted in eight consecutive time-slot bursts. Since each time-slot burst can carry two 57 bit blocks, each burst carries traffic from two different speech samples.

Recall that each time-slot burst is transmitted at a gross bit rate of 270.833 kbps. This digital signal is modulated onto the analog carrier frequency using Gaussian-filtered Minimum Shift Keying (GMSK). GMSK was selected over other modulation schemes as a compromise between spectral efficiency, complexity of the transmitter, and limited spurious emissions. The complexity of the transmitter is related to power consumption, which should be minimized for the mobile station. The spurious radio emissions, outside of the allotted bandwidth, must be strictly controlled so as to limit adjacent channel interference, and allow for the co-existence of GSM and the older analog systems (at least for the time being).
Multipath equalization
At the 900 MHz range, radio waves bounce off everything - buildings, hills, cars, airplanes, etc. Thus many reflected signals, each with a different phase, can reach an antenna. Equalization is used to extract the desired signal from the unwanted reflections. It works by finding out how a known transmitted signal is modified by multipath fading, and constructing an inverse filter to extract the rest of the desired signal. This known signal is the 26-bit training sequence transmitted in the middle of every time-slot burst. The actual implementation of the equalizer is not specified in the GSM specifications.
Frequency hopping
The mobile station already has to be frequency agile, meaning it can move between a transmit, receive, and monitor time slot within one TDMA frame, which normally are on different frequencies. GSM makes use of this inherent frequency agility to implement slow frequency hopping, where the mobile and BTS transmit each TDMA frame on a different carrier frequency. The frequency hopping algorithm is broadcast on the Broadcast Control Channel. Since multipath fading is dependent on carrier frequency, slow frequency hopping helps alleviate the problem. In addition, co-channel interference is in effect randomized.
Discontinuous transmission
Minimizing co-channel interference is a goal in any cellular system, since it allows better service for a given cell size, or the use of smaller cells, thus increasing the overall capacity of the system. Discontinuous transmission (DTX) is a method that takes advantage of the fact that a person speaks less that 40 percent of the time in normal conversation [22], by turning the transmitter off during silence periods. An added benefit of DTX is that power is conserved at the mobile unit.

The most important component of DTX is, of course, Voice Activity Detection. It must distinguish between voice and noise inputs, a task that is not as trivial as it appears, considering background noise. If a voice signal is misinterpreted as noise, the transmitter is turned off and a very annoying effect called clipping is heard at the receiving end. If, on the other hand, noise is misinterpreted as a voice signal too often, the efficiency of DTX is dramatically decreased. Another factor to consider is that when the transmitter is turned off, there is total silence heard at the receiving end, due to the digital nature of GSM. To assure the receiver that the connection is not dead, comfort noise is created at the receiving end by trying to match the characteristics of the transmitting end's background noise.
Discontinuous reception
Another method used to conserve power at the mobile station is discontinuous reception. The paging channel, used by the base station to signal an incoming call, is structured into sub-channels. Each mobile station needs to listen only to its own sub-channel. In the time between successive paging sub-channels, the mobile can go into sleep mode, when almost no power is used.
Power control
There are five classes of mobile stations defined, according to their peak transmitter power, rated at 20, 8, 5, 2, and 0.8 watts. To minimize co-channel interference and to conserve power, both the mobiles and the Base Transceiver Stations operate at the lowest power level that will maintain an acceptable signal quality. Power levels can be stepped up or down in steps of 2 dB from the peak power for the class down to a minimum of 13 dBm (20 milliwatts).

The mobile station measures the signal strength or signal quality (based on the Bit Error Ratio), and passes the information to the Base Station Controller, which ultimately decides if and when the power level should be changed. Power control should be handled carefully, since there is the possibility of instability. This arises from having mobiles in co-channel cells alternatingly increase their power in response to increased co-channel interference caused by the other mobile increasing its power. This in unlikely to occur in practice but it is (or was as of 1991) under study.
Network aspects
Ensuring the transmission of voice or data of a given quality over the radio link is only part of the function of a cellular mobile network. A GSM mobile can seamlessly roam nationally and internationally, which requires that registration, authentication, call routing and location updating functions exist and are standardized in GSM networks. In addition, the fact that the geographical area covered by the network is divided into cells necessitates the implementation of a handover mechanism. These functions are performed by the Network Subsystem, mainly using the Mobile Application Part (MAP) built on top of the Signalling System No. 7 protocol.

Figure 3. Signalling protocol structure in GSM

The signalling protocol in GSM is structured into three general layers [1], [19], depending on the interface, as shown in Figure 3. Layer 1 is the physical layer, which uses the channel structures discussed above over the air interface. Layer 2 is the data link layer. Across the Um interface, the data link layer is a modified version of the LAPD protocol used in ISDN, called LAPDm. Across the A interface, the Message Transfer Part layer 2 of Signalling System Number 7 is used. Layer 3 of the GSM signalling protocol is itself divided into 3 sublayers.

Radio Resources Management
    Controls the setup, maintenance, and termination of radio and fixed channels, including handovers.
Mobility Management
    Manages the location updating and registration procedures, as well as security and authentication.
Connection Management
    Handles general call control, similar to CCITT Recommendation Q.931, and manages Supplementary Services and the Short Message Service.

Signalling between the different entities in the fixed part of the network, such as between the HLR and VLR, is accomplished throught the Mobile Application Part (MAP). MAP is built on top of the Transaction Capabilities Application Part (TCAP, the top layer of Signalling System Number 7. The specification of the MAP is quite complex, and at over 500 pages, it is one of the longest documents in the GSM recommendations [16].
Radio resources management
The radio resources management (RR) layer oversees the establishment of a link, both radio and fixed, between the mobile station and the MSC. The main functional components involved are the mobile station, and the Base Station Subsystem, as well as the MSC. The RR layer is concerned with the management of an RR-session [16], which is the time that a mobile is in dedicated mode, as well as the configuration of radio channels including the allocation of dedicated channels.

An RR-session is always initiated by a mobile station through the access procedure, either for an outgoing call, or in response to a paging message. The details of the access and paging procedures, such as when a dedicated channel is actually assigned to the mobile, and the paging sub-channel structure, are handled in the RR layer. In addition, it handles the management of radio features such as power control, discontinuous transmission and reception, and timing advance.
In a cellular network, the radio and fixed links required are not permanently allocated for the duration of a call. Handover, or handoff as it is called in North America, is the switching of an on-going call to a different channel or cell. The execution and measurements required for handover form one of basic functions of the RR layer.

There are four different types of handover in the GSM system, which involve transferring a call between:

    Channels (time slots) in the same cell
    Cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC),
    Cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC), and
    Cells under the control of different MSCs.

The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signalling bandwidth, they are managed by the BSC without involving the Mobile services Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. An important aspect of GSM is that the original MSC, the anchor MSC, remains responsible for most call-related functions, with the exception of subsequent inter-BSC handovers under the control of the new MSC, called the relay MSC.

Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.

The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.

The 'minimum acceptable performance' algorithm [3] gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell.

The 'power budget' method [3] uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated.
Mobility management
The Mobility Management layer (MM) is built on top of the RR layer, and handles the functions that arise from the mobility of the subscriber, as well as the authentication and security aspects. Location management is concerned with the procedures that enable the system to know the current location of a powered-on mobile station so that incoming call routing can be completed.
Location updating
A powered-on mobile is informed of an incoming call by a paging message sent over the PAGCH channel of a cell. One extreme would be to page every cell in the network for each call, which is obviously a waste of radio bandwidth. The other extreme would be for the mobile to notify the system, via location updating messages, of its current location at the individual cell level. This would require paging messages to be sent to exactly one cell, but would be very wasteful due to the large number of location updating messages. A compromise solution used in GSM is to group cells into location areas. Updating messages are required when moving between location areas, and mobile stations are paged in the cells of their current location area.

The location updating procedures, and subsequent call routing, use the MSC and two location registers: the Home Location Register (HLR) and the Visitor Location Register (VLR). When a mobile station is switched on in a new location area, or it moves to a new location area or different operator's PLMN, it must register with the network to indicate its current location. In the normal case, a location update message is sent to the new MSC/VLR, which records the location area information, and then sends the location information to the subscriber's HLR. The information sent to the HLR is normally the SS7 address of the new VLR, although it may be a routing number. The reason a routing number is not normally assigned, even though it would reduce signalling, is that there is only a limited number of routing numbers available in the new MSC/VLR and they are allocated on demand for incoming calls. If the subscriber is entitled to service, the HLR sends a subset of the subscriber information, needed for call control, to the new MSC/VLR, and sends a message to the old MSC/VLR to cancel the old registration.

For reliability reasons, GSM also has a periodic location updating procedure. If an HLR or MSC/VLR fails, to have each mobile register simultaneously to bring the database up to date would cause overloading. Therefore, the database is updated as location updating events occur. The enabling of periodic updating, and the time period between periodic updates, is controlled by the operator, and is a trade-off between signalling traffic and speed of recovery. If a mobile does not register after the updating time period, it is deregistered.

A procedure related to location updating is the IMSI attach and detach. A detach lets the network know that the mobile station is unreachable, and avoids having to needlessly allocate channels and send paging messages. An attach is similar to a location update, and informs the system that the mobile is reachable again. The activation of IMSI attach/detach is up to the operator on an individual cell basis.
Authentication and security
Since the radio medium can be accessed by anyone, authentication of users to prove that they are who they claim to be, is a very important element of a mobile network. Authentication involves two functional entities, the SIM card in the mobile, and the Authentication Center (AuC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AuC. During authentication, the AuC generates a random number that it sends to the mobile. Both the mobile and the AuC then use the random number, in conjuction with the subscriber's secret key and a ciphering algorithm called A3, to generate a signed response (SRES) that is sent back to the AuC. If the number sent by the mobile is the same as the one calculated by the AuC, the subscriber is authenticated [16].

The same initial random number and subscriber key are also used to compute the ciphering key using an algorithm called A8. This ciphering key, together with the TDMA frame number, use the A5 algorithm to create a 114 bit sequence that is XORed with the 114 bits of a burst (the two 57 bit blocks). Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers.

Another level of security is performed on the mobile equipment itself, as opposed to the mobile subscriber. As mentioned earlier, each GSM terminal is identified by a unique International Mobile Equipment Identity (IMEI) number. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR). The status returned in response to an IMEI query to the EIR is one of the following:

    The terminal is allowed to connect to the network.
    The terminal is under observation from the network for possible problems.
    The terminal has either been reported stolen, or is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.

Communication management
The Communication Management layer (CM) is responsible for Call Control (CC), supplementary service management, and short message service management. Each of these may be considered as a separate sublayer within the CM layer. Call control attempts to follow the ISDN procedures specified in Q.931, although routing to a roaming mobile subscriber is obviously unique to GSM. Other functions of the CC sublayer include call establishment, selection of the type of service (including alternating between services during a call), and call release.
Call routing
Unlike routing in the fixed network, where a terminal is semi-permanently wired to a central office, a GSM user can roam nationally and even internationally. The directory number dialed to reach a mobile subscriber is called the Mobile Subscriber ISDN (MSISDN), which is defined by the E.164 numbering plan. This number includes a country code and a National Destination Code which identifies the subscriber's operator. The first few digits of the remaining subscriber number may identify the subscriber's HLR within the home PLMN.

An incoming mobile terminating call is directed to the Gateway MSC (GMSC) function. The GMSC is basically a switch which is able to interrogate the subscriber's HLR to obtain routing information, and thus contains a table linking MSISDNs to their corresponding HLR. A simplification is to have a GSMC handle one specific PLMN. It should be noted that the GMSC function is distinct from the MSC function, but is usually implemented in an MSC.

The routing information that is returned to the GMSC is the Mobile Station Roaming Number (MSRN), which is also defined by the E.164 numbering plan. MSRNs are related to the geographical numbering plan, and not assigned to subscribers, nor are they visible to subscribers.

The most general routing procedure begins with the GMSC querying the called subscriber's HLR for an MSRN. The HLR typically stores only the SS7 address of the subscriber's current VLR, and does not have the MSRN (see the location updating section). The HLR must therefore query the subscriber's current VLR, which will temporarily allocate an MSRN from its pool for the call. This MSRN is returned to the HLR and back to the GMSC, which can then route the call to the new MSC. At the new MSC, the IMSI corresponding to the MSRN is looked up, and the mobile is paged in its current location area (see Figure 4).

Figure 4. Call routing for a mobile terminating call
Conclusion and comments
In this paper I have tried to give an overview of the GSM system. As with any overview, and especially one covering a standard 6000 pages long, there are many details missing. I believe, however, that I gave the general flavor of GSM and the philosophy behind its design. It was a monumental task that the original GSM committee undertook, and one that has proven a success, showing that international cooperation on such projects between academia, industry, and government can succeed. It is a standard that ensures interoperability without stifling competition and innovation among suppliers, to the benefit of the public both in terms of cost and service quality. For example, by using Very Large Scale Integration (VLSI) microprocessor technology, many functions of the mobile station can be built on one chipset, resulting in lighter, more compact, and more energy-efficient terminals.

Telecommunications are evolving towards personal communication networks, whose objective can be stated as the availability of all communication services anytime, anywhere, to anyone, by a single identity number and a pocketable communication terminal [25]. Having a multitude of incompatible systems throughout the world moves us farther away from this ideal. The economies of scale created by a unified system are enough to justify its implementation, not to mention the convenience to people of carrying just one communication terminal anywhere they go, regardless of national boundaries.

The GSM system, and its sibling systems operating at 1.8 GHz (called DCS1800) and 1.9 GHz (called GSM1900 or PCS1900, and operating in North America), are a first approach at a true personal communication system. The SIM card is a novel approach that implements personal mobility in addition to terminal mobility. Together with international roaming, and support for a variety of services such as telephony, data transfer, fax, Short Message Service, and supplementary services, GSM comes close to fulfilling the requirements for a personal communication system: close enough that it is being used as a basis for the next generation of mobile communication technology in Europe, the Universal Mobile Telecommunication System (UMTS).

Another point where GSM has shown its commitment to openness, standards and interoperability is the compatibility with the Integrated Services Digital Network (ISDN) that is evolving in most industrialized countries, and Europe in particular (the so-called Euro-ISDN). GSM is also the first system to make extensive use of the Intelligent Networking concept, in in which services like 800 numbers are concentrated and handled from a few centralized service centers, instead of being distributed over every switch in the country. This is the concept behind the use of the various registers such as the HLR. In addition, the signalling between these functional entities uses Signalling System Number 7, an international standard already deployed in many countries and specified as the backbone signalling network for ISDN.

GSM is a very complex standard, but that is probably the price that must be paid to achieve the level of integrated service and quality offered while subject to the rather severe restrictions imposed by the radio environment.

برچسب‌ها: gsm
+ نوشته شده در  چهارشنبه چهاردهم تیر 1391ساعت 14:36  توسط بهار  | 

GSM Digital Mobile Communications
© Mercury Communications Ltd - June 1993

GSM pico cell's moment of fame - March 2007
2007 network writings:
My TechnologyInside blog

Cellular mobile communications has been growing throughout Europe, especially in the UK, at a rate faster than even the most optimistic market research company forecasted a few years ago. Although the onset of recession has slowed the growth rate somewhat in the 1990s (Figure 1) it is likely to accelerate upwards again as we move towards the mid 1990s. Based as it is on analogue technology, this explosion of usage has led to inevitable problems as any regular user will know. Analogue technology means that speech and data are transmitted over the radio path as a frequency-modulated (FM) analogue radio signal, which is exactly the same as used for FM radio. Drop outs, fading and interference plague users. Also, much recent press has focused everyone on how open cellular calls are to eavesdroppers equipped with low-cost hand held scanner radios. To combat these problems, open the way for a broader spectrum of user services, and provide the basis of personal communications networks (PCN), the replacement of these analogue networks by digital ones is well underway. The adoption of a digital network standard originally known as Groupe Spéciale Mobile (GSM) but now in an anglicised form global system for mobile communications will enable European-wide compatibility for the first time. DCS 1800 is a derivative of GSM based on the 1800MHz band. This issue of Technology Watch provides an overview of GSM and its personal persona, DCS 1800.
UK Cellular History

Throughout Europe there are around ten different analogue standards including NMT450, NMT900. The analogue cellular radio system in the UK is known as total access communications systems (TACS) and consists of a modification of the US AMPS cellular system. Since its inception it has suffered from an underestimation of popularity. For example, the mid-1980s forecast for the number of subscribers in 1990 was 20,000, in fact it turned out to be nearer one million. This led directly to the industry seeing itself as being reactive rather than pro-active.

Figure 1 - Growth of UK Cellular Subscribers in Millions

Another result was that insufficient spectrum (50MHz) was allocated to accommodate this number of users thus creating problems with quality of service in one or more of the following areas:

    First time connection. Subscribers expect to be connected on first call. Sufficient radio channels must be available to achieve this and there should not be any blocking within terrestrial fixed networks.
    Receive first time. Similar to first time connection.
    Interference. Two types of interference affect analogue cellular call quality, man-made and co-channel. As the mobile moves further away from the base station the signal gets weaker. This is perceived by the user as an increase in the background noise level and a greater susceptibility to interference in the form of bangs and crackles and co-channel interference. Co-channel interference is analogous to a crossed line in a terrestrial network.
    Drop out. A drop out may occur when the radio link to the base station is impaired or if there is insufficient capacity in the network. If the event lasts longer than three or four seconds an affected call is automatically terminated.

The drive to improve quality and security and to unify the highly fractured European mobile scene has led to the development of a new digital technology called GSM. A 'subset' of GSM known as DCS 1800 is also being used as the technology for new PCN services as exemplified with C&W's One-2-One service due to be launched later this year.
GSM Background

The first GSM system specification was published in July 1991 and was immediately followed by several false starts. This was brought about by a combination over-optimism, difficulties in type approval testing, and inevitable changes to the GSM specification. The first terminals appeared on the market in June 1992.

A combination of high demand for mobile services and a lack of capacity in the installed analogue network, has made Germany the most advanced country for GSM deployment. In the UK, Vodafone have said that they now cover 60-70% of the UK population with their GSM service and expect 90% coverage by mid 1993.

GSM has also been accepted for use by over seventeen European countries and several others including New Zealand and Hong Kong ending a period of diverse and proprietary standards. Eventually users will be able to roam between countries using whatever communications variants they need in the form of voice, data or facsimile with all usage being charged to the user through the use of a personal telephone number. It is currently forecast that GSM terminal sales will not overtake analogue sales until at least 1955/6.

Implementing a brand-new technology from scratch across Europe does raise some interesting problems that lie close to the hearts of product marketers and engineering managers:

    In many countries there is no overt demand or need for GSM. Analogue services are available and under employed.
    GSM coverage needs to be as wide as analogue before users will swap over.
    The current generation of GSM hand portables are not as small or as light as analogue variants. This will limit the interest of many users, even though a better service may be provided by GSM technology.
    Terminal prices for digital technologies are high compared to analogue. Although in time integration of GSM chip-sets will reduce costs it is likely that operators will need to subsidise the sale of terminals by selling them at below cost in the near term. Of course, once volumes really start to increase GSM handset prices will tumble.
    It is likely that it will be very difficult to get users to pay higher call charges for an improved service so GSM cannot be positioned as a higher quality/higher price service.

Figure 2 - The GSM Cellular Transceiver Network
GSM Technical Overview

The GSM standard was developed on the back of collaboration between all the Telecommunications Administrations of Europe (including our own Radiocommunications Agency) under the administration of Conférence Européenne des Administrations des Postes et Télécommunications (CEPT). At a later date it was sponsored by ETSI which included a number of European manufacturers. GSM operates in the 900MHz frequency band where it co-exists with other cellular services. The system, like all other cellular networks, is based on a contiguous set of cells providing complete coverage of the service area (Figure 2) .


There are three fundamental ways of splitting spectrum between a number of users as required in a cellular radio system:

    TDMA. With time division multiple access simultaneous conversations are supported by users transmitting in short bursts at different times or 'slots'.
    FDMA. In frequency division multiple access, the total band is split into narrow frequency subbands and a channel is allocated exclusively to each user during the course of a call. One is used for transmission and one for reception.
    CDMA. Code division multiple access allows all users access to all frequencies with the allocated band. A single user is extracted from the mayhem by looking for each user's individual code using a correlator. Although not selected for the current generation of mobile digital technologies, CDMA holds much promise as the future technology of choice for GSM replacement in the next century.

900MHz GSM uses a combination of TDMA and FDMA. It uses eight time slots, hence one carrier can support eight full rate or sixteen half rate channels. Channel separation is 200kHz with mobile transmit channels in the range 890 to 915MHz and mobile receive channels in the range 935 to 960MHz. Peak output power of the transmitters depends on the class of the mobile station and can be 0.8, 2, 5, 8, or 20 watts.

In-built functions to prevent interference are programmable transmit power control and power ramping at the beginning and end of the time slot. Frequency hopping minimises the effects of interference and helps to prevent dead spots in coverage caused by multipath fading. The overall data rate used is 270kbit/s split between eight channels. To minimise transmission errors the output of each speech encoder (digitiser) is encrypted and interleaved to allow forward error correction (FEC) to be used. The data is then sent in bursts of length 577µs, each containing 116 encrypted bits. Transmit and receive slots are staggered to give time for the frequency synthesisers to change channel.

System Components

In GSM-speak, each cell has a base transceiver station (BTS) (Figure 3) operating on fixed frequencies that are different to any of its neighbours. A cluster of base stations are controlled by a base station controller (BSC) and a group of BSCs is controlled by a Mobile Service Switching Centre (MSC). The MSC is the heart of the GSM cellular radio system and is responsible for routing, switching of calls from the originator to their destination. The prime function of the BSC is call maintenance. As a subscriber moves round he is likely to move between cells so the BSC controls the handover to minimise the break time.


There are two important databases that store information about subscribers, the home location register (HLR) which contains information about subscription levels, supplementary services, and current location. The authentication centre (AUC) works closely with the HLR to prevent fraud, stolen SIM cards or unpaid bills. The visitor location register (VLR) stores information about subscription levels, supplementary services, current location in the visited region. These databases also keep track of whether a subscriber is active i.e. whether his telephone is switched on or not. The equipment identity register (EIR) stores information about the type of mobile station in use and can bar calls if it finds a piece of equipment has been stolen.

Figure 3 - GSM Main System Components
GSM's Smartcard

The GSM network is underpinned by the use of a smartcard known as the subscriber identity module (SIM). The major task of the SIM is to support voice encryption and to manage user authentication. The SIM also supports other intelligent services such as:

The SIM card can hold up to fifty abbreviated dialling codes.

Advice of charge meter. Based on tariffs held in the SIM, downloaded from the network, the subscriber can display the real cost of the call in real time.

The GSM system supports short message transmission. Messages are downloaded to the subscriber's current location where it is stored in the SIM card. Up to five, 160 character long, messages can be stored at any one time. The subscriber can access these messages at any time.
GSM User Services

From a user's perspective, GSM consists of set of mobile services, some of which are:

    High quality voice connections through vehicle, portable and hand-held telephones.
    Data services including short message service, facsimile transmission and data communications at rates of up to 9600Bits/s with full duplex capability.
    Full European roaming capability. Switch on in any area covered by GSM and the home network will be notified as to where the portable is. Thus it will be possible to receive and make calls without the recipients knowing that the subscriber is abroad.
    Subscriptions are recorded on a subscriber information module (SIM) and when this is inserted into any GSM telephone it immediately becomes the subscribers. The network checks that the subscription is valid and that the card is not stolen by authenticating it back to the home database. For further information on smartcards see Technology Watch #14.
    Automatic routing of calls to local emergency services.

Phase 1 of GSM supports call forwarding if the mobile is busy or not reachable, call barring for such things as international calls and incoming calls when roaming, call waiting and call hold options, and immediate advice of charge in any currency! Phase 2 plans to support more advanced services.
The Benefits of Going Digital

What are some of the benefits of introducing a digital cellular network?

    The benefit of a standard in that pan-European coverage will permit cross-border roaming for the first time.
    Greater spectrum usage efficiency compared to analogue approaches.
    Improved service quality for users in the form of improved speech quality, improved security through inbuilt encryption (there is none at present), and higher connection reliability.
    Larger number of advanced user services and easier linkage to private and public ISDN networks as they become available.

At this time the general consensus is that GSM based digital cellular telephones will overtake that of analogue telephones by 1996.
GSM Issues

There are many issues that are currently being evaluated:

    Intellectual property rights (IPR). Most of the early research undertaken to define the GSM standard was carried out by the large multinationals who could afford to indulge in the early research and development. As a result, most patents are held by these manufacturers who can work together through cross licensing. The problem with this is that it makes it very difficult for a small player who does not hold patents to negotiate with to move into the market without paying significant royalties to a combination of large manufacturers. The blame can be laid at the door of the early players and the standards bodies although it does look like that this issue has now been resolved.
    GSM Encryption and the A5 algorithm. The GSM specification utilised a very secure data encryption algorithm called 'A5'. The use of this algorithm is limited to the original signatories only because of national security considerations. This has led to significant problems when exporting GSM technology to non Co-Com countries. Exportation is possible as long as certain, country specific, conditions are met. These include (1) irreversibly disabling encryption, (2) message encryption is disabled but subscriber identity (IMSI) encryption is allowed, and (3) the use of simplified (i.e. crackable) algorithms.
    Inter-operator billing. In countries where roaming is allowed inter-operator billing agreements need to be agreed and data passed between countries on a daily basis.
    In recent months there has been considerable media coverage concerning interference to other electronic systems from GSM phones. For example, it has been reported that in certain circumstances hearing aid users can hear a buzzing sound at a distance of three to five metres from a GSM phone. Also, engineers at Volkswagen are reported as having detected interference with automatic brake systems (ABS) and other electronic car subsystems. This interference is caused by the higher peak output power of bursty GSM transmissions when compared to the steady continuous transmission nature of analogue systems. Although work has started at ETSI to solve the problem, effective solutions will require effort both on the part of GSM operators and designers of electronic subsystems to reduce the susceptibility of their equipment to outside interference.

Beyond GSM - PCN

GSM has been complimented in the UK by an additional cellular service called the digital cellular service (DCS 1800) based on GSM technology.

In January 1989 the DTI published a consultative document outlining its ideas about a personal communication network (PCN) . Initially three licenses were issued to consortia:

    Microtel - British Aerospace, Pacific Telesis, Millicom and Sony.
    Unitel - STC, Thorn EMI, US West, and Deutsche Bundespost Telecom.
    Mercury PCN

In 1993 there are only two potential PCN operators left following many changes which included the merger of Unitel and Mercury Personal Communications (MPC). These are Mercury One-2-One (formally MPC) and Hutchison Microtel.

Because of the major costs in setting up a new PCN network the DTI introduced two measures to reduce costs, (1) PCN operators can provide their own radio links between radio sites and mobile switching centres and (2) PCN operators can share infrastructure.

As a modified form of GSM it operates in the 1.8GHz band with smaller cell sizes and lower power. DCS 1800 has also been allocated 150MHz of spectrum compared to the 50MHz of GSM. The standard finalised in January 1991 stipulates a number of differences to its forebear at the station/handset level. As the standard is aimed at PCN applications it has been optimised for higher-density traffic that would be seen in smaller PCN cells.

There are several areas where DCS 1800 differs from GSM. Table 2 shows the principal differences which are concerned with spectrum, transmit powers, and cell sizes. In all other aspects DCS 1800 and GSM are the identical except for a few minor specification differences.

Frequency                GSM           DCS 1800        
      Mobile TX   890-915MHz     1,710-1,785MHz
        base TX   935-960MHz     1,805-1,880MHz    
Handset power                         
    peak output    800mW-20W           250mW-1W  
    mean output   100mW-2.5W         40mW-125mW 
     Cell Sizes   1km - 35km         <1km - 8km 

Table 2 - GSM and DCS 1800 Compared

Mercury One-2-One based in Borehamwood it a joint venture between Cable & Wireless and US West and plans to launch the UK's first PCN network within the bounds of the M25 later this year.

The One-2-One personal communications network will rely for success on clearly differentiating itself from other mobile cellular operators in the eyes of potential users. This is to be achieved through several means:

    It is phone service for a person rather a car. The phone can be used at home, when out and about walking, and in the office.
    It will provide high quality communication that cannot be overheard.
    One-2-One will provide subscribers with advanced services such as:

Personal SmartCard for customised services

VoiceMail answer phone service

Fully itemised billing

Call waiting, divert, and barring

Current call charges enquiry

Optional services:

Monthly call limit

Insurance cover

VoiceMail Plus

And, most importantly, lower monthly standing charges combined with lower call charges.
The Future - FPLMTS?

The CCITT is currently working on a universal standard for the next decade called future public land mobile telecommunication system (FPLMTS). This standard ultimately aims to fully merge cellular and cordless standards.

The FPLMTS standard is planned to support the following all-encompassing voice and data services:

    Universal personal telecommunication (UPT) voice services
    Message handling
    Point-to-multipoint communication
    Data services 300-9,600 baud and under favourable circumstances up to 20Mbit/s in connection and connectionless modes can be provided.
    Videotex, Video telephone
    Program video
    location services (via GPS)
    multimedia - voice, video and data simultaneously.


It is still early days for GSM and although a long term perspective indicates that a digital solution for mobile communications will the norm, the near term will be clouded by the commercial and technical issues caused by the replacement of clearly outdated analogue cellular technology.

Like all digital standards that are aimed at replacing older analogue technology, GSM has taken many years to come to fruition with many heartaches on the way. But the benefits to the user of pan-European roaming, the stream of new mobile services, and the improvement in security and quality will ensure that GSM has a bright future.

برچسب‌ها: gsm
+ نوشته شده در  چهارشنبه چهاردهم تیر 1391ساعت 14:34  توسط بهار  | 

The GSM system uses TDMA to split a frequency into time slots.
Learn More

    Cell Phone Quiz
    Global Cell Phones
    Discovery.com: Cell Phones Help Nations

Probably the most useful thing to know about the Global System for Mobile communications (GSM) is that it is an international standard. If you travel in Europe and many other parts of the world, GSM is the only type of cellular service available. Originally, the acronym GSM stood for Groupe Spécial Mobile, a group formed by the Conference of European Posts and Telegraphs (CEPT) in 1982 to research the merits of a European standard for mobile telecommunications. Commercial service using the GSM system did not actually start until 1991. Instead of using analog service, GSM was developed as a digital system using TDMA technology.

Using TDMA, a narrow band that is 30 kHz wide and 6.7 milliseconds long is split time-wise into three time slots. Narrow band means channels in the traditional sense. Each conversation gets the radio for one-third of the time. This is possible because voice data that has been converted to digital information is compressed so that it takes up significantly less transmission space. Therefore, TDMA has three times the capacity of an analog system using the same number of channels.

TDMA is the access method used by GSM, as well as the Electronics Industry Alliance and the Telecommunications Industry Association for Interim Standard 54 (IS-54) and Interim Standard 136 (IS-136). GSM implements TDMA in a somewhat different and incompatible way from IS-136. Think of GSM and IS-136 as two different operating systems that work on the same processor, like Windows and Linux both working on an Intel Pentium III. GSM systems provide a number of useful features:

    Uses encryption to make phone calls more secure
    Data networking
    Group III facsimile services
    Short Message Service (SMS) for text messages and paging
    Call forwarding
    Caller ID
    Call waiting
    Multi-party conferencing

GSM operates in the 900 MHz band (890 MHz - 960 MHz) in Europe and Asia and in the 1900 MHz (sometimes referred to as 1.9 GHz) band in the United States. It is used in digital cellular and PCS-based systems. GSM is also the basis for Integrated Digital Enhanced Network (iDEN), a popular system introduced by Motorola and used by Nextel. The incredible growth of GSM is a big part of why the acronym is now commonly thought of as standing for the Global System for Mobile communications!

If you were on a cell phone in Europe, you'd be using the GSM service. Click here to learn about making international calls from a cell phone in the U.S. or see the next page for more interesting links.

برچسب‌ها: gsm
+ نوشته شده در  چهارشنبه چهاردهم تیر 1391ساعت 14:30  توسط بهار  | 

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For other uses, see GSM (disambiguation).
The GSM logo is used to identify compatible handsets and equipment

GSM (Global System for Mobile Communications, originally Groupe Spécial Mobile), is a standard set developed by the European Telecommunications Standards Institute (ETSI) to describe technologies for second generation (2G) digital cellular networks. Developed as a replacement for first generation (1G) analog cellular networks, the GSM standard originally described a digital, circuit switched network optimized for full duplex voice telephony. The standard was expanded over time to include first circuit switched data transport, then packet data transport via GPRS (General Packet Radio Services). Packet data transmission speeds were later increased via EDGE (Enhanced Data rates for GSM Evolution) referred as EGPRS. The GSM standard is more improved after the development of third generation (3G) UMTS standard developed by the 3GPP. GSM networks will evolve further as they begin to incorporate fourth generation (4G) LTE Advanced standards. "GSM" is a trademark owned by the GSM Association.

    1 History
    2 Technical details
        2.1 GSM carrier frequencies
        2.2 Voice codecs
        2.3 Network structure
        2.4 Subscriber Identity Module (SIM)
        2.5 Phone locking
        2.6 GSM service security
    3 Standards information
    4 GSM open-source software
        4.1 Issues with patents and open source
    5 See also
    6 References
    7 Further reading
    8 External links


Early European analog cellular networks employed an uncoordinated mix of technologies and protocols that varied from country to country, preventing interoperability of subscriber equipment and increasing complexity for equipment manufacturers who had to contend with varying standards from a fragmented market. The work to develop a European standard for digital cellular voice telephony began in 1982 when the European Conference of Postal and Telecommunications Administrations (CEPT) created the Groupe Spécial Mobile committee and provided a permanent group of technical support personnel, based in Paris. In 1987, 15 representatives from 13 European countries signed a memorandum of understanding to develop and deploy a common cellular telephone system across Europe. The foresight of deciding to develop a continental standard paid off, eventually resulting in a unified, open, standard-based network larger than that in the United States.[1][2][3][4]

France and Germany signed a joint development agreement in 1984 and were joined by Italy and the UK in 1986. In 1986 the European Commission proposed to reserve the 900 MHz spectrum band for GSM. By 1987, basic parameters of the GSM standard had been agreed upon and 15 representatives from 13 European nations signed a memorandum of understanding in Copenhagen, committing to deploy GSM. In 1989, the Groupe Spécial Mobile committee was transferred from CEPT to the European Telecommunications Standards Institute (ETSI).[3]

Phase I of the GSM specifications were published in 1990. The historic world's first GSM call was made by the Finnish prime minister Harri Holkeri to Kaarina Suonio (mayor in city of Tampere) on July 1, 1991. The first network was built by Telenokia and Siemens and operated by Radiolinja.[5] In 1992, the first short messaging service (SMS or "text message") message was sent and Vodafone UK and Telecom Finland signed the first international roaming agreement. Work had begun in 1991 to expand the GSM standard to the 1800 MHz frequency band and the first 1800 MHz network became operational in the UK in 1993. Also in 1993, Telecom Australia became the first network operator to deploy a GSM network outside of Europe and the first practical hand-held GSM mobile phone became available. In 1995, fax, data and SMS messaging services became commercially operational, the first 1900 MHz GSM network in the world became operational in the United States and GSM subscribers worldwide exceeded 10 million. In this same year, the GSM Association was formed. Pre-paid GSM SIM cards were launched in 1996 and worldwide GSM subscribers passed 100 million in 1998.[3]

In 2000, the first commercial GPRS services were launched and the first GPRS compatible handsets became available for sale. In 2001 the first UMTS (W-CDMA) network was launched and worldwide GSM subscribers exceeded 500 million. In 2002 the first multimedia messaging services (MMS) were introduced and the first GSM network in the 800 MHz frequency band became operational. EDGE services first became operational in a network in 2003 and the number of worldwide GSM subscribers exceeded 1 billion in 2004.[3]

By 2005, GSM networks accounted for more than 75% of the worldwide cellular network market, serving 1.5 billion subscribers. In 2005, the first HSDPA capable network also became operational. The first HSUPA network was launched in 2007 and worldwide GSM subscribers exceeded two billion in 2008.[3]

The GSM Association estimates that technologies defined in the GSM standard serve 80% of the global mobile market, encompassing more than 5 billion people across more than 212 countries and territories, making GSM the most ubiquitous of the many standards for cellular networks.[6]

Macau decided to fade out GSM network in July 2012 (only roaming service is kept), making it the first region to decommission GSM network.[7]
Technical details
GSM cell site antennas in the Deutsches Museum, Munich, Germany

GSM is a cellular network, which means that cell phones connect to it by searching for cells in the immediate vicinity. There are five different cell sizes in a GSM network—macro, micro, pico, femto and umbrella cells. The coverage area of each cell varies according to the implementation environment. Macro cells can be regarded as cells where the base station antenna is installed on a mast or a building above average roof top level. Micro cells are cells whose antenna height is under average roof top level; they are typically used in urban areas. Picocells are small cells whose coverage diameter is a few dozen metres; they are mainly used indoors. Femtocells are cells designed for use in residential or small business environments and connect to the service provider’s network via a broadband internet connection. Umbrella cells are used to cover shadowed regions of smaller cells and fill in gaps in coverage between those cells.

Cell horizontal radius varies depending on antenna height, antenna gain and propagation conditions from a couple of hundred metres to several tens of kilometres. The longest distance the GSM specification supports in practical use is 35 kilometres (22 mi). There are also several implementations of the concept of an extended cell,[8] where the cell radius could be double or even more, depending on the antenna system, the type of terrain and the timing advance.

Indoor coverage is also supported by GSM and may be achieved by using an indoor picocell base station, or an indoor repeater with distributed indoor antennas fed through power splitters, to deliver the radio signals from an antenna outdoors to the separate indoor distributed antenna system. These are typically deployed when a lot of call capacity is needed indoors; for example, in shopping centers or airports. However, this is not a prerequisite, since indoor coverage is also provided by in-building penetration of the radio signals from any nearby cell.

The modulation used in GSM is Gaussian minimum-shift keying (GMSK), a kind of continuous-phase frequency shift keying. In GMSK, the signal to be modulated onto the carrier is first smoothed with a Gaussian low-pass filter prior to being fed to a frequency modulator, which greatly reduces the interference to neighboring channels (adjacent-channel interference).
GSM carrier frequencies
Main article: GSM frequency bands

GSM networks operate in a number of different carrier frequency ranges (separated into GSM frequency ranges for 2G and UMTS frequency bands for 3G), with most 2G GSM networks operating in the 900 MHz or 1800 MHz bands. Where these bands were already allocated, the 850 MHz and 1900 MHz bands were used instead (for example in Canada and the United States). In rare cases the 400 and 450 MHz frequency bands are assigned in some countries because they were previously used for first-generation systems.

Most 3G networks in Europe operate in the 2100 MHz frequency band.

Regardless of the frequency selected by an operator, it is divided into timeslots for individual phones to use. This allows eight full-rate or sixteen half-rate speech channels per radio frequency. These eight radio timeslots (or eight burst periods) are grouped into a TDMA frame. Half rate channels use alternate frames in the same timeslot. The channel data rate for all 8 channels is 270.833 kbit/s, and the frame duration is 4.615 ms.

The transmission power in the handset is limited to a maximum of 2 watts in GSM850/900 and 1 watt in GSM1800/1900.
Voice codecs

GSM has used a variety of voice codecs to squeeze 3.1 kHz audio into between 6.5 and 13 kbit/s. Originally, two codecs, named after the types of data channel they were allocated, were used, called Half Rate (6.5 kbit/s) and Full Rate (13 kbit/s). These used a system based upon linear predictive coding (LPC). In addition to being efficient with bitrates, these codecs also made it easier to identify more important parts of the audio, allowing the air interface layer to prioritize and better protect these parts of the signal.

GSM was further enhanced in 1997[9] with the Enhanced Full Rate (EFR) codec, a 12.2 kbit/s codec that uses a full rate channel. Finally, with the development of UMTS, EFR was refactored into a variable-rate codec called AMR-Narrowband, which is high quality and robust against interference when used on full rate channels, and less robust but still relatively high quality when used in good radio conditions on half-rate channels.
Network structure
The structure of a GSM network

The network is structured into a number of discrete sections:

    The Base Station Subsystem (the base stations and their controllers).
    The Network and Switching Subsystem (the part of the network most similar to a fixed network). This is sometimes also just called the core network.
    The GPRS Core Network (the optional part which allows packet based Internet connections).
    The Operations support system (OSS) for maintenance of the network.

Subscriber Identity Module (SIM)
Main article: Subscriber Identity Module

One of the key features of GSM is the Subscriber Identity Module, commonly known as a SIM card. The SIM is a detachable smart card containing the user's subscription information and phone book. This allows the user to retain his or her information after switching handsets. Alternatively, the user can also change operators while retaining the handset simply by changing the SIM. Some operators will block this by allowing the phone to use only a single SIM, or only a SIM issued by them; this practice is known as SIM locking.
Phone locking
Main article: SIM lock

Sometimes mobile network operators restrict handsets that they sell for use with their own network. This is called locking and is implemented by a software feature of the phone. Because the purchase price of the mobile phone to the consumer may be subsidized with revenue from subscriptions, operators must recoup this investment before a subscriber terminates service. A subscriber may usually contact the provider to remove the lock for a fee, utilize private services to remove the lock, or make use of free or fee-based software and websites to unlock the handset themselves.

In some countries (e.g., Bangladesh, Brazil, Chile, Hong Kong, India, Lebanon, Malaysia, Pakistan, Singapore) all phones are sold unlocked. In others (e.g., Finland, Singapore) it is unlawful for operators to offer any form of subsidy on a phone's price.[10]
GSM service security
See also: UMTS security

GSM was designed with a moderate level of service security. The system was designed to authenticate the subscriber using a pre-shared key and challenge-response. Communications between the subscriber and the base station can be encrypted. The development of UMTS introduces an optional Universal Subscriber Identity Module (USIM), that uses a longer authentication key to give greater security, as well as mutually authenticating the network and the user – whereas GSM only authenticates the user to the network (and not vice versa). The security model therefore offers confidentiality and authentication, but limited authorization capabilities, and no non-repudiation.

GSM uses several cryptographic algorithms for security. The A5/1, A5/2 and A5/3 stream ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other countries. Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in real-time with a ciphertext-only attack, and in January 2007, The Hacker's Choice started the A5/1 cracking project with plans to use FPGAs that allow A5/1 to be broken with a rainbow table attack.[11] The system supports multiple algorithms so operators may replace that cipher with a stronger one.

On 28 December 2009 German computer engineer Karsten Nohl announced that he had cracked the A5/1 cipher.[12] According to Nohl, he developed a number of rainbow tables (static values which reduce the time needed to carry out an attack) and have found new sources for known plaintext attacks. He also said that it is possible to build "a full GSM interceptor ... from open source components" but that they had not done so because of legal concerns.[13] An update by Nancy Owano on Dec. 27, 2011 on PhysOrg.com quotes Nohl as a "security expert", and details these concerns:

    Nohl said that he was able to intercept voice and text conversations by impersonating another user to listen to their voice mails or make calls or send text messages. Even more troubling was that he was able to pull this off using a seven-year-old Motorola cellphone and decryption software available free off the Internet.[14]

GSM was also mentioned in a Reuters story "Hackers say to publish emails stolen from Stratfor" on Yahoo! News.[15]

New attacks have been observed that take advantage of poor security implementations, architecture and development for smart phone applications. Some wiretapping and eavesdropping techniques hijack[16] the audio input and output providing an opportunity for a 3rd party to listen in to the conversation. At present such attacks often come in the form of a Trojan, malware or a virus and might be detected by security software.[citation needed][original research?]

GSM uses General Packet Radio Service (GPRS) for data transmissions like browsing the web. The most commonly deployed GPRS ciphers were publicly broken in 2011, and the evidence indicates that they were once again intentionally left weak by the mobile industry designers.[17]

The researchers revealed flaws in the commonly used GEA/1 and GEA/2 ciphers and published the open source "gprsdecode" software for sniffing GPRS networks. They also noted that some carriers don't encrypt the data at all (i.e. using GEA/0) in order to detect the use of traffic or protocols they don't like, e.g. Skype, leaving their customers unprotected. GEA/3 seems to remain relatively hard to break and is said to be in use on some more modern networks. If used with USIM to prevent connections to fake base stations and downgrade attacks, users will be protected in the medium term, though migration to 128-bit GEA/4 is still recommended.

Since GEA/0, GEA/1 and GEA/2 are widely deployed, applications should use SSL/TLS for sensitive data, as they would on wi-fi networks.
Standards information

The GSM systems and services are described in a set of standards governed by ETSI, where a full list is maintained.[18]
GSM open-source software

Several open-source software projects exist that provide certain GSM features:

    gsmd daemon by Openmoko[19]
    OpenBTS develops a Base transceiver station
    The GSM Software Project aims to build a GSM analyzer for less than $1000[20]
    OsmocomBB developers intend to replace the proprietary baseband GSM stack with a free software implementation[21]

Issues with patents and open source

Patents remain a problem for any open-source GSM implementation, because it is not possible for GNU or any other free software distributor to guarantee immunity from all lawsuits by the patent holders against the users. Furthermore new features are being added to the standard all the time which means they have patent protection for a number of years.[citation needed]

The original GSM implementations from 1991 are now entirely free of patent encumbrances and it is expected that OpenBTS will be able to implement features of that initial specification without limit and that as patents subsequently expire, those features can be added into the open source version. As of 2011, there have been no law suits against users of OpenBTS over GSM use.[citation needed]
See also

    Enhanced Data Rates for GSM Evolution (EDGE)
    Long Term Evolution (LTE)
    Personal communications network (PCN)
    Nordic Mobile Telephone (NMT)
    International Mobile Subscriber Identity (IMSI)
    MSISDN Mobile Subscriber ISDN Number
    Visitors Location Register (VLR)
    Um interface
    GSM-R (GSM-Railway)
    GSM services
        Cell Broadcast
        GSM localization
        Multimedia Messaging Service (MMS)
        NITZ Network Identity and Time Zone
        Wireless Application Protocol (WAP)
    Network simulation Simulation of GSM networks
        Comparison of mobile phone standards
        GEO-Mobile Radio Interface
        Intelligent Network
        Parlay X
        RRLP – Radio Resource Location Protocol
        GSM 03.48 – Security mechanisms for the SIM application toolkit
    RTP audio video profile
    Enhanced Network Selection (ENS)
    Huawei SingleRAN: RAN technology that allows migration from GSM to UMTS or simultaneous use of both.


    ^ Leader (7 September 2007). "Happy 20th Birthday, GSM". zdnet.co.uk. CBS Interactive. Archived from the original on 5 May 2011. Retrieved 5 May 2011. "Before GSM, Europe had a disastrous mishmash of national analogue standards in phones and TV, designed to protect national industries but instead creating fragmented markets vulnerable to big guns from abroad."
    ^ "GSM". etsi.org. European Telecommunications Standards Institute. 2011. Archived from the original on 5 May 2011. Retrieved 5 May 2011. "GSM was designed principally for voice telephony, but a range of bearer services was defined...allowing circuit-switched data connections at up to 9600 bits/s."
    ^ a b c d e "History". gsmworld.com. GSM Association. 2001. Archived from the original on 5 May 2011. Retrieved 5 May 2011. "1982 Groupe Speciale Mobile (GSM) is formed by the Confederation of European Posts and Telecommunications (CEPT) to design a pan-European mobile technology."
    ^ "Cellular History". etsi.org. European Telecommunications Standards Institute. 2011. Archived from the original on 5 May 2011. Retrieved 5 May 2011. "The task was entrusted to a committee known as Groupe Spécial Mobile (GSMTM), aided by a 'permanent nucleus' of technical support personnel, based in Paris."
    ^ "Maailman ensimmäinen GSM-puhelu [World's first GSM call]". yle.fi. Yelisradio OY. 22 February 2008. Archived from the original on 5 May 2011. Retrieved 5 May 2011. "Harri Holkeri made the first call on the Radiolinja (Elisa's subsidiary) network, at the opening ceremony in Helsinki on 07.01.1991."
    ^ "GSM World statistics". gsmworld.com. GSM Association. 2010. Retrieved 8 June 2010.
    ^ "3G Get Ready". Bureau of Telecommications Regulation, The Government of Macao Special Administrative Region. Retrieved 5 April 2012.
    ^ Motorola Demonstrates Long Range GSM Capability – 300% More Coverage With New Extended Cell.
    ^ "GSM 06.51 version 4.0.1" (ZIP). ETSI. December 1997. Retrieved 5 September 2007.
    ^ Victoria Shannon (2007). "iPhone Must Be Offered Without Contact Restrictions, German Court Rules". The New York Times. Retrieved 2 February 2011.
    ^ "The A5/1 Cracking Project". http://www.scribd.com. Retrieved 03 Nov 2011.
    ^ Kevin J. O'Brien (28 December 2009). "Cellphone Encryption Code Is Divulged". New York Times.
    ^ "A5/1 Cracking Project". Retrieved 30 December 2009.
    ^ Owano, Nancy (Dec. 27, 2011). "GSM phones -- call them unsafe, says security expert". Archived from the original on Dec. 27, 2011. Retrieved Dec. 27, 2011. "Nohl said that he was able to intercept voice and text conversations by impersonating another user to listen to their voice mails or make calls or send text messages. Even more troubling was that he was able to pull this off using a seven-year-old Motorola cellphone and decryption software available free off the Internet."
    ^ Finkle, Jim; Orlofsky, Steve; (Dec. 27, 2011). "Hackers say to publish emails stolen from Stratfor". Reuters. Archived from the original on Dec. 28, 2011. Retrieved Dec. 28, 2011. "Separately, a German expert on mobile phone security said that flaws in the widely used GSM wireless technology could allow hackers to gain remote control of phones and instruct them to send text messages or make calls."
    ^ "cPanel". Infosecurityguard.com. Retrieved 30 August 2010.
    ^ "Codebreaker Karsten Nohl: Why Your Phone Is Insecure By Design". Forbes.com. 2011-08-12. Retrieved 2011-08-13.
    ^ "GSM UMTS 3GPP Numbering Cross Reference". ETSI. Retrieved 30 December 2009.
    ^ "Gsmd – Openmoko". Wiki.openmoko.org. 8 February 2010. Retrieved 22 April 2010.
    ^ "The Hacker's Choice Wiki". Retrieved 30 August 2010.
    ^ "OsmocomBB". Bb.osmocom.org. Retrieved 22 April 2010.

Further reading

    Redl, Siegmund M.; Weber, Matthias K.; Oliphant, Malcolm W (February 1995). An Introduction to GSM. Artech House. ISBN 978-0-89006-785-7.
    Redl, Siegmund M.; Weber, Matthias K.; Oliphant, Malcolm W (April 1998). GSM and Personal Communications Handbook. Artech House Mobile Communications Library. Artech House. ISBN 978-0-89006-957-8.
    Hillebrand, Friedhelm, ed. (Devember 2001). GSM and UMTS, The Creation of Global Mobile Communications. John Wiley & Sons. ISBN 978-0-470-84322-2.
    Mouly, Michel; Pautet, Marie-Bernardette (June 2002). The GSM System for Mobile Communications. Telecom Publishing. ISBN 978-0-945592-15-0.
    Salgues, Salgues B. (April 1997). Les télécoms mobiles GSM DCS. Hermes (2nd ed.). Hermes Sciences Publications. 


برچسب‌ها: gsm
+ نوشته شده در  چهارشنبه چهاردهم تیر 1391ساعت 14:27  توسط بهار  |