GSM Network Architecture

Figure 1. Layout of generic GSM network

GSM Network consists of three main parts:

 Mobile Station (MS) carried by the subscriber

 Base Station Subsystem (BSS) controls radio link with mobile station

 Network & Switching Subsystem (NSS) mobility management and switching of calls between mobile users,
and between mobile and fixed network users.

Mobile Station

Consists of:

 Mobile Equipment (ME) such as hand portable and vehicle mounted unit
 Subscriber Identity Module (SIM), which contains the entire customer related information (identification, secret
key for authentication, etc.)

Base Station Subsystem

Consists of:
  Base Transceiver Station (BTS) defines a cell and is responsible for radio link protocols with the Mobile Station
 Base Station Controller (BSC) controls multiple BTSs and manages radio channel setup, and handovers. The
BSC is the connection between the Mobile Station and Mobile Switching Center.

Network and Switching Subsystems

Consists of:

 Mobile Switching Center (MSC) is the central component of the NSS. Operates all switching functions for the
mobiles within its jurisdiction. Interface between mobile and other (including fixed) network. Its functions:

 Manages the location of mobiles

 Switches calls

 Manages Security features

 Controls handover between BSCs

 Resource management

 Interworks with and manages network databases

 Collects call billing data and sends to billing system

 Collects traffic statistics for performance monitoring

 Network Databases ? Home Location Register and Visitor Location Register together with MSC provides the
call routing and roaming capabilities of GSM.

 Home Location Register (HLR) contains all the subscriber information for the purposes of call
control, and location determination. There is logically one HLR per GSM network, although it
may be implemented as a distributed database.

 Visitors Location Register (VLR) is only a temporary storage while the particular subscriber is
located in the geographical area controlled by the MSC/VLR. Contains only the necessary
information provision of subscribed services.

 Authentication Center (AuC) is a protected database that stores the security information for
each subscriber (a copy of the secret key stored in each SIM).

 Equipment Identity Register (EIR) is a list of all valid mobile equipment on the network.

Radio Link ? Physical Layer

As we have mentioned above radio spectrum is very limited resource shared by all users. The method to divide up the
bandwidth among as many users as possible, chosen by GSM, is a combination of Time- and Frequency-Division Multiple
Access (TDMA/FDMA). FDMA divides frequency bandwidth of the (maximum) 25 MHz into 124 carrier frequencies. Each Base
Station (BS) is assigned one or more carrier frequencies. Using a TDMA scheme each carrier frequency is divided in time,
which forms logical channels.  

Time Division Multiple Access (TDMA) - the users take turns (in a round robin), each one periodically getting the entire
bandwidth for a little burst of time. 

Frequency Division Multiple Access (FDMA) - the frequency spectrum is divided among the logical channels, with each user
having exclusives possession of some frequency band.

 
Mobile unit can be in two modes

 Idle - listening
 Dedicated ? sending/receiving data

There are two kinds of channels:

 Traffic channels (TCH) carry speech and data traffic.  

Figure 2. Organization of bursts, TDMA frames, and multiframes for speech and data

The fundamental unit of time in TDMA scheme is called a burst period and it lasts 15/26 msec. Eight bust periods are grouped
in one TDMA frame (120/26 msec), which forms a basic unit of logical channels. One physical channel is one burst period per
TDMA frame. 

Traffic channels are defined as 26-frame multiframe. 26-frame multiframe lasts 120 msec (26 * 120/26). Out of 26 frames, 24 are
for traffic, 1 is used for Slow Associated Control Channel (SACCH), and 1 is currently unused.

 Control channels used by idle mode mobiles to exchange signaling information, required changing to dedicated
mode. Mobiles in dedicated mode monitor the surrounding Base Stations for handover and other information.
The Control channels include:

 Broadcast Control Channel (BCCH) serves for BS identification, broadcasts, and frequency
allocations.

 Frequency Correction Channel (FCCH) and Synchronization Channel (SCH) ? used for
synchronization, and physical layer definition (time slots, burst time?)

 Random Access Channel (RACH) used by mobile to request access to the network.

 Paging Channel (PCH) used for locating the mobile user

 Access Grant Channel (AGCH) used to obtain a dedicated channel. (Following the request of
RACH)

Speech coding

The speech is analog, so in order to be transmitted over digital communication it should be digitized. The method used by
GSM is Regular Pulse Excited ? Linear Predictive Coder (RPE-LPC) with a Long Term Predictor loop.  The main idea behind
this smart-looking name is simple. Speech is divided into 20 millisecond samples; current sample may be predicted from
previous samples, that?s due to slow change of voice patterns. Predicted and real information are compared and the
difference is saved. Each 20-millisecond sample is encoded using 260 bits (that requires 13 kbps). Testing let to distinguish
three classes of bits out of 260, that are classified by they sensitivity to errors. The most sensitive class has CRC and together
with moderate sensitivity class is encoded using ? rate convolutional encoder of length 4 ? each input bit is encoded as two
bits, based on 4 previous bits. Thus we have 456 bits per 20 milliseconds sample (that requires 22.8 kbps).

 
Discontinuous transmission

The idea is based on the fact that a person speaks less than 40% of time in normal conversation, so turning the transmitter off
can save power. In order to distinguish voice and background noise, very accurate Voice Activity Detector should be used.
While transmitter is off, the receiving end will hear a total silence, that?s due to digital transmission. To avoid this, comfort
noise is generated trying to match the characteristics of background noise.

Discontinuous reception

While being in idle mode mobile station has to listen only to Paging Channel, that uses almost no power.

Power Control

To minimize co-channel interference and to conserve power, both the mobile and BTS operate at the lowest power level that
will maintain an acceptable signal quality. Mobile decides that power level is acceptable using bit errors ratio.

Network Aspects

Figure 3. Signaling protocol structure in GSM  

 Layer 1 is the physical layer.

 Layer 2 is the data link layer.

 Layer 3 is the GSM signaling protocol.

  
We have already seen structure used by physical layer, so we won?t expand it any more. Data layer is modified version of
some protocol used in ISDN and in Signaling System Number 7. So the only interesting thing that is left for us is Layer 3 - GSM
signaling protocol. Layer 3 is itself divided into three sub-layers.

 Radio Resource Management

 Mobility Management

 Connection Management

Radio Resource Management (RR-Layer)

The RR-Layer is concerned with the management of RR-session, which is the time that a mobile is in dedicated mode, as well
as the configuration of radio channels. In addition RR-Layer manages power control, discontinues transmission and reception,
and handovers.

Handover (handoff) is switching of an on-going call to a different channel or cell.

There are four types of handovers

 Switching channels in the same cell.

 Switching cells under control of the same Base Station Controller (BSC)

 Switching cells under the control of different BSCs, but belonging to the same Mobil service Switching Center (MSC)

 Switching cells under control of different MSCs.

The first two types of handover, called internal because they involve only BSC, and MSC is notified only on completion of the
handover.

The last two types of handover, called external because they involve MSC.

Handover may be initiated by MSC (traffic balancing) or by mobile unit.  The mobile unit always scans Broadcast Control
Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover. This information is
transmitted to current Base Station at least once per second. BSC and MSC use this information for handover algorithm.

One of the problems while making handover decision is whether the poor signal quality is due to physical interference or
mobile having moved to another cell. There are two basic algorithms for making handover decision:

 Minimum acceptable performance. If signal degrades beyond some point, then transmission power is increased. If
power increase does not lead to improve then handover is performed. Disadvantages: increasing transmission
power may cause interference with neighbor cell.
 Power budget. Uses handover to improve transmission quality in the same or lower power level. This method avoids
neighbor cell interference, but is quite complicated.

Mobility Management (MM-Layer)

Manages problem that arise from mobility of the subscriber. The ideal situation is when system always knows where the
subscriber is located (what cell) in each moment. But this will cause the subscriber to update the system on every move, and
this means a lot of obsolete update messages, wasting bandwidth. Another extreme situation is when system never knows
subscriber?s position, but this will cause the system to look for the user over the whole geographical area, that means a lot of
paging messages on every terminating call. Strategy used by GSM is as following, group of neighbor cells is grouped in one
location area and subscriber updates its position when moving from one location area to another. Paging is done only in the
current location area. The only question is "what division of cells to location areas is optimal?". There are various algorithm
for solving this problem, they are mostly based statistical data.

Figure 4. Registering to Mobile Switching Center (MSC).

As seen form Figure 4, when a subscriber registers to MSC it sends registration message that contains subscriber?s
information. MSC updates its VLR and sends a message to subscriber?s HLR.  

Authentication and security

Since the radio medium may be accessed by anyone, authentication is used to prove that the users are who they claim to be.
Each subscriber is given a secret key that is recorded in subscriber?s SIM and Authentication Center (AuC), during
authentication AuC generates a random number that is sent to mobile. Using the secret key and this random number mobile
produces a response using ciphering algorithm A3. The response number should be equal to the one calculated by AuC.

The same initial random number in conjunction with secret key is used to generate the ciphering key using A8 algorithm. This
ciphering key together with TDMA frame number is used compute a sequence that is XORed with the sent data.

Connection Management. (CM-Layer)

Figure 5. Paging process.

An incoming mobile termination call is directed to Gateway MSC (GMSC). GMSC is basically a switch, which is able to
interrogate the subscribers HLR to obtain routing information. The routing information that is returned to GMS is the Mobile
Station Roaming Number (MSRN). MSRN are related to the geographical numbering plan, and not assigned to subscribers. To
obtain subscriber?s MSRN, subscriber?s HLR have to query subscriber?s current VLR.