CELLULER NETWORK Technology GSM

SR.NO TOPIC NAME

1 Introduction

2 Concept

3 Cellular Technologies

4 GSM Introduction

5 History

6 GSM Architecture

7 Advantages/Disadvantages

8 GSM Services

INTRODUCTION

SJPI Page 1
 CELLULER NETWORK Technology GSM

A cellular network is a radio network distributed over land areas called cells, each served
by at least one fixed-location transceiver known as a cell site or base station. When joined
together these cells provide radio coverage over a wide geographic area. This enables a large
number of portable transceivers (e.g., mobile phones, pagers, etc.) to communicate with each
other and with fixed transceivers and telephones anywhere in the network, via base stations, even
if some of the transceivers are moving through more than one cell during transmission.

Cellular networks offer a number of advantages over alternative solutions:

• increased capacity
• reduced power use
• larger coverage area
• reduced interference from other signals

An example of a simple non-telephone cellular system is an old taxi driver’s radio system
where the taxi company has several transmitters based around a city that can communicate
directly with each taxi.

SJPI Page 2
 CELLULER NETWORK Technology GSM

CONCEPT OF CELLULER NETWORK

In a cellular radio system, a land area to be supplied with radio service is divided into
regular shaped cells, which can be hexagonal, square, circular or some other irregular shapes,
although hexagonal cells are conventional. Each of these cells is assigned multiple frequencies (f1
- f6) which have corresponding radio base stations. The group of frequencies can be reused in
other cells, provided that the same frequencies are not reused in adjacent neighboring cells as
that would cause co-channel interference.

The increased capacity in a cellular network, compared with a network with a single
transmitter, comes from the fact that the same radio frequency can be reused in a different area
for a completely different transmission. If there is a single plain transmitter, only one
transmission can be used on any given frequency. Unfortunately, there is inevitably some level
of interference from the signal from the other cells which use the same frequency. This means
that, in a standard FDMA system, there must be at least a one cell gap between cells which reuse
the same frequency.

In the simple case of the taxi company, each radio had a manually operated channel
selector knob to tune to different frequencies. As the drivers moved around, they would change
from channel to channel. The drivers know which frequency covers approximately what area.
When they do not receive a signal from the transmitter, they will try other channels until they
find one that works. The taxi drivers only speak one at a time, when invited by the base station
operator (in a sense TDMA).

Example of frequency reuses factor or pattern ¼

SJPI Page 3
 CELLULER NETWORK Technology GSM

Handover or handoff
In cellular telecommunications, the term handover or handoff refers to the process of
transferring an ongoing call or data session from one channel connected to the core network to
another. In satellite communications it is the process of transferring satellite control
responsibility from one earth station to another without loss or interruption of service.

American English tends to use the term handoff, and this is most commonly used within
some American organizations such as 3GPP2 and in American originated technologies such as
CDMA2000. In British English the term handover is more common, and is used within
international and European organizations such as ITU-T, IETF, ETSI and 3GPP, and
standardized within European originated standards such as GSM and UMTS. The term handover
is more common than handoff in academic research publications and literature, while handoff is
slightly more common within the IEEE and ANSI organizations.

Purpose

n telecommunications there may be different reasons why a handover might be conducted:

• when the phone is moving away from the area covered by one cell and entering the area
covered by another cell the call is transferred to the second cell in order to avoid call
termination when the phone gets outside the range of the first cell;
• when the capacity for connecting new calls of a given cell is used up and an existing or
new call from a phone, which is located in an area overlapped by another cell, is

SJPI Page 4
 CELLULER NETWORK Technology GSM

transferred to that cell in order to free-up some capacity in the first cell for other users,
who can only be connected to that cell;
• in non-CDMA networks when the channel used by the phone becomes interfered by
another phone using the same channel in a different cell, the call is transferred to a
different channel in the same cell or to a different channel in another cell in order to
avoid the interference;
• again in non-CDMA networks when the user behavior changes, e.g. when a fast-
travelling user, connected to a large, umbrella-type of cell, stops then the call may be
transferred to a smaller macro cell or even to a micro cell in order to free capacity on the
umbrella cell for other fast-traveling users and to reduce the potential interference to
other cells or users (this works in reverse too, when a user is detected to be moving faster
than a certain threshold, the call can be transferred to a larger umbrella-type of cell in
order to minimize the frequency of the handovers due to this movement);
• in CDMA networks a soft handoff (see further down) may be induced in order to reduce
the interference to a smaller neighboring cell due to the "near-far" effect even when the
phone still has an excellent connection to its current cell;
• etc.

The most basic form of handover is when a phone call in progress is redirected from its
current cell (called source) and its used channel in that cell to a new cell (called target) and a
new channel. In terrestrial networks the source and the target cells may be served from two
different cell sites or from one and the same cell site (in the latter case the two cells are usually
referred to as two sectors on that cell site). Such a handover, in which the source and the target
are different cells (even if they are on the same cell site) is called inter-cell handover. The
purpose of inter-cell handover is to maintain the call as the subscriber is moving out of the area
covered by the source cell and entering the area of the target cell.

A special case is possible, in which the source and the target are one and the same cell and only
the used channel is changed during the handover. Such a handover, in which the cell is not
changed, is called intra-cell handover. The purpose of intra-cell handover is to change one
channel, which may be interfered or fading with a new clearer or less fading channel.

SJPI Page 5
 CELLULER NETWORK Technology GSM

Types of handover
In addition to the above classification of inter-cell and intra-cell classification of handovers,
they also can be divided into hard and soft handovers:

• A hard handover is one in which the channel in the source cell is released
and only then the channel in the target cell is engaged. Thus the connection
to the source is broken before the connection to the target is made—for this
reason such handovers are also known as break-before-make. Hard
handovers are intended to be instantaneous in order to minimize the
disruption to the call. A hard handover is perceived by network engineers as
an event during the call.
• A soft handover is one in which the channel in the source cell is retained
and used for a while in parallel with the channel in the target cell. In this case
the connection to the target is established before the connection to the
source is broken, hence this handovers is called make-before-break. The
interval, during which the two connections are used in parallel, may be brief
or substantial. For this reason the soft handovers is perceived by network
engineers as a state of the call, rather than a brief event. Soft handovers may
involve using connections to more than two cells, e.g. connections to three,
four or more cells can be maintained by one phone at the same time. When a
call is in a state of soft handovers the signal of the best of all used channels
can be utilised for the call at a given moment or all the signals can be
combined to produce a clearer copy of the signal. The latter is more
advantageous, and when such combining is performed both in the downlink
(forward link) and the uplink (reverse link) the handover is termed as softer.
Softer handovers are possible when the cells involved in the handovers have
a single cell site .

Cellular Network Technologies

SJPI Page 6
 CELLULER NETWORK Technology GSM

CDMA
Code division multiple access (CDMA) is a channel access method used by various
radio communication technologies. It should not be confused with the mobile phone standards
called cdmaOne and CDMA2000 (which are often referred to as simply CDMA), which use
CDMA as an underlying channel access method.

One of the basic concepts in data communication is the idea of allowing several
transmitters to send information simultaneously over a single communication channel. This
allows several users to share a band of frequencies (see bandwidth). This concept is called
Multiple Access. CDMA employs spread-spectrum technology and a special coding scheme
(where each transmitter is assigned a code) to allow multiple users to be multiplexed over the
same physical channel. By contrast, time division multiple access (TDMA) divides access by
time, while frequency-division multiple access (FDMA) divides it by frequency. CDMA is a
form of spread-spectrum signaling, since the modulated coded signal has a much higher data
bandwidth than the data being communicated.

An analogy to the problem of multiple access is a room (channel) in which people wish to
talk to each other simultaneously. To avoid confusion, people could take turns speaking (time
division), speak at different pitches (frequency division), or speak in different languages (code
division). CDMA is analogous to the last example where people speaking the same language can
understand each other, but other languages are perceived as noise and rejected. Similarly, in
radio CDMA, each group of users is given a shared code. Many codes occupy the same channel,
but only users associated with a particular code can communicate.

Advanced Mobile Phone System

Advanced Mobile Phone System (AMPS) was an analog mobile phone system standard
developed by Bell Labs, and officially introduced in the Americas in 1983, Israel in 1986, and
Australia in 1987It was the primary analog mobile phone system in North America (and other
locales) through the 1980s and into the 2000s. As of February 18, 2008, carriers in the United
States were no longer required to support AMPS and companies such as AT&T and Verizon

SJPI Page 7
 CELLULER NETWORK Technology GSM

have discontinued this service permanently. AMPS was discontinued in Australia in September
2000.

GSM
Global System for Mobile Communications, or GSM (originally from Groupe Spécial
Mobile), is the world's most popular standard for mobile telephone systems. The GSM
Association estimates that 80% of the global mobile market uses the standard. GSM is used by
over 1.5 billion people across more than 212 countries and territories. This ubiquity means that
subscribers can use their phones throughout the world, enabled by international roaming
arrangements between mobile network operators. GSM differs from its predecessor technologies
in that both signaling and speech channels are digital, and thus GSM is considered a second
generation (2G) mobile phone system. This also facilitates the wide-spread implementation of
data communication applications into the system.

The GSM standard has been an advantage to both consumers, who may benefit from the ability
to roam and switch carriers without replacing phones, and also to network operators, who can
choose equipment from many GSM equipment vendors. GSM also pioneered low-cost
implementation of the short message service (SMS), also called text messaging, which has since
been supported on other mobile phone standards as well. The standard includes a worldwide
emergency telephone number feature

History
In 1982, the European Conference of Postal and Telecommunications Administrations
(CEPT) created the Groupe Special Mobile (GSM) to develop a standard for a mobile telephone
system that could be used across Europe. In 1987, a memorandum of understanding was signed
by 13 countries to develop a common cellular telephone system across Europe. In 1989, GSM
responsibility was transferred to the European Telecommunications Standards Institute (ETSI)
and phase I of the GSM specifications were published in 1990. The first GSM network was
launched in 1991 by Radiolinja in Finland with joint technical infrastructure maintenance from
Ericsson By the end of 1993, over a million subscribers were using GSM phone networks being
operated by 70 carriers across 48 countries.
SJPI Page 8
 CELLULER NETWORK Technology GSM

Technical details
GSM is a cellular network, which means that mobile phones connect to it by searching
for cells in the immediate vicinity. There are five different cell sizes in a GSM network—macro,
micro, pico, femto and umbrella cells. The coverage area of each cell varies according to the
implementation environment. Macro cells can be regarded as cells where the base station antenna
is installed on a mast or a building above average roof top level. Micro cells are cells whose
antenna height is under average roof top level; they are typically used in urban areas. Picocells
are small cells whose coverage diameter is a few dozen metres; they are mainly used indoors.
Femtocells are cells designed for use in residential or small business environments and connect
to the service provider’s network via a broadband internet connection. Umbrella cells are used to
cover shadowed regions of smaller cells and fill in gaps in coverage between those cells.

Cell horizontal radius varies depending on antenna height, antenna gain and propagation
conditions from a couple of hundred meters to several tens of kilometres. The longest distance
the GSM specification supports in practical use is 35 kilometres (22 mi). There are also several
implementations of the concept of an extended cell, where the cell radius could be double or
even more, depending on the antenna system, the type of terrain and the timing advance.

Indoor coverage is also supported by GSM and may be achieved by using an indoor picocell base
station, or an indoor repeater with distributed indoor antennas fed through power splitters, to
deliver the radio signals from an antenna outdoors to the separate indoor distributed antenna
system. These are typically deployed when a lot of call capacity is needed indoors; for example,
in shopping centers or airports. However, this is not a prerequisite, since indoor coverage is also
provided by in-building penetration of the radio signals from any nearby cell.

The modulation used in GSM is Gaussian minimum-shift keying (GMSK), a kind of continuous-
phase frequency shift keying. In GMSK, the signal to be modulated onto the carrier is first
smoothed with a Gaussian low-pass filter prior to being fed to a frequency modulator, which
greatly reduces the interference to neighboring channels (adjacent-channel interference).

GSM Architecture

SJPI Page 9
 CELLULER NETWORK Technology GSM

Radio
cells

RS
S

NS
S

OS
S

A GSM system consist of three subsystem

1. RSS (RADIO SUB SYSTEM)

2. NSS (Network and switching sub system)

3. OSS (operation subsystem)

Radio sub system

SJPI Page 10
 CELLULER NETWORK Technology GSM

As the name implies Radio subsystem (RSS) comprises all radio specific entities i.e., the
mobile stations (MS) and base station subsystem(BSS) as above figure shows the connection
between The RSS & NSS via the a Interface(solid line) and the connection to oss via the O
interface(dashed lines)

The A inter face is typically based on circuit switched PCM-30 systems (2.048 Mbit/s),carrying
up to 30 64 kbit/s connections whereas the O interface uses the signaling system No,7(SS7)
based on X.25 carrying management data to/from the RSS.

Base Satiation subsystem (BSS)

GSM network comprises many BSSs, each controlled by base station controller(BSC).
The BSS performs all function necessary to maintain radio communications to an MS coding
decoding voice and rate adaptation to /from the wireless network part.

Base transceiver station (BTS):

A base transceiver station (BTS) or cell site is a piece of equipment that facilitates wireless
communication between user equipment (UE) and a network. UEs are devices like mobile
phones (handsets), WLL phones, computers with wireless internet connectivity, Wi-Fi and
WiMAX gadgets etc. The network can be that of any of the wireless communication
technologies like GSM, CDMA,

BTS is also referred to as the radio base station (RBS), node B (in 3G Networks) or, simply, the
base station (BS). For discussion of the LTE standard the abbreviation eNB for enhanced node B
is widely used.

Base station controller (BSC)

The base station controller (BSC) provides, classically, the intelligence behind the BTSs.
Typically a BSC has tens or even hundreds of BTSs under its control. The BSC handles allocation of
radio channels, receives measurements from the mobile phones, and controls handovers from BTS to BTS
(except in the case of an inter-BSC handover in which case control is in part the responsibility of the
anchor MSC). A key function of the BSC is to act as a concentrator where many different low capacity
connections to BTSs (with relatively low utilization) become reduced to a smaller number of connections

SJPI Page 11
 CELLULER NETWORK Technology GSM

towards the mobile switching center (MSC) (with a high level of utilization). Overall, this means that
networks are often structured to have many BSCs distributed into regions near their BTSs which are then
connected to large centralized MSC sites.

The BSC is undoubtedly the most robust element in the BSS as it is not only a BTS
controller but, for some vendors, a full switching center, as well as an SS7 node with connections
to the MSC and serving GPRS support node (SGSN) (when using GPRS). It also provides all the
required data to the operation support subsystem (OSS) as well as to the performance measuring
centers.

A BSC is often based on a distributed computing architecture, with redundancy applied to

critical functional units to ensure availability in the event of fault conditions. Redundancy often
extends beyond the BSC equipment itself and is commonly used in the power supplies and in the
transmission equipment providing the A-ter interface to PCU.

The databases for all the sites, including information such as carrier frequencies,
frequency hopping lists, power reduction levels, receiving levels for cell border calculation, are
stored in the BSC. This data is obtained directly from radio planning engineering which involves
modeling of the signal propagation as well as traffic projections.

Mobile Station (MS):

The mobile station (MS) comprises all user equipment and software needed for
communication with a mobile network.

The mobile station refers to global system connected to the mobile network, i.e. mobile
phone or mobile computer connected using a mobile broadband adapter. This is the terminology
of 2G systems like GSM. In the 3G systems, mobile station (MS) is now referred as user
equipment (UE).

In GSM, the mobile station consists of four main components:

• Mobile Termination (MT) - offers common functions of a such as: radio Transmission
and handover, speech encoding and decoding, Error detection and correction, signaling

SJPI Page 12
 CELLULER NETWORK Technology GSM

and access to the SIM. The IMEI code is attached to the MT. It is equivalent to the
network termination of an ISDN access.
• Terminal Equipment (TE) - is any device connected to the MS offering services to the
user. It does not contain any functions specific to GSM.
• Terminal adapter (TA) - Provides access to the MT as if it was an ISDN network
termination with extended capabilities. Communication between the TE and MT over the
TA takes place using AT commands.
• Subscriber Identity Module (SIM) - is a removable subscriber identification token
storing the IMSI a unique key shared with the mobile network operator and other data.

In a mobile phone, the MT, TA and TE are enclosed in the same case. However, the MT and TE
functions are often performed by distinct processors. The application processor serves as a TE,
while the baseband processor serves as a MT, communication between both takes place over a
bus using AT commands, which serves as a TA.

Network and switching subsystem

The heart of “GSM” system is formed by the network and switching subsystem(NSS) The
NSS connects the wireless Network with standard public networks ,performs handovers
between different BSSs.

The NSS consist of the following switches and databases:

Mobile services switching center (MSC):

The mobile switching center (MSC) is the primary service delivery node for
GSM/CDMA, responsible for routing voice calls and SMS as well as other services (such as
conference calls, FAX and circuit switched data).

The MSC sets up and releases the end-to-end connection, handles mobility and hand-
over requirements during the call and takes care of charging and real time pre-paid account
monitoring.

SJPI Page 13
 CELLULER NETWORK Technology GSM

In the GSM mobile phone system, in contrast with earlier analogue services, fax and data
information is sent directly digitally encoded to the MSC. Only at the MSC is this re-coded into
an "analogue" signal (although actually this will almost certainly mean sound encoded digitally
as PCM signal in a 64-kbit/s timeslot, known as a DS0 in America).

There are various different names for MSCs in different contexts which reflects their
complex role in the network, all of these terms though could refer to the same MSC, but doing
different things at different times.

The Gateway MSC (G-MSC) is the MSC that determines which visited MSC the
subscriber who is being called is currently located. It also interfaces with the PSTN. All mobile
to mobile calls and PSTN to mobile calls are routed through a G-MSC. The term is only valid in
the context of one call since any MSC may provide both the gateway function and the Visited
MSC function, however, some manufacturers design dedicated high capacity MSCs which do not
have any BSSs connected to them. These MSCs will then be the Gateway MSC for many of the
calls they handle.

The visited MSC (V-MSC) is the MSC where a customer is currently located. The VLR
associated with this MSC will have the subscriber's data in it.

The anchor MSC is the MSC from which a handover has been initiated. The target
MSC is the MSC toward which a Handover should take place. A mobile switching centre server
is a part of the redesigned MSC concept starting from 3GPP Release 4

Home location register (HLR)

The home location register (HLR) is a central database that contains details of each
mobile phone subscriber that is authorized to use the GSM core network. There can be several
logical, and physical, HLRs per public land mobile network (PLMN), though one international
mobile subscriber identity (IMSI)/MSISDN pair can be associated with only one logical HLR
(which can span several physical nodes) at a time.

SJPI Page 14
 CELLULER NETWORK Technology GSM

The HLRs store details of every SIM card issued by the mobile phone operator. Each SIM has a
unique identifier called an IMSI which is the primary key to each HLR record.

The next important items of data associated with the SIM are the MSISDNs, which are the
telephone numbers used by mobile phones to make and receive calls. The primary MSISDN is
the number used for making and receiving voice calls and SMS, but it is possible for a SIM to
have other secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a
primary key to the HLR record. The HLR data is stored for as long as a subscriber remains with
the mobile phone operator.

Examples of other data stored in the HLR against an IMSI record is:

• GSM services that the subscriber has requested or been given.

• GPRS settings to allow the subscriber to access packet services.
• Current location of subscriber (VLR and serving GPRS support node/SGSN).
• Call divert settings applicable for each associated MSISDN.

The HLR is a system which directly receives and processes MAP transactions and messages
from elements in the GSM network, for example, the location update messages received as
mobile phones roam around.

Visitor location register (VLR)

The visitor location register is a database of the subscribers who have roamed into the
jurisdiction of the MSC (Mobile Switching Center) which it serves. Each base station in the
network is served by exactly one VLR, hence a subscriber cannot be present in more than one
VLR at a time.

The data stored in the VLR has either been received from the HLR, or collected from the MS
(Mobile station). In practice, for performance reasons, most vendors integrate the VLR directly
to the V-MSC and, where this is not done, the VLR is very tightly linked with the MSC via a
proprietary interface. Whenever an MSC detects a new MS in its network, in addition to creating
a new record in the VLR, it also updates the HLR of the mobile subscriber, apprising it of the

SJPI Page 15
 CELLULER NETWORK Technology GSM

new location of that MS. If VLR data is corrupted it can lead to serious issues with text
messaging and call services.

Data stored include:

• IMSI (the subscriber's identity number).

• Authentication data.
• MSISDN (the subscriber's phone number).
• GSM services that the subscriber is allowed to access.
• access point (GPRS) subscribed.
• The HLR address of the subscriber.

Other GSM core network elements connected to the VLR

The VLR connects to the following elements:

• The V-MSC to pass required data for its procedures; e.g., authentication or call setup.
• The HLR to request data for mobile phones attached to its serving area.
• Other VLRs to transfer temporary data concerning the mobile when they roam into new
VLR areas. For example, the temporal mobile subscriber identity (TMSI).

Procedures implemented

The primary functions of the VLR are:

• To inform the HLR that a subscriber has arrived in the particular area covered by the
VLR.
• To track where the subscriber is within the VLR area (location area) when no call is
ongoing.
• To allow or disallow which services the subscriber may use.
• To allocate roaming numbers during the processing of incoming calls.
• To purge the subscriber record if a subscriber becomes inactive whilst in the area of a
VLR. The VLR deletes the subscriber's data after a fixed time period of inactivity and

SJPI Page 16
 CELLULER NETWORK Technology GSM

informs the HLR (e.g., when the phone has been switched off and left off or when the
subscriber has moved to an area with no coverage for a long time).
• To delete the subscriber record when a subscriber explicitly moves to another, as
instructed by the HLR.

Operation Support Subsystem

The third part of GSM system is operation support sub system comprises the necessary
functions for network operation and maintenance. The OSS possess network entities of its own
and accesses other entities via ss7 signaling as above figure

The operations and maintenance center (OMC) is connected to all equipment in the
switching system and to the BSC. The implementation of OMC is called the operation and
support system (OSS). The OSS is the functional entity from which the network operator
monitors and controls the system. The purpose of OSS is to offer the customer cost-effective
support for centralized, regional, and local operational and maintenance activities that are
required for a GSM network. An important function of OSS is to provide a network overview
and support the maintenance activities of different operation and maintenance organizations.

The following entities have been defined:

Operation and maintainer center (OMC):

It Controls all other network entities via O interface typical OMC management functions
are traffic monitoring status reports of network entities, subscriber and security management, or
accounting and billing .OMCs use the concept of telecommunication management network
(TMN) as standardized by the ITU-T.

Authentication center(Auc):

As the radio interface and mobile stations are particularly vulnerable, a separate AuC
contains the algorithm for authentication as well as the keys for encryption and generates the
values needed for user authentication in the HLR the AuC may in fact be situated in a special
protected part of the HLR

SJPI Page 17
 CELLULER NETWORK Technology GSM

Equipment identity register(EIR):

The EIR is a database for all IMEIs, i.e., it stores all devices identifications registered for
this network. As MSs are mobile, they can be easily stolen. With a valid SIM, anyone could use
the stolen MS. The EIR has a black list of stolen (or LOCKED) devices .in Theory MS is useless
as soon as the owner has reported a theft.unfortunetley, the black list of different provides are
not usually synchronized and the illegal use of a device in another operator’s network is
possible .the EIR also contains a list of valid IMEIs(white list) ,and a list of malfunctioning
devices(qray list).

SJPI Page 18
 CELLULER NETWORK Technology GSM

Advantages of GSM

Identity Mobility
• One of the biggest advantages of the GSM network is its use of SIM, or subscriber
identity module, cards to identify users' phones. SIM cards are small chips that contain
information like a subscriber's phone number, contacts, preferences and other data. Users
can move a single SIM card from one phone to another, making it easy to transfer service
between phones without losing important data.

Coverage Area
• The GSM network extends around the world, allowing users of GSM phones to place
roaming calls from more locations that users of CDMA phones. Telecommunications
suppliers began building the GSM network in the mid-1980s, meaning that today it is
more extensive and technically refined than the less-mature networks, including CDMA.

Disadvantages of GSM
Phone Size
• One disadvantage of GSM phones is that they must be large enough to incorporate a SIM
card slot. This can place limits on the design of GSM-enabled phones, while cell phone
manufacturers can work more freely on designs for phones that are intended for other
cellular standards and require no SIM card.

Lack of American Presence

• Another significant disadvantage to the GSM network is its relative lack of visibility in
the United States. While US cell phone provider AT&T uses GSM technology, most
other US cell phone companies still rely on CDMA. Because of the recent growth in US
cell phone use, and the emergence of more complex cellular devices like smart phones,
GSM's lack of an American presence puts limits on its growth as a worldwide network
leader.

SJPI Page 19
 CELLULER NETWORK Technology GSM

Accessing a GSM network

In order to gain access to GSM services, a user needs three things:

• A billing relationship with a mobile phone operator. This is usually either where services
are paid for in advance of them being consumed (prepaid), or where bills are issued and
settled after the service has been consumed (postpaid).
• A mobile phone which is GSM compliant and operates at the same frequency as the
operator. Most phone companies sell phones from third-party manufacturers.
• A SIM ("Subscriber Identity Module") card which is activated by the operator once the
billing relationship is established. After activation the card is then programmed with the
subscriber's MSISDN ("Mobile Subscriber Integrated Services Digital Network
Number") (the telephone number). Personal information such as contact numbers of
friends and family can also be stored on the SIM by the subscriber.

After subscribers sign up, information about their identity (telephone number) and what services
they are allowed to access are stored in a "SIM record" in the Home Location Register (HLR).

Once the SIM card is loaded into the phone and the phone is powered on, it will search
for the nearest mobile phone mast (also called a Base Transceiver Station (BTS)) with the
strongest signal in the operator's frequency band. If a mast can be successfully contacted, then
there is said to be coverage in the area. The phone then identifies itself to the network through
the control channel. Once this is successfully completed, the phone is said to be attached to the
network.

The key feature of a mobile phone is the ability to receive and make calls in any area
where coverage is available. This is generally called roaming from a customer perspective, but
also called visiting when describing the underlying technical process. Each geographic area has a
database called the Visitor Location Register (VLR) which contains details of all the mobiles
currently in that area. Whenever a phone attaches, or visits, a new area, the Visitor Location
Register must contact the Home Location Register to obtain the details for that phone. The
current cellular location of the phone (i.e. which BTS it is at) is entered into the VLR record and

SJPI Page 20
 CELLULER NETWORK Technology GSM

will be used during a process called paging when the GSM network wishes to locate the mobile
phone.

Every SIM card contains a secret key, called the Ki, which is used to provide
authentication and encryption services. This is useful to prevent theft of service, and also to
prevent "over the air" snooping of a user's activity. The network does this by utilising the
Authentication Center and is accomplished without transmitting the key directly.

Every GSM phone contains a unique identifier (different from the phone number), called
the International Mobile Equipment Identity (IMEI). This can be found by dialling " *#06# ".
When a phone contacts the network, its IMEI may be checked against the Equipment Identity
Register to locate stolen phones and facilitate monitoring.

Voice calls

Outgoing

Once a mobile phone has successfully attached to a GSM network as described above,
calls may be made from the phone to any other phone on the global Public Switched Telephone
Network.

The user dials the telephone number, presses the send or talk key, and the mobile phone
sends a call setup request message to the mobile phone network via the nearest mobile phone
mast (BTS).

The call setup request message is handled next by the Mobile Switching Center, which
checks the subscriber's record held in the Visitor Location Register to see if the outgoing call is
allowed. If so, the MSC then routes the call in the same way that a telephone exchange does in a
fixed network.

If the subscriber is on a Pay As You Go tariff (sometimes known as Prepaid (for example,
in Australia,pakistan and India)), then an additional check is made to see if the subscriber has
enough credit to proceed. If not, the call is rejected. If the call is allowed to continue, then it is
continually monitored and the appropriate amount is decremented from the subscriber's account.

SJPI Page 21
 CELLULER NETWORK Technology GSM

When the credit reaches zero, the call is cut off by the network. The systems that monitor and
provide the prepaid services are not part of the GSM standard services, but instead an example of
intelligent network services that a mobile phone operator may decide to implement in addition to
the standard GSM ones.

Incoming

Gateway MSC contact

When someone places a call to a mobile phone, they dial the telephone number (also
called a MSISDN) associated with the phone user and the call is routed to the mobile phone
operator's Gateway Mobile Switching Centre. The Gateway MSC, as the name suggests, acts as
the "entrance" from exterior portions of the Public Switched Telephone Network onto the
provider's network.

As noted above, the phone is free to roam anywhere in the operator's network or on the
networks of roaming partners, including in other countries. So the first job of the Gateway MSC
is to determine the current location of the mobile phone in order to connect the call. It does this
by consulting the Home Location Register (HLR), which, as described above, knows which
Visitor Location Register (VLR) the phone is associated with, if any

Routing the call

When the HLR receives this query message, it determines whether the call should be routed
to another number (called a divert), or if it is to be routed directly to the mobile.

• If the owner of the phone has previously requested that all incoming
calls be diverted to another number, known as the Call Forward
Unconditional (CFU) Number, then this number is stored in the Home
Location Register. If that is the case, then the CFU number is returned
to the Gateway MSC for immediate routing to that destination.
• If the mobile phone is not currently associated with a Visited Location
Register (because the phone has been turned off) then the Home

SJPI Page 22
 CELLULER NETWORK Technology GSM

Location Register returns a number known as the Call Forward Not

Reachable (CFNRc) number to the Gateway MSC, and the call is
forwarded there. Many operators may set this value automatically to
the phone's voice mail number, so that callers may leave a message.
The mobile phone may sometimes override the default setting.
• Finally, if the Home Location Register knows that the phone is roaming
in a particular Visited Location Register area, then it will request a
temporary number (called an MSRN) from that VLR. This number is
relayed back to the Gateway MSC, and then used to route the call to
the MSC where the called phone is roaming.

Locating and ringing the phone

When the call arrives at the Visiting MSC, the MSRN is used to determine which of the
phones in this area is being called, that is the MSRN maps back to the SIM of the original phone
number dialed. The MSC pages all the mobile phone masts in the area in order to inform the
phone that there is an incoming call for it. If the subscriber answers, a speech path is created
through the Visiting MSC and Gateway MSC back to the network of the person making the call,
and a normal telephone call follows.

It is also possible that the phone call is not answered. If the subscriber is busy on another
call (and call waiting is not being used) the Visited MSC routes the call to a pre-determined Call
Forward Busy (CFB) number. Similarly, if the subscriber does not answer the call after a period
of time (typically 30 seconds) then the Visited MSC routes the call to a pre-determined Call
Forward No Reply (CFNRy) number. Once again, the operator may decide to set this value by
default to the voice mail of the mobile so that callers can leave a message.

If the subscriber does not respond to the paging request, either due to being out of
coverage, or their battery has gone flat/removed, then the Visited MSC routes the call to a pre-
determined Call Forward Not Reachable (CFNRc) number. Once again, the operator may decide
to set this value by default to the voice mail of the mobile so that callers can leave a message.

SJPI Page 23
 CELLULER NETWORK Technology GSM

A roaming user may want to avoid these forwarding services in the visited network as
excessive roaming charges may apply.

Voice charges

In the United States and Canada, callers pay the cost of connecting to the Gateway MSC
of the subscriber's phone company, regardless of the actual location of the phone. As mobile
numbers are given standard geographic numbers according to the North American Numbering
Plan, callers pay the same to reach fixed phones and mobile phones in a given geographic area.
Mobile subscribers pay for the connection time (typically using in-plan or prepaid minutes) for
both incoming and outgoing calls. For outgoing calls, any long distance charges are billed as if
they originate at the GMSC, even though it is the Visiting MSC which completes the connection
to the PSTN. Plans that include nationwide long distance and/or nationwide roaming at no
additional charge over "local" outgoing calls are popular.

Mobile networks in Europe, Asia (except Hong Kong, Macau (Macao) and Singapore),
Australia & Argentina only charge their subscribers for outgoing calls. Incoming calls are free to
the mobile subscriber with the exception of receiving a call while teh subscriber is roaming as
described below. However, callers typically pay a higher rate when calling mobile phones.
Special prefixes are used to designate mobile numbers so that callers are aware they are calling a
mobile phone and therefore will be charged a higher rate.

From the caller's point of view, it does not matter where the mobile subscriber is, as the
technical process of connecting the call is the same. If a subscriber is roaming on a different
company's network, the subscriber, instead of the caller, may pay a surcharge for the connection
time. International roaming calls are often quite expensive, and as a result some companies
require subscribers to grant explicit permission to receive calls while roaming to certain
countries.

When a subscriber is roaming internationally and a call is forwarded to his or her voice
mail, such as when his or her phone is off, busy, or not answered, he or she may actually be
charged for two simultaneous international phone calls—the first to get from the GMSC to the
VMSC and the second to get from the VMSC to the Call Forward Busy or Call Forward No

SJPI Page 24
 CELLULER NETWORK Technology GSM

Reply number (typically the voice mailbox) in the subscriber's country. However, some
networks' GMSCs connect unanswered calls directly, keeping the voice signal entirely within the
home country and thus avoiding the double charge.

How speech is encoded during mobile phone calls

During a GSM call, speech is converted from analogue sound waves to digital data by the
phone itself, and transmitted through the mobile phone network by digital means. (Though older
parts of the fixed Public Switched Telephone Network may use analog transmission.)

The digital algorithm used to encode speech signals is called a codec. The speech codecs
used in GSM are called Half-Rate (HR), Full-Rate (FR), Enhanced Full-Rate (EFR) and
Adaptive Multirate (AMR). All codecs except AMR operate with a fixed data rate and error
correction level.

Data transmission

The GSM standard also provides separate facilities for transmitting digital data. This
allows a mobile phone to act like any other computer on the Internet, sending and receiving data
via the Internet Protocol.

The mobile may also be connected to a desktop computer, laptop, or [[Personal digital
assistant]PDA]], for use as a network interface (just like a modem or Ethernet card, but using one
of the GSM data protocols described below instead of a PSTN-compatible audio channel or an
Ethernet link to transmit data). Some GSM phones can also be controlled by a standardized
Hayes AT command set through a serial cable or a wireless link (using IRDA or Bluetooth). The
AT commands can control anything from ring tones to data compression algorithms.

In addition to general Internet access, other special services may be provided by the
mobile phone operator, such as SMS.

SJPI Page 25
 CELLULER NETWORK Technology GSM

Circuit-switched data protocols

A circuit-switched data connection reserves a certain amount of bandwidth between two

points for the life of a connection, just as a traditional phone call allocates an audio channel of a
certain quality between two phones for the duration of the call.

Two circuit-switched data protocols are defined in the GSM standard: Circuit Switched
Data (CSD) and High-Speed Circuit-Switched Data (HSCSD). These types of connections are
typically charged on a per-second basis, regardless of the amount of data sent over the link. This
is because a certain amount of bandwidth is dedicated to the connection regardless of whether or
not it is needed.

Circuit-switched connections do have the advantage of providing a constant, guaranteed

quality of service, which is useful for real-time applications like video conferencing.

GSM services
GSM services are a standard collection of applications and features available to mobile
phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration
and implemented in hardware and software by equipment manufacturers and mobile phone
operators. The common standard makes it possible to use the same phones with different
companies' services, or even roam into different countries. GSM is the world's most dominant
mobile phone standard.

The design of the service is moderately complex because it must be able

to locate a moving phone anywhere in the world, and accommodate
the relatively small battery capacity, limited input/output
capabilities, and weak radio transmitters on mobile devices.

General Packet Radio Service (GPRS)

The General Packet Radio Service (GPRS) is a packet-switched data transmission

protocol which was incorporated into the GSM standard in 1997. It is backwards-compatible

SJPI Page 26
 CELLULER NETWORK Technology GSM

with systems that use pre-1997 versions of the standard. GPRS does this by sending packets to
the local mobile phone mast (BTS) on channels not being used by circuit-switched voice calls or
data connections. Multiple GPRS users can share a single unused channel because each of them
uses it only for occasional short bursts.

The advantage of packet-switched connections is that bandwidth is only used when there
is actually data to transmit. This type of connection is thus generally billed by the kilobyte
instead of by the second, and is usually a cheaper alternative for applications that only need to
send and receive data sporadically, like instant messaging.

GPRS is usually described as a 2.5G technology; see the main article for more information.

Short Message Service (SMS)

Short Messages (more commonly known as text messages) has become the most used
data application on mobile phones, with 74% of all mobile phone users worldwide already as
active users of SMS, or 2.4 billion people by the end of 2007.

SMS text messages may be sent by mobile phone users to other mobile users or external
services that accept SMS. The messages are usually sent from mobile devices via the Short
Message Service Centre using the MAP protocol.

The SMSC is a central routing hubs for Short Messages. Many mobile service operators
use their SMSCs as gateways to external systems, including the Internet, incoming SMS news
feeds, and other mobile operators (often using the de facto SMPP standard for SMS exchange).

The SMS standard is also used outside of the GSM system.

Enhanced Data Rates for GSM Evolution(EDGE)

Enhanced Data rates for GSM Evolution (EDGE) (also known as Enhanced GPRS
(EGPRS), or IMT Single Carrier (IMT-SC), or Enhanced Data rates for Global Evolution)
is a digital mobile phone technology that allows improved data transmission rates as a backward-
compatible extension of GSM. EDGE is considered a pre-3G radio technology and is part of

SJPI Page 27
 CELLULER NETWORK Technology GSM

ITU's 3G definition. EDGE was deployed on GSM networks beginning in 2003 — initially by
Cingular (now AT&T) in the United States.

EDGE is standardized by 3GPP as part of the GSM family.

Through the introduction of sophisticated methods of coding and transmitting data, EDGE
delivers higher bit-rates per radio channel, resulting in a threefold increase in capacity and
performance compared with an ordinary GSM/GPRS connection.

EDGE can be used for any packet switched application, such as an Internet connection.

Evolved EDGE continues in Release 7 of the 3GPP standard providing reduced latency and more
than doubled performance e.g. to complement High-Speed Packet Access (HSPA). Peak bit-rates
of up to 1Mbit/s and typical bit-rates of 400kbit/s can be expected.

Subscriber Identity Module (SIM)

One of the key features of GSM is the Subscriber Identity Module, commonly known as a
SIM card. The SIM is a detachable smart card containing the user's subscription information and
phone book. This allows the user to retain his or her information after switching handsets.
Alternatively, the user can also change operators while retaining the handset simply by changing
the SIM. Some operators will block this by allowing the phone to use only a single SIM, or only
a SIM issued by them; this practice is known as SIM locking.

Phone locking

Sometimes mobile network operators restrict handsets that they sell for use with their
own network. This is called locking and is implemented by a software feature of the phone.
Because the purchase price of the mobile phone to the consumer is typically subsidized with
revenue from subscriptions, operators must recoup this investment before a subscriber terminates
service. A subscriber may usually contact the provider to remove the lock for a fee, utilize
private services to remove the lock, or make use of free or fee-based software and websites to
unlock the handset themselves.

SJPI Page 28
 CELLULER NETWORK Technology GSM

In some territories (e.g., Bangladesh, Hong Kong, India, Malaysia, Pakistan, Singapore) all
phones are sold unlocked. In others (e.g., Finland, Singapore) it is unlawful for operators to offer
any form of subsidy on a phone's price.[

GSM service security

GSM was designed with a moderate level of service security. The system was designed to
authenticate the subscriber using a pre-shared key and challenge-response. Communications
between the subscriber and the base station can be encrypted. The development of UMTS
introduces an optional Universal Subscriber Identity Module (USIM), that uses a longer
authentication key to give greater security, as well as mutually authenticating the network and
the user - whereas GSM only authenticates the user to the network (and not vice versa). The
security model therefore offers confidentiality and authentication, but limited authorization
capabilities, and no non-repudiation.

GSM uses several cryptographic algorithms for security. The A5/1 and A5/2 stream
ciphers are used for ensuring over-the-air voice privacy. A5/1 was developed first and is a
stronger algorithm used within Europe and the United States; A5/2 is weaker and used in other
countries. Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in
real-time with a ciphertext-only attack, and in February 2008, Pico Computing, Inc revealed its
ability and plans to commercialize FPGAs that allow A5/1 to be broken with a rainbow table
attack. The system supports multiple algorithms so operators may replace that cipher with a
stronger one.

On 28 December 2009 German computer engineer Karsten Nohl announced that he had
cracked the A5/1 cipher. According to Nohl, he developed a number of rainbow tables (static
values which reduce the time needed to carry out an attack) and have found new sources for
known plaintext attacks. He also said that it is possible to build "a full GSM interceptor ... from
open source components" but that they had not done so because of legal concerns.

In 2010, threatpost.com reported that "A group of cryptographers has developed a new
attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM

SJPI Page 29
 CELLULER NETWORK Technology GSM

wireless networks. The technique enables them to recover a full key by using a tactic known as a
Related-key attack, but experts say it is not the end of the world for Kasumi.

Although security issues remain for GSM newer standards and algorithms may address
this. New attacks are growing in the wild which take advantage of poor security
implementations, architecture and development for smart phone applications. Some wiretapping
and eavesdropping techniques hijack the audio input and output providing an opportunity for a
3rd party to listen in to the conversation. Although this threat is mitigated by the fact the attack
has to come in the form of a Trojan, malware or a virus and might be detected by security
software.

SJPI Page 30
 CELLULER NETWORK Technology GSM

SJPI Page 31
 CELLULER NETWORK Technology GSM

SJPI Page 32
 CELLULER NETWORK Technology GSM

SJPI Page 33
 CELLULER NETWORK Technology GSM

SJPI Page 34
 CELLULER NETWORK Technology GSM

SJPI Page 35
 CELLULER NETWORK Technology GSM

SJPI Page 36