2Contents GSM system architecture. Mobile Station or MS including: Base Station Subsystem or BSS including:Mobile-service Switching Centre or MSC.Registers:SIM card.Mobile equipment.Base Transceiver Station or BTS.Base Station Controller or BSC.Home Location Register.Visitor Location Register.Equipment Identity Register.Authentication center.
4Base Transceiver Station (BTS) Base Transceiver Station (BTS) is a fixed radio station that communicates with the mobile telephones using electromagnetic waves. The Base Transceiver Station includes transmitters, receivers, antennas and control and communication equipment to interconnect with the BSC via optical cable or microwave link.There is one BTS per cell, usually housed in a 2m height rack as showed herein. This rack together with the appropriate power system and communication equipment towards the BSC are located typically in a container next to the antenna tower. The power system provides the necessary operating voltages for the equipment and backup from batteries in case of power failure. Transmission to BSC is mostly performed via optical cable or point-to-point microwave link
6Base Transceiver Station (BTS) Base stations use mostly directional antennas in order to increase capacity and therefore frequency band utilization (see lesson 1). The directional antennas are assembled on antenna mast of variable height in order to secure full coverage of the territory. In the drawing below a typical cellular 120 degrees directional antenna is represented and its radiation patterns. As can be seen the antenna is actually an array of dipoles providing a very narrow radiation pattern in the vertical direction and the required 120 degrees in the horizontal direction
7Base Station Controller (BSC) Base Station Controller or BSC is the first intelligent component of the GSM network we meet, needed in order to control and manage all the BTSs it is connected with.The BSC is typically housed in a 2m height rack as showed in the picture herein.The BSC site includes also an uninterruptible power supply with battery back-up in case of power failure (similar to BTS) and communication equipment to BTSs on one side and to the MSC on the other side.
8Mobile Switching Center (MSC) Mobile-service Switching Centre (MSC) is essentially an ISDN switch with significantly enhanced processing capability to cater for the special needs of GSM. An MSC will parent (support) a number of BSCs. The primary responsibility of an MSC is voice and data call handling for the mobile subscribers within its domain. Through the MSC mobile subscribers can communicate each-other and with telephones connected to fix PSTN network. MSC is the core of the GSM network therefore each cellular operator will have its own MSC(s) to handle the calls of its users.The following figure shows MSC main switching activities. We can see the fix telephones connected to PSTN (fix telephone network). Multiple cellular operators having one or more MSCs are also connected to PSTN. The remaining part of the drawing including BSCs and BTSs was already learned. We can distinguish between three types of connections:mobile-to-mobile within same operator in which case MSCs of one operator are involvedmobile-to-fix that involves MSCs of one operator and the PSTNmobile-to-mobile between operators involving MSCs of two operators and the PSTN
9MSCThe following figure shows MSC main switching activities. We can see the fix telephones connected to PSTN (fix telephone network). Multiple cellular operators having one or more MSCs are also connected to PSTN. The remaining part of the drawing including BSCs and BTSs was already learned. We can distinguish between three types of connections:mobile-to-mobile within same operator in which case MSCs of one operator are involved.mobile-to-fix that involves MSCs of one operator and the PSTN.mobile-to-mobile between operators involving MSCs of two operators and the PSTN.
11MSCBut MSC has also other than voice switching functions - that will all be learned in future lessons - as follows:Delivering SMS (Short Message Service - one of the important features of GSM that will be learned later) from subscribers to SMS Center (SMSC) and vice versaSwitching inband fax and modem calls.Supporting handovers between BSCs and from one MSC to anotherSupporting other services per specific vendor’s implementation like conference calls, call hold, call forward, etc.Collect billing information, namely generate records including all necessary information to charge the user
12Gateway MSC (GMSC) Gateway MSC (GMSC) MSC is the switching equipment we learned till now. The network of a cellular operator will include few such unitsGateway MSC or GMSC is the switch that connects a cellular operator to the PSTN and also the one that determines which visited MSC the subscriber who is being called is currently located. Typically an operator will have one such switch yet very large operators covering large surfaces may have more.
13Home Location Register (HLR) Home Location Register or HLR is an intelligent database and service control function responsible for management of each individual subscriber’s records. It contains details of each mobile phone subscriber - more precisely of its SIM card - that is authorized to use the GSM core network.
14Home Location Register (HLR) HLR includes for all SIM cards issued by a cellular operator a profile including:The unique IMSI identifier of the SIM which is one of the primary keys to each HLR record. Primary key means that IMSI is one of the search parameters for the databaseTelephone numbers associated to the SIM used to make and receive calls to the mobile phone, known as Mobile Subscriber ISDN (MSISDN) number. An MSISDN consists of a country code + a national destination code + a subscriber number.Current location of the subscriber meaning which Location Area is he in. It includes the BTSs managed by same BSC and is identified by its Location Area Code or LACThe main MSISDN is the number used for making and receiving voice calls and SMS. This is the cellular phone number we all know and use. But it is possible for a SIM to have other secondary MSISDNs associated with it for fax and data calls (we’ll learn more about this later)Each MSISDN is also a primary key to the HLR record.GSM services that the subscriber has requested or been givenCall divert to data services MSISDN and/or GPRS settings to allow the subscriber to access packet services
15Visitor Location Register (VLR) Visitor Location Register (VLR) is an intelligent database and service control function. It stores on a temporary basis the information needed to handle calls set up or received by MSs registered with it. VLR is responsible for a group of location areas, typically associated with an MSC. This is why most equipment vendors either integrate the VLR with MSC or at least connect them tightly via a proprietary interface. The data stored in the VLR has either been received from the HLR, or collected from the MS.The main functions of the VLR are as follows:Inform HLR that a subscriber has arrived to its areaTrack which LA the various MSs are locatedAllow or deny service to MSDelete subscriber record when moves to other VLR under HLR controlDelete subscriber record if inactive for longer than a preset time
16Equipment Identity Register (EIR) The EIR is a database that contains information about the identity of MEs that prevents calls from stolen, unauthorized, or defective mobile stations. The EIR (Equipment Identity Register) is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones. In theory all data about stolen mobile phones should be distributed to all EIRs in the world through a Central EIR. It is clear, however, that there are operators where EIR is not operational. The EIR data does not have to change in real time, which means that this function can be less distributed than the function of the HLR.
17Equipment Identity Register (EIR) The Equipment Identity Register (EIR) is accessed during the equipment validation procedure when a mobile station accesses the system.EIR Includes a list of MEs identified by their IMEI divided into:White or Valid list - List of valid MS equipment identitiesGrey or Monitored list - List of suspected mobiles under observationBlack or prohibited list - List of mobiles for which service is barred
18The Authentication Centre (AUC) The Authentication Centre or AUC is the function that authenticates each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network. The scope of AuC is to prevent SIM cloning. Authentication is based on a secret, individual to each user number called Ki.
19The Authentication Centre (AUC) Authentication process: When a particular IMSI requests access to the GSM core network, the AUC generates a specific random number - RAND - that is sent to the SIM. The SIM then feeds this number and the Ki (which is burned onto the SIM) into the A3 or A8 proprietary algorithm as appropriate and an SRES is calculated and sent back to the MSC. In parallel the AUC performs the same operations and gets its own SRES*. If the SRES matches with SRES* (which it should if it is a valid SIM), then the mobile is allowed to attach and proceed with GSM services.
20The Authentication Centre (AUC) Key generation and Encryption: After successful authentication, the MSC sends the encryption key Kc to the Base Station Controller (BSC) so that all communications can be encrypted and decrypted. Of course, the mobile phone can generate the Kc itself by feeding the same RAND supplied during authentication and the Ki into the A5 algorithm.
21SIMThe Subscriber Identity Module or SIM is a removable smart card located inside the MS that carries all the subscriber specific information. The SIM is one of the important innovations introduced by the GSM network. The SIM is actually a tiny computer - microcomputer - inside the phone having 16 to 128 Kbit memory.
22SIMSIM contents :Unique identification of the SIM based on a number called the International Mobile Subscriber Identity (IMSI). Changing the SIM means changing your phone number/identityAuthentication and encryption based on a secret key for the purpose of preventing eavesdroppingPersonal settings and services that can be moved from one handset to another for example: alarms, information services, login to different services etc…Personal phone book, abbreviated dialling codes, and text messagesRate plans, billing information, account information. (not active in Turkey)Location information for the purpose of accelerating the connection to the network when the phone is switched on. We already know that in GSM there are 124 FDMA channels. When a handset is switched on it has to search all frequencies in order to find the operating one in its specific cell. To shorten this process the phone has in the SIM the information regarding the last cell it was connected with before was switched off. Of course if meantime was moved to another cell this info is not anymore helpful.
23Mobile Station (MS)Mobile Equipment (ME) provides the radio and processing needed to access the GSM network, plus a friendly Man Machine Interface or MMI including: display, keyboard and tones to enable the user to access services. The ME is uniquely identified by the International Mobile Equipment Identity (IMEI) for the purpose of preventing use of stolen/lost MEs. Service to such an ME will be denied by the network.