Presentation is loading. Please wait.

Presentation is loading. Please wait.

Communication Security Lecture 4: Introduction To GSM

Published byDana Daniels Modified over 6 years ago

Similar presentations

Presentation on theme: "Communication Security Lecture 4: Introduction To GSM"— Presentation transcript:

1 Communication Security Lecture 4: Introduction To GSM
Dr. Shahriar Bijani Shahed University Spring 2016

2 Main References General Packet Radio Service (GPRS) For Engineers, Aircom International. Patrick Traynor, CS Cellular and Mobile Network Security, Georgia Tech Information Security Center, 2012. ICS 243E - Ch4. Wireless Telecomm. Sys.

3 GSM GSM: Global System for Mobile Communication
Pan-European standard (ETSI, European Telecommunications Standardisation Institute) simultaneous introduction of essential digital cellular services in 3 phases (1991, 1994, 1996) by the European

4 GSM: PHYSICAL & LOGICAL CHANNELS
•The data, whether user traffic or signaling information, are mapped onto the physical channels by defining a number of logical channels. •A logical channel will carry information of a specific type and a number of these channels may be combined before being mapped onto the same physical channel. •For example speech is sent on the logical channel “Traffic channel”which during the transmission is allocated a certain physical channel, say TS 6 on carrier 0. The logical channels are divided into two groups; control channels and traffic channels.

5 GSM Logical Channels

6 Architecture of the GSM system
GSM is a PLMN (Public Land Mobile Network) several providers setup mobile networks following the GSM standard within each country components MS (mobile station) BS (base station) MSC (mobile switching center) LR (location register) subsystems BSS (Base Station Subsystem ) or RSS (Radio SubSystem): covers all radio aspects NSS (Network and Switching Subsystem): call forwarding, handover, switching OSS (Operation SubSystem): management of the network

7

8 GSM Architecture Overview
NSS Air Interface (Um) Abis Interface A Interface MS OMC HLR VLR BSS TRX MSC MS BTS BSC AuC MS EIR PSTN SIM: Subscriber Identity Module | MSC: Mobile services Switching Center BSC: Base Station Controller | HLR: Home Location Register | EIR: Equipment Identity Register BTS: Base Transceiver Station | VLR: Visitor Location Register | AuC: Authentication Center

9

10 Mobile Station (MS) MS is the user’s handset and has two parts:
Mobile Equipment (ME) Radio equipment User interface Processing capability and memory required for various tasks Call signalling Encryption SMS Equipment IMEI number Subscriber Identity Module (SIM)

11 Subscriber Identity Module (SIM)
A small smart card Main task: data storage Includes: Encryption codes needed to identify the subscriber (Ki, Kc, …) IMSI: International Mobile Subscriber Identify For identification Subscriber’s own information (telephone directory) Third party applications (banking etc.) Advantage: independence from the ME Can also be used in other systems besides GSM, e.g., some WLAN access points accept SIM based user authentication

12 Base Station Subsystem (BSS)
The Base Station Subsystem (BSS) performs : All functions necessary to maintain Radio connection to the MS Coding/Decoding of Voice Rate Adaptation to/from the Wireless Network part BTS BSC BSS Abis

13 GSM is a Cellular Network
segmentation of the area into cells cell possible radio coverage of the cell idealized shape of the cell use of several carrier frequencies not the same frequency in adjoining cells cell sizes vary from some 100 m up to 35 km depending on user density, geography, transceiver power etc. hexagonal shape of cells is idealized (cells overlap, shapes depend on geography) if a mobile user changes cells  handover of the connection to the neighbor cell

14 Base Station Subsystem
Base Transceiver System (BTS) Controls several transmitters Each transmitter has 8 time slots, some used for signaling, on a specific frequency Transcoding Rate and Adaptation Unit (TRAU) Tasks: compress and de-compress the speech data (main task) the rate adaptation for data The BTS contains TRAU. In certain situations the TRAU is located at the MSC more compressed transmission between the BTS and the MSC. Base Station Controller (BSC) Controls the channel (time slot) allocation implemented by the BTSes Manages the handovers within BSS area Knows which mobile stations are in the cell and informs the MSC/VLR about this TRAU Performs coding between the 64kbps PCM coding used in the backbone network and the 13 kbps coding used for the Mobile Station (MS)

15 Functions of BTS and BSC
Tasks of a BSS are distributed over BSC and BTS BTS comprises radio specific functions BSC is the switching center for radio channels

16 Network SubSystem (NSS)
The Network SubSystem (Network and Switching Subsystem) connects the wireless network with standard PSTN performs handovers between different BSSs supports charging and accounting supports roaming of users between different providers in different networks/countries includes functions for worldwide localization of users

17 Network and Switching Subsystem
The backbone of a GSM network is a telephone network with additional cellular network capabilities Mobile Switching Center (MSC) An typical telephony exchange (ISDN exchange) which supports mobile communications Visitor Location Register (VLR) A database, part of the MSC Contains the location of the active Mobile Stations Gateway Mobile Switching Center (GMSC) Links the system to PSTN and other operators Home Location Register (HLR) Contain subscriber information, including authentication information in Authentication Center (AuC) Equipment Identity Register (EIR) International Mobile Station Equipment Identity (IMEI) codes for e.g., blacklisting stolen phones

18 VLR (Visitor Location Register)
VLR represents a temporary, very dynamic, database and usually used for roamer. Usually there is one VLR per MSC The register contains information about the MS who are currently in the service area covered by the MSC/VLR Once the visited system detects a mobile, its VLR queries the assigned HLR. The VLR makes sure that the mobile is a valid subscriber, then retrieves just enough information from the HLR to manage the call It temporarily stores last known location area, the power the mobile uses, special services its subscribed to and … The temporary subscriber information in a VLR includes: Features currently activated Temporary mobile station identity (TMSI) Current location information about the MS (e.g., location area and cell identities)

19 The Authentication Center (AuC)
AuC is a protected database that stores a copy of the secret key stored in each subscriber's SIM card and the algorithm used for authentication and encryption over the radio channel AuC is used to authenticate a subscriber before allowing a call to or from the subscriber and in initial location registration, AuC is normally co-located with the HLR

20 GSM protocol layers for signaling
CM MM RR LAPDm radio LAPD PCM RR’ BTSM 16/64 kbit/s Um Abis A SS7 64 kbit/s / 2.048 Mbit/s MS BTS BSC MSC BSSAP

21 Mobile Terminated Call
Universität Karlsruhe Institut für Telematik Mobile Terminated Call Mobilkommunikation SS 1998 1: calling a GSM subscriber 2: forwarding call to GMSC 3: signal call setup to HLR 4, 5: request MSRN from VLR 6: forward responsible MSC to GMSC 7: forward call to current MSC 8, 9: get current status of MS 10, 11: paging of MS 12, 13: MS answers 14, 15: security checks 16, 17: set up connection PSTN calling station GMSC HLR VLR BSS MSC MS 1 2 3 4 5 6 7 8 9 10 11 12 13 16 14 15 17 Prof. Dr. Dr. h.c. G. Krüger E. Dorner / Dr. J. Schiller

22 Mobile Originated Call
Universität Karlsruhe Institut für Telematik Mobile Originated Call Mobilkommunikation SS 1998 1, 2: connection request 3, 4: security check 5-8: check resources (free circuit) 9-10: set up call VLR 3 4 PSTN 6 5 GMSC MSC 7 8 2 9 1 MS BSS 10 Prof. Dr. Dr. h.c. G. Krüger E. Dorner / Dr. J. Schiller

23 Universität Karlsruhe Institut für Telematik
MTC/MOC Mobilkommunikation SS 1998 BTS MS paging request channel request immediate assignment paging response authentication request authentication response ciphering command ciphering complete setup call confirmed assignment command assignment complete alerting connect connect acknowledge data/speech exchange service request MTC MOC Prof. Dr. Dr. h.c. G. Krüger E. Dorner / Dr. J. Schiller

24 Universität Karlsruhe Institut für Telematik
4 types of handover Mobilkommunikation SS 1998 1 2 3 4 MS MS MS MS BTS BTS BTS BTS BSC BSC BSC MSC MSC Prof. Dr. Dr. h.c. G. Krüger E. Dorner / Dr. J. Schiller

25 GSM protocol Stack

26 functions of SS7 Protocols for components of GSM
MSC BSC HLR MTP It provides to transfer the messages of SS7 between different network components TUP/ISUP It provides to set up, manage and control the calls NA SCCP It provides connectionless communication and virtual connections It provides virtual connection between MSC and MS Connectionless Communication BSSAP It provides GSM communication between BSC and MS MSC and GSM communication MAP It provides basic communication between HLR and other MSC It provides basic communication between MSC and HLR TCAP It provides to connect service to MAP INAP It provides communication via Intelligent Network

27 GSM Architecture MS Transmission Band : 890 – 915 MHZ
BS Transmission Band : 935 – 960 MHZ 45 MHz Year Introduced 1990 Access method TDMA Channel Bandwidth 200 kHz Number of duplex channels 125 Users per channel 8 Speech coding bit rate 13 kbps Data coding bit rate 12 kbps Frame size 4.6 ms

Download ppt "Communication Security Lecture 4: Introduction To GSM"

Similar presentations

GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC

GSM Network Overview Um Abis A BSC BTS Mobile Station HLR VLR EIR AuC
GSM Security and Encryption

GSM Security and Encryption
Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.

Islamic University-Gaza Faculty of Engineering Electrical & Computer Engineering Department Global System for Mobile Communication GSM Group Alaa Al-ZatmaHosam.
Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.

Mario Čagalj University of Split 2013/2014. Security of Cellular Networks: Man-in-the Middle Attacks ‘Security in the GSM system’ by Jeremy Quirke, 2004.
GSM Network. GSM-Introduction Architecture Technical Specifications Frame Structure Channels Security Characteristics and features Applications Contents.

GSM Network. GSM-Introduction Architecture Technical Specifications Frame Structure Channels Security Characteristics and features Applications Contents.
GSM Adapted from www.mobinet.gr Acoe 422. History of GSM  During the 80s, analog cellular systems experienced rapid growth in Europe, yet they were incompatible.

GSM Adapted from Acoe 422. History of GSM  During the 80s, analog cellular systems experienced rapid growth in Europe, yet they were incompatible.
By Neha choudhary Asst.Professor CSE/IT LHST-A.  GSM-Introduction  Architecture  Technical Specifications  Characteristics and features  Applications.

By Neha choudhary Asst.Professor CSE/IT LHST-A.  GSM-Introduction  Architecture  Technical Specifications  Characteristics and features  Applications.
GSM System Architecture

GSM System Architecture
GSM standard (continued)

GSM standard (continued)
Wireless Telecommunication Systems Lec 04 14/03/2010 ECOM 6320.

Wireless Telecommunication Systems Lec 04 14/03/2010 ECOM 6320.
Cellular Mobile Communication Systems Lecture 7

Cellular Mobile Communication Systems Lecture 7
Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.

Mobile Handset Cellular Network Basics + GSM. Cellular Network Basics There are many types of cellular services; before delving into details, focus on.
MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.

MOBILE PHONE ARCHITECTURE & TECHNOLOGY. HISTORY  The idea of the first cellular network was brainstormed in 1947  Disadvantages  All the analogue system.
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.

 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
GSM: Overview Formerly: Groupe Spéciale Mobile (founded 1982) Now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications.

GSM: Overview Formerly: Groupe Spéciale Mobile (founded 1982) Now: Global System for Mobile Communication Pan-European standard (ETSI, European Telecommunications.
Evolution from GMS to UMTS

Evolution from GMS to UMTS
 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.

 Global System for Mobile Communications (GSM) is a second generation (2G) cellular standard developed to cater voice services and data delivery using.
GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.

GSM: The European Standard for Mobile Telephony Presented by Rattan Muradia Requirement for course CSI 5171 Presented by Rattan Muradia Requirement for.
ZAC Technical Institute GSM Foundation Course Prepared by Syed Amir Abbas.

ZAC Technical Institute GSM Foundation Course Prepared by Syed Amir Abbas.
Members of our Presentation  (Bsts09-08) Hafiz Umer Ejaz  (Bsts09-09) Rai-Habib Ullah  (Bsts09-31) M.Arsalan Qureshi  (Bsts09-32) Shoaib Ansari 

Members of our Presentation  (Bsts09-08) Hafiz Umer Ejaz  (Bsts09-09) Rai-Habib Ullah  (Bsts09-31) M.Arsalan Qureshi  (Bsts09-32) Shoaib Ansari 

Similar presentations

Ads by Google