Lecture Overview n Data in Wireless Cellular Systems

Lecture Overview n Data in Wireless Cellular Systems: GSM and GPRS

Security in GSM n Security services n access control/authentication n n confidentiality n n voice and signaling encrypted on the wireless link (after successful authentication) anonymity n n SIM (Subscriber Identity Module): secret PIN (personal identification number) temporary identity TMSI (Temporary Mobile Subscriber Identity) newly assigned at each new location update (LUP) encrypted transmission 3 algorithms specified in GSM n n n A 3 for authentication (“secret”, open interface) A 5 for encryption (standardized) A 8 for key generation (“secret”, open interface) “secret”: • A 3 and A 8 available via the Internet • network providers can use stronger mechanisms

GSM - Authentication SIM mobile network Ki RAND 128 bit AC RAND 128 bit RAND Ki 128 bit A 3 SIM SRES* 32 bit MSC SRES* =? SRES 32 bit Ki: individual subscriber authentication key 32 bit SRES: signed response

GSM - Key Generation and Encryption MS with SIM mobile network (BTS) Ki AC RAND 128 bit A 8 cipher key BTS Ki 128 bit SIM A 8 Kc 64 bit data A 5 encrypted data SRES data A 5 MS

GSM: Security n equipment identity checking n n n Equipment Identity Register (EIR) maintains database related to mobile equipment (hardware) identified by International Mobile Equipment Identity (IMEI) IMEI consists of Type Approval Code (granted when mobile station type passes type approval testing to ensure mobile station behaves properly), Final Assembly Code (indicating manufacturing plant), and the equipment serial number EIR stores three lists of IMEIs n white list contains ranges of IMEIs of type approved mobile stations n n black list contains IMEIs which are stolen or malfunctioning, and are subsequently barred gray list contains IMEIs which should be supervised for possible malfunctions

GSM Voice and Data Architecture: here PSTN should be connected to SS 7 network not directly connected to MSC/VLR Note

Data Services in GSM n Data transmission standardized with only 9. 6 kbit/s n n n advanced coding allows 14. 4 kbit/s not enough for Internet and multimedia applications HSCSD (High-Speed Circuit Switched Data) n n already standardized bundling of several time-slots to get higher AIUR (Air Interface User Rate)(e. g. , 57. 6 kbit/s using 4 slots, 14. 4 each) advantage: ready to use, constant quality, simple disadvantage: channels blocked for voice transmission

GSM Data Properties n Circuit-switched operation n uplink and downlink channels allocated for a user for entire call period n n busy user uses only one direction of link (typically), so 50% of resources are wasted user pays for the connection time, not for the amount of data n bad connections - more retransmissions - make more money for operator pay even if no data is transmitted n bad for short-lived transactions n n connection establishment time: 20 -25 seconds capacity: 9. 6 kbps (channel coding designed for worst-case radio situation) connections: to any modem service in PSTN

GSM Data Properties: Evaluation n n Circuit-switched data is good for cases when continuous data flow is needed/required Billing is based on time, not amount of data Limited number of mobiles can be supported per carrier (8 channels) Circuit-switched data is not optimal for n n n packet-based protocols such as IP bursty traffic unbalanced traffic (using mainly one channel direction) Packet switched service is needed for GSM GPRS standardization was started

GPRS General Packet Radio Service GPRS, 2. 5 generation wireless systems

GPRS architecture n n stands for General Packet Radio Service. GPRS is packet switched network developed as the extension of the GSM network. MS, BSS, MSC/VLR and HLR in the GSM network are modified for GPRS (e. g. HLR is enhanced with GPRS subscriber info. ) one step ahead of HSCSD (High Speed Circuit Switched Data), and a step towards thirdgeneration (3 G) networks.

GPRS n n GPRS is a packet-switching technology for GSM networks. Information sent on a GPRS network is split into separate "packets" before it is transmitted and reassembled at the receiving end. One of the advantages of GPRS is its ability to provide instant connection where information can be sent and received immediately. Unlike the current GSM network where you have to "dial up" and wait for a connection to be established, GPRS allows users to be "always connected" to the network.

GPRS Cont n n n Theoretically, a GPRS connection can provide a data transmission speed of up to 171. 2 Kbps (approximately three times that of a fixed-line 56 K dial-up) if all eight time slots are used. GPRS's rival, HSCSD, can achieve up to 57. 6 Kbps. it is unlikely that network operators will let a single user use up all the time slots (8 x 21. 4 Kbps)

A comparison of data transfer speed (in Kbps) 56 K dial up GSM HSCSD (max speed) GPRS (Max GPRS speed) (Realistic speed) 56 9. 6 56 K 171. 2 43 to 56

What GPRS can do for you? n n n GPRS allows you to have an "always on" connection to the network. Anyone who needs wireless mobile data access will benefit from GPRS With GPRS, you can access your email, browse the Internet, transfer/share documents, and remotely access your office's Local Area (LAN). n Even home automation is possible when household appliances are equipped with Internet Protocol (IP)!

Auth. Server Email via GSM Email Server User Modem GSM Modem PSTN Internet

Auth. Server Email via GPRS Email Server User GPRS Virtual GPRS Data Tunnel Internet Authenticated path to Email server

Architecture - GSM with GPRS GMSC Circuit Switched Traffic A-bis BTS ‘A’ MAP Peer Elements BSC PCU MSC PSTN Gb Packet Traffic SGSN GPRS Register H/VLR MAP Public Switched Packet Network Gn GGSN HLR/AUC GPRS Register Gi

GPRS Architecture Elements

E- Commerce Over GPRS Financial / Banking Finance Banking On-line transactions Clearing House Application Providers Content News Weather Sport Retailers Certificate Authority Corporate / Operator Applications VPN e-mail Cost control Intranet Mobile Transactions Merchant Transactions Loyalty Cards Banking Shopping Promotions Dual-slot mobile phones (SIM Toolkit)

GPRS Charging Requirements Um BTS BSC Single access point to the billing system Pre-processing charging data to reduce the load on the network billing system Future-proof for hot-billing and pre-paid Reliable storage for CDRs Easy charging data error detection Gb Serving GPRS Support Node (SGSN) Billing System charging info flow Charging Gateway (CG) GPRS backbone network (IP based) Gn dataflow Gateway GPRS Support Node (GGSN) Gi

GPRS Architecture: Services n Packet-based access to data networks n n n Internet (IPv 4, IPv 6) X. 25 Private/public networks Fast carrier of SMSs Security (operator, user, identity, data) Mobility management

GPRS Architecture and Interfaces SGSN Gn BSS MS Um SGSN Gb Gn HLR/ GR MSC VLR EIR PDN GGSN Gi

GPRS Protocol Stack MS BSS Um SGSN Gb Gn GGSN apps. IP/X. 25 SNDCP LLC RLC GTP UDP/TCP BSSGP IP IP FR L 1/L 2 SNDCP MAC RLC MAC radio BSSGP FR SNDCP: SUBNETWORK DEPENDENT CONVERGENCE PROTOCOL LLC: LOGICAL LINK PROTOCOL RLC: RADIO LINK CONTROL BSSGP: BSS GPRS PROTOCOL FR: FRAME RELAY GTP: GPRS TUNNELING PROTOCOL Gi

GPRS Radio Link Protocols: FYI

GPRS Radio Interface n n Logical channels: n packet common control channels (PCCCH) n packet random access channel (PRACH) n packet paging channel (PAGCH) n packet access grant channel (PAGCH) n packet notification channel (PNCH) n packet broadcast control channel (PBCCH) n packet data traffic channel (PDTCH) n data rates 9. 05 to 21. 4 kbps, depending on channel coding n packet associated control channel (PACCH) Physical channels: n PDTCH is mapped to one physical channel n dynamic or permanent channel allocation for GPRS possible n if no PCCCH possible, MSs park on CCCH (common control channel)

Logical Channels in GPRS

Logical Channels in GPRS … Cont n Uplink channel allocation (one or two steps)

GPRS: New Radio Interfaces n GPRS can use various radio interfaces: n n Radio should: n n DECT, EDGE, UMTS, IEEE 802. 11, Ir. DA (infrared) operate using packet mode provide identifier of the downlink packets provide reasonable residual error rates Wish list for radio services: n n fast channel allocation and release battery saving mechanism (sleep mode) adaptive coding (depending on radio quality) just one (efficient) paging channel that can be listened to also when transferring data

GPRS Evolution n GPRS is standardized in SMG (Specilized Mobile Group) in ETSI (see also http: //www. etsi. fr, http: //www. wapinsight. com/what_is_gprs. htm n Standard was approved March/June 1998 n n Some issues delayed for later consideration n n changes are still expected testing (type approval), charging, …. GPRS phase 1: Release 97 n n basic set of GPRS functionality optional features

2 G → 3 G Evolution & Convergence TDMA GPRS EDGE GSM MAP Core Network cdma 2000 cdma. One W-CDMA 1 x. RTT IMT DS IMT MC High-Packet Technology IP Core Network GSM C-EDGE 1 x. EV IS 41 Core Network 2001 2004

Benefits of Globally Harmonized 3 G Networks l l l Increased 3 G penetration and usage Manufacturers’ development costs spread out across a larger installed base Ability for customers to roam with their services across regions, countries and systems Increased ability of the Information Technology, Internet and Personal Computer industries to provide mobile applications, solutions and subscriber devices Smooth and compatible evolution path from existing 2 G infrastructures

UMTS and IMT-2000 Proposals for IMT-2000 (International Mobile Telecommunications) UWC-136, cdma 2000, WP-CDMA, TD-SCDMA UMTS (Universal Mobile Telecommunications System) from ETSI Communication Anywhere-Anytime-Anytype

IMT-2000 Vision

The ITU has set down the minimum requirements to be an IMT-2000 system. We're talking about 144 Kb/s in your macrocells. A macrocell can be anything up to 10 kilometers, and that would be your vehicular speeds. If you are in a pedestrian environment, then you can get up to 384 Kb/s and again we're shrinking the cell to enable us to get up to those higher data rates, something less than 300 meters. If you want to get up to 2 Mb/s, you need to shrink the cell, even though seeming to be very, very close to the cell to enable those higher data rates. And so here we're talking about very small cells, picocells, very close. Your use is going to be very, very close to the base station to enable those data rates.

Cellular/PCS Data Speed Evolution (to IMT-2000) Low Speed Data Medium Speed Data High Speed Data 8 Kbps ~ 14. 4 Kbps 32 Kbps ~ 64 Kbps Text data, Graphic, Image, Video Remote Login, E-mail, Text mode Internet, Internet VOD Multimedia, VOD, Now ~ 1999 144 Kbps ~ 384 Kbps ~2000 (IMT-2000) è reach to the IMT-2000 grade, will è Data Service Applications will be completely matured before the Commercial Deployment of the IMT-2000 system.

IMT-2000 Vision • High-speed Internet • M-commerce • Video-phone & multimedia

UMTS UTRA (was: UMTS, now: Universal Terrestrial Radio Access) enhancements of GSM EDGE (Enhanced Data rates for GSM Evolution): GSM up to 384 kbit/s l CAMEL (Customized Application for Mobile Enhanced Logic) l VHE (virtual Home Environment) l fits into GMM (Global Multimedia Mobility) initiative from ETSI requirements min. 144 kbit/s rural (goal: 384 kbit/s) l min. 384 kbit/s suburban (goal: 512 kbit/s) l up to 2 Mbit/s urban l

Licensing Example: UMTS in Germany, 18. August 2000 UTRA-FDD: q Uplink 1920 -1980 MHz q Downlink 2110 -2170 MHz € q duplex spacing 190 MHz n io ill q 12 channels, each 5 MHz b 1. 8 q UTRA-TDD: 50 : q 1900 -1920 MHz, m Su q 2010 -2025 MHz; q 5 MHz channels q Coverage: 25% of the population until 12/2003, 50% until 12/2005 q

types of traffic Conversational class (voice, video telephony, video gaming) Streaming class (multimedia, video on demand, webcast) Interactive class (web browsing, network gaming, database access) Background class (email, SMS, downloading)

UMTS Architecture

service objectives q support Universal Personal Telecommunications (UPT), q fixed network service for personal mobility, allowing registration and deregistration at any terminal support wide range of terminal type broad range of customizable telecommunication services up to 2 Mbps q operation in, and roaming between, different operating environments q q - sparse, rural, suburban, urban – indoor/outdoor – residential/business – pedestrian/vehicular

service objectives (2) Combine range of existing wireless systems (cellular, cordless, mobile data, paging) to share infrastructure costs and harmonize services Allow flexible and rapid creation of new services Efficient usage of spectrum resources Three major 3 G terrestrial Standard cdma 2000 A Wideband CDMA technology backward compatible with cdma. One (IS-95 based) systems l W-CDMA A Wideband CDMA Technology backward compatible with GSM l UWC-136 A Wideband TDMA technology backward compatible with IS-54 /IS-136 l

Key Technology concept in 3 G(1) Broadband: Generally, compares bandwidth relative to narrowband or wideband. For example, video is considered to be broadband relative to voice. In telecommunications transmission systems, any transmission system that operates at rates greater than the primary rate of 1. 5 Mb/s in the U. S. or 2. 0 Mb/s internationally. (However, many consider 1. 5 -45 Mb/s to be wideband, and consider broadband as being 45 Mb/s and greater. )

Key Technology concept in 3 G(2) Packet Vs Cirsuit A packet mode is when I share my RF resource as opposed to a circuit-switched mode, which is one that's dedicated to me A block or grouping of data (PDU) usually defined at Layer 3 that is treated as a single unit within a communication network. Normally ranges from 10 bytes to several thousand bytes in size, and contains a header with certain control information. Connectionless protocols (such as IP) generally refer to packets as datagrams. The header of the datagram will contain the address of the desired destination. In connection-oriented protocols (such as X. 25), information is switched to the proper destination. In order to uniquely associate the transmitted information with the appropriate virtual connection, the header of each packet contains a unique (to that physical interface) virtual connection identifier.

Circuit and Packet Mode a circuit mode access and a packet mode access. In a circuit mode, for example in a voice call, I have a dedicated channel for the duration of my call. When sending data in a circuit mode connection, data can be sent whenever we want. Because that channel is dedicated to us, no one else is using it. So we do not need approval to transmit data. Compare that now with a packet mode. A packet mode is when we are sharing our RF resource; sharing a channel. So we're going to take turns in using the channel. If we're in a shared environment and we're taking turns, we need something to tell us when it's our turn: When is it your turn, when is it my turn, to use our shared channel? And for that we're going to use the MAC protocol. The Medium Access Control protocol is going to say, "It's your turn to use it. Now you stop; now it's my turn to use it. " And this is what's new when we start looking at 3 G. So when we talk about cdma 2000 and UWC-136, we're talking about a packet mode introducing the MAC protocol. We also talk about that in W-CDMA; but notice that part of GPRS in GSM—GPRS is also a packet mode of operation and also includes the MAC protocol.

UMTS Interacting Domain A UMTS network consist of three interacting domains: Core Network CN: The main function of the core network is to provide switching, routing and transit for user traffic. Core network also contains the databases and network management functions. UMTS Terrestrial Radio Access Network (UTRAN) and User Equipment (UE).

UMTS Architecture

UMTS Architecture The basic Core Network architecture for UMTS is based on GSM network with GPRS The UTRAN provides the air interface access method for User Equipment. Base Station is referred as Node-B and control equipment for Node-B's is called Radio Network Controller (RNC).

System Areas UMTS systems (including satellite) Public Land Mobile Network (PLMN) MSC/VLR or SGSN Location Area Routing Area (PS domain) UTRAN Registration Area (PS domain) Cell Sub cell

Core Network The Core Network is divided in circuit switched and packet switched domains. Circuit switched elements are Mobile services Switching Centre (MSC), Visitor location register (VLR), and Gateway MSC packet switched elements are Serving GPRS Support Node (SGSN) and Gateway GPRS Support Node (GGSN). Some network elements, like EIR HLR and AUC, are shared by both domains. The Asynchronous Transfer Mode (ATM) is defined for UMTS core transmission. ATM Adaptation Layer type 2 (AAL 2) handles circuit switched connection and packet connection protocol AAL 5 is designed for data delivery. The architecture of the Core Network may change when new services and features are introduced. Number Portability Data. Base (NPDB) will be used to enable user to change the network while keeping their old phone number. Gateway Location Register (GLR) may be used to optimize the subscriber handling between network boundaries. MSC, VLR and SGSN can merge to become a UMTS MSC.

Radio Access Wide band CDMA technology was selected to for UTRAN air interface WCDMA has two basic modes of operation: Frequency Division Duplex (FDD) and Time Division Duplex (TDD) The functions of Node-B (Base Station) are: Air interface Transmission / Reception Modulation / Demodulation CDMA Physical Channel coding Error Handing Closed loop power control

The functions of RNC are Admission control Congestion control System information broadcasting Radio channel encryption Handover Radio network configuration Channel quality measurements Radio carrier control Radio resource control Data transmission over the radio interface Outer loop power control (FDD and TDD) Channel coding Access control

User Equipment The UMTS standard does not restrict functionality of the UE in any way UMTS identity types are taken directly from GSM specifications International Mobile Subscriber Identity (IMSI) Temporary Mobile Subscriber Identity (TMSI) Packet Temporary Mobile Subscriber Identity (PTMSI) Temporary Logical Link Identity (TLLI) Mobile station ISDN (MSISDN) International Mobile Station Equipment Identity (IMEI) International Mobile Station Equipment Identity and Software Number (IMEISV

3 G and LAN Data Speed

UMTS Services UMTS offers teleservices (like speech or SMS) and bearer services, which provide the capability for information transfer between access points. It is possible to negotiate and renegotiate the characteristics of a bearer service at session or connection establishment and during ongoing session or connection. Both connection oriented and connectionless services are offered for Point-to-Point and Point-to-Multipoint communication Offered data rate targets are: 144 kbits/s satellite and rural outdoor 384 kbits/s urban outdoor 2048 kbits/s indoor and low range outdoor.

UTRAN architecture RNS UE 1 Node B Iub RNC: Radio Network Controller RNS: Radio Network Subsystem Iu RNC CN UE 2 Node B UE 3 Iur Node B Iub RNC Node B RNS UTRAN comprises several RNSs Node B can support FDD or TDD or both RNC is responsible for handover decisions requiring signalingto the UE Cell offers FDD or TDD

Core network: protocols VLR MSC PSTN/ ISDN GGSN GSM-CS backbone RNS GMSC PDN (X. 25), Internet (IP) HLR RNS Layer 3: IP Layer 2: ATM Layer 1: PDH, SONET UTRAN SGSN GPRS backbone (IP) SS 7 CN

Core network: architecture BTS Abis BSS BSC Node B BTS VLR Iu MSC GMSC PSTN Iu. CS Au. C EIR HLR GR Node B Iub RNC RNS SGSN Iu. PS Gn GGSN Gi CN

Core network The Core Network (CN) and thus the Interface Iu, are separated into two logical domains: Circuit Switched Domain (CSD) Circuit switched service incl. signaling Resource reservation at connection setup GSM components (MSC, GMSC, VLR) Iu. CS Packet Switched Domain (PSD) GPRS components (SGSN, GGSN) Iu. PS Release 99 uses the GSM/GPRS network and adds a new radio access! Helps to save a lot of money … Much faster deployment Not as flexible as newer releases (5, 6)

UMTS protocol stacks UE Uu UTRAN Iu. CS 3 G MSC apps. & protocols Circuit switched RLC MAC radio UE Packet switched apps. & protocols IP, PPP, … PDCP Uu SAR AAL 2 ATM UTRAN Iu. PS 3 G SGSN Gn IP tunnel 3 G GGSN IP, PPP, … GTP RLC GTP UDP/IP MAC AAL 5 L 2 radio ATM L 1 PDCP GTP UDP/IP

UMTS services (originally) Data transmission service profiles Service Profile High Interactive MM High MM Bandwidth Transport mode 128 kbit/s Circuit switched 2 Mbit/s Packet switched Medium MM 384 kbit/s Circuit switched Switched Data 14. 4 kbit/s Packet switched Low coverage, max. 6 km/h 14. 4 kbit/s Circuit switched Simple Messaging Bidirectional, video telephone Voice asymmetrical, MM, downloads SMS, E-Mail 16 kbit/s Circuit switched Virtual Home Environment (VHE) Enables access to personalized data independent of location, access network, and device Network operators may offer new services without changing the network Service providers may offer services based on components which allow the automatic adaptation to new networks and devices Integration of existing IN services