<<

. 15
( 132 .)



>>

CCCH SDCCH/4 (4) SDCCH/4 (4)
CCCH SDCCH/4 (3) SDCCH/4 (3)
Figure 3.17 Multiple time slots for control




CCCH SDCCH/4 (3) SDCCH/4 (3)
CCCH SDCCH/4 (3) SDCCH/4 (3)
CCCH SDCCH/4 (3) SDCCH/4 (3)
SCH SDCCH/4 (2) SDCCH/4 (2)
FCCH SDCCH/4 (2) SDCCH/4 (2)
CCCH SDCCH/4 (2) SDCCH/4 (2)
CCCH SDCCH/4 (2) SDCCH/4 (2)
CCCH SDCCH/4 (1) SDCCH/4 (1)
CCCH SDCCH/4 (1) SDCCH/4 (1)
BCCH SDCCH/4 (1) SDCCH/4 (1)
BCCH SDCCH/4 (1) SDCCH/4 (1)
BCCH SDCCH/4 (0) SDCCH/4 (0)
Timeslot 0




Timeslot 1




BCCH SDCCH/4 (0) SDCCH/4 (0)
SCH SDCCH/4 (0) SDCCH/4 (0)
FCCH SDCCH/4 (0) SDCCH/4 (0)
3.5 INITIAL CONNECTION PROCEDURE 63


3.4 TIMING ADVANCE
A mobile device and the BTS have to transmit in speci¬c time slots or bursts. If they
transmit too early or too late then they will cause interference to the previous or following
call. In an ideal situation all users would be exactly the same distance from the BTS and
would transmit at the beginning of the allocated slot. In practice, however, mobile devices
are at different distances from the BTS and also each mobile device is free to move closer
or further away. Due to the propagation delay over the air interface, mobile devices which
are further away actually start to transmit before their allocated time slot. This is known
as timing advance and is directly related to the distance from the BTS. The initial timing
advance measurement is estimated by monitoring the received signal from a mobile device
when it initially sends a burst on the RACH. As the mobile device moves away or towards
the BTS, the network informs it of its new timing advance value on the SACCH. Cell
sizes in rural areas (also in urban areas if a cell hierarchy is used) can be as large as
35 km in normal circumstances and up to 120 km for GSM400. Note that the timing
advance can deal with mobile devices moving at speeds of up to 500 kmph.



3.5 INITIAL CONNECTION PROCEDURE
When the mobile device is switched on, it tries to register with a mobile network. The
subscriber™s home network will be stored in the SIM module and this will be checked
¬rst. If this network is available then the mobile device will request a connection. If the
subscriber™s home network is not available, the mobile device will try to attach to the
last network to which it was connected prior to being switched off. This information is
also stored in the SIM module. If neither of the above networks is available, the mobile
device begins searching through all of the frequencies in the band to try to ¬nd a suitable
network. This is the case, for example, when a subscriber arrives at an international airport
from a foreign country.
While searching through the various frequencies, the mobile device is looking for a
strong BCCH signal. This signal includes a number of channels, including the FCCH
and the SCH. The FCCH simply emits a sine wave carrier to enable the mobile device
to synchronize its frequency reference with the base station. The SCH contains the base
station identity code and a frame number. The BCCH also gives the mobile device infor-
mation about the network, such as where it is, which LA it falls under and who the
operator is. On selecting a strong BCCH, the mobile will try to attach to this network.
It does this by sending a request on the RACH channel, to which the base station listens
continuously for mobiles wishing to register themselves. The RACH is a shared channel
(referred to as a common channel) which works on the slotted-Aloha protocol. If many
subscribers try to connect to the network simultaneously their requests will cause inter-
ference to each other. This may result in the network receiving the requests in error and
discarding them. The mobile devices will wait for a random amount of time before trying
to register again. The mobile networks covering an international airport are put under a
great deal of strain when a ¬‚ight arrives as many hundreds of users attempt to make an
initial connection.
64 GSM FUNDAMENTALS



Paging Request (PCH)

Channel Request (RACH)
MS BTS
Immediate Assign (AGCH)
Time




Paging Response (SDCCH)

Authentication and Cipering (SDCCH)




Figure 3.18 Initial access


Figure 3.18 illustrates how a mobile device attaches to the network. In this example the
mobile device has been paged by the network as is the case for a mobile terminated (MT)
call. The mobile device continuously monitors the paging channel for such requests and
replies on the RACH for a dedicated channel. Once a request is received by the network a
response is sent on the access grant channel (AGCH) channel. This response will indicate
a dedicated signalling channel which the mobile device should now use to continue its
negotiations with the network. A standalone dedicated control channel (SDCCH) is used
for this purpose. This channel has a much lower bit rate than a dedicated traf¬c channel
and therefore is more ef¬cient for the small amount of data to be transferred for signalling
purposes. The mobile device can now continue with the attach request. It will send its
IMSI to the MSC where it will be processed. The MSC will connect to the HLR/AuC
of the mobile subscriber™s home network to authenticate the SIM module. Authentication
triplets will be sent back to the MSC. These include a random number (RAND), a key
(Kc) and a result (SRES). The random number is passed to the SIM in the mobile device,
which will use its authentication system to also produce a result (SRES ). This result
is passed back to the MSC, which will compare it to the result from the AuC. If the
results are the same then the SIM is authenticated. The authentication algorithm is rather
complex and so an invalid mobile device will reply with a wrong result. The key (Kc) is
used to encrypt the data between the mobile station and the BTS. Figure 3.19 illustrates
the authentication and encryption procedure.
Once the SIM is authenticated, the MSC may now request the IMEI. Once received
from the mobile device this may be checked against the EIR, to see whether or not the
mobile device is on a stolen list, not type approved, etc. If it is on such a list then it
may not be allowed to register with the network. Once the IMSI and IMEI have been
successfully checked, the MSC requests information about the subscriber from the HLR,
which will include services available and other details. The MSC will now register the
mobile device in the VLR, which will in turn inform the HLR of the current location of
this mobile device. The MSC also provides the mobile device with a temporary identi¬er
(TMSI) which is used in any future transactions with the mobile device. Using a temporary
identi¬er, TMSI increases overall security since the IMSI of the mobile device is not sent
frequently over the air. The TMSI also consists of a smaller number of digits (4 bytes)
3.6 PROTOCOLS AND SIGNALLING 65


Home-PLMN

HLR AuC EIR


Encrypted using Kc
ES
BSS
SR
nd
SI
Mobile
ca
M
I ,K
Station
ND
NSS RA
SIM Abis

ME
BSC
BTS
TRAU MSC/VLR
RAND
SRES'

Figure 3.19 GSM authentication

than the IMSI and thus also increases ef¬ciency. The initial signalling procedure is now
complete. The mobile device is now assigned an SDCCH or a TCH and its call proceeds.



3.6 PROTOCOLS AND SIGNALLING
GSM has been designed with open interfaces in mind and a simpli¬ed diagram of the
protocols used over these interfaces is illustrated in Figure 3.20. It can be seen that
the air interface consists of the GSM time slots and frequency bands as denoted by
TDMA/FDMA. Above this is the point-to-point link access protocol D (LAPD) channel
protocol, which is the link layer for traditional ISDN signalling. A modi¬ed version of
this, LAPDm (TS04.06), is used over the air interface between the BTS TRX and the
mobile device. It is modi¬ed since the GSM air interface layer 1 already has an FEC
mechanism and thus the LAPD CRC error detection at the datalink layer is not required.
Also LAPD messages begin and end with an 8-bit synchronization ¬‚ag, which is not
required due to the GSM timing relationship between data and the time slot over the
air. The address ¬eld includes the 3-bit service access point identi¬er (SAPI). SAPI 0 is
used for call control, mobility management and radio resource signalling. SAPI 3 is used
for SMS. All other values are currently reserved for future standardization. This datalink
layer also provides the ability to assign three levels of priority, high, normal and low, to
messages that are transferred in dedicated mode on SAPI 0. Priority is generally given
to radio resource management (RR) messages over both mobility management (MM) and
connection management (CM).
The RR layer is used to establish, maintain and release RR connections which allow
a point-to-point dialogue between the mobile device and the network. This connection is
used for data and user signalling. The procedures include cell selection and reselection
as well as the handover procedures and reception of the BCCH and CCCH when no RR
connection is established. Figure 3.21 shows a sample of RRM messages.
66 GSM FUNDAMENTALS




Abis




Mobile
Station
BTS BSC MSC
BSS
Um A
CM CM
MM MM

RR BSSAP
RR BSSAP

SCCP SCCP
LAPD LAPD

MTP MTP
TDMA/FDMA TDMA/FDMA



Figure 3.20 GSM protocols

Type Messages

RR INITIALISATION REQUEST

Channel establishment IMMEDIATE ASSIGNMENT

PACKET ASSIGNMENT

Ciphering CIPHERING MODE COMMAND CIPHERING MODE COMPLETE

ASSIGNMENT COMMAND ASSIGNMENT COMPLETE
Handover
HANDOVER COMMAND HANDOVER COMPLETE

PAGING REQUEST(1-3) PAGING RESPONSE
Paging and notification
INTER SYSTEM TO UTRAN HANDOVER



Figure 3.21 Example RRM messages


The MM layer is required to support the mobility of the mobile device. This includes
informing the network of its present location and providing user authentication. It also
provides connection management services to the CM layer. Figure 3.22 shows a sample
of MM messages.
The CM layer is functionally split into a number of different entities. These include call
control (CC), short message service support (SMS), supplementary services support (SS)
3.6 PROTOCOLS AND SIGNALLING 67


Type Messages

IMSI DETACH INDICATION
Registration
LOCATION UPDATING REQUEST LOCATION UPDATING ACCEPT

AUTHENTICATION REQUEST AUTHENTICATION RESPONSE
Security
IDENTITY REQUEST IDENTITY RESPONSE

Connection CM SERVICE REQUEST CM SERVICE ACCEPT

CM RE-ESTABLISHMENT REQUEST

<<

. 15
( 132 .)



>>