SIX WEEKS SUMMER TRAINING REPORTON

TELECOMMUNICATION

Submitted by

Saransh Sinha

11108057

B.TECH-ECE

Under the Guidance of

Er.Amandeep Singh SainiRF PLANNER AND OPTIMIZATIONENGINEER

School of Electronics and Electrical EngineeringLovely Professional University, Phagwara, Punjab(June-July, 2014)

DECLARATION

I hereby declare that I have completed my six weeks summer training at APPIN TECHNOLOGIES Pvt. Ltd from 11 June to 23 July under the guidance of Er. Amandeep Singh Saini. I have declare that I have worked with full dedication during these six weeks of training and my learning outcomes fulfill the requirements of training for the award of degree of Electronics and Communication Engineering, Lovely Professional University, Phagwara, Punjab. (Signature of student) Saransh Sinha 11108057

Date: 4th August,2014

ACKNOWLEDGEMENT

The successful completion of any task would be incomplete without accomplishing the people who made it all possible and whose constant guidance and encouragement secured us the success

This seems to be a fitting moment for me to express my heartfelt gratitude towards all those who helped me tirelessly and patiently in my training work. It gives me a great sense of pleasure to present this report on my 6 week summer training. Training in an organization like APPIN TECHNOLOGIES PVT. LIMITED which is fuelled by the individuals with so much zest & energy, teaming up to form a formidable force, was in itself a true learning experience which is going to help us immensely in our career.

To begin with, I express my sincere thanks to Mr.Paramvir saini (Managing Director). I owe special debt of gratitude to Er. Amandeep Singh Saini for allowing me to avail all the available amenities in the division. They kept faith in me and made me an active member of my team. I am thankful to them for sharing their vast resource of knowledge and experience with me.I am thankful to APPIN TECHNOLOGIES PVT. LIMITED, for giving me an opportunity to undertake my Six Weeks Summer Training.

I also must place my gratitude to my college teachers for their valuable advice and guidance in carrying out this enjoyable and productive experience, which provided me a great opportunity to search new horizons.

ORGANIZATION OVERVIEWAppin Technologies (ISO Certified) is a provider of Telecommunication and IT based solutions, including software, equipment and systems integration services. Appin Technologies develops and provides products, solutions, and professional services primarily for Telecommunications/IT companies.

Organisation Profile: Appin Technologies includes the following areas-

Telecommunications

Network Solutions Next Generation Networks Wireless Broadband Service Data Transmission Value-added Systems and Intelligent Networks Network Deployment and Integration New Technologies

Operation & Business Support Network Monitoring Network and Service Management Fulfillment Billing and Customer Care Management

100% Placements The company has tie-ups with all the major companies of India such as NOKIA-SIEMENS, TATA, IDEA, ZTE, CONNECT, TATA-DOCOMO, VODAFONE, etc. The company assures 100% placement assistance .

ORGANIZATION PROFILE

Company Name: Appin Technologies. Director: Mr.Paramvir saini

TABLE OF CONTENTS

1.GSM Fundamentals. a. Brief History b. Frequency bands c. GSM service 2. Features of GSM.a. Increased Capacity b. Audio Quality c. Improved Security 55d. Cleaner Handovers e. Frequency reuse

3. GSM Architecture Overviewa. Mobile equipment b. BSS(base station subsystem) i. BSC(base station controller) ii. BTS(base transceiver station) c. NSS(network and switching subsystem ) i. MSC(mobile switching centre)

ii. HLR(home location register)

iii. VLR(visitor location register) iv. AUC(authentication centre) v. EIR(equipment identity register)

4. GSM IDENTIFIERS

a. International Mobile Station Equipment Identity(IMEI)

b. International Mobile Subscriber Identity (IMSI)

c. Mobile Subscriber ISDN Number (MSISDN)

d. Mobile Station Roaming Number ( MSRN)

e. Local Area Identity (LAI)

GSM FUNDAMENTALS

Introduction to GSM (Global System for Mobile Communications)

INTRODUCTION

1.The Global System for Mobile Communications (GSM) is a set of recommendations and specifications for a digital cellular telephone network (known as a Public Land Mobile Network, or PLMN).

2.These recommendations ensure the compatibility of equipment from different GSM manufacturers, and interconnectivity between different administrations, including operation across international boundaries.

3.GSM networks are digital and can cater for high system capacities.

4.They are consistent with the world-wide digitization of the telephone network, and are an extension of the Integrated Services Digital Network (ISDN), using a digital radio interface between the cellular network and the mobile subscriber equipment.

GSM (Global System for Mobile Communication)

Definition :

Global system for mobile communication (GSM) is a globally accepted standard for digital cellular communication. GSM is the name of a standardization group established in 1982 to create a common European mobile telephone standard that would formulate specifications for a pan-European mobile cellular radio system operating at 900 MHz. It is estimated that many countries outside of Europe will join the GSM partnership.

Brief History

The Global System for Mobile communication (GSM) is an ETSI (European Telecommunication Standard Institute) standard for 2G pan European digital cellular with international roaming. The main purpose of the group was to develop a 2G standard to resolve the roaming problem in the six existing different 1G analog systems in Europe. In 1986, the task force was formed, and in 1987 a memorandum of understanding (MoU) was signed. In 1989, ETSI included GSM in its domain. In 1991, the specification of the standard was completed, and in 1992, the first deployment started. By the year 1993, thirty two operators in 22 countries adopted the GSM standard, and by 2001, close to 150 countries had adopted GSM for cellular adaptation

Frequency Bands

This GSM system is a frequency and time division system. Each physical channel is characterized by a carrier frequency and a time slot number. GSM system frequencies include two bands at 900 MHZ and 1800 MHz commonly referred to as the GSM 900 and DCS 1800 systems. For the primary band in the GSM 900 system, 124 radio carriers have been defined and assigned in two sub-bands of 25 MHz each in the 890 915 MHz and 935-960 MHz ranges with channel width of 200 kHz (these sub-bands are always referred as downlink as well as uplink respectively, we will see this concept in detailed in channel concepts later in this module). Each carrier (a total channel width of 200 KHz) is divided into frames of 8 time slots. For DCS 1800, there are two sub bands of 75 MHz in the 1710 1785 MHz and 1805 1880 MHz ranges

GSM SERVICES

To study any system, it is very important to know the services, which the system supports or provides. Analog cellular systems were developed for a single application that is voice and in a manner similar to analog access to PSTN, other data services such as fax and voice-band modems were defined as overlay services on top of the analog voice service. GSM is an integrated voice-data service that provides a number of services beyond cellular telephone. These services are divided into three major categories. They are Teleservices, Bearer services and supplementary services.

FEATURES OF GSM

INCREASED CAPACITY

1. The GSM system provides a greater subscriber capacity than analogue systems.

2. GSM allows 25 kHz per user, that is, eight conversations per 200 kHz channel pair (a pair comprising one transmit channel and one receive channel).

3.Digital channel coding and the modulation used makes the signal resistant to interference from cells where the same frequencies are re-used (co-channel interference); a Carrier to Interference Ratio (C/I) level of 12 dB is achieved, as opposed to the 18 dB typical with analogue cellular.

4. This allows increased geographic reuse by permitting a reduction in the number of cells in the reuse pattern.

AUDIO QUALITY

1. Digital transmission of speech and high performance digital signal processors provides good quality speech transmission.

2. Since GSM is a digital technology, the signals passed over a digital air interface can be protected against errors by using better error detection and correction techniques.

3. In regions of interference or noise-limited operation the speech quality is noticeably better than analogue.

IMPROVED SECURITY AND CONFIDENTIALITY

1. GSM offers high speech and data confidentiality.Subscriber authentication can be performed by the system to check if a subscriber is a valid subscriber or not..

2. The GSM system provides for high degree of confidentiality for the subscriber. Calls are encoded and ciphered when sent over air.

3. The mobile equipment can be identified independently from the mobile subscriber. The mobile has an identity number hard coded into it when it is manufactured. This number is stored in a standard database and whenever a call is made the equipment can be checked to see if it has been reported stolen.

CLEANER HANDOVERS

1. GSM uses Mobile assisted handover technique.

2. The mobile itself carries out the signal strength and quality measurement of its server and signal strength measurement of its neighbors.

3. This data is passed on the Network which then uses sophisticated algorithms to determine the need of handover.

SUBSCRIBER IDENTIFICATION

1. In a GSM system the mobile station and the subscriber are identified separately.

2. The subscriber is identified by means of a smart card known as a SIM.

3. This enables the subscriber to use different mobile equipment while retaining the same subscriber number.

ENHANCED RANGE OF SERVICES

1. Speech services for normal telephony.

2. Short Message Service for point ot point transmission of text message.

3. Cell broadcast for transmission of text message from the cell to all MS in its coverage area. Message like traffic information or advertising can be transmitted.

4. Fax and data services are provided. Data rates available are 2.4 Kb/s, 4.8 Kb/s and 9.6 Kb/s.

5. Supplementary services like number identification, call barring, call forwarding, charging display etc can be provided.

FREQUENCY REUSE

1. There are total 124 carriers in GSM ( additional 50 carriers are available if EGSM band is used).

2. Each carrier has 8 timeslots and if 7 can be used for traffic then a maximum of 868 (124 X 7) calls can be made. This is not enough and hence frequencies have to be reused.

3. The same RF carrier can be used for many conversations in several different cells at the same time.

4. The radio carriers available are allocated according to a regular pattern which repeats over the whole coverage area.

5. The pattern to be used depends on traffic requirement and spectrum availability.

6. Some typical repeat patterns are 4/12, 7/21 etc.

GSM ARCHITECTURE

MOBILE EQUIPMENT

There are different types of terminals/mobile equipment distinguished principally by their power and application:

1.The `fixed' terminals are the ones installed in cars. Their maximum allowed output power is 20 W.

2.The GSM portable terminals can also be installed in vehicles. Their maximum allowed output power is 8W.

3.The handheld terminals have experienced the biggest success thanks to their weight and volume, which are continuously decreasing. These terminals can emit up to 2 W. The evolution of technologies allows decreasing the maximum allowed power to 0.8W.

MOBILE STATION

The MS includes radio equipment and the man machine interface (MMI) that a subscribe needs in order to access the services provided by the GSM PLMN. MS can be installed in Vehicles or can be portable or handheld stations. The MS may include provisions for data communication as well as voice. A mobile transmits and receives message to and from the GSM system over the air interface to establish and continue connections through the system.Different type of MSs can provide different type of data interfaces. To provide a common model for describing these different MS configuration, reference configuration for MS, similar to those defined for ISDN land stations, has been defined. Each MS is identified by an IMEI that is permanently stored in the mobile unit. Upon request, the MS sends this number over the signaling channel to the MSC. The IMEI can be used to identify mobile units that are reported stolen or operating incorrectly. Just as the IMEI identities the mobile equipment, other numbers are used to identity the mobile subscriber. Different subscriber identities are used in different phases of call setup. The Mobile Subscriber ISDN Number (MSISDN) is the number that the calling party dials in order to reach the subscriber. It is used by the land network to route calls toward an appropriate MSC. The international mobile subscribe identity (IMSI) is the primary function of the subscriber within the mobile network and is permanently assigned to him. The GSM system can also assign a Temporary Mobile Subscriber Identity (TMSI) to identity a mobile. This number can be periodically changed by the system and protect the subscriber from being identified by those attempting to monitor the radio channel.

Functions of MS

The primary functions of MS are to transmit and receive voice and data over the air interface of the GSM system. MS performs the signal processing function of digitizing, encoding, error protecting, encrypting, and modulating the transmitted signals. It also performs the inverse functions on the received signals from the BS. In order to transmit voice and data signals, the mobile must be in synchronization with the system so that the messages are the transmitted and received by the mobile at the correct instant. To achieve this, the MS automatically tunes and synchronizes to the frequency and TDMA timeslot specified by the BSC. This message is received over a dedicated timeslot several times within a multiframe period of 51 frames. The exact synchronization will also include adjusting the timing advance to compensate for varying distance of the mobile from the BTS. MS keeps the GSM network informed of its location during both national and international roaming, even when it is inactive. This enables the System to page in its present LA.

Finally, the MS can store and display short received alphanumeric messages on the liquid crystal display (LCD) that is used to show call dialing and status in formation. These messages are limited to 160 characters in length (varies from mobile to mobile).

Power Levels

These are five different categories of mobile telephone units specified by the European GSM system: 20W, 8W, 5W, 2W, and 0.8W. These correspond to 43-dBm, 39-dBm, 37-dBm, 33-dBm, and 29-dBm power levels. The 20-W and 8-W units (peak power) are either for vehicle-mounted or portable station use. The MS power is adjustable in 2-dB steps from its nominal value down to 20mW (13 dBm). This is done automatically under remote control from the BTS, which monitors the received power and adjusts the MS transmitter to the minimum power setting necessary for reliable transmission.

The SIMThe SIM is a smart card that identifies the terminal. By inserting the SIM card into the terminal, the user can have access to all the subscribed services. Without the SIM card, the terminal is not operational. The SIM card is protected by a four-digit Personal Identification Number (PIN). In order to identify the subscriber to the system, the SIM card contains some parameters of the user such as its International Mobile Subscriber Identity (IMSI). Another advantage of the SIM card is the mobility of the users. In fact, the only element that personalizes a terminal is the SIM card. Therefore, the user can have access to its subscribed services in any terminal using its SIM card.

Equipment identification The purpose of equipment identification is to ensure that no stolen or otherwise unauthorized mobiles are used in the network. To this end, every mobile is provided with a tamper-proof equipment number in the manufacturing process, in GSM an international mobile equipment identity (IMEI). During the set-up phase, the MSC can request this number from the mobile and then send it on for checking in the network element called EIR (in GSM). If the number is barred or unknown, the set-up attempt is rejected.Subscriber identity confidentiality

Subscriber identity confidentiality means that the operator tries to protect the user's telephone number (the IMSI) from unauthorized tapping. A temporary mobile subscriber number (TMSI in GSM) is used in the dialogue between the mobile and the network, except for the first contact attempt in a set-up phase. The MSC gives the mobile a random TMSI for each set-up.

LOCATION AREA IDENTITY (LAI)

It identifies the current location of the subscriber.

LAI=MNC+MCC+LAC

Where:

MCC= Mobile Country Code

MNC= Mobile Network Code (2 digit). Identifies the GSM PLMN in that country and takes the same value as the MNC in IMSI.

LAC= Location Area Code (max. 16 bits). Identifies a location area within a GSM PLMN Network & enabling 65536 different location areas to be defined in one GSM PLMN.

SUBSCRIBER AUTHENTICATION KEY (Ki)

It is used to authenticate the SIM card.

PERSONAL IDENTITY NO. It is used to unlock the MS. If one enters the wrong PIN three times it will lock the SIM. The SIM can be protected by use of PIN password.PIN UNBLOCKING KEY (PUK) In case of PIN, the PUK is needed for unlocking the SIM again. PUK is numeric only, with eight digits. If a correct PUK is entered, an indication is given to the user. After 10 consecutive incorrect entries the SIM is blocked. Either the IMSI or the MSISDN Number may access the subscriber data. Some of the parameters like IAI will be continuously updated to reflect the current location of the subscriber. The SIM is capable of storing additional information such as accumulated call charges. This information will be accessible to the customer via handset key entry.TECHNICAL DEPARTMENT HIERARCHY

Technical department has four main streams:

1. Network Switching System (NSS) & Base Station Subsystem (BSS)

2. Network Planning

3. Operation Maintenance & controlling (OMC)

4. Operation and Maintenance (O&M)

Base Station Subsystem (BSS)The BSS connects the Mobile Station and the NSS. It is in charge of the transmission and reception. The BSS can be divided into two parts:

1.The Base Transceiver Station (BTS) or Base Station. 2.The Base Station Controller (BSC).

Base Transceiver Station (BTS)

The BTS controls the radio interface to the MS. The BTS comprises the radio equipment such as transceivers and antennas which are needed to serve each cell of the network. A BTS is usually placed in the centre of a cell. Its transmitting power defines the size of a cell. Each BTS has between one and sixteen transceivers depending on the density of users in the cell.

BTS has 4 functional parts :1. Transmission unit 2. Control functions 3. TRX 4. Combiner1. Transmission unit

The task of the transmission unit is to connect the BTS to the Abis interface and, in doing so, create different types of transmission configuration possibilities. All of the Nokia BTSs have integrated transmission units. Certain Talk-family models offer additional integrated radio relay links. Transmission units are monitored by the operation and maintenance unit by means of an internal Q1 bus.

2.Control functions

Control functions can be split into four individual functions: 1. Operation and maintenance 2. Master clock function 3. Frequency hopping control 4. External alarms and controls

That being said, depending on the type of BTS this could mean from one integrated unit to up to four individual plug-in units.a. Operation and maintenance : The O&M processor controls and supervises the operation of all BTS units alone or in co-operation with other processors. It is the main interface for local O&M and controls and supervises the other units as well as delivers all status information to the BSC by means of the O&M signalling link , which it manages. It stores SW as well as downloads SW to the other units. It also downloads the software and configuration information received from the BSC or the MMI to other processors.

b. External alarms and controls : External alarms and controls are programmable interfaces to other devices in the BTS , which can be used to monitor environmental conditions at the BTS site as well as monitor the state of units, which do not have a processor of their own. An example of external alarm might be an intruder alarm or a smoke detector.

c. Frequency hopping control : The frequency hopping control processor controls the frequency hopping functions of the BTS by calculating the frequency hopping algorithm and controls the transceivers through a specific parallel bus.

3. Transceiver (TRX)

The TRX can also contain a varying number of plug-in units depending on the type of BTS. The TRX can basically be thought of in terms of two functional parts: the base band part and the radio part. The radio part can also be split into a transmitter part(Tx) and a receiver part(Rx). The Rx part may also be configured to support antenna diversity , which is supported by all of the BTS products. The functions of the TRX can be divided into two categories: O&M and telecommunication control. One of the most important functions relative to O&M is to download the software and configuration information received from the main O&M processor to its slave processors (DSPs). In terms of telecommunication control, we can apply many of the functions examined in the previous section directly to the TRX. Apart from digitizing and source coding, all of these are in fact performed in the TRX, speech coding being performed in the transcoder. It is important to remember that in the uplink direction the mobile will perform the same functions as well as digitizing and speech coding.Relative to the other functions of the TRX, we could also mention channel equalization, adaptive frame alignment, RACH channel detection and measurements as TRX functions. TRX software is also designed to handle a number of signalling scenarios including call set-up and release, handovers, TX power control, Air-interface measurements and short messages.

Functionality of the BSC

The BSC manages a variety of tasks ranging from channel administration to short messaging service. Furthermore the BSC provides interfaces to other network elements. The main functionalities are explained in brief below. The following BSC functionalities consist of basic and optional functionalities. These functionalities and options are described in more detail in BSS feature descriptions.

General functionalities

A. Management of terrestrial channels

1. Indication of blocking on the A interface channels between the BSC and the MSC 2. Allocation of traffic channels between the BSC and the BTSs 3. Pool support for A interface circuits 4. concept support for flexible channel assignments, for example, half rate and high speed circuit switched data

B. Management of radio channels

1.Management of channel configurations, that is, how many traffic channels and signalling channels can be used in the BSS. This is done in connection with radio network configuration. 2.Management of traffic channels (TCH) and stand-alone dedicated control channels (SDCCH). This function can be subdivided into the following tasks: - resource management - channel allocation - link supervision - channel release - power control3. Management of broadcast control channels (BCCH) and common control channels (CCCH). This function can be subdivided into the following tasks: - channel management - random access - access grant - paging - Management of PCCCH/PBCCH for (E)GRPS

C. Management of frequency hopping:

The BSC is in charge of frequency hopping management which enables effective use of radio resources and enhanced voice quality for a GSM subscriber.

1. Handovers

The frequency of the mobile is changed in connection with handovers which are executed and controlled by the BSC. Such a handover can be one of the following three types: a. Intra-BSC, intra-cell (both intra-TRX and inter-TRX), which means that the handover takes place within the area controlled by the BSC and the mobile stays in the same cell b. Intra-BSC, inter-cell, which means that the mobile stays in the area of the BSC but moves from one cell to another c. Inter-BSC, both outgoing and incoming, which means that the mobile moves into the area of another BSC

Management of signalling channels between the BSC and the BTSs The BSC supervises all 16, 32 or 64 kbit/s permanent point-to-point LAPD signalling connections, consisting of one connection per Transceiver Unit (TRX) and BTS Operation and Maintenance Unit (OMU).

Maintenance

The BSC offers the possibility for the following maintenance procedures: Fault localization for the BSC Reconfiguration of the BSC Reconfiguration support to the BTS Updating of the software in the BSC, TCSM2 and BTSOperation

During normal operation on, the BSC offers various possibilities for the operator: modification of the parameters of the BSC and the BTS modification of the radio network parameters configuration of the BSC hardware administration of the BSC equipmentNetwork and Switching Subsystem (NSS)

The switching system (SS) is responsible for performing call processing and subscriber-related functions.

The different components of the NSS are described below: Mobile services Switching Centre (MSC) The MSC performs the telephony switching functions for the mobile network. It controls calls to and from other telephone and data systems such as Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN), public data networks, private networks and other mobile networks.

Explanation

The Mobile Switching Center or MSC is the primary service delivery node for GSM, responsible for handling voice calls and SMS as well as other services (such as conference calls, FAX and circuit switched data). The MSC sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring. In the GSM mobile phone system, in contrast with earlier analogue services, fax and data information is sent directly digitally encoded to the MSC. Only at the MSC is this re-coded into an "analogue" signal . There are various different names for MSCs in different contexts which reflects their complex role in the network, all of these terms though could refer to the same MSC, but doing different things at different times. A Gateway MSC is the MSC that determines which visited MSC the subscriber who is being called is currently located. It also interfaces with the Public Switched Telephone Network. All mobile to mobile calls and PSTN to mobile calls are routed through a GMSC. The term is only valid in the context of one call since any MSC may provide both the gateway function and the Visited MSC function, however, some manufacturers design dedicated high capacity MSCs which do not have any BSSes connected to them. These MSCs will then be the Gateway MSC for many of the calls they handle. The Visited MSC is the MSC where a customer is currently located. The VLR associated with this MSC will have the subscriber's data in it. The Anchor MSC is the MSC from which a handover has been initiated. The Target MSC is the MSC toward which a Handover should take place.Mobile Switching Centre Server (MSS)The Mobile Switching Centre Server or MSC Server is a soft switch variant of Mobile Switching Centre, which provides circuit-switched calling, mobility management, and GSM services to the mobile phones roaming within the area that it serves. MSC Server functionality enables split between control (signalling) and user plane (bearer in network element called as Media Gateway), which guarantees more optimal placement of network elements within the network.Other GSM Core Network Elements connected to the MSCThe MSC connects to the following elements:

1. The HLR for obtaining data about the SIM and MSISDN

2. The Base Station Subsystem which handles the radio communication with 2G and 2.5G mobile phones.

3. The UTRAN which handles the radio communication with 3G mobile phones.

4. The VLR for determining where other mobile subscribers are located.

Tasks of the MSC include

1. Delivering calls to subscribers as they arrive based on information from the VLR .

2. Connecting outgoing calls to other mobile subscribers or the PSTN.

3. Delivering SMSs from subscribers to the SMSC and vice versa. 4. Arranging handovers from BSC to BSC.

5. Carrying out handovers from this MSC to another.

6. Supporting supplementary services such as conference calls or call hold.

7. Generating billing information.

Home Location Register (HLR)

The HLR is a centralized network database that stores and manages all mobile subscriptions belonging to a specific operator. It acts as a permanent store for a persons subscription information until that subscription is canceled. The information stored includes:

1. Subscriber identity.

2. Subscriber supplementary services.

3. Subscriber location information.

4. Subscriber authentication information.The 'Home Location Register' or HLR is a central database that contains details of each mobile phone subscriber that is authorized to use the GSM core network. There is one logical HLR per PLMN, although there may be multiple physical platforms. The HLR stores details of every SIM card issued by the mobile phone operator. Each SIM has a unique identifier called an IMSI which is the primary key to each HLR record. The next important items of data associated with the SIM are the MSISDNs, which are the telephone numbers used by mobile phones to make and receive calls. The primary MSISDN is the number used for making and receiving voice calls and SMS, but it is possible for a SIM to have other secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a primary key to the HLR record.

Examples of other data stored in the HLR against an IMSI record are:

1. GSM services that the subscriber has requested or been given

2. GPRS settings to allow the subscriber to access packet services

3. Current Location of subscriber (VLR and SGSN)

4. Call divert settings applicable for each associated MSISDN.

5. The HLR data is stored for as long as a subscriber remains with the mobile phone operator.

The HLR is a system which directly receives and processes MAP transactions and messages from elements in the GSM network, for example, the Location Update messages received as mobile phones roam around.

The HLR connects to the following elements: 1. The Gateway MSC (G-MSC) for handling incoming calls

2. The VLR for handling requests from mobile phones to attach to the network

3. The SMSC for handling incoming SMS

4. The voice mail system for delivering notifications to the mobile phone that a message is waiting.

Procedures implemented

The main function of the HLR is to manage the fact that SIMs and phones move around a lot. The following procedures are implemented to deal with this: Manage the mobility of subscribers by means of updating their position in administrative areas called 'location areas', which are identified with a LAC. The action of a user of moving from one LA to another is followed by the HLR with a Location area update while retrieving information from BSS as BSIC (cell identifier). Send the subscriber data to a VLR or SGSN when a subscriber first roams there. Broker between the GMSC or SMSC and the subscriber's current VLR in order to allow incoming calls or text messages to be delivered. Remove subscriber data from the previous VLR when a subscriber has roamed away from it.

Visitor Location Register (VLR)

The VLR database contains information about all the mobile subscribers currently located in the MSC service area. Thus, there is one VLR for each MSC in a network. The VLR temporarily stores subscription information so that the MSC can service all the subscribers currently visiting that MSC service area. The VLR can be regarded as a distributed HLR as it holds a copy of the HLR information stored about the subscriber. When a subscriber roams into a new MSC service area, the VLR connected to that MSC requests information about the subscriber from the subscribers HLR. The HLR sends a copy of the information to the VLR and updates its own location information. When the subscriber makes a call, the VLR will already have the information required for call set-up.

Authentication Center (AUC)

AUC provides authentication and encryption parameters that verify the user's identity and ensure the confidentiality of each call. The AUC protects network operators from different types of fraud found in today's cellular world. The AUC is a database connected to the HLR which provides it with the authentication parameters and ciphering keys used to ensure network security. The 'Authentication Centre' or AUC is a function to authenticate each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network. If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AUC processing. Proper implementation of security in and around the AUC is a key part of an operator's strategy to avoid SIM cloning. The AUC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure. The security of the process depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AUC. This Ki is never transmitted between the AUC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.

Other GSM Core Network Elements connected to the AUC The AUC connects to the following elements: The MSC which requests a new batch of triplet data for an IMSI after the previous data have been used. This ensures that same keys and challenge responses are not used twice for a particular mobile.Procedures implemented

The AUC stores the following data for each IMSI: 1. The Ki

2. Algorithm id (the standard algorithms are called A3 or A8, but an operator may choose a proprietary one).When the MSC asks the AUC for a new set of triplets for a particular IMSI, the AUC first generates a random number known as RAND. This RAND is then combined with the Ki to produce two numbers as follows: The Ki and RAND are fed into the A3 algorithm and a number known as Signed response or SRES is calculated. The Ki and RAND are fed into the A8 algorithm and a session key called Kc is calculated. The numbers (RAND, SRES, KC) form the triplet sent back to the MSC. When a particular IMSI requests access to the GSM core network, the MSC sends the RAND part of the triplet to the SIM. The SIM then feeds this number and the Ki (which is burned onto the SIM) into the A3 algorithm as appropriate and an SRES is calculated and sent back to the MSC. If this SRES matches with the SRES in the triplet (which it should if it is a valid SIM), then the mobile is allowed to attach and proceed with GSM services. After successful authentication, the MSC sends the encryption key Kc to the Base Station Controller (BSC) so that all communications can be encrypted and decrypted. Of course, the mobile phone can generate the Kc itself by feeding the same RAND supplied during authentication and the Ki into the A8 algorithm.

The AUC is usually collocated with the HLR, although this is not necessary. Whilst the procedure is secure for most everyday use, it is by no means crack proof. Therefore a new set of security methods was designed for 3G phones.

Radio Interface Radio interface is the interface between the MS and the RBS. It is also called as Um interface. This interface has three layers (OSI). They are Physical Layer (Layer1), Data Link Layer (Layer2) and Network Layer (Layer3)

Network Layer (Layer3):

This layer provides the Mobile Network Signaling (MNS) service to the user application. The basic functions of this layer are to establish, maintain and terminate circuit switched connections across a GSM PLMN and other networks to which the PLMN is connected. Also it supports functions for supplementary services and short message service This layer consists of three-sub layer which are basically protocol control entities. They are a. Connection Management (CM) b. Mobility Management (MM) c. Radio Resource Management (RR) In the MS, entities from all three sub layers are present however on the network side there is a distribution of the signaling functions between different network equipment. The RR function resides mainly in the BSC. The MM and CM functions are located in the MSC. In the BTS most of the RR messages are handled as transparent message. However some of them must be interpreted by the BTS.

a. Mobility Management : The following functions are being carried out by this Mobility management MM sub layer. All the functions regarding the location of the MS, which includes location updating type normal, location update type periodic registration and location updating type IMSI attach. It provides the user identity procedures. These procedures are authentication, TMSI reallocation, IMSI detach and identification of the MS by requesting either IMSI or IMEI.b. Radio Resource Management : The main purpose of this sub layer is to establish, maintain and release a dedicated connection between the MS and the network. This includes handover procedures, cell selection at power on and cell re-selection in idle mode, recovery from lack of coverage in idle mode. The following are the basic RR functions. On the downlink, the RR sub layer sends system information to the busy MS. On the uplink, the MS transmits measurement reports. The network may use the RR ciphering mode-setting procedure for setting the ciphering mode. The class mark change procedure is used by the MS to provide the system with additional MS class mark information. It is also used to indicate to the network a change in class mark. For example, when the power capabilities of a hand held MS are changed because the MS is connected to external power in a vehicle.

Equipment Identity Register (EIR)

The EIR is also used for security purposes. It is a register containing information about the mobile equipments. More particularly, it contains a list of all valid terminals. A terminal is identified by its International Mobile Equipment Identity (IMEI). The EIR allows then to forbid calls from stolen or unauthorized terminals (e.g., a terminal which does not respect the specifications concerning the output RF power).

GSM IDENTIFIER

INTERNATIONAL MOBILE SSTATION EQUIPMENT IDENTITY (IMEI) The International Mobile Station Equipment Identity uniquely identifies the mobile station internationally. It is a kind of a serial number. The IMEI is allocated by the equipment manager and registered by the nework operator who stores it in the EIR.There are following parts of an IME:TYPE APPROVAL CODE (TAC): 6 decimal places,centrally assignedFINAL ASSEMBLY CODE (FAC): 6 decimal places,assigned by the manufacturerSERIAL NUMBER (SNR): 6 decimal places,assigned by the manufacturerSPARE (SP): 1decimal place IMEI = TAC + FAC + SNR + SP

INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI)

IMSI is a unique identification associated with all GSM and UMTS network phone users. It is stored as a 64-bit field in the SIM inside the phone and is sent by the phone to the network. An IMSI is usually presented as a 15 digit long number,but can be shorter. The IMSI conforms to the UT E.212 numbering standards. IMSI = MCC + MNC + MSIN Example:MCC 404 INDIAMNC 68 MNTL DELHIMSIN 5505601234

MOBILE SUBSCRIBER ISDN NUMBER (MSISDN)The real telephone number of a mobile station is the MOBILE SUBSCRIBER ISDN NUMBER (MSISDN). It is the assigned to the subscriber such that a mobile station set can have several MSISDNs depending upon the SIM.The MSISDN categories follow the international ISDN number plan and therefore have the following structure :COUNTRY CODE (CC) : Upto 3 decimal placesNATIONAL DESTINATION CODE (NDC) : Typically 2-3 decimal placesSUBSCRIBER NUMBER (SN) : Maximum 10 decimal places

MOBILE STATION ROAMING NUMBER (MSRN)

The Mobile Station Roaming Number is the temporary location dependent ISDN number. It is assigned by the locally responsible VLR to each mobile station in its area. Calls are also routed to the MS by the MSRN.

The MSRN has the same structure as that of MSISDN

COUNTRY CODE (CC) : of the visited networkNATIONAL DESTINATION CODE (NDC) : of the visited networkSUBSCRIBER NUMBER (SN) : in the current mobile network

LOCATION AREA IDENTITY (LAI)Each LA of an PLMN has its own identifiers. The Location Area Identifier is also structured hierarchically and internationally unique as follows.

COUNTRY CODE (CC) : 3 decimal placesMOBILE NETORK CODE (MNC) : 2 decimal placesLOCATION AREA CODE (LAC) : maximum 5 decimal places

PERIODIC APPRAISAL PERFORMA (To be filled by External Advisor)

Name of Student: Sourabh Kumar Registration No: 1110552926