Difference between revisions of "GSM Concepts"

From YateBTS
Jump to: navigation, search
(Mobile Devices)
 
(61 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==GSM Concepts==
+
This page will cover basic concepts related to a typical GSM network, its key components, and the role of YateBTS in such a network.
 +
Furthermore, the following sections of this page will describe GSM elements such as: the UM interface, its logical channels, GPRS, protocols of Voice over IP and more.
  
===GSM Network architecture===
+
==GSM Network architecture==
+
  
In this section we shall present basic notions about the GSM network.  
+
GSM, also known as Global System for Mobile Communications, is a mobile communications standard set up by the European Telecommunications Standards Institute and contains the protocols that define
 +
2G cellular networks.
 +
In time, GSM went beyond voice mobile telephony and now includes data communications, first through GPRS (General Packet Radio Services) and later through EDGE (Enhanced Data rates for GSM Evolution)<ref>Wikipedia contributors . ”GSM”. Wikipedia, The Free Encyclopedia, 2014 Jul 04, 18:00 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM.</ref>.
  
 +
The architecture of a GSM network is comprised of the following:
  
===GSM frequency bands===
+
* a Mobile Station (MS)
 +
* a Base Station Subsystem (BSS)
 +
** a Base Station Controller (BSC)
 +
** a Base Transciever Station
 +
* a Network and Switching Subsystem (NSS)
 +
** a Home Location Register (HLR)
 +
** a Mobile Switching Center (MSC)
 +
** a Visitor Location Register (VLR)
 +
** an Authentication Center (AuC)
 +
** Equipment Identity Register (EIR)
 +
* an Operations Support System (OSS)
 +
 
 +
Optionally, if the GSM network includes the transmission of IP packets for data, the GPRS core network needs to be added to the architecture.
 +
The GPRS components as a part of the network switching subsystem.
 +
 
 +
* the Serving GPRS Support Node (SGSN)
 +
* the Gateway GPRS Support Node (GGSN)
 +
* the GPRS tunnelling protocol (GTP)
 +
* an access point
 +
* a PDP context
 +
* various reference points and interfaces
 +
 
 +
All these components will be described in depth below.
 +
 
 +
==GSM frequency bands==
 
        
 
        
GSM frequency bands or frequency ranges are the cellular frequencies designated by the ITU for the operation of GSM mobile phones.
+
GSM frequency bands have been designated by the ITU and allow GSM mobile stations to function.  
   
+
The name of the systems of the frequency bands are as follows:
+
   
+
- P-GSM, Standard or Primary GSM-900 Band
+
- E-GSM, Extended GSM-900 Band (includes Standard GSM-900 band)
+
- R-GSM, Railways GSM-900 Band (includes Standard and Extended GSM-900 band)
+
- T-GSM, Trunking-GSM
+
   
+
  
'''There are fourteen bands defined in 3GPP TS 45.005'''
+
There are four main classes of GSM bands:
   
+
   
+
[[File:GSM_frequency_bands.png]]
+
   
+
  
===Mobile Station===
+
* P-GSM, Standard or Primary GSM-900 Band
 +
* E-GSM, Extended GSM-900 Band (includes Standard GSM-900 band)
 +
* R-GSM, Railways GSM-900 Band (includes Standard and Extended GSM-900 band)
 +
* T-GSM, Trunking-GSM
 +
 
 +
The 3GPP TS 45.005 standard, in its second chapter, identifies 14 GSM bands<ref> 3GPP TS 45.005 version 10.0.0 Release 10. "2. Frequency bands and channel arrangement", p. 14; 2011 Apr. Available from: http://www.etsi.org/deliver/etsi_ts/145000_145099/145005/10.00.00_60/ts_145005v100000p.pdf</ref>  .
 +
 +
However, there are four globally standardized bands for commercial purposes.
 +
 
 +
{| border="1" style="border-collapse:collapse"
 +
| '''System'''
 +
| '''Band'''
 +
| '''Uplink (MHz)'''
 +
| '''Downlink (MHz)'''
 +
| '''Region'''
 +
|-
 +
| GSM 850
 +
| 850
 +
| 824 – 849
 +
| 869 – 894
 +
| North America, the Caribbean and Latin America
 +
|-
 +
| E-GSM 900
 +
| 900
 +
| 880 – 915
 +
| 925 – 960
 +
| Europe, the Middle East, Africa and Asia-Pacific
 +
|-
 +
| GSM 1800
 +
| 1800
 +
| 1,710 – 1 ,785
 +
| 1,805 – 1,880
 +
| Europe, the Middle East, Africa and Asia-Pacific
 +
|-
 +
| GSM 1900
 +
| 1900
 +
| 1,850 – 1,909
 +
| 1,930 – 1,989
 +
| North America, the Caribbean and Latin America
 +
|}
 +
 
 +
Each frequency is divided in timeslots per each mobile phone.
 +
Therefore, each frequency has eight-full rate or 16 half-rate speech channels.
 +
 
 +
For roaming, mobile phones need to support multiple frequency bands.
 +
 
 +
==Mobile Station (MS)==
 
    
 
    
A MS comprises all user equipment and software needed for communication with a mobile network.
+
The mobile station (MS) is a mobile phone or mobile computer connected through a mobile broadband adapter to the mobile network.
  
The term refers to the global system connected to the mobile network, i.e. a mobile phone or mobile computer connected using a mobile broadband adapter. This is the terminology of 2G systems like GSM.
+
A typical MS for GSM is comprised of the following components:
  
'''In GSM, a mobile station consists of four main components:'''
+
* Mobile termination (MT) – offers common functions such as: radio transmission and handover, speech encoding and decoding, error detection and correction, signalling and access to the SIM.
 +
The IMEI code is attached to the MT.
 +
It is equivalent to the network termination of an ISDN access.
 +
* Terminal equipment (TE) – relates to any device connected to the MS offering services to the user.
 +
It does not contain any functions specific to GSM.
 +
* Terminal adapter (TA) – Provides access to the MT as if it was an ISDN network termination with extended capabilities.
 +
Communication between the TE and MT over the TA takes place using AT commands.
 +
* Subscriber identity module (SIM) – is a removable subscriber identification token storing the IMSI, a unique key shared with the mobile network operator and other data.
  
 +
The MT, TA and TE are enclosed in the same case in the mobile phone.
 +
Generally, different processors handle the MT and TE functions.
 +
The application processor serves as a TE, while the baseband processor serves as an MT, and the communication between both takes place using AT commands, which serves as a TA<ref>Wikipedia contributors. ”Mobile station”. Wikipedia, The Free Encyclopedia, 2013 Dec 16, 13:44 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/Mobile_station.</ref>.
  
- Mobile termination (MT) - offers common functions of a such as: radio Transmission and handover, speech encoding and decoding, Error detection and correction, signalling and access to the SIM.
+
==Base Station Subsystem (BSS)==
The IMEI code is attached to the MT. It is equivalent to the network termination of an ISDN access.
+
 
- item Terminal equipment (TE) - is any device connected to the MS offering services to the user. It does not contain any functions specific to GSM.
+
The BSS takes the role of handling traffic and signalling between an MS and the network switching subsystem.  
- Terminal adapter (TA) - Provides access to the MT as if it was an ISDN network termination with extended capabilities. Communication between the TE and MT over the TA takes place using AT commands.
+
It is comprised of a base transciever station and a base station controller.
- Subscriber identity module (SIM) - is a removable subscriber identification token storing the IMSI a unique key shared with the mobile network operator and other data.
+
 
 +
===Base Transceiver Station (BTS)===
 +
 
 +
The BTS holds the equipment used for sending and receiving radio signals and equipment for performing the communication encryption and decryption with the base station controller.  
 +
A typical BTS has the following components<ref> Wikipedia contributors. ”Base transceiver station”. Wikipedia, The Free Encyclopedia, 2014 Apr 21, 09:13 UTC [cited 2014 Jul 10]. Available from: http://en.wikipedia.org/wiki/Base_transceiver_station</ref>:
 +
 
 +
* a transceiver
 +
* a power amplifier
 +
* a combiner
 +
* a duplexer
 +
* an antenna
 +
* an alarm extension system
 +
* a control function and
 +
* a baseband receiver unit
 +
 
 +
Each BTS deployed in the field acts as a single cell.  
 +
The number of deployed BTSs is determined by taking into account the area and the number of subscribers that need to be served.  
 +
 
 +
===Base Station Controller (BSC)===
 +
 
 +
The BSC has the role of allocating radio channels, receiving measurements from mobile stations and handling handovers from one BTS to another.
 +
 +
It is the anchor between mobile stations and the Mobile Switching Center (MSC).
 +
The BSC is able to manage up to hundreds of BTSs at the same time<ref> Wikipedia contributors. ”Base Station Subsystem - Base station controller”. Wikipedia, The Free Encyclopedia, 2014 Apr 22, 16:34 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Base_Station_Subsystem#Base_station_controller</ref>.
  
 +
==Network Switching Subsystem (NSS)==
  
In a mobile phone, the MT, TA and TE are enclosed in the same case. However, the MT and TE functions are often performed by distinct processors. The application processor serves as a TE, while the baseband processor serves as a MT, communication between both takes place over a bus using AT commands, which serves as a TA.
+
The NSS handles call switching and mobility management functions for mobile roaming, such as authentication.
 +
The components that form the NSS are owned and managed by mobile operators and allow mobile devices to communicate with each other and with other telephones in the public switched telephone network<ref>Wikipedia contributors. ”Network switching subsystem”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_and_Switching_Subsystem.</ref>.
  
 +
===Authentication Center (AuC)===
  
===The UM interface===
+
The Authentication Center is a database that authenticates each SIM card that tries to connect to the GSM core network.
 +
As soon the the SIM is authenticated, the HLR takes over and manages the SIM and its services.
 +
Each authentication involves an encryption key used to secure all the wireless communications between the mobile station and the core network<ref> Wikipedia contributors. ”Network switching subsystem - AuC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Authentication_center_.28AuC.29</ref>.
 +
 
 +
===Home Location Register (HLR)===
 +
 
 +
The HLR is a database that stores and manages all the subscribers of any given mobile operator, by holding all the details of every SIM card issues by that operator<ref> Wikipedia contributors. ”Network switching subsystem - HLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Home_location_register_.28HLR.29</ref>.
 +
The SIM card stores the IMSI, the shared secret authentication key and an integrated circuit card identifier (ICCID).
 +
Another identification data is represented by the MSISDN, which is the the phone number associated to a SIM card.
 +
 
 +
===Mobile Switching Center (MSC)===
 +
 
 +
The MSC is a central component of the NSS and is the main service delivery point for GSM.
 +
It responsible for routing voice calls and SMS, performs registration, authentication, handover and updates the location of a mobile station.
 +
The MSC also performs signalling, conference calls and generates billing information<ref>Wikipedia contributors. ”Network switching subsystem - MSC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Mobile_switching_center_.28MSC.29.</ref>.
 +
 
 +
===Visitor Location Register (VLR)===
 +
 
 +
The VLR is a database of subscribers authenticated to its corresponding MSC.
 +
Most of the times, the VLR is part of the MSC and receives subscriber data from the HLR, or from the mobile station.
 +
 
 +
Whenever a mobile station enters the area served by a particular MSC, its VLR will request identification data from the HLR about the subscriber<ref> Wikipedia contributors. ”Network switching subsystem - VLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Visitor_location_register_.28VLR.29.</ref>.
 +
 
 +
===Equipment Identity Register (EIR)===
 +
 
 +
The EIR is a database containing lists of IMEI numbers of mobile stations that have been reported stolen, unauthorized or defective.
 +
These IMEIs are either banned from the mobile network or monitored.
 +
The EIR is typically integrated in the HLR<ref>Wikipedia contributors. ”Network switching subsystem - EIR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Equipment_identity_register_.28EIR.29.</ref>.
 +
 
 +
==Operations Support System (OSS)==
 +
 
 +
The OSS includes those operations that handle support management functions such as:
 +
 
 +
* network management systems
 +
* service delivery
 +
* service fulfilment – network inventory,activation and provisioning
 +
* service assurance
 +
* customer care
 +
 
 +
OSS enables mobile operators to analyze, monitor and control their mobile networks.
 +
It offers operators a centralized and automated network overview<ref> Wikipedia contributors. ”Operations support system”. Wikipedia, The Free Encyclopedia, 2014 Jul 08, 23:19 UTC [cited 2014 Jul 14]. Available from: http://en.wikipedia.org/wiki/Operations_support_system</ref>.
 +
 
 +
==GPRS==
 +
 
 +
General Packet Radio Service (GPRS) is a packet oriented mobile data service. The core network is based on Internet Protocol (IP) so it can communicate through the internet to any other LAN network or the Internet Software providers.
 +
 
 +
The GPRS core network allows mobile networks to transmit IP packets to external networks (e.g. the Internet).
 +
GPRS components are a part of the GSM network switching subsystem<ref>Wikipedia contributors. ”General Packet Radio Service”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/GPRS.</ref>.
 +
 
 +
The components of a classic GPRS network consist of:
 +
 
 +
* a BTS
 +
* a BSC
 +
* a Serving GPRS Support Node (SGSN) that manages the sessions between the mobile station and the network
 +
* a Gateway GPRS Support Node (GGSN) that manages the IP addresses to GPRS sessions
 +
 
 +
The diagram below explains the general architecture of the classic GPRS data service versus the GPRS implemented in the Unified Core Network<sup>TM</sup>:
 +
 
 +
[[File:Classic gprs vs yate gprs.png]]
 +
 
 +
===GPRS services===
 +
 
 +
GPRS perform the following services:
 +
 
 +
* SMS messaging and broadcasting
 +
* continuous Internet access
 +
* Multimedia messaging service (MMS)
 +
* Push to talk over cellular (PoC)
 +
* instant messaging and presence-wireless village
 +
* Internet applications for smart devices through wireless application protocol (WAP)
 +
* Point-to-point (P2P) service: inter-networking with the Internet (IP)
 +
* Point-to-Multipoint (P2M) service: point-to-multipoint multicast and point-to-multipoint group calls
 +
 
 +
If SMS over GPRS is used, an SMS transmission speed of about 30 SMS messages per minute may be achieved.
 +
This is much faster than using the ordinary SMS over GSM, whose SMS transmission speed is about 6 to 10 SMS messages per minute<ref>Wikipedia contributors. ”General Packet Radio Service - Services offered”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Services_offered.</ref>.
 +
 
 +
===GPRS Supported Protocols===
 +
 
 +
GPRS supports the following protocols<ref>Wikipedia contributors. ”General Packet Radio Service - Protocols supported”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Protocols_supported.</ref>:
 +
 
 +
* Point-to-point protocol (PPP):
 +
When the mobile phone is used as a modem for a connected computer, the PPP tunnels the IP to the phone.
 +
This allows an IP address to be assigned dynamically (IPCP not DHCP) to the mobile equipment.
 +
* X.25 connections:
 +
This protocol is typically used for applications like wireless payment terminals, although it has been removed from the standard.
 +
X.25 can still be supported over PPP, or even over IP, but doing this requires either a network-based router to perform encapsulation or intelligence built into the end-device/terminal; e.g., user equipment (UE).
 +
* When TCP/IP is used, each phone can have one or more IP addresses allocated.
 +
GPRS will store and forward the IP packets to the phone even during handover. The TCP handles any packet loss (e.g. due to a radio noise induced pause).
 +
 
 +
=== Mobile Devices ===
 +
 
 +
Devices supporting GPRS are divided into three classes<ref>Wikipedia contributors. ”General Packet Radio Service - Hardware”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Hardware.</ref>:
 +
* Class A – can be connected to GPRS service and GSM service (voice, SMS), using both at the same time.
 +
Such devices are known to be available today.
 +
* Class B – Can be connected to GPRS service and GSM service (voice, SMS), but using only one or the other at a given time.
 +
During GSM service (voice call or SMS), GPRS service is suspended, and then resumed automatically after the GSM service (voice call or SMS) has concluded.
 +
The majority of GPRS mobile devices are Class B.
 +
* Class C – Are connected to either GPRS service or GSM service (voice, SMS).
 +
Must be switched manually between one and the other service.
 +
 
 +
=== APN ===
 +
 
 +
GPRS connection establishment is performed via an APN (access point name).
 +
The APN handles WAP access, SMSs, MMSs, as well as email and web access.
 +
 
 +
In order to set up a GPRS connection for a wireless modem, a user must specify an APN, optionally a user name and password, and an IP address, all provided by the network operator<ref>Wikipedia contributors. ”General Packet Radio Service - Addressing”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Addressing.</ref>.
 +
 
 +
=== Upload and Download Speed ===
 +
 
 +
The factors conditioning the upload and download speeds are<ref>Wikipedia contributors. ”General Packet Radio Service - Coding schemes and speeds”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Coding_schemes_and_speeds.</ref>:
 +
* the number of base station TDMA time slots assigned by the operator
 +
* the channel encoding
 +
* the maximum capability of the mobile device defined as a GPRS multislot class
 +
 
 +
==== Multiple Access Schemes ====
 +
 
 +
GPRS uses frequency division duplex (FDD) and TDMA as access methods.
 +
During a session, a user is assigned to one pair of uplink and downlink frequency channels, which, combined with time domain statistical multiplexing, allows more subscribers to share the same channel.
 +
 
 +
The packets have a constant length, corresponding to a GSM time slot.
 +
The downlink uses first-come first-served packet scheduling, while the uplink uses a reservation scheme that requires colliding data to be retransmitted later<ref>Wikipedia contributors. ”General Packet Radio Service - Coding schemes and speeds”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Multiple_access_schemes</ref>.
 +
 
 +
==UM interface==
 
    
 
    
The Um interface is the air interface for the GSM mobile telephone standard. It is the interface between the mobile station (MS) and the Base transceiver station (BTS). It is called Um because it is the mobile analog to the U interface of ISDN. Um is defined in the GSM 04.xx and 05.xx series of specifications. Um can also support GPRS packet-oriented communication.
+
The Um interface is the GSM specific air interface between the mobile station and the BTS.  
The layers of GSM are initially defined in GSM 04.01 Section 7 and roughly follow the OSI model. Um is defined in the lower three layers of the model.
+
It bares this name because it is the mobile analog to the U interface of ISDN.  
 +
Um also supports GPRS packet-oriented data<ref>Wikipedia contributors. ”Um interface”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 14]. Available from:http://en.wikipedia.org/wiki/Um_interface.</ref>.
  
 +
As established in the GSM 04.01, Section 7 specifications, the Um interface is defined in the lower three layers of GSM:
  
===Um Logical Channels===
+
* the physical layer (L1)
 
+
* the data link layer (L2)
Um logical channel types are outlined in GSM 04.03. Broadly speaking, non-GPRS Um logical channels fall into three categories:  
+
* the network layer (L3)
 +
 
 +
=== Um Logical Channels ===
 +
 
 +
As established in the GSM 04.03 specifications, the non-GPRS Um logical channels belong to thee categories:
 
    
 
    
- traffic channels
+
* Traffic Channels (TCH)
- dedicated control channels 
+
* Dedicated Control Channels (DCCHs)
- non-dedicated(common) control channels
+
* Common Control Channels (CCCHs)
  
 
The following diagram shows the main channel categories.  
 
The following diagram shows the main channel categories.  
Line 62: Line 287:
 
[[File:UmLogical.png]]
 
[[File:UmLogical.png]]
  
 +
==== Traffic channels (TCH) ====
  
===Traffic channels===
+
Traffic channels correspond to the ISDN B channel and are known as the Bm channels.
 
+
They use 8-burst(Break) diagonal interleaving with a new block starting on every fourth burst and any given burst containing bits from two different traffic frames.
These point-to-point channels correspond to the ISDN B channel and are referred to as Bm channels.Traffic channels use 8-burst(Break) diagonal interleaving with a new block starting on every fourth burst and any given burst containing bits from two different traffic frames.This interleaving pattern makes the TCH robust against single-burst fades since the loss of a single burst destroys only 1/8 of the frame's channel bits. The coding of a traffic channel is dependent on the traffic or vocoder type employed, with most coders capable of overcoming single-burst losses. All traffic channels use a 26-multiframe TDMA structure.
+
 
+
 
+
  
 +
<!-- This interleaving pattern makes the TCH robust against single-burst fades since the loss of a single burst destroys only 1/8 of the frame's channel bits. -->
 +
The coding of a traffic channel is dependent on the traffic or vocoder type employed, with most coders capable of overcoming single-burst losses.
 +
All traffic channels use a 26-multiframe TDMA structure<ref> Wikipedia contributors. ”Um interface - Traffic channels (TCH)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http://en.wikipedia.org/wiki/Um_interface#Traffic_channels_.28TCH.29.</ref>.
  
 
'''Full-rate channels (TCH/F)'''
 
'''Full-rate channels (TCH/F)'''
Line 76: Line 302:
 
This channel is normally used with the GSM 06.10 Full Rate, GSM 06.60 Enhanced Full Rate or GSM 06.90 Adaptive Multi-Rate speech codec.  
 
This channel is normally used with the GSM 06.10 Full Rate, GSM 06.60 Enhanced Full Rate or GSM 06.90 Adaptive Multi-Rate speech codec.  
 
It can also be used for fax and Circuit Switched Data.
 
It can also be used for fax and Circuit Switched Data.
 
 
  
 
'''Half-rate channels (TCH/H)'''
 
'''Half-rate channels (TCH/H)'''
Line 85: Line 309:
 
This channel is normally used with the GSM 06.20 Half Rate or GSM 06.90 Adaptive Multi-Rate speech codec.
 
This channel is normally used with the GSM 06.20 Half Rate or GSM 06.90 Adaptive Multi-Rate speech codec.
  
 +
==== Dedicated Control Channels (DCCHs) ====
  
 
+
The Dedicated Control Channels correspond to the ISDN D channel and are known as the Dm channels<ref>Wikipedia contributors. ”Um interface - Dedicated Control Channels (DCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http: //en.wikipedia.org/wiki/Um_interface#Dedicated_Control_Channels_.28DCCHs.29.</ref>.
===Dedicated Control Channels (DCCHs)===
+
 
+
These point-to-point channels correspond to the ISDN D channel and are referred to as Dm channels.\\
+
 
+
 
+
  
 
'''Standalone Dedicated Control Channel (SDCCH)'''
 
'''Standalone Dedicated Control Channel (SDCCH)'''
Line 98: Line 318:
 
It has a payload data rate of 0.8 kbit/s.
 
It has a payload data rate of 0.8 kbit/s.
 
Up to eight SDCCHs can be time-multiplexed onto a single physical channel.
 
Up to eight SDCCHs can be time-multiplexed onto a single physical channel.
The SDCCH uses 4-burst block interleaving in a 51-multiframe.\\
+
The SDCCH uses 4-burst block interleaving in a 51-multiframe.
 
+
 
+
  
 
'''Fast Associated Control Channel (FACCH)'''
 
'''Fast Associated Control Channel (FACCH)'''
  
The FACCH is always paired with a traffic channel.  
+
The FACCH is always paired with a traffic channel. The FACCH is a blank-and-burst channel that operates by stealing bursts from its associated traffic channel. Bursts that carry FACCH data are distinguished from traffic bursts by stealing bits at each end of the midamble. The FACCH is used for in-call signalling, including call disconnect, handover and the later stages of call setup. It has a payload data rate of 9.2 kbit/s when paired with a full-rate channel (FACCH/F) and 4.6 kbit/s when paired with a half-rate channel (FACCH/H). The FACCH uses the same interleaving and multiframe structure as its host TCH.
The FACCH is a blank-and-burst channel that operates by stealing bursts from its associated traffic channel.
+
Bursts that carry FACCH data are distinguished from traffic bursts by stealing bits at each end of the midamble.
+
The FACCH is used for in-call signaling, including call disconnect, handover and the later stages of call setup.
+
It has a payload data rate of 9.2 kbit/s when paired with a full-rate channel (FACCH/F) and 4.6 kbit/s when paired with a half-rate channel (FACCH/H).
+
The FACCH uses the same interleaving and multiframe structure as its host TCH.\\
+
 
+
 
+
 
+
  
 
'''Slow Associated Control Channel (SACCH)'''
 
'''Slow Associated Control Channel (SACCH)'''
Line 124: Line 334:
 
The SACCH uses 4-burst block interleaving and the same multiframe type as its host TCH or SDCCH.
 
The SACCH uses 4-burst block interleaving and the same multiframe type as its host TCH or SDCCH.
  
 +
==== Common Control Channels (CCCHs) ====
  
 
+
The Common Control Channels are unicast and broadcast channels that do not a correspondent in ISDN.
===Common Control Channels (CCCHs)===
+
They are used almost exclusively for radio resource management.
 
+
The AGCH and RACH together form the medium access mechanism for Um<ref>Wikipedia contributors. ”Um interface - Common Control Channels (CCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from: http: //en.wikipedia.org/wiki/Um_interface#Common_Control_Channels_.28CCCHs.29.</ref>.
 
+
These are unicast and broadcast channels that do not have analogs in ISDN.
+
These channels are used almost exclusively for radio resource management.
+
The AGCH and RACH together form the medium access mechanism for Um.
+
 
+
 
+
  
 
'''Broadcast Control Channel (BCCH)'''
 
'''Broadcast Control Channel (BCCH)'''
Line 139: Line 344:
 
The BCCH carries a repeating pattern of system information messages that describe the identity, configuration and available features of the BTS.
 
The BCCH carries a repeating pattern of system information messages that describe the identity, configuration and available features of the BTS.
 
BCCH brings the measurement reports it bring the information about LAI And CGI BCCH frequency are fixed in BTS.
 
BCCH brings the measurement reports it bring the information about LAI And CGI BCCH frequency are fixed in BTS.
 
 
  
 
'''Synchronization Channel (SCH)'''
 
'''Synchronization Channel (SCH)'''
Line 147: Line 350:
 
SCH repeats on every 1st, 11th, 21st, 31st and 41st frames of the 51 frame multi frame.
 
SCH repeats on every 1st, 11th, 21st, 31st and 41st frames of the 51 frame multi frame.
 
So there are 5 SCH frames in a 51 frame multiframe.
 
So there are 5 SCH frames in a 51 frame multiframe.
 
 
  
 
'''Frequency Correction Channel (FCCH)'''
 
'''Frequency Correction Channel (FCCH)'''
Line 155: Line 356:
 
FCCH will repeat on every 0th, 10th, 20th, 30th and 40th frames of the 51 frame multiframe.  
 
FCCH will repeat on every 0th, 10th, 20th, 30th and 40th frames of the 51 frame multiframe.  
 
So there are 5 FCCH frames in a 51 frame multiframe.
 
So there are 5 FCCH frames in a 51 frame multiframe.
 
 
  
 
'''Paging Channel (PCH)'''
 
'''Paging Channel (PCH)'''
Line 162: Line 361:
 
The PCH carries service notifications (pages) to specific mobiles sent by the network.  
 
The PCH carries service notifications (pages) to specific mobiles sent by the network.  
 
A mobile station that is camped to a BTS monitors the PCH for these notifications sent by the network.
 
A mobile station that is camped to a BTS monitors the PCH for these notifications sent by the network.
 
 
  
 
'''Access Grant Channel (AGCH)'''
 
'''Access Grant Channel (AGCH)'''
  
 
The AGCH carries BTS responses to channel requests sent by mobile stations via the Random Access Channel.
 
The AGCH carries BTS responses to channel requests sent by mobile stations via the Random Access Channel.
 
 
  
 
'''Random Access Channel (RACH)'''
 
'''Random Access Channel (RACH)'''
Line 175: Line 370:
 
The RACH is the uplink counterpart to the AGCH. The RACH is a shared channel on which the mobile stations transmit random access bursts to request channel assignments from the BTS.
 
The RACH is the uplink counterpart to the AGCH. The RACH is a shared channel on which the mobile stations transmit random access bursts to request channel assignments from the BTS.
  
 
+
<!-- ==Channel Combinations== -->
===Channel Combinations===
+
==== Allowed channel combinations ====
 
+
 
+
Allowed channel combinations
+
  
 
The multiplexing rules of GSM 05.02 allow only certain items of logical channels to share a physical channel.  
 
The multiplexing rules of GSM 05.02 allow only certain items of logical channels to share a physical channel.  
 
The allowed items for single-slot systems are listed in GSM 05.02 Section 6.4.1.  
 
The allowed items for single-slot systems are listed in GSM 05.02 Section 6.4.1.  
 
Additionally, only certain of these items are allowed on certain timeslots or carriers and only certain sets of items can coexist in a given BTS.  
 
Additionally, only certain of these items are allowed on certain timeslots or carriers and only certain sets of items can coexist in a given BTS.  
These restrictions are intended to exclude non-sensical BTS configurations and are described in GSM 05.02 Section 6.5.
 
  
 +
The most common combinations are<ref>Wikipedia contributors. ”Um interface - Allowed channel combinations”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from: http://en.wikipedia.org/wiki/Um_interface#Allowed_channel_combinations.</ref>:
  
The most common combinations are:
+
* '''C-I''': TCH/F + FACCH/F + SACCH – This combination is used for full rate traffic. It can be used anywhere but C0T0.
 +
* '''C-II''': TCH/H + FACCH/H + SACCH – This combination is used for half rate traffic when only one channel is needed. It can be used anywhere but C0T0.
 +
* '''C-III''': 2 TCH/H + 2 FACCH/H + 2 SACCH – This combination is used for half rate traffic. It can be used anywhere but C0T0.
 +
* '''C-IV''': FCCH + SCH + BCCH + CCCH – This is the standard C0T0 combination for medium and large cells. It can be used only on C0T0.
 +
* '''C-V''': FCCH + SCH + BCCH + CCCH + 4 SDCCH + 2 SACCH – This is the typical C0T0 combination for small cells, which allows the BTS to trade unnecessary CCCH capacity for a pool of 4 SDCCHs. (5x1)+(5x1)+(1x4)+(3x4)+(4x4)+(2x4)+1idle= 51 frame multiframe. It can be used only on C0T0.
 +
* '''C-VI''': BCCH + CCCH – This combination is used to provide additional CCCH capacity in large cells. It can be used on C0T2, C0T4 or C0T6.
 +
* '''C-VII''': 8 SDCCH + 4 SACCH.[(8x4)+(4x4)+3idle=51frame multiframe] – This combination is used to provide additional SDCCH capacity in medium and large cells. It can be used anywhere but C0T0.
 +
   
 +
'''YateBTS supports the C-I, C-V, and C-VII channel combinations.'''
  
 
+
=== YateBTS Channel Configurations ===
- TCH/F + FACCH/F + SACCH  - This combination is used for full rate traffic. It can be used anywhere but C0T0.
+
- TCH/H + FACCH/H + SACCH  - This combination is used for half rate traffic when only one channel is needed. It can be used anywhere but C0T0.
+
- 2 TCH/H + 2 FACCH/H + 2 SACCH  - This combination is used for half rate traffic. It can be used anywhere but C0T0.
+
- FCCH + SCH + BCCH + CCCH  - This is the standard C0T0 combination for medium and large cells. It can be used only on C0T0.
+
- FCCH + SCH + BCCH + CCCH + 4 SDCCH + 2 SACCH  -
+
This is the typical C0T0 combination for small cells, which allows the BTS to trade unnecessary CCCH capacity for a pool of 4 SDCCHs.    (5x1)+(5x1)+(1x4)+(3x4)+(4x4)+(2x4)+1idle= 51 frame multiframe. It can be used only on C0T0.
+
- BCCH + CCCH - This combination is used to provide additional CCCH capacity in large cells. It can be used on C0T2, C0T4 or C0T6.
+
- 8 SDCCH + 4 SACCH.[(8x4)+(4x4)+3idle=51frame multiframe] - This combination is used to provide additional SDCCH capacity in medium and large cells. It can be used anywhere but C0T0.
+
   
+
'''YateBTS supports the I, IV, and VI channel combinations'''
+
 
      
 
      
 +
Typical YateBTS channel configurations for 1-TRX and 2-TRX are illustrated in the diagram below.
  
'''A typical subset configuration of the logical channel is presented in the following diagram.'''
+
[[File:Channel configuration.png]]
 
+
[[File:GSMLayers.png]]
+
  
 
==Fundamental Um Transactions==
 
==Fundamental Um Transactions==
  
 +
Basic speech service in GSM requires five transactions:
  
'''Basic speech service in GSM requires five transactions:'''
+
* radio channel establishment
- radio channel establishment
+
* location update
- location update
+
* mobile-originating call establishment
- mobile-originating call establishment
+
* mobile-terminating call establishment  
- mobile-terminating call establishment  
+
* call clearing
- call clearing
+
 
    
 
    
All of these transactions are described in GSM 04.08 Sections 3-7.
+
<!-- All of these transactions are described in GSM 04.08 Sections 3-7.-->
 
+
 
+
 
===Radio channel establishment===
 
===Radio channel establishment===
  
 
 
 
Unlike ISDN's U channel, Um channels are not hard-wired, so the Um interface requires a mechanism for establishing and assigning a dedicated channel prior to any other transaction.
 
Unlike ISDN's U channel, Um channels are not hard-wired, so the Um interface requires a mechanism for establishing and assigning a dedicated channel prior to any other transaction.
 
The Um radio resource establishment procedure is defined in GSM 04.08 Section 3.3 and this is the basic medium access procedure for Um.
 
The Um radio resource establishment procedure is defined in GSM 04.08 Section 3.3 and this is the basic medium access procedure for Um.
 
This procedure uses the CCCH (PCH and AGCH) as a unicast downlink and the RACH as a shared uplink.  
 
This procedure uses the CCCH (PCH and AGCH) as a unicast downlink and the RACH as a shared uplink.  
 +
In the simplest form, the steps of the transaction are:
  
'''In the simplest form, the steps of the transaction are:'''
+
* Paging – The network sends a RR Paging Request message (GSM 04.08 Sections 9.1.22-9.1.23) over the PCH, using the subscriber's IMSI or TMSI as an address.
 +
GSM does not allow paging by IMEI (GSM 04.08 Section 10.5.1.4).
 +
This paging step occurs only for a transaction initiated by the network.
 +
* Random Access – The mobile station sends a burst on the RACH. This burst encodes an 8-bit transaction tag and the BSIC of the serving BTS.
 +
A variable number of most-significant bits in the tag encode the reason for the access request, with the remaining bits chosen randomly.
 +
In L3, this tag is presented as the RR Channel Request message (GSM 04.08 9.1.8). The mobile also records the TDMA clock state at the time the RACH burst is transmitted.
 +
In cases where the transaction is initiated by the MS, this is first step.   
 +
* Assignment – On the AGCH, the network sends the RR Immediate Assignment message (GSM 04.08 Section 9.1.18) for a dedicated channel, usually an SDCCH.
 +
This message is addressed to the MS by inclusion of the 8-bit tag from the corresponding RACH burst and a time-stamp indicating the TDMA clock state when the RACH burst was received. 
 +
If no dedicated channel is available for assignment, the BTS can instead respond with the RR Immediate Assignment Reject message, which is similarly addressed and contains a hold-off time for the next access attempt.
 +
Emergency callers receiving the reject message are not subject to the hold-off and may retry immediately.   
 +
* Retry – If the RACH burst of step 2 is not answered with an assignment or assignment reject in step 3 within a given timeout period ,usually on the order of 0.5 second, the handset will repeat step 2 after a small random delay. This cycle may be repeated 6-8 times before the MS aborts the access attempt.
  
 +
Note that there is a small but non-zero probability that two MSs send identical RACH bursts at the same time in step 2.
 +
If these RACH bursts arrive at the BTS with comparable power, the resulting sum of radio signals will not be demodulable and both MSs will move to step 4.
 +
However, if there is a sufficient difference in power, the BTS will see and answer the more powerful RACH burst.
 +
Both MSs will receive and respond to the resulting channel assignment in step 3.
 +
To ensure recovery from this condition, Um uses a "contention resolution procedure" in L2, described in GSM 04.06 5.4.1.4 in which the first L3 message frame from the MS, which always contains some form of mobile ID, is echoed back to the MS for verification<ref>Wikipedia contributors. ”Um interface - Radio channel establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Radio_channel_establishment.</ref>.
  
- Paging. The network sends a RR Paging Request message (GSM 04.08 Sections 9.1.22-9.1.23) over the PCH, using the subscriber's IMSI or TMSI as an address.
+
=== Location update ===
  GSM does not allow paging by IMEI (GSM 04.08 Section 10.5.1.4). This paging step occurs only for a transaction initiated by the network.
+
- Random Access. The mobile station sends a burst on the RACH. This burst encodes an 8-bit transaction tag and the BSIC of the serving BTS.
+
  A variable number of most-significant bits in the tag encode the reason for the access request, with the remaining bits chosen randomly.
+
  In L3, this tag is presented as the RR Channel Request message (GSM 04.08 9.1.8). The mobile also records the TDMA clock state at the time the RACH burst is transmitted.
+
  In cases where the transaction is initiated by the MS, this is first step.
+
   
+
- Assignment. On the AGCH, the network sends the RR Immediate Assignment message (GSM 04.08 Section 9.1.18) for a dedicated channel, usually an SDCCH.
+
  This message is addressed to the MS by inclusion of the 8-bit tag from the corresponding RACH burst and a time-stamp indicating the TDMA clock state when the RACH burst was received. 
+
  If no dedicated channel is available for assignment, the BTS can instead respond with the RR Immediate Assignment Reject message,
+
  which is similarly addressed and contains a hold-off time for the next access attempt.
+
  Emergency callers receiving the reject message are not subject to the hold-off and may retry immediately.
+
     
+
- Retry. If the RACH burst of step 2 is not answered with an assignment or assignment reject in step 3 within a given timeout period ,usually on the order of 0.5 second,
+
  the handset will repeat step 2 after a small random delay. This cycle may be repeated 6-8 times before the MS aborts the access attempt.
+
  
 +
<!-- The location updating procedure is defined in GSM 04.08 Sections 4.4.1 and 7.3.1. -->
 +
This procedure normally is performed when the MS powers up or enters a new Location area but may also be performed at other times as described in the specifications.
 +
In its minimal form, the steps of the transaction are<ref>Wikipedia contributors. ”Um interface - Location updating”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Location_updating.</ref>:
  
Note that there is a small but non-zero probability that two MSs send identical RACH bursts at the same time in step 2.If these RACH bursts arrive at the BTS with comparable power, the resulting sum of radio signals will not be demodulable and both MSs will move to step 4. However, if there is a sufficient difference in power, the BTS will see and answer the more powerful RACH burst. Both MSs will receive and respond to the resulting channel assignment in step 3. To ensure recovery from this condition, Um uses a "contention resolution procedure" in L2, described in GSM 04.06 5.4.1.4 in which the first L3 message frame from the MS, which always contains some form of mobile ID, is echoed back to the MS for verification.
+
* The MS and the base station perform the radio channel establishment procedure.
 
+
* On the newly established dedicated channel, the MS sends the MM Location Updating Request message containing either an IMSI or TMSI. The message also implies connection establishment in the MM sublayer.
 
+
* The network verifies the mobile identity in the HLR or VLR and responds with the Location Updating Accept message.
===Location updating===
+
* The network closes the Dm channel by sending the Channel Release message.
 
+
The location updating procedure is defined in GSM 04.08 Sections 4.4.1 and 7.3.1. This procedure normally is performed when the MS powers up or enters a new Location area but may also be
+
performed at other times as described in the specifications. In its minimal form, the steps of the transaction are:
+
 
+
-  The MS and BTS perform the radio channel establishment procedure.
+
On the newly established dedicated channel, the MS sends the MM Location Updating Request message containing either an IMSI or TMSI. The message also implies connection establishment in the MM sublayer.
+
The network verifies the mobile identity in the HLR or VLR and responds with the MM Location Updating Accept message.
+
The network closes the Dm channel by sending the RR Channel Release message.
+
  
 
There are many possible elaborations on this transaction, including:
 
There are many possible elaborations on this transaction, including:
  
authentication
+
* authentication
ciphering
+
* ciphering
TMSI assignment
+
* TMSI assignment
queries for other identity types
+
* queries for other identity types
location updating reject
+
* location updating reject
 
+
===Mobile-Originating Call (MOC) establishment===
+
 
+
 
+
 
+
This is the transaction for an outgoing call from the MS, defined in GSM 04.08 Sections 5.2.1 and 7.3.2 but taken largely from ISDN Q.931.
+
In its simplest form, the steps of the transaction are:
+
  
- The MS initiates the radio channel establishment procedure and is assigned to a Dm channel, usually an SDCCH.
+
=== Mobile-Originating Call (MO) establishment ===
    This establishes the connection in the L3 RR sublayer. The first message sent on the new Dm is the MM Connection Mode service Request, sent by the MS.
+
    This message contains a subscriber ID (IMSI or TMSI) and a description of the requested service, in this case MOC.
+
-  The network verifies the subscriber's provisioning in the HLR and responds with the MM Connection Mode Service Accept message.
+
    This establishes the connection in the L3 MM sublayer. (This is a simplification. In most networks MM establishment is performed with authentication and ciphering transactions at this point.)
+
-  The MS sends the CC Setup message, which contains the called party number.
+
-  Assuming the called party number is valid, network response with the CC Call Proceeding message.
+
-  The network sends an RR Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
+
-  Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message.
+
    From this point on, all control transactions are on the FACCH.
+
-  When alerting is verified at the called destination, the network sends the CC Alerting message.
+
-  When the called party answers, the network sends the CC Connect message.
+
-  The MS response with the CC Connect Acknowledge message. At this point, the call is active.
+
  
'''The TCH+FACCH assignment can occur at any time during the transaction, depending on the configuration of the network.'''
+
<!-- ==== Channel Assignment Types for Speech Calls ==== -->
  
There are three common approaches:
+
<!-- This is the transaction for an outgoing call from the MS, defined in GSM 04.08 Sections 5.2.1 and 7.3.2 but taken largely from ISDN Q.931. -->
 +
In its simplest form, the steps of the transaction are<ref>Wikipedia contributors. ”Um interface - Mobile-originating call (MOC) establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Originating_Call_.28MOC.29_establishment.</ref>:
  
 +
* The MS initiates the radio channel establishment procedure and is assigned to a Dm channel, usually an SDCCH.
 +
This establishes the connection in the L3 RR sublayer.
 +
The MS will then send a Connection Mode service request containing the subscriber ID (the IMSI or TMSI) and a description of the service it requests (the MO in this case).
 +
* The MSC will verify in the HLR the subscriber's provisioning and will reply with an Accept message.
 +
Therefore, a connection in the L3 MM sublayer is established.
 +
* The MS sends the Setup message, which includes the called party number.
 +
* If the called party is correct, the core network will reply with a Call Proceeding message.
 +
* The network sends an Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
 +
* Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with an Assignment Complete message.
 +
This is the point when the FACCH takes over all control transactions.
 +
* The core network sends the Alerting message when the called party alerting has been verified.
 +
* When the called party answers, the network sends the Connect message.
 +
* The MS replies with the Connect Acknowledge message and the call becomes active.
  
-  Early Assignment. The network assigns the TCH+FACCH after sending CC Call Proceeding and completes call setup on the FACCH. This allows the use of in-band patterns ,
+
The TCH+FACCH assignment can occur at any time during the transaction, depending on the assignment type used by the network.
    like the ringing or busy patterns, generated by the network.
+
-  Late Assignment. The network does not assign the TCH+FACCH until after alerting has started. This forces the MS itself to generate the patterns locally since the TCH does not yet exist to carry the sound.
+
-  Very Early Assignment. The network makes an immediate assignment to the TCH+FACCH in the initial RR establishment and performs the entire transaction on the FACCH.
+
The SDCCH is not used. Because immediate assignment starts the FACCH in a signaling-only mode, the network must send the RR Channel Mode Modify message at some point to enable the TCH part of the channel.
+
  
 +
There are three defined approaches to channel assignment for speech calls:
  
===Mobile-Terminating Call (MTC) establishment===
+
* Early Assignment – The network starts the call on the SDCCH and assigns the TCH+FACCH after sending CC Call Proceeding. Call setup then completes on the FACCH. This allows the use of in-band patterns, like the ringing or busy patterns, generated by the network.
 +
* Late Assignment – The network starts the call on the SDCCH and does not assign the TCH+FACCH until after alerting has started. This forces the MS itself to generate the patterns locally since the TCH does not yet exist to carry the sound.
 +
* Very Early Assignment – The network makes an immediate assignment to the TCH+FACCH in the initial RR establishment and performs the entire transaction on the FACCH. The SDCCH is not used. Because immediate assignment starts the FACCH in a signalling-only mode, the network must send the RR Channel Mode Modify message at some point to enable the TCH part of the channel. This approach gives faster call establishment and is slightly more reliable since it does not require a channel change in the middle of the call setup operation.
  
 +
As of release 2.0, YateBTS supports only Very Early Assignment.
  
'''This is the transaction for an incoming call to the MS, defined in GSM 04.08 Sections 5.2.2 and 7.3.3, but taken largely from ISDN Q.931.'''
+
===Mobile-Terminating Call (MT) establishment===
  
 +
<!-- This is the transaction for an incoming call to the MS, defined in GSM 04.08 Sections 5.2.2 and 7.3.3, but taken largely from ISDN Q.931. -->
 +
Below are the main steps in performing an MT call<ref>Wikipedia contributors. ”Um interface - Mobile-terminating call (MTC) establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Terminating_Call_.28MTC.29_establishment.</ref>:
  
The network initiates the radio channel establishment procedure and assigns the MS to a Dm channel, usually an SDCCH. This establishes the connection in the L3 RR sublayer.
+
* The network initiates the radio channel establishment procedure and assigns the MS to a Dm channel, an SDCCH or FACCH depending on the assignment type. This establishes the connection in the L3 RR sublayer.
The MS sends the first message on the new Dm, which is the RR Paging Response message. This message contains a mobile identity (IMSI or TMSI) and also implies a connection attempt in the MM sublayer.
+
* The MS sends the Paging Response message on the new Dm. This message contains a mobile identity (IMSI or TMSI) and also implies a connection attempt in the MM sublayer.
The network verifies the subscriber in the HLR and verifies that the MS was indeed paged for service.  
+
* The MSC checks the subscriber in the HLR and verifies that the MS was indeed paged for service. The network can initiate authentication and ciphering at this point, but in the simplest case the network can just send the Setup message to initiate call control.
    The network can initiate authentication and ciphering at this point, but in the simplest case the network can just send the CC Setup message to  
+
* The MS responds with Call Confirmed.
    initiate Q.931-style call control.
+
* The network sends an Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
The MS responds with CC Call Confirmed.
+
* Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message. From this point on, all control transactions are on the FACCH.
The network sends an RR Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
+
* The MS starts alerting the subscriber of the call and sends the Alerting message to the network.
Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message.  
+
* When the subscriber answers, the MS sends the Connect message to the network.
From this point on, all control transactions are on the FACCH.
+
* The network response with the Connect Acknowledge message and the call becomes active.
The MS starts alerting (ringing, etc.) and sends the CC Alerting message to the network.
+
When the subscriber answers, the MS sends the CC Connect message to the network.
+
The network response with the CC Connect Acknowledge message. At this point, the call is active.
+
  
As in the MOC, the TCH+FACCH assignment can happen at any time, with the three common techniques being early, late and very early assignment.
+
As in the MO, the TCH+FACCH assignment can happen at any time, with the three common techniques being early, late and very early assignment.
  
 
===Call clearing===
 
===Call clearing===
 +
<!-- The transaction for clearing a call is defined in GSM 04.08 Sections 5.4 and 7.3.4. -->
 +
The call clearing transaction is the same whether initiated by the MS or the network, the only difference being a reversal of roles<ref>Wikipedia contributors. ”UM interface - Call clearing”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Call_clearing.</ref>:
  
The transaction for clearing a call is defined in GSM 04.08 Sections 5.4 and 7.3.4. This transaction is the same whether initiated by the MS or the network, the only difference being a reversal of roles. This transaction is taken from Q.931.
+
* Party A sends the CC Disconnect message.
 
+
* Party B responds with the CC Release message.
Party A sends the CC Disconnect message.
+
* Party A responds with the CC Release Complete message.
Party B responds with the CC Release message.
+
* The network releases the RR connection with the RR Channel Release message. This message always comes from the network, regardless of which party initiated the clearing procedure.
Party A responds with the CC Release Complete message.
+
<!--
The network releases the RR connection with the RR Channel Release message. This always comes from the network, regardless of which party initiated the clearing procedure.
+
 
+
 
===SMS transfer on Um===
 
===SMS transfer on Um===
  
'''GSM 04.11 and 03.40 define SMS in five layers'''
+
GSM 04.11 and 03.40 define SMS in five layers<ref>http://en.wikipedia.org/wiki/Um_interface#Mobile-Originated_SMS_.28MO-SMS.29:
 +
* L1 is taken from the Dm channel type used, either SDCCH or SACCH. This layer terminates in the BSC.
 +
* L2 is normally LAPDm, although GPRS-attached devices may use Logical link control (LLC, GSM 04.64). In LAPDm SMS uses SAP3. This layer terminates in the BTS.
 +
* L3, the connection layer, defined in GSM 04.11 Section 5. This layer terminates in the MSC.
 +
* L4, the relay layer, defined in GSM 04.11 Section 6. This layer terminates in the MSC.
 +
* L5, the transfer layer, defined in GSM 03.40. This layer terminates in the SMSC.
  
 
+
As a general rule, every message transferred in L(n) requires both a transfer and an acknowledgment on L(n-1).  
-  L1 is taken from the Dm channel type used, either SDCCH or SACCH. This layer terminates in the BSC.
+
Only L1-L4 are visible on Um.-->
-  L2 is normally LAPDm, although GPRS-attached devices may use Logical link control (LLC, GSM 04.64). In LAPDm SMS uses SAP3. This layer terminates in the BTS.
+
-  L3, the connection layer, defined in GSM 04.11 Section 5. This layer terminates in the MSC.
+
-  L4, the relay layer, defined in GSM 04.11 Section 6. This layer terminates in the MSC.
+
-  L5, the transfer layer, defined in GSM 03.40. This layer terminates in the SMSC.
+
 
+
As a general rule, every message transferred in L(n) requires both a transfer and an acknowledgment on L(n-1). Only L1-L4 are visible on Um.
+
  
 
===Mobile-Originated SMS (MO-SMS)===
 
===Mobile-Originated SMS (MO-SMS)===
 
   
 
   
 +
<!-- The transaction steps for MO-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B. -->
 +
In the simplest case, error-free delivery outside of an established call, the transaction sequence is<ref>Wikipedia contributors. ”UM interface - Mobile-Originated SMS (MO-SMS)”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Originated_SMS_.28MO-SMS.29.</ref>:
  
The transaction steps for MO-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B.
+
* The MS establishes an SDCCH using the standard RR establishment procedure.
'''In the simplest case, error-free delivery outside of an established call, the transaction sequence is:'''
+
* The MS sends a CM Service Request.
 
+
* The MS initiates multiframe mode in SAP3 with the normal LAPDm SABM procedure.
The MS establishes an SDCCH using the standard RR establishment procedure.
+
* The MS sends a CP-DATA message (L3, GSM 04.11 Section 7.2.1), which carries an RP-DATA message (L4, GSM 04.11 Section 7.3.1) in its RPDU.
The MS sends a CM Service Request,
+
* The network responds with a CP-ACK message (L3, GSM 04.11 Section 7.2.2).
The MS initiates multiframe mode in SAP3 with the normal LAPDm SABM procedure.
+
* The network delivers the RPDU to the MSC.
The MS sends a CP-DATA message (L3, GSM 04.11 Section 7.2.1), which carries an RP-DATA message (L4, GSM 04.11 Section 7.3.1) in its RPDU.
+
* The MSC responds with an RP-ACK message (L4, GSM 04.11 Section 7.3.3).
The network responds with a CP-ACK message (L3, GSM 04.11 Section 7.2.2).
+
* The network sends a CP-DATA message to the MS, carrying the RP-ACK payload in its RPDU.
The network delivers the RPDU to the MSC.
+
* The MS responds with a CP-ACK message.
The MSC responds with an RP-ACK message (L4, GSM 04.11 Section 7.3.3).
+
* The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.
The network sends a CP-DATA message to the MS, carrying the RP-ACK payload in its RPDU.
+
The MS responds with a CP-ACK message.
+
The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.
+
 
+
  
 
===Mobile-Terminated SMS (MT-SMS)===
 
===Mobile-Terminated SMS (MT-SMS)===
  
 
The transaction steps for MT-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B.
 
The transaction steps for MT-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B.
 +
In the simplest case, error-free delivery outside of an established call, the transaction sequence is<ref>Wikipedia contributors. ”UM interface - Mobile-Terminated SMS (MT-SMS)”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Terminated_SMS_.28MT-SMS.29.</ref>:
  
'''In the simplest case, error-free delivery outside of an established call, the transaction sequence is:'''
+
* The network pages the MS with the standard paging procedure.
 
+
* The MS establishes an SDCCH using the standard RR paging response procedure, which implies a CC sublayer connection.
The network pages the MS with the standard paging procedure.
+
* The network initiates multiframe mode in SAP3.
The MS establishes an SDCCH using the standard RR paging response procedure, which implies a CC sublayer connection.
+
* The network sends the RP-DATA message as the RPDU in a CP-DATA message.
The network initiates multiframe mode in SAP3.
+
* The MS responds with the CP-ACK message.
The network sends the RP-DATA message as the RPDU in a CP-DATA message.
+
* The MS processes the RPDU.
The MS responds with the CP-ACK message.
+
* The MS sends a CP-DATA message to the network containing an RP-ACK message in the RPDU.
The MS processes the RPDU.
+
* The network responds with a CP-ACK message.
The MS sends a CP-DATA message to the network containing an RP-ACK message in the RPDU.
+
* The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.
The network responds with a CP-ACK message.
+
The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.
+
 
+
  
 
==Um security features==
 
==Um security features==
Line 382: Line 555:
 
GSM 02.09 defines the following security features on Um:
 
GSM 02.09 defines the following security features on Um:
  
authentication of subscribers by the network,
+
* authentication of subscribers by the network
encryption on the channel,
+
* encryption on the channel
anonymization of transactions (at least partially)
+
* anonymization of transactions (at least partially)
  
Um also supports frequency hopping (GSM 05.01 Section 6), which is not specifically intended as a security feature but has the practical effect of adding significant complexity to passive interception of the Um link. Authentication and encryption both rely on a secret key, Ki, that is unique to the subscriber. Copies of Ki are held in the SIM and in the Authentication Center (AuC), a component of the HLR. Ki is never transmitted across Um. An important and well-known shortcoming of GSM security is that it does not provide a means for subscribers to authenticate the network. This oversight allows for false basestation attacks, such as those implemented in an IMSI catcher.
+
Um also supports frequency hopping (GSM 05.01 Section 6), which is not specifically intended as a security feature but has the practical effect of adding significant complexity to passive interception of the Um link.
 +
Authentication and encryption both rely on a secret key, Ki, that is unique to the subscriber.
 +
Copies of Ki are held in the SIM and in the Authentication Center (AuC), a component of the HLR.
 +
The Ki is never transmitted across the Um.
 +
An important and well-known shortcoming of GSM security is that it does not provide a means for subscribers to authenticate the network.  
 +
This oversight allows for false basestation attacks, such as those implemented in an IMSI catcher<ref>Wikipedia contributors. ”Um interface - Um security features”. Wikipedia, The Free Encyclopedia, 2014 Jan 14,
 +
18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um_interface#Um_security_features.</ref>.
  
 
===Authentication of subscribers===
 
===Authentication of subscribers===
  
The Um authentication procedure is detailed in GSM 04.08 Section 4.3.2 and GSM 03.20 Section 3.3.1 and summarized here:
+
The Um authentication procedure is detailed in GSM 04.08 Section 4.3.2 and GSM 03.20 Section 3.3.1 and contains the following steps<ref>Wikipedia contributors. ”Um interface - Authentication of subscribers”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Authentication of subscribers.</ref>
  
The network generates a 128 bit random value, RAND.
+
* The network generates a 128 bit random value, RAND.
The network sends RAND to the MS in the MM Authentication Request message.
+
* The network sends RAND to the MS in the MM Authentication Request message.
The MS forms a 32-bit hash value called SRES by encrypting RAND with an algorithm called A3, using Ki as a key. SRES = A3(RAND,Ki). The network performs an identical SRES calculation.
+
* The MS forms a 32-bit hash value called SRES by encrypting RAND with an algorithm called A3, using Ki as a key. SRES = A3(RAND,Ki). The network performs an identical SRES calculation.
The MS sends back its SRES value in the RR Authentication Response message.
+
* The MS sends back its SRES value in the RR Authentication Response message.
The network compares its calculated SRES value to the value returned by the MS. If they match, the MS is authenticated.
+
* The network compares its calculated SRES value to the value returned by the MS. If they match, the MS is authenticated.
Both the MS and the network also compute a 64-bit ciphering key, Kc, from RAND and Ki using the A8 algorithm. Kc = A8(RAND,Ki). Both parties save this value for later use when ciphering is enabled.
+
* Both the MS and the network also compute a 64-bit ciphering key, Kc, from RAND and Ki using the A8 algorithm. Kc = A8(RAND,Ki). Both parties save this value for later use when ciphering is enabled.
  
 
Note that this transaction always occurs in the clear, since the ciphering key is not established until after the transaction is started.
 
Note that this transaction always occurs in the clear, since the ciphering key is not established until after the transaction is started.
 +
The authentication process is one-way only, as only the core network can authenticate the MS.
  
'''Um encryption'''
+
=== Um encryption ===
  
 
GSM encryption, called "ciphering" in the specifications, is implemented on the channel bits of the radio bursts, at a very low level in L1, after forward error correction coding is applied.  
 
GSM encryption, called "ciphering" in the specifications, is implemented on the channel bits of the radio bursts, at a very low level in L1, after forward error correction coding is applied.  
 
This is another significant security shortcoming in GSM because:
 
This is another significant security shortcoming in GSM because:
  
the intentional redundancy of the convolutional coder reduces the Unicity distance of the encoded data and
+
* the intentional redundancy of the convolutional coder reduces the Unicity distance of the encoded data and
the parity word can be used for verifying correct decryption.
+
* the parity word can be used for verifying correct decryption.
  
A typical GSM transaction also includes LAPDm idle frames and SACCH system information messages at predictable times, affording a Known plaintext attack. The GSM ciphering algorithm is called A5.  
+
A typical GSM transaction also includes LAPDm idle frames and SACCH system information messages at predictable times, affording a Known plain text attack. The GSM ciphering algorithm is called A5.  
  
'''There are four variants of A5 in GSM, only first three of which are widely deployed:'''
+
There are four variants of A5 in GSM, only first three of which are widely deployed:
  
A5/0: no ciphering at all
+
* A5/0: no ciphering at all
A5/1: strong(er) ciphering, intended for use in North America and Europe
+
* A5/1: strong(er) ciphering, intended for use in North America and Europe
A5/2: weak ciphering, intended for use in other parts of the world, but now deprecated by the GSMA
+
* A5/2: weak ciphering, intended for use in other parts of the world, but now deprecated by the GSMA
A5/3: even stronger ciphering with open design
+
* A5/3: even stronger ciphering with open design
  
 +
Ciphering is a radio resource function and managed with messages in the radio resource sublayer of L3, but ciphering is tied to authentication because the ciphering key Kc is generated in that process.
 +
Ciphering is initiated with the RR Ciphering Mode Command message, which indicates the A5 variant to be used.
 +
The MS starts ciphering and responds with the RR Ciphering Mode Complete message in ciphertext.
 +
The network is expected to deny service to any MS that does not support either A5/1 or A5/2 (GSM 02.09 Section 3.3.3)<ref>Wikipedia contributors. ”Um interface - Um encryption”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Um encryption.</ref>.
  
Ciphering is a radio resource function and managed with messages in the radio resource sublayer of L3, but ciphering is tied to authentication because the ciphering key Kc is generated in that process. Ciphering is initiated with the RR Ciphering Mode Command message, which indicates the A5 variant to be used. The MS starts ciphering and responds with the RR Ciphering Mode Complete message in ciphertext. The network is expected to deny service to any MS that does not support either A5/1 or A5/2 (GSM 02.09 Section 3.3.3). Support of both A5/1 and A5/2 in the MS was mandatory in GSM Phase 2 (GSM 02.07 Section 2) until A5/2 was depreciated by the GSMA in 2006.
+
===Anonymization of subscribers===
  
 +
The TMSI is a 32-bit temporary mobile subscriber identity that can be used to avoid sending the IMSI in the clear on Um.
 +
The TMSI is assigned by the BSC and is only meaningful within specific network.
 +
The TMSI is assigned by the network with the MM TMSI Reallocation Command, a message that is normally not sent until after ciphering is started, so as to hide the TMSI/IMSI relationship.
 +
Once the TMSI is established, it can be used to anonymize future transactions.
  
===Anonymization of subscribers===
+
Note that the subscriber identity must be established before authentication or encryption, so the first transaction in a new network must be initiated by transmitting the IMSI in the clear<ref>Wikipedia contributors.
+
”Um interface - Anonymization of subscribers”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Anonymization of subscribers.</ref>.
  
The TMSI is a 32-bit temporary mobile subscriber identity that can be used to avoid sending the IMSI in the clear on Um. The TMSI is assigned by the BSC and is only meaningful within specific network. The TMSI is assigned by the network with the MM TMSI Reallocation Command, a message that is normally not sent until after ciphering is started, so as to hide the TMSI/IMSI relationship. Once the TMSI is established, it can be used to anonymize future transactions. Note that the subscriber identity must be established before authentication or encryption, so the first transaction in a new network must be initiated by transmitting the IMSI in the clear.
+
==Protocols of Voice over IP==
  
==Network and Switching Subsystem==
+
VoIP is a technology that allows carrying voice communications and other multimedia sessions (text messages, fax etc.) via IP networks.
+
VoIP has similar functional principles as those behind digital telephony, however, in the case of the former, voice calls are transmitted as IP packets over a packet-switched network, and not a circuit-switched one.
===Mobile Switching Center (MSC) and the Visitor Location Register (VLR)===
+
  
The mobile switching center (MSC) is the primary service delivery node for GSM, responsible for routing voice calls and SMS. The MSC sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring.
+
VoIP has the great advantage of lowering both the operational costs and the costs for the end-user, while also connecting more users at the same time (through real time conferences) and enabling access to various features such as: caller ID, voice mail, contact lists, multi-ring, online account management etc.
In the GSM mobile phone system, in contrast with earlier analogue services, fax and data information is sent directly digitally encoded to the MSC. Only at the MSC is this re-coded into an "analogue" signal.
+
  
There are various different names for MSCs in different contexts which reflects their complex role in the network, all of these terms though could refer to the same MSC, but doing different things at different times.
+
Nevertheless, getting a seamless voice quality is uncertain and unreliable, due to VoIP not having a mechanism that prevents packets from being lost, and voice calls can experience jitter and high latency.
  
The Gateway MSC (G-MSC) is the MSC that determines which visited MSC the subscriber who is being called is currently located at. It also interfaces with the PSTN. All mobile to mobile calls and PSTN to mobile calls are routed through a G-MSC. The term is only valid in the context of one call since any MSC may provide both the gateway function and the Visited MSC function, however, some manufacturers design dedicated high capacity MSCs which do not have any BSSs connected to them. These MSCs will then be the Gateway MSC for many of the calls they handle. The visitor location is a database of the subscribers who have roamed into the jurisdiction of the MSC (Mobile Switching Center) which it serves. Each main base station in the network is served by exactly one VLR, hence a subscriber cannot be present in more than one VLR at a time.
+
Some popular examples of VoIP applications are Skype and Google Talk or a large number of smartphone apps such as: Viber, Magic App, WhatsApp etc.
  
The data stored in the VLR has either been received from the HLR, or collected from the MS (Mobile station).
+
===User Datagram Protocol===
In practice, for performance reasons, most vendors integrate the VLR directly to the V-MSC and, where this is not done, the VLR is very tightly linked with the MSC via a proprietary interface.
+
Whenever an MSC detects a new MS in its network, in addition to creating a new record in the VLR, it also updates the HLR of the mobile subscriber, apprising it of the new location of that MS.
+
If VLR data is corrupted it can lead to serious issues with text messaging and call services.
+
  
Data stored include:
+
The User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite (the set of network protocols used for the Internet).
 +
With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without prior communications to set up special transmission channels or data paths.
 +
The protocol was designed by David P. Reed in 1980 and formally defined in RFC 768.
  
-  IMSI (the subscriber's identity number).
+
UDP uses a simple transmission model with a minimum of protocol mechanism.  
-  Authentication data.
+
It has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.  
-  MSISDN (the subscriber's phone number).
+
As this is normally IP over unreliable media, there is no guarantee of delivery, ordering, or duplicate protection.
-  GSM services that the subscriber is allowed to access.
+
UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.
-  access point (GPRS) subscribed.
+
-  The HLR address of the subscriber.
+
  
===Home Location Register===
+
UDP is suitable for purposes where error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level.
+
Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system.
The home location register (HLR) is a central database that contains details of each mobile phone subscriber that is authorized to use the GSM core network. There can be several logical, and physical, HLRs per public land mobile network (PLMN), though one international mobile subscriber identity (IMSI)/MSISDN pair can be associated with only one logical HLR (which can span several physical nodes) at a time. The HLRs store details of every SIM card issued by the mobile phone operator. Each SIM has a unique identifier called an IMSI which is the primary key to each HLR record.
+
If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose.
  
Another important item of data associated with the SIM are the MSISDNs, which are the telephone numbers used by mobile phones to make and receive calls.The primary MSISDN is the number used for making and receiving voice calls and SMS, but it is possible for a SIM to have other secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a primary key to the HLR record. The HLR data is stored for as long as a subscriber remains with the mobile phone operator.
+
UDP is used in this instance because:
 +
* It is transaction-oriented, suitable for simple query-response protocols such as the Domain Name System or the Network Time Protocol.
 +
* It provides datagrams, suitable for modeling other protocols such as in IP tunnelling or Remote Procedure Call and the Network File System.
 +
* It is simple, suitable for bootstrapping or other purposes without a full protocol stack, such as the DHCP and Trivial File Transfer Protocol.
 +
* It is stateless, suitable for very large numbers of clients, such as in streaming media applications for example IPTV
 +
* The lack of retransmission delays makes it suitable for real-time applications such as Voice over IP, online games, and many protocols built on top of the Real Time Streaming Protocol.
 +
* Works well in unidirectional communication, suitable for broadcast information such as in many kinds of service discovery and shared information such as broadcast time or Routing Information Protocol
  
Examples of other data stored in the HLR against an IMSI record is:
+
===Session Initiation Protocol (SIP)===
  
-  GSM services that the subscriber has requested or been given.
+
The Session Initiation Protocol (SIP) is a plain text ASCII signalling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks.
-  GPRS settings to allow the subscriber to access packet services.
+
It is a newer generation of protocols used in VoIP than H.323. SIP has been developed and standardized in RFC 3261 in 2001 under the auspices of the Internet Engineering Task Force (IETF).
-  Current location of subscriber (VLR and serving GPRS support node/SGSN).
+
It was originally designed by Henning Schulzrinne and Mark Handley.
-  Call divert settings applicable for each associated MSISDN.
+
It is continuously improved and updated, and many proprietary versions of SIP were developed.
 
    
 
    
The HLR is a system which directly receives and processes MAP transactions and messages from elements in the GSM network, for example, the location update messages received as mobile phones roam around.
+
SIP borrows many of it's functionalities from HTTP- the status codes; from DNS- the SRV records and from SMTP - the address formatting MIME
 
+
'''Equipment Identity Register'''
+
 
    
 
    
The equipment identity register is often integrated to the HLR.The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored.This is designed to allow tracking of stolen mobile phones. In theory all data about all stolen mobile phones should be distributed to all EIRs in the world through a Central EIR.It is clear, however, that there are some countries where this is not in operation.The EIR data does not have to change in real time, which means that this function can be less distributed than the function of the HLR.The EIR is a database that contains information about the identity of the mobile equipment that prevents calls from stolen, unauthorized or defective mobile stations.Some EIR also have the capability to log Handset attempts and store it in a log file.
+
The Basic functions of SIP are:
  
===Authentication Center===
+
* It locates users and resolves their SIP address to an IP address.
+
* Negotiates capabilities and features along all session participants.
The authentication centre (AuC) is a function to authenticate each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above.An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network.
+
* It allows changing parameters during the call.
 +
* Manages the setup and tear-down of calls for all users in the session.
  
If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AuC processing. Proper implementation of security in and around the AuC is a key part of an operator's strategy to avoid SIM cloning.
+
SIP is used in conjunction with SDP.
  
The AuC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure.The security of the process depends upon a shared secret between the AuC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AuC.This Ki is never transmitted between the AuC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.
+
===Session Description Protocol===
  
 +
SDP is intended for describing multimedia communication sessions for the purposes of session announcement, session invitation, and parameter negotiation.
 +
SDP does not deliver media itself but is used for negotiation between end points of media type, format, and all associated properties.
 +
SDP is designed to be extensible to support new media types and formats.
  
 +
===Real-time Transport Protocol===
  
==GPRS==
+
The Real-time Transport Protocol (RTP) defines a standardized packet format for delivering audio and video over IP networks.
 +
RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features.
  
General packet radio service (GPRS) is a packet oriented mobile data service. The core network is based on Internet Protocol (IP) so it can communicate through the internet to any other LAN network or ther Internet Software providers. The GPRS core network allows 2G, 3G and WCDMA mobile networks to transmit IP packets to external networks such as the Internet.
+
RTP is used in conjunction with the RTP Control Protocol (RTCP).
From this concept evolved the modern core network o
+
While RTP carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS) and aids synchronization of multiple streams.
 +
RTP is one of the technical foundations of Voice over IP and in this context is often used in conjunction with SIP and SDP which assists in setting up connections across the network.
  
===GPRS services===
+
RTP is originated and received on even port numbers between 16384 to 32767 and the associated RTCP communication uses the next higher odd port number. 
 +
 
 +
The RTP specification describes two sub-protocols and two optional protocols:
 +
 
 +
* The data transfer protocol, RTP, which deals with the transfer of real-time data
 +
* The control protocol RTCP 
 +
* An optional signalling protocol such as H.323, Session Initiation Protocol (SIP), or Jingle (XMPP)
 +
* An optional media description protocol such as Session Description Protocol
 +
 
 +
===Adaptive Multi-Rate audio codec===
 +
 
 +
The Adaptive Multi-Rate  audio codec is an audio data compression scheme optimized for speech coding. AMR encodes signals in the 200--3400 Hz range at variable bit rates.
 +
It is one of the codecs that have been adopted as a standard in GSM. There are a total of 14 modes of the AMR codec, 8 are available in a full rate channel (FR) and 6 on a half rate channel (HR). Of them, EFR or GSM-EFR or GSM 06.60 offers the highest bitrate (12.20 kbit/s).
 +
 
 +
===GSM Full Rate Speech Transcoding===
 +
 
 +
Full Rate (FR or GSM-FR or GSM 06.10 or sometimes simply GSM) was the first digital speech coding standard used in the GSM digital mobile phone system.
 +
The bit rate of the codec is 13 kbit/s, or 1.625 bits/audio sample (often padded out to 33 bytes/20 ms or 13.2 kbit/s).
  
 +
The quality of the coded speech is quite poor by modern standards, but at the time of development (early 1990s) it was a good compromise between computational complexity and quality, requiring only on the order of a million additions and multiplications per second.
 +
The codec is still widely used in networks around the world. Gradually FR will be replaced by Enhanced Full Rate (EFR) and Adaptive Multi-Rate (AMR) standards, which provide much higher speech quality with lower bit rate.
  
GPRS extends the GSM Packet circuit switched data capabilities and makes the following services possible:
+
== Notes ==
 +
<references />
  
-  SMS messaging and broadcasting
 
-  "Always on" internet access
 
-  Multimedia messaging service (MMS)
 
-  Push to talk over cellular (PoC)
 
-  Instant messaging and presence—wireless village
 
-  Internet applications for smart devices through wireless application protocol (WAP)
 
-  Point-to-point (P2P) service: inter-networking with the Internet (IP)
 
-  Point-to-Multipoint (P2M) service: point-to-multipoint multicast and point-to-multipoint group calls
 
  
 +
<!-- == Note ==
  
If SMS over GPRS is used, an SMS transmission speed of about 30 SMS messages per minute may be achieved. This is much faster than using the ordinary SMS over GSM, whose SMS transmission speed is about 6 to 10 SMS messages per minute.
+
Some of the material here is used under the CC-BY or CC-BY-SA license.
 +
The original source document is at:
 +
* Wikipedia contributors. "Um interface". Wikipedia, The Free Encyclopedia; 2014 Jan 14, 18:26 UTC [cited 2014 Feb 10]. Available from: http://en.wikipedia.org/wiki/Um_interface.
 +
* Wikipedia contributors . ”GSM”. Wikipedia, The Free Encyclopedia, 2014 Jul 04, 18:00 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM.
 +
* Wikipedia contributors. ”GPRS core network”. Wikipedia, The Free Encyclopedia, 2014 Apr 20, 07:24 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GPRS_Core_Network.
 +
* Wikipedia contributors. ”GSM frequency bands”. Wikipedia, The Free Encyclopedia, 2014 May 22, 05:47 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM_frequency_bands.
 +
* Wikipedia contributors. ”GSM - Technical Details”. Wikipedia, The Free Encyclopedia, 2014 Jul 4, 18:00 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM#Technical_details.
 +
* Wikipedia contributors. ”GSM frequency bands - Multi-band and multi-mode phones”. Wikipedia, The Free Encyclopedia, 2014 May 22, 05:47 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM_frequency_bands#Multi-band_and_multi-mode phones.
 +
* Wikipedia contributors. ”GSM frequency bands”. Wikipedia, The Free Encyclopedia, 2013 Dec 16, 13:44 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/Mobile_station.
 +
* Wikipedia contributors. ”Base transciever station”. Wikipedia, The Free Encyclopedia, 2014 Apr 21, 09:13 UTC [cited 2014 Jul 10]. Available from: http://en.wikipedia.org/wiki/Base_transceiver_station.
 +
* Wikipedia contributors. ”Base Station Subsystem - Base station controller”. Wikipedia, The Free Encyclopedia, 2014 Apr 22, 16:34 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Base_Station_Subsystem#Base_station_controller.
 +
* Wikipedia contributors. ”Network switching subsystem”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network and Switching Subsystem.
 +
* Wikipedia contributors. ”Network switching subsystem - AuC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network and Switching Subsystem# Authentication_center_.28AuC.29.
 +
* Wikipedia contributors. ”Network switching subsystem - HLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network and Switching Subsystem#Home location register_.28HLR.29.
 +
* Wikipedia contributors. ”Network switching subsystem - MSC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network and Switching Subsystem#Mobile switching_center_server_.28MSCS.29.
 +
* Wikipedia contributors. ”Network switching subsystem - VLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network and Switching Subsystem#Visitor_location_register_.28VLR.29.
 +
* Wikipedia contributors. ”Network switching subsystem - EIR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_and_Switching_Subsystem# Equipment_identity_register_.28EIR.29.
 +
* Wikipedia contributors. ”Operations support system”. Wikipedia, The Free Encyclopedia, 2014 Jul 08, 23:19 UTC [cited 2014 Jul 14]. Available from: http://en.wikipedia.org/wiki/Operations_support_system.
 +
* Wikipedia contributors. ”Um interface”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 14]. Available from:http://en.wikipedia.org/wiki/Um_interface.
 +
* Wikipedia contributors. ”Um interface - Traffic channels (TCH)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http://en.wikipedia.org/wiki/Um_interface#Traffic_channels_.28TCH.29.
 +
* Wikipedia contributors. ”Um interface - Dedicated Control Channels (DCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http: //en.wikipedia.org/wiki/Um_interface#Dedicated Control_Channels_.28DCCHs.29.
 +
* Wikipedia contributors. ”Um interface - Common Control Channels (CCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http: //en.wikipedia.org/wiki/Um_interface# Common_Control_Channels_.28CCCHs.29.
 +
* Wikipedia contributors. ”Um interface - Radio channel establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Radio_channel_establishment.
 +
* Wikipedia contributors. "User Datagram Protocol". Wikipedia, The Free Encyclopedia, 2014 Jul 04, 03:21 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/User_Datagram_Protocol
 +
* Wikipedia contributors. "Session Initiation Protocol". Wikipedia, The Free Encyclopedia, 2014 Jul 09, 15:33 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Session_Initiation_Protocol
 +
* Wikipedia contributors. "Session Description Protocol". Wikipedia, The Free Encyclopedia, 2014 Jul 10, 15:47 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Session_Description_Protocol
 +
* Wikipedia contributors. "Real-time Transport Protocol". Wikipedia, The Free Encyclopedia, 2014 Jul 14, 05:07 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Real-time_Transport_Protocol
 +
* Wikipedia contributors. "Adaptive Multi-Rate audio codec". Wikipedia, The Free Encyclopedia, 2014 Jul 12, 18:22 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Adaptive_Multi-Rate_audio_codec
 +
* Wikipedia contributors. "Full Rate". Wikipedia, The Free Encyclopedia, 2014 Jul 12, 15:52 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Full_Rate -->

Latest revision as of 15:44, 12 April 2017

This page will cover basic concepts related to a typical GSM network, its key components, and the role of YateBTS in such a network. Furthermore, the following sections of this page will describe GSM elements such as: the UM interface, its logical channels, GPRS, protocols of Voice over IP and more.

GSM Network architecture

GSM, also known as Global System for Mobile Communications, is a mobile communications standard set up by the European Telecommunications Standards Institute and contains the protocols that define 2G cellular networks. In time, GSM went beyond voice mobile telephony and now includes data communications, first through GPRS (General Packet Radio Services) and later through EDGE (Enhanced Data rates for GSM Evolution)[1].

The architecture of a GSM network is comprised of the following:

  • a Mobile Station (MS)
  • a Base Station Subsystem (BSS)
    • a Base Station Controller (BSC)
    • a Base Transciever Station
  • a Network and Switching Subsystem (NSS)
    • a Home Location Register (HLR)
    • a Mobile Switching Center (MSC)
    • a Visitor Location Register (VLR)
    • an Authentication Center (AuC)
    • Equipment Identity Register (EIR)
  • an Operations Support System (OSS)

Optionally, if the GSM network includes the transmission of IP packets for data, the GPRS core network needs to be added to the architecture. The GPRS components as a part of the network switching subsystem.

  • the Serving GPRS Support Node (SGSN)
  • the Gateway GPRS Support Node (GGSN)
  • the GPRS tunnelling protocol (GTP)
  • an access point
  • a PDP context
  • various reference points and interfaces

All these components will be described in depth below.

GSM frequency bands

GSM frequency bands have been designated by the ITU and allow GSM mobile stations to function.

There are four main classes of GSM bands:

  • P-GSM, Standard or Primary GSM-900 Band
  • E-GSM, Extended GSM-900 Band (includes Standard GSM-900 band)
  • R-GSM, Railways GSM-900 Band (includes Standard and Extended GSM-900 band)
  • T-GSM, Trunking-GSM

The 3GPP TS 45.005 standard, in its second chapter, identifies 14 GSM bands[2] .

However, there are four globally standardized bands for commercial purposes.

System Band Uplink (MHz) Downlink (MHz) Region
GSM 850 850 824 – 849 869 – 894 North America, the Caribbean and Latin America
E-GSM 900 900 880 – 915 925 – 960 Europe, the Middle East, Africa and Asia-Pacific
GSM 1800 1800 1,710 – 1 ,785 1,805 – 1,880 Europe, the Middle East, Africa and Asia-Pacific
GSM 1900 1900 1,850 – 1,909 1,930 – 1,989 North America, the Caribbean and Latin America

Each frequency is divided in timeslots per each mobile phone. Therefore, each frequency has eight-full rate or 16 half-rate speech channels.

For roaming, mobile phones need to support multiple frequency bands.

Mobile Station (MS)

The mobile station (MS) is a mobile phone or mobile computer connected through a mobile broadband adapter to the mobile network.

A typical MS for GSM is comprised of the following components:

  • Mobile termination (MT) – offers common functions such as: radio transmission and handover, speech encoding and decoding, error detection and correction, signalling and access to the SIM.

The IMEI code is attached to the MT. It is equivalent to the network termination of an ISDN access.

  • Terminal equipment (TE) – relates to any device connected to the MS offering services to the user.

It does not contain any functions specific to GSM.

  • Terminal adapter (TA) – Provides access to the MT as if it was an ISDN network termination with extended capabilities.

Communication between the TE and MT over the TA takes place using AT commands.

  • Subscriber identity module (SIM) – is a removable subscriber identification token storing the IMSI, a unique key shared with the mobile network operator and other data.

The MT, TA and TE are enclosed in the same case in the mobile phone. Generally, different processors handle the MT and TE functions. The application processor serves as a TE, while the baseband processor serves as an MT, and the communication between both takes place using AT commands, which serves as a TA[3].

Base Station Subsystem (BSS)

The BSS takes the role of handling traffic and signalling between an MS and the network switching subsystem. It is comprised of a base transciever station and a base station controller.

Base Transceiver Station (BTS)

The BTS holds the equipment used for sending and receiving radio signals and equipment for performing the communication encryption and decryption with the base station controller. A typical BTS has the following components[4]:

  • a transceiver
  • a power amplifier
  • a combiner
  • a duplexer
  • an antenna
  • an alarm extension system
  • a control function and
  • a baseband receiver unit

Each BTS deployed in the field acts as a single cell. The number of deployed BTSs is determined by taking into account the area and the number of subscribers that need to be served.

Base Station Controller (BSC)

The BSC has the role of allocating radio channels, receiving measurements from mobile stations and handling handovers from one BTS to another.

It is the anchor between mobile stations and the Mobile Switching Center (MSC). The BSC is able to manage up to hundreds of BTSs at the same time[5].

Network Switching Subsystem (NSS)

The NSS handles call switching and mobility management functions for mobile roaming, such as authentication. The components that form the NSS are owned and managed by mobile operators and allow mobile devices to communicate with each other and with other telephones in the public switched telephone network[6].

Authentication Center (AuC)

The Authentication Center is a database that authenticates each SIM card that tries to connect to the GSM core network. As soon the the SIM is authenticated, the HLR takes over and manages the SIM and its services. Each authentication involves an encryption key used to secure all the wireless communications between the mobile station and the core network[7].

Home Location Register (HLR)

The HLR is a database that stores and manages all the subscribers of any given mobile operator, by holding all the details of every SIM card issues by that operator[8]. The SIM card stores the IMSI, the shared secret authentication key and an integrated circuit card identifier (ICCID). Another identification data is represented by the MSISDN, which is the the phone number associated to a SIM card.

Mobile Switching Center (MSC)

The MSC is a central component of the NSS and is the main service delivery point for GSM. It responsible for routing voice calls and SMS, performs registration, authentication, handover and updates the location of a mobile station. The MSC also performs signalling, conference calls and generates billing information[9].

Visitor Location Register (VLR)

The VLR is a database of subscribers authenticated to its corresponding MSC. Most of the times, the VLR is part of the MSC and receives subscriber data from the HLR, or from the mobile station.

Whenever a mobile station enters the area served by a particular MSC, its VLR will request identification data from the HLR about the subscriber[10].

Equipment Identity Register (EIR)

The EIR is a database containing lists of IMEI numbers of mobile stations that have been reported stolen, unauthorized or defective. These IMEIs are either banned from the mobile network or monitored. The EIR is typically integrated in the HLR[11].

Operations Support System (OSS)

The OSS includes those operations that handle support management functions such as:

  • network management systems
  • service delivery
  • service fulfilment – network inventory,activation and provisioning
  • service assurance
  • customer care

OSS enables mobile operators to analyze, monitor and control their mobile networks. It offers operators a centralized and automated network overview[12].

GPRS

General Packet Radio Service (GPRS) is a packet oriented mobile data service. The core network is based on Internet Protocol (IP) so it can communicate through the internet to any other LAN network or the Internet Software providers.

The GPRS core network allows mobile networks to transmit IP packets to external networks (e.g. the Internet). GPRS components are a part of the GSM network switching subsystem[13].

The components of a classic GPRS network consist of:

  • a BTS
  • a BSC
  • a Serving GPRS Support Node (SGSN) that manages the sessions between the mobile station and the network
  • a Gateway GPRS Support Node (GGSN) that manages the IP addresses to GPRS sessions

The diagram below explains the general architecture of the classic GPRS data service versus the GPRS implemented in the Unified Core NetworkTM:

Classic gprs vs yate gprs.png

GPRS services

GPRS perform the following services:

  • SMS messaging and broadcasting
  • continuous Internet access
  • Multimedia messaging service (MMS)
  • Push to talk over cellular (PoC)
  • instant messaging and presence-wireless village
  • Internet applications for smart devices through wireless application protocol (WAP)
  • Point-to-point (P2P) service: inter-networking with the Internet (IP)
  • Point-to-Multipoint (P2M) service: point-to-multipoint multicast and point-to-multipoint group calls

If SMS over GPRS is used, an SMS transmission speed of about 30 SMS messages per minute may be achieved. This is much faster than using the ordinary SMS over GSM, whose SMS transmission speed is about 6 to 10 SMS messages per minute[14].

GPRS Supported Protocols

GPRS supports the following protocols[15]:

  • Point-to-point protocol (PPP):

When the mobile phone is used as a modem for a connected computer, the PPP tunnels the IP to the phone. This allows an IP address to be assigned dynamically (IPCP not DHCP) to the mobile equipment.

  • X.25 connections:

This protocol is typically used for applications like wireless payment terminals, although it has been removed from the standard. X.25 can still be supported over PPP, or even over IP, but doing this requires either a network-based router to perform encapsulation or intelligence built into the end-device/terminal; e.g., user equipment (UE).

  • When TCP/IP is used, each phone can have one or more IP addresses allocated.

GPRS will store and forward the IP packets to the phone even during handover. The TCP handles any packet loss (e.g. due to a radio noise induced pause).

Mobile Devices

Devices supporting GPRS are divided into three classes[16]:

  • Class A – can be connected to GPRS service and GSM service (voice, SMS), using both at the same time.

Such devices are known to be available today.

  • Class B – Can be connected to GPRS service and GSM service (voice, SMS), but using only one or the other at a given time.

During GSM service (voice call or SMS), GPRS service is suspended, and then resumed automatically after the GSM service (voice call or SMS) has concluded. The majority of GPRS mobile devices are Class B.

  • Class C – Are connected to either GPRS service or GSM service (voice, SMS).

Must be switched manually between one and the other service.

APN

GPRS connection establishment is performed via an APN (access point name). The APN handles WAP access, SMSs, MMSs, as well as email and web access.

In order to set up a GPRS connection for a wireless modem, a user must specify an APN, optionally a user name and password, and an IP address, all provided by the network operator[17].

Upload and Download Speed

The factors conditioning the upload and download speeds are[18]:

  • the number of base station TDMA time slots assigned by the operator
  • the channel encoding
  • the maximum capability of the mobile device defined as a GPRS multislot class

Multiple Access Schemes

GPRS uses frequency division duplex (FDD) and TDMA as access methods. During a session, a user is assigned to one pair of uplink and downlink frequency channels, which, combined with time domain statistical multiplexing, allows more subscribers to share the same channel.

The packets have a constant length, corresponding to a GSM time slot. The downlink uses first-come first-served packet scheduling, while the uplink uses a reservation scheme that requires colliding data to be retransmitted later[19].

UM interface

The Um interface is the GSM specific air interface between the mobile station and the BTS. It bares this name because it is the mobile analog to the U interface of ISDN. Um also supports GPRS packet-oriented data[20].

As established in the GSM 04.01, Section 7 specifications, the Um interface is defined in the lower three layers of GSM:

  • the physical layer (L1)
  • the data link layer (L2)
  • the network layer (L3)

Um Logical Channels

As established in the GSM 04.03 specifications, the non-GPRS Um logical channels belong to thee categories:

  • Traffic Channels (TCH)
  • Dedicated Control Channels (DCCHs)
  • Common Control Channels (CCCHs)

The following diagram shows the main channel categories.

UmLogical.png

Traffic channels (TCH)

Traffic channels correspond to the ISDN B channel and are known as the Bm channels. They use 8-burst(Break) diagonal interleaving with a new block starting on every fourth burst and any given burst containing bits from two different traffic frames.

The coding of a traffic channel is dependent on the traffic or vocoder type employed, with most coders capable of overcoming single-burst losses. All traffic channels use a 26-multiframe TDMA structure[21].

Full-rate channels (TCH/F)

A GSM full rate channel uses 24 frames out of a 26-multiframe. The channel bit rate of a full-rate GSM channel is 22.7 kbit/s, although the actual payload data rate is 9.6-14 kbit/s, depending on the channel coding. This channel is normally used with the GSM 06.10 Full Rate, GSM 06.60 Enhanced Full Rate or GSM 06.90 Adaptive Multi-Rate speech codec. It can also be used for fax and Circuit Switched Data.

Half-rate channels (TCH/H)

A GSM half rate channel uses 12 frames out of a 26-multiframe. The channel bit rate of a half-rate GSM channel is 11.4 kbit/s, although the actual data capacity is 4.8-7 kbit/s, depending on the channel coding. This channel is normally used with the GSM 06.20 Half Rate or GSM 06.90 Adaptive Multi-Rate speech codec.

Dedicated Control Channels (DCCHs)

The Dedicated Control Channels correspond to the ISDN D channel and are known as the Dm channels[22].

Standalone Dedicated Control Channel (SDCCH)

The SDCCH is used for most short transactions, including initial call setup, registration and SMS transfer. It has a payload data rate of 0.8 kbit/s. Up to eight SDCCHs can be time-multiplexed onto a single physical channel. The SDCCH uses 4-burst block interleaving in a 51-multiframe.

Fast Associated Control Channel (FACCH)

The FACCH is always paired with a traffic channel. The FACCH is a blank-and-burst channel that operates by stealing bursts from its associated traffic channel. Bursts that carry FACCH data are distinguished from traffic bursts by stealing bits at each end of the midamble. The FACCH is used for in-call signalling, including call disconnect, handover and the later stages of call setup. It has a payload data rate of 9.2 kbit/s when paired with a full-rate channel (FACCH/F) and 4.6 kbit/s when paired with a half-rate channel (FACCH/H). The FACCH uses the same interleaving and multiframe structure as its host TCH.

Slow Associated Control Channel (SACCH)

Every SDCCH or FACCH also has an associated SACCH. Its normal function is to carry system information messages 5 and 6 on the downlink, carry receiver measurement reports on the uplink and to perform closed-loop power and timing control. Closed loop timing and power control are performed with a physical header at the start of each L1 frame. This 16-bit physical header carries actual power and timing advance settings in the uplink and ordered power and timing values in the downlink. The SACCH can also be used for in-call delivery of SMS. It has a payload data rate of 0.2-0.4 kbit/s, depending on the channel with which it is associated. The SACCH uses 4-burst block interleaving and the same multiframe type as its host TCH or SDCCH.

Common Control Channels (CCCHs)

The Common Control Channels are unicast and broadcast channels that do not a correspondent in ISDN. They are used almost exclusively for radio resource management. The AGCH and RACH together form the medium access mechanism for Um[23].

Broadcast Control Channel (BCCH)

The BCCH carries a repeating pattern of system information messages that describe the identity, configuration and available features of the BTS. BCCH brings the measurement reports it bring the information about LAI And CGI BCCH frequency are fixed in BTS.

Synchronization Channel (SCH)

The SCH transmits a Base station identity code and the current value of the TDMA clock. SCH repeats on every 1st, 11th, 21st, 31st and 41st frames of the 51 frame multi frame. So there are 5 SCH frames in a 51 frame multiframe.

Frequency Correction Channel (FCCH)

The FCCH generates a tone on the radio channel that is used by the mobile station to discipline its local oscillator. FCCH will repeat on every 0th, 10th, 20th, 30th and 40th frames of the 51 frame multiframe. So there are 5 FCCH frames in a 51 frame multiframe.

Paging Channel (PCH)

The PCH carries service notifications (pages) to specific mobiles sent by the network. A mobile station that is camped to a BTS monitors the PCH for these notifications sent by the network.

Access Grant Channel (AGCH)

The AGCH carries BTS responses to channel requests sent by mobile stations via the Random Access Channel.

Random Access Channel (RACH)

The RACH is the uplink counterpart to the AGCH. The RACH is a shared channel on which the mobile stations transmit random access bursts to request channel assignments from the BTS.

Allowed channel combinations

The multiplexing rules of GSM 05.02 allow only certain items of logical channels to share a physical channel. The allowed items for single-slot systems are listed in GSM 05.02 Section 6.4.1. Additionally, only certain of these items are allowed on certain timeslots or carriers and only certain sets of items can coexist in a given BTS.

The most common combinations are[24]:

  • C-I: TCH/F + FACCH/F + SACCH – This combination is used for full rate traffic. It can be used anywhere but C0T0.
  • C-II: TCH/H + FACCH/H + SACCH – This combination is used for half rate traffic when only one channel is needed. It can be used anywhere but C0T0.
  • C-III: 2 TCH/H + 2 FACCH/H + 2 SACCH – This combination is used for half rate traffic. It can be used anywhere but C0T0.
  • C-IV: FCCH + SCH + BCCH + CCCH – This is the standard C0T0 combination for medium and large cells. It can be used only on C0T0.
  • C-V: FCCH + SCH + BCCH + CCCH + 4 SDCCH + 2 SACCH – This is the typical C0T0 combination for small cells, which allows the BTS to trade unnecessary CCCH capacity for a pool of 4 SDCCHs. (5x1)+(5x1)+(1x4)+(3x4)+(4x4)+(2x4)+1idle= 51 frame multiframe. It can be used only on C0T0.
  • C-VI: BCCH + CCCH – This combination is used to provide additional CCCH capacity in large cells. It can be used on C0T2, C0T4 or C0T6.
  • C-VII: 8 SDCCH + 4 SACCH.[(8x4)+(4x4)+3idle=51frame multiframe] – This combination is used to provide additional SDCCH capacity in medium and large cells. It can be used anywhere but C0T0.

YateBTS supports the C-I, C-V, and C-VII channel combinations.

YateBTS Channel Configurations

Typical YateBTS channel configurations for 1-TRX and 2-TRX are illustrated in the diagram below.

Channel configuration.png

Fundamental Um Transactions

Basic speech service in GSM requires five transactions:

  • radio channel establishment
  • location update
  • mobile-originating call establishment
  • mobile-terminating call establishment
  • call clearing

Radio channel establishment

Unlike ISDN's U channel, Um channels are not hard-wired, so the Um interface requires a mechanism for establishing and assigning a dedicated channel prior to any other transaction. The Um radio resource establishment procedure is defined in GSM 04.08 Section 3.3 and this is the basic medium access procedure for Um. This procedure uses the CCCH (PCH and AGCH) as a unicast downlink and the RACH as a shared uplink. In the simplest form, the steps of the transaction are:

  • Paging – The network sends a RR Paging Request message (GSM 04.08 Sections 9.1.22-9.1.23) over the PCH, using the subscriber's IMSI or TMSI as an address.

GSM does not allow paging by IMEI (GSM 04.08 Section 10.5.1.4). This paging step occurs only for a transaction initiated by the network.

  • Random Access – The mobile station sends a burst on the RACH. This burst encodes an 8-bit transaction tag and the BSIC of the serving BTS.

A variable number of most-significant bits in the tag encode the reason for the access request, with the remaining bits chosen randomly. In L3, this tag is presented as the RR Channel Request message (GSM 04.08 9.1.8). The mobile also records the TDMA clock state at the time the RACH burst is transmitted. In cases where the transaction is initiated by the MS, this is first step.

  • Assignment – On the AGCH, the network sends the RR Immediate Assignment message (GSM 04.08 Section 9.1.18) for a dedicated channel, usually an SDCCH.

This message is addressed to the MS by inclusion of the 8-bit tag from the corresponding RACH burst and a time-stamp indicating the TDMA clock state when the RACH burst was received. If no dedicated channel is available for assignment, the BTS can instead respond with the RR Immediate Assignment Reject message, which is similarly addressed and contains a hold-off time for the next access attempt. Emergency callers receiving the reject message are not subject to the hold-off and may retry immediately.

  • Retry – If the RACH burst of step 2 is not answered with an assignment or assignment reject in step 3 within a given timeout period ,usually on the order of 0.5 second, the handset will repeat step 2 after a small random delay. This cycle may be repeated 6-8 times before the MS aborts the access attempt.

Note that there is a small but non-zero probability that two MSs send identical RACH bursts at the same time in step 2. If these RACH bursts arrive at the BTS with comparable power, the resulting sum of radio signals will not be demodulable and both MSs will move to step 4. However, if there is a sufficient difference in power, the BTS will see and answer the more powerful RACH burst. Both MSs will receive and respond to the resulting channel assignment in step 3. To ensure recovery from this condition, Um uses a "contention resolution procedure" in L2, described in GSM 04.06 5.4.1.4 in which the first L3 message frame from the MS, which always contains some form of mobile ID, is echoed back to the MS for verification[25].

Location update

This procedure normally is performed when the MS powers up or enters a new Location area but may also be performed at other times as described in the specifications. In its minimal form, the steps of the transaction are[26]:

  • The MS and the base station perform the radio channel establishment procedure.
  • On the newly established dedicated channel, the MS sends the MM Location Updating Request message containing either an IMSI or TMSI. The message also implies connection establishment in the MM sublayer.
  • The network verifies the mobile identity in the HLR or VLR and responds with the Location Updating Accept message.
  • The network closes the Dm channel by sending the Channel Release message.

There are many possible elaborations on this transaction, including:

  • authentication
  • ciphering
  • TMSI assignment
  • queries for other identity types
  • location updating reject

Mobile-Originating Call (MO) establishment

In its simplest form, the steps of the transaction are[27]:

  • The MS initiates the radio channel establishment procedure and is assigned to a Dm channel, usually an SDCCH.

This establishes the connection in the L3 RR sublayer. The MS will then send a Connection Mode service request containing the subscriber ID (the IMSI or TMSI) and a description of the service it requests (the MO in this case).

  • The MSC will verify in the HLR the subscriber's provisioning and will reply with an Accept message.

Therefore, a connection in the L3 MM sublayer is established.

  • The MS sends the Setup message, which includes the called party number.
  • If the called party is correct, the core network will reply with a Call Proceeding message.
  • The network sends an Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
  • Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with an Assignment Complete message.

This is the point when the FACCH takes over all control transactions.

  • The core network sends the Alerting message when the called party alerting has been verified.
  • When the called party answers, the network sends the Connect message.
  • The MS replies with the Connect Acknowledge message and the call becomes active.

The TCH+FACCH assignment can occur at any time during the transaction, depending on the assignment type used by the network.

There are three defined approaches to channel assignment for speech calls:

  • Early Assignment – The network starts the call on the SDCCH and assigns the TCH+FACCH after sending CC Call Proceeding. Call setup then completes on the FACCH. This allows the use of in-band patterns, like the ringing or busy patterns, generated by the network.
  • Late Assignment – The network starts the call on the SDCCH and does not assign the TCH+FACCH until after alerting has started. This forces the MS itself to generate the patterns locally since the TCH does not yet exist to carry the sound.
  • Very Early Assignment – The network makes an immediate assignment to the TCH+FACCH in the initial RR establishment and performs the entire transaction on the FACCH. The SDCCH is not used. Because immediate assignment starts the FACCH in a signalling-only mode, the network must send the RR Channel Mode Modify message at some point to enable the TCH part of the channel. This approach gives faster call establishment and is slightly more reliable since it does not require a channel change in the middle of the call setup operation.

As of release 2.0, YateBTS supports only Very Early Assignment.

Mobile-Terminating Call (MT) establishment

Below are the main steps in performing an MT call[28]:

  • The network initiates the radio channel establishment procedure and assigns the MS to a Dm channel, an SDCCH or FACCH depending on the assignment type. This establishes the connection in the L3 RR sublayer.
  • The MS sends the Paging Response message on the new Dm. This message contains a mobile identity (IMSI or TMSI) and also implies a connection attempt in the MM sublayer.
  • The MSC checks the subscriber in the HLR and verifies that the MS was indeed paged for service. The network can initiate authentication and ciphering at this point, but in the simplest case the network can just send the Setup message to initiate call control.
  • The MS responds with Call Confirmed.
  • The network sends an Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
  • Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message. From this point on, all control transactions are on the FACCH.
  • The MS starts alerting the subscriber of the call and sends the Alerting message to the network.
  • When the subscriber answers, the MS sends the Connect message to the network.
  • The network response with the Connect Acknowledge message and the call becomes active.

As in the MO, the TCH+FACCH assignment can happen at any time, with the three common techniques being early, late and very early assignment.

Call clearing

The call clearing transaction is the same whether initiated by the MS or the network, the only difference being a reversal of roles[29]:

  • Party A sends the CC Disconnect message.
  • Party B responds with the CC Release message.
  • Party A responds with the CC Release Complete message.
  • The network releases the RR connection with the RR Channel Release message. This message always comes from the network, regardless of which party initiated the clearing procedure.

Mobile-Originated SMS (MO-SMS)

In the simplest case, error-free delivery outside of an established call, the transaction sequence is[30]:

  • The MS establishes an SDCCH using the standard RR establishment procedure.
  • The MS sends a CM Service Request.
  • The MS initiates multiframe mode in SAP3 with the normal LAPDm SABM procedure.
  • The MS sends a CP-DATA message (L3, GSM 04.11 Section 7.2.1), which carries an RP-DATA message (L4, GSM 04.11 Section 7.3.1) in its RPDU.
  • The network responds with a CP-ACK message (L3, GSM 04.11 Section 7.2.2).
  • The network delivers the RPDU to the MSC.
  • The MSC responds with an RP-ACK message (L4, GSM 04.11 Section 7.3.3).
  • The network sends a CP-DATA message to the MS, carrying the RP-ACK payload in its RPDU.
  • The MS responds with a CP-ACK message.
  • The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.

Mobile-Terminated SMS (MT-SMS)

The transaction steps for MT-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B. In the simplest case, error-free delivery outside of an established call, the transaction sequence is[31]:

  • The network pages the MS with the standard paging procedure.
  • The MS establishes an SDCCH using the standard RR paging response procedure, which implies a CC sublayer connection.
  • The network initiates multiframe mode in SAP3.
  • The network sends the RP-DATA message as the RPDU in a CP-DATA message.
  • The MS responds with the CP-ACK message.
  • The MS processes the RPDU.
  • The MS sends a CP-DATA message to the network containing an RP-ACK message in the RPDU.
  • The network responds with a CP-ACK message.
  • The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.

Um security features

GSM 02.09 defines the following security features on Um:

  • authentication of subscribers by the network
  • encryption on the channel
  • anonymization of transactions (at least partially)

Um also supports frequency hopping (GSM 05.01 Section 6), which is not specifically intended as a security feature but has the practical effect of adding significant complexity to passive interception of the Um link. Authentication and encryption both rely on a secret key, Ki, that is unique to the subscriber. Copies of Ki are held in the SIM and in the Authentication Center (AuC), a component of the HLR. The Ki is never transmitted across the Um. An important and well-known shortcoming of GSM security is that it does not provide a means for subscribers to authenticate the network. This oversight allows for false basestation attacks, such as those implemented in an IMSI catcher[32].

Authentication of subscribers

The Um authentication procedure is detailed in GSM 04.08 Section 4.3.2 and GSM 03.20 Section 3.3.1 and contains the following steps[33]

  • The network generates a 128 bit random value, RAND.
  • The network sends RAND to the MS in the MM Authentication Request message.
  • The MS forms a 32-bit hash value called SRES by encrypting RAND with an algorithm called A3, using Ki as a key. SRES = A3(RAND,Ki). The network performs an identical SRES calculation.
  • The MS sends back its SRES value in the RR Authentication Response message.
  • The network compares its calculated SRES value to the value returned by the MS. If they match, the MS is authenticated.
  • Both the MS and the network also compute a 64-bit ciphering key, Kc, from RAND and Ki using the A8 algorithm. Kc = A8(RAND,Ki). Both parties save this value for later use when ciphering is enabled.

Note that this transaction always occurs in the clear, since the ciphering key is not established until after the transaction is started. The authentication process is one-way only, as only the core network can authenticate the MS.

Um encryption

GSM encryption, called "ciphering" in the specifications, is implemented on the channel bits of the radio bursts, at a very low level in L1, after forward error correction coding is applied. This is another significant security shortcoming in GSM because:

  • the intentional redundancy of the convolutional coder reduces the Unicity distance of the encoded data and
  • the parity word can be used for verifying correct decryption.

A typical GSM transaction also includes LAPDm idle frames and SACCH system information messages at predictable times, affording a Known plain text attack. The GSM ciphering algorithm is called A5.

There are four variants of A5 in GSM, only first three of which are widely deployed:

  • A5/0: no ciphering at all
  • A5/1: strong(er) ciphering, intended for use in North America and Europe
  • A5/2: weak ciphering, intended for use in other parts of the world, but now deprecated by the GSMA
  • A5/3: even stronger ciphering with open design

Ciphering is a radio resource function and managed with messages in the radio resource sublayer of L3, but ciphering is tied to authentication because the ciphering key Kc is generated in that process. Ciphering is initiated with the RR Ciphering Mode Command message, which indicates the A5 variant to be used. The MS starts ciphering and responds with the RR Ciphering Mode Complete message in ciphertext. The network is expected to deny service to any MS that does not support either A5/1 or A5/2 (GSM 02.09 Section 3.3.3)[34].

Anonymization of subscribers

The TMSI is a 32-bit temporary mobile subscriber identity that can be used to avoid sending the IMSI in the clear on Um. The TMSI is assigned by the BSC and is only meaningful within specific network. The TMSI is assigned by the network with the MM TMSI Reallocation Command, a message that is normally not sent until after ciphering is started, so as to hide the TMSI/IMSI relationship. Once the TMSI is established, it can be used to anonymize future transactions.

Note that the subscriber identity must be established before authentication or encryption, so the first transaction in a new network must be initiated by transmitting the IMSI in the clear[35].

Protocols of Voice over IP

VoIP is a technology that allows carrying voice communications and other multimedia sessions (text messages, fax etc.) via IP networks. VoIP has similar functional principles as those behind digital telephony, however, in the case of the former, voice calls are transmitted as IP packets over a packet-switched network, and not a circuit-switched one.

VoIP has the great advantage of lowering both the operational costs and the costs for the end-user, while also connecting more users at the same time (through real time conferences) and enabling access to various features such as: caller ID, voice mail, contact lists, multi-ring, online account management etc.

Nevertheless, getting a seamless voice quality is uncertain and unreliable, due to VoIP not having a mechanism that prevents packets from being lost, and voice calls can experience jitter and high latency.

Some popular examples of VoIP applications are Skype and Google Talk or a large number of smartphone apps such as: Viber, Magic App, WhatsApp etc.

User Datagram Protocol

The User Datagram Protocol (UDP) is one of the core members of the Internet protocol suite (the set of network protocols used for the Internet). With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without prior communications to set up special transmission channels or data paths. The protocol was designed by David P. Reed in 1980 and formally defined in RFC 768.

UDP uses a simple transmission model with a minimum of protocol mechanism. It has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program. As this is normally IP over unreliable media, there is no guarantee of delivery, ordering, or duplicate protection. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.

UDP is suitable for purposes where error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose.

UDP is used in this instance because:

  • It is transaction-oriented, suitable for simple query-response protocols such as the Domain Name System or the Network Time Protocol.
  • It provides datagrams, suitable for modeling other protocols such as in IP tunnelling or Remote Procedure Call and the Network File System.
  • It is simple, suitable for bootstrapping or other purposes without a full protocol stack, such as the DHCP and Trivial File Transfer Protocol.
  • It is stateless, suitable for very large numbers of clients, such as in streaming media applications for example IPTV
  • The lack of retransmission delays makes it suitable for real-time applications such as Voice over IP, online games, and many protocols built on top of the Real Time Streaming Protocol.
  • Works well in unidirectional communication, suitable for broadcast information such as in many kinds of service discovery and shared information such as broadcast time or Routing Information Protocol

Session Initiation Protocol (SIP)

The Session Initiation Protocol (SIP) is a plain text ASCII signalling communications protocol, widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol (IP) networks. It is a newer generation of protocols used in VoIP than H.323. SIP has been developed and standardized in RFC 3261 in 2001 under the auspices of the Internet Engineering Task Force (IETF). It was originally designed by Henning Schulzrinne and Mark Handley. It is continuously improved and updated, and many proprietary versions of SIP were developed.

SIP borrows many of it's functionalities from HTTP- the status codes; from DNS- the SRV records and from SMTP - the address formatting MIME

The Basic functions of SIP are:

  • It locates users and resolves their SIP address to an IP address.
  • Negotiates capabilities and features along all session participants.
  • It allows changing parameters during the call.
  • Manages the setup and tear-down of calls for all users in the session.

SIP is used in conjunction with SDP.

Session Description Protocol

SDP is intended for describing multimedia communication sessions for the purposes of session announcement, session invitation, and parameter negotiation. SDP does not deliver media itself but is used for negotiation between end points of media type, format, and all associated properties. SDP is designed to be extensible to support new media types and formats.

Real-time Transport Protocol

The Real-time Transport Protocol (RTP) defines a standardized packet format for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features.

RTP is used in conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams (e.g., audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS) and aids synchronization of multiple streams. RTP is one of the technical foundations of Voice over IP and in this context is often used in conjunction with SIP and SDP which assists in setting up connections across the network.

RTP is originated and received on even port numbers between 16384 to 32767 and the associated RTCP communication uses the next higher odd port number.

The RTP specification describes two sub-protocols and two optional protocols:

  • The data transfer protocol, RTP, which deals with the transfer of real-time data
  • The control protocol RTCP
  • An optional signalling protocol such as H.323, Session Initiation Protocol (SIP), or Jingle (XMPP)
  • An optional media description protocol such as Session Description Protocol

Adaptive Multi-Rate audio codec

The Adaptive Multi-Rate audio codec is an audio data compression scheme optimized for speech coding. AMR encodes signals in the 200--3400 Hz range at variable bit rates. It is one of the codecs that have been adopted as a standard in GSM. There are a total of 14 modes of the AMR codec, 8 are available in a full rate channel (FR) and 6 on a half rate channel (HR). Of them, EFR or GSM-EFR or GSM 06.60 offers the highest bitrate (12.20 kbit/s).

GSM Full Rate Speech Transcoding

Full Rate (FR or GSM-FR or GSM 06.10 or sometimes simply GSM) was the first digital speech coding standard used in the GSM digital mobile phone system. The bit rate of the codec is 13 kbit/s, or 1.625 bits/audio sample (often padded out to 33 bytes/20 ms or 13.2 kbit/s).

The quality of the coded speech is quite poor by modern standards, but at the time of development (early 1990s) it was a good compromise between computational complexity and quality, requiring only on the order of a million additions and multiplications per second. The codec is still widely used in networks around the world. Gradually FR will be replaced by Enhanced Full Rate (EFR) and Adaptive Multi-Rate (AMR) standards, which provide much higher speech quality with lower bit rate.

Notes

  1. Wikipedia contributors . ”GSM”. Wikipedia, The Free Encyclopedia, 2014 Jul 04, 18:00 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/GSM.
  2. 3GPP TS 45.005 version 10.0.0 Release 10. "2. Frequency bands and channel arrangement", p. 14; 2011 Apr. Available from: http://www.etsi.org/deliver/etsi_ts/145000_145099/145005/10.00.00_60/ts_145005v100000p.pdf
  3. Wikipedia contributors. ”Mobile station”. Wikipedia, The Free Encyclopedia, 2013 Dec 16, 13:44 UTC [cited 2014 Jul 09]. Available from: http://en.wikipedia.org/wiki/Mobile_station.
  4. Wikipedia contributors. ”Base transceiver station”. Wikipedia, The Free Encyclopedia, 2014 Apr 21, 09:13 UTC [cited 2014 Jul 10]. Available from: http://en.wikipedia.org/wiki/Base_transceiver_station
  5. Wikipedia contributors. ”Base Station Subsystem - Base station controller”. Wikipedia, The Free Encyclopedia, 2014 Apr 22, 16:34 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Base_Station_Subsystem#Base_station_controller
  6. Wikipedia contributors. ”Network switching subsystem”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_and_Switching_Subsystem.
  7. Wikipedia contributors. ”Network switching subsystem - AuC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Authentication_center_.28AuC.29
  8. Wikipedia contributors. ”Network switching subsystem - HLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Home_location_register_.28HLR.29
  9. Wikipedia contributors. ”Network switching subsystem - MSC”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Mobile_switching_center_.28MSC.29.
  10. Wikipedia contributors. ”Network switching subsystem - VLR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Visitor_location_register_.28VLR.29.
  11. Wikipedia contributors. ”Network switching subsystem - EIR”. Wikipedia, The Free Encyclopedia, 2014 Jun 24, 01:02 UTC [cited 2014 Jul 11]. Available from: http://en.wikipedia.org/wiki/Network_switching_subsystem#Equipment_identity_register_.28EIR.29.
  12. Wikipedia contributors. ”Operations support system”. Wikipedia, The Free Encyclopedia, 2014 Jul 08, 23:19 UTC [cited 2014 Jul 14]. Available from: http://en.wikipedia.org/wiki/Operations_support_system
  13. Wikipedia contributors. ”General Packet Radio Service”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/GPRS.
  14. Wikipedia contributors. ”General Packet Radio Service - Services offered”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Services_offered.
  15. Wikipedia contributors. ”General Packet Radio Service - Protocols supported”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Protocols_supported.
  16. Wikipedia contributors. ”General Packet Radio Service - Hardware”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Hardware.
  17. Wikipedia contributors. ”General Packet Radio Service - Addressing”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Addressing.
  18. Wikipedia contributors. ”General Packet Radio Service - Coding schemes and speeds”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Coding_schemes_and_speeds.
  19. Wikipedia contributors. ”General Packet Radio Service - Coding schemes and speeds”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 18]. Available from: http://en.wikipedia.org/wiki/General_Packet_Radio_Service#Multiple_access_schemes
  20. Wikipedia contributors. ”Um interface”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 14]. Available from:http://en.wikipedia.org/wiki/Um_interface.
  21. Wikipedia contributors. ”Um interface - Traffic channels (TCH)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http://en.wikipedia.org/wiki/Um_interface#Traffic_channels_.28TCH.29.
  22. Wikipedia contributors. ”Um interface - Dedicated Control Channels (DCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from:http: //en.wikipedia.org/wiki/Um_interface#Dedicated_Control_Channels_.28DCCHs.29.
  23. Wikipedia contributors. ”Um interface - Common Control Channels (CCCHs)”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from: http: //en.wikipedia.org/wiki/Um_interface#Common_Control_Channels_.28CCCHs.29.
  24. Wikipedia contributors. ”Um interface - Allowed channel combinations”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 15]. Available from: http://en.wikipedia.org/wiki/Um_interface#Allowed_channel_combinations.
  25. Wikipedia contributors. ”Um interface - Radio channel establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Radio_channel_establishment.
  26. Wikipedia contributors. ”Um interface - Location updating”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Location_updating.
  27. Wikipedia contributors. ”Um interface - Mobile-originating call (MOC) establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Originating_Call_.28MOC.29_establishment.
  28. Wikipedia contributors. ”Um interface - Mobile-terminating call (MTC) establishment”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 16]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Terminating_Call_.28MTC.29_establishment.
  29. Wikipedia contributors. ”UM interface - Call clearing”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Call_clearing.
  30. Wikipedia contributors. ”UM interface - Mobile-Originated SMS (MO-SMS)”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Originated_SMS_.28MO-SMS.29.
  31. Wikipedia contributors. ”UM interface - Mobile-Terminated SMS (MT-SMS)”. Wikipedia, The Free Encyclopedia, 2014 Jul 07, 10:07 UTC [cited 2014 Jul 21]. Available from: http://en.wikipedia.org/wiki/Um_interface#Mobile-Terminated_SMS_.28MT-SMS.29.
  32. Wikipedia contributors. ”Um interface - Um security features”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um_interface#Um_security_features.
  33. Wikipedia contributors. ”Um interface - Authentication of subscribers”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Authentication of subscribers.
  34. Wikipedia contributors. ”Um interface - Um encryption”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Um encryption.
  35. Wikipedia contributors. ”Um interface - Anonymization of subscribers”. Wikipedia, The Free Encyclopedia, 2014 Jan 14, 18:26 UTC [cited 2014 Jul 17]. Available from: http://en.wikipedia.org/wiki/Um interface#Anonymization of subscribers.