What is GSM?

•If you are in Europe, Asia or Japan and using a mobile phone then most
probably you must be using GSM technology in your mobile phone.
•GSM stands for Global System for Mobile Communication and is an open,
digital cellular technology used for transmitting mobile voice and data
services.
•The GSM emerged from the idea of cell-based mobile radio systems at Bell
Laboratories in the early 1970s.
•The GSM is the name of a standardization group established in 1982 to
create a common European mobile telephone standard.
•The GSM standard is the most widely accepted standard and is implemented
globally.
•The GSM is a circuit-switched system that divides each 200kHz channel into
eight 25kHz time-slots. GSM operates in the 900MHz and 1.8GHz bands in
Europe and the 1.9GHz and 850MHz bands in the US.
•The GSM makes use of narrowband Time Division Multiple Access (TDMA)
technique for transmitting signals.
•The GSM was developed using digital technology. It has an ability to carry
64 kbps to 120 Mbps of data rates.
•The GSM provides basic to advanced voice and data services including
Roaming service. Roaming is the ability to use your GSM phone number in
another GSM network.
 GSM - Architecture

                                                                                                                              
 The Mobile Station

The MS consists of the physical equipment, such as the radio

transceiver, display and digital signal processors, and the SIM card. It
provides the air interface to the user in GSM networks. As such, other
services are also provided, which include:
•Voice teleservices
•Data bearer services
•The features' supplementary services
The Base Station Subsystem (BSS)
The BSS is composed of two parts:
•The Base Transceiver Station (BTS)
•The Base Station Controller (BSC)

The Base Transceiver Station (BTS):

The BTS houses the radio transceivers that define a cell and handles the radio link
protocols with the MS. In a large urban area, a large number of BTSs may be
deployed.
The BTS corresponds to the transceivers and antennas used in each cell of the
network. A BTS is usually placed in the center of a cell. Its transmitting power
defines the size of a cell. Each BTS has between 1 and 16 transceivers, depending on
the density of users in the cell. Each BTS serves a single cell. It also includes the
following functions:
•Encoding, encrypting, multiplexing, modulating, and feeding the RF signals to the
antenna.
•Transcoding and rate adaptation
•Time and frequency synchronizing
•Voice through full- or half-rate services
•Decoding, decrypting, and equalizing received signals
•Random access detection
•Timing advances
•Uplink channel measurements
The Base Station Controller (BSC):
The BSC manages the radio resources for one or more BTSs. It handles radio
channel setup, frequency hopping, and handovers. The BSC is the connection
between the mobile and the MSC. The BSC also translates the 13 Kbps voice
channel used over the radio link to the standard 64 Kbps channel used by the
Public Switched Telephone Network (PSDN) or ISDN.
It assigns and releases frequencies and time slots for the MS. The BSC also
handles intercell handover. It controls the power transmission of the BSS and
MS in its area. The function of the BSC is to allocate the necessary time slots
between the BTS and the MSC. It is a switching device that handles the radio
resources. Additional functions include:
•Control of frequency hopping
•Performing traffic concentration to reduce the number of lines from the MSC
•Providing an interface to the Operations and Maintenance Center for the
BSS
•Reallocation of frequencies among BTSs
•Time and frequency synchronization
•Power management
•Time-delay measurements of received signals from the MS
The Network Switching Subsystem (NSS)
The Network switching system (NSS), the main part of which is the Mobile
Switching Center (MSC), performs the switching of calls between the mobile
and other fixed or mobile network users, as well as the management of
mobile services such as authentication.

                                                                                                             
Home Location Register (HLR)
The HLR is a database used for storage and management of subscriptions. The
HLR is considered the most important database, as it stores permanent data
about subscribers, including a subscriber's service profile, location information,
and activity status. When an individual buys a subscription in the form of SIM
then all the information about this subscription is registered in the HLR of that
operator.
Mobile Services Switching Center (MSC)
The central component of the Network Subsystem is the MSC. The MSC performs
the switching of calls between the mobile and other fixed or mobile network
users, as well as the management of mobile services such as such as
registration, authentication, location updating, handovers, and call routing to a
roaming subscriber. It also performs such functions as toll ticketing, network
interfacing, common channel signaling, and others. Every MSC is identified by a
unique ID.

Visitor Location Register (VLR)

The VLR is a database that contains temporary information about subscribers that is
needed by the MSC in order to service visiting subscribers. The VLR is always
integrated with the MSC. When a mobile station roams into a new MSC area, the VLR
connected to that MSC will request data about the mobile station from the HLR. Later,
if the mobile station makes a call, the VLR will have the information needed for call
setup without having to interrogate the HLR each time.
Authentication Center (AUC)
The Authentication Center is a protected database that stores a copy of the
secret key stored in each subscriber's SIM card, which is used for
authentication and ciphering of the radio channel. The AUC protects network
operators from different types of fraud found in today's cellular world.

Equipment Identity Register (EIR)

The Equipment Identity Register (EIR) is a database that contains a list of all
valid mobile equipment on the network, where its International Mobile
Equipment Identity (IMEI) identifies each MS. An IMEI is marked as invalid if it
has been reported stolen or is not type approved.
 The Operation Support Subsystem(OSS)
The operations and maintenance center (OMC) is connected to all equipment in the
switching system and to the BSC. The implementation of OMC is called the operation
and support system (OSS).
Here are some of the OMC functions:
•Administration and commercial operation (subscription, end terminals, charging and
statistics).
•Security Management.
•Network configuration, Operation and Performance Management.
•Maintenance Tasks.
The operation and Maintenance functions are based on the concepts of the
Telecommunication Management Network (TMN) which is standardized in the ITU-T
series M.30.

The OSS is the functional entity from which the network operator monitors and
controls the system. The purpose of OSS is to offer the customer cost-effective support
for centralized, regional, and local operational and maintenance activities that are
required for a GSM network. An important function of OSS is to provide a network
overview and support the maintenance activities of different operation and
maintenance organizations.
 GSM - Operations

Call from Mobile Phone to PSTN:

When a mobile subscriber makes a call to a PSTN telephone subscriber, the following
sequence of events takes place:
1.The MSC/VLR receives the message of a call request.
2.The MSC/VLR checks if the mobile station is authorized to access the network. If so,
the mobile station is activated. If the mobile station is not authorized, service will be
denied.
3.MSC/VLR analyzes the number and initiates a call setup with the PSTN.
4.MSC/VLR asks the corresponding BSC to allocate a traffic channel (a radio channel
and a time slot).
5.The BSC allocates the traffic channel and passes the information to the mobile
station.
6.The called party answers the call and the conversation takes place.
7.The mobile station keeps on taking measurements of the radio channels in the
present cell and neighboring cells and passes the information to the BSC. The BSC
decides if handover is required, if so, a new traffic channel is allocated to the mobile
station and the handover is performed. If handover is not required, the mobile station
continues to transmit in the same frequency.
Call from PSTN to Mobile Phone:
When a PSTN subscriber calls a mobile station, the sequence of events is as
follows:
1.The Gateway MSC receives the call and queries the HLR for the
information needed to route the call to the serving MSC/VLR.
2.The GMSC routes the call to the MSC/VLR.
3.The MSC checks the VLR for the location area of the MS.
4.The MSC contacts the MS via the BSC through a broadcast message, that
is, through a paging request.
5.The MS responds to the page request.
6.The BSC allocates a traffic channel and sends a message to the MS to
tune to the channel. The MS generates a ringing signal and, after the
subscriber answers, the speech connection is established.
7.Handover, if required, takes place, as discussed in the earlier case.
GSM - Security and Encryption

• The security methods standardized for the GSM System make it

the most secure cellular telecommunications standard currently
available. Although the confidentiality of a call and anonymity of
the GSM subscriber is only guaranteed on the radio channel, this
is a major step in achieving end-to- end security.

• The subscriber's anonymity is ensured through the use of

temporary identification numbers. The confidentiality of the
communication itself on the radio link is performed by the
application of encryption algorithms and frequency hopping which
could only be realized using digital systems and signaling.

• This chapter gives an outline of the security measures

implemented for GSM subscribers.
 Mobile Station Authentication:

• The GSM network authenticates the identity of the subscriber

through the use of a challenge-response mechanism. A 128-bit
random number (RAND) is sent to the MS. The MS computes the 32-
bit signed response (SRES) based on the encryption of the random
number (RAND) with the authentication algorithm (A3) using the
individual subscriber authentication key (Ki). Upon receiving the
signed response (SRES) from the subscriber, the GSM network
repeats the calculation to verify the identity of the subscriber.
• Note that the individual subscriber authentication key (Ki) is never
transmitted over the radio channel. It is present in the subscriber's
SIM, as well as the AUC, HLR, and VLR databases as previously
described. If the received SRES agrees with the calculated value, the
MS has been successfully authenticated and may continue. If the
values do not match, the connection is terminated and an
authentication failure indicated to the MS.
• The calculation of the signed response is processed within the SIM.
This provides enhanced security, because the confidential subscriber
information such as the IMSI or the individual subscriber
authentication key (Ki) is never released from the SIM during the
authentication process.
 Signaling and Data Confidentiality:

• The SIM contains the ciphering key generating algorithm (A8) which is
used to produce the 64-bit ciphering key (Kc). The ciphering key is
computed by applying the same random number (RAND) used in the
authentication process to the ciphering key generating algorithm (A8)
with the individual subscriber authentication key (Ki). As will be shown
in later sections, the ciphering key (Kc) is used to encrypt and decrypt
the data between the MS and BS.
• An additional level of security is provided by having the means to
change the ciphering key, making the system more resistant to
eavesdropping. The ciphering key may be changed at regular intervals
as required by network design and security considerations. In a
similar manner to the authentication process, the computation of the
ciphering key (Kc) takes place internally within the SIM. Therefore
sensitive information such as the individual subscriber authentication
key (Ki) is never revealed by the SIM.
• Encrypted voice and data communications between the MS and the
network is accomplished through use of the ciphering algorithm A5.
Encrypted communication is initiated by a ciphering mode request
command from the GSM network. Upon receipt of this command, the
mobile station begins encryption and decryption of data using the
ciphering algorithm (A5) and the ciphering key (Kc).
Subscriber Identity Confidentiality:

• To ensure subscriber identity confidentiality, the Temporary

Mobile Subscriber Identity (TMSI) is used. The TMSI is sent
to the mobile station after the authentication and
encryption procedures have taken place. The mobile station
responds by confirming reception of the TMSI. The TMSI is
valid in the location area in which it was issued. For
communications outside the location area, the Location
Area Identification (LAI) is necessary in addition to the
TMSI.