Download 2g notes with GSm global system for mobile communication and more Lecture notes Computer Vision in PDF only on Docsity!
Notes on GSM
Network Overview From a customer perpective, there are really only 2 parts to the GSM network, a cell phone and the "other end". The GSM standard defines much more than that. The high level description of the network is as follows, starting from your end.
- Mobile Station - Your phone. It's a wireless telephone and a data terminal which can send and recieve messages from the network.
- Base Transceiver Station (BTS) - the stuff that interfaces directly with your phone. This consists of fixed location transmitters and recievers for the cell which it is in charge of. Different radio types are used for different things, such as subscriber-to-network and network-to-subscriber, different data types, and signaling. This is "the tower" in your backyard.
- Base Station Controller (BSC) - handles 1 or more BTS. Gateways to the network.
- Mobile Switching Centers (MSC) connect the GSM network to the public switched telephone networks. Also provide a way to access the databases for who's where and who can do what.
- Home Locator Register (HLR) and Authentication Center (AUC) - the databases. These things have stuff for users on the network, guests/visitors on the network, subscriber information - particularly profile.
Permananent user info is in the KLR, and the VLR stores temporary info about a mobile phone.
- PSTN/ISDN - The switched network backbones. Signals and RF Stuff Overview GSM uses Frequency Division Multiplexing AND Time Division Multiplexing. FDMA divides the frequency ranges for GSM, which are 890 - 915, 935-960 and some others that the book didn't have. Each is divided into 200kHz wide channels. As far as TDMA goes, each time slot is 577 micro seconds long, 8 time slices is a frame, lasting for a grand total of 4.615ms. A multiframe consists of 51 frames, 51 multiframes make up a Superframe, and 2048 Superframes make a Hyperframe which is 2715648 frames.
normal burst - carries speech or data information. lasts approximately 0.577 ms and has a length of 156. bits frequency correction burst - same length as the normal burst but a different structure Each type has a different packet structure, and is visible here:
The Network Subsystem The main component here is the MSC. The MSC contains the Home Locator Register (HLR), Visitor Locator Register (VLR), and Authentication Center (AUC). These are the most interesting non-RF related parts of the system back end. HLR The HLR contains a lot of interesting information. The HLR is responsible for subscription details, and supplementary services. It also maintains information on the last know location and status of a particular phone. Since a user can use any phone with his or her SIM card, there's a protocol necessary to manage accessing the network. Information contained on the SIM card is transmitted to the HLR to verify the identity of the subscriber. Location and status are continually updated in the HLR based on the base station reports and cell phone status. Any messages to be sent to the subscriber are queued in the HLR. All call setup queries ask the HLR for information before doing anything else. VLR Like the HLR, the VLR keeps track of users but only within the area thet the VLR is assigned. The VLR communicates with the HLR to figure out where to route calls, and to keep track of peple as they move around.
is used during subscriber verification). The encryption key is supplied during authentication, using some key agreement scheme and each packet is also encrypted using a changing IV of some variety, which appears to be a packet number. I do not think either of these algorithms are officially public (LINKS?). Encryption and Security There are 3 main algorithms used in GSM. Each of these algorithms is a trade secret and only released to people who the GSM committee determines has a need-to-know. Name Use Basics A3 Authentication None A Encryption/Decryption Algorithm for packet encryption 3 Sparsely loopedback LFSRs in the original version, lots of variants A8 Cipher Key Generator Basically a one way function A5 is a stream algorithm and is reset for each packet with the orignal key plus some key frame number. Ross Anderson in [1] suggests that A5/1 has about an equivalent key strength of about 40 bits. Code- typedef struct { unsigned long rl,r2,r3; }
a5 ctx; static int threshold(rl, r2, r3) unsigned int rl; unsigned int r2. unsigned int r { int total; total = (((r1 >> 9) & 0x1) == 1) + (((r2 >> 11) & 0x1) == 1) + (((r3 >> 11) & 0x1) == 1); if (total > 1) return (0); else return (1): } unsigned long clock_r1(ctl, r1) int ctl unsigned lonq r1: { unsigned long feedback; ctl ^= ((rl >> 9) & Oxl); if (ctl) { feedback = (r1 >> 18) ^ (r1 >> 17) ^ (r1 >> 16 ) ^ (r1 >> 13); r1 = (r1 << 1) & Ox7ffff; if (feedback & 0x01) r1 ^= 0x01: } return (r1); }
int keystream(key, frame, alice, bob) unsigned char key; / 64 bit session key / unsigned long frame; / 22 bit frame sequence number */ unsigned char alice; / 114 bit Alice to Bob key stream */ unsigned char bob; / 114 bit Bob to Alice key stream / { unsigned long rl; / 19 bit shift register / unsigned long r2; / 22 bit shift register / unsigned long r3; / 23 bit shift register / int i; / counter for loops / int clock_ctl; / xored with clock enable on each shift register unsigned char ptr; / current position in keystream / unsigned char byte; / byte of keystream being assembled / unsigned int bits; / number of bits of keystream in byte / unsigned int bit; / bit output from keystream generator / / Initialise shift registers from session key */
r1 = (key[0] I (key[1] << 8) 1 (key[2] << 16) ) & 0x7ffff; r2 = ((key[2] >> 3) 1 (key[3] << 5) 1 (key[4] << 13) 1 (key[5] << 21)) & 0x3fffff; r3 = ((key[5] >> 1) 1 (key[6] << 7) 1 (key[7] << 15) ) & 0x7fffff; /* Merge frame sequence number into shift register state, by xor'ing it
- into the feedback path / for (i=0;i<22;i++) { clock_ctl = threshold(r1, r2, r2); r1 = clock r1(clock_ctl, r1); r2 = clock_r2(clock_ctl, r2); r3 = clock_r3(clock_ctl, r3); if (frame & 1) { r1 ^= 1; r2 ^= 1; r3 ^= 1; frame = frame >> 1; } / Run shift registers for 100 clock ticks to allow frame number to
- be diffused into all the bits of the shift registers */ for (i=0;i<100;i++)
/* Run shift registers for another 100 bits to hide relationship between
- Alice->Bob key stream and Bob->Alice key stream. for (i=0;i<100;i++) { clock_ctl = threshold(r1, r2, r2); r1 = clock_r1(clock_ctl, r1); r2 = clock r2(clock_ctl, r2); r3 = clock r3(clock ctl, r3); } /* Produce 114 bits of Bob->Alice key stream ptr = bob; bits = 0: byte = 0; for (i=U;i<114;i++) { clock_ctl = threshold(r1, r2, r2); r1 = clock r1(clock_ctl, r1); r2 = clock_r2(clock ctl, r2); r3 = clock_r3(clock ctl, r3); bit = ((r1 >> 18) ^ (r2 >> 21) ^ (r
22)) & 0x01; byte = (byte << 1) | bit; bits++; if (bits == 8) { *ptr = byte; ptr++ bits = 0;
byte = 0; } } if (bits) *ptr = byte; return (0); } void a5_key(a5_ctx *c, char k)( c->rl = k[0]<<11|k[1]<<3 | k[2]>>5 ; / 19 / c->r2 = k[2]<<17|k[3]<<9 | k[4]<<1 I k[5]>>7; / 22 / c->r3 = k[5]<<15|k[6]<<8 | k[7] ; / 23 / } / Step one bit in A5, return 0 or 1 as output bit. */ int a5_step(a5 ctx *c){ int control; control = threshold(c->r1,c-
r2,c->r3); c->r1 = clock_r1(control,c- r1); c->r2 = clock_r2(control,c- r2); c->r3 = clock_r3(control,c- r3); return( (c->r1^c >r2^c->r3)&1); } /* Encrypts a buffer of len bytes. */ void a5_encrypt(a5_ctx *c, char *data,
Unique User Identification Each mobile radio has a couple security features to keept it from being stolen. Each phone is built with a International Mobile Equipment Identity (IMEI), and this is done in the factory beofore the phone is even activated. Each time the mobile radio is used, the network checks the IMEI against some list of authorized and banned numbers to verify that the phone is allowed to be on the network. Code division multiple access (CDMA) It is a channel access method utilized by various radio communication technologies. It should not be confused with the mobile phone standards called cdma One and CDMA2000 (which are often referred to as simply "CDMA"), this uses CDMA as an underlying channel access method. One of the basic concepts in data communication is the idea of allowing several transmitters to send information simultaneously over a single communication channel. This allows several users to share a bandwidth of frequencies. This concept is called multiplexing. CDMA employs spread-spectrum technology and a special coding scheme (where each transmitter is assigned a code) to allow multiple users to be multiplexed over the same physical channel. By contrast, time division multiple access (TDMA) divides access by time, while frequency-division multiple access (FDMA) divides it by frequency. CDMA is a form of "spread-spectrum" signaling, since the modulated
coded signal has a much higher data bandwidth than the data being communicated. An analogy to the problem of multiple access is a room (channel) in which people wish to communicate with each other. To avoid confusion, people could take turns speaking (time division), speak at different pitches (frequency division), or speak in different languages (code division). CDMA is analogous to the last example where people speaking the same language can understand each other, but not other people. Similarly, in radio CDMA, each group of users is given a shared code. Many codes occupy the same channel, but only users associated with a particular code can understand each other. Uses One of the early applications for code division multiplexing—predating, and distinct from cdmaOne—is in GPS. The Qualcomm standard IS- 95 , marketed as cdmaOne. The Qualcomm standard IS- 2000 , known as CDMA2000. This standard is used by several mobile phone companies, including the Globalstar satellite phone network. CDMA has been used in the OmniTRACS satellite system for transportation logistics.
performance will occur when there is good separation between the signal of a desired user and the signals of other users. The separation of the signals is made by correlating the received signal with the locally generated code of the desired user. If the signal matches the desired user's code then the correlation function will be high and the system can extract that signal. If the desired user's code has nothing in common with the signal the correlation should be as close to zero as possible (thus eliminating the signal); this is referred to as cross correlation. If the code is correlated with the signal at any time offset other than zero, the correlation should be as close to zero as possible. This is referred to as auto-correlation and is used to reject multi-path interference. In general, CDMA belongs to two basic categories: synchronous (orthogonal codes) and asynchronous (pseudorandom codes). Code Division Multiplexing (Synchronous CDMA) Synchronous CDMA exploits mathematical properties of orthogonality between vectors representing the data strings. For example, binary string "1011" is represented by the vector (1, 0, 1, 1). Vectors can be multiplied by taking their dot product, by summing the products of their respective components. If the dot product is zero, the two vectors are said to be orthogonal to each other. (Note: If u=(a,b) and v=(c,d), the dot product u.v = ac + bd) Some properties of the dot product help to understand how W-CDMA works. If vectors a and b are orthogonal, then
Each user in synchronous CDMA uses an orthogonal codes to modulate their signal. An example of four mutually orthogonal digital signals is shown in the figure. Orthogonal codes have a cross-correlation equal to zero; in other words, they do not interfere with each other. In the case of IS-95 64 bit Walsh codes are used to encode the signal to separate different users. Since each of the 64 Walsh codes are orthogonal to one another, the signals are channelized into 64 orthogonal signals. The following example demonstrates how each users signal can be encoded and decoded. Example Start with a set of vectors that are mutually orthogonal. (Although mutual orthogonality is the only condition, these vectors are usually constructed for ease of decoding, for example columns or rows from Walsh matrices.) An example of orthogonal functions is shown in the picture on the left. These vectors will be assigned to individual users and are called the "code", "chipping code" or "chip code". In the interest of brevity, the rest of this example uses codes (v) with only 2 digits.
