Understanding the GSM System Architecture

Posted on May 12, 2024 in Computers

3 GSM

3.1 GSM System Architecture

The GSM system is the most widespread second-generation mobile telephony system in the world. It was standardized by ETSI between 1982 and 1992, making it the chosen FDD/FDMA/TDMA access system for analysis in this document. We will consider the IS-95 system as the only second-generation system with FDD/FDMA/CDMA access.

Analyzing this second system is useful for understanding future third-generation systems, as they inherit many characteristics from IS-95, including the FDD/FDMA/CDMA access method.

The GSM system architecture consists of four subsystems, encompassing all elements of the system hierarchy. Each subsystem performs specific functions, collectively offering mobile service to end users. The four subsystems are:

  • The mobile station (MS)
  • The base station subsystem (BSS)
  • The switching subsystem and network (NSS)
  • The operation and maintenance subsystem (OSS)

The mobile station includes all elements used by the service subscriber. The base station subsystem includes elements specifically for radio interconnection with the mobile station. The switching subsystem and network interconnects with other telephone networks and manages subscriber information. Finally, the operation and maintenance subsystem oversees the operation of the other blocks.

3.1.1 The Mobile Station (MS)

The mobile station consists of four elements:

  • The mobile terminal (MT), which is the mobile phone.
  • The SIM card, provided by the operator to the user upon subscribing to their services.
  • The terminal adapter (TA), which adapts the mobile phone for interconnection with data terminal equipment (TE) for data transmission via GSM.

The mobile station subsystem’s primary functions are accessing the GSM network through the radio interface and providing a user interface for voice communication or data communication with a computer terminal.

Mobile Terminal (MT)

For the mobile terminal to operate, it must include a SIM card, the subscriber identity module. Without it, only emergency calls can be made, and other calls cannot be billed. GSM specifications define different mobile terminal types based on maximum emission power, although this classification has become obsolete as the vast majority of mobile phones are now handsets. This interpretation of the specifications was relevant when there were separate mobile phones for vehicles, handsets, etc.

Subscriber Identity Module (SIM)

The SIM card is a smart card containing various types of information: permanent information about the service subscriber, temporary information useful for service operation, and information entered by the subscriber. There are two SIM card sizes: the standard SIM card and the smaller plug-in SIM, measuring 25 mm x 15 mm for smaller phones. Standard-sized SIM cards have become virtually obsolete.

The SIM card is housed in an internal slot of the mobile terminal, where the SIM card reader resides. The mobile terminal draws power freely from the SIM card, allowing the subscriber to change mobile terminals transparently to the operator. The mobile terminal’s characteristics are communicated to the system when it is powered on as part of the initial dialogue with the network.

Among other security information, the SIM card contains two numbers to prevent misuse: the PIN (Personal Identity Number) and PUK (Personal Unblocking Key). Before using the mobile terminal, the user must enter their four-digit PIN, stored on the card. Entering the wrong PIN three times blocks the card, requiring the eight-digit PUK to unlock it.

The Terminal Adapter (TA)

The terminal adapter connects the mobile terminal with data terminal equipment. Nowadays, most mobile phones have the terminal adapter built-in, allowing connection to data terminal equipment via a serial or infrared port. The data terminal equipment must be configured with software to communicate with the terminal adapter, called the driver for interconnection with the mobile phone.

3.1.2 Base Station Subsystem (BSS)

The base station subsystem (BSS) includes infrastructure specific to GSM radio. It consists of base transceiver stations (BTS) connected to a BTS controller station called the BSC.

Within the GSM architecture, the BSS sits between the Um radio interface for interconnection with mobile terminals and the interface for interconnection with the network switch (MSC). The BTS unit handles radio transmission and reception, including antennas. It shapes the signal for radio transmission, recovers the received radio signal, and performs digital signal processing, channel coding, interleaving, etc. It is usually located at the cell’s geographical center, and its maximum emitted power determines the cell’s absolute size. A base station provides between one and twelve transceivers (TRX), each operating on a GSM frequency allocated to the operator.

The BSC manages radio resources by remotely commanding the BTS. Its primary functions are allocating and releasing radio channels and managing call handover between base stations answering to the same BSC. It also handles communication encryption and discontinuous transmission algorithms by detecting activity and silence periods in communications.

A BSC connects to multiple BTSs on one side, controlling their resources, and to a mobile switching center (MSC) on the other side for routing calls to the network. The BSC is the supervising element for communication maintenance. The mobile terminal and BTS regularly inform the BSC of the received signal power during communication. Similarly, the mobile terminal reports the power received from adjacent base stations, allowing the BSC to decide when to execute a call handover based on predetermined criteria.

The transcoder/rate adapter unit (TRAU), not shown in Figure 3.3 as it is integrated into either the BSC or MSC, adapts the mobile terminal’s transmission rate (16 Kbps) to the encrypted voice signal’s transmission rate (64 kbps) for transport by conventional digital telephone switching networks. The TRAU can be located interchangeably in the BTS, BSC, or MSC.

3.1.3 Network and Switching Subsystem (NSS)

The network switching system (NSS) handles switching and routing calls within the GSM system, along with managing databases containing information on all subscribers. The NSS establishes communication between mobile users within an operator’s internal switching network or between GSM users and users of other phone networks, whether fixed or mobile.

Within the NSS, switching functions are performed by switching centers (MSC and GMSC). The MSC is the internal switching element of a GSM network, while the gateway mobile switching center (GMSC) interconnects with other networks. Database management is provided by the home location register (HLR) and visitor location registers (VLR). Other elements of the NSS, shown in Figure 3.5, are discussed below.

The interface with external networks is handled by the GMSC, which provides adaptation functions for interconnection with other networks, such as:

  • PSPDN (Packet-Switched Public Data Networks)
  • CSPDN (Circuit-Switched Public Data Networks)
  • PSTN (Public Switching Telephone Network)
  • ISDN (Integrated Service Digital Network)

The NSS uses Signaling System No. 7 (SS7) as its signaling transport protocol. This protocol is also used for signaling transport by other non-GSM communication networks, simplifying interconnection with them.

When a call is placed from a fixed terminal to a GSM user, it is first addressed to a gateway switch (GMSC) without knowing the subscriber’s location. The GMSC obtains location information and routes the call to the MSC serving the mobile terminal by querying the HLR, which stores information about the mobile terminal. Once the path to the destination MSC is established, the VLR controlling access to the subscriber initiates a search for the mobile among all cells within a location area. Finally, the call is routed to the subscriber station via the BSC and the BTS serving the mobile terminal.

Management of User Data

The home location register (HLR) is the central database containing all information related to a GSM operator’s subscribers. Initially, a single HLR served the entire system, but today, most operators have a large number of subscribers, requiring multiple HLRs strategically distributed across the service area.

The HLR stores two data types: permanent and temporary. Permanent data includes various mobile terminal identifiers and the subscriber’s contracted service profile. Temporary data includes location information, charging records, temporary identifiers, authentication and encryption keys, etc.

The visitor location register (VLR) contains temporary information about mobiles located in a particular geographical area. The VLR information is a subset of the subscriber’s temporary information in the HLR, supplemented by the mobile terminal’s current location.

3.1.4 Operation and Maintenance Subsystem (OSS)

Operation and maintenance activities ensure the GSM system’s proper functioning by resolving problems and failures, monitoring equipment, and improving its configuration for better performance.

Management and maintenance can be performed locally or remotely. For large networks, given the complexity of telecommunications systems, remote management is essential.

  • Equipment operator mediator: These are called operation and maintenance centers (OMC). They include a man-computer interface for controlling equipment and traffic.
  • Control of subscription: This has two facets: subscriber data control and charging. The specifications do not address either in detail.
  • Operation and maintenance: In addition to network functions, this also includes mobile station control.

The network management center (NMC) manages the entire network. It receives information from network computers through the OMCs. As it has information about the entire network, it is the focal point for issues requiring national coordination. It also manages interconnection with other networks and can control regional networks remotely, reducing monitoring and maintenance costs. The NMC’s most important functions are:

  • Provide integrated operation of the entire network, ensuring consistent information.
  • Monitor high-level network alarms.
  • Report the status of all regional networks.
  • Provide network-wide traffic management.
  • Monitor the state of automatic controls applied to network computers in response to overload conditions.
  • Assume regional responsibilities.
  • Assist in network planning.

3.1.5 Interfaces of GSM

Previous sections described the subsystems constituting the GSM architecture. Now we will describe the interconnection interfaces between subsystems and the interfaces connecting the functional elements within each subsystem. The GSM system defines various interfaces within its hierarchical architecture, as shown in Figure 3.7.

The interfaces connecting different elements define the communication protocols and messages exchanged between them. The GSM architecture’s elements and their dialogue aim to manage scarce resources to establish radio communication between mobile subscribers. Some architectural elements create physical connections between communicating ends, while others generate signaling traffic that supports the system.

The most relevant traffic and signaling interfaces are Um, Abis, and A. These interfaces create user connections that reach the MSC switch. Interconnection between the MSC and switches from other telephone networks occurs via a standard interface between switches. The other interfaces (B, C, D, E, F, and G) are solely for signaling, supporting message exchange between functional units of the GSM architecture.

The GSM signaling system could have been designed as a proprietary system for GSM networks, handling signaling between telephone switches connecting the MSC to other networks. However, the ITU-T (International Telecommunications Union) Signaling System No. 7 (SS7) for telephone networks was used as much as possible.

This is achieved by using the mobile application part (MAP) provided in SS7, which defines the message dialogue between different GSM functional entities. To complement SS7 signaling, the GSM system defines specific signaling interfaces A, Abis, and Um, which address specific aspects of radio resource management. The SS7 signaling layers below the application level, responsible for reliable signaling transfer, are common to other telecommunications systems. For example, the SS7 signaling layers involved in a GSM system are summarized below, as shown in Figure 3.8:

  • Message Transfer Part (MTP): Provides reliable signal information transfer and delivery through the signaling network and maintains connections in the presence of faults.
  • Signaling Connection Control Part (SCCP): Enhances MTP service to provide the complete functional equivalent of the OSI network layer. It allows addressing multiple users on a node.
  • Integrated Services Digital Network User Part (ISDN-UP): Provides the signaling functions necessary to establish channels for voice calls and basic ISDN services.
  • Transaction Capabilities Application Part (TCAP): Used in signaling applications for direct database queries and answers.
  • Mobile Application Part (MAP): Defines the signaling messages at the application level of the GSM mobile system.

The SS7 MAP Layer for GSM System

The procedures generating SS7 MAP messages relate to communication establishment, location updates, and call transfers between MSCs:

  • Mobile Origination Call: The phone initiates a call.
  • Mobile Call Termination: The mobile receives a call.
  • Location Update: New VLR
  • Location Update: Same VLR
  • Inter-MSC Handover

Location updates store information about a mobile terminal’s location. An update can be performed on the same visitor location register (VLR) as the previous update or a new one.

3.2 The GSM Radio Interface

The Um interface connects mobile terminals and GSM networks. This radio interface defines the layout of the GSM system’s logical channels operating on the physical channels or radio frequencies used [MOUL92], [REDL95].

The GSM system uses FDD/FDMA/TDMA full-duplex communication. It operates in two bands: the 900 MHz band and the 1800 MHz band, as shown in Figure 3.9. The GSM system operating in the 1800 MHz band is called DCS-1800 and behaves identically to GSM-900. The bandwidth occupied by GSM-900 is 50 MHz: 25 MHz for the upstream channel from the mobile terminal to the base station and 25 MHz for the downstream channel in the opposite direction. For DCS-1800, the bandwidth is 150 MHz, with 75 MHz in each direction.

The 25 MHz bandwidth of GSM-900 for each communication direction is divided into 124 channels of 200 kHz bandwidth each. The two channels at the edges are not used because each of the 124 channels effectively occupies 270 kHz due to the modulation used, leading to aliasing. The aliasing caused by the edge channels would occur outside the allocated band.

3.2.1 Logical Channels in GSM

Radio channels allocated to each base station are divided between traffic channels and control channels. Traffic channels carry user communications, while control channels manage the GSM system’s operation.

As mentioned previously, the GSM system is a frequency-division duplex system, so a traffic channel in the downlink has a symmetrical counterpart in the uplink for the other communication direction. Downlink control channels convey information to all mobile terminals and are sometimes called common control channels. The uplink is used by mobile terminals to access the network. Downlink control channels are FCCH, SCH, BCCH, and PAGCH. The uplink control channel is RACH.

Control of Logical Channels

The frequency correction channel (FCCH) transmits an unmodulated carrier signal. Mobile terminals use it for frequency synchronization during reception.

The synchronization channel (SCH) transmits frame counters at different levels, allowing the mobile terminal to determine the timing of BCCH and PAGCH information transmission. The mobile terminal uses it for frame synchronization during reception, enabling it to recognize the information type transmitted in each time slot. It also transmits the base station identity code (BSIC) to identify the base station and distinguish it from other base stations transmitting control channels on the same frequency. It also identifies the equalization sequence used by the mobile terminal during reception.

The broadcast control channel (BCCH) broadcasts information to all mobiles, including cell identification, location area identification, cell reselection parameters, neighboring cell identification, etc.

The paging and access granted channel (PAGCH) combines two control channels. The paging channel sends messages to mobiles being searched for by the network to determine their exact cell location. The access granted channel responds to an access request previously made by a mobile terminal through the RACH, indicating the signaling channel assigned to the mobile terminal for further dialogue with the network.

The random access channel (RACH) is the common access channel for mobile terminals to request a dedicated channel for their exclusive use. Control logical channels always occupy time slot 0 of one of the frequencies assigned to the base station, called the base station’s guide frequency. The layout of control logical channels over slot 0 varies between different configurations. One possible arrangement is shown in Figure 3.12.

Traffic Logical Channels

Traffic channels transmit user information and signaling. These are: TCH/F, TCH/H, SACCH, FACCH, and SDCCH. Unlike control channels, they can occupy any time slot and are bidirectional, serving the same purpose in both communication directions.

The full-rate traffic channel (TCH/F) transmits user information and occupies one time slot per frame. The achievable data transmission speeds in this channel depend on the encoding used:

  • 9.6 Kbps
  • 4.8 Kbps
  • Less than or equal to 2.4 Kbps

The half-rate traffic channel (TCH/H) transmits user information at half the speed of TCH/F, occupying one time slot every two frames. The achievable data transmission speeds in this channel are:

  • 4.8 kbps
  • Less than or equal to 2.4 kbps

The slow associated control channel (SACCH) is associated with the slow traffic channel (both TCH/F and TCH/H). It transmits signaling information related to the communication. Its bursts are interspersed with the traffic channel frames to which they are associated.

The fast associated control channel (FACCH) is associated with the fast traffic channel (both TCH/F and TCH/H). It transmits signaling information requiring immediate transmission, such as handover management information, which cannot wait for the corresponding SACCH. To convey this information, traffic information is removed, and the signal pattern is used for transmitting the signaling information.

The stand-alone dedicated control channel (SDCCH) transmits information for:

  • Mobile on/off
  • Call establishment
  • Sending/receiving short messages
  • Location updates, etc.

3.2.2 GSM Burst Formats

The burst is the transmission unit in GSM communication. A burst is transmitted within the time allocated for a time slot. Various burst types are defined based on their duration, such as the normal burst and the access burst. The bits comprising a burst consist of several fields: useful information bits, a training sequence, and tail bits (all zeros) added at the beginning and end to prevent efficiency loss in demodulating the useful bits at the edges.

The training sequence is a known bit sequence for both sender and receiver. GSM defines eight training sequences. The signal resulting from transmitting this sequence allows the receiver to estimate the transmission channel and perform channel equalization.

The defined burst formats are:

  • Access burst: Used in the uplink during the early stages of communication when the propagation delay between sender and receiver is unknown. It is a short burst used in the RACH channel.
  • Bursts S and F: Used in the FCCH and SCH channels, respectively, for synchronizing the mobile with the listening base station.
  • Normal burst: A long burst used in other cases.

Normal Burst

The normal burst contains two 58-bit information packets, one on each side of the 26-bit training sequence. Three tail bits are added at each end of the burst.

The training sequence is inserted in the burst’s center to minimize the distance between it and the farthest information bits. The only drawback of this placement is the need to store the first data piece from the burst at the receiver for further equalization.

GSM defines eight different training sequences to distinguish the communication signal from interfering signals. These sequences are designed to minimize correlation between them.

Access Burst

As mentioned previously, the access burst is the only short burst defined in GSM. It contains a 41-bit training sequence, 36 information bits, and 7 and 3 tail bits placed at the beginning and end, respectively. The training sequence is longer than in the normal burst to increase the probability of correct demodulation. Only one training sequence is defined due to the low probability of interference.

Burst S

This burst is used in the downlink for the SCH channel and contains a training sequence of 64 bits, two blocks of 39 bits of information and two tail blocks of 3 bits each at the beginning and end of the burst.

Burst F

It is the simplest of them all, and which consists of 148 bits, all zeros. The 148-bit along with the modulation used in GSM burst convert F on the issue of a pure sinusoidal signal. This allows mobile terminals to easily tune the frequency guide used by each base station that is surrounded.

3.2.3 Channel coding and interlaced in GSM

The application of channel coding is a big improvement for digital communications compared with analog communications. The introduction of redundancy in issuing permits to retrieve channel decoder in reception of information transmitted through the correction of some errors that have occurred during transmission.

The corrective capacity of the decoder depends on the amount of redundancy introduced by the encoder in origin, as well as the complexity of encoding used. This directly affects the difficulty of implementing the corresponding decoder. For the operation of encoding / decoding channel is optimal it is necessary for any errors that have entered the channel are random. For this to happen, the channel should not have memory. This is not true in mobile communications because of the blackouts that affect the signal. The errors occur in bursts, so this is a channel with memory. The element of interlacing / deinterlacing, through its various forms, block, convolutional, etc.., Seeks to eliminate channel memory, so that consecutive source symbols are subject to different attenuation. Interlacing seeks to destroy the error bursts so that the channel decoder function properly. The interlocking mechanism performs a reordering of information to transmit, if the channel introduces a burst of errors, when the receiver performs the reverse sort, separate and errors and manages to turn a flurry of errors in the same number of randomly distributed errors. Interlacing adds a delay that must be narrowed in order to ensure the quality of real-time communications.

Interleaving schemes and channel coding in GSM are different for each of the modes of transmission. See Table 3.1. Table 3.1 listed the modes of transmission for common control channels and data transmission services at different speeds. For data transmission services include the data transmission speed: 9.6, 4.8 and 2.4 Kbps in conjunction with the transfer rate by adding the overhead of the protocol RLP (Radio Link Protocol): 11.2, 6 and 3.6 Kbps data blocks to the input of convolutional encoder, adding previously corresponding parity bits or stuffing, if any, and applying strong encryption subsequently lead to the output data blocks. Finally these data blocks are interlaced output as dictated in Table 3.1.

The transmission of encoded voice signal is not included in Table 3.1 because the channel coding and interlaced is somewhat special. The GSM speech coder operates at a rate of 13 kbps. Each yields a 20 ms voice segment of 260-bit encrypted. These 260 bits are divided into three groups: 50 bits Ia, Ib and II of 132 bits of 78 bits, protection of each of these three groups is different, according to:

x Group Ia: 50 bits + 3 + 4 bits parity bit stuffing + ½ = 114 bits convolution

x Group Ib: 132 bits + ½ = 264 bits convolution

x Group II: 78 bits without protection

A total of 456 bits to transmit in 4 slots, ie, 114 bits per slot, which corresponds to the two fields of information of 57 bits of a normal burst for transmission over a channel TCH / F. In practice, due to interlacing, the issue is not done in 4 slots. The intertwining of the voice signal is encoded on 8 groups of 57 bits to 456 bits complete the following:

0 8 … … … … …. Broadcast in bits 448 pairs of slot N

1 9 … … … … …. Broadcast in bits 449 pairs of slot N +1

2 10 … … … … …. Broadcast in bits 450 pairs of slot N +2

3 11 … … … … …. Broadcast in bits 451 pairs of slot N +3

4 12 … … … … …. Emission in the 452 odd bits of slot N +4

5 13 … … … … …. 453 odd bits issue in the slot n +5

6 14 … … … … …. Emission in the 454 odd bits of slot N +6

7 15 … … … … …. Emission in the 455 odd bits of slot N +7

So that each slot corresponding to 2 bits transmitted voice packets and the transmission of a block of voice is performed in 8 consecutive slots. It is a combination of interlacing and block diagonal.