Wednesday, July 31, 2013

Cellular Communication System

MSC (Mobile Switching Control):

          A Mobile Switching Center (MSC) is a telecommunications switch deployed in mobile communications networks, to provide call control, processing and access to the Public Switched Telephone (fixed) Network. The MSC sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call and takes care of charging and real time pre-paid account monitoring.

          In the GSM mobile phone system, in contrast with earlier analogue services, fax and data information is sent directly digitally encoded to the MSC.
There are various different names for MSCs in different contexts which reflect their complex role in the network.

          The Gateway MSC (G-MSC) is the MSC that determines which visited MSC the subscriber who is being called is currently located at. It also interfaces with the PSTN. All mobile to mobile calls and PSTN to mobile calls are routed through a G-MSC.

          The visited MSC (V-MSC) is the MSC where a customer is currently located. The VLR associated with this MSC will have the subscriber's data in it.

          The anchor MSC is the MSC from which a handover has been initiated. The target MSC is the MSC toward which a Handover should take place.

BTS (Base Transceiver Station):

          The base transceiver station or BTS, contains the equipment for transmitting and receiving radio signals (transceivers), antennas, and equipment for encrypting and decrypting communications with the base station controller (BSC). Typically a BTS for anything other than a picocell will have several transceivers (TRXs) which allow it to serve several different frequencies and different sectors of the cell (in the case of sectorised base stations).

          A BTS is controlled by a parent BSC via the "base station control function" (BCF). The functions of a BTS vary depending on the cellular technology used and the cellular telephone provider. Frequency hopping is often used to increase overall BTS performance. Several hopping sequences are available, and the sequence in use for a particular cell is continually broadcast by that cell so that it is known to the handsets.

BSC (Base Station Controller):

          Typically a BSC has tens or even hundreds of BTSs under its control. The BSC handles allocation of radio channels, receives measurements from the mobile phones, and controls handovers from BTS to BTS. A key function of the BSC is to act as a concentrator where many different low capacity connections to BTSs (with relatively low utilization) become reduced to a smaller number of connections towards the mobile switching center (MSC) (with a high level of utilization). Overall, this means that networks are often structured to have many BSCs distributed into regions near their BTSs which are then connected to large centralized MSC sites.

          It also provides all the required data to the operation support subsystem (OSS) as well as to the performance measuring centers.

          The databases for all the sites, including information such as carrier frequencies, frequency hopping lists, power reduction levels, receiving levels for cell border calculation, are stored in the BSC. This data is obtained directly from radio planning engineering which involves modeling of the signal propagation as well as traffic projections.

Home location register (HLR):

          The home location register (HLR) is a central database that contains details of each mobile phone subscriber that is authorized to use the GSM core network. There can be several logical, and physical, HLRs per public land mobile network (PLMN), though one international mobile subscriber identity (IMSI)/MSISDN pair can be associated with only one logical HLR (which can span several physical nodes) at a time.

      The HLRs store details of every SIM card issued by the mobile phone operator. Each SIM has a unique identifier called an IMSI which is the primary key to each HLR record.

          The next important items of data associated with the SIM are the MSISDNs, which are the telephone numbers used by mobile phones to make and receive calls. The primary MSISDN (Mobile Subscriber Integrated Services Digital Network Number) is the number used for making and receiving voice calls and SMS, but it is possible for a SIM to have other secondary MSISDNs associated with it for fax and data calls. Each MSISDN is also a primary key to the HLR record. The HLR data is stored for as long as a subscriber remains with the mobile phone operator.

Visitor location register (VLR):

         The visitor location register is a database of the subscribers who have roamed into the jurisdiction of the MSC (Mobile Switching Center) which it serves. Each base station in the network is served by exactly one VLR, hence a subscriber cannot be present in more than one VLR at a time.

     The data stored in the VLR has either been received from the HLR, or collected from the MS (Mobile station). In practice, for performance reasons, most vendors integrate the VLR directly to the V-MSC and, where this is not done, the VLR is very tightly linked with the MSC via a proprietary interface. Whenever an MSC detects a new MS in its network, in addition to creating a new record in the VLR, it also updates the HLR of the mobile subscriber, apprising it of the new location of that MS. If VLR data is corrupted it can lead to serious issues with text messaging and call services.
Data stored include:
  • IMSI (the subscriber's identity number).
  • Authentication data.
  • MSISDN (the subscriber's phone number).
  • GSM services that the subscriber is allowed to access.
  • access point (GPRS) subscribed.
  • The HLR address of the subscriber.

Other GSM core network elements connected to the VLR :

The VLR connects to the following elements:
  • The V-MSC to pass required data for its procedures; e.g., authentication or call setup.
  • The HLR to request data for mobile phones attached to its serving area.
  • Other VLRs to transfer temporary data concerning the mobile when they roam into new VLR areas. For example, the temporal mobile subscriber identity (TMSI).

Equipment identity register (EIR):

       The equipment identity register is often integrated to the HLR. The EIR keeps a list of mobile phones (identified by their IMEI) which are to be banned from the network or monitored. This is designed to allow tracking of stolen mobile phones. In theory all data about all stolen mobile phones should be distributed to all EIRs in the world through a Central EIR. It is clear, however, that there are some countries where this is not in operation. The EIR data does not have to change in real time, which means that this function can be less distributed than the function of the HLR. The EIR is a database that contains information about the identity of the mobile equipment that prevents calls from stolen, unauthorized or defective mobile stations. Some EIR also have the capability to log Handset attempts and store it in a log file.

Authentication centre (AUC):

       The authentication centre (AUC) is a function to authenticate each SIM card that attempts to connect to the GSM core network (typically when the phone is powered on). Once the authentication is successful, the HLR is allowed to manage the SIM and services described above. An encryption key is also generated that is subsequently used to encrypt all wireless communications (voice, SMS, etc.) between the mobile phone and the GSM core network.

      If the authentication fails, then no services are possible from that particular combination of SIM card and mobile phone operator attempted. There is an additional form of identification check performed on the serial number of the mobile phone described in the EIR section below, but this is not relevant to the AUC processing.

      Proper implementation of security in and around the AUC is a key part of an operator's strategy to avoid SIM cloning.


          The AUC does not engage directly in the authentication process, but instead generates data known as triplets for the MSC to use during the procedure. The security of the process depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely burned into the SIM during manufacture and is also securely replicated onto the AUC. This Ki is never transmitted between the AUC and SIM, but is combined with the IMSI to produce a challenge/response for identification purposes and an encryption key called Kc for use in over the air communications.

No comments:

Post a Comment