Course Overview
|
|
|
Introduction |
|
Data in Wireless Cellular Systems |
|
Data in Wireless Local Area Networks |
|
Internet Protocols |
|
TCP over Wireless Link |
|
Ad-Hoc Networks, Sensor Networks |
|
Services and Service Discovery |
|
System Support for Mobile Applications |
Regulatory Issues
|
|
|
Wireless Spectrum scarce, shared among
many different users with distinct needs |
|
Need either license to operate in
specific frequency band or use unlicensed frequency band |
|
Unlicensed bands: no limit on number of
users, but rules governing “behavior” |
|
Licenses used to be given away
basically for free, but this became controversial, plus governments saw this
as easy source of revenue….. |
|
Need for international standardization:
meetings every 2 years (WARC), many international standards bodies and
regulatory offices involved |
Unlicensed Bands
|
|
|
|
|
Industrial, Scientific, and Medical
(ISM): |
|
915 MHz band (902 - 928 MHz, 26 MHz
bandwidth) |
|
only available in North America |
|
highly crowded, expected to become even
more crowded |
|
many existing users are
non-spread-spectrum applications |
|
2.4 GHz band (2.4 - 2.4835 GHz, 83.5
MHz bandwidth) |
|
available worldwide |
|
lightly loaded, but interference from
microwave ovens |
|
5.8 GHz band (5.725 - 5.85 GHz, 125 MHz
bandwidth) |
|
only available in North America |
|
lightly loaded, radar interference |
Licensing 3G Bands
|
|
|
|
VERY different country rules: |
|
US: finalise spectrum options by Q3
2001, prior to licensing 3G systems by Q4 2002. consultation process
completed 30 March 2001 with reports from FCC and NTIA. |
|
Canada auctioned PCS spectrum in
January 2001 that can be used for 3G services, with 52 licences attracting
bids totalling $1.48 billion. |
|
Spectrum policy in USA and Canada is
today not service specific. This means that any licensee can deploy 3G
systems in their existing spectrum, if equipment exists for that particular
spectrum. |
|
France: 4 National licenses, beauty
contest plus fixed cost. First two licences awarded to Itineris (France
Telecom) and SFR (Cegetel). Conditions have yet to be set for the award of
two further licences. First licences awarded 31.05.01. Date of second call
for tender not yet confirmed |
|
Germany: 6 National licences awarded,
five 2x10 + 5 MHz, one 2x10 MHz. 1st stage auction completed
(17.8.00), raising DM98.8 billion. Second stage closed 18.8.00, awarding an
additional 1x5Mhz unpaired to all except one. |
Course Overview
|
|
|
Introduction |
|
Data in Wireless Cellular Systems: AMPS
and CDPD |
|
Data in Wireless Local Area Networks |
|
Internet Protocols |
|
TCP over Wireless Link |
|
Ad-Hoc Networks, Sensor Networks |
|
Services and Service Discovery |
|
System Support for Mobile Applications |
AMPS: History
|
|
|
|
|
FCC allocated spectrum space in the 800
MHz spectrum and issued licenses for test systems in Chicago and Washington,
D.C. |
|
first commercial systems available
1983, available in all major cities in US in a few years |
|
AMPS result of extensive research by
Bell Labs in 1960s and 1970s |
|
800 MHz band was compromise |
|
lower frequencies occupied by FM and TV
systems |
|
higher frequencies were deemed too
unreliable (information loss due to weather conditions, multipath fading,
etc.) with existing technology |
AMPS Architecture
AMPS Spectrum and
Allocation
|
|
|
|
A band set up for independent carriers |
|
B band set up for traditional wireline
carriers, such as the Regional Bell Operating Companies (RBOC) |
|
idea was to ensure competition in all
markets, while restrict potential proliferation of companies that would
complicate spectrum allocation/management |
|
today, many independent carriers bought
by RBOCs, so it is not uncommon to have one company operating in Band A in
one market and Band B in another market |
|
channels always come in pairs, spaced
45 MHz apart |
AMPS Identification
Numbers
|
|
|
|
|
|
|
three identification numbers are used: |
|
mobile station’s serial number (SN) |
|
32-bit binary number |
|
uniquely identifies a cellular unit |
|
established by manufacturer at the
factory |
|
8-bit manufacturer code, assigned by
FCC to manufacturer |
|
6 bit reserved (currently all 0) |
|
18 bits serial number, assigned by
manufacturer |
|
should not be easily alterable, burned
into ROM |
|
system identification number (SID) |
|
15-bit binary number, uniquely
identifies cellular system |
|
FCC assigns SID |
|
mobile station in the cell must
transmit the SID |
|
mobile identification number (MIN) |
|
digital representation of mobile’s
10-digit telephone number |
AMPS: Call Initiation
|
|
|
|
user enters number and presses SEND |
|
phone sends number to be called and own
identity on access channel (random access channel), retry in case of
collision |
|
MTSO looks for idle channel (if caller
is customer of MTSO’s company or one of its partners) and sends back channel
number on the control channel |
|
mobile phone switches to the selected
voice channel and waits until the called party picks up the phone |
AMPS: Call Reception
|
|
|
|
idle phones continuously listen to the
paging channel to detect messages directed at them |
|
when someone initiates call to mobile,
message is sent to home MTSO to find out where mobile currently is |
|
a packet is then sent to base station
in current cell, which pages the mobile on the paging channel |
|
if mobile replies, base assigns channel
number and sends it to mobile |
|
mobile switches to this channel and
starts making ringing sound |
CDPD: Architecture
CDPD: Architecture
|
|
|
|
|
M-ES: user device, mobile, identified
by at least one globally unique Network Entity Identifier (NEI) |
|
IS: basically a router, might provide
additional services |
|
MD-IS: only entity that has knowledge
of mobility, runs MNLP (Mobile Network Location Protocol): |
|
each M-ES belongs to a fixed home area,
MHF keeps track of this information |
|
MSF handles packet transfer services
for visiting M-ES |
|
requires that M-ES register with
serving MD-IS when roaming |
|
MDBS: supports air interface to M-ES |
|
resides at the AMPS cell |
|
uses AMPS transmit and receive
equipment |
CDPD: Protocol Stack
|
|
|
|
follows OSI stack |
|
CDPD basically specifies physical layer
and data link layer protocols only |
|
nominal channel rate: 19.2 kbps,
maximum throughput after coding & framing, ignoring contention, is 11.8
kbps on downlink (to mobile), 13.3 kbps on uplink |
|
standard specifies support for CLNP
(ConnectionLess Network Protocol) and IP (Internet Protocol) at layer 3 |
|
higher layers can be TCP or TP4 |
|
CDPD also specifies a wide variety of
upper-layer protocols (directory management, electronic messaging, etc.),
based on OSI and Internet services |
CDPD: MAC Protocol
|
|
|
|
|
|
downlink/forward channel: no
contention, only one sender: the MDBS. All frames are broadcasted, each M-ES
picks out the ones destined for it or for everyone |
|
uplink/reverse channel: contention is a
problem |
|
access to channel follows a DSMA/CD
protocol: |
|
uses time slots of 60 bit times (see
structure of forward channel) |
|
“digital sense”: watch forward channel
to determine whether reverse channel is busy or idle (busy/idle flags every
60 bits) |
|
if busy, skip a random number of slots
and try again. If still busy, wait for longer period (statistically twice as
long) and retry |
|
if idle, start transmitting |
|
“collision detection”: decode flag in
forward channel indicates with delay whether there was a collision |
|
keep sending until collision is
detected or until maximum number of slots
is set or until MDBS tells M-ES to shut down |
CDPD: Sharing AMPS
Channels
CDPD: Mobility Management
CDPD: Mobility Management
Identifiers
|
|
|
|
NEI (Network Entity Identifier):
identifies mobile |
|
LCI (Local Cell Identifier): unique
cell identifier for all cells controlled by the same MDBS |
|
CSI (Channel Stream Identifier): unique
6-bit identifier for all channel streams in a cell |
|
LCI and CSI together uniquely identify
all channels on any given cell or its adjacent cells |
|
LSAI (Local Service Area Identifier):
16-bit unique number for all service areas in a CDPD network |
|
SPNI (Service Provider Network
Identifier): 16-bit unique CDPD network identifier |
CDPD: Mobility Management
|
|
|
|
cell transfer decision: compare
relevant parameters on previous RF channel and current RF channel (after
channel hop): |
|
no change in LCI, CSI, cell group color or area color: channel hop
occurred within current cell |
|
area color is the same, but LCI and CSI
are different: intra-area cell transfer is performed |
|
different area colors: inter-area cell
transfer procedure is performed |
CDPD: Intra-Area Cell
Transfer
|
|
|
|
intra-area cell transfer: controlled by
same MD-IS |
|
M-ES initiates transfer if channel
becomes bad (extended loss of channel synchronization and/or unacceptable
error rate) |
|
to assist M-ES in locating CDPD
channel, MDBS periodically broadcasts RF channel number in use or as
candidates for use in adjacent cell |
|
after M-ES synchronized with new RF
channel, sends link-layer receive ready to serving MD-IS |
|
MD-IS acknowledges frame and updates
its information for M-ES (physical media association) |
CDPD: Inter-Area Cell
Transfer
|
|
|
|
starts out identical to intra-area cell
transfer |
|
once M-ES synchronized with new
channel, mobile sends “end system hello” (ESH) to new serving MD-IS |
|
ESH informs MD-IS of presence of M-ES,
register its address (NEI) |
|
new serving MD-IS sends message to home
MD-IS to tell it where data for M-ES should be redirected |
|
home MD-IS acknowledges if registration
is successful |
|
new serving MD-IS confirms successful
registration to M-ES |
|
home MD-IS “flushes” previous serving
MD-IS, telling it that messages are no longer forwarded for this M-ES |
Course Overview
|
|
|
Introduction |
|
Data in Wireless Cellular Systems: GSM
and GPRS |
|
Data in Wireless Local Area Networks |
|
Internet Protocols |
|
TCP over Wireless Link |
|
Ad-Hoc Networks, Sensor Networks |
|
Services and Service Discovery |
|
System Support for Mobile Applications |
GSM History
|
|
|
|
1978 - Europe allocated 2 x 25 MHz
spectrum in 900 MHz range for mobile communications |
|
1982 - Groupe Special Mobile formed
under CEPT (French acronym for European Conference of Posts and
Telecommunications) |
|
1987 - GSM Memorandum of Understanding
(MoU) signed by first members, which includes agreements between operators
for roaming, numbering and routing aspects, tariffs and accounting. |
|
1988 - GSM transferred to newly formed
ETSI (European Telecommunication Standards Institute) |
Architecture of the GSM
system
|
|
|
|
|
GSM is a PLMN (Public Land Mobile
Network) |
|
several providers setup mobile networks
following the GSM standard within each country |
|
components |
|
MS (mobile station) |
|
BS (base station) |
|
MSC (mobile switching center) |
|
LR (location register) |
|
subsystems |
|
RSS (radio subsystem): covers all radio
aspects |
|
NSS (network and switching subsystem):
call forwarding, handover, switching |
|
OSS (operation subsystem): management
of the network |
GSM: Overview
Radio Subsystem
|
|
|
|
|
The Radio Subsystem (RSS) comprises the
cellular mobile network up to the switching centers |
|
Components |
|
Base Station Subsystem (BSS): |
|
Base Transceiver Station (BTS): radio
components including sender, receiver, antenna - if directed antennas are
used one BTS can cover several cells |
|
Base Station Controller (BSC):
switching between BTSs, controlling BTSs, managing of network resources,
mapping of radio channels (Um) onto terrestrial channels (A
interface) |
|
BSS = BSC + sum(BTS) + interconnection |
|
|
|
Mobile Stations (MS) |
Mobile Station
|
|
|
|
|
Terminal for the use of GSM services |
|
A mobile station (MS) comprises several
functional groups |
|
MT (Mobile Terminal): |
|
offers common functions used by all
services the MS offers |
|
corresponds to the network termination
(NT) of an ISDN access |
|
end-point of the radio interface (Um) |
|
TA (Terminal Adapter): |
|
terminal adaptation, hides radio
specific characteristics |
|
TE (Terminal Equipment): |
|
peripheral device of the MS, offers
services to a user |
|
does not contain GSM specific functions |
|
SIM (Subscriber Identity Module): |
|
personalization of the mobile terminal,
stores user parameters |
Mobile Station
|
|
|
|
|
Subscriber Identity Module |
|
ISO compliant removable smart card,
with limited storage and computational functionality |
|
necessary for operation of mobile
station, and involved in location management, authentication, and ciphering |
|
one or more directory numbers per SIM,
one or more SIMs per subscriber |
|
SIM realizes model of “personal
mobility” (e.g., the subscriber is the focus of attention and it is he/she
who is mobile) |
|
Mobile Equipment |
|
only emergency calls allowed without
SIM |
|
calls routed to SIM, not mobile
equipment |
Network and Switching
Subsystem
|
|
|
|
|
NSS is the main component of the public
mobile network GSM |
|
switching, mobility management,
interconnection to other networks, system control |
|
Components |
|
Mobile Services Switching Center
(MSC)
controls all connections via a separated network to/from a mobile terminal
within the domain of the MSC - several BSC can belong to a MSC |
|
Databases (important: scalability, high
capacity, low delay) |
|
Home Location Register (HLR)
central master database containing user data, permanent and semi-permanent
data of all subscribers assigned to the HLR (one provider can have several
HLRs) |
|
Visitor Location Register (VLR)
local database for a subset of user data, including data about all user
currently in the domain of the VLR |
Mobile Services Switching
Center
|
|
|
|
The MSC (mobile switching center) plays
a central role in GSM |
|
switching functions |
|
additional functions for mobility
support |
|
management of network resources |
|
interworking functions via Gateway MSC
(GMSC) |
|
integration of several databases |
|
Functions of a MSC |
|
specific functions for paging and call
forwarding |
|
termination of SS7 (signaling system
no. 7) |
|
mobility specific signaling |
|
location registration and forwarding of
location information |
|
provision of new services (fax, data
calls) |
|
support of short message service (SMS) |
|
generation and forwarding of accounting
and billing information |
Operation Subsystem
|
|
|
|
|
The OSS (Operation Subsystem) enables
centralized operation, management, and maintenance of all GSM subsystems |
|
Components |
|
Authentication Center (AUC) |
|
generates user specific authentication
parameters on request of a VLR |
|
authentication parameters used for
authentication of mobile terminals and encryption of user data on the air
interface within the GSM system |
|
Equipment Identity Register (EIR) |
|
registers GSM mobile stations and user
rights |
|
stolen or malfunctioning mobile
stations can be locked and sometimes even localized |
|
Operation and Maintenance Center (OMC) |
|
different control capabilities for the
radio subsystem and the network subsystem |
GSM Services
|
|
|
|
|
|
speech |
|
most important and widely used service |
|
uses discontinuous transmission and
voice activity detection |
|
transmit at about 40% of time, when
user actually speaks |
|
complete silence at receiver unnerving
- comfort noise |
|
data |
|
different services available, depending
on end-to-end transmission type, transmission mode, terminal capability |
|
supports data rates of 300 bps up to
9600 bps |
|
facsimile |
|
short message service |
|
alphanumeric messages of up to 160
characters |
|
messages saved on SIM |
GSM: Radio Transmission
Aspects
|
|
|
|
|
|
spectrum allocation |
|
in 1978 Europe allocated 2x25 MHz in
the 900 MHz range for mobile communications |
|
890 - 915 MHz for the uplink (mobile
station to base station) |
|
935 - 960 MHz for the downlink (base
station to mobile station) |
|
top 10 MHz in each band reserved for a
pan-European mobile system, since band was also used by national analog
systems |
|
multiple access: |
|
GSM divides allocated bandwidth into
carriers spaced 200 kHz apart, starting 200 kHz from the edge - maximum of
124 carriers in GSM900, 374 carriers in DCS1800 (2x75 MHz allocation) |
|
TDMA divides time on each carrier
frequency into burst periods lasting 15/26 (0.577) ms |
GSM Hierarchy of Frames
GSM Logic Channels
|
|
|
|
|
Traffic channels (2-way) |
|
Full-rate (TCH/F) |
|
Half-rate (TCH/H) |
|
Signaling Channels |
|
Broadcast Channels (base to mobile) |
|
Frequency Correction Channel (FCCH) |
|
Synchronization Channel (SCH) |
|
Broadcast Control Channel (BCCH) |
|
Common Control Channels |
|
Paging Channel (PCH) - base to mobile |
|
Access Grant Channel (AGCH) - base to
mobile |
|
Random Access Channel (RACH) - mobile
to base |
|
Dedicated Control Channels (2-way) |
|
Stand-alone Dedicated Control Channel
(SDCCH) |
|
Slow Associated Control Channel (SACCH) |
|
Fast Associated Control Channel (FACCH) |
GSM: Dedicated Channels
|
|
|
|
traffic channels (TCH) carry user
speech and data, as well as some signaling |
|
a TCH is always allocated with a
corresponding Slow Associated Control Channel (SACCH) used for reporting
handover measurements |
|
TCH slots may be ‘stolen’ from a
traffic channel for Fast Associated Control Channel (FACCH) signaling, used
for call establishment, handover execution, and authentication |
|
full rate TCH/SACCH occupies one time
slot every 8 burst periods (TDMA frame), allowing 8 traffic channels per
carrier frequency |
GSM: Full Rate TCH/SACCH
|
|
|
|
Time slot Number (TN) equals burst
number modulus 8, and identifies a particular channel |
|
cycles every 26 TDMA frames (120 ms,
defined so as to be ISDN compatible) |
|
uplink transmission delayed by 3 burst
periods from downlink transmission |
Security in GSM
|
|
|
|
|
Security services |
|
access control/authentication |
|
user Õ SIM (Subscriber Identity
Module): secret PIN (personal identification number) |
|
SIM Õ network: challenge
response method |
|
confidentiality |
|
voice and signaling encrypted on the
wireless link (after successful authentication) |
|
anonymity |
|
temporary identity TMSI
(Temporary Mobile Subscriber Identity) |
|
newly assigned at each new location
update (LUP) |
|
encrypted transmission |
|
3 algorithms specified in GSM |
|
A3 for authentication (“secret”, open
interface) |
|
A5 for encryption (standardized) |
|
A8 for key generation (“secret”, open
interface) |
GSM - Authentication
GSM - Key Generation and
Encryption
GSM: Security
|
|
|
|
|
|
equipment identity checking |
|
Equipment Identity Register (EIR)
maintains database related to mobile equipment (hardware) identified by
International Mobile Equipment Identity (IMEI) |
|
IMEI consists of Type Approval Code
(granted when mobile station type passes type approval testing to ensure
mobile station behaves properly), Final Assembly Code (indicating
manufacturing plant), and the equipment serial number |
|
EIR stores three lists of IMEIs |
|
white list contains ranges of IMEIs of
type approved mobile stations, maintained by MoU |
|
black list contains IMEIs which are
stolen or malfunctioning, and are subsequently barred |
|
gray list contains IMEIs which should
be supervised for possible malfunctions |
Data Services in GSM
|
|
|
|
Data transmission standardized with
only 9.6 kbit/s |
|
advanced coding allows 14.4 kbit/s |
|
not enough for Internet and multimedia
applications |
|
HSCSD (High-Speed Circuit Switched
Data) |
|
already standardized |
|
bundling of several time-slots to get
higher AIUR (Air Interface User Rate)(e.g., 57.6 kbit/s using 4 slots, 14.4
each) |
|
advantage: ready to use, constant
quality, simple |
|
disadvantage: channels blocked for
voice transmission |
GSM Data Properties
|
|
|
|
|
Circuit-switched operation |
|
uplink and downlink channels allocated
for a user for entire call period |
|
busy user uses only one direction of
link (typically), so 50% of resources are wasted |
|
user pays for the connection time, not
for the amount of data |
|
bad connections - more retransmissions
- make more money for operator |
|
pay even if no data is transmitted |
|
connection establishment time: 20-25
seconds |
|
bad for short-lived transactions |
|
capacity: 9.6 kbps (channel coding
designed for worst-case radio situation) |
|
connections: to any modem service in
PSTN |
GSM Data Properties:
Evaluation
|
|
|
|
Circuit-switched data is good for cases
when continuous data flow is needed/required |
|
Billing is based on time, not amount of
data |
|
Limited number of mobiles can be
supported per carrier (8 channels) |
|
Circuit-switched data is not optimal
for |
|
packet-based protocols such as IP |
|
bursty traffic |
|
unbalanced traffic (using mainly one
channel direction) |
|
Þ Packet switched service is needed for GSM |
|
Þ GPRS standardization was started |
Beyond 2G
|
|
|
3G Systems: originally one standard,
later “family of compatible standards” |
|
B3G and 4G: focus on data rates and
services, range of wireless access technologies |
|
à See Introduction |