Chapter 9 Mobile Communication Systems

Copyright © 2016, Dharma P. Agrawal and Qing-An Zeng. All rights reserved 0

Chapter 9

Mobile Communication Systems

(Modified by LTL)

Adapted from class notes by

Prof. Leszek T. Lilien, CS, Western Michigan University

and

Prof. Dharma P. Agrawal & Qing-An Zeng, University of Cincinnati

Most slides based on publisher’s slides for 1st and 2nd edition of: Introduction to Wireless and Mobile Systems by Agrawal & Zeng

© 2016, Dharma P. Agrawal and Qing-An Zeng. All rights reserved.


Outline

9.1. Introduction

9.2. Cellular System Infrastructure

9.3. Registration

9.4. Handoff Parameters and Underlying Support Parameters Influencing Handoff

Handoff Underlying Support

9.5. Roaming Support Home Agents, Foreign Agents, and Mobile IP

Rerouting in Backbone Routers

9.6. Multicasting

9.7. Security and Privacy Encryption Techniques

Authentication

Wireless System Security

9.8. Firewalls and System Security

(Modified by LTL)


9.1. Introduction

Ideal cellular infrastructure:

MS able to communicate with any other MS in the

world

Across cells

Across MSC areas (MSC = mobile switching center)

Across systems owned by different service

provider

To approach the ideal, need

Handoffs

Roaming

across these “borders”

© 2016 by Leszek T. Lilien

MS

MS


9.2. Cellular System Infrastructure

Cellular system infrastructure is fairly complex

Home phone

(PSTN)

GMSC

MSC

BSC …

BS

…

…

MS

…

BS MS

BSC

BS MS

…

BS MS

BSC

BS MS

…

BS MS

BSC

BS MS

…

BS MS

MSC

wired link

[LTL:]

BSC = BS controller MSC = Mobile Switching Center PSTN = Public Switched Telephone Network PSTN connected to the ATM backbone

(Modified by LTL)

Others


Cellular System Infrastructure (cont.)

Source: 禹帆，無線通訊網路概論，文魁

GMSC

Other PLMNs


BTS GMSC

HLR

BSC

MS

PLMN

PDN

Modems

Auc

MSC/

VLR



行動台(Mobile Station ; MS )

車用型(Vehicular Mounted)

手持式(Handheld)

Handset、Notebook、Laptop、PDA、PocketPC、、、

用戶識別卡(Subscriber Identity Module Card)

Independent with handset

較小Plug-in SIM卡 / 較大ID-1 SIM卡

MS = Handset + SIM card

Source: 顏春煌，行動與無線通訊，金禾。



基地台系統(Base Station System ; BSS )

一個基地台控制器（Base Station Controller；BSC）：

無線電資源管理、話務頻道的指派、跳頻控制、執行交遞，無線電性能量測、功率控制等。

一個或多個收發基地台（Base Transceiver Station；BTS) ：

包含天線與電路，收送與手機間的無線電波訊號。



GMSC

PLMNs

PSTN

OMC

Switching System

行動交換中心（Mobile Switching Center；MSC）：

相當於交換機功能，建立連線與交換話務或資料。



Switching System

閘道交換中心(Gateway MSC, GMSC)

負責提供PLMN網路與其他各種不同固定網路間的連接，例如：一般公眾電話網路（PSTN），整體服務數位網路（ISDN），其他Public Land Mobile Network(PLMN)。

GMSC通常都與MSC共同存在於相同的節點上，它可以是網路上任何一台MSC，而該MSC也就被稱為閘道用的交換機(GMSC) 。

OMC(Operation and Maintenance Center)

管理維護中心(維運中心)

效能管理、設定管理、安全管理


GMSC

PLMNs

PSTN

OMC


Switching System

本籍位置記錄(Home Location Register ; HLR)

儲存著行動台之相關永久性及基本資料，也記錄著行動台所在位置的VLR地址。

訪客位置記錄(Visitor Location Register；VLR）：一個動態的資料庫，記錄著所有漫遊至它所管轄區域(Location Area; LA)的行動台資料。

驗證中心（Authentication Center；AUC）：行動台身分驗證，同時提供特別密碼鎖用以對傳輸的語音和數據進行加密、解密。

BTS GMSC

HLR

BSC

MS

PLMN

PDN

Modems

Auc

MSC/

VLR



Switching System

設備識別記錄(Equipment Identity Register；EIR）防止手機被盜拷偷打及不符合規格手機的使用。

手機都具備有獨特的設備號碼(International Mobile Equipment Identity；IMEI; 國際移動裝備辨識碼)並記錄在EIR內，有三個資料類別：1. 白名單（White List）：正常手機。2. 黑名單（Black List）：被偷手機或停止

服務。3. 灰名單（Grey List）：被觀察手機。

手機顯示 IMEI : ＊＃０６＃

AUC



International Mobile Equipment Identity(IMEI)

國際移動裝備辨識碼(手機產品序號)

TAC + FAC + SNR + SP

447769 + 18 + 209243 + 8

TAC: Type Approval Code

FAC: Final Assembly Code (18 = Singapore)

SNR: Serial Number

SP: Spare

手機顯示 IMEI : ＊＃０６＃


http://www.sogi.com.tw/zplane/rating_1.0/mobile.asp?no=23&pro=220



9.2. Cellular System Infrastructure – cont. 1

The infrastructure in more detail1) Discussed in Sec. 1:

BTS = base transceiver system (tower + antenna) (tranceiver = transmitter + receiver)

BSC = BS controller (all electronics controlling BTSs, even k*100 BTSs) BS = base station = BTS + BSC

NOTE: We sometimes omit mentioning BTS, as if BTS + BSC were co-located & were an integrated BSSometimes (as in the previous Figure) BTS is denoted as “BS” HLR = home location

register VLR = visitor home

location register

2) Not discussed yet: AUC = authentication

center EIR = equipment

identity register

(Modified by LTL)

p. 191 (頁212) Fig. 9.1


9.2. Cellular System Infrastructure – cont. 2

Role of AUC (authentication center)

Provides authentication – to verify user’s identity

Provides encryption parameters – to provide confidentiality of calls

=> “prevents” cellular system operators & customers from fraud(not 100% prevention!)

Role of EIR (equipment identity register)

It is database with info about identities of mobile equipment So, e.g., operator

accepts calls only

from equipment

of operator’s owncustomers

=> “prevents” fraud

Implementations: Separate AUC & EIR

Integrated AUC/EIR

(Modified by LTL)

p. 191 (頁212) Fig. 9.1


Handover (Handoff)HLR VLR



CM(Call Management)

與撥號有關的控制(Call Control)

通話的建立

選擇傳輸是語音(voice)、數據(data)或傳真(fax)

通話的釋放

加值服務(Supplementary Service)管理

簡訊SMS(Short Message Service)管理




CM(Call Management) 系統建立通話連線程序

1.撥號0939164721(CC+NDC+)

2.詢問HLR

3.取得MSRN(MSC/LA)

4.連線MSC

5.詢問VLR

6.取得TMSI

7.向所屬LA廣播(paging)

8.MS回應




Mobile Station ISDN(MSISDN)

行動台公開之電話號碼

CC + NDC + SN

886 + 920 + 489147

CC: Country Code

NDC: National Destination Code (0920=台哥大)

SN: Subscriber Number

Mobile Station Roaming Number(MSRN)

行動台漫遊號碼(供MSC處理行動台來話)

CC + NDC + SN

886 + 936 + 630123

NDC: National Destination Code (0936=遠傳)

Temporary Mobile Station Number(TMSI）提供行動台臨時使用號碼(確保用戶號碼隱密性)

e.g. TMSI(hex) = 59E221D3

長度較IMSI短，且可保持IMSI的機密性

由VLR產生


系統相關識別碼


9.3. Registration

MS must register before being able to use cellular services

MS registration done each time the MS is switched on


Registration needed for:

Billing

Authentication

Specifying access privileges


9.3. Registration (cont.)

System also needs to know MS’s location BS periodically xmits beacon signal

Beacon signal includes among others:

Cellular network id

Timestamp

Gateway address

ID of the paging area (PA)

Other BS parameters

If MS hears new BS, it adds it to its table – “active beacon kernel table”

When MS wants to make a call, MS gets closest BS from the table





Steps followed for unregistered (e.g.,

was switched off) if MS is outside of

its own subscription (home) area

(Modified by LTL)

VLRHLR

AUC

p. 193 (頁214) Fig. 9.4Registration procedure


LA區域(Location Area)

依手機目前所在LAI(LA識別碼)來確認手機位置

建立通話連線呼叫手機時，只針對該LA進行廣播(Paging)




BSC BSC

Location Updating(在同一個MSC/VLR服務區內)



Location Updating(不同MSC/VLR服務區)



9.4. Handoff Parametersand Underlying Support

Handoff = change of radio resources from one

cell to another, adjacent cell

For handoff to succeed, the “new” cell needs a

free channel

© 2016 by Leszek T. LilienSource: 禹帆，無線通訊網路概論，文魁

HLR VLR


9.4.1. Parameters Influencing Handoff – cont. 2

Two ways of determining need for handoff

Signal strength

Carrier-to-interference ratio (CIR)

Example of handoff based on signal strength (= on received power) – from Chapter 5

BSi

Signal strength

due to BSj

X1

Signal strength

due to BSi

BSjX3 X4 X2X5

E

Xk

MS

Pmin

Pi(x) Pj(x)

(Modified by LTL)


9.4.1. Parameters Influencing Handoff – cont. 3

(2nd case) Handoff based on CIR –

when CIR gets too low, handoff must be made


通話交遞(Handover)/位置更新(Location Updating)

Carrier-to-interference ratio (CIR)


9.4.2. Handoff Support

Two types of handoff:

Hard handoff

Soft handoff



Hard handoff –

Break before make

(Modified by LTL)

x

x

p. 197 (頁218) Fig. 9.5


Soft handoff –

Make before break

(Modified by LTL)

x

p. 197 (頁218) Fig. 9.6


9.5. Roaming Support

Scenario 1: MS moves from Point a to Point b

Supported by MSC1 alone

Scenario 2: MS moves from Point b to Point c

Supported by MSC1 & MSC2

Requires setting up the bidirectional HLR-VLR link between them – as shown

in fig on next slide

(Modified by LTL)

p. 199 (頁220) Fig. 9.8

Handover

Copyright © 2016, Dharma P. Agrawal and Qing-An Zeng. All rights reserved 46Source: 禹帆，無線通訊網路概論，文魁

GMSC

Other PLMNs

漫遊(Roaming) 經由不同網路經營者間的合作，使得各用戶均可利用其他經營者的網路，從而擴大用戶使用範圍

行動電話用戶可以在本國以外的行動電話網路使用行動通訊服務即稱之為國際漫遊(International Roaming)


行動通訊系統

由許多子系統(Subsystem)共同組成

各個地區的子系統彼此間能互相配合來完成系統的各項功能，這種區域分割的觀念就稱為行動通訊系統的地理階層(Hierarchy)。



LA區域(Location Area)

依手機目前所在LAI(LA識別碼)來確認手機位置

建立通話連線呼叫手機時，只針對該LA進行廣播(Paging)


行動通訊系統(cont.)



MSC/VLR服務區域(Service Area)

MSC/VLR區域包含許多LA

BSC BSC




PLMN服務區域(Service Area)

一個PLMN (Public Land Mobile Network)服務區域為一家電信業者所經營範圍。


GMSC

Other PLMNs



全球服務區域(Service Area)

涵蓋全世界所有PLMN區域。

數家電信業者彼此間的PLMN區域某部分會互相重疊。



Mobile Communications

HSDPAHSUPAHSPA+

WiMAXLTE

2.5G2.9G

3G

3.5G

3.9G

4G

3G

2G

2GCDMA

LTE(Long-Term Evolution)


Stage 1: GPRS Network

MSC

BSC

PSTN

A

BTS BTS

GSM

MSC SGSN

BSC

PSTN PDN

A Gb

GGSN

BTS BTS

GPRS

PCU

Source: www.cisco.com

2G GSM 4G LTE Networks

2G 2.5G

InternetPublic telephone




Evolution Stage 2 (R99 UMTS)

MSC SGSN

BSC

PSTN PDN

A Gb

GGSN

BTS BTS

GPRS

PCU

RNC

Iu

MSCU SGSNU

PSTN PDN

GGSN

Iu

Node B Node B

UMTS (R99)

Iub

Iur

BSC

A

Gb

BTS BTS

PCU


3G2.5G

InternetTelephone



Copyright © 2016, Dharma P. Agrawal and Qing-An Zeng. All rights reserved 59Source: Broche of Motorola

3G WCDMA Architecture


GSM/GPRS/UMTS

Network architecture


Evolution Stage 3 (R00 UMTS)

PSTN

R99 UMTS

RNC

Iu

PSTN PDN

GGSN

Iu

Node B Node B

Iu

b

Iur

BSC

A

Gb

BTS BTS

PCU

MSCU SGSNU

RNC

Iu Services

Domain

(IN Feature

Servers)

GGSN/

MGW

Node B Node B

R00 all IP UMTS

SGSN

Iub

Iur

Call Processing

Domain

PDN

IP Core


3G 3G+/4G


4G LTE (Long Term Evolution)

architecture

63

http://www.gl.com/images/lte-analyzer-web-main-image.gif

2GGSM

3GWCDMA

Internet

4G LTE

Copyright © 2016, Dharma P. Agrawal and Qing-An Zeng. All rights reserved 64Source: http://www.2cm.com.tw/news/images/N091016003320091016180545.jpg

4G LTE (Long Term Evolution)

architecture


Evolution Stage 4 (R00+)

(Combined GSM/CDMA- Cisco View)

All- IP Core Network (R00+)

Gateways

RNC

Server

PDNPSTN

Node B Node B

SDU

CDMA

BTS

GSM

BTS

BSC

ServerCommon

Services

Manager

PSTN

RNC

Iu Services

Domain

(IN Feature

Servers)

GGSN/

MGW

Node B Node B

R00 all IP UMTS

SGSN

Iub

Iur

Call Processing

Domain

PDN

IP Core

IP Core

Feature Servers


3G+/4G Beyond 4G


9.5.1. Home Agents, Foreign Agents,

and Mobile IP

Circuit Switching

Packet Switching

Use Mobile IP

(= Mobile Internet Protocol)


p. 200 (頁222)

RNC

Iu

MSCU SGSNU

PSTN PDN

GGSN

Iu

Node B Node B

Iub

Iur

BSC

A

Gb

BTS BTS

PCU

InternetTelephone


Circuit Switching

Communication in which a dedicated communications

path is established between two devices through one

or more intermediate switching nodes

Dominant in both voice and data today

e.g. PSTN is a circuit-switched network

A與B之間建立一專屬通道A

B


Circuit Switching (cont.)

GSM電路交換的傳輸型態

MSC SGSN

BSC

PSTN PDN

A Gb

GGSN

BTS BTS

PCU

GSM MS


Def:

將資料切割成一段段封包(packets)再送收的交換技術

The use of packets

Packet Switching


Packet Switching

封包交換的傳輸型態

MSC SGSN

BSC

PSTN PDN

A Gb

GGSN

BTS BTS

PCU

GPRS MS


Data Plane for GPRS network

IP for Cellular System


Mobile IP


Home agent and foreign agent


Host address and care-of address


Triangle routing

(Tunneling)


英法海底隧道(Tunneling)

http://upload.wikimedia.org/wikipedia/commons/thumb/4/4f/Course_Channeltunnel_en.svg/2000px-Course_Channeltunnel_en.svg.png


區間列車穿梭英吉利海峽隧道運送卡車到倫敦(Tunneling)

http://img.epochtimes.com/i6/1011091056161758_1.jpg


Encapsulation is the Key (Tunneling)

1

2

3

HomeAgent

ForeignAgent


Encapsulation is the Key (Tunneling)

1

2

3


9.7. Security and Privacy Security challenges in wireless systems

1) Assured delivery of messages

Example attack: Jamming by a powerful

transmitter

A solution: use frequency hopping

2) Authenticity of messages

A solution: use digital signatures

3) Secrecy of messages

A solution: use encryption of messages

Solutions for Challenges 2 and 3 based on:

Cryptography



加密解密(Encipher and decipher)

Symmetric cryptosystems

http://www.asiapeak.com/img/symmetric.JPG

Encipher Decipher

The same secret key


9.7.1.

Encryption

Techniques

– cont. 1

Example: block encryption using DES (Data Encryption Standard)

Easy to implement in S/W or H/W Uses a secret encryption key to modify output for given input

Example input – fig. a / Example output – fig. b

Encryption for this example (compare fig. a & b): 57th bit of input block becomes 1st bit xmitted

49th bit of input block becomes 2nd bit xmitted

…

Encryption for this example (compare fig. b & c): 8th bit of received block becomes 1st bit decrypted (recovered)

24th bit of received block becomes 2nd bit decrypted

…

© 2016 by Leszek T. Lilien (Original figures from the textbook used)

p. 208 (頁230) Fig. 9.18


Classification of Cryptosystemsw.r.t. Keys - cont.

More on: (2) Keyed cryptosystems

2a) Symmetric cryptosystems: KE = KD

Classic

Encipher and decipher using the same secret key

Same key OR one key is easily derived from other

2b) Asymmetric cryptosystems: KE ≠ KD

A.k.a. a public key encryption (PKE)

Encipher / decipher using different keys:

Secret private key + widely-known public key:

< kPRIV, kPUB>

Computationally infeasible to derive the private key from the public

key

It is OK if the public key easily derived from the private key

[cf. B. Endicott-Popovsky, U. Washington]


E DP C P

KE KD


加密解密

Asymmetric cryptosystems

http://www.asiapeak.com/img/asymmetric.JPG


Public Key Encryption (PKE)

(asymmetric cryptosystem)

Recall: Two main types of cryptosystems:

Secret key encryption (= symmetric

cryptosystem)

Public key encryption (= PKE = asymmetric

cryptosystem)

Outline for PKE

1) Motivation for PKE

2) Characteristics of PKE

3) RSA (Rivest-Shamir-Adelman) Encryption



1) Motivation for PKE

Classic symmetric cryptosystem: with a secret key

Problems:

A lot of keys

o(n2) keys for n users (n * (n-1) /2 keys)

— if each must be able to communicate with each

Secure distribution of so many keys

Secure storage for the keys

User with n keys can’t just memorize them

Can have a system with significantly fewer keys?

Yes!© 2016 by Leszek T. Lilien


機密資料或鑰匙

復刻007手提箱

http://upload.wikimedia.org/wikipedia/commons/e/e9/EVA_hellokitty1.JPG

http://msnews.n.yam.com/photo_data/20160420010607/L20160420010607_31321.jpg

https://www.google.com.tw/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAUQjhw&url=http%3A%2F%2Fmsnews.n.yam.com%2Fmkarticle.php%3Farticle%3D20100420010607&ei=OM9SVYKJKIbamAXWhoGACQ&psig=AFQjCNHJn95HiYi4If6Bn2LpryzCbIltUw&ust=1431576726745178


2) PKE Definition and Characteristics

1976 — Diffie and Hellman — new kind of cryptosystem:

public key encryption (PKE) =

= asymmetric cryptosystem

Key pair: < kPRIV, kPUB>

Each user owns one private key

Each user shares the corresponding public key with n-1

remaining users => n users share each public key

Only 2n keys for n users 2n = n * (1 + n * 1/n)

Since public key is shared by n people: 1 „owner” + (n-1) others = n

1/n since each part „owns” 1/n of the public key

Even if each communicates with each

Reduction from o(n2) to o(n) keys!

n key pairs are:

<kPRIV-1, kPUB-1 >, <kPRIV-2, kPUB-2>, ..., <kPRIV-n, kPUB-n>

9.7.1. Encryption Techniques – cont. 9



3) RSA Encryption RSA = Rivest, Shamir, and Adelman (MIT), 1978

Based on underlying hard problem:

Number theory – determining prime factors of a

given large number (ex. factoring of small #: 5 5, 6

2 *3)

Arithmetic modulo n

How secure is RSA?

So far remains secure (after all these years...)

Will sb propose a quick algorithm to factor large

numbers?

Who knows… Could happen tomorrow… or never

Will quantum computing break it?

Research will tell - TBD© 2016 by Leszek T. Lilien


9.7.2. Authentication – cont. 1

Using PKE for Digital Signatures

Transmitting signed msgs from S to R (using PKE)

Original message: (P = plaintext, C = ciphertext)

Privacy transformation by S: C = E(P, KPUB-R)

Only R can decrypt it (with KPRIV-R)

Authenticity transformation = signing by S:

Sg = Sg(S, C) = D(C, KPRIV-S)

Only S can produce Sg(S, C) (with KPRIV-S)

Sent message:

C

Sg

P


Secret key

Public keyP


電子簽章示意圖(利用非對稱性加密)

http://www.cc.ntu.edu.tw/chinese/epaper/20160620_1011.files/image006.gif

Secret key

Public key


Authentication & Ciphering


Data encrypted by Kc

Ki

Ki


P7.2有一個TDMA系統以270.833kbps的資料來支援8個用戶使用一個訊框。(15分) a)請問各用戶能使用到的原始資料為何? b)如果保護時間與同步化占用10.1kbps，請問流量效率?

c)如果將編碼(7,4)被利用於錯誤處理，請問整體效率為何? (15分)

P7.9在CDMA統計中，為了提高所能服務之行動台數量，嘗試考慮也使用TDMA。這可能嗎?如果可以，要麼做?如果不行，為什麼?

(15分)

Homework #3 (Due in two weeks) -1


P7.21增加振幅(Amplitude)與相位(Phase)移位置，我們就可以獲得更高的xQAM，譬如64QAM與256QAM。傳輸率似乎可以被無限提升。真的是這樣嗎?請加以說明。 (15分)

P9.22自行選擇一家台灣行動電話系統業者,

整理研究其無線相關技術資訊。

例如：使用頻帶、涵蓋區域(PLMN service area)、網路架構、Frequency Reuse Policy、提供服務類型、、、等等。(其中ㄧ個有興趣的主題即可)

請摘要重點(含圖)整理至1頁(A4), 不含圖半頁。

(本題55分)

Homework #3 (Due in two weeks) -2


Questions?

Thank you!

End of Chapter 9

Chapter 9 Mobile Communication Systems

Documents

Transcript of Chapter 9 Mobile Communication Systems