SIX WEEKS SUMMER TRAINING REPORT

ON
TELECOMMUNICATION
Submitted by
Saransh Sinha
11108057
B.TECH-ECE
Under the Guidance of
Er.Amandeep Singh Saini
RF PLANNER AND OPTIMIZATION
ENGINEER
School of Electronics and Electrical Engineering
Lovely Professional University, Phagwara, Punjab
(June-July, 2014)

DECLARATION

I hereby declare that I have completed my six weeks summer training

at APPIN TECHNOLOGIES Pvt. Ltd from 11 June to 23 July under
the guidance of Er. Amandeep Singh Saini. I have declare that I have
worked with full dedication during these six weeks of training and my
learning outcomes fulfill the requirements of training for the award of
degree of Electronics and Communication Engineering, Lovely
Professional University, Phagwara, Punjab.
(Signature of student)
Saransh Sinha
11108057

Date: 4th August,2014

ACKNOWLEDGEMENT

The successful completion of any task would be incomplete without

accomplishing the people who made it all possible and whose constant guidance
and encouragement secured us the success
This seems to be a fitting moment for me to express my heartfelt gratitude
towards all those who helped me tirelessly and patiently in my training work. It
gives me a great sense of pleasure to present this report on my 6 week summer
training. Training in an organization like APPIN TECHNOLOGIES PVT.
LIMITED which is fuelled by the individuals with so much zest & energy,
teaming up to form a formidable force, was in itself a true learning experience
which is going to help us immensely in our career.
To begin with, I express my sincere thanks to Mr.Paramvir saini (Managing
Director). I owe special debt of gratitude to Er. Amandeep Singh Saini for
allowing me to avail all the available amenities in the division. They kept faith
in me and made me an active member of my team. I am thankful to them for
sharing their vast resource of knowledge and experience with me.
I am thankful to APPIN TECHNOLOGIES PVT. LIMITED, for giving me an
opportunity to undertake my Six Weeks Summer Training.
I also must place my gratitude to my college teachers for their valuable
advice and guidance in carrying out this enjoyable and productive experience,
which provided me a great opportunity to search new horizons.

ORGANIZATION OVERVIEW
3

Appin Technologies (ISO Certified) is a provider of Telecommunication and IT based

solutions, including software, equipment and systems integration services.
Appin Technologies develops and provides products, solutions, and professional services
primarily for Telecommunications/IT companies.

Organisation Profile:
Appin Technologies includes the following areas-

Telecommunications
Network Solutions
Next Generation Networks
Wireless Broadband Service
Data Transmission
Value-added Systems and Intelligent Networks
Network Deployment and Integration
New Technologies

Operation & Business Support

Network Monitoring
Network and Service Management Fulfillment
Billing and Customer Care Management

100% Placements
The company has tie-ups with all the major companies of India such as NOKIA-SIEMENS,
TATA, IDEA, ZTE, CONNECT, TATA-DOCOMO, VODAFONE, etc. The company assures
100% placement assistance .

ORGANIZATION PROFILE
Company Name: Appin Technologies.
Director: Mr.Paramvir saini

TABLE OF CONTENTS
4

1.GSM Fundamentals.
a. Brief History
b. Frequency bands
c. GSM service

2. Features of GSM.
a. Increased Capacity
b. Audio Quality
c. Improved Security

5d. Cleaner Handovers

e. Frequency reuse

3. GSM Architecture Overview

a. Mobile equipment
b. BSS(base station subsystem)
i. BSC(base station controller)
ii. BTS(base transceiver station)
c. NSS(network and switching subsystem )
i. MSC(mobile switching centre)
ii. HLR(home location register)
iii. VLR(visitor location register)
iv. AUC(authentication centre)
v. EIR(equipment identity register)

4. GSM IDENTIFIERS
a. International Mobile Station Equipment Identity(IMEI)
b. International Mobile Subscriber Identity (IMSI)
c. Mobile Subscriber ISDN Number (MSISDN)
d. Mobile Station Roaming Number ( MSRN)
e. Local Area Identity (LAI)

GSM FUNDAMENTALS
Introduction to GSM (Global System for Mobile Communications)
INTRODUCTION
1.The Global System for Mobile Communications (GSM) is a set of recommendations and
specifications for a digital cellular telephone network (known as a Public Land Mobile
Network, or PLMN).
2.These recommendations ensure the compatibility of equipment from different GSM
manufacturers, and interconnectivity between different administrations, including operation
across international boundaries.
3.GSM networks are digital and can cater for high system capacities.
4.They are consistent with the world-wide digitization of the telephone network, and are an
extension of the Integrated Services Digital Network (ISDN), using a digital radio interface
between the cellular network and the mobile subscriber equipment.

GSM (Global System for Mobile Communication)

Definition :
Global system for mobile communication (GSM) is a globally accepted standard for digital
cellular communication. GSM is the name of a standardization group established in 1982 to
create a common European mobile telephone standard that would formulate specifications for
a pan-European mobile cellular radio system operating at 900 MHz. It is estimated that many
countries outside of Europe will join the GSM partnership.

Brief History
The Global System for Mobile communication (GSM) is an ETSI (European
Telecommunication Standard Institute) standard for 2G pan European digital cellular with
international roaming. The main purpose of the group was to develop a 2G standard to
resolve the roaming problem in the six existing different 1G analog systems in Europe. In
1986, the task force was formed, and in 1987 a memorandum of understanding (MoU) was
signed. In 1989, ETSI included GSM in its domain. In 1991, the specification of the standard
was completed, and in 1992, the first deployment started. By the year 1993, thirty two
operators in 22 countries adopted the GSM standard, and by 2001, close to 150 countries had
adopted GSM for cellular adaptation

Frequency Bands
This GSM system is a frequency and time division system. Each physical channel is
characterized by a carrier frequency and a time slot number. GSM system frequencies include
two bands at 900 MHZ and 1800 MHz commonly referred to as the GSM 900 and DCS 1800
systems.
For the primary band in the GSM 900 system, 124 radio carriers have been defined and
assigned in two sub-bands of 25 MHz each in the 890 915 MHz and 935-960 MHz ranges
with channel width of 200 kHz (these sub-bands are always referred as downlink as well as
uplink respectively, we will see this concept in detailed in channel concepts later in this
module). Each carrier (a total channel width of 200 KHz) is divided into frames of 8 time
slots.
For DCS 1800, there are two sub bands of 75 MHz in the 1710 1785 MHz and 1805
1880 MHz ranges

GSM SERVICES
To study any system, it is very important to know the services, which the system supports or
provides. Analog cellular systems were developed for a single application that is voice and in
a manner similar to analog access to PSTN, other data services such as fax and voice-band
modems were defined as overlay services on top of the analog voice service.
GSM is an integrated voice-data service that provides a number of services beyond cellular
telephone. These services are divided into three major categories. They are Teleservices,
Bearer services and supplementary services.

FEATURES OF GSM
INCREASED CAPACITY
1. The GSM system provides a greater subscriber capacity than analogue systems.
2. GSM allows 25 kHz per user, that is, eight conversations per 200 kHz channel pair (a pair
comprising one transmit channel and one receive channel).
3.Digital channel coding and the modulation used makes the signal resistant to interference
from cells where the same frequencies are re-used (co-channel interference); a Carrier to
Interference Ratio (C/I) level of 12 dB is achieved, as opposed to the 18 dB typical with
analogue cellular.
4. This allows increased geographic reuse by permitting a reduction in the number of cells in
the reuse pattern.

AUDIO QUALITY
1. Digital transmission of speech and high performance digital signal processors provides
good quality speech transmission.
2. Since GSM is a digital technology, the signals passed over a digital air interface can be
protected against errors by using better error detection and correction techniques.
3. In regions of interference or noise-limited operation the speech quality is noticeably better
than analogue.

IMPROVED SECURITY AND CONFIDENTIALITY

1. GSM offers high speech and data confidentiality.Subscriber authentication can be
performed by the system to check if a subscriber is a valid subscriber or not..
2. The GSM system provides for high degree of confidentiality for the subscriber. Calls are
encoded and ciphered when sent over air.
3. The mobile equipment can be identified independently from the mobile subscriber. The
mobile has an identity number hard coded into it when it is manufactured. This number is
stored in a standard database and whenever a call is made the equipment can be checked to
see if it has been reported stolen.

CLEANER HANDOVERS
1. GSM uses Mobile assisted handover technique.
2. The mobile itself carries out the signal strength and quality measurement of its server and
signal strength measurement of its neighbors.
3. This data is passed on the Network which then uses sophisticated algorithms to determine
the need of handover.

SUBSCRIBER IDENTIFICATION
1. In a GSM system the mobile station and the subscriber are identified separately.
2. The subscriber is identified by means of a smart card known as a SIM.
3. This enables the subscriber to use different mobile equipment while retaining the same
subscriber number.

ENHANCED RANGE OF SERVICES

1. Speech services for normal telephony.
2. Short Message Service for point ot point transmission of text message.
3. Cell broadcast for transmission of text message from the cell to all MS in its coverage area.
Message like traffic information or advertising can be transmitted.
4. Fax and data services are provided. Data rates available are 2.4 Kb/s, 4.8 Kb/s and 9.6
Kb/s.
5. Supplementary services like number identification, call barring, call forwarding, charging
display etc can be provided.

FREQUENCY REUSE
1. There are total 124 carriers in GSM ( additional 50 carriers are available if EGSM band is
used).
2. Each carrier has 8 timeslots and if 7 can be used for traffic then a maximum of 868 (124 X
7) calls can be made. This is not enough and hence frequencies have to be reused.
3. The same RF carrier can be used for many conversations in several different cells at the
same time.
4. The radio carriers available are allocated according to a regular pattern which repeats over
the whole coverage area.
5. The pattern to be used depends on traffic requirement and spectrum availability.
6. Some typical repeat patterns are 4/12, 7/21 etc.

GSM ARCHITECTURE
MOBILE EQUIPMENT
There are different types of terminals/mobile equipment distinguished principally by their
power and application:
1.The `fixed' terminals are the ones installed in cars. Their maximum allowed output power is
20 W.
2.The GSM portable terminals can also be installed in vehicles. Their maximum allowed
output power is 8W.
3.The handheld terminals have experienced the biggest success thanks to their weight and
volume, which are continuously decreasing. These terminals can emit up to 2 W. The
evolution of technologies allows decreasing the maximum allowed power to 0.8W.

MOBILE STATION
The MS includes radio equipment and the man machine interface (MMI) that a subscribe
needs in order to access the services provided by the GSM PLMN. MS can be installed in
Vehicles or can be portable or handheld stations. The MS may include provisions for data
communication as well as voice. A mobile transmits and receives message to and from the
GSM system over the air interface to establish and continue connections through the system.
Different type of MSs can provide different type of data interfaces. To provide a common
model for describing these different MS configuration, reference configuration for MS,
similar to those defined for ISDN land stations, has been defined.
Each MS is identified by an IMEI that is permanently stored in the mobile unit. Upon request,
the MS sends this number over the signaling channel to the MSC. The IMEI can be used to
identify mobile units that are reported stolen or operating incorrectly.
Just as the IMEI identities the mobile equipment, other numbers are used to identity the
mobile subscriber. Different subscriber identities are used in different phases of call setup.
The Mobile Subscriber ISDN Number (MSISDN) is the number that the calling party dials in
order to reach the subscriber. It is used by the land network to route calls toward an
appropriate MSC. The international mobile subscribe identity (IMSI) is the primary function
of the subscriber within the mobile network and is permanently assigned to him. The GSM
system can also assign a Temporary Mobile Subscriber Identity (TMSI) to identity a mobile.
This number can be periodically changed by the system and protect the subscriber from being
identified by those attempting to monitor the radio channel.

Functions of MS
The primary functions of MS are to transmit and receive voice and data over the air interface
10

of the GSM system. MS performs the signal processing function of digitizing, encoding, error
protecting, encrypting, and modulating the transmitted signals. It also performs the inverse
functions on the received signals from the BS.
In order to transmit voice and data signals, the mobile must be in synchronization with the
system so that the messages are the transmitted and received by the mobile at the correct
instant. To achieve this, the MS automatically tunes and synchronizes to the frequency and
TDMA timeslot specified by the BSC. This message is received over a dedicated timeslot
several times within a multiframe period of 51 frames. The exact synchronization will also
include adjusting the timing advance to compensate for varying distance of the mobile from
the BTS.
MS keeps the GSM network informed of its location during both national and international
roaming, even when it is inactive. This enables the System to page in its present LA.
Finally, the MS can store and display short received alphanumeric messages on the liquid
crystal display (LCD) that is used to show call dialing and status in formation. These
messages are limited to 160 characters in length (varies from mobile to mobile).

Power Levels
These are five different categories of mobile telephone units specified by the European GSM
system: 20W, 8W, 5W, 2W, and 0.8W. These correspond to 43-dBm, 39-dBm, 37-dBm, 33dBm, and 29-dBm power levels. The 20-W and 8-W units (peak power) are either for
vehicle-mounted or portable station use.
The MS power is adjustable in 2-dB steps from its nominal value down to 20mW (13 dBm).
This is done automatically under remote control from the BTS, which monitors the received
power and adjusts the MS transmitter to the minimum power setting necessary for reliable
transmission.

The SIM
The SIM is a smart card that identifies the terminal. By inserting the SIM card into the
terminal, the user can have access to all the subscribed services. Without the SIM card, the
terminal is not operational. The SIM card is protected by a four-digit Personal Identification
Number (PIN). In order to identify the subscriber to the system, the SIM card contains some
parameters of the user such as its International Mobile Subscriber Identity (IMSI). Another
advantage of the SIM card is the mobility of the users. In fact, the only element that
personalizes a terminal is the SIM card. Therefore, the user can have access to its subscribed
services in any terminal using its SIM card.

11

Equipment identification
The purpose of equipment identification is to ensure that no stolen or otherwise unauthorized
mobiles are used in the network. To this end, every mobile is provided with a tamper-proof
equipment number in the manufacturing process, in GSM an international mobile equipment
identity (IMEI). During the set-up phase, the MSC can request this number from the mobile
and then send it on for checking in the network element called EIR (in GSM). If the number
is barred or unknown, the set-up attempt is rejected.

Subscriber identity confidentiality

Subscriber identity confidentiality means that the operator tries to protect the user's telephone
number (the IMSI) from unauthorized tapping. A temporary mobile subscriber number (TMSI
in GSM) is used in the dialogue between the mobile and the network, except for the first
contact attempt in a set-up phase. The MSC gives the mobile a random TMSI for each set-up.

LOCATION AREA IDENTITY (LAI)

It identifies the current location of the subscriber.
LAI=MNC+MCC+LAC
Where:
MCC= Mobile Country Code

12

MNC= Mobile Network Code (2 digit). Identifies the GSM PLMN in that country and takes
the same value as the MNC in IMSI.
LAC= Location Area Code (max. 16 bits). Identifies a location area within a GSM PLMN
Network & enabling 65536 different location areas to be defined in one GSM PLMN.
SUBSCRIBER AUTHENTICATION KEY (Ki)
It is used to authenticate the SIM card.
PERSONAL IDENTITY NO.
It is used to unlock the MS. If one enters the wrong PIN three times it will lock the SIM. The
SIM can be protected by use of PIN password.

PIN UNBLOCKING KEY (PUK)

In case of PIN, the PUK is needed for unlocking the SIM again. PUK is numeric only, with
eight digits. If a correct PUK is entered, an indication is given to the user. After 10
consecutive incorrect entries the SIM is blocked. Either the IMSI or the MSISDN Number
may access the subscriber data. Some of the parameters like IAI will be continuously updated
to reflect the current location of the subscriber. The SIM is capable of storing additional
information such as accumulated call charges. This information will be accessible to the
customer via handset key entry.

TECHNICAL DEPARTMENT HIERARCHY

13

Technical department has four main streams:

1. Network Switching System (NSS) & Base Station Subsystem (BSS)
2. Network Planning
3. Operation Maintenance & controlling (OMC)
4. Operation and Maintenance (O&M)

Base Station Subsystem (BSS)

The BSS connects the Mobile Station and the NSS. It is in charge of the transmission and
reception.
The BSS can be divided into two parts:
1.The Base Transceiver Station (BTS) or Base Station.
2.The Base Station Controller (BSC).

Base Transceiver Station (BTS)

The BTS controls the radio interface to the MS. The BTS comprises the radio equipment such
as transceivers and antennas which are needed to serve each cell of the network. A BTS is
usually placed in the centre of a cell. Its transmitting power defines the size of a cell. Each
BTS has between one and sixteen transceivers depending on the density of users in the cell.

BTS has 4 functional parts :

1. Transmission unit
2. Control functions
3. TRX
4. Combiner

1. Transmission unit
The task of the transmission unit is to connect the BTS to the Abis interface and, in doing so,
create different types of transmission configuration possibilities. All of the Nokia BTSs have
integrated transmission units. Certain Talk-family models offer additional integrated radio
relay links. Transmission units are monitored by the operation and maintenance unit by
means of an internal Q1 bus.

2.Control functions
Control functions can be split into four individual functions:
1. Operation and maintenance
2. Master clock function
3. Frequency hopping control
4. External alarms and controls
14

That being said, depending on the type of BTS this could mean from one integrated unit to up
to four individual plug-in units.

a. Operation and maintenance : The O&M processor controls and supervises the
operation of all BTS units alone or in co-operation with other processors. It is the main
interface for local O&M and controls and supervises the other units as well as delivers all
status information to the BSC by means of the O&M signalling link , which it manages. It
stores SW as well as downloads SW to the other units. It also downloads the software and
configuration information received from the BSC or the MMI to other processors.

b. External alarms and controls : External alarms and controls are programmable
interfaces to other devices in the BTS , which can be used to monitor environmental
conditions at the BTS site as well as monitor the state of units, which do not have a processor
of their own. An example of external alarm might be an intruder alarm or a smoke detector.

c. Frequency hopping control : The frequency hopping control processor controls the
frequency hopping functions of the BTS by calculating the frequency hopping algorithm and
controls the transceivers through a specific parallel bus.

3. Transceiver (TRX)
The TRX can also contain a varying number of plug-in units depending on the type of BTS.
The TRX can basically be thought of in terms of two functional parts: the base band part and
the radio part. The radio part can also be split into a transmitter part(Tx) and a receiver
part(Rx). The Rx part may also be configured to support antenna diversity , which is
supported by all of the BTS products.
The functions of the TRX can be divided into two categories: O&M and telecommunication
control. One of the most important functions relative to O&M is to download the software
and configuration information received from the main O&M processor to its slave processors
(DSPs).
In terms of telecommunication control, we can apply many of the functions examined in the
previous section directly to the TRX.
Apart from digitizing and source coding, all of these are in fact performed in the TRX, speech
coding being performed in the transcoder. It is important to remember that in the uplink
direction the mobile will perform the same functions as well as digitizing and speech
coding.Relative to the other functions of the TRX, we could also mention channel
equalization, adaptive frame alignment, RACH channel detection and measurements as TRX
functions.
TRX software is also designed to handle a number of signalling scenarios including call setup and release, handovers, TX power control, Air-interface measurements and short
messages.

Functionality of the BSC

15

The BSC manages a variety of tasks ranging from channel administration to short messaging
service. Furthermore the BSC provides interfaces to other network elements. The main
functionalities are explained in brief below.
The following BSC functionalities consist of basic and optional functionalities. These
functionalities and options are described in more detail in BSS feature descriptions.

General functionalities
A. Management of terrestrial channels
1. Indication of blocking on the A interface channels between the BSC and the MSC
2. Allocation of traffic channels between the BSC and the BTSs
3. Pool support for A interface circuits
4. concept support for flexible channel assignments, for example, half rate and high speed
circuit switched data

B. Management of radio channels

1.Management of channel configurations, that is, how many traffic channels and signalling
channels can be used in the BSS. This is done in connection with radio network
configuration.
2.Management of traffic channels (TCH) and stand-alone dedicated control channels
(SDCCH). This function can be subdivided into the following tasks:
- resource management
- channel allocation
- link supervision
- channel release
- power control
3. Management of broadcast control channels (BCCH) and common control channels
(CCCH). This function can be subdivided into the following tasks:
- channel management
- random access
- access grant
- paging
- Management of PCCCH/PBCCH for (E)GRPS

C. Management of frequency hopping:

The BSC is in charge of frequency hopping management which enables effective use of radio
resources and enhanced voice quality for a GSM subscriber.

1. Handovers
16

The frequency of the mobile is changed in connection with handovers which are executed and
controlled by the BSC. Such a handover can be one of the following three types:
a. Intra-BSC, intra-cell (both intra-TRX and inter-TRX), which means that the handover takes
place within the area controlled by the BSC and the mobile stays in the same cell
b. Intra-BSC, inter-cell, which means that the mobile stays in the area of the BSC but moves
from one cell to another
c. Inter-BSC, both outgoing and incoming, which means that the mobile moves into the area
of another BSC
Management of signalling channels between the BSC and the BTSs
The BSC supervises all 16, 32 or 64 kbit/s permanent point-to-point LAPD signalling
connections, consisting of one connection per Transceiver Unit (TRX) and BTS Operation
and Maintenance Unit (OMU).

Maintenance
The BSC offers the possibility for the following maintenance procedures:
Fault localization for the BSC
Reconfiguration of the BSC
Reconfiguration support to the BTS
Updating of the software in the BSC, TCSM2 and BTS

Operation
During normal operation on, the BSC offers various possibilities for the operator:
modification of the parameters of the BSC and the BTS
modification of the radio network parameters
configuration of the BSC hardware
administration of the BSC equipment

Network and Switching Subsystem (NSS)

The switching system (SS) is responsible for performing call processing and subscriberrelated functions.

17

The different components of the NSS are described below:

Mobile services Switching Centre (MSC)
The MSC performs the telephony switching functions for the mobile network. It controls
calls to and from other telephone and data systems such as Public Switched Telephone
Network (PSTN), Integrated Services Digital Network (ISDN), public data networks, private
networks and other mobile networks.

Explanation
The Mobile Switching Center or MSC is the primary service delivery node for GSM,
responsible for handling voice calls and SMS as well as other services (such as conference
calls, FAX and circuit switched data). The MSC sets up and releases the end-to-end
connection, handles mobility and hand-over requirements during the call and takes care of
charging and real time pre-paid account monitoring. In the GSM mobile phone system, in
contrast with earlier analogue services, fax and data information is sent directly digitally
encoded to the MSC. Only at the MSC is this re-coded into an "analogue" signal .
There are various different names for MSCs in different contexts which reflects their complex
role in the network, all of these terms though could refer to the same MSC, but doing
different things at different times.
A Gateway MSC is the MSC that determines which visited MSC the subscriber who is being
called is currently located. It also interfaces with the Public Switched Telephone Network. All
mobile to mobile calls and PSTN to mobile calls are routed through a GMSC. The term is
only valid in the context of one call since any MSC may provide both the gateway function
and the Visited MSC function, however, some manufacturers design dedicated high capacity
MSCs which do not have any BSSes connected to them. These MSCs will then be the
Gateway MSC for many of the calls they handle.
The Visited MSC is the MSC where a customer is currently located. The VLR associated with
this MSC will have the subscriber's data in it.
The Anchor MSC is the MSC from which a handover has been initiated. The Target MSC is
the MSC toward which a Handover should take place.

Mobile Switching Centre Server (MSS)

The Mobile Switching Centre Server or MSC Server is a soft switch variant of Mobile
Switching Centre, which provides circuit-switched calling, mobility management, and GSM
services to the mobile phones roaming within the area that it serves. MSC Server
functionality enables split between control (signalling) and user plane (bearer in network
element called as Media Gateway), which guarantees more optimal placement of network
elements within the network.

Other GSM Core Network Elements connected to the MSC

The MSC connects to the following elements:
1. The HLR for obtaining data about the SIM and MSISDN

18

2. The Base Station Subsystem which handles the radio communication with 2G and 2.5G
mobile phones.
3. The UTRAN which handles the radio communication with 3G mobile phones.
4. The VLR for determining where other mobile subscribers are located.

Tasks of the MSC include

1. Delivering calls to subscribers as they arrive based on information from the
VLR .
2. Connecting outgoing calls to other mobile subscribers or the PSTN.
3. Delivering SMSs from subscribers to the SMSC and vice versa.
4. Arranging handovers from BSC to BSC.
5. Carrying out handovers from this MSC to another.
6. Supporting supplementary services such as conference calls or call hold.
7. Generating billing information.

Home Location Register (HLR)

The HLR is a centralized network database that stores and manages all mobile subscriptions
belonging to a specific operator. It acts as a permanent store for a persons subscription
information until that subscription is canceled. The information stored includes:
1. Subscriber identity.
2. Subscriber supplementary services.
3. Subscriber location information.
4. Subscriber authentication information.
The 'Home Location Register' or HLR is a central database that contains details of each
mobile phone subscriber that is authorized to use the GSM core network. There is one logical
HLR per PLMN, although there may be multiple physical platforms.
The HLR stores details of every SIM card issued by the mobile phone operator. Each SIM
has a unique identifier called an IMSI which is the primary key to each HLR record.
The next important items of data associated with the SIM are the MSISDNs, which are the
telephone numbers used by mobile phones to make and receive calls. The primary MSISDN
19

is the number used for making and receiving voice calls and SMS, but it is possible for a SIM
to have other secondary MSISDNs associated with it for fax and data calls. Each MSISDN is
also a primary key to the HLR record.
Examples of other data stored in the HLR against an IMSI record are:
1. GSM services that the subscriber has requested or been given
2. GPRS settings to allow the subscriber to access packet services
3. Current Location of subscriber (VLR and SGSN)
4. Call divert settings applicable for each associated MSISDN.
5. The HLR data is stored for as long as a subscriber remains with the mobile phone operator.
The HLR is a system which directly receives and processes MAP transactions and messages
from elements in the GSM network, for example, the Location Update messages received as
mobile phones roam around.
The HLR connects to the following elements:
1. The Gateway MSC (G-MSC) for handling incoming calls
2. The VLR for handling requests from mobile phones to attach to the network
3. The SMSC for handling incoming SMS
4. The voice mail system for delivering notifications to the mobile phone that a message is
waiting.

Procedures implemented
The main function of the HLR is to manage the fact that SIMs and phones move around a lot.
The following procedures are implemented to deal with this:
Manage the mobility of subscribers by means of updating their position in administrative
areas called 'location areas', which are identified with a LAC. The action of a user of moving
from one LA to another is followed by the HLR with a Location area update while retrieving
information from BSS as BSIC (cell identifier).
Send the subscriber data to a VLR or SGSN when a subscriber first roams there.
Broker between the GMSC or SMSC and the subscriber's current VLR in order to allow
incoming calls or text messages to be delivered. Remove subscriber data from the previous
VLR when a subscriber has roamed away from it.

Visitor Location Register (VLR)

20

The VLR database contains information about all the mobile subscribers currently located in
the MSC service area. Thus, there is one VLR for each MSC in a network. The VLR
temporarily stores subscription information so that the MSC can service all the subscribers
currently visiting that MSC service area. The VLR can be regarded as a distributed HLR as it
holds a copy of the HLR information stored about the subscriber.
When a subscriber roams into a new MSC service area, the VLR connected to that MSC
requests information about the subscriber from the subscribers HLR. The HLR sends a copy
of the information to the VLR and updates its own location information. When the subscriber
makes a call, the VLR will already have the information required for call set-up.

Authentication Center (AUC)

AUC provides authentication and encryption parameters that verify the user's identity and
ensure the confidentiality of each call. The AUC protects network operators from different
types of fraud found in today's cellular world. The AUC is a database connected to the HLR
which provides it with the authentication parameters and ciphering keys used to ensure
network security.
The 'Authentication Centre' or AUC is a function to authenticate each SIM card that attempts
to connect to the GSM core network (typically when the phone is powered on). Once the
authentication is successful, the HLR is allowed to manage the SIM and services described
above. An encryption key is also generated that is subsequently used to encrypt all wireless
communications (voice, SMS, etc.) between the mobile phone and the GSM core network.
If the authentication fails, then no services are possible from that particular combination of
SIM card and mobile phone operator attempted. There is an additional form of identification
check performed on the serial number of the mobile phone described in the EIR section
below, but this is not relevant to the AUC processing.
Proper implementation of security in and around the AUC is a key part of an operator's
strategy to avoid SIM cloning.
The AUC does not engage directly in the authentication process, but instead generates data
known as triplets for the MSC to use during the procedure. The security of the process
depends upon a shared secret between the AUC and the SIM called the Ki. The Ki is securely
burned into the SIM during manufacture and is also securely replicated onto the AUC. This
Ki is never transmitted between the AUC and SIM, but is combined with the IMSI to produce
a challenge/response for identification purposes and an encryption key called Kc for use in
over the air communications.
Other GSM Core Network Elements connected to the AUC
The AUC connects to the following elements:
The MSC which requests a new batch of triplet data for an IMSI after the previous data have
been used. This ensures that same keys and challenge responses are not used twice for a
particular mobile.

Procedures implemented
The AUC stores the following data for each IMSI:
1. The Ki

21

2. Algorithm id (the standard algorithms are called A3 or A8, but an operator may choose a
proprietary one).
When the MSC asks the AUC for a new set of triplets for a particular IMSI, the AUC first
generates a random number known as RAND. This RAND is then combined with the Ki to
produce two numbers as follows:
The Ki and RAND are fed into the A3 algorithm and a number known as Signed response or
SRES is calculated.
The Ki and RAND are fed into the A8 algorithm and a session key called Kc is calculated.
The numbers (RAND, SRES, KC) form the triplet sent back to the MSC. When a particular
IMSI requests access to the GSM core network, the MSC sends the RAND part of the triplet
to the SIM. The SIM then feeds this number and the Ki (which is burned onto the SIM) into
the A3 algorithm as appropriate and an SRES is calculated and sent back to the MSC. If this
SRES matches with the SRES in the triplet (which it should if it is a valid SIM), then the
mobile is allowed to attach and proceed with GSM services.
After successful authentication, the MSC sends the encryption key Kc to the Base Station
Controller (BSC) so that all communications can be encrypted and decrypted. Of course, the
mobile phone can generate the Kc itself by feeding the same RAND supplied during
authentication and the Ki into the A8 algorithm.

The AUC is usually collocated with the HLR, although this is not necessary.
Whilst the procedure is secure for most everyday use, it is by no means
crack proof. Therefore a new set of security methods was designed for 3G
phones.
Radio Interface
Radio interface is the interface between the MS and the RBS. It is also
called as Um interface. This interface has three layers (OSI). They are
Physical Layer (Layer1), Data Link Layer (Layer2) and Network Layer
(Layer3)

Network Layer (Layer3):

This layer provides the Mobile Network Signaling (MNS) service to the user application.
The basic functions of this layer are to establish, maintain and terminate circuit switched
connections across a GSM PLMN and other networks to which the PLMN is connected.
Also it supports functions for supplementary services and short message service
This layer consists of three-sub layer which are basically protocol control entities. They are a.
Connection Management (CM) b. Mobility Management (MM) c. Radio Resource
Management (RR)
In the MS, entities from all three sub layers are present however on the network side there is
a distribution of the signaling functions between different network equipment. The RR
22

function resides mainly in the BSC. The MM and CM functions are located in the MSC. In
the BTS most of the RR messages are handled as transparent message. However some of
them must be interpreted by the BTS.

a. Mobility Management : The following functions are being carried out by this
Mobility management MM sub layer.
All the functions regarding the location of the MS, which includes location updating type
normal, location update type periodic registration and location updating type IMSI attach.
It provides the user identity procedures. These procedures are authentication, TMSI
reallocation, IMSI detach and identification of the MS by requesting either IMSI or IMEI.

b. Radio Resource Management : The main purpose of this sub layer is to establish,
maintain and release a dedicated connection between the MS and the network. This includes
handover procedures, cell selection at power on and cell re-selection in idle mode, recovery
from lack of coverage in idle mode. The following are the basic RR functions.
On the downlink, the RR sub layer sends system information to the busy MS.
On the uplink, the MS transmits measurement reports.
The network may use the RR ciphering mode-setting procedure for setting the ciphering
mode.
The class mark change procedure is used by the MS to provide the system with additional MS
class mark information. It is also used to indicate to the network a change in class mark. For
example, when the power capabilities of a hand held MS are changed because the MS is
connected to external power in a vehicle.

Equipment Identity Register (EIR)

The EIR is also used for security purposes. It is a register containing information about the
mobile equipments. More particularly, it contains a list of all valid terminals. A terminal is
identified by its International Mobile Equipment Identity (IMEI). The EIR allows then to
forbid calls from stolen or unauthorized terminals (e.g., a terminal which does not respect the
specifications concerning the output RF power).

GSM IDENTIFIER
INTERNATIONAL MOBILE SSTATION EQUIPMENT IDENTITY
(IMEI)
The International Mobile Station Equipment Identity uniquely identifies the mobile station
internationally. It is a kind of a serial number. The IMEI is allocated by the equipment
manager and registered by the nework operator who stores it in the EIR.
23

There are following parts of an IME:

TYPE APPROVAL CODE (TAC): 6 decimal places,centrally assigned
FINAL ASSEMBLY CODE (FAC): 6 decimal places,assigned by the manufacturer
SERIAL NUMBER (SNR): 6 decimal places,assigned by the manufacturer
SPARE (SP): 1decimal place
IMEI = TAC + FAC + SNR + SP

INTERNATIONAL MOBILE SUBSCRIBER IDENTITY (IMSI)

IMSI is a unique identification associated with all GSM and UMTS network phone users.
It is stored as a 64-bit field in the SIM inside the phone and is sent by the phone to the
network. An IMSI is usually presented as a 15 digit long number,but can be shorter. The
IMSI conforms to the UT E.212 numbering standards.
IMSI = MCC + MNC + MSIN
Example:
MCC 404 INDIA
MNC 68 MNTL DELHI
MSIN 5505601234

MOBILE SUBSCRIBER ISDN NUMBER (MSISDN)

The real telephone number of a mobile station is the MOBILE SUBSCRIBER ISDN
NUMBER (MSISDN). It is the assigned to the subscriber such that a mobile station set can
have several MSISDNs depending upon the SIM.
The MSISDN categories follow the international ISDN number plan and therefore have the
following structure :
COUNTRY CODE (CC) : Upto 3 decimal places
NATIONAL DESTINATION CODE (NDC) : Typically 2-3 decimal places
SUBSCRIBER NUMBER (SN) : Maximum 10 decimal places

MOBILE STATION ROAMING NUMBER (MSRN)

The Mobile Station Roaming Number is the temporary location dependent ISDN number.
It is assigned by the locally responsible VLR to each mobile station in its area. Calls are
also routed to the MS by the MSRN.

24

The MSRN has the same structure as that of MSISDN

COUNTRY CODE (CC) : of the visited network
NATIONAL DESTINATION CODE (NDC) : of the visited network
SUBSCRIBER NUMBER (SN) : in the current mobile network

LOCATION AREA IDENTITY (LAI)

Each LA of an PLMN has its own identifiers. The Location Area Identifier is also structured
hierarchically and internationally unique as follows.

COUNTRY CODE (CC) : 3 decimal places

MOBILE NETORK CODE (MNC) : 2 decimal places
LOCATION AREA CODE (LAC) : maximum 5 decimal places

PERIODIC APPRAISAL PERFORMA

(To be filled by External Advisor)

25

Name of Student: Sourabh Kumar

Registration No: 11105529

26