Global System for Mobile (GSM) telecommunications—formerly known as Groupe Spéciale Mobile, for the group that started developing the standard in 1982—was designed from the beginning as an international digital cellular service. It was intended that GSM subscribers should be able to cross national borders and find that their mobile services crossed with them.
Today, GSM is well established in most countries, with the highest concentration of service providers and users in Europe. Originally, the 900-MHz band was reserved for GSM services. Since GSM first entered commercial service in 1992, it has been adapted to work at 1800 MHz for the Personal Communications Networks (PCN) in Europe and at 1900 MHz for Personal Communications Services (PCS) in the United States.
GSM telecommunication services are divided into teleservices, bearer services, and supplementary services.
Teleservices The most basic teleservice supported by GSM is telephony. There is an emergency service in which the nearest emergency service provider is notified by dialing three digits (similar to 911). Group 3 fax, an analog method described in ITU–T Recommendation T.30, is also supported by GSM through the use of an appropriate fax adapter.
Bearer Services A unique feature of GSM compared to older analog systems is the Short Message Service (SMS). SMS is a bidirectional service for sending short alphanumeric messages (up to 160 bytes) in a store-and-forward manner. For point-to-point SMS, a message can be sent to another subscriber to the service, and an acknowledgment of receipt is provided to the sender.
SMS also can be used in cell broadcast mode for sending messages such as traffic updates or news updates. Messages can be stored in a smart card called the “Subscriber Identity Module” (SIM) for later retrieval. Since GSM is based on digital technology, it allows synchronous and asynchronous data to be transported as a bearer service to or from an Integrated Services Digital Network (ISDN) terminal.
The data rates supported by GSM are 300, 600, 1200, 2400, and 9600 bps. Data can use either the transparent service, which has a fixed delay but no guarantee of data integrity, or a nontransparent service, which guarantees data integrity through an automatic repeat request (ARQ) mechanism but with variable delay. GSM has much more potential in terms of supporting data.
The GSM standard for high-speed circuit-switched data (HSCSD) enables mobile phones to support data rates of up to 38.4 kbps, compared with 9.6 kbps for regular GSM networks. Transmission speeds of up to 171.2 kbps are available with mobile phones that support the GSM standard for General Packet Radio Service (GPRS). The high bandwidth is achieved by using eight timeslots, or voice channels, simultaneously.
GPRS facilitates several new applications, such as Web browsing over the Internet. Both HSCSD and GPRS are steps toward the third generation (3G) of mobile technology, called International Mobile Telecommunications (IMT), a framework for advanced mobile telephony that seeks to harmonize all national and regional standards for global interoperability, which is in various phases of implementation around the world. IMT includes standards that eventually will allow mobile phones to operate at up to 2 Mbps, enabling broadband applications such as videoconferencing.
Supplementary Services Supplementary services are provided on top of teleservices or bearer services and include such features as caller identification, call forwarding, call waiting, and multiparty conversations. There is also a lockout feature that prevents the dialing of certain types of calls, such as international calls.
A GSM network consists of the following elements: mobile station, base station subsystem, and mobile services switching center (MSC). Each GSM network also has an operations and maintenance center that oversees the proper operation and setup of the network. There are two air interfaces: the Um interface is a radio link over which the mobile station and the base station subsystem communicate; the Ainterface is a radio link over which the base station subsystem communicates with the MSC.
The Mobile Station The mobile station (MS) consists of the radio transceiver, display and digital signal processors, and the SIM. The SIM provides personal mobility so that the subscriber can have access to all services regardless of the terminal’s location or the specific terminal used.
By removing the SIM from one GSM cellular phone and inserting it into another GSM cellular phone, the user is able to receive calls at that phone, make calls from that phone, or receive other subscribed services. The SIM card may be protected against unauthorized use by a password or personal identification number (PIN).
An International Mobile Equipment Identity (IMEI) number uniquely identifies each mobile station. The SIM card contains an International Mobile Subscriber Identity (IMSI) number identifying the subscriber, a secret key for authentication, and other user information. Since the IMEI and IMSI are independent, this arrangement provides users with a high degree of security.
The SIM comes in two form factors: credit-card size (ISO format) or postage-stamp size (plug-in format). Both sizes are offered together to fit any kind of cell phone the user happens to have. There is also a micro SIM adapter (MSA) that allows the user to change back from the plug-in format SIM card into an ISO format card. The SIM cards also allow services to be individually tailored and updated over the air and activated without requiring the user to find a point-of-sale location in order to carry out the update.
SIM cards’ remote control and modification possibilities allow the carriers to offer their subscribers such new, interactive services as remote phonebook loading and remote recharging of prepaid SIMs. The cards also can contain company/private or parent/children subscriptions with separate PIN codes that can be changed over the air.
Base Station Subsystem The base station subsystem consists of two parts: the base transceiver station (BTS) and the base station controller (BSC). These communicate across the A–bis interface, enabling operation between components made by different suppliers. The base transceiver station contains the radio transceivers that define a cell and handles the radio link protocols with the mobile stations.
In a large urban area, there typically will be a number of BTSs to support a large subscriber base of mobile service users. The base station controller provides the connection between the mobile stations and the mobile service switching center (MSC). It manages the radio resources for the BTSs, handling such functions as radio channel setup, frequency hopping, and handoffs. The BSC also translates the 13-kbps voice channel used over the radio link to the standard 64-kbps channel used by the land-based Public Switched Telephone Network (PSTN) or ISDN.
Mobile Services Switching Center The mobile services switching center (MSC) acts like an ordinary switching node on the PSTN or ISDN and provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handoffs, and call routing to a roaming subscriber. These services are provided in conjunction with several other components, which together form the network subsystem.
The MSC provides the connection to the public network (PSTN or ISDN) and signaling between various network elements that use Signaling System 7 (SS7). The MSC contains no information about particular mobile stations. This information is stored in two location registers that are essentially databases. The Home Location Register (HLR) and Visitor Location Register (VLR), together with the MSC, provide the call routing and roaming (national and international) capabilities of GSM.
The HLR contains administrative information for each subscriber registered in the corresponding GSM network, along with the current location of the mobile device. The current location of the mobile device is in the form of a Mobile Station Roaming Number (MSRN), which is a regular ISDN number used to route a call to the MSC where the mobile device is currently located.
Only one HLR is needed per GSM network, although it may be implemented as a distributed database. The Visitor Location Register (VLR) contains selected administrative information from the HLR that is necessary for call control and provision of the subscribed services for each mobile device currently located in the geographic area controlled by the VLR. There are two other registers that are used for authentication and security purposes.
The Equipment Identity Register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its IMEI. An IMEI is marked as invalid if it has been reported stolen or is not type approved. The authentication center is a protected database that stores a copy of the secret key stored in each subscriber’s SIM card, which is used for authentication.
Channel Derivation and Types
Since radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible. The method used by GSM is a combination of Time and Frequency Division Multiple Access (TDMA/FDMA). The FDMApart involves the division by frequency of the total 25-MHz bandwidth into 124 carrier frequencies of 200- kHz bandwidth.
One or more carrier frequencies are then assigned to each base station. Each of these carrier frequencies is then divided in time, using a TDMAscheme, into eight time slots. One time slot is used for transmission by the mobile device and one for reception. They are separated in time so that the mobile unit does not receive and transmit at the same time.
Within the framework of TDMA, two types of channels are provided: traffic channels and control channels. Traffic channels carry voice and data between users, while the control channels carry information that is used by the network for supervision and management. Among the control channels are the following:
- Fast Associated Control Channel (FACCH). Robs slots from traffic channels to transmit power control and call handoff messages.
- Broadcast Control Channel (BCCH). Continually broadcasts on the downlink, information including base station identity, frequency allocations, and frequency hopping sequences.
- Stand-Alone Dedicated Control Channel (SDCCH). Used for registration, authentication, call setup, and location updating. Common Control Channel (CCCH) Comprises three control channels used during call origination and call paging.
- Random Access Channel (RACH). Used to request access to the network.
- Paging Channel (PCH). Used to alert the mobile station of an incoming call.
Authentication and Security
Since radio signals can be accessed by virtually anyone, authentication of users to prove their identity is a very important feature of a mobile network. Authentication involves two functional entities, the SIM card in the mobile unit and the authentication center (AC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AC.
During authentication, the AC generates a random number that it sends to the mobile unit. Both the mobile unit and the AC then use the random number, in conjunction with the subscriber’s secret key and an encryption algorithm called A3, to generate a number that is sent back to the AC. If the number sent by the mobile unit is the same as the one calculated by the AC, the subscriber is authenticated.
The calculated number is also used, together with a TDMAframe number and another encryption algorithm called A5, to encrypt the data sent over the radio link, preventing others from listening in. Encryption provides an added measure of security, since the signal is already coded, interleaved, and transmitted in a TDMAmanner , thus providing protection from all but the most technically astute eavesdroppers.
Another level of security is performed on the mobile equipment, as opposed to the mobile subscriber. As noted, a unique IMEI number is used to identify each GSM terminal. Alist of IMEIs in the network is stored in the EIR. The status returned in response to an IMEI query to the EIR is one of the following:
- White listed. Indicates that the terminal is allowed to connect to the network.
- Gray listed. Indicates that the terminal is under observation from the network for possible problems.
- Black listed. Indicates that the terminal either has been reported as stolen or is not type approved (i.e., not the correct type of terminal for a GSM network). Such terminals are not allowed to connect to the network.
By mid-2001, there were 404 GSM networks in operation in 171 countries, providing mobile telephone service to 538 million subscribers. GSM accounts for 70 percent of the world’s digital market and 65 percent of the world’s wireless market. One new subscriber signs up for service every second of the day and night.
GSM in North America has some 11 million customers across the United States and Canada. GSM ser vice is available in 6500 cities in 48 states, the District of Columbia, and six Canadian provinces. According to the North American GSM Alliance, GSM coverage reaches more than half the Canadian population and two-thirds of the U.S. population.