Um interface

Last updated

The Um interface is the air interface for the GSM mobile telephone standard. It is the interface between the mobile station (MS) and the Base transceiver station (BTS). It is called Um because it is the mobile analog to the U interface of ISDN. Um is defined in the GSM 04.xx and 05.xx series of specifications. Um can also support GPRS packet-oriented communication.

Contents

Um layers

The layers of GSM are initially defined in GSM 04.01 Section 7 and roughly follow the OSI model. Um is defined in the lower three layers of the model.

Physical Layer (L1)

The Um physical layer is defined in the GSM 05.xx series of specifications, with the introduction and overview in GSM 05.01. For most channels, Um L1 transmits and receives 184-bit control frames or 260-bit vocoder frames over the radio interface in 148-bit bursts with one burst per timeslot. There are three sublayers:

  1. Radiomodem. This is the actual radio transceiver, defined largely in GSM 05.04 and 05.05.
  2. Multiplexing and Timing. GSM uses TDMA to subdivide each radio channel into as many as 16 traffic channels or as many as 64 control channels. The multiplexing patterns are defined in GSM 05.02.
  3. Coding. This sublayer is defined in GSM 05.03.

Um on the physical channel has 26 TDMA frames each frame consisting of 114 info bits each. The length of 26 TDMA frame also called Multi-frame is 120 ms apart.

Radio modem

GSM uses GMSK or 8PSK modulation with 1 bit per symbol which produces a 13/48 MHz (270.833 kHz or 270.833 K symbols/second) symbol rate and a channel spacing of 200 kHz. Since adjacent channels overlap, the standard does not allow adjacent channels to be used in the same cell. The standard defines several bands ranging from 400 MHz to 1990 MHz. Uplink and downlink bands are generally separated by 45 or 50 MHz (at the low-frequency end of the GSM spectrum) and 85 or 90 MHz (at the high-frequency end of the GSM spectrum). Uplink/downlink channel pairs are identified by an index called the Within the BTS, these ARFCNs are given arbitrary carrier indexes C0..Cn-1, with C0 designated as a Beacon Channel and always operated at constant power.

GSM has physical and logical channels. The logical channel is time-multiplexed into 8 timeslots, with each timeslot lasting for 0.577ms and having 156.25 symbol periods. These 8 timeslots form a frame of 1,250 symbol periods. Channels are defined by the number and position of their corresponding burst period. The capacity associated with a single timeslot on a single ARFCN is called a physical channel (PCH) and referred to as "CnTm" where n is a carrier index and m is a timeslot index (0-7).

Each timeslot is occupied by a radio burst with a guard interval, two payload fields, tail bits, and a midamble (or training sequence). The lengths of these fields vary with the burst type but the total burst length is 156.25 symbol periods. The most commonly used burst is the Normal Burst (NB). The fields of the NB are:

35712615738.25
Tail bitsPayloadStealing bitMidambleStealing bitPayloadTail bitsGuard period
Midamble
A 26-bits training sequence that helps in multipath equalisation at the center of the burst
"Stealing bits"
each side of the midamble, used to distinguish control and traffic payloads
Payload
two 57-bit fields, symmetric about the burst
Tail bits
3-bit field, at each end of the burst
Guard period
8.25-symbols at the end of the burst

There are several other burst formats, though. Bursts that require higher processing gain for signal acquisition have longer midambles. The random access burst (RACH) has an extended guard period to allow it to be transmitted with incomplete timing acquisition. Burst formats are described in GSM 05.02 Section 5.2.

Multiplexing and timing

Each physical channel is time-multiplexed into multiple logical channels according to the rules of GSM 05.02. One logical channel constitute of 8 burst periods (or physical channels) which is called a Frame. Traffic channel multiplexing follows a 26-frame (0.12 second) cycle called a "multiframe". Control channels follow a 51-frame multiframe cycle. The C0T0 physical channel carries the SCH, which encodes the timing state of the BTS to facilitate synchronization to the TDMA pattern.

GSM timing is driven by the serving BTS through the SCH and FCCH. All clocks in the handset, including the symbol clock and local oscillator, are slaved to signals received from the BTS, as described in GSM 05.10. BTSs in the GSM network can be asynchronous and all timing requirements in the GSM standard can be derived from a stratum-3 OCXO.

Coding

The coding sublayer provides forward error correction. As a general rule, each GSM channel uses a block parity code (usually a Fire code), a rate-1/2, 4th-order convolutional code and a 4-burst or 8-burst interleaver. Notable exceptions are the synchronization channel (SCH) and random access channel (RACH) that use single-burst transmissions and thus have no interleavers. For speech channels, vocoder bits are sorted into importance classes with different degrees of encoding protection applied to each class (GSM 05.03).

Both 260-bit vocoder frames and 184-bit L2 control frames are coded into 456 bit L1 frames. On channels with 4-burst interleaving (BCCH, CCCH, SDCCH, SACCH), these 456 bits are interleaved into 4 radio bursts with 114 payload bits per burst. On channels with 8-burst interleaving (TCH, FACCH), these 456 bits are interleaved over 8 radio bursts so that each radio burst carries 57 bits from the current L1 frame and 57 bits from the previous L1 frame. Interleaving algorithms for the most common traffic and control channels are described in GSM 05.03 Sections 3.1.3, 3.2.3 and 4.1.4.

The Um data link layer, LAPDm, is defined in GSM 04.05 and 04.06. LAPDm is the mobile analog to ISDN's LAPD.

Network Layer (L3)

The Um network layer is defined in GSM 04.07 and 04.08 and has three sublayers. A subscriber terminal must establish a connection in each sublayer before accessing the next higher sublayer.

  1. Radio Resource (RR). This sublayer manages the assignment and release of logical channels on the radio link. It is normally terminated in the base station controller (BSC).
  2. Mobility Management (MM). This sublayer authenticates users and tracks their movements from cell to cell. It is normally terminated in the Visitor Location Register (VLR) or Home Location Register (HLR).
  3. Call Control (CC). This sublayer connects telephone calls and is taken directly from ITU-T Q.931. GSM 04.08 Annex E provides a table of corresponding paragraphs in GSM 04.08 and ITU-T Q.931 along with a summary of differences between the two. The CC sublayer is terminated in the MSC.

The access order is RR, MM, CC. The release order is the reverse of that. Note that none of these sublayers terminate in the BTS itself. The standard GSM BTS operates only in layers 1 and 2.

Um logical channels

Um logical channel types are outlined in GSM 04.03. Broadly speaking, non-GPRS Um logical channels fall into three categories: traffic channels, dedicated control channels and non-dedicated control channels.

Traffic channels (TCH)

These point-to-point channels correspond to the ISDN B channel and are referred to as Bm channels. Traffic channels use 8-burst(Break) diagonal interleaving with a new block starting on every fourth burst and any given burst containing bits from two different traffic frames. This interleaving pattern makes the TCH robust against single-burst fades since the loss of a single burst destroys only 1/8 of the frame's channel bits. The coding of a traffic channel is dependent on the traffic or vocoder type employed, with most coders capable of overcoming single-burst losses. All traffic channels use a 26-multiframe TDMA structure.

Full-rate channels (TCH/F)

A GSM full rate channel uses 24 frames out of a 26-multiframe. The channel bit rate of a full-rate GSM channel is 22.7 kbit/s, although the actual payload data rate is 9.6-14 kbit/s, depending on the channel coding. This channel is normally used with the GSM 06.10 Full Rate, GSM 06.60 Enhanced Full Rate or GSM 06.90 Adaptive Multi-Rate speech codec. It can also be used for fax and Circuit Switched Data.

Half-rate channels (TCH/H)

A GSM half rate channel uses 12 frames out of a 26-multiframe. The channel bit rate of a half-rate GSM channel is 11.4 kbit/s, although the actual data capacity is 4.8-7 kbit/s, depending on the channel coding. This channel is normally used with the GSM 06.20 Half Rate or GSM 06.90 Adaptive Multi-Rate speech codec.

Dedicated Control Channels (DCCHs)

These point-to-point channels correspond to the ISDN D channel and are referred to as Dm channels.

Standalone Dedicated Control Channel (SDCCH)

The SDCCH is used for most short transactions, including initial call setup step, registration and SMS transfer. It has a payload data rate of 0.8 kbit/s. Up to eight SDCCHs can be time-multiplexed onto a single physical channel. The SDCCH uses 4-burst block interleaving in a 51-multiframe.

Fast Associated Control Channel (FACCH)

The FACCH is always paired with a traffic channel. The FACCH is a blank-and-burst channel that operates by stealing bursts from its associated traffic channel. Bursts that carry FACCH data are distinguished from traffic bursts by stealing bits at each end of the midamble. The FACCH is used for in-call signaling, including call disconnect, handover and the later stages of call setup. It has a payload data rate of 9.2 kbit/s when paired with a full-rate channel (FACCH/F) and 4.6 kbit/s when paired with a half-rate channel (FACCH/H). The FACCH uses the same interleaving and multiframe structure as its host TCH.

Slow Associated Control Channel (SACCH)

Every SDCCH or FACCH also has an associated SACCH. Its normal function is to carry system information messages 5 and 6 on the downlink, carry receiver measurement reports on the uplink and to perform closed-loop power and timing control. Closed loop timing and power control are performed with a physical header at the start of each L1 frame. This 16-bit physical header carries actual power and timing advance settings in the uplink and ordered power and timing values in the downlink. The SACCH can also be used for in-call delivery of SMS. It has a payload data rate of 0.2-0.4 kbit/s, depending on the channel with which it is associated. The SACCH uses 4-burst block interleaving and the same multiframe type as its host TCH or SDCCH.

Common Control Channels (CCCHs)

These are unicast and broadcast channels that do not have analogs in ISDN. These channels are used almost exclusively for radio resource management. The AGCH and RACH together form the medium access mechanism for Um.

Broadcast Control Channel (BCCH)

The BCCH carries a repeating pattern of system information messages that describe the identity, configuration and available features of the BTS. BCCH brings the measurement reports it bring the information about LAI And CGI BCCH frequency are fixed in BTS

Synchronization Channel (SCH)

The SCH transmits a Base station identity code and the current value of the TDMA clock. SCH repeats on every 1st, 11th, 21st, 31st and 41st frames of the 51 frame multi frame. So there are 5 SCH frames in a 51 frame multiframe.

Frequency Correction Channel (FCCH)

The FCCH generates a tone on the radio channel that is used by the mobile station to discipline its local oscillator. FCCH will repeat on every 0th, 10th, 20th, 30th and 40th frames of the 51 frame multiframe. So there are 5 FCCH frames in a 51 frame multiframe.

Paging Channel (PCH)

The PCH carries service notifications (pages) to specific mobiles sent by the network. A mobile station that is camped to a BTS monitors the PCH for these notifications sent by the network.

Access Grant Channel (AGCH)

The AGCH carries BTS responses to channel requests sent by mobile stations via the Random Access Channel.

Random Access Channel (RACH)

The RACH is the uplink counterpart to the AGCH. The RACH is a shared channel on which the mobile stations transmit random access bursts to request channel assignments from the BTS.

Allowed channel combinations

The multiplexing rules of GSM 05.02 allow only certain combinations of logical channels to share a physical channel. The allowed combinations for single-slot systems are listed in GSM 05.02 Section 6.4.1. Additionally, only certain of these combinations are allowed on certain timeslots or carriers and only certain sets of combinations can coexist in a given BTS. These restrictions are intended to exclude non-sensical BTS configurations and are described in GSM 05.02 Section 6.5.

The most common combinations are:

Fundamental Um transactions

Basic speech service in GSM requires five transactions: radio channel establishment, location update, mobile-originating call establishment, mobile-terminating call establishment and call clearing. All of these transactions are described in GSM 04.08 Sections 3-7.

Radio channel establishment

Unlike ISDN's U channel, Um channels are not hard-wired, so the Um interface requires a mechanism for establishing and assigning a dedicated channel prior to any other transaction. The Um radio resource establishment procedure is defined in GSM 04.08 Section 3.3 and this is the basic medium access procedure for Um. This procedure uses the CCCH (PCH and AGCH) as a unicast downlink and the RACH as a shared uplink. In the simplest form, the steps of the transaction are:

  1. Paging. The network sends a RR Paging Request message (GSM 04.08 Sections 9.1.22-9.1.23) over the PCH, using the subscriber's IMSI or TMSI as an address. GSM does not allow paging by IMEI (GSM 04.08 Section 9.1.22.3 as exception to the definition in 10.5.1.4). This paging step occurs only for a transaction initiated by the network.
  2. Random Access. The mobile station sends a burst on the RACH. This burst encodes an 8-bit transaction tag and the BSIC of the serving BTS. A variable number of most-significant bits in the tag encode the reason for the access request, with the remaining bits chosen randomly. In L3, this tag is presented as the RR Channel Request message (GSM 04.08 9.1.8). The mobile also records the TDMA clock state at the time the RACH burst is transmitted. In cases where the transaction is initiated by the MS, this is first step.
  3. Assignment. On the AGCH, the network sends the RR Immediate Assignment message (GSM 04.08 Section 9.1.18) for a dedicated channel, usually an SDCCH. This message is addressed to the MS by inclusion of the 8-bit tag from the corresponding RACH burst and a time-stamp indicating the TDMA clock state when the RACH burst was received. If no dedicated channel is available for assignment, the BTS can instead respond with the RR Immediate Assignment Reject message, which is similarly addressed and contains a hold-off time for the next access attempt. Emergency callers receiving the reject message are not subject to the hold-off and may retry immediately.
  4. Retry. If the RACH burst of step 2 is not answered with an assignment or assignment reject in step 3 within a given timeout period (usually on the order of 0.5 second), the handset will repeat step 2 after a small random delay. This cycle may be repeated 6-8 times before the MS aborts the access attempt.

Note that there is a small but non-zero probability that two MSs send identical RACH bursts at the same time in step 2. If these RACH bursts arrive at the BTS with comparable power, the resulting sum of radio signals will not be demodulable and both MSs will move to step 4. However, if there is a sufficient difference in power, the BTS will see and answer the more powerful RACH burst. Both MSs will receive and respond to the resulting channel assignment in step 3. To ensure recovery from this condition, Um uses a "contention resolution procedure" in L2, described in GSM 04.06 5.4.1.4 in which the first L3 message frame from the MS, which always contains some form of mobile ID, is echoed back to the MS for verification.

Location updating

The location updating procedure is defined in GSM 04.08 Sections 4.4.1 and 7.3.1. This procedure normally is performed when the MS powers up or enters a new Location area but may also be performed at other times as described in the specifications. In its minimal form, the steps of the transaction are:

  1. The MS and BTS perform the radio channel establishment procedure.
  2. On the newly established dedicated channel, the MS sends the MM Location Updating Request message containing either an IMSI or TMSI. The message also implies connection establishment in the MM sublayer.
  3. The network verifies the mobile identity in the HLR or VLR and responds with the MM Location Updating Accept message.
  4. The network closes the Dm channel by sending the RR Channel Release message.

There are many possible elaborations on this transaction, including:

Mobile-Originating Call (MOC) establishment

This is the transaction for an outgoing call from the MS, defined in GSM 04.08 Sections 5.2.1 and 7.3.2 but taken largely from ISDN Q.931. In its simplest form, the steps of the transaction are:

  1. The MS initiates the radio channel establishment procedure and is assigned to a Dm channel, usually an SDCCH. This establishes the connection in the L3 RR sublayer.
  2. The first message sent on the new Dm is the MM Connection Mode service Request, sent by the MS. This message contains a subscriber ID (IMSI or TMSI) and a description of the requested service, in this case MOC.
  3. The network verifies the subscriber's provisioning in the HLR and responds with the MM Connection Mode Service Accept message. This establishes the connection in the L3 MM sublayer. (This is a simplification. In most networks MM establishment is performed with authentication and ciphering transactions at this point.)
  4. The MS sends the CC Setup message, which contains the called party number.
  5. Assuming the called party number is valid, network response with the CC Call Proceeding message.
  6. The network sends an RR Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
  7. Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message. From this point on, all control transactions are on the FACCH.
  8. When alerting is verified at the called destination, the network sends the CC Alerting message.
  9. When the called party answers, the network sends the CC Connect message.
  10. The MS response with the CC Connect Acknowledge message. At this point, the call is active.

The TCH+FACCH assignment can occur at any time during the transaction, depending on the configuration of the network. There are three common approaches:

Mobile-Terminating Call (MTC) establishment

This is the transaction for an incoming call to the MS, defined in GSM 04.08 Sections 5.2.2 and 7.3.3, but taken largely from ISDN Q.931.

  1. The network initiates the radio channel establishment procedure and assigns the MS to a Dm channel, usually an SDCCH. This establishes the connection in the L3 RR sublayer.
  2. The MS sends the first message on the new Dm, which is the RR Paging Response message. This message contains a mobile identity (IMSI or TMSI) and also implies a connection attempt in the MM sublayer.
  3. The network verifies the subscriber in the HLR and verifies that the MS was indeed paged for service. The network can initiate authentication and ciphering at this point, but in the simplest case the network can just send the CC Setup message to initiate Q.931-style call control.
  4. The MS responds with CC Call Confirmed.
  5. The network sends an RR Assignment message to move the transaction off of the SDCCH and onto a TCH+FACCH.
  6. Once the MS has acquired the timing on the TCH+FACCH, it responds on the new FACCH with the RR Assignment Complete message. From this point on, all control transactions are on the FACCH.
  7. The MS starts alerting (ringing, etc.) and sends the CC Alerting message to the network.
  8. When the subscriber answers, the MS sends the CC Connect message to the network.
  9. The network response with the CC Connect Acknowledge message. At this point, the call is active.

As in the MOC, the TCH+FACCH assignment can happen at any time, with the three common techniques being early, late and very early assignment.

Call clearing

The transaction for clearing a call is defined in GSM 04.08 Sections 5.4 and 7.3.4. This transaction is the same whether initiated by the MS or the network, the only difference being a reversal of roles. This transaction is taken from Q.931.

  1. Party A sends the CC Disconnect message.
  2. Party B responds with the CC Release message.
  3. Party A responds with the CC Release Complete message.
  4. The network releases the RR connection with the RR Channel Release message. This always comes from the network, regardless of which party initiated the clearing procedure.

SMS transfer on Um

GSM 04.11 and 03.40 define SMS in five layers:

  1. L1 is taken from the Dm channel type used, either SDCCH or SACCH. This layer terminates in the BSC.
  2. L2 is normally LAPDm, although GPRS-attached devices may use Logical link control (LLC, GSM 04.64). In LAPDm SMS uses SAP3. This layer terminates in the BTS.
  3. L3, the connection layer, defined in GSM 04.11 Section 5. This layer terminates in the MSC.
  4. L4, the relay layer, defined in GSM 04.11 Section 6. This layer terminates in the MSC.
  5. L5, the transfer layer, defined in GSM 03.40. This layer terminates in the SMSC.

As a general rule, every message transferred in L(n) requires both a transfer and an acknowledgment on L(n-1). Only L1-L4 are visible on Um.

Mobile-Originated SMS (MO-SMS)

The transaction steps for MO-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B. In the simplest case, error-free delivery outside of an established call, the transaction sequence is:

  1. The MS establishes an SDCCH using the standard RR establishment procedure.
  2. The MS sends a CM Service Request,
  3. The MS initiates multiframe mode in SAP3 with the normal LAPDm SABM procedure.
  4. The MS sends a CP-DATA message (L3, GSM 04.11 Section 7.2.1), which carries an RP-DATA message (L4, GSM 04.11 Section 7.3.1) in its RPDU.
  5. The network responds with a CP-ACK message (L3, GSM 04.11 Section 7.2.2).
  6. The network delivers the RPDU to the MSC.
  7. The MSC responds with an RP-ACK message (L4, GSM 04.11 Section 7.3.3).
  8. The network sends a CP-DATA message to the MS, carrying the RP-ACK payload in its RPDU.
  9. The MS responds with a CP-ACK message.
  10. The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.

Mobile-Terminated SMS (MT-SMS)

The transaction steps for MT-SMS are defined in GSM 04.11 Sections 5, 6 and Annex B. In the simplest case, error-free delivery outside of an established call, the transaction sequence is:

  1. The network pages the MS with the standard paging procedure.
  2. The MS establishes an SDCCH using the standard RR paging response procedure, which implies a CC sublayer connection.
  3. The network initiates multiframe mode in SAP3.
  4. The network sends the RP-DATA message as the RPDU in a CP-DATA message.
  5. The MS responds with the CP-ACK message.
  6. The MS processes the RPDU.
  7. The MS sends a CP-DATA message to the network containing an RP-ACK message in the RPDU.
  8. The network responds with a CP-ACK message.
  9. The network releases the SDCCH with the RR Channel Release message. This implies a closure of the MM sublayer and triggers the release of L2 and L1.

Um security features

GSM 02.09 defines the following security features on Um:

Um also supports frequency hopping (GSM 05.01 Section 6), which is not specifically intended as a security feature but has the practical effect of adding significant complexity to passive interception of the Um link.

Authentication and encryption both rely on a secret key, Ki, that is unique to the subscriber. Copies of Ki are held in the SIM and in the Authentication Center (AuC), a component of the HLR. Ki is never transmitted across Um. An important and well-known shortcoming of GSM security is that it does not provide a means for subscribers to authenticate the network. This oversight allows for false basestation attacks, such as those implemented in an IMSI catcher.

Authentication of subscribers

The Um authentication procedure is detailed in GSM 04.08 Section 4.3.2 and GSM 03.20 Section 3.3.1 and summarized here:

  1. The network generates a 128 bit random value, RAND.
  2. The network sends RAND to the MS in the MM Authentication Request message.
  3. The MS forms a 32-bit hash value called SRES by encrypting RAND with an algorithm called A3, using Ki as a key. SRES = A3(RAND,Ki). The network performs an identical SRES calculation.
  4. The MS sends back its SRES value in the RR Authentication Response message.
  5. The network compares its calculated SRES value to the value returned by the MS. If they match, the MS is authenticated.
  6. Both the MS and the network also compute a 64-bit ciphering key, Kc, from RAND and Ki using the A8 algorithm. Kc = A8(RAND,Ki). Both parties save this value for later use when ciphering is enabled.

Note that this transaction always occurs in the clear, since the ciphering key is not established until after the transaction is started.

Um encryption

GSM encryption, called "ciphering" in the specifications, is implemented on the channel bits of the radio bursts, at a very low level in L1, after forward error correction coding is applied. This is another significant security shortcoming in GSM because:

A typical GSM transaction also includes LAPDm idle frames and SACCH system information messages at predictable times, affording a Known plaintext attack.

The GSM ciphering algorithm is called A5. There are four variants of A5 in GSM, only first three of which are widely deployed:

Ciphering is a radio resource function and managed with messages in the radio resource sublayer of L3, but ciphering is tied to authentication because the ciphering key Kc is generated in that process. Ciphering is initiated with the RR Ciphering Mode Command message, which indicates the A5 variant to be used. The MS starts ciphering and responds with the RR Ciphering Mode Complete message in ciphertext.

The network is expected to deny service to any MS that does not support either A5/1 or A5/2 (GSM 02.09 Section 3.3.3). Support of both A5/1 and A5/2 in the MS was mandatory in GSM Phase 2 (GSM 02.07 Section 2) until A5/2 was depreciated by the GSMA in 2006.

Anonymization of subscribers

The TMSI is a 32-bit temporary mobile subscriber identity that can be used to avoid sending the IMSI in the clear on Um. The TMSI is assigned by the BSC and is only meaningful within specific network. The TMSI is assigned by the network with the MM TMSI Reallocation Command, a message that is normally not sent until after ciphering is started, so as to hide the TMSI/IMSI relationship. Once the TMSI is established, it can be used to anonymize future transactions. Note that the subscriber identity must be established before authentication or encryption, so the first transaction in a new network must be initiated by transmitting the IMSI in the clear.

See also

Further reading

Related Research Articles

<span class="mw-page-title-main">DECT</span> ETSI standard for cordless telephony

Digital Enhanced Cordless Telecommunications (DECT) is a cordless telephony standard maintained by ETSI. It originated in Europe, where it is the common standard, replacing earlier standards, such as CT1 and CT2. Since the DECT-2020 standard onwards, it also includes IoT communication.

<span class="mw-page-title-main">GSM</span> Cellular telephone network standard

The Global System for Mobile Communications (GSM) is a standard developed by the European Telecommunications Standards Institute (ETSI) to describe the protocols for second-generation (2G) digital cellular networks used by mobile devices such as mobile phones and tablets. GSM is also a trade mark owned by the GSM Association. "GSM" may also refer to the voice codec initially used in GSM.

<span class="mw-page-title-main">General Packet Radio Service</span> Packet oriented mobile data service on 2G and 3G

General Packet Radio Service (GPRS), also called 2.5G, is a mobile data standard on the 2G cellular communication network's global system for mobile communications (GSM). Networks and mobile devices with GPRS started to roll out around the year 2001. At the time of introduction it offered for the first time seamless mobile data transmission using packet data for an "always-on" connection, providing improved Internet access for web, email, WAP services, and Multimedia Messaging Service (MMS).

Chaffing and winnowing is a cryptographic technique to achieve confidentiality without using encryption when sending data over an insecure channel. The name is derived from agriculture: after grain has been harvested and threshed, it remains mixed together with inedible fibrous chaff. The chaff and grain are then separated by winnowing, and the chaff is discarded. The cryptographic technique was conceived by Ron Rivest and published in an on-line article on 18 March 1998. Although it bears similarities to both traditional encryption and steganography, it cannot be classified under either category.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

cdmaOne First CDMA-based digital cellular technology

Interim Standard 95 (IS-95) was the first digital cellular technology that used code-division multiple access (CDMA). It was developed by Qualcomm and later adopted as a standard by the Telecommunications Industry Association in TIA/EIA/IS-95 release published in 1995. The proprietary name for IS-95 is cdmaOne.

<span class="mw-page-title-main">Roaming</span> Wireless telecommunication term

Roaming is a wireless telecommunication term typically used with mobile devices, such as mobile phones. It refers to a mobile phone being used outside the range of its native network and connecting to another available cell network.

Terrestrial Trunked Radio, a European standard for a trunked radio system, is a professional mobile radio and two-way transceiver specification. TETRA was specifically designed for use by government agencies, emergency services, for public safety networks, rail transport staff for train radios, transport services and the military. TETRA is the European version of trunked radio, similar to Project 25.

Mobility management is one of the major functions of a GSM or a UMTS network that allows mobile phones to work. The aim of mobility management is to track where the subscribers are, allowing calls, SMS and other mobile phone services to be delivered to them.

Network switching subsystem (NSS) is the component of a GSM system that carries out call out and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and allows mobile devices to communicate with each other and telephones in the wider public switched telephone network (PSTN). The architecture contains specific features and functions which are needed because the phones are not fixed in one location.

<span class="mw-page-title-main">Base station subsystem</span> Section of cellular telephone network

The base station subsystem (BSS) is the section of a traditional cellular telephone network which is responsible for handling traffic and signaling between a mobile phone and the network switching subsystem. The BSS carries out transcoding of speech channels, allocation of radio channels to mobile phones, paging, transmission and reception over the air interface and many other tasks related to the radio network.

A random-access channel (RACH) is a shared channel used by wireless terminals to access the mobile network for call set-up and bursty data transmission. Whenever mobile wants to make an MO call it schedules the RACH. RACH is transport-layer channel; the corresponding physical-layer channel is PRACH.

GSM services are a standard collection of applications and features available over the Global System for Mobile Communications (GSM) to mobile phone subscribers all over the world. The GSM standards are defined by the 3GPP collaboration and implemented in hardware and software by equipment manufacturers and mobile phone operators. The common standard makes it possible to use the same phones with different companies' services, or even roam into different countries. GSM is the world's predominant mobile phone standard.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

GSM procedures are sets of steps performed by the GSM network and devices on it in order for the network to function. GSM is a set of standards for cell phone networks established by the European Telecommunications Standards Institute and first used in 1991. Its procedures refers to the steps a GSM network takes to communicate with cell phones and other mobile devices on the network. IMSI attach refers to the procedure used when a mobile device or mobile station joins a GSM network when it turns on and IMSI detach refers to the procedure used to leave or disconnect from a network when the device is turned off.

Synchronization Channel is a downlink only control channel used in GSM cellular telephone systems. It is part of the Um air interface specification. The purpose of the SCH is to allow the mobile station (handset) to quickly identify a nearby cell and synchronize to that BTS's TDMA structures. Each radio burst on the SCH contains:

<span class="mw-page-title-main">Control channel</span> Central channel that controls other constituent radios

In radio communication, a control channel is a central channel that controls other constituent radios by handling data streams. It is most often used in the context of a trunked radio system, where the control channel sends various data which coordinates users in talkgroups.

LAPDm in telecommunications is a data link layer protocol used in GSM cellular networks. LAPDm forms Layer 2 of the Um interface between the Base Transceiver Station and Mobile station, which is to say that it is used in the radio link between the cellular network and the subscriber handset.

RxQual is used in GSM and is a part of the Network Measurement Reports (NMR).

GSM radio frequency optimization is the optimization of GSM radio frequencies. GSM networks consist of different cells and each cell transmit signals to and receive signals from the mobile station, for proper working of base station many parameters are defined before functioning the base station such as the coverage area of a cell depends on different factors including the transmitting power of the base station, obstructing buildings in cells, height of the base station and location of base station. Radio Frequency Optimization is a process through which different soft and hard parameters of the Base transceiver stations are changed in order to improve the coverage area and improve quality of signal. Besides that there are various key performance indicators which have to be constantly monitored and necessary changes proposed in order to keep KPIs in agreed limits with the mobile operator.