Mobile Communication Systems - Yeditepe œniversitesi

1Copyright © 2002, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved.

Mobile Communication Systems

Chapter 9


Outline

Cellular System InfrastructureRegistrationHandoffRoamingMulticastingSecurity and Privacy


Cellular System

MSC

BSC

BSC

BTS

BTS

BTS

BTS

BTS

BTS

……

…

MS

HLR

VLR

EIR

AUC

MSGateway

MSCMSC

…

PSTN/ISDN

Base Station System

Base Station System


VLR/HLR

VLR contains information about all visiting MSsin that particular area of MSC.VLR has pointers to the HLR’s of visiting MS.VLR helps in billing and access permission to the visiting MS.


Redirection of Call to MS at a Visiting Location

Call routed as per called number to MS

Home MSC

HLR

Visiting MSC

VLR

BS

MS

Cell where MS is currently located


Registration

Wireless system needs to know whether MS is currently located in its home area or some other area (routing of incoming calls).This is done by periodically exchanging signals between BS and MS known as Beacons.BS periodically broadcasts beacon signal (1 signal per second) to determine and test the MSs around.Each MS listens to the beacon, if it has not heard it previouslythen it adds it to the active beacon kernel table.This information is used by the MS to locate the nearest BS.Information carried by beacon signal: cellular network identifier, timestamp, gateway address ID of the paging area, etc.


Using a Mobile Phone Outside the Subscription Area

Visiting BSMS

Beacon signal exchange

1Request fo

r registration

2Authentication/reject

5

Home BS

3Authentication request

4Authentication response


Steps for Registration

MS listens to a new beacon, if it’s a new one, MS adds it to the active beacon kernel table.If MS decides that it has to communicate through a new BS, kernel modulation initiates handoff process.MS locates the nearest BS via user level processing.The visiting BS performs user level processing and decides:

Who the user is?What are its access permissions?Keeping track of billing.

Home site sends appropriate authentication response to the current serving BS.The BS approves/disapproves the user access.


Handoff

Change of radio resources from one cell to an adjacent one.Handoff depends on cell size, boundary length, signal strength, fading, reflection, etc.Handoff can be initiated by MS or BS and could be due to

Radio linkNetwork managementService issues


Handoff (Cont’d)

Radio link handoff is due to mobility of MS. It depends on:

Number of MSs in the cellNumber of MSs that have left the cellNumber of calls generated in the cellNumber of calls transferred from the neighboring cellsNumber of calls terminated in the cellNumber of calls that were handoff to neighboring cellsNumber of active calls in the cellCell populationTotal time spent in the cell by a callArrival time of a call in the celletc


Handoff (Cont’d)

Network management may cause handoff if there is drastic imbalance of traffic in adjacent cells and optimal balance of resources is required.Service related handoff is due to the degradation of QoS (quality of service).


Time for Handoff

Factors deciding right time for handoff:Signal strengthSignal phaseCombination of above twoBit error rate (BER)Distance

Need for Handoff is determined by:Signal strengthCIR (carrier to interference ratio).


Handoff Initiation

BSi

Signal strength due to BSj

E

X1

Signal strength due to BSi

BSjX3 X4 X2X5 Xth

MS

Pmin

Pi(x) Pj(x)


Handoff initiation (Cont’d)

Region X3-X4 indicates the handoff area, where depending on other factors, the handoff needs to be performed.One option is to do handoff at X5 where the two signal strengths are equal.If MS moves back and forth around X5, it will result in too frequent handoffs (ping-pong effect).Therefore MS is allowed to continue with the existing BS till the signal strength decreases by a threshold value E.Different cellular systems follow different handoff procedures.


Types of Handoff

Hard Handoff (break before make)Releasing current resources from the prior BS before acquiring resources from the next BS.FDMA,TDMA follow this type of handoff.

Soft Handoff (make before break)In CDMA, since the same channel is used, we have to change the code of the handoff, if the code is not orthogonal to the codes in the next BS.Therefore, it is possible for the MS to communicate simultaneously with the prior BS as well as the new BS.


Hard Handoff

BS1 BS2MS

BS1 BS2MS

BS1 BS2MS

(a). Before handoff (c). After handoff

(b). During handoff(No connection)


Soft Handoff (CDMA only)

BS1 BS2MS

BS1 BS2MS

BS1 BS2MS

(a) Before handoff

(b) During handoff

(c) After handoff


Roaming

To move from a cell controlled by one MSC area to a cell connected to another MSC.Beacon signals and the use of HLR-VLR allow the MS to roam anywhere provided we have the same service provider, using that particular frequency band.


Roaming

BS1 BS2MS BS1 BS2MS

Home MSC

Visiting MSC

Home MSC

Visiting MSC


PSTN

MSC4MSC3MSC2MSC1

Paging Area 1

Paging Area 2

a b c d e

Handoff Scenarios with Different Degree of Mobility

MS


Possible Handoff Situations

Assume MSC1 to be the home of the MS for registration, billing, authentication, etc.When handoff is from position “a” to “b”, the routing can be done by MSC1 itself.When handoff is from position “b” to “c” , then bi-directional pointers are set up to link the HLR of MSC1 to VLR of MSC2.When handoff occurs at “d” or “e”, routing of information using HLR-VLR may not be adequate (“d” is in a different paging area).Concept of Backbone network.


Information Transmission Path when MS Hands Off from “b” to “c”

MSC1HLR

MSC2VLR

a b c

Information to MS being sent

Initial path of information transfer

Path after handoff

MS


Illustration of MSC Connections to Backbone Network and Routing/Rerouting

MSCRouter

Paging area 1 (PA1) Paging area 2 (PA2)

MSC 1(a,b)

MSC 2(c)

MSC 3(d) MSC 4

(e)

(a,b,c,d,e)

(a,b)

(a,b,c,d)

(d)R3

R4 R6

R2

R5

R9

R1

R7

R10

R12

R8

R11 R13

From rest of the backbone

(c) (e)


Backbone Network

Routing done according to the topology connectivity of the backbone network.The dotted lines show the possible paths for a call headed for different MS locations.One option is to find a router along the original path, from where a new path needs to start to reach the MSC along the shortest path.


Home Agents (HA), Foreign Agents (FA) and Mobile IP

Two important software modules are associated with routers, home agent (HA) and foreign agent (FA).MS is registered with a router, mostly a router closest to the home MSC can be used to maintain its HA.A router other than closest one could also serve as an HA.Once a MS moves from the home network, a software module in the new network FA assists MS by forwarding packets for the MS.This functionality is somewhat similar to HLR-VLR.


R9R6R4R3Selected router for maintaining its home

agent

MSC4MSC3MSC2MSC1Home MSC

Home MSC and Home Agent (HA) for the Previous Network


Call Establishment using HA-FA

Whenever a MS moves to a new network, it still retains its initial HA.The MS detects the FA of the new network, by sensing the periodic beacon signals which FA transmits.MS can also itself send agent solicitation messages to which FA responds.When FA detects a new MS, it allocates a COA (care of address) to the MS, using dynamic host configuration protocol (DHCP).Once MS receives COA, it registers its COA with its HA and the time limit binding for its validity.Such registration is initiated either directly by MS to the HA of the home router or indirectly through FA.


Call Establishment (Cont’d)

HA confirms its binding through a reply to the MS.A message sent from an arbitrary source to the MS at the home address is received by the HA.Binding is checked, the COA of the MS is encapsulated in the packet and forwarded to the network.If COA of the FA is used, then packet reaches FA, it decapsulates the packet and passes to MS at the link layer.In an internet environment it is called Mobile IP.After binding time, if MS still wants to have packets forwarded through HA, it needs to renew its registration.When MS returns to its home network, it intimates its HA.


FA

1

1”

1’

Beacon Signal

I am new here

OK, send information

Here is my HA and binding infomation.

3 COA or C-COA created

MSHA

2

(Any one new)

4

4’ Same as step

Here is COA or co-located COA (C-CoA) for this MS

Acknowledge Registration + binding

4

4” Same as step 4

Registration Process Between FA, MS, and HA When the MS Moves to a Paging area


Source To MS Payload DataIncoming message for MS

HA

HA CoA/C-CoA Source To MS Payload Data

Encapsulation

FA

Source To MS Payload Data

Forwarding through intermediate router if CoA used

Decapsulation

Decapsulation done at MS

Forwarding through intermediate router if C-CoA used

MS

Message Forwarding using HA-FA Pair


Routing in Backbone Routers

How FA finds HA of the MS ?One approach is to have a global table at each router of each MSC so that the route from FA to HA for that MS can be determined.Disadvantages: Information too large, one network might not like to give out information about all its routers to any external network (only gateways information is provided).Use of Distributed Routing Scheme.


PA1 PA2

PA3PA4

PA5

Router X

Router W

Router Y

Router Z

Network 1

Network 2

MS moves

Illustration of Paging Areas (PAs) and Backbone Router Interconnect


-5Z5Y5X5

-4Z4Y4X4

-3Z3Y3X3

Y2X2-2X2

Y1X1-1X1

Next hop

Route to PA

Next hop

Route to PA

Next hop

Route to PA

Next hop

Route to PA

Table at routerW

Table at router X

Table at router Y

Table at routerZ

Distributed Routing Table and Location PAs


Multicasting

Process of transmitting messages from a source to multiple recipients by using a group address for all hosts that wish to be the members of the group.Reduces number of messages to be transmitted as compared to multiple unicasting.Useful in video/audio conferencing, multi party games.


Multicasting

Multicasting can be performed either by building a source based tree or core based tree.In source based tree , for each source of the group a shortest path is maintained, encompassing all the members of the group, with the source being the root of the tree.In core based tree, a particular router is chosen as a core and a tree is maintained with the core being the root.-- Every source forwards the packet to a core router, which then forwards it on the tree to reach all members of the multicast group.


Multicasting

Bi-directional Tunneling (BT) and Remote Subscription approaches have been proposed by IETF for providing multicast over Mobile IP.In BT approach, whenever a MS moves to a foreign network, HA is responsible for forwarding the multicast packets to the MS.In Remote Subscription protocol, whenever a MS moves to a foreign network, the FA (if not already a member of multicast group) sends a tree join request.


Multicasting

Remote Subscription based approach is simple and prevents packet duplication and non optimal path delivery.It can cause data interruption till the FA is connected to the tree.It results in a number of tree join and tree leave requests when MS are in continuous motion.In contrast, in the BT approach, the HA creates a bi-directional tunnel to FA and encapsulates the packets for MS.FA then forwards the packets to the MS.


Multicasting

BT approach prevents data disruption due to the movement of MS.But causes packet duplication if several MSs of the same HA, that have subscribed to the same multicast group move to same FA.Also causes Tunnel Convergence Problem, where one FA may have several MSs subscribed to the same group, belonging to different HAs and each HA may forward a packet for its MSs to the same FA.


HA

Multicast packets from the multicast tree

MS1

MS2

MS3

FA

MS 1

MS 2

MS 3

Packet Duplication in BT Tunnel Approach



HA 1

HA 2

HA 3

CoA (MS1)

CoA (MS2)

CoA (MS3)

CoA (MS4)

MS 1

MS 2

MS 3

MS 4

FA

Tunnel Convergence Problem


Multicasting

To overcome Tunnel Convergence Problem, MoM protocol is proposed wherein the FA selects one of the HAs, called the Designated Multicast Service Provider (DMSP), from the HA List for a particular group.The remaining HAs do not forward packets to FA.



HA 1

HA 2

HA 3

CoA (MS1)

CoA (MS2)

CoA (MS3)

MS 1

MS 2

MS 3

MS 4

Stop

Stop

Forward

DMSP Selection

FA

CoA (MS4)

Illustration of MoM Protocol


Security and Privacy

Transfer through an open air medium makes messages vulnerable to various attacks.One such problem is “Jamming” by a very powerful transmitting antenna.Can be overcome by using frequency hopping.Many encryption techniques used so that unauthorized users cannot interpret the signals.


Encryption Techniques

Permuting the bits in a pre specified manner before transmitting them.Such permuted information can be reconstructed by using reverse operation.This is called “Data Encryption Standard (DES)” on input bits.


Input Output

Simple Permutation Function

1

2

3

4

5

6

7

8

1

5

2

6

3

7

4

8

W

I

R

E

L

E

S

S

W

L

I

E

R

S

E

S


(a) Permutation before transmission (b) Permutation after reception

Bit Patterns before Transmission and after Reception using DES

57 49 41 33 25 17 9 1

61 53 45 37 29 21 13 5

58 50 42 34 26 18 10 2

62 54 46 38 30 22 14 6

59 51 43 35 27 19 11 3

63 55 47 39 31 23 15 7

60 52 44 36 28 20 12 4

64 56 48 40 32 24 16 8

8 24 40 56 16 32 48 64

7 23 39 55 15 31 47 63

6 22 38 54 14 30 46 62

5 21 37 53 13 29 45 61

4 20 36 52 12 28 44 60

3 19 35 51 11 27 43 59

2 18 34 50 10 26 42 58

1 17 33 49 9 25 41 57


Encryption Techniques

A complex encryption scheme involves transforming input blocks to some coded form.Encoded information is uniquely mapped back to useful information.Simplest transformation involves logical or arithmetic or both operations.


Encoding

Transmittedsignal

signalReceived

Decoding

Information

block

Encoded

signal

Encoded

signal

Information

block(Original)

A Generic Process of Encoding and Decoding

at

transmitter receiver

at


Key K1f

f

+

+ f+

Input (64 bits)

Initial Permutation (IP)32 bits 32 bits

Left half: L1 Right half: R1

Left half: L1 = R1 R1 = L1 f(R1, K1)++

Left half: L16 = R15R16 = L16 f(R15, K16)++

Inverse initial permutation (IP –1)

Coded Output

Permutation and Coding of Information


Authentication

Making sure user is genuine.Using a Hash Function from an associated unique identification of the user (not full proof)Another approach is to use two different interrelated keys.One known only to system generating the key (private key) , other used for sending to outside world (public key).RSA algorithm (best known public key system)


System User i(1) Compute Public Key for User i

from its private key.

(2) Send Public Key

Save Public Key

Use public key to generate signature.

(3) ID, Signature

(4) Verify using private key of User i.

(5) Authentication Result

Public/Private Key Authentication Steps

usually done off line

System

System

User i

User i

on-line test


Authentication (RSA Algorithm)• In RSA method 2 large prime numbers (p,q) are selected.• n = p*q• A number e is selected to use (n,e) as the public key and is

transmitted to the user.• User stores this, whenever a message m< n needs to be transmitted,

user computes c = me| mod n and sends to the system.• After receiving c, the system computes cd|mod n where d is computed

using the private key (n,e)• cd|mod n = (me|mod n) d |mod n = (me)d |mod n

= m ed|mod n• To make this equal to m, ed should be equal to 1.• This means e and d need to be multiplicative inverse using mod n (or

mod p*q)• This can be satisfied if e is prime with respect to (p-1)*(q-1)• Using this restriction original message is reconstructed.


Base Station

Select p and q as two prime numbers

n = p*q

1 < e < n

Base Station

Compute d from e

(n,d) private key

Receive c

Base Station

Compute cd|mod n = mde|mod n = m

If de = 1

Public Key (n,e)Mobile Station

Save public key (n, e)

Mobile Station

Message m < n

Sent as c = me|mod n

c

AuthenticationMobile station OK

Message Authentication using Public/Private Keys


Base Station Mobile Station

(ID)e|mod n

Authentication

Base Station

(ID)e|mod n

R: Random Number as a Challenge

Mobile StationSend Re|mod n

Authentication

(a) Authentication based on ID

(b) Authentication using a challenge

Authentication of a MS by the BS


Wireless System Security

Basic services of security:ConfidentialityNon-repudiation: sender and receiver cannot deny the transmission.Authentication: sender of the information is correctly identified.Integrity: content of the message can only be modified by authorized user.Availability: resources available only to authorized users.


Wireless System Security

Security Mechanisms:Security Prevention: Enforces security during the operation of the system.Security Detection: Detects attempts to violate security.Recovery: Restore the system to pre-security violation state.


Cost Function of a Secured Wireless System

Expected total cost with violations

Cost

Security LevelOptimal Level

Expected total cost

Cost for Security enhancing mechanisms

100%


Security Threat Categories (Types of Attacks)

S Source D DestinationSource I Intruder

Interception

Message

Message

Interruption

Message

Modification

Message

Message

Fabrication

Message

S I D

SS

S

II

I

DD

D


Wireless Security

Active Attacks: When data modification or false data transmission takes place.

Masquerade: one entity pretends to be a different entity.Replay: information captured and retransmitted to produce unauthorized effect.Modification of messageDenial of service (DoS)

Passive Attacks: Goal of intruder is to obtain information (monitoring, eavesdropping on transmission)

Mobile Communication Systems - Yeditepe œniversitesi

Documents

Transcript of Mobile Communication Systems - Yeditepe œniversitesi