Wireless Networks Part 1 - University of Pittsburghdtipper/2727/2727_Slides2.pdf · 2013-12-11 ·...

Wireless Networks Part 1Wireless Networks Part 1

David TipperAssociate ProfessorAssociate Professor

Department of Information Science and Telecommunications

University of Pittsburgh

[email protected]@mail.sis.pitt.eduhttp://www.sis.pitt.edu/~dtipper/2727.html

Slides 2Slides 2

Infsci 1073/Telcom 2727 2

Mobile Application Space

Device Network

Wireless Network

Transport Network

Content Network

Social Network

In application development need to understand characteristics of wireless network

Usually the bottleneck in terms of performance


Wireless NetworksWireless Networks

– Wireless Wide Area Networks (WWANs)• Cellular Networks :

– GSM, cdmaone (IS-95), UMTS, cdma2000 EVDO

• Satellite Networks: – Iridium, Globalstar, GPS, etc.

– Wireless Metro Area Networks (WMANs)• IEEE 802.16 WiMAX

– Wireless Local Area Networks (WLANs)• IEEE 802.11, a, b, g, etc. (infrastructure, ad hoc, sensor)

– Wireless Personal Area Networks (WPANs)• IEEE 802.15 (Bluetooth), IrDa, Zigbee, sensor, etc.


Wireless NetworksWireless Networks

IEEE 802.16100 MbpsMetro, suburb, campus 1-15 km

WMANs

IEEE 802.15 IrDa, BlueTooth, Zigbee

.1 – 1Mbps5-10 M around deviceWPANs

IEEE 80211a, b, g, etc.1-106 MbpsIn building, campus wide, subdivision wide,Range ~ 100 M per AP

WLANs

2G: GSM, cdmaone2.5G: GPRS, cdma 2000 1X-rtt3G: UMTS, cdma2000 1x-EDVO3.5G: HSPDA

2G: 9.6 – 45 Kbps,2.5G: 50 -300 Kbps3G : 50kbsp- 2Mbps 3.5G: .1 – 10 Mbps

National, Continent wideWWANs

StandardsTypical ThroughputGeographic CoverageNetwork


Common IssuesCommon Issues

•• Wireless Communication ChannelWireless Communication Channel– poor quality channel (noise , interference, etc, ) – coverage and data rate inconsistent– frequencies regulated– power levels regulated– security problems– Hidden terminal problem

• Mobility of devices– May need to track location and perform handoffs– Limited capabilities of devices– Power management of devices


Frequencies for Communication

• Frequency and wavelength: λ = c/f• Wavelength λ, speed of light c ≅ 3x108m/s, frequency f in Hz• VLF = Very Low Frequency UHF = Ultra High Frequency• LF = Low Frequency SHF = Super High Frequency• MF = Medium Frequency EHF = Extra High Frequency• HF = High Frequency UV = Ultraviolet Light• VHF = Very High Frequency• VHF-/UHF-ranges for mobile radio• SHF and higher for directed radio links, satellite communication• Wireless LANs use frequencies in UHF to SHF spectrum

1 Mm300 Hz

10 km30 kHz

100 m3 MHz

1 m300 MHz

10 mm30 GHz

100 μm3 THz

1 μm300 THz

visible lightVLF LF MF HF VHF UHF SHF EHF infrared UV

optical transmissioncoax cabletwisted pair


Frequency Allocations

Europe USA Japan

WWANS Licensed Spectrum FDD

Cellular: 453-457MHz, 463-467 MHz; PCS: 890-915 MHz, 935-960 MHz; 1710-1785 MHz, 1805-1880 MHz 3G: 1920-1996 MHz 2110-2186 MHz

Cellular 824-849 MHz, 869-894 MHz; PCS 1850-1910 MHz, 1930-1990 MHz;

Cellular 810-826 MHz, 940-956 MHz; 1429-1465 MHz, 1477-1513 MHz 3G 1918.1-1980 MHz 2110-2170 MHz

WLANS Unlicensed Spectrum TDD

IEEE 802.11 2400-2483 MHz 5.7-5.825 GHz HIPERLAN 1 5176-5270 MHz

IEEE 802.11 2400-2483 MHz (b, g) 5.7 – 5.825 GHz (a)

IEEE 802.11 2471-2497 MHz (b, g) 5.7-5.825 GHz (a)

WPANs Unlicensed Spectrum TDD

IEEE 802.15 (Bluetooth) 2400-2483 MHz

IEEE 802.15 2400-2483 MHz

IEEE 802.15 2471-2497 MHz


Frequencies for Communication

• Frequency and wavelength: λ = c/f• Wavelength λ, speed of light c ≅ 3x108m/s, frequency f in Hz• VLF = Very Low Frequency UHF = Ultra High Frequency• LF = Low Frequency SHF = Super High Frequency• MF = Medium Frequency EHF = Extra High Frequency• HF = High Frequency UV = Ultraviolet Light• VHF = Very High Frequency• VHF-/UHF-ranges for cell phones• SHF and higher for directed radio links, satellite communication• WLANs, WMANs, use frequencies in UHF to SHF spectrum

1 Mm300 Hz

10 km30 kHz

100 m3 MHz

1 m300 MHz

10 mm30 GHz

100 μm3 THz

1 μm300 THz

visible lightVLF LF MF HF VHF UHF SHF EHF infrared UV

optical transmissioncoax cabletwisted pair


Licensed Vs. Unlicensed

More worldwide optionsHigher barriers for entrance

Coverage and quality inconsitentBetter coverage and quality

Fast RolloutGuaranteed access

UnlicensedLicensed

• Licensed Spectrum– need to buy right to use spectrum allocation in a specific geographic

location from the government (e.g., AM/FM radio) – Prevents interference – licensee can control signal quality

• Unlicensed spectrum – Anyone can operate in the spectrum (e.g. ISM band for WLANs) but must

maintain proper behavior in spectrum (max power level and frequency leakage, etc.)

– Can have interference problems


Frequency Allocations

Europe USA Japan

WWANs Licensed

Cellular: 453-457MHz, 463-467 MHz; PCS: 890-915 MHz, 935-960 MHz; 1710-1785 MHz, 1805-1880 MHz 3G: 1920-1996 MHz 2110-2186 MHz

Cellular 824-849 MHz, 869-894 MHz; PCS 1850-1910 MHz, 1930-1990 MHz;

Cellular 810-826 MHz, 940-956 MHz; 1429-1465 MHz, 1477-1513 MHz 3G 1918.1-1980 MHz 2110-2170 MHz

WMANs Licensed Unlicensed

IEEE 802.16 3.4-3.6 GHz SAME as WLANs

IEEE 802.16 2.5 – 2.6 GHz, 2.7-2.9GHz Same as WLANs

IEEE 802.16 4.8-5 GHz Same as WLANS

WLANs Unlicensed

IEEE 802.11 2400-2483 MHz 5.7-5.825 GHz HIPERLAN 1 5176-5270 MHz

IEEE 802.11 2400-2483 MHz (b, g) 5.7 – 5.825 GHz (a)

IEEE 802.11 2471-2497 MHz (b, g) 5.7-5.825 GHz (a)

WPANs Unlicensed

IEEE 802.15 2400-2483 MHz

IEEE 802.15 2400-2483 MHz

IEEE 802.15 2471-2497 MHz


Radio Communication Range

• Communication range is the geographic area covered by a single transmitter – often called a cell or the coverage area

• Ideal case a circular area where signal strong enough to communicate.

RSS

distance


Radio Signal propagation

• Received signal strength (RSS) influenced by– Fading – signal weakens with distance received power

proportional to 1/d² (d = distance between sender and receiver)– Frequency dependent fading – signal weakens with increase in f– Shadowing (no line of sight path)– reflection off of large obstacles– scattering at small obstacles– diffraction at edges

• Coverage area of a transmitter depends on local geography

reflection scattering diffractionshadowing


Multipath propagation

signal at sendersignal at receiver

• Time dispersion: signal is dispersed over time• interference with “neighbor” symbols, Inter Symbol Interference

(ISI)• The signal reaches a receiver directly and phase shifted• distorted signal depending on the phases of the different parts

•Signal can take many different paths between sender and receiver due to reflection, scattering, diffraction


Effects of mobility

• Time Variations in Signal Strength• Channel characteristics change over time and location

– signal paths change– different delay variations of different signal parts– different phases of signal parts

• quick changes in the power received (short term or fast fading)

• Additional changes in– distance to sender– obstacles further away

• slow changes in the average power received (long term fading)

long termfading

short term fadingt

power


Cell Coverage

• Effect of propagation and mobility effects is cell is not a circular in coverage and received signal strength and data rate will vary within cell.

• Diversity techniques are used to improve wireless channel data rate and combat propagation/mobility problems– Error control coding, interleaving, power adjustment, antenna

diversity, etc.– Lower the effective data rate well below the channel rate!


Wireless WANs

• Based on Cellular concept:• provide wireless coverage to a geographic area with a set of slightly overlapping cells. Use a set of low power radio stations to provide coverage, each cell has different set of frequencies or codes, support handoff of mobile from one cell to another, trackmobile for incoming call

cell

Cell coverage, size and actually shape depends on local geography, powerlevel, cell site height, antenna type, etc.

Hexagonal idealized cell shape


Cellular Concept

Proposed by Bell Labs 1971 Geographic Service divided into smaller “cells”

Neighboring cells do not use same set of frequencies to prevent interference

Often approximate coveragearea of a cell by a idealizedhexagon

Increase system capacityby frequency reuse.


Cell Design - Reuse Pattern

• Example: cell cluster size K = 7, frequency reuse factor = 1/7, assume have T = 490 total traffic channels, N = T/K = 70 channels per cell

B

A

E

C

D

G

F

B

A

E

C

D

G

F

B

A

E

C

D

G

F

Assume T = 490 total channels,K = 7, N = 70 channels/cell

Clusters are replicated M=3 times

System capacity = 3x490 = 1470 total channels


Frequency Reuse

SITE A SITE BRSSI, dBm

C/I

Distance

r

d

-60

-90

-120


Sectoring

43

52

16

75

5

5

55

5

12

32

13

120 sectoring

120o sectoring reduces number of interferers from 6 to 2


Multiple Access Techniques

• MA determines how users share channel in a cell• FDMA (frequency division multiple access)

– separate spectrum into non-overlapping frequency bands– assign a certain frequency to a transmission channel between a

sender and a receiver– different users share use of the medium by transmitting on non-

overlapping frequency bands at the same time• TDMA (time division multiple access):

– assign a fixed frequency to a transmission channel between a sender and a receiver for a certain amount of time (users share a frequency channel in time slices)

• CDMA (code division multiple access): – assign a user a unique code for transmission between sender and

receiver, users transmit on the same frequency at the same time


Frequency division multiple access

time

frequ

ency


Time Division Multiple Access

time

frequ

ency

frameslot


Code Division Multiple Access

time

frequency

code


CDMA

• Code Division Multiple Access– Narrowband message signal is multiplied by very large bandwidth

spreading signal using direct sequence spread spectrum– All users can use same carrier frequency and may transmit

simultaneously– Each user has own unique access spreading codeword which is

approximately orthogonal to other users codewords– Receiver performs time correlation operation to detect only specific

codeword, other users codewords appear as noise due to decorrelation

– Cocktail party example


CDMA Properties: Near-Far Problem

• A CDMA receiver cannot successfully despread the desired signal in a high multiple-access-interference environment

Base station

• Unless a transmitter close to the receiver transmits at power lower than a transmitter farther away, the far transmitter cannot be heard

• Mobile transmit so that power levels are equal at base station

• Power control must be used to mitigate the near-far problem


• CDMA Main Advantages– resistant to narrow band

interference – resistant to multipath fading

and ISI – no hard limit on number of

users (soft capacity)– As number of users on a

frequency increase the interference level increases and BER increases for all users

– With proper limits all frequencies can be used in every cell

CDMA Capacity

10 20 30 40 50 60

.1

.01

.001

.0001

Erro

r pro

babi

lity

users

BER of CDMA system with 128 cps.


CDMA Capacity

• The effect of more users in a cell on frequency is to degrade the channel for everyone – can be thought off as decreasing the usable cell size


Cell Breathing

• Cell breaths in & out with changing load– Cells shrink during peak hours, expand during off-peak hours


Generations of Cellular SystemsGenerations of Cellular Systems

•• 1G systems (1G systems (AnalogAnalog voice) all used FDMAvoice) all used FDMA•• Main 2G Systems Main 2G Systems

Global System for Mobile (GSM) use TDMAGlobal System for Mobile (GSM) use TDMA

ISIS--95 (95 (cdmaonecdmaone) uses CDMA) uses CDMA

2.5 G systems build on 2G to provide data service 2.5 G systems build on 2G to provide data service

•• 3G Systems3G Systems–– Universal Mobile Universal Mobile TecommTecomm System (UMTS)System (UMTS)

–– cdmacdma 2000 1x2000 1x--EVDO EVDO

–– Both use Both use cdmacdma -- packet datapacket data


Cellular Network Architecture

• Cell : Area covered by 1 radio tower unit (base station) • Cellular Systems:

• provide wireless coverage to a geographic area with a set of slightly overlapping cells. Use a set of low power radio stations to provide coverage, each cell has different set of frequencies or codes, support handoff of mobile from one cell to another, trackmobile for incoming call

cell

Cell coverage, size and actually shape depends on local geography, powerlevel, cell site height, antenna type, etc.

Hexagonal idealized cell shape


Cellular Network Architecture

Public Switched Telephone Network

BSC BSC

MSC MSC

GMSCHLR

Wired or Backhaul network

Wireless (radio)part

VLRVLR

AUC

• Cellular Network Components• Mobile Station (Terminal) – handset• Base Station (cell site)• Base Station Controller (BSC)• Mobile Switching Center (MSC)•Gateway MSC (interface to wired phone)• Home Location Register (HLR)• Visitor Location Register (VLR)• Authentication register (AUC) • HLR/VLR/AUC databases to track, bill and authentic users

Base Station


• Worldwide market

Cell Phone MarketCell Phone Market

• Stratification of market• Teenage• Safety/children• Business – low end• Business – high end• Families• Luxury

• Improvements in • microelectronics, • signal processing• display technology

• Smaller devices greater functionality merger with other portable devices or accessories


Base StationsBase Stations

• Base Station (BS)Provides radio channels between mobile units and network

Pico-cells : (indoor – 0-.5 Km) support 8-20 channels

micro-cells: (outdoor – 0-1 Km), macro-cells: (1-30 Km)


Base StationsBase Stations

• Base Transceiver Station (BTS) - houses radio units


Base Station ControllerBase Station Controller

• Base Station Controller (BSC)Manages a cluster of BS, channel assignment, handoff, power control, some switching, etc


Mobile Switching CenterMobile Switching Center

• Mobile Switching Center (MSC) (MTSO)

– Provides switching functions , coordinates location tracking, call delivery, handoff, interfaces to HLR,VLR, AUC, etc..

– Size of central office switch


HLR/VLRHLR/VLR• Home Location Register (HLR)

– Specialized database server contains billing info, service profile and general location of a mobile user (one per service provider or one per section of country)

– Visitor Location Register (VLR) similar to HLR contains location of users and their service profile of all users in a metro type area (one per MSC)


Mobility Management• Location Area (LA)

– Divide coverage into non-overlapping groups of cells – Assign each LA a unique id– Location Area ID is periodically broadcast by each cell– As a mobile moves/turns phone on – it listens to location area

id – depending on the approach – it may perform a location update/authentication procedure to provide it’s location to VLR and possibly HLR

• Two level database hierarchy HLR/VLR– HLR points to VLR where mobile located– VLR entry points to LA where mobile last located

• In large networks may have HLR split among regions with aggregate info cross region

LocationArea 1

LocationArea 2

LocationArea 3


Location Area and Cell Identification Parameter

MNC – Mobile Network CodeIdentifies the GSM operator within the country. In AMPS system the network code is the system ID (SID)

LAC – Location Area CodeDefines a location area, which consists of a group of cells.Each MNC will have several LACs.

CI – Cell IdentityUniquely identifies a cell in a location area.

Mobile network codeunique to eachoperatorin a country

Location AreasDefine group of cells

Cell IdentityUnique to each cell


Mobility Management• Mobility Management involves two main tasks to

support mobile receiving incoming calls and roaming

• Location Registration/update– Mobile informs network of location using reverse

control channels– May include an authentication step here as well

• Paging – Network informs mobile of incoming call– Broadcast over group of cells (paging area) on forward

control channels• Tradeoff: registration/updating and paging


Location Registration

• Location Registration involves signaling to VLR and possible HLR

• Two Types of Location Registration1. Intra – VLR ( LAs attached to same VLR)

• Only change LA id in VLR ( local signaling)• Target ITU-T location update time ≤ 2 sec

2. Inter –VLR ( LAs attached to different VLR)• must signal HLR to update VLR pointer• Target ITU-T Location update time ≤ 4 sec


VLR(New)

HLR

VLR(Old)

MSC(Old)

MSC(New)BSC

BSC

Location Area (New)

Location Area (Old)

1

1 1

1

2

34

44

5

1. The MS sends the Location Update request to the VLR (new) via the BSS and MSC.

2. The VLR sends a Location Update message to the HLR serving the MS which includes the address of the VLR (new) and the IMSI of the MS. This updating of the HLR is not required if the new LA is served by the same VLR as the old LA.

3. The service and security related data for the MS is downloaded to the new VLR.

4. The MS is sent an acknowledgement of successful location update.

5. The HRL requests the old VLR to delete data relating to the relocated MS.

Inter-VLR Location update in GSM


Call Processing

BS1

• Each Cell or sector of a cell has two types of channels• Control channels for call setup and mobile registration

• Fixed set of channels/time slots/codes/ scanned by mobile when turned on in a cell – locks on to control channel with strongest signal

• Traffic channels for carrying data/voice

• Calls are of two types• Mobile Originating Calls (MOC)

• mobile places call• Mobile Terminating Calls (MTC)

• mobile receives call


MOC Calling from MS

MSC

Setup Request on control channel Fetches subscriber infofrom VLR to process call, acks caller

Dial calledparty Call Proceeding

Allocates trunk +radio channel

Radio channel

Ack

Tune toTraffic channel

freq/time slot/code

Complete Call connectedthrough PSTNAlerting

Connect

Connect ack

Alerts callerCalled party picks up

Call can proceed


Mobile Terminated Call Example

PSTNcallingstation GMSC

HLR VLR

BSSBSSBSS

MSC

MS

1 2

3

45

6

7

8 9

10

11 12

1316

10 10

11 11 11

14 15

17

• Assume a mobile has registered it’s location with VLR and HLR

• 1: calling a mobile subscriber• 2: forwarding call to GMSC• 3: signal call setup to HLR• 4, 5: request status from VLR• 6: forward responsible

MSC to GMSC• 7: forward call to • serving MSC• 8, 9: get current status and

LAI of MS• 10, 11: Paging of MS• 12, 13: MS answers• 14, 15: security checks• 16, 17: set up connection


Handoff Management

• Call in progress Mobility management• Radio Mobility ( Handoff or Handover) ( BSC or MSC)

– Based on air interface standard– Hard Handoff ( break before make) (GSM, AMPS)– Soft Handoff ( make before break) (cdmaone, cdma200 UMTS)– Mobile Assisted Handoff (MAHO) (GSM)– Moible controlled handoff (WLANs)

• Handoff measurement: major decision-making stages– Identify the need– Identify the candidate– Evaluate the candidates– Select a target cell


Handoff decision

received signal strengthBS1

received signal strengthBS2

MS MS

HO_MARGINReceiver sensitivity

distance

BS1BS2

Weak signal level


• Handoff measurement: major decision-making stages– Identify the need– Identify the candidate– Evaluate the candidates– Select a target cell

+ Note Need to reroute connection in wired network.

old

new(1)

(2)

anchor point

Handoffs


Soft Handoff

• If a mobile terminal moves away from a base station and continues to increase its transmit power to maintain contact with base station – at edge of cell will need to handoff to adjacent cell

• In soft handoff a mobile terminal is required to track the signals from all neighboring base stations– It will communicate with multiple base stations simultaneously

for a short while before deciding on the final candidate– This is possible because of the RAKE receiver and frequency

reuse of 1– Not all handoffs will be soft!– Note soft handoff reduces system capacity as mobile tying up

2 traffic channels


CDMA System Concepts: Soft Handovers

• Mobile located in the area of overlap of multiple base stations • Transmission:

– Uplink: No difference– Downlink: BSC/MSC sends out a copy of the same packet/frame to

each base station

• Reception:– Uplink: Each base station

demodulates packet, BSC/MSC picks the “better packet” (macro-diversity combining)

– Downlink: The mobile combines the signals using a Rake receiver (micro-diversity combining)

• Two power control loops• Two traffic channels

BSC


2.5 G Systems

• 2G Systems provide slow speed circuit switched data service (charged by minute)– 9.6 Kbps – 14.4 Kbps

• 2.5G– Attempt to improve data services from 2G and build

customer base for wireless data service– Two main standards: GPRS, EDGE, cdma 2000 1x-

RTT– Mislabeled as 3G– Basically overlay network of data service on 2G

networks (voice still circuit switched)– Max data rate 57 Kbps – 300 Kbps– Typical data rates 30-50 Kbps – similar to dialup

modem service


What is GPRS?• GPRS stands for General Packet Radio

Service• Standard developed by ETSI and 3GPP• An intermediate step (2+ or 2.5G) in the

evolution from 2G to 3G• Overlay on top of GSM physical layer and

network entities• Provides packet-switched capability to

GSM networks• Connects GSM networks to IP networks• Theoretical maximum data rate of 171.2

Kbps• “Always connected” access• Spectrum efficiency– radio resources

used only when actually sending or receiving data


GPRS

• Overlay on top of GSM physical layer and network entities• Extends data capabilities of GSM (2.5 G solution)

– provides connection to external packet data networks through theGSM infrastructure

– packet switching– Uses free TDMA slots only if data packets ready to send

(e.g., 171 kbit/s using 8 slots temporarily)– no hardware changes to the BTS/BSC!

• The physical layer is the same as GSM – Forward error correction and indication of uncorrectable code

words using GSM convolutional coder• Architecture includes new components in wired part of network

– GGSN – Gateway GPRS support Node– SGSN – Serving GPRS support Node– Packet Control Unit


CoreNetwork

GSM Evolution

VisitorLocationregister

MobileSwitching

Center

HomeLocationregister

GatewayMSC

SGSN GGSNPCU

GSMGSM GPRSGPRS

BaseStation

Controller

Voice

Data


Third Generation Cellular

• ITU vision of 3G– Spectrum: 1885-2025 MHz and 2110-2200 MHz worldwide– Multiple radio environments (phone should switch seamlessly

among cordless, cellular, satellite)– Wide range of existing and new services - esp. data, Internet,

multimedia - data rates up to 2 Mb/s• Target data rates for 3G

– Vehicular: 144 kbps– Pedestrian: 384 kbps– Indoor /stationary: 2.048 Mbps roadmap > 10 Mbps later

• Support for packet switching and asymmetric data rates

• Devices always on and provide seamless moving from one environment and data rate to another


3G Requirements

Pico-cellMicro-cellMacro-cell

In-BuildingUrban

SuburbanGlobalSatellite

Seamless End to End Service with different data rates

up to 2Mbpsup to 384 kbpsup to 144 kbps


UMTS

• ETSI proposed GSM/NA-TDMA /GPRS evolution under name Universal Mobile Telecom. Services (UMTS)

• Most of 3G licenses in Europe required operator to deploy a UMTS system covering x% of population by a specific date y– Germany: 25% of population by 12/03, 50% by 12/05– Norway: 80% of population by 12/04– In many countries operators have asked for a and received delay

• Estimate 2.5 Billion euros to deploy a 5000 base station UMTS system

• WCDMA is the radio interface (UMTS Radio Access)– Two modes:

• FDD: separate uplink/downlink frequency bands with constant frequency offset between them

• TDD: uplink/downlink in same band but time-shares transmissions in each direction


WCDMA (UMTS)

• UMTS has a complete system architecture – As in GSM emphasis on standardized interfaces

• mix and match equipment from various vendors– Base stations are asynchronous from each other– Simple evolution from GPRS – allows one to reuse

some of the GPRS backhaul equipment – Supports inter-mode handoff – FDD to TDD– Supports intersystem handoff

• WCDMA to GPRS , or WCDMA to GSM– Wide range of data rates due to CDMA with variable

spreading, coding and modes• Varying user bit rate is mapped to variable power and spreading• Different services can be mixed on a single carrier for a user


Evolution Path to 3G

GSM

2G systems2G systems

GPRS UMTS(WCDMA)

EDGE

3G systems3G systems2.5G systems2.5G systems

CDMA2000 1x

CDMA2000 1EVIS-95

CDMA

PDCNA-TDMA


Core Network

GSM GPRS UMTS Evolution

VisitorLocationRegister

MobileSwitching

Center

HomeLocationRegister

GatewayMSC

3GSGSN

3GGGSN

UMTSUMTSGSMGSM GPRSGPRS

RadioNetwork

Controller

RadioNetwork

Controller

Voice

data


2G System IS-95 (cdmaone)

• Cdmaone• 2G system• Voice

14.Kbps or variable rate 9.6 Kbps

• Data 14.4 Kbps

• 1.25 MHz carrier

• 64 Walsh codes per carrier


Cdma2000 – 1X RTT


1xEVDO -- Data Only on some carriers

IS-2000

IPBTS

IS-2000

IPBTS

IP BSC IPRouter

PDSN HomeAgent

IPFirewall

IPRouter

Internet

PrivataData

Network

IP BTS - IP Base Transceiver StationIP BSC - IP Base Station ControllerAAA - Authentication, Authorization, and AccountingPDSN - Packet Data Serving NodeHome Agent - Mobile IP Home Agent

AAA

RADIUS over UDP/IP


Nextgen MSC ?

1XEVDV -- IP Data and Voice

Packet switched voice

P ST NS IP

P ro xy

SIP

SIP

SGW

SS7

MGCF(Softswitch)

SCTP/IP

H.248 (Maybe MGCP)

MGW

Circuit switched voice

PDSN +Router

AAA H o m eAg en t

Internet

IPFirewall

IPRouter

PrivataData

Network

IS-2000

IPBTS

SIP Proxy – Session Initiation Protocol Proxy Server

MGCF – Media Gateway Control Function

SGW – Signaling Gateway (SS7)

MGW – Media Gateway (Voice)

IS-2000

IPBTS

IP BSC


Systems Comparison CDMA 2000 WCDMA GSM IS-95

Physical Channel

1 to N x 1.25 MHz channels DL, UL 3.75 MHz

5 ΜΗz 200 kHz 1.23 MHz

Modulation OQPSK QPSK GMSK OQPSK

Channel rate N x 1.288 Mcps in downlink, 3.6864 Mcps uplink

3.84 Mcps 270.833kbs 1,228.8kcps

Modulation Efficiency (b/s/Hz)

1 .768 1.4 1.0


Systems Comparison CDMA 2000 WCDMA GSM IS-95

Power Control

800 Hz up and down link

1500 Ηz up and down link

2Hz 800 Hz uplink

Base Station Synch

Yes using GPS No No Yes, using GPS

Load Based Scheduling

Somewhat with coding and multiple carriers

Yes variable Spreading and coding, TDD mode

Voice only Voice only

System standard

Air only at this time

Complete System

Complete System

Air only

Security Spread Spectrum + AAA IP (eventually)

F1-F9 algorithms + USIM card

A3, A5, A8 algorithm + SIM card

Spread Spectrum + optional CAVE


I’mGetting600 KB

I’mGetting200 KB

I’mGetting2 MB

I’mGetting300 KB

I’mGetting64 KB

• Contention (users and traffic)• Signal Strentgh (obstacles)• Coverage (shadows)

3G WWANs have varying data rates


Application Should Adapt to Data Rate

Push adverts; buddy notifications still get sent. User can make limited requests that are better fulfilled when full service becomes available again

SMS alerts

Ordinary, baseline, text-driven and map-driven service with basic advertisements

28 kbps

For user drill-downs into a tourist application, the system will attempt to return highest quality data (images, audio, etc.) and switch back to low grade if not possible

40-600 kbps (variable)

High-quality, color, animated advertisements sent to user, possibly with some audio streaming available. Images could be accessed when looking at restaurants, attractions, etc.

56 kbps

The buyer can hold an online video conference with a sales assistant specialist and view product videos before buying the product

300 kbps

Full-quality video clips for local cinema can be streamed to the user. Product advertisements can be viewed (e.g., for a nearby store )

2 Mbps

Level of service for multimedia-based location-based serviceData rate available


Security in WWANs

Rad

io L

evel

Net

wor

k Le

vel

Man

agem

ent L

evel

Mobile Station

Point ofAccess

Radio NetworkController

MSCMobile

SwitchingCenter

HLRVLR AuC OMC ERVisitor Location Register

Home Location Register

Authentication Center

Operation & Maintenance Center

Equipment Register

RNC RNC

The InternetThe

Internet


Security Threats

• The biggest security threat to cell phones was fraud– Telcos lost several million dollars in fraud especially

with the analog cell phones– Problem of cloned phones reduced with the advent of

digital cellular• The second biggest threat was eavesdropping

– Analog phones were easy to tap using RF scanners– Problem has reduced with digital cellular

• New threat– Technology is becoming cheap– Easy to masquerade as the network


Security in 2G Digital Cellular

• To eliminate fraud– Strong entity authentication– Share a master key between the cell phone and the

authentication center– Use Challenge Response (C-R) protocols

• To eliminate eavesdropping– Derive an encryption key using the master key– Use the encryption key to encrypt all voice

transmissions– Example GSM standard


Security in GSM• Security services

– access control/authentication• user ⌫ SIM (Subscriber Identity Module): secret PIN (personal identification

number)• SIM ⌫ network: challenge response method

– confidentiality• voice and signaling encrypted on the wireless link (after successful

authentication)– anonymity

• temporary identity TMSI (Temporary Mobile Subscriber Identity)

• newly assigned at each new location update (LUP)• encrypted transmission

• 3 algorithms specified in GSM– A3 for authentication (“secret”, open interface)– A5 for encryption (standardized)– A8 for key generation (“secret”, open interface)

“secret”:• A3 and A8 available via the Internet• network providers can use stronger mechanisms


Authentication and Encoding

Mobile Station Base Station Controller

ServiceSwitching

Point

RadioControl

Point

VLR

A Interface

Speech and data in clear

Signaling in clearEncodedSpeech,Data, andSignaling

RAND

SRES

Kc

A5

Basetransceiver

station

SRES

RANDKi

A3

A8

Kc

A5

EncodedSpeechData andSignalingSpeech and Data

Signaling in Clear


Authentication Procedure in GSM

MS MSC

AUC

SRES

RAND

SRES

Ki

A3COMPARES SRES VALUES RECEIVED

FROM AUC AND MOBILE STATION

IF IDENTICAL THEN MS IS AUTHENTICATED

RAND, SRES

A3

SRES

RandomNumberRAND

IMSI (1)

IMSI (X) Ki(X)

Ki(1): :

SRES Signed Response 32 bitA3 Authentication AlgorithmKi 128-bit subscriber key unique to each subscriberRAND 128-bit random number


Encryption Procedure in GSM

MS MSC

AUC

Kc to BTS

RAND

Kc

Ki

A8SEND RAND TO MOBILE STATION AND Kc

TOBSC FOR CIPHERING

RAND, Kc

A8

Kc

RandomNumberRAND

IMSI (1)

IMSI (X) Ki(X)

Ki(1): :

Kc 64 bit Ciphering KeyA8 Ciphering AlgorithmKi 128-bit subscriber key unique to each subscriberRAND 128-bit random number


Confidentiality in 2G Cellular Networks

Voice, signaling and datainformation

64 bitsA5GSM

Voice information−Voice PrivacyMark

Data information32 bitsORYX

Signaling information• number dialed• short messages (paging)• DTMF tones

64 bitsCMEA

IS-136 IS-95

−−−AMPS

Protected dataKey sizeAlgorithmSystems


3G Cellular Systems

• Based on 2G security structure– Authentication of subscribers using challenge/response– Subscriber identity confidentiality (TMSI)– Authentication of user to mobile device by use of a PIN – Radio interface encryption

• New Features– Mutual entity authentication

• The MS can authenticate the network– Larger key sizes

• Use 128 bit key size– Stronger encryption/authentication/key generation algorithms

• Based on AES• Milenage and Kasumi in UMTS

– Integrity check for signaling messages• Message authentication codes are used

– Encryption extended farther back into wired network • (prevents eavesdropping on microwave relays)


Summary

• Consider basic wireless network issues– Frequencies, radio coverage, etc.

• Looked at WWAN (cellular networks)– Structure– Call setup– Handoff– Evolution– Security

• Impact on Applications

Wireless Networks Part 1 - University of Pittsburghdtipper/2727/2727_Slides2.pdf · 2013-12-11 ·...

Documents

Transcript of Wireless Networks Part 1 - University of Pittsburghdtipper/2727/2727_Slides2.pdf · 2013-12-11 ·...