Category: Uncategorized

Again a great summary of this week’s best blog entries on wireless in the Carnival of the Mobilists. This week the Carnival is hosted at the Digital Evangelists blog, so head over and check it out!

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
Bluetooth transfer speeds depend on how many users exchange data in a Piconet, how much data is exchanged by the individual users at a certain time and what kind of multislot packets are used. In the ideal scenario with only two devices in which only one device has a lot of data to send, a peak data rate of 723 kbit/s can be achieved for one of the two devices.

Answer 2:
FHSS (Frequency Hopping Spread Spectrum) sends each packet on a different channel (frequency). This avoids using the same channel for a prolonged amount of time which might already be in use by another network such as a Wireless LAN. FHSS also simplifies device configuration as no channel number has to be selected by the user in the Bluetooth settings. Bluetooth 1.2 introduces adaptive frequency hopping which avoids channels with high error rates caused by parallel transmissions from other networks. This reduces transmission errors and the influence on other networks in the same area while at the same time increasing the overall transmission speed.

Answer 3:
The Inquiry procedure is invoked to search for unknown Bluetooth devices in the area. If a Bluetooth device is visible to other devices it responds to an inquiry packet it detects by sending its device ID. A paging on the other hand is used to directly establish contact with a Bluetooth device which is already known. If a Bluetooth device only wants to be accessible for devices with which it has previously communicated with, it only responds to paging messages and never to inquiries.

Answer 4:
Bluetooth offers a number of power saving mechanisms and states: Connection hold: A device deactivates its transceiver for a certain time. Connection sniff: A device deactivates its transceiver for a certain time but checks at predefined times if the master device wants to resume communication. If not, the device automatically returns to the power save state. Connection park: The devices releases its device address and uses a very long timeout value before checking again if the master device would like to reestablish contact.

Answer 5:
The link manager has the following tasks: Establishment of an ACL, SCO or eSCO connection, configuration of the connection, activation of the enhanced data rate mode, execution of a master-slave roll change procedure, pairing, authentication and ciphering management, adaptive frequency hopping management, and activation of different power save modes when appropriate.

Answer 6:
The L2CAP layer’s protocol service multiplexer is used during connection establishment to select to which of several higher protocol layers to connect to. In addition, an individual connection ID is used on the L2CAP layer for each connection to identify packets. This allows two devices to establish several simultaneous connections between each other for different higher layer applications.

Answer 7:
The service discovery database contains information about all services offered by a Bluetooth device. Other devices can query this database during connection establishment to detect which services are offered and how certain parameters have to be set in order to access them.

Answer 8:
Each Bluetooth profile using the RFCOMM layer has to register with the Service Discovery database. If a remote device wants to use the service offered by the profile it has to query the database in order to retrieve the RFCOMM channel number which has been assigned to this profile. As the number is dynamically allocated the database has to be queried for every new connection.

Answer 9:
Authentication: Two Bluetooth devices are able to authenticate each other if they have previously been paired.
Authorization: This is a security mechanism on the application level and allows to restrict access to applications to certain remote devices. This way it can be ensured that only some of the previously authenticated devices can access certain services. It might be desirable for example that only the notebook of a user can use the dial up connection profile of a phone. Other devices are barred from this profile but are allowed to transfer files from and to the mobile phone.

Answer 10:
Bluetooth is a very versatile communication technology that can be used for a wide variety of different services. This ranges from services like exchange of electronic business cards and images to connecting headsets, mice and keyboards to PCs and tablets. The Bluetooth standard defines a number of profiles to ensure interoperability on the application level. A profile specifies how a service is supposed to work and in which way remote devices can communicate with it.

Answer 11:
The object exchange (OBEX) profile has been designed for a fast and simple transmission of files and objects between two Bluetooth devices. The OBEX profile is the basis for the file transfer profile, the object push profile and the synchronization profile.

Answer 12:
When using the hands-free profile, the hands-free set is only seen as a microphone and loudspeaker extension of the mobile phone. The connection to the network continues to be established by the mobile phone. The SIM access profile does just the opposite. With this profile, the mobile station is only used as a SIM card reader. All other functionalities including the GSM/UMTS transceiver are deactivated. The hands free set then uses the Bluetooth connection to access the SIM card and can perform all transactions between itself and the SIM card just as if the SIM card was directly inserted into the hands free-set. Such hands-free sets are more expensive than those just using the hands-free profile, as they have to contain a complete mobile phone unit including the GSM/UMTS module. This has the advantage, however, that an external antenna can be used. Furthermore, the mobile phone can be configured for the use of both the SIM access profile and the headset profile. While the mobile phone is used in the car, the hands-free set takes over. Once the user leaves the car and takes the mobile phone with him, incoming calls can automatically be redirected to the Bluetooth headset once again. This can not be done as easily with a hands free set in the car supporting the hands-free profile as the phone is unable to decide for incoming calls to which device to establish contact.

Answer 13 (2nd edition):
Removed, no longer relevant.

Answer 13 (3nd edition):
There are significant differences of classic Bluetooth and BLE on the air interface. While BT uses fast frequency hopping and 1 Mhz channels, BLE splits the 2.4 GHz ISM band into 40 channels of 2 MHz each and uses very slow frequency hopping. BLE only uses GFSK modulation and the datarate is not variable but fixed at 1 Mbit/s over a channel. This reduces the datarate to a few tens of kilobytes per second but in return significantly reduces power consumption.

Answer 14:
The aim in BLE is not to establish a transparent channel between two devices but to transfer small amounts of data as power efficiently as possible. Therefore data is transmitted in a way that could be compared to reading and writing variables on a remote system.

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answers for the LTE and VoLTE chapters:

LTE Answer 1:
A 10 MHz FDD LTE channel is split into 600 sub-carriers.

LTE Answer 2:
X2 Handovers are performed directly between two eNodeBs while an S1 handover requires the help of the MME. S1 handovers are only used when two eNodeBs are unable to communicate with each other which should happen rarely in practice.

LTE Answer 3:
The MME performs the subscriber and connection management such as user authentication, location management, bearer establishment, etc. while the Serving-Gateway handles the user data (i.e. the IP packets) that are exchanged between a device and the Internet.

LTE Answer 4:
7 symbols on the time axis and 12 sub-carriers on the frequency access are grouped into a Resource Block which takes 0.5 ms to transmit. Two Resource Blocks are bundled together to form the smallest unit that can be scheduled to a user.

LTE Answer 5:
If the UE is in Idle state it has to use the random access channel to establish a connection to the network. When the network receives the request it assigns uplink resources to the device via the Physical Downlink Control Channel (PDCCH). The UE receives the assignment and can then make use of the assigned resources on the Physical Uplink Shared channel.

LTE Answer 6:
HARQ is a mechanism on Layer 2 of the radio protocol stack and ensures that faulty resource blocks are immediately retransmitted. ARQ works on the RLC layer further up in the protocol stack and ensures that larger chunks of data are repeated in case HARQ fails. While HARQ is always used, ARQ is not used for voice bearers (only IMS VoIP) as there is no time to retransmit complete VoIP packages due to the requirement to have low jitter and delay values for voice packets. For VoIP it is preferable to drop missing packets instead of repeating them.

LTE Answer 7:
A default bearer is usually assigned when the device is switched on. It serves as a bearer for Internet connectivity. A device can have several default bearer simultaneously, e.g. one for Internet connectivity and one bearer for IMS. In practice, devices usually only have one default bearer.

Dedicated bearers are established by services alongside default bearers such as the IMS to ensure a certain quality of service (minimal bandwidth, jitter, delay, precedence over other bearers) for voice, video and other time critical and delay sensitive streams.

LTE Answer 8:
Discontinuous Reception (and Transmission) is very useful in RRC connected state to reduce power consumption. Without DRX a UE has to observe the Downlink Control Channel frequently as resources could be assigned at any time. When DRX is activated the UE can turn off the receiver most of the time and only listen occasionally. This significantly reduces power consumption at the expense of slightly higher latency when data is only transmitted infrequently. Typical DRX values are a few hundred milliseconds for the activation time for DRX (after the reception of the last data frame) and activity times of a few milliseconds during an interval of several hundred milliseconds.

LTE Answer 9:
In Idle state no bearer is established to the network and the UE controls cell changes and changes to other radio networks when running out of LTE coverage autonomously.

LTE Answer 10:
When running out of LTE coverage there are several methods to guide the UE to another radio network (e.g. UMTS). An easy solution is to use a Cell Change Order which tells the UE to which UMTS cell to go. The connection is then interrupted and the UE searches the given cell, reads the system information and performs the required procedure to establish a connection in the other radio technology. This process typically takes a few seconds during which no data can be exchanged. This method is simple for implementing in the network and the mobile device but not suitable for applications such as VoLTE, for which the data bearer should be handed over between radio networks quickly. This is possible with LTE to UMTS (or GSM) handovers as the cell in the target network can be prepared for the incoming UE. The UE is then given specific instructions of how the target cell can be accessed which reduces the outage time to a few hundred milliseconds.

LTE Answer 11:
MME and S-GWs usually have the Gn GPRS interface implemented and can thus act as SGSNs and GGSNs towards 2G/3G PS core network equipment. In other words, they emulate behavior those network nodes understand so no software modifications are required in existing networks. It should be noted that in practice today, most network operators have merged corresponding 2G, 3G and LTE core networks into a single physical node and the interfaces between the logical components are handled internally.

LTE Answer 12:
This is done via the SGs interface which connects the MME to Mobile Switching Centers in the 2G/3G networks to deliver SMS over LTE and to perform a (CS = circuit switched) fallback to GSM or UMTS for incoming (and outgoing) voice calls.

LTE Answer 13:
Internet based voice services can not request special quality of service settings from the mobile core and access network (i.e. dedicated bearers, see above). Depending on the network load this can result in bad voice quality if voice packets are not preferred over other packets (e.g. from web browsing from the same or another UE) in loaded cells. Also, Internet based VoIP services can’t interact with the mobile network to perform handover to GSM or a circuit switched UMTS channel when the edge of a broadband wireless network has been reached. Operator voice services can hand over a call to GSM (Single Radio Voice Call Continuity).

LTE Answer 14:
eNodeBs have to have a high speed link to the core network to accommodate the high speed air interface data traffic. The best option is to use a fiber optic cable. If not available, other options are Ethernet based microwave links or VDSL links.

---

VoLTE Answer 1:

The main components of the IMS are the Serving Call Session Control Function (S-CSCF) that is the central node that handles all SIP messages. Usually, SIP messages are forwarded to an Application Server (AS) such as the Telephony Application Server that implements telephony functionality. The Proxy-CSCF sits between the S-CSCF and the mobile device and is used for tasks such as generating SIP messages for the UE when the UE is unable to do so (e.g. loss of coverage). The Interrogating CSCF (I-CSCF) is contacted when the UE sends an initial Register. It contacts the HSS (Home Subscriber Server) to get information on the user and then assignes a S-CSCF that will handle all subsequent communication.

VoLTE Answer 2:
During SIP registration an IPSec tunnel is established between the UE and P-CSCF. While encryption is optional, IPSec authentication ensures that only messages from the UE are accepted.

VoLTE Answer 3:
Preconditions are used to inform devices that a dedicated bearer has to be established for the speech path on one or both ends of a connection before a call can be further processed. In the core network, precondition messaging is used to trigger the establishment of the dedicated bearer.

VoLTE Answer 4:
The P-CSCF, which is a mobile network component, inserts the ‘asserted identity’, which is the device’s phone number (MSISDN), into SIP messages sent by the UE and then forwards those enriched SIP messages to the S-CSCF. This prevents the UE from forging its phone number.

VoLTE Answer 5:
As the payload of voice packets are small the IP, UDP, RTP header information makes up a large part of the overall packet. Therefore, header compression is used to significantly reduce this overhead which increases the number of simultaneous calls per cell.

VoLTE Answer 6:
Call forwarding settings are managed via the XCAP protocol between the UE and the network. XCAP is an XML protocol and different call forwarding options such all call forward no reply, call forward not reachable, etc. are XML encoded.

VoLTE Answer 7:
For emergency calls an IMS emergency bearer is established that is independent from the standard IMS bearer that is used for ordinary voice calls. The IMS emergency bearer is established with the highest priority in the radio and core network to guarantee emergency calls a high quality speech and signaling path even in fully loaded networks.

VoLTE Answer 8:
Unlike typical handovers that are controlled by the network, VoLTE to VoWifi handovers are controlled by the mobile device. When the device senses that LTE coverage is about to be lost, it establishes an IPSec tunnel to the evolved Packet Data Gateway (ePDG) and includes information during the tunnel establishment that allows the network to move the existing IMS bearer away from the current MME and S-GW to the ePDG. All IP packets of the connection are then automatically redirected to the ePDG and an ongoing voice call continues with only a short interruption during the redirection process.

VoLTE Answer 9:
VoWifi cellular preferred means that the UE will only connect to the ePDG and move the IMS bearer when no cellular coverage (LTE, 3G, 2G) is available. VoWifi Wifi preferred means that the IMS bearer is moved to Wifi as soon as a suitable Wifi connection is available.

VoLTE Answer 10:
MC-PTT only allows one person in a communication group to speak at a time. A central instance is required to control who is allowed to talk and deny requests from other parties if there is already another speaker in the call.

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
Devices communicating in an Ad-Hoc network exchange their data directly with each other. There is no central point in the network, all devices are equal. This mode is used if no WLAN Access Point is available and data needs to be exchanged between two or more devices. The disadvantage of this mode is that each device has to be configured manually. This includes the IP configuration and wireless LAN settings like for example encryption. In the BSS (Basic Service Set) mode on the other hand, an access point is used. Data is not exchanged directly between client devices. Instead each data packet is first sent to the access point and from there to the final destination. This has the disadvantage that the maximum speed is cut in half compared to an Ad-hoc network. The advantage on the other hand, is an increased coverage area of the network, as distant devices can still communicate with each other because they are still in range of the access point. In addition, the access point usually contains a DHCP server which automatically configures the IP stack of other devices in the network when they first register. Furthermore, the access point usually also acts as a bridge to a fixed line network (e.g. the Internet) and fixed line Ethernet client devices.

Answer 2:
A wireless LAN access point is usually equipped with a DHCP server to automatically configure end user devices. In addition, an Access Point is usually also equipped with one or more Ethernet sockets for fixed line Ethernet devices (bridging functionality). Furthermore, many access points act as routers for cable- or DSL modems or even include this functionality. Thus, only a single device is needed to connect fixed and wireless devices with each other and the Internet.

Answer 3:
In an Extended Service Set (ESS), several access points are used which are interconnected via an Ethernet cable (distribution system). All Access Points broadcast the same SSID which enables wireless clients to roam between them. This way, the coverage area of the wireless network can be increased.

Answer 4:
The SSID is the Service Set ID and is used by client devices to identify a wireless network. This way, several independent wireless networks can be operated at a single location. The user typically configures a device by entering the SSID which is then stored in the configuration. Thus, the device automatically remembers which network it should attach to when it is switched on again. The SSID is broadcast in beacon frames which the access point broadcasts several times a second.

Answer 5:
A mobile device can use the power save mode in order to conserve energy while no data is transferred. In order to enter this mode an empty frame has to be sent by the mobile device to the access point, which has the power save bit set to ‘1’ in the header of the frame. Afterwards, the mobile device deactivates its transceiver in order to conserve energy. The access point in turn starts to buffer incoming packets for the device, should there be any during its sleep period. From time to time, the device activates its transceiver again to check the Traffic Indication Map (TIM) which is included in a beacon frame to see if there is incoming data waiting to be delivered. If there is no data, the transceiver is deactivated again and the TIM is checked again after the next sleep period. In case data is available, the mobile device exits the sleep mode and polls the access point for the queued frames.

Answer 6:
Acknowledgement frames are used as transmission on the air interface is much more volatile then over cables. By sending an acknowledgement frame the receiver informs the sender that the packet was received correctly. If no acknowledgement frame is sent or if it is lost the frame is automatically retransmitted.

Answer 7:
The 802.11g standard uses the RTS/CTS mechanism as older 802.11b devices are unable to detect frames which have been sent by using the new modulation and coding schemes offered by the ‘g’ standard. This ensures that older devices do not perceive the channel as free when a frame with an unknown modulation and coding scheme is in the process of being sent. In addition, the RTS/CTS mechanism is also used to avoid the ‘hidden-station’ problem.

Answer 8:
First address: sender, second address: receiver, third address: MAC address of the access point. This is required as a frame is not delivered directly to the destination in a BSS setup but always via the access point.

Answer 9:
The PLCP header of a WLAN frame is always sent at a data rate of 1 MBit/s. This ensures that even distant devices are able to receive this part of the frame correctly. The PLCP header also contains information on the transfer speed, the modulation and the channel coding used for the main part of the frame.

Answer 10:
The theoretical top speed of an 802.11g network is 54 MBit/s. As the frame headers are always sent at a speed of 1 MBit/s, however, the actual top speed is lower. Furthermore, all frames have to pass through the access point which cuts the speed in half if both sender and receiver of a frame are wireless devices. In addition, all frames have to be acknowledged which further reduces the speed. Thus, the top speed that can be achieved between two wireless devices in an 802.11g network is around 12 Mbit/s.

Answer 11:
The Distributed Coordination Function (DCF) is a decentralized approach to control access to the air interface. Collisions on the air interface are seldom but possible as there is no central instance. Furthermore, such an approach is also not able to ensure a certain access time to the air interface and delay. Applications such as Voice over IP, however, highly depend on constant delay times. While a WLAN network is only lightly loaded, this approach is less of a problem. In highly loaded networks on the other hand, voice quality can be degraded.

Answer 12:
One of the weaknesses of the WEP encryption algorithm is the use of the same key for all devices. As the key has to be distributed to all users of the network, potential intruders may have the possibility steal the password. Furthermore, certain parts of the encrypted payload header of each frame are known as it is identical in each frame. In combination with the variant of the RC-4 algorithm used for encrypting the frame, this fact can be exploited to break the encryption by collecting a high number of frames and then applying this knowledge on them. A rough estimation shows that an attacker has to collect about 1.5 GByte of data to be able to break the WEP key.

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
The GSM network was mainly designed for narrowband circuit switched communication. UMTS on the other hand has been designed from the beginning not only for voice communication but also for packet switched data transmission at high speeds. To achieve this goal, UMTS uses an air interface technology known as code division multiple access (CDMA). CDMA does not assign a specific frequency and timeslot to a single user for transferring information like in GSM. Instead a unique channelization code is assigned to each user. In a UMTS network, all users transfer their data simultaneously and the network is able to filter each data stream out of the result by applying the different codes on the received signal.

Answer 2:
The use of CDMA, which has been described briefly in answer 1, in combination with codes and variable code lengths has a number of advantages. One of those are the improved data rates compared to GPRS as well as shorter round trip delay times. In a first step, speeds up to 384 kbit/s can be achieved per user in downlink direction. This enables a number of new applications which require a broadband Internet connection which can now be used while on the move, like for example in cars and trains. Furthermore, UMTS also supports 64 kbit/s circuit switched channels on the air interface in both uplink and downlink direction which are used for video telephony.

Answer 3:
With a R99 access network, data rates of up to 384 kbit/s in downlink and 128 kbit/s in uplink (most network allow only 64 kbit/s in uplink direction) are possible. In practice, however, such channels are no longer used today.

Answer 4:
OVSF is the abbreviation for orthogonal variable spreading factor. OVSF allows to assign different code lengths to different users depending on their application. A long spreading factor is used for applications such as voice telephony which require only a small amount of bandwidth. Shorter codes are used for faster data transfers with speeds of 128 kbit/s or 384 kbit/s.

Answer 5:
Scrambling in downlink direction is necessary to allow mobile devices to distinguish different cells of a network which send on the same frequency. Without scrambling codes it would not be possible to use the complete code tree in each cell. In uplink direction, a scrambling code is required in order to avoid interference problems generated by users which are at different distances to a base station. By using scrambling codes, orthogonality in uplink direction is preserved. Scrambling is also required as not all channelization codes generate a pseudo random bit pattern which is required for spectral distribution, as many consecutive bits can have the same value.

Answer 6:
During times of low activity a cell can cover a wide area as interference is low and thus distant devices can receive data without problems. During times of high activity distant devices are not able to receive data correctly anymore due to the interference caused by devices closer to the base station. Thus, the area covered by the cell is smaller than before. As the cells coverage area shrinks during high traffic loads, this phenomenon is also called cell breathing.

Answer 7:
While in Cell-DCH state, a dedicated channel with an individual code is assigned to a mobile device. Data can be sent to and from the mobile device without prior reservation of resources. In Cell-FACH state on the other hand the mobile device sends and receives frames via the RACH and FACH. These channels are shared between several devices. Thus, no dedicated code is assigned in this state to a user which implies that bandwidth and round trip delay times can not be ensured. Furthermore, the available bandwidth is quite limited.

Answer 8:
In PMM connected state a device can either be in Cell-DCH, Cell-FACH, Cell-PCH or URA-PCH state.

Answer 9:
While in soft handover state a mobile device communicates with several cells simultaneously. A handover can thus be performed without any interruption of the ongoing transmission. The mobile device only uses the minimal power required to remain connected to one of the cells taking part in the soft handover. When transmission conditions change, a different cell can take over the connection very quickly. A disadvantage of the soft handover is the use of additional resources on the air interface. If too many cells are part of a soft handover procedure for a single mobile device, the available capacity for other subscribers can be severely reduced.

Answer 10:
An SRNS relocation is performed when all current cells of a subscriber are controlled by a drift RNC. This can happen for example if a subscriber is moving far away from the location at which the connection was initially established. By performing an SRNS relocation one of the drift RNCs becomes the new serving RNC. This means that the routing between the MSC and the SGSN on the one side and the old and new RNC on the other side has to be changed.

Answer 11:
In Cell-FACH state, mobility management is not performed by the network but by the mobile device itself. If the mobile device detects that a different cell would give a better service, it autonomously performs a cell change. Once the cell change is performed the mobile device reports to the network and all data is afterwards exchanged via the new cell.

Answer 12:
As a mobile device in Cell-DCH transmits data continuously, it has no possibility to search for other cells on other UMTS or GSM frequencies. If a subscriber moves to the border of the UMTS coverage area or if UMTS cells in the subscribers area use a different frequency, the network can instruct the terminal to activate compressed mode. While in compressed mode, silence periods are inserted in certain intervals to allow the mobile device to search for neighboring cells on different frequencies. The measurement results generated during those periods are then sent to the network which can then use them for the decision making on when and how to perform a handover to one of these cells.

Answer 13:
HSDPA uses adaptive modulation and coding to quickly react to changing conditions on the air interface. Thus, less error correction and detection bits can be used while the radio link is stable which increases speed under such conditions. Instead of only using one data stream, HSDPA users can receive data via several code channels simultaneously (multi code). Additionally, Hybrid Automatic Retransmission Requests (HARQ) are used to detect transmission errors very quickly and to retransmit the data before higher layers detect a problem. Finally, intelligent scheduling can be used to reduce the data rate to a subscriber while signal conditions are temporarily bad and to increase the data rate again once conditions have improved. This improves overall cell capacity and in turn also increases the average date rate available to all users in a cell.

Answer 14:
HSDPA supports a simultaneous dedicated channel for voice calls along one or more HSDPA channels. Thus, a subscriber can use both services at the same time.

Answer 15:
Without an E-DCH, uplink packet speeds are limited to 64 kbit/s -128 kbit/s in most networks and 384 kbit/s in rare cases. The E-DCH concept increases the uplink speed per user to up to 2 Mbit/s in ideal conditions and to around 800 kbit/s und normal conditions in operational networks. Additionally, E-DCH also increases overall system capacity in the uplink, so more users can access the network with higher uplink speeds at the same time. This is very important for applications that send as much data as they receive. Such services are for example voice and video telephony.

Answer 16:
In uplink direction, the Node-B schedules different subscribers by assigning a certain transmission power level to each subscriber. The mobile station then has to select a corresponding code length and coding scheme. Thus, the transfer speed and implicitly the noise that is generated by the subscriber for other terminals in the network is limited. Power assignments can be given as absolute grants or as relative grants, which increase or decrease the power level for a mobile station. Neighboring cells which are part of the active set can also send relative grants to decrease the power level if a mobile station produces too much interference for subscribers in its area.

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
When data is transferred over a circuit switched channel, a dedicated connection is established between two parties. Data is sent without any overhead like lower level addressing. Bandwidth and delay are constant. In a packet switched network on the other hand, there is no direct connection between the endpoints of a session. Resources in the network are only used for the connection when data is sent. Data is sent in packets which have to contain a source and destination address in order to be transported through the network. This also enables N:N connections in the network, i.e. a subscriber can communicate with any subscriber without establishing a physical connection first. Depending on the load of the network, bandwidth and delay for a connection can vary. This is a clear disadvantage compared to a circuit switched channel. Due to the bursty nature of many information exchanges the advantage of the packet switched approach on the other hand is to use more bandwidth during the burst which decreases transmission time.

Answer 2:
As GPRS is a packet switched network, resources or the air interface are only assigned to a user when data is actually sent. This tremendously increases the capacity of the network especially for applications such as web surfing which only send and receive data at irregular intervals. Several timeslots can be assigned to a subscriber simultaneously to increase throughput. If the physical connection to the network is lost (e.g. due to bad reception quality) the logical connection persists. As soon as the physical connection has been reestablished, data transfer on higher layers resumes without the user having to reestablish another channel manually as would be the case for a circuit switched connection.

Answer 3:
Dynamic coding schemes allow to adapt the ratio of error correction and detection bits to user data bits. For good transmission conditions the redundancy information in a block can be reduced which in turn increases the overall transmission speed of the user data. During times of bad reception, more error detection and correction bits are inserted which ensures that the link remains stable.

Answer 4:
While in GPRS ready state the SGSN can send data to the mobile terminal without delay. In this state, the SGSN is aware of the cell which the subscriber uses to communicate and thus can forward incoming packets directly to the PCU responsible for this cell. The PCU does not need to page the subscriber and can immediately assign resources on the air interface. When changing the cell in ready state the mobile station has to send a cell update message to the SGSN. Once the mobile station is in GPRS standby state, the SGSN is only aware of the location are of the subscriber, as the mobile station only has to report cell changes when a location area boundary is crossed. This reduces the mobile’s energy consumption. In order to send data frames to a mobile in standby state, the SGSN has to page the subscriber first. The mobile station responds with an empty frame and thus implicitly changes into the ready state again. Once the SGSN receives the empty frame it is aware again of the cell the mobile station uses and can then forward the frame.

Answer 5:
In practice, no handovers are performed for GPRS today (Network Control Order = 0). The mobile station has to perform cell changes on its own. In case a cell change has to be performed during an ongoing data transfer due to deteriorating reception conditions it is necessary to interrupt the transmission and perform the cell change. Afterward, the mobile station reports to the SGSN from the new cell by continuing to send data. The SGSN detects the cell change as the cell global ID is part of every incoming frame and can thus change its routing of incoming Internet packets to the new cell.

Answer 6:
GPRS requires the following network nodes: A) The serving GPRS support node (SGSN) which is responsible for mobility management and session management (GMM/SM). B) The gateway GPRS support node (GGSN) which is the interface between the GPRS network and the Internet. The GGSN is responsible for the assignment of IP addresses to the mobile subscribers and hides subscriber mobility from the Internet. C) The packet control unit (PCU) is the interface between the GPRS core network and the radio network. The PCU is responsible for packet scheduling, assignment of timeslots to the subscribers and terminates the RLC/MAC protocol.

Answer 7:
GPRS assigns resources (timeslots) to a subscriber only for the time required to send the data. Furthermore, timeslots are not exclusively assigned to a single subscriber but only in blocks of four bursts. This way, timeslots can be used to transfer data to several subscribers at the same time. The temporary block flow with the temporary block identifier describes which data blocks are addressed to which device currently listening on a timeslot.

Answer 8:
An Inter-SGSN routing area update is performed if the mobile device roams into a cell which is connected to a new SGSN. As the new cell belongs to a new routing area, the mobile device attempts a routing area update. The new SGSN then detects that the mobile device is currently registered with a different SGSN and thus sends a message to the previous SGSN to retrieve authentication information. After authenticating the mobile station, the HLR is informed that the subscriber has changed its location to the new SGSN. Furthermore, the GGSN is informed of the position change so it can forward incoming packets to the new SGSN in the future. Once all of these actions are performed, the routing area update in the core network is complete and the subscriber gets a confirmation from the SGSN that the operation was performed successfully.

Answer 9:
The GPRS core network between the SGSN and GGSN use the IP protocol for routing the IP data frames of subscribers. These are not transferred directly, however, but are encapsulated into GPRS tunneling protocol (GTP) frames. Part of the encapsulated frame is the IP address of the mobile device and the source/destination of the frame. Thus, a GTP frame contains two source and two destination IP addresses. This mechanism has the advantage that no routing table updates are required in routers between these two network components if the user is roaming into the area of another SGSN. In addition, the GPRS core network is decoupled from the Internet and the GPRS user as it is not possible to directly access these components from outside the local GPRS core network.

Answer 10:
The user does not have to change any settings on his/her device for international roaming. All packets that are sent and received are always routed through the GGSN in the subscriber’s home network. This is possible as the access point name (APN) is a qualified domain name and the SGSN inserts the mobile country code (MCC) and the mobile network code (MNC) as well as a top level domain (‘.gprs’) to the APN string received by the subscriber during the connection establishment. This domain name is then sent to a DNS server which resolves the domain name into the IP address of the GGSN in the subscriber’s home network.

Answer 11:
During a GPRS attach, the mobile device registers with the network. Afterward, the network is aware that the device has been switched on and in which routing area it is located. Up to this point no IP address has been assigned to the mobile device and no data can be transmitted. The IP address is only assigned to a mobile device during the PDP context activation procedure. Billing is also only invoked during the activation of a PDP context.

Answer 12:
In order to transfer data via GPRS to and from the Internet, a PDP context has to be established between the mobile device and the GPRS network. During the establishment of a PDP context the mobile device sends the access point name which identifies the GGSN and profile to be used to establish a connection to the internet. (Also see answer 10)

Answer 13 (removed in the 3rd edition as MMS is no longer covered):
MMS messages are always exchanged between a mobile device and the MMS gateway which is located behind the GGSN. For sending an MMS the mobile device first establishes a GPRS connection and uses the APN which the network operator has foreseen for the MMS service. Usually it is only possible to reach the MMS gateway via this APN. Afterward, the MMS, which has many similarities to an eMail, is sent by using an HTTP-PUT push command. This command is also used by web browsers to send the input the user has made on a web page in text fields, etc. to the web server. Once the MMS is received by the MMS gateway it is stored and an attempt is made to deliver the message to the destination. If the destination is a mobile subscriber, an SMS is sent to inform the mobile device of the waiting MMS message. Depending on the configuration of the mobile device it either establishes a GPRS connection immediately or queries the user first before doing so. To receive the MMS message the mobile device uses the HTTP-GET command. This command is also used by web browsers to request web pages from a web server.

Answer 14 (removed in the 3rd edition as MMS is no longer covered):
An MMS message has many similarities to an eMail. The header for example is structured in a similar way as an eMail header and just contains additional X-MMS-tags which contain MMS specific information. Text and pictures are sent in the “body” of the MMS and are separated by Multipurpose Internet Mail Extension (MIME) separators. The first part of an MMS body is the description of the general layout of the message. SMIL, an XML language, is used for this purpose. Further MIME parts of the MMS then contain the text, pictures, videos, etc.

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
In a circuit switched digital telecommunication network a speech channel usually uses a 64 kbit/s timeslot. The pulse code modulation (PCM) algorithm is used to convert an analog voice signal for digital transmission.

Answer 2:
The GSM NSS consists of at least of the following network components:

• MSC: The Mobile Switching Center, which includes the Visitor Location Register, is responsible for connecting calls and mobility management.
• The Home Location Register, which stores subscriber information
• Service Control Points, which handle services like prepaid or location based billing applications
• SMS Service Center
• Voice Mail Systems

Answer 3:
The GSM BSS consists of the following network components:

• The Base Station Controller, which controls the channels on the air interface. It is also responsible for power control, timing advance control and handovers.
• Transcoding and Rate Adaptation units convert the speech codecs used in the BSS into 64 kbit/s PCM coded channels used in the core network. (Note: The TRAU is usually co-located with the MSC in order to minimize the number of required transmission links between the MSCs and the BSCs).
• The Base Transceiver Stations (BTS): A high number of base stations are connected to a base station controller. They are responsible for transferring data streams over the air interface.

Answer 4:
Three methods are used: Several calls can be handled on the same frequency. This is done by splitting a channel into 7 timeslots. This is called Time Division Multiple Access (TDMA). Capacity can be further increased by using several carrier frequencies per base station. Typical GSM base stations today use one to three carriers. This is called Frequency Division Multiple Access (FDMA). Additionally, a further increase can be achieved by splitting the coverage area of a base station into several sectors and by using different carrier frequencies in each sector. Typical base stations today use either two or three sectors.

Answer 5:
The first step is to digitize the voice signal recorded by the microphone by using the PCM codec. This digital signal is then used as input for the speech coder (Full Rate, Enhanced Full Rate, AMR) which compresses the data generated by the PCM codec. This data stream is then sent to the channel coder which adds redundancy (error detection and error correction bits). Afterwards, the Interleaver changes the order of the bits and spreads consecutive bits over a wider area of the data stream. This allows spreading transmission errors which usually affect several consecutive bits over a larger area which helps the receiver to detect and correct errors. To protect the communication from eavesdropping and tampering the resulting data stream is then ciphered. Finally the now encrypted data stream is modulated onto an analog carrier frequency and transmitted.

Answer 6:
A handover changes the routing of an ongoing voice call from one cell to another. This is necessary if a subscriber leaves the coverage area of a cell and enters the coverage area of another. Network elements involved in the handover are the mobile station, the old and the new base station and the base station controller. If the current base station controller is not responsible for the new cell, the mobile switching center and the BSC controlling the new cell are also part of the handover procedure.

Answer 7:
For an incoming call the Gateway MSC queries the home location register of the subscriber to ask for its location (Send Routing Information). The HLR is aware of the current MSC/VLR (Visited MSC) of the subscriber and requests a temporary identifier, the Mobile Station Roaming Number (MSRN). This number is returned by the HLR to the Gateway MSC. From there the call can then be forwarded to the Visited MSC. At this stage of the call routing process, standard ISUP signaling is used which is already known from fixed line networks. Instead of using the phone number as identifier, the MSRN is used to route the call. On the Visited MSC, the temporary MSRN is used to correlate the call to the correct subscriber. As the V-MSC is only aware of the subscriber’s current location area, the subscriber has to be paged in order to establish the cell to which the call has to be forwarded to.

Answer 8:
In order to authenticate a subscriber, the MSC queries the Authentication Center for the Authentication Triplets of the subscriber. Elements of each triplet are a random number (RAND) and a response value (SRES) which is generated from the random number with an authentication algorithm. The MSC then sends the random number to the mobile station. The MS forwards the random number to the SIM card which computes the SRES. This value is then sent back to the network. The MSC then compares the SRES computed by the authentication center and the SRES computed by the SIM card. The two values can only match if the authentication center and the SIM card have used the same secret key to generate the signed response from the same random number.

Answer 9:
A mobile phone always sends an SMS to the SMS Service Center (SMSC) which is a network node in the core network. The SMSC then uses the phone number contained in the short message to query the HLR for the current MSC of the destination subscriber. It then forwards the message to this MSC. If the subscriber is not reachable, the Message Waiting Flag is set in the MSC/VLR and HLR, and the SMS is stored in the SMSC. Once the subscriber becomes reachable again the SMSC is informed and another delivery attempt is undertaken.

Answer 10:
In downlink direction (network to mobile phone) the DSP is used for the analysis of the incoming data stream. The training sequence of a burst is used to calculate a channel approximation which is then applied to the main parts of each burst. This improves compensation of external effects on the transmission. Furthermore, the DSP compresses and decompresses the speech data by using the Full Rate / Enhanced Full Rate / AMR codec. The RISC processor on the other hand deals with channel coding and decoding, interleaving/de-interleaving and ciphering/de-ciphering of the incoming and outgoing data stream. Additionally, the RISC processor also manages the user interface, the overall control of a connection (Mobility Management / Session Management), user programs and external interfaces (Bluetooth, USB, etc.).

Answer 11:
Data is stored on the SIM card in a non-volatile, re-writable memory. To the outside, the microcontroller on the SIM card presents the memory as a directory tree and files. While PCs use filenames to identify files and directories, the SIM card instead uses 4 digit hexadecimal numbers. Each file has its set of individual read and write permissions. Some files are readable only, such as the file that contains the IMSI of the user. Some files can neither be read nor written to from the outside, like for example the file which contains the secret key used for authentication. Directories are referred to as ‚dedicated files’, ordinary files are called ‚elementary files’.

Answer 12:
CAMEL is the abbreviation for Customized Applications for Mobile Enhanced Logic. It describes how databases and applications can communicate over network boundaries and interfaces via MSCs, SGSNs and GGSNs. CAMEL is used for services such as prepaid or location based services. As CAMEL is not restricted to the home network of a user, foreign MSCs are able to contact databases in the home network of a subscriber for services such as prepaid billing when a subscriber is abroad. CAMEL specifies both the protocol between the network nodes and a state model which describes the different phases of a call by using Detection Points. If a certain detection point is activated for a subscriber, the treatment of a call is suspended at this point and the database and service responsible for the subscriber is contacted for further instructions of how to proceed with the call.

 

My first Mobile Monday in Paris. I was very positively surprised to see so many people there and had many good discussions. As you can see in the pictures the number of people has easily surpassed 200. Here are some details of the event as it happend.

Presentations: (here’s a link to most presentations)

The first presentation was by Vincent Veran of Axalto, one of the leading SIM card manufacturers. Their latest ideas they are working on are large memory SIM cards for preloaded content and storage of content such as eMail, a SIM card based web server for applications such as easy access to the operator portal and contact less applications embedded in the SIM. For the later, applications such as contact less payment in the metro (similar to the Felica service in Japan) come to mind.

The second presentation was given by Alex Kummerman of Clicmobile and he gave an overview of a current proof of concept application his company is trialing in Geneva at the moment which deals with finding out if some of your friends are near you while being at a certain location.

Mobile Gaming was the theme of the third presentation of Nicolas Caris of Acute about Urban Rivals. urban-rivals.com is an online game which seems to be an adaptation of a game initially launched back in 2001 in Japan (my interpretation as in 2001, iMode was only available in Japan). How I would have liked to have that in my pocket back then in school 🙂

Finally, the fourth presentation was given by Valérie Beaudouin of France Telecom about perceived and real usage of mobile and mobile services.

Discussions:  Glad to have met Stuart Mudie at the MoMo to discuss many on and of topic things. Other people I have spoken to include someone who promotes tracedog.fr, a cool utility for dog owners how get tired of searching their dog. I really like the application, check out their web site!

Operator and supplier attendance: Thanks for hanging out the list of attendees and separating the participants in operators, suppliers, mobile media, etc. Interesting to see many people in the the operators category, lots of people from Bouygues and Orange, only few from SFR though. To my surprise only few people from suppliers at the meeting. Some from Ericsson and only one or two from Nortel and Alcatel. I find that somewhat strange.

Summary: All in all a great evening, a big thank you to the organizers and the speakers of the evening. Looking forward to the next MoMo Paris on the 5th of June.